This article presents a comprehensive set of DevOps/SRE best practices—including hiding service provider resource addresses, installing only required dependencies, running only necessary services and ports, and using bastion hosts—to improve system security, reliability, and operational efficiency.
Federated identity management enables users to access multiple applications across trusted domains using a single digital identity, detailing its core roles, benefits, inbound/outbound federation, account linking, just‑in‑time provisioning, home‑realm discovery, and its use as an IAM transition strategy.
This article explains why data‑warehouse standards are essential for improving team efficiency, product quality, and maintenance costs, and provides a step‑by‑step guide covering standard creation, discussion, rollout, supervision, continuous improvement, as well as detailed design, process, quality, and security specifications.
This article reviews the fundamentals of eBPF, explains its architecture and tracing mechanisms such as USDT, uprobes, and TC hooks, provides practical code examples, discusses security aspects, and lists notable open‑source projects that leverage eBPF for performance and observability.
This article explains the principles, structure, and workflow of token‑based authentication—including access and refresh tokens, JWT, CSRF attacks, same‑origin policy, cross‑origin solutions, and common encryption algorithms—highlighting their advantages, limitations, and practical usage in modern web and mobile applications.
Microsoft’s May 2023 security update addressed 52 CVEs, including a critical Win32k privilege‑escalation flaw (CVE‑2023‑29336) exploited in the wild and a Visual Studio installer UI vulnerability (CVE‑2023‑28299), with researchers detailing the attack vectors, proof‑of‑concept exploits, and mitigation strategies.
This article explains the SLSA (Supply chain Levels for Software Artifacts) framework, outlines common software supply‑chain threats, details the four SLSA levels and their requirements, discusses limitations, and reviews tools such as OpenSSF Scorecard, slsa‑verifier and Sigstore for improving software artifact integrity.
This comprehensive guide covers fundamental networking concepts, including link, node, protocol, service, PDU layers, network topologies, TCP/IP architecture, routing algorithms, security mechanisms, and practical commands, providing a complete overview for students and professionals seeking to deepen their understanding of modern computer networks.
The article explains how Microsoft PC Guard is silently installed on Windows PCs in China through Microsoft Edge, describes two user-reported scenarios, reveals the download locations, and provides guidance on detecting and uninstalling the software.
This article explains how the default title of the open‑source ChatGPT‑web project makes deployments vulnerable to discovery by asset‑search engines like FOFA and Shodan, leading to unauthorized API usage, and provides practical steps—changing the title and adding authentication—to protect the site and prevent unexpected costs.
A comprehensive collection of Linux operations interview questions covering topics such as system administration, RAID configurations, load balancing, middleware, MySQL troubleshooting, network monitoring, security, scripting, and best practices for optimizing and maintaining Linux servers.
This article explains how AI large models such as ChatGPT can assist developers throughout the full workflow—from requirement analysis, technical design, and code generation to testing, deployment, and operations—while highlighting practical tips, potential pitfalls, and security considerations.
From an edge‑cloud viewpoint, this article examines the feasibility of deploying graph neural network (GNN) recommendation systems on devices, covering underlying compute evolution, personalization, edge‑cloud collaboration, model compression, deployment strategies, and security challenges, while referencing recent research advances.
This article explains why remote access to industrial control systems is essential, outlines the risks demonstrated by high‑profile attacks, and provides detailed best‑practice guidance—including DMZ architecture, authentication, jump hosts, file transfer, and policies for direct connections—to securely manage OT environments.
This article details the end‑to‑end process of migrating an anti‑cheat service to a new data center, verifying strategy effectiveness, building a real‑sample regression pipeline, and automating integration steps using GoAPI and traffic‑comparison platforms to ensure functional consistency and security.
This article reviews the ten most effective Linux antivirus tools, explains why protection is essential despite Linux's inherent security, and provides concise descriptions of each solution—including Avast, Chkrootkit, ESET NOD32, F‑PROT, Panda Cloud Cleaner, Rootkit Hunter, ClamAV, Firetools, Comodo, and Sophos—to help users choose the right protection for their systems.
