This article reveals ten little‑known Python security pitfalls—from optimized‑away asserts and directory permission quirks to URL parsing quirks and Unicode normalization issues—explaining each flaw, its impact, and how to mitigate it, helping developers safeguard their code.
In his keynote at the 2022 Open Atom Global Open Source Summit, He Zhengyu outlined Ant Group’s open‑source strategy, highlighting over 900 repositories and key projects such as OceanBase, SOFA Mesh, MOSN, BabaSSL, Occlum, and the upcoming TuGraph, emphasizing how open core infrastructure drives industry innovation and ecosystem growth.
This article examines Android’s Binder inter‑process communication mechanism, detailing how SELinux integrates with the /dev/binder driver, the role of ServiceManager as ContextManager, the definition of binder‑related permissions, and the kernel‑level security hooks that enforce SEAndroid checks during binder transactions.
This article demonstrates how to mask sensitive data such as phone numbers, ID cards, and emails in MySQL and Java applications by combining SQL string functions with the MyBatis‑Mate Sensitive Jackson plugin, providing complete configuration, custom strategies, and runnable Spring Boot examples.
This guide walks through eight essential steps to harden SSH on Linux servers, including disabling root login, changing the default port, restricting password usage, limiting authentication attempts, enforcing protocol 2, disabling forwarding, using key-based authentication, and applying IP-based access controls.
The QianNiu client migrated its custom Application Embedded Framework to Chromium Embedded Framework, introducing a multi‑process architecture with isolated browser and render processes, remote RPC components, unified JS injection, render‑group optimization, comprehensive network interception, white‑screen detection, and plans for memory reclamation and further security hardening.
This article outlines nine essential DevOps best practices—from fostering a collaborative, blameless culture and adopting CI/CD, automated testing, observability, and IaC, while also highlighting common anti‑patterns such as isolated DevOps teams, hero reliance, and unchecked tool sprawl.
This article explains how HTTP/3, built on the QUIC transport, improves latency, reliability, and security compared to earlier HTTP versions, outlines its adoption across browsers and CDNs, and lists language libraries for developers to start implementing the new protocol.
Oracle is ending support for Java JDK 6 and 7, leaving millions of developers without security patches and prompting a shift to newer LTS releases like Java 8, 11, or alternative providers such as Azul, while navigating licensing and audit concerns.
This article details 58.com’s end‑to‑end approach to securing mobile, H5, and server SDKs—covering security fundamentals, the 5A methodology, the 金盾 architecture, integration steps, data‑flow encryption, comprehensive risk‑based testing, performance evaluation, and release decision making.
This article explains how to implement WeChat QR code login using OAuth2.0 in a Spring Boot backend, detailing the authorization flow, required configuration, code examples for obtaining access tokens, user authentication, Spring AOP login verification, and exception handling to securely integrate WeChat login into a Java application.
The article analyzes three recent high‑severity CVEs in the Kubernetes Ingress Nginx project, explains how its combined control‑plane and data‑plane design creates serious security and stability risks, and demonstrates how the MSE cloud‑native gateway’s separated architecture and xDS‑based configuration provide a safer, more reliable alternative.
This note shows how C++ templates and a one‑line macro can generate a universal wrapper that hooks any system API, logs and filters its parameters—including variadic and pointer arguments—while handling special cases such as const and void* buffers, eliminating repetitive custom wrappers.
This guide explains why the default SSH configuration is risky and provides eight concrete actions—including disabling root login, changing the default port, limiting authentication attempts, and using key‑based authentication—to secure Linux servers against common attacks.
Linux is generally more secure than other desktop operating systems, so many users wonder whether antivirus software or a firewall is necessary; this article explains the technical reasons why Linux typically does not need them, outlines the limits of protection, and offers practical security tips.
This article introduces a Logback desensitization component for Java applications, explains two common masking approaches, compares their pros and cons, and provides step‑by‑step instructions—including Maven dependency, appender replacement, YAML configuration, supported data types, matching rules, custom regex, and jar installation—to securely mask sensitive information in logs.
This comprehensive guide presents 36 practical recommendations for backend engineers, covering parameter validation, compatibility, extensibility, idempotency, error handling, logging, performance optimization, caching, rate limiting, security, transaction management, and clear communication to help design reliable, maintainable, and scalable service interfaces.
