This article explains how NanoID, a compact and faster alternative to UUID, offers better security, smaller size, higher performance, and broad language support, while also discussing its limitations and future prospects for unique identifier generation in software development.
Spring Authorization Server 0.2.3 introduces default client settings for public clients, splits OAuth2 client authentication providers, optimizes the in‑memory authorization service, adds federated‑identity demos, unifies token generation via OAuth2TokenGenerator, and upgrades core dependencies, with code examples illustrating each enhancement.
This article outlines twelve essential best‑practice steps—including updating to the latest stable release, enforcing PodSecurityPolicy, using namespaces, applying network policies, and hardening API server, scheduler, controller‑manager, etcd, and kubelet settings—to comprehensively secure a Kubernetes cluster.
The article presents a comprehensive design of the Cleaner anti‑crawler system, detailing its background, current challenges, related research, system architecture—including data processing, ban center, and ban store modules built on Flink, MQ, and Redis—implementation details, effectiveness evaluation, and concluding insights on achieving real‑time accuracy in protecting platform data.
This guide provides a detailed, step‑by‑step hardening strategy for Linux systems, covering distro selection, kernel choices, extensive sysctl tweaks, boot‑loader parameters, MAC policies, sandboxing, memory allocator hardening, compile‑time mitigations, root account protection, firewall rules, swap configuration, PAM policies, microcode updates, IPv6 privacy, partition mounting options, entropy sources, and physical security measures.
This guide explains Linux's SUID, SGID, and sticky bit permissions, shows how to inspect them with stat and ls, and provides step‑by‑step commands to set, verify, and revoke these special bits on files and directories.
This article explains how MySQL 8.0.27 adds multi‑factor authentication (MFA) via the new authentication_policy system variable, demonstrates configuring the variable, creating users with single or multiple authentication plugins, installing external plugins, and verifies MFA behavior with practical Docker‑based examples.
This article explains why Java bytecode is easy to decompile and introduces several practical techniques—including isolation, class encryption, native code conversion, and various forms of code obfuscation—to increase the difficulty of reverse‑engineering Java applications.
The article explains Minix’s origin as a teaching OS, its evolution into MINIX 3, its role inside Intel’s Management Engine, the security risks it introduces, and how it compares to Linux, highlighting why it may be the world’s most widely deployed operating system.
Under Jason Donenfeld’s leadership, Linux kernel’s random number generator was overhauled in versions 5.17 and 5.18, replacing SHA1 with BLAKE2s and shifting from per‑NUMA to per‑CPU structures, delivering up to a 131% speed increase and an astonishing 8450% boost in getrandom() performance on multi‑core systems.
This article provides a comprehensive guide on integrating Apache Shiro into a Spring Boot application, covering core components, Maven configuration, bean definitions, security manager setup, custom realms, filter chain configuration, and the complete login authentication flow with code examples.
This article outlines the design rationale, objectives, and technical choices for a unified, token‑based authentication system based on OAuth2 password grant and JWT, detailing terminology, workflow steps, security benefits, and interface specifications to enable cross‑system single sign‑on and secure access control.
This tutorial explains how to create a simple PNG CAPTCHA using PHP by generating a random four‑character code, drawing it with random rotation and position, adding noise lines and dots, and outputting the image for use in form validation.
The presentation outlines Alibaba Cloud's native data lake solution built on Apache Iceberg, covering data lake fundamentals, cloud migration challenges, Iceberg's architecture and features, real‑time ingestion with Flink, unified metadata management, security guarantees, and testing practices to ensure reliable, scalable big‑data analytics.
This article explains what DNS root servers are, how they function in the hierarchical name‑resolution process, why there are only thirteen IPv4 root addresses, where they are located worldwide—including China’s nodes—and lists common public DNS services for both IPv4 and IPv6.
This guide walks you through installing the Unix‑style Pass password manager on Linux, configuring GnuPG keys, initializing a secure password store, using basic Pass commands, and integrating it with browsers via PassFF for seamless, encrypted credential management.
This article explains how HTTP caching works, highlights security and privacy risks such as those introduced by the Spectre vulnerability, and recommends safe cache-control settings like using private caches and varying by Cookie to protect sensitive web resources.