This article provides a comprehensive overview of Linux fundamentals, covering its basic concepts, essential commands, learning roadmaps, desktop environments, the Filesystem Hierarchy Standard, important directories, kernel study paths, security considerations, and includes reference tables and a community invitation.
This article explains what brute‑force attacks are, why they threaten PHP applications, and presents three practical defenses—two‑factor authentication, enforced password policies, and brute‑force mitigation techniques—along with complete PHP code examples for each method.
The 2023 GitLab DevSecOps survey of over 5,000 IT leaders, CISOs, and developers across multiple industries reveals heightened security focus, growing AI/ML use in testing, and persistent tool‑chain management obstacles that hinder productivity and compliance efforts.
This extensive guide covers networking fundamentals across all OSI layers, detailing concepts such as links, nodes, protocols, PDU structures, network topologies, TCP/IP encapsulation, transport protocols, application services, security mechanisms, wireless LAN technologies, and key command‑line tools, providing a complete reference for students and professionals alike.
The article explains how DevSecOps‑driven quality gates shift security left in the SDLC, improve code quality and agility, reduce technical debt, and outlines five leading static analysis tools for enforcing these gates in modern CI/CD pipelines.
This article presents a step‑by‑step tutorial on building robust Spring Boot backend APIs, covering environment setup, parameter validation techniques, global exception handling, unified response structures, optional response wrapping, API versioning via path or header, and comprehensive security measures such as token authentication, timestamp checks, request signing, replay protection, and HTTPS.
This article introduces the lightweight Sa-Token Java framework, explains its login and permission authentication mechanisms, demonstrates essential API usage with code examples, and provides step‑by‑step integration guides for SpringBoot and WebFlux, covering configuration, session handling, role checks, wildcard permissions, and global exception handling.
This article explains the role, functions, and design principles of API gateways in microservice architectures, compares popular implementations such as OpenResty, Kong, Zuul, and Spring Cloud Gateway, and offers practical guidance on performance, availability, and scalability considerations.
This guide introduces a collection of practical Linux operation tools—including Nethogs, IOZone, IOTop, IPtraf, iftop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap, and Httperf—detailing their purpose, installation commands, usage examples, and key options for system administrators.
This article explains the principles of Single Sign‑On (SSO) and OAuth2.0, compares their workflows, describes the four OAuth2.0 grant types, and clarifies the distinctions between SSO, OAuth2.0, and Java security frameworks such as Spring Security and Shiro.
The Go 1.20.4 and 1.19.9 releases address three critical security vulnerabilities in the html/template package, including improper handling of CSS values, JavaScript whitespace, and HTML empty attributes, which could lead to unintended HTML injection and attribute manipulation.
The article provides a detailed technical overview of Huawei's Kunpeng 920 processor, describing its ARM‑based RISC architecture, chip organization, core and cluster hierarchy, security features, and the various compute, I/O, interrupt, network, SAS, and PCIe subsystems integrated on the SoC.
This article presents a comprehensive collection of PHP payment interview questions covering implementation steps, amount validation, SQL injection prevention, request fraud protection, data encryption, secure credential storage, callback handling, and OAuth integration, providing detailed answers and code examples for each topic.
The article explains that Python 3.7 will reach end‑of‑life in June 2023, outlines the risks of staying on an unsupported version, and provides a step‑by‑step migration path to newer Python releases to ensure security and dependency compatibility.
Drawing from years of sysadmin experience, this guide lists concrete Linux operational habits—such as rigorous backups, cautious use of rm‑rf, single‑person changes, SSH hardening, firewall rules, monitoring, and disciplined performance tuning—to help teams avoid costly production failures.
This article explores essential API design principles—idempotency, robustness, and security—by discussing practical techniques such as request locks, database unique constraints, Redis distributed locks, token‑based authentication, JWT, and defensive coding practices to ensure reliable, safe, and maintainable backend services.
This article compares JWT and session authentication, explains their differences, security and performance trade‑offs, and provides a complete Java implementation with Redis integration, guiding developers on selecting and implementing the most suitable authentication method for distributed backend systems.