This article explains how to circumvent WeChat's ban on JavaScript interpreters in mini‑programs by compiling JavaScript to a compact bytecode, embedding the bytecode in an image's alpha channel, and executing it with a lightweight custom virtual machine, while also discussing why such hot‑updates cannot be fundamentally blocked.
This article explains Java's class loading mechanism, detailing memory structures, the roles of the bootstrap, extension, and application class loaders, the parent delegation model, custom class loaders, and related JVM phases such as loading, linking, and initialization, with code examples throughout.
The article introduces HyperEnclave, an open and cross‑platform Trusted Execution Environment that overcomes hardware‑binding limitations of traditional TEEs, supports multiple CPU architectures, offers three flexible enclave modes, and demonstrates superior performance across diverse workloads while maintaining strong security guarantees.
A recent Docker security issue shows that publishing container ports to 127.0.0.1 does not prevent external access, because Docker adds an iptables rule that forwards traffic to the container’s internal IP, allowing attackers on the same network to reach the service.
This guide explains why and how to assess the health of npm dependencies, outlines a step‑by‑step upgrade process, highlights tools like npm outdated, npm audit, depcheck, and offers practical advice on changelog review, lock‑file management, and distinguishing dependencies from devDependencies.
This article explains the fundamentals of API gateways, their role in microservice architectures, key design considerations such as routing, load balancing, security, and elasticity, and compares major open‑source implementations like OpenResty, Kong, Zuul, and Spring Cloud Gateway.
This article explains the concepts of DevOps, SecOps, and DevSecOps, outlines their core principles and benefits, compares their focus on collaboration, automation, and security, and provides guidance on selecting the most suitable approach for organizations seeking integrated development, operations, and security practices.
This article explains how to integrate the CAS (Central Authentication Service) single sign‑on solution into a Spring Boot backend by adding necessary dependencies, configuring a series of CAS filters, creating a custom MyAuthenticationFilter to handle AJAX requests, and demonstrating a Vue.js frontend that interacts with the authentication flow, complete with screenshots of the login, ticket validation, and logout processes.
This article compares Nacos and Apollo configuration centers, examining their security models, environment isolation mechanisms, and architectural complexity, and concludes that Nacos offers a simpler and potentially safer solution for microservice deployments.
This article analyses the rapid evolution of cloud‑native networking, identifies key challenges across traditional, data‑center, edge, multi‑cluster, financial, and telecom scenarios, and presents open‑source and commercial solutions such as Kube‑OVN, Underlay networks, flexible IPAM, and hardware‑software acceleration.
This roundup presents a curated list of recent frontend development articles covering Babel 7.18 upgrade issues, TypeScript migration strategies, monitoring system design, JavaScript security techniques, ES2022 features, React Native Skia integration, GraphQL BFF practices, and thoughts on software complexity.
This article explains the classic HttpBasic authentication mode in Spring Security, its limited use cases, how to integrate it with a Spring Boot project by adding Maven dependencies and configuration code, and details the underlying Base64‑based mechanism with step‑by‑step illustrations.
This tutorial explains the fundamentals of service mesh, details Istio’s architecture and core components, demonstrates how to install and configure Istio on Kubernetes, and explores common use cases such as traffic management, security, observability, and alternatives.
This guide demonstrates how to use Frida for Android reverse engineering, covering essential commands, stack tracing, and practical hook scripts for common methods such as HashMap.put, Base64.encodeToString, and UI event listeners, enabling developers to locate and analyze encryption logic within apps.
This article explains what DevSecOps is, why traditional security approaches no longer suffice in fast‑paced software delivery, outlines its key advantages such as risk control and cost reduction, and provides detailed guidance on organizational, process, and technology practices—including tool recommendations and CI/CD pipeline integration—to embed security throughout the software lifecycle.
This article presents ten practical methods for hardening Kubernetes application manifests, covering securityContext settings such as runAsUser, privileged mode, capabilities, read‑only root filesystem, privilege escalation, Seccomp, resource limits, image tagging, and optional AppArmor/SELinux policies, to reduce attack surface during development and deployment.