This article traces the development of DevOps, explains how its evolution into DevSecOps integrates security early in the software lifecycle, outlines the resulting benefits of faster, cheaper, and safer delivery, and discusses the technical, cultural, and organizational challenges that must be overcome for successful adoption.
Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with registration tokens, known issues on ARM/macOS, a preview KNN search API using dense_vector, storage reductions for keyword and text fields, faster geo indexing, PyTorch model support, and numerous other enhancements across aggregations, allocation, analysis, authentication, and core infrastructure.
This article explains ARMv8‑A AArch64 virtualization support, covering Stage 2 page‑table translation, virtual exceptions, traps, hypervisor types, memory management, device emulation, interrupt handling, clock virtualization, VHE, nested virtualization, and the performance overhead of context switches.
This guide outlines ten practical methods for Linux system administrators to identify signs of intrusion, from missing logs and altered password files to unusual network traffic and recovering deleted log files using process file descriptors.
This guide presents a concise set of best‑practice rules for designing consistent, RESTful backend APIs—including naming conventions, URL structures, HTTP methods, versioning, pagination, security, and documentation tools—to help developers create clear, maintainable, and user‑friendly services.
This article outlines ten lesser‑known Python security pitfalls—from optimized‑away asserts and directory permission quirks to path traversal, regex misuse, Unicode normalization attacks, and IP address normalization—illustrating how subtle language features can lead to serious vulnerabilities in real‑world applications.
Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with enrollment tokens, protected system indices, a preview KNN search API, storage‑saving field encodings, faster geo indexing, and numerous deprecations and enhancements across aggregations, authentication, cluster coordination, and packaging.
Elasticsearch 8.0 introduces 7.x REST API compatibility headers, default‑on security features with automatic enrollment tokens, tighter protection of system indices, a preview KNN search API, storage‑saving field encodings, faster geo‑point and geo‑shape indexing, PyTorch model support, and a long list of deprecations and internal improvements.
Adobe released an emergency patch for a critical Magento zero‑day (CVE‑2022‑24086), JetBrains removed Log4j from the IntelliJ platform, and Google unveiled Android 13 "Tiramisu" with new privacy and UI enhancements, highlighting the industry's rapid response to security and usability challenges.
This article traces the evolution from DAC through MAC to RBAC and ABAC, critiques common implementations, and presents a practical, tag‑based permission system that cleanly separates roles, policies, and objects for scalable, secure access control.
Elasticsearch 8.0 introduces major updates such as 7.x REST API compatibility headers, default‑enabled security with enrollment tokens, protected system indices, a preview KNN search API, storage‑efficient field types, faster geo indexing, PyTorch model support, and numerous deprecations and bug fixes across aggregations, allocation, analysis, authentication, and core engine components.
The article provides a comprehensive overview of Elasticsearch 8.0, highlighting major updates such as 7.x REST API compatibility headers, default-enabled security, system‑index protection, a new KNN search API, storage and indexing optimizations, PyTorch model support, and numerous deprecations and feature removals across the stack.
This guide outlines a comprehensive, three‑stage IPv6 migration roadmap—including network upgrades, DNS/HTTPDNS redesign, security hardening, cloud and CDN adaptation, and mobile/app adjustments—to achieve full IPv6‑only support across infrastructure, services, and end‑users while ensuring seamless performance and security.
After discovering a compromised node in our self‑built Kubernetes cluster that was being used for Monero mining, we traced the breach to empty iptables rules and a misconfigured kubelet allowing anonymous API access, then outlined firewall hardening, network isolation, and secure kubelet practices to prevent future intrusions.
This article provides a thorough introduction to the Domain Name System (DNS), covering its hierarchical design, query workflow, caching mechanisms, message structure, resource record types, and common security threats along with mitigation techniques, offering essential knowledge for networking fundamentals.
The article explains why placing databases inside Docker containers is generally unsuitable, outlining seven major issues—including data safety, performance, networking, statefulness, resource isolation, cloud platform incompatibility, and environment requirements—while also offering practical mitigation strategies.