Learn how to enforce password changes for Linux users by adjusting the minimum password age with chage or expiring the password using passwd, ensuring stronger security while providing clear step‑by‑step commands and execution guidance.
This article critically examines the common misconceptions about JWT advantages, explains the security and practical drawbacks of using JWT for session management, and outlines the scenarios where JWT is appropriate, such as short‑lived, one‑time authorization tokens.
This article explains why YAML is the preferred format for defining Kubernetes applications, outlines the three validation levels—structural, semantic, and security—and recommends practical tools and best‑practice workflows to ensure configurations are correct and safe before deployment.
The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.
Huawei Cloud’s GaussDB, a high‑performance, highly available, elastic, AI‑optimized and secure cloud‑native distributed database, earned the top Science & Technology Progress award, showcasing breakthrough innovations and wide adoption in major financial institutions.
A recent OpenAI investigation revealed that a bug in the redis-py client caused ChatGPT to leak conversation histories and personal details of about 1.2% of Plus users, prompting a temporary service shutdown and a rapid patch deployment.
This article introduces time series data concepts, outlines the challenges of storing and analyzing high‑frequency data, and presents best‑practice guidelines for building MongoDB‑based time‑series applications, covering ingestion, read/write workloads, retention, security, and real‑world use cases.
This article walks through why Linux servers need baseline hardening, explains baseline concepts and scanning, and provides a comprehensive collection of shell scripts that automatically check and enforce security settings such as password policies, file permissions, service configurations, and network controls.
The article details China Postal Savings Bank's successful DevSecOps assessment, describing the standards, the Operation Risk Management System project, interview insights on cultural, process, and technical implementations, and the benefits and future plans for secure, agile digital transformation.
This article explains the concept of multi‑tenant Kubernetes clusters, outlines common enterprise scenarios such as internal shared clusters and SaaS/KaaS models, and presents practical security and resource‑scheduling techniques—including RBAC, NetworkPolicy, PSP, OPA, and dedicated nodes—to achieve reliable isolation.
This article explains PHP's various encryption techniques—including one‑way hashes (MD5, sha1, hash, crypt), reversible encodings (URL encoding, Base64), and the modern Password Hashing API—providing usage examples, code snippets, and best‑practice recommendations for secure password handling.
This article explains the concept of multi‑tenant Kubernetes clusters, outlines common enterprise scenarios, and details native security mechanisms such as RBAC, NetworkPolicy, PodSecurityPolicy, OPA, resource quotas, and dedicated nodes to achieve effective isolation and protect sensitive data.
This guide explains why the default SSH configuration is risky and provides eight practical measures—including disabling root login, changing the default port, restricting password use, and employing key‑based authentication—to secure SSH access on Linux servers.
The article explains that Python 3.7 will lose official bug and security fixes after June 2023, many libraries have already dropped support, and it provides practical guidance on upgrading to newer Python versions to maintain security and dependency compatibility.
This guide explains why Linux servers need security baseline hardening, describes baseline scanning, and provides a comprehensive set of Bash scripts that back up critical files, enforce password policies, restrict services, adjust file permissions, and verify system integrity to protect against common vulnerabilities.
This article explains the fundamentals of OAuth2.0, distinguishes it from SSO, describes the roles of resource owner, client, authorization server and resource server, outlines the step‑by‑step authorization flow, and clarifies related terminology such as authentication, federated identity, and delegated authorization.
A recent Redis‑py library vulnerability caused ChatGPT to expose personal data of about 1.2% of Plus users, prompting an OpenAI apology, a detailed post‑mortem, and a series of backend and security fixes to prevent similar incidents.
The article analyzes post‑pandemic salary changes in China for various tech positions—including backend (Java, PHP, Python), frontend, network security, mobile, testing, operations, data analysis, algorithm engineering, and architecture—showing modest growth in most areas with notable declines for Python and Android developers.