Git 2.37 introduces a built‑in file‑system monitor for faster status checks, supports sparse checkout to avoid downloading whole repositories, adds performance‑enhancing stash improvements, and tightens credential‑in‑URL security, offering developers a more efficient and safer version‑control experience.
An exposed Docker security flaw allows services bound to 127.0.0.1 via the -p flag to be accessed externally through iptables rules, as demonstrated by a PostgreSQL container proof‑of‑concept, and the article proposes stricter iptables configurations and default localhost binding to mitigate the risk.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, covering its core concepts, authorization flow, four grant types (authorization code, implicit, resource owner password credentials, client credentials), request and response parameters, token handling, and practical examples with code snippets.
This article examines the complexity of the Bluetooth protocol stack, focusing on Android’s Host layer vulnerabilities, and provides detailed analyses of three critical CVEs—CVE‑2020‑27024 (SMP), CVE‑2021‑0918 (GATT), and CVE‑2021‑39805 (L2CAP)—including protocol overviews, code excerpts, and exploitation paths.
Drawing from three and a half years of DevOps experience, this guide compiles critical operational practices—ranging from cautious command execution and strict change control to robust backup, security hardening, continuous monitoring, performance tuning, and a disciplined mindset—to help engineers avoid costly outages and data loss.
The article explains what a SmartNIC (intelligent network interface card) is, how it differs from traditional NICs, its computing off‑load capabilities for networking, storage, and security, the problems it solves, various types, limitations, and its growing role in modern data‑center architectures.
NanoID, a modern alternative to UUID, offers significantly smaller IDs, up to 60% faster generation, stronger security via crypto APIs, customizable alphabets, and broad language support, making it a compelling choice for developers seeking efficient, compact, and secure unique identifiers across various platforms.
This article provides an in‑depth overview of JSON Web Tokens (JWT), explaining their structure, authentication workflow, advantages such as statelessness and CSRF protection, drawbacks like revocation difficulty, and presents practical solutions including blacklist, secret rotation, short‑lived tokens and refresh‑token strategies.
This guide introduces thirteen practical Linux operations tools—from network bandwidth monitors like Nethogs to security scanners such as NMap—providing concise descriptions, installation commands, and usage tips to help system administrators efficiently manage and secure their servers.
This tutorial demonstrates how to use Frida to hook Java-level encryption functions on Android, covering MD5, SHA1, MAC, DES/AES/RSA ciphers, and signature algorithms by intercepting update, digest, init, and doFinal methods and logging their inputs and outputs in various formats.
A concise cheat‑sheet of frequently used Linux commands covering file searching, bulk moving, log cleanup, directory checks, text substitution with sed, network packet capture, firewall rules, and log analysis to boost sysadmin productivity.
This article provides a comprehensive overview of DevSecOps, explaining its definition, pipeline stages, framework components, and the top five best practices for 2022 to help organizations integrate security throughout the software development lifecycle.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, explaining its core concepts, the roles of resource owner, client, authorization server and resource server, and detailing the four grant types—authorization code, implicit, resource‑owner password credentials, and client credentials—along with token request/response formats and refresh token usage.
This article provides a comprehensive introduction to OAuth 2.0, covering its purpose, core roles, token types, four main grant flows (authorization code, implicit, resource‑owner password, client credentials), token refresh mechanisms, and practical request/response examples for developers.
The article dissects Android WebView’s evolution to Chromium‑based multi‑process mode, explains the costly initialization steps—including thread checks, provider creation, and Chromium engine startup in a sandbox process—highlights common security pitfalls, and offers idle‑time pre‑initialization and request‑interception techniques to boost performance.
This article explains what Microsoft AppVerifier is, how it helps detect memory corruption, security vulnerabilities, and privilege issues in Windows applications, and provides detailed download links, usage steps, configuration tips, common troubleshooting problems, and best‑practice recommendations for reliable testing.
This article explains several methods—ranging from insecure shortcuts to recommended practices—for hiding the MySQL password‑exposure warning that appears when invoking MySQL tools from a Linux shell, providing code examples and security considerations for each approach.