This guide presents a concise set of best‑practice rules for designing consistent, RESTful backend APIs—including naming conventions, versioning, pagination, security, monitoring, and error handling—to improve developer experience and maintainability across microservice architectures.
Arm's newly revealed Armv9 architecture introduces major ISA extensions, a confidential compute model, AI‑focused vector capabilities, and performance road‑maps that together aim to unify mobile, server and future workloads while strengthening security and software ecosystem compatibility.
The article explains how a seemingly prank README submitted by Linus Torvalds leveraged a GitHub "fake‑commit" flaw, demonstrates the malformed URLs used to hide commits, and discusses related GitHub vulnerabilities that remain unpatched, offering insight for security‑aware developers.
A dramatized Linux security incident shows how administrators use commands like top, ps, netstat, and the unhide tool to discover hidden mining processes, isolate suspicious network connections, and finally terminate the malicious hidden PID, illustrating practical techniques for rootkit detection and response.
Recent rumors claimed that foreign hacker groups were exploiting SonarQube and Vue.js to attack government and enterprise systems, but investigation shows the SonarQube flaw is a pure backend API authentication issue unrelated to Vue, and Vue itself has no known security vulnerabilities when standard front‑end safety practices are followed.
Chinese authorities have ordered government bodies and key enterprises to investigate the use of open‑source tools SonarQube and Vue.js amid claims that foreign hackers are exploiting these platforms, prompting a public response from Vue.js founder Evan You about the projects' security posture.
This article provides a comprehensive guide to implementing DevSecOps in enterprises, covering fundamental principles, collaboration between security and development teams, integration of security testing, building a secure toolchain, and practical strategies for scaling security within DevOps pipelines.
The 2021 China DPU Industry Whitepaper outlines how NVIDIA’s BlueField DPU series—BlueField‑2, the upcoming 400 Gb/s BlueField‑3, and future BlueField‑4—offload and accelerate networking, storage, security, and AI workloads, offering programmable ARM cores, high‑performance NICs, and a rich DOCA ecosystem that reshapes data‑center infrastructure.
This article provides a comprehensive overview of popular intranet penetration tools—including nps, frp, EW, and ngrok—detailing their features, installation steps, configuration examples, and usage scenarios for exposing internal services such as HTTP, SSH, RDP, and file sharing to the public internet.
This guide provides step‑by‑step shell commands to upgrade Ubuntu 16’s OpenSSH to version 8.8, including installing required packages, compiling OpenSSL, zlib, and OpenSSH from source, and updating configuration files to enhance system security on the server.
This article explains the principles and workflow of Single Sign-On (SSO) using OAuth2.0, illustrates the process with a real‑life scenario, compares multi‑point and single‑point login, and provides a complete Spring Boot example for building an authorization server, client, and role‑based access control in micro‑service architectures.
A wave of developers discovered their applications spewing garbled output after a malicious update to the widely used npm libraries colors and faker, revealing a deliberate sabotage by maintainer Marak Squires that sparked heated debate over open‑source ethics, corporate exploitation, and security responsibilities.
This article presents a comprehensive set of Dockerfile and Docker image best‑practice recommendations—including multi‑stage builds, command ordering, minimal base images, layer reduction, unprivileged containers, proper use of COPY versus ADD, caching strategies, health checks, image signing, and resource limits—to help Python developers create smaller, more secure, and maintainable container images.
This article provides a detailed overview of authentication mechanisms, covering UI login methods such as Basic, LDAP, OAuth, Kerberos, and SSO, API call verification techniques like HMAC and JWT, and practical design guidelines for implementing SSO with CAS in micro‑service architectures.
This article explains why deploying Kubernetes on bare‑metal servers offers six key benefits—simpler networking, better cost efficiency for demanding workloads, superior performance, stronger security, workload‑specific optimization, and freedom from vendor lock‑in—making it a smarter choice than virtual‑machine‑based solutions.
This article explains SaaS as a software‑delivery model, outlines its presentation, scheduling, business, and data layers, describes essential components such as security, data isolation, configurability, scalability, zero‑downtime upgrades, and multi‑tenant support, and details maturity levels, storage options, tenant identification, and performance optimizations.