OAuth 2.0 Device Authorization (RFC 8628) defines a secure flow for granting access tokens to devices lacking browsers or input capabilities, detailing the roles of client devices, authorization servers, user codes, device codes, polling, and token issuance, illustrated with a TV‑mobile example.
This interview explores the evolution of QQ Browser from its 2009 launch, the technical challenges of building a mobile web rendering engine, the role of Tencent Browser Service (TBS) in document and media handling, performance and security optimizations, market positioning, and future product strategies.
This article explains the Spring Framework DoS vulnerability (CVE‑2023‑20861), outlines affected versions, details the root cause in SpEL expression handling, and provides step‑by‑step mitigation and upgrade instructions for both Spring Framework and Spring Boot, along with references and security considerations.
This article provides a comprehensive overview of MySQL 8.0 enhancements, covering performance improvements such as contention‑aware scheduling and hash joins, security upgrades including authentication plugins and password policies, optimizer refinements, and various other features like persistent variables, GIS support, and binlog expiration handling.
This article provides a comprehensive walkthrough of Spring Security’s authentication mechanism, detailing the filter chain, core security components, and the underlying source‑code flow—from UsernamePasswordAuthenticationFilter through AuthenticationManager, ProviderManager, and DaoAuthenticationProvider—illustrated with code examples and diagrams.
This article explains the concepts, classifications, and risks of XSS and SQL injection attacks, demonstrates how MyBatis and SpringBoot filters can be used to sanitize inputs and request bodies, and provides practical code examples for implementing robust web application security.
The 2023 DevSecOps forecast highlights five major trends—including prioritizing software supply‑chain security, embedding security education in DevOps, pervasive AI/ML across the SDLC, deeper value‑stream analysis, and left‑shifting observability—while emphasizing zero‑trust, SBOM adoption, and the growing role of security in cloud‑native environments.
This article presents a comprehensive overview of TEE interoperability, describing the background of trusted execution environments, their remote attestation processes, a unified remote attestation framework, and the overall strategy for achieving cross‑TEE compatibility, including open‑source implementations and future directions.
MaxKey is an open-source, Apache-licensed SSO platform that supports major authentication protocols, offers extensive login methods, provides multi-tenant IAM features, and includes detailed Linux deployment steps with code snippets and interface screenshots, making it a comprehensive solution for enterprise identity management.
The article explains ten key non‑functional quality attributes of software architecture—such as scalability, availability, consistency, resilience, usability, observability, security, persistence, agility, and maintainability—describing their meanings, typical implementation techniques, and why selecting the right attributes is crucial for any system.
Jenkins' built‑in credentials manager suffers from several drawbacks and limitations, and integrating HashiCorp Vault can address these issues by providing more secure storage, better protection of sensitive data, and enhanced overall security for Jenkins pipelines.
Arm’s Vision Day revealed the next‑generation Armv9 architecture, highlighting its security‑focused Confidential Compute Architecture, AI enhancements through SVE2, and a roadmap of performance gains that together set the stage for the next decade of Arm‑based computing.
This article examines why running MySQL in Docker containers often leads to data‑security risks, performance bottlenecks, state management issues, and resource‑isolation problems, while also outlining scenarios where containerization can still be viable and offering practical mitigation strategies.
Arm's newly unveiled Armv9 architecture, presented at Vision Day, introduces major enhancements across security, artificial intelligence, and scalable vector extensions (SVE2), while outlining a roadmap for future CPUs, performance gains, and the confidential compute architecture that reshapes trust boundaries in modern computing.
This article explains traditional session‑based authentication, introduces JWT and JJWT, and presents two microservice authentication patterns—service‑side verification and gateway‑side verification—detailing their workflows, code examples, advantages, drawbacks, and practical challenges.
This article explains the fundamentals of authentication and authorization, the role of credentials, the differences between cookies and sessions, various token types including access and refresh tokens, and the principles, usage, and security considerations of JSON Web Tokens (JWT).
This article explains traditional session‑based authentication, introduces JWT and the JJWT library for secure token creation and verification, and compares two microservice authentication patterns—server‑side verification and API‑gateway unified verification—while discussing practical challenges such as token expiration, key management, and caching.