The 2022 Cloud‑Native Threat Report reveals a rise in Kubernetes‑targeted attacks, persistent supply‑chain threats in container images, and active exploitation of the Log4j zero‑day, underscoring the urgent need for specialized security measures in modern cloud‑native environments.
This article explains the standard JWT claims, shows how to generate a token with custom claims in Java, and compares single‑token and double‑token renewal strategies, including practical steps, Redis storage tips, and a brief overview of WeChat web authorization.
eBPF is a kernel‑level sandbox technology that enables safe, high‑performance, programmable instrumentation for networking, security, and observability, and this article answers seven key questions covering its definition, applications, origins, usage steps, implementation details, best practices, and current ecosystem.
This guide explains how to protect a Spring Cloud Gateway service from packet sniffing by using RSA asymmetric encryption, timestamp validation, unique request IDs stored in Redis, and MD5 signature checks, with complete Java and front‑end code examples.
This article provides a comprehensive tutorial on implementing Single Sign-On using the CAS (Central Authentication Service) framework, covering the concepts of SSO and CAS, required development environment, server-side deployment, client configuration, and end‑to‑end testing with detailed code examples.
In the Pwn2Own 2022 competition, hacker Manfred Paul exploited two critical Firefox vulnerabilities in under eight seconds, earning $100,000, while the event also uncovered major bugs across Ubuntu, Tesla, Microsoft, and Safari, highlighting the real-world impact of rapid zero‑day exploits.
This comprehensive guide explains what Nginx is, its core features, typical use cases, ecosystem extensions, installation methods, detailed configuration examples—including HTTPS, redirects, static mapping, proxying, rate limiting, authentication, load‑balancing strategies, and security hardening—plus an overview of its architecture and source‑code layout.
This article introduces the open‑source mall‑tiny rapid‑development scaffold, explains its core features and integration with the mall‑admin‑web front‑end, and provides a step‑by‑step guide to upgrading it to Spring Boot 2.7.0, covering Swagger, Spring Security, MyBatis‑Plus, circular‑dependency resolution, and CORS configuration.
This article outlines essential Kubernetes security principles based on the 4C model, discusses best practices for clusters, containers, and code, and reviews several open‑source tools such as Kubescape, kube‑bench, Terrascan, kube‑hunter, and Anchore for assessing and improving cluster security.
Mozilla’s security team has blocked the malicious Firefox add-ons “Bypass” and “Bypass XM”, which abused the browser’s proxy API to hijack updates and bypass paywalls, affecting hundreds of thousands of users, and introduced new fallback mechanisms and a “Proxy Failover” extension in Firefox 93.
Linux kernel 5.18, announced on May 22 by Linus Torvalds, brings a host of new features such as C11 compiler support, enhanced hardware compatibility, Btrfs ioctl extensions, io_uring upgrades, RSA crypto for virtio-crypto, and numerous driver and filesystem improvements.
This article compares Alibaba Cloud's MSE cloud‑native gateway with the traditional Nginx Ingress Controller across performance, cost, reliability and security, presenting benchmark data, CVE analysis, architectural advantages, and a step‑by‑step migration plan for Kubernetes clusters.
An AOSP commit proposed by a Xiaomi engineer to prohibit shell extraction of installed APKs—citing potential IP leakage—was rejected after receiving only the author’s support and two opposing votes, with reviewers arguing that such restrictions are ineffective, could be bypassed, and should be handled via DRM or device‑specific policies.
The SQLE 1.2205.0 release introduces three major features, enhancements to the SQL audit workflow, Oauth2 and LDAPS integrations, and a comprehensive list of bug fixes and optimizations, providing a more secure and efficient experience for database users and administrators.
Spring Authorization Server 0.3.0 has been officially released, bringing updated documentation, major feature changes such as token customizer relocation, removal of deprecated APIs, dependency upgrades to Spring Boot 2.7.0 and Spring Security 5.7.1, and new contributors, with detailed module overviews and changelog links.
This document explains the need for a unified account management system in enterprise cloud platforms, defines key terminology, outlines the advantages of token‑based authentication, describes the OAuth2 password‑grant flow and JWT usage, and details the technical design, interface specifications, and credential renewal process for secure cross‑service access.