This guide walks through setting up Spring Security for WebFlux, covering Maven dependencies, reactive security beans, password encoding, filter chain rules, functional routing, and method‑level authorization with complete code examples for a Spring Boot 2.5.8 project.
This article explains how to design a scalable multi‑account login system by describing self‑built phone‑number authentication, optimized password‑less registration, third‑party OAuth integration, database schema separation, and one‑click carrier‑based login, while highlighting advantages, drawbacks, and implementation details.
This article reviews the fundamentals of fraud, surveys the evolution of graph neural network research for fraud detection, outlines practical application steps, discusses key challenges such as disguise, scalability, and label scarcity, and provides representative papers, new research directions, industrial case studies, and open-source resources.
This article explains how to implement a Role‑Based Access Control (RBAC) permission model in Spring Cloud Gateway, covering the design, loading URL‑role mappings into Redis, customizing UserDetailsService, and integrating OAuth2.0 with code examples and database schema.
This tutorial explains the fundamentals of service mesh, outlines Istio’s architecture and core components, demonstrates how to install Istio on Kubernetes, and walks through practical examples such as traffic routing, security policies, observability, and common use‑cases, while also comparing alternative solutions.
This article explains the purpose of the TCP RST flag, how the kernel and application layers detect it, the various scenarios that trigger RST, why an RST may not terminate a connection, and the security implications of RST attacks.
The article reviews npm’s 2021 milestones—including the official release of npm 7.0 with performance gains and new features—while highlighting a wave of supply‑chain attacks on popular packages, discussing the rise of Corepack, and offering a forward‑looking perspective on the ecosystem’s challenges and opportunities.
This article explains how to deploy Traefik's Log4Shell plugin—a middleware that mitigates the Log4J (CVE‑2021‑44228) vulnerability—by configuring it via Pilot token, static files, Kubernetes CRDs, Ingress annotations, or Docker labels, with example code snippets for each method.
The 2021 GOLF+ IT Governance Forum highlighted Zhongtai Securities’ successful DevSecOps assessment, revealing how the company’s online business system met the second‑level security and risk management standards, and sharing detailed insights on cultural, procedural, and technical practices that drove their advanced security maturity.
GuoXin Securities' GoldSun platform passed the CAICT DevSecOps Level‑2 security and risk management assessment, showcasing how standardization, tool empowerment, and a collaborative DevOps culture can elevate a financial app's security posture to an advanced domestic level.
Zhongyuan Bank’s personal mobile banking project passed the national DevSecOps security and risk management assessment, showcasing how standardized DevOps practices, a dedicated security platform, and cultural, procedural, and technical integration can elevate a financial institution’s development lifecycle to an advanced, industry‑leading level.
This article explains the Logback CVE‑2021‑42550 vulnerability affecting versions before 1.2.9, outlines the three conditions required for exploitation, compares its severity to Log4j, and provides concrete steps—including upgrading to 1.2.9 and setting the configuration file read‑only—to protect Java applications.
This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.
This article explains the complete user login process, token generation and validation, token expiration policies, logout handling, and two approaches for anonymous requests—authorized tokens with rate limiting and path‑based regex rules—illustrated with diagrams and Java/Redis code examples.
Apache Log4j 2.17.0 has been released, addressing CVE‑2021‑45105 and fixing recursive string‑replacement vulnerabilities that could cause StackOverflowError DoS attacks, while also tightening JNDI usage and correcting several configuration and appender issues, with recommended mitigation steps for earlier versions.
Jeepay is an open‑source, Spring Boot‑based payment platform that supports multiple channels such as WeChat Pay, Alipay, and UnionPay, offering distributed deployment, high concurrency, secure signing, and a modular front‑back separation with comprehensive management and merchant interfaces.
This article explains the various ways to simulate GPS location on iOS devices—including Xcode GPX files, iTools, external Bluetooth accessories, and jailbreak hooks—while also detailing practical detection strategies such as altitude checks, type inspection, callback analysis, and method‑swizzling to identify fake positioning.
The article examines the concept of the Metaverse as an evolution of internet access terminals, analyzes how VR/AR headsets reshape communication‑type devices, and discusses the resulting new security, ultra‑low‑latency, and deterministic quality‑of‑service challenges for network infrastructure.