This article explains what JSON Web Tokens are, their structure and security considerations, introduces the JJWT Java library, and provides a complete Spring Boot and Angular example—including Maven setup, Java filters, controllers, and front‑end code—to demonstrate secure token‑based authentication.
This article explains how to securely mask sensitive data in log output by using either a conversionRule tag with MessageConverter or a custom utility class, and provides a step‑by‑step guide to integrate a reusable Logback desensitization component with Maven dependency, appender replacement, and YAML configuration.
This article explores Alibaba's DataWorks platform and its comprehensive data governance practices, covering application efficiency, security controls, cost optimization, organizational structure, and cultural initiatives that together enable scalable, secure, and cost‑effective data management across the enterprise.
GitHub’s February 14 update introduces a stronger AI Codex model, Fill‑In‑The‑Middle context handling, and lightweight client improvements that raise code suggestion quality, cut response time, and add real‑time security filtering, while enterprise Copilot now offers VPN support and easy licensing for thousands of developers.
This article provides a detailed introduction to Spring Boot, covering its purpose, advantages, core @SpringBootApplication annotation, supported logging frameworks, starter mechanism, new features in version 2.x, configuration methods, security, CORS handling, actuator monitoring, hot deployment, multi‑datasource setup, session sharing, and packaging differences, all aimed at helping developers quickly adopt and master the framework.
This article explains how eBPF extends kernel functionality to enable secure, high‑performance networking, observability, and programmable workloads in cloud‑native environments, detailing its architecture, use cases, market adoption, commercialization models, and the challenges and advantages that make it comparable to JavaScript for the kernel.
This article reviews how eight Chinese city commercial banks and other financial institutions adopted the CAICT‑led DevOps Capability Maturity Model, detailing their continuous delivery, technical operations, security, and system‑tool assessments, and highlighting the practical benefits and lessons for industry peers.
The article recounts a Kubernetes cluster intrusion where a misconfigured kubelet allowed crypto‑mining, details the forensic steps taken—including empty iptables, kubelet API exposure, and commented‑out settings—and offers concrete hardening recommendations to prevent similar attacks.
This article examines Xiaohongshu's community anti‑cheat efforts, detailing the significance of fraud prevention, the black‑gray industry ecosystem, strategic defense frameworks, system architecture, and practical risk governance and detection methods for data‑inflation attacks.
From multimodal pre‑training models and chiplet integration to compute‑in‑memory, cloud‑native security, predictive networking, dual‑engine decision systems, computational optical imaging, large‑scale digital twins, and generative AI, this overview highlights the key technological trends reshaping AI, hardware, and cloud infrastructures.
This article examines how the viral mini‑game "Sheep..." overcame its initial 5,000‑QPS bottleneck and scaled to over 100 million daily active users by redesigning its architecture, implementing cloud‑native auto‑scaling, enhancing operational monitoring with CLS, and fortifying security with WAF.
Google's Chrome security team announced that Chromium will soon support third‑party Rust libraries, aiming to simplify development, reduce memory‑safety bugs, and enhance overall browser security by integrating safer Rust code into Chrome binaries.
This article explains the key features of HTTP/2, the performance and security enhancements of TLS 1.3, the benefits of ECC over RSA, Brotli compression, and provides step‑by‑step Nginx configuration snippets to enable these technologies in production environments.
This article explains what eBPF is, why it matters for cloud‑native architectures, its key components and use‑cases in networking, observability and security, and explores current market momentum and commercialization models for leveraging eBPF in modern infrastructure.
DevSecOps integrates security into every stage of the DevOps lifecycle, addressing cultural, technical, and organizational challenges through practices such as early security integration, automated testing, skill training, tool integration, compliance, and continuous monitoring, ultimately enabling faster, safer software delivery.
This article details HaiTong Securities' journey through the DevSecOps assessment, showcasing their eHaiTongCai data service platform, interview insights from senior managers, the security challenges they faced, and the concrete steps they took to embed security across the entire software lifecycle.