This article provides a comprehensive overview of Android 12's new security and privacy features, including the Privacy Information Center, location accuracy levels, package visibility filtering, deprecation of system‑dialog closing intents, app hibernation, permission group queries, microphone and camera toggles, and numerous other system‑level changes that affect app behavior and user experience.
This article presents 36 practical guidelines for backend engineers covering interface parameter validation, compatibility, extensibility, idempotency, logging, error handling, security, rate limiting, caching, transaction management, and more, helping you design reliable, maintainable, and high‑performance APIs across any language.
This article explains the fundamentals of SSH, key‑based authentication, the SSH agent workflow, how SSH agent forwarding operates, how to configure ProxyJump, and the associated security risks along with mitigation techniques.
This article explores whether modern CPUs contain undocumented or hidden instructions, explains the challenges of searching the variable‑length x86 ISA, presents a depth‑first algorithm that skips irrelevant bytes, shows how to infer instruction length using page‑fault side‑effects, and reveals discovered hidden opcodes on Intel and AMD processors.
This article explains how SQL injection can exploit a Java Spring course‑selection system by concatenating user input into SQL statements, demonstrates various injection techniques such as always‑true conditions and UNION queries, and provides multiple defensive measures including prepared statements, type checking, permission restrictions, and request‑parameter filtering.
This article compares Podman and Docker, detailing their architectures, root privileges, security, integration with Kubernetes, image building tools, and how they can be used together, helping developers choose the appropriate container runtime for their projects.
This article provides an in‑depth comparison of Podman and Docker, covering their architectures, root‑less operation, security, integration with Kubernetes, support for Swarm/Compose, and practical guidance on when to choose or combine each container solution.
Microsoft researchers uncovered the Nimbuspwn vulnerability in systemd’s networkd-dispatcher, detailing how directory‑traversal, symlink‑race, and TOCTOU flaws let attackers replace root‑owned scripts, achieve privilege escalation, and why coordinated patching across hundreds of Linux distributions is critical.
A bug in the AkuDreams 3D‑animation NFT auction smart contract locked 11,539.5 ETH (worth about $34 million) and prevented refunds, prompting the developer foobar and the project team to investigate, disclose two contract errors, and eventually offer a partial 0.5 ETH refund to affected bidders.
The article introduces the ShadowRealm API, a new JavaScript proposal that creates highly isolated execution realms, explains its type signatures, demonstrates .evaluate() and .importValue() methods with code examples, compares it to eval, Function, iframes, Web Workers, and Node.js vm, and outlines practical use cases such as plugin execution, testing, and web scraping.
This article explains several Linux commands—such as rm -rf, fork bombs, direct writes to block devices, and malicious script execution—that can irreversibly damage systems, detailing their effects, typical usage examples, and essential precautions to avoid catastrophic data loss.
This article surveys a range of front‑end topics—including alternative web‑framework solutions, the rise of pnpm, JavaScript stack memory, TypeScript overloads, integrating Golang with Node.js, innovative development approaches, and essential network security insights—providing concise technical overviews and references.
This article presents a detailed checklist covering general information, application requirements, security and compliance, CI/CD practices, Kubernetes configuration, monitoring, testing, and 24/7 service team readiness to ensure reliable production deployment of HTTP‑based web services on Kubernetes.
This tutorial explains how to create complex, high‑entropy passwords on Linux using GPG or OpenSSL, optionally filter out special characters with sed, and then assess password strength with the cracklib‑check tool on CentOS 8, illustrating both weak and strong examples.
IntelliJ IDEA 2022.1 introduces a Dependency Analyzer for conflict resolution, an enhanced New Project wizard, a dedicated Notifications tool window, extensive language and framework support—including Java 18, Kotlin 1.6.20, Go microservices, Kubernetes, and improved security scanning—plus numerous usability upgrades such as uniform tab splitting, UML export formats, and a Gradle progress bar.
This article presents fifteen practical guidelines for managing software dependencies, covering pre‑inclusion checks such as design review, code quality, testing, security, licensing, and transitive dependencies, as well as post‑use practices like encapsulation, isolation, update strategies, and continuous monitoring to maintain a secure and reliable supply chain.