The article provides an in‑depth analysis of NVIDIA’s BlueField DPU series—detailing the roadmap from BlueField‑2 to BlueField‑4, the technical capabilities of BlueField‑3 across networking, security, and storage, and the DOCA ecosystem that enables programmable, hardware‑accelerated data‑center services, positioning DPUs as a core pillar of modern cloud infrastructure.
Apache Log4j 2.16.0 has been released, offering updated SLF4J adapters, disabling JNDI by default to mitigate CVE‑2021‑44228, removing message lookups, and requiring Java 8+, with detailed upgrade instructions and links to download and issue trackers.
On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.
The article explains the massive impact of the Log4j2 remote code execution vulnerability, details why its JNDI lookup is easily exploitable, lists affected software, and provides a concise four‑step guide using Alibaba Cloud ARMS RASP to detect, monitor, and block attacks while offering remediation recommendations.
This article explains the recent Log4j2 critical vulnerability, shows the official patch, and provides the simplest Spring Boot configuration change—adding a property in pom.xml—to upgrade Log4j2 safely while highlighting why the default logging component is Logback and offering advice on avoiding unnecessary third‑party replacements.
This article introduces five popular Linux distributions—Ubuntu, Linux Mint, Kali Linux, Parrot OS, and Fedora—explaining their features, target audiences, and why they are well‑suited for programmers and developers seeking open‑source, customizable development environments.
Designing a distributed system involves overcoming major challenges such as heterogeneity, transparency, openness, concurrency, security, scalability, and fault tolerance, each of which must be addressed to build a reliable, extensible, and performant system.
This article presents a comprehensive, practical design for an ultra‑large‑scale user center, covering microservice architecture, API separation, token generation with graceful degradation, data‑sharding strategies, password encryption, asynchronous processing, and detailed monitoring to ensure high availability, performance, and security.
This article demonstrates how MySQL 8.0 can enforce password history count and reuse‑interval policies for development and operations users by configuring global parameters and per‑user settings, eliminating the need for external password‑tracking scripts.
This article examines the architecture of WeChat Mini Program platforms, analyzing their definition, advantages, development costs, alternative solutions, and emphasizes that their primary value lies in providing a secure, controllable environment for exposing native capabilities.
This article explains why and how to implement intermediate redirect pages in front‑end projects, covering common scenarios, practical code examples, standardization tips, and security considerations to streamline multi‑team collaborations and cross‑domain navigation.
This tutorial explains the fundamentals of service mesh, details Istio's architecture and core components, and provides step‑by‑step instructions for installing Istio on Kubernetes, deploying a sample microservice application, and using common features such as traffic management, security, observability, and advanced use cases.
This article explains MySQL 8.0's new current‑password validation strategies, showing how to enforce old‑password checks per user or globally, with detailed command‑line examples and options to enable, disable, or customize the behavior for enhanced security.
This guide surveys a range of open‑source tools for unified account management, automated server deployment, DNS services, performance testing, and host security, including LDAP, JumpServer, NIS, Fabric, Ansible, dnsmasq, pdnsd, ApacheBench, TCPcopy, PortSentry, fail2ban, and Google Authenticator, helping administrators streamline operations across Linux environments.
Large‑scale website architecture must balance massive user traffic, data volume, security threats, and rapid feature changes by adopting layered, distributed designs that emphasize high performance, high availability, scalability, extensibility, and agility, employing techniques such as caching, load balancing, clustering, sharding, and service‑oriented components.
This guide presents twenty practical Linux server optimization methods—from kernel elevator tuning and daemon reduction to TCP tweaks, secure backups, and effective monitoring commands—helping administrators enhance reliability, speed, and security while reducing resource consumption.
The article reports on Tencent Cloud’s new Brazil data center launch amid rumors of database leaks and Chinese state directives to limit WeChat use, details recent U.S. trade bans on Chinese tech firms, and announces Alpine Linux 3.15’s discontinuation of MIPS64 support.