The article details how China’s CITIC Securities leveraged the national DevOps and DevSecOps maturity models, passed Level 2 security assessments, and integrated cultural, procedural, and technical practices to enhance its institutional business service platform, improve security, and accelerate its digital transformation.
This article explains the fundamentals of SSL certificates, details Android’s certificate verification process, walks through common pitfalls such as expired or mismatched certificates, and provides practical solutions—including custom TrustManager implementations, revocation checks, and debugging techniques—to ensure reliable secure communication in Android apps.
The article explains why software supply chain security is increasingly critical, introduces the SLSA (Supply‑Chain Levels for Software Artifacts) framework and its three trust boundaries, outlines common risk points from code commit to package distribution, and discusses mitigation strategies such as mandatory code review, robot‑account controls, and automation.
CNStack 2.0 is a cloud‑native PaaS platform built on Kubernetes that unifies resource and workload management, offering agile, open, and secure multi‑cluster capabilities through modular cloud services, a unified API gateway, and integration with open‑source projects such as Sealer, Emissary‑Ingress, cert‑manager, Velero, and OCM.
The article explains Diffie‑Hellman key agreement, detailing its 1976 origin, mathematical derivation, example walkthrough, and provides complete Java server and Android client code illustrating how two parties securely generate a shared secret over an insecure channel without transmitting the key.
This article provides a step‑by‑step guide to building a Spring Cloud Gateway for microservices, covering system setup, request routing, cross‑origin handling, token‑bucket rate limiting, password hashing with BCrypt, an overview of symmetric and asymmetric encryption, and JWT‑based authentication with code examples and configuration details.
A curated collection of recent frontend articles covering a code‑submission script, the Remesh DDD framework, CSRF security basics, GraphQL BFF implementation for cloud music, build‑time reduction tricks, and the Intl.Enumeration proposal reaching Stage 4, offering valuable insights for web developers.
This article explains how to protect user privacy in a Java backend by creating a custom @PrivacyEncrypt annotation and a Jackson serializer that automatically mask sensitive fields such as phone numbers, emails, and ID cards during JSON serialization.
This article introduces the fundamentals of the Base64 encoding algorithm, explains its role in reverse‑engineering and security scenarios, details the encoding and decoding processes, and provides complete Java and native C++ implementations with code examples for Android development.
This guide explains how to configure and run GitLab secret detection to scan a repository for exposed credentials such as passwords, API keys, JWTs, and private keys, using custom rules, test files, pipeline execution, and result analysis.
This article explains how to define Kubernetes applications with YAML, compares it to JSON and INI, and outlines three validation levels—structural, semantic, and security—while recommending tools and shift‑left practices to ensure reliable and secure deployments.
This article explains how federated learning is applied to the advertising industry, covering business background, conversion processes from user, client, and server perspectives, algorithmic components such as CTR and CVR models, vertical and horizontal federated learning architectures, compression techniques, and security challenges with corresponding defenses.
In a detailed interview, senior engineers from China Agricultural Bank explain how their mobile banking payment and micro‑loan platforms passed the CAICT DevSecOps Level‑2 assessment, outlining the cultural, process, and technical measures—such as integrated security testing tools and cross‑department collaboration—that boosted security, efficiency, and digital transformation.
This article provides a comprehensive overview of IoT protocols and standards, organized by functional layers such as infrastructure, identification, communication, discovery, data exchange, device management, semantics, multi‑layer frameworks, security, and industry verticals, and lists relevant alliances and organizations shaping the IoT ecosystem.
This article explains how to extend the classic Role‑Based Access Control (RBAC) model with fine‑grained data permissions, detailing rule definition, database design, role‑rule binding, and AOP‑based enforcement, and offers optimization tips such as rule groups for complex scenarios.
Kubernetes 1.26, themed “Electrifying,” introduces 37 enhancements—including registry changes, storage upgrades, signed release artifacts, Windows high‑privilege containers, metric and scheduling improvements—while promoting 11 features to stable, deprecating 12 APIs, and emphasizing sustainability and carbon‑footprint awareness.