Learn how to protect sensitive data in Kubernetes by encrypting secrets, using Bitnami Sealed Secrets or external secret managers, and safely storing encrypted manifests in Git, with step‑by‑step commands for installing kubeseal, creating sealed secrets, and deploying them as Kubernetes Secrets.
This article examines GitHub Copilot’s code‑completion, comment‑driven generation, and repetitive‑task automation features, evaluates its accuracy and security concerns, and argues that while it can streamline mundane coding, it will not replace skilled programmers.
The article examines how rapid cloud‑native adoption reshapes application design and operations while introducing six distinct security risks, and proposes a comprehensive DevSecOps framework that integrates early‑stage security controls across infrastructure, compute, development, and management to protect modern containerized environments.
This article introduces the ShadowRealm API, a new JavaScript proposal that creates independent, highly isolated realms for executing code, explains its type signatures, demonstrates .evaluate() and .importValue() methods with practical examples, and compares it with eval, Web Workers, iframes, and Node.js vm.
Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with registration tokens, system index protection, a preview KNN search API using dense_vector, storage‑saving field mappings, faster geo indexing, PyTorch model support, and numerous deprecations and configuration changes across aggregations, allocation, analysis, authentication, and core infrastructure.
This article provides a step‑by‑step tutorial on integrating the Fair 2.0 dynamic framework into Flutter applications, covering dependency setup, widget conversion, bundle generation, runtime loading, parameter passing, navigation, plugin bridging, performance evaluation, update strategies, security checks, and practical lessons learned from its deployment in the 58 拍客 app.
This comprehensive guide explains the DNS system, its distributed architecture, protocol nuances, hierarchical naming structure, resolution process, caching, smart routing, BIND configuration, load balancing, subdomain delegation, debugging tools, and security considerations such as amplification attacks.
The article explains how counterfeit Chrome browsers proliferate in China, how search engine ads and misleading download pages trick users into installing malicious software, and provides a reliable method to obtain the genuine offline Chrome installer to protect against these security threats.
This article explains what JSON Web Token (JWT) is, its underlying mechanism and data structure, compares it with traditional session authentication, and demonstrates how JWT can be used for cross‑domain single sign‑on, access/refresh token handling, and secure API authentication.
This article explains the lightweight JWT specification, demonstrates how to build a token with header, payload, and signature using Base64 encoding and Node.js, and discusses its security properties, verification process, and suitable use cases for web authentication.
This article explains the officially announced Spring Framework remote code execution vulnerability CVE‑2022‑22965, outlines the affected environments, provides upgrade paths for Spring and Spring Boot, and shares safe code‑based mitigation techniques for developers.
This article explains the newly disclosed Spring Framework remote code execution flaw affecting JDK 9+ Spring MVC/WebFlux applications deployed as WARs on Apache Tomcat, outlines the affected conditions, current patch status, and provides code‑level workarounds for safe remediation.
A Kubernetes node was compromised for Monero mining due to empty iptables, an exposed kubelet API, and a mis‑commented configuration, prompting a detailed post‑mortem and practical hardening steps to prevent similar attacks.
This article outlines nine key reasons why developers favor Linux—ranging from its powerful command line and strong security to low resource usage, privacy protection, free licensing, and extensive community support—making it a reliable, developer‑friendly operating system for desktops, servers, and embedded devices.
This article examines the major Java trends for 2022, including the push to migrate from Java 8 to newer LTS releases, improved cloud and container support, multi‑platform advancements, security lessons from Log4Shell, and upcoming features in Java 18.
Microsoft’s upcoming Windows 11 Sun Valley 2 (22H2) update, codenamed SV2, brings a series of refined UI changes such as a revamped Alt+Tab, File Explorer tabs, new personalization options, plus security enhancements like Smart App Control, all rolled out gradually through the Insider preview builds.
This tutorial demonstrates two Python approaches for creating image verification codes—using the graphic-verification-code library for a quick four‑line solution and the captcha library for customizable random captchas—complete with installation commands, code examples, and sample outputs.
This article explains the necessity of a unified account management system for enterprise applications, defines key authentication terms, outlines the background and goals of token-based security, details the OAuth2 password‑grant flow with JWT, and discusses technical choices, interface design, and token renewal processes.