Alpine Linux 3.15 introduces disk‑encryption support, UEFI Secure Boot, updated kernels and packages, several significant changes such as gzip‑compressed kernel modules and removed MIPS64 support, and deprecates tools like sudo in favor of doas while warning about the upcoming end‑of‑life for php7.
The article dissects Apple’s FairPlay DRM, detailing its kernel‑driver and daemon decryption workflow, the LC_ENCRYPTION_INFO metadata, per‑user licensing files, LLVM‑level obfuscation techniques such as opaque predicates and control‑flow flattening, and the identified weaknesses that enable reverse‑engineering and key extraction.
This article explains a native image‑snapshot technique for mini‑programs that removes white‑screen delays, makes the first screen appear instantly, supports user interaction, and outlines the implementation steps, suitable scenarios, timing, storage security, accuracy measurement, and performance impact.
A curated collection of high‑quality open‑source Linux projects—including command‑line tools, security guides, tutorials, and web‑based shells—provides clear descriptions, key features, and direct GitHub links to help beginners and seasoned professionals quickly enhance their Linux expertise.
Mozilla’s security team has disabled the malicious ‘Bypass’ and ‘Bypass XM’ Firefox extensions that abused the proxy API, affecting hundreds of thousands of users, and provides steps to identify and remove them while highlighting recent Firefox updates and new security features.
This article examines three Android 11 security vulnerabilities—CVE‑2021‑0485’s picture‑in‑picture resizing flaw, CVE‑2021‑0521’s unprotected package‑visibility API, and CVE‑2021‑0645’s storage‑access bypass—detailing their causes, code examples, and the patches Google released to mitigate them in practice.
Spring Boot 2.6 introduces Cookie SameSite support, reactive session timeout, custom data‑masking rules, automatic Redis pool configuration, richer runtime Java metrics, build‑info personalization, new startup and disk metrics, enhanced Docker image building, and many deprecated properties removed or renamed, improving security and performance.
This article explains why MySQL fails to start on Ubuntu due to AppArmor restrictions and provides two practical solutions: editing the AppArmor profile to grant MySQL directory access or switching AppArmor to complain mode, with full command examples and configuration snippets.
TencentOS AIoT comprises the ultra‑lightweight Tiny RTOS for resource‑constrained devices and the Linux‑based Edge platform for gateways, offering modular kernels, low‑power management, OTA updates, robust security, unified AT communication, ELF loading, containerized AI workloads via TinyKube, extensive protocol bridges, and a thriving open‑source developer ecosystem.
This article presents a comprehensive engineering guide for building a high‑availability, high‑performance, and secure user‑center system that can serve hundreds of millions of users, covering service architecture, API design, sharding, token fallback, data protection, asynchronous processing, and observability.
A recent security breach compromised the popular npm packages coa and rc, injecting ransomware‑capable code that can steal browser passwords, record keystrokes and screenshots, prompting developers to lock specific versions and enable two‑factor authentication to protect their projects.
This guide outlines the typical Linux and Windows environments encountered in security incidents, common threats such as mining and ransomware, and provides a step‑by‑step workflow with essential commands for process, user, network, and file investigation to identify and remediate compromises.
The article provides a comprehensive analysis of China's domestic CPU ecosystem, examining the technical distinctions between architectures and instruction sets, the security implications of relying on foreign designs, and the strategic balance needed between indigenous development and imported technologies to advance the nation's semiconductor industry.
This article explains how cloud‑native technologies enable a unified control plane for Alibaba Cloud ACK clusters and self‑built Kubernetes clusters, detailing the ACK registered‑cluster architecture, one‑way registration, non‑managed security mechanisms, step‑by‑step cluster onboarding, and consistent security governance across environments.
The article introduces Spring’s open‑source nohttp project, which scans, replaces, and blocks HTTP URLs to prevent man‑in‑the‑middle attacks, outlines its modules and usage with an XML configuration example, and also advertises a free Alibaba Cloud server giveaway and a large interview‑question PDF collection.
This article explains the necessity of Single Sign-On (SSO) in multi‑system environments, traces its origins from monolithic web applications to distributed clusters, and describes common implementation approaches for same‑domain and cross‑domain scenarios, including the use of a central authentication center such as CAS.
