This roundup covers major Kubernetes ecosystem news, including the CNCF archiving rkt, GitHub Actions support for Azure CI/CD, Intel's GPU plugin, security CVE details, upstream feature enhancements, open‑source tool recommendations, and curated reading on policy enforcement and virtual clusters.
iQIYI’s one‑click Android app health check provides a lightweight, universal solution that automatically installs, traverses, and analyzes apps on a 100‑device cloud farm using ATX‑based drivers, OCR‑driven UI interaction, deep‑learning UI anomaly detection, static security analysis, performance metrics, and crash/ANR reporting, seamlessly integrating into CI pipelines.
This guide introduces a collection of practical Linux operation tools—including Nethogs, IOZone, IOTop, IPtraf, iftop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap, and Httperf—detailing their purpose, installation commands, and usage examples for system monitoring, performance testing, and security hardening.
At IJCAI 2019, Alibaba’s MoKu Lab unveiled the Beidou Star platform and an intelligent conversational video search system for end‑to‑end content creation, while its Turing Lab demonstrated security AI such as Green Net, IP Brain, facial‑recognition and Tianyan, complemented by multiple research papers, academic collaborations and new hiring drives.
This article explains the origin, purpose, and inner workings of HTTP cookies, details their attributes and security implications, demonstrates how to create, retrieve, and set cookies with Python's requests library, and compares cookies with server‑side sessions for robust web development.
This week’s cloud‑native roundup covers Mesosphere’s rebranding to D2iQ, two critical Kubernetes CVEs with remediation steps, upcoming CNCF Kubernetes summits, the Knative 0.8 release, curated open‑source project recommendations, and a selection of in‑depth reading on multi‑cluster, serverless, and API‑gateway technologies.
This article explains Istio's security features, focusing on mutual TLS configuration at global, namespace, and service levels, demonstrates practical YAML examples, shows how sidecar presence affects traffic, and discusses TLS mode choices, certificate handling, and real‑world deployment considerations.
At the July 27 Tencent Cloud IoT Salon in Beijing, over 400 developers explored the latest in IoT platforms, edge computing, security, operating systems, and AIoT, with speakers highlighting market growth, architectural designs, challenges, and practical solutions that lower development barriers and enhance reliability.
This article explains the dangers of XSS and SQL injection attacks, demonstrates realistic attack scenarios, and provides a comprehensive backend solution using Spring AOP, HttpMessageConverter, custom Servlet Filters, request wrappers, and ESAPI to sanitize inputs and protect web applications.
This article enumerates the typical reasons why MySQL returns error 1045 – such as connecting to the wrong host, using a non‑existent user, host‑based access restrictions, incorrect passwords, special characters in Bash, and missing SSL – and provides step‑by‑step commands to diagnose and resolve each issue.
Recent reports reveal that many Android apps secretly collect location and identifier data despite denied permissions, a zero‑day Zoom flaw lets any website hijack Mac cameras, and Didi adjusts its pricing, while a man released after splashing water on Baidu's CEO highlights broader tech‑related news.
The article explains how attackers can exploit file upload functionality by uploading malicious files, crafted filenames, SVG payloads, or symlinks to achieve remote code execution, data theft, or server denial‑of‑service, and provides practical defense measures such as whitelist validation, content‑type checks, and upload rate limiting.
Mini‑programs emerged as a lightweight, containerised solution for large‑scale apps facing rising traffic costs and user fragmentation, using a reduced‑scope, web‑like DSL with separate JavaScript logic and native‑rendered views, delivering high performance, developer ease, and platform‑controlled security while incurring migration, data‑transfer, latency, and approval challenges.
This article presents fifteen common Spring Boot interview questions covering its definition, features, starters, configuration files, CORS handling, security choices, session sharing, hot deployment, scheduling, API documentation, data access, XML usage, executable JAR differences, and property file distinctions, providing concise explanations and practical references for Java developers.
This article examines the Android shared library (SO) loading mechanism, identifies security vulnerabilities, and presents a method of packing the SO to hinder reverse engineering, detailing each loading step, challenges across Android versions, and before‑after protection results.
In an interview, Ant Group CTO Cheng Li explains how the digital era demands breakthroughs in blockchain, artificial intelligence, security, IoT and computing to boost China’s financial services, outlines current challenges, and proposes concrete steps for rapid technology adoption and open‑architecture transformation.
Open Distro for Elasticsearch is an AWS‑backed, fully open‑source distribution of Elasticsearch that adds enterprise‑grade security, alerting, SQL querying, and performance analysis features, includes Kibana for visualization, and follows a clear version‑release roadmap.
This article outlines practical Nginx security settings—including hiding version info, enabling HTTPS, configuring allow/deny lists, basic authentication, request method restrictions, user‑agent blocking, hotlink protection, connection limits, buffer size tweaks, timeout adjustments, and secure response headers—to help harden your web server against common attacks.
This week’s roundup covers two high‑severity Docker CVEs (CVE‑2019‑5021 privilege escalation in Alpine images and CVE‑2018‑15664 TOCTOU flaw in docker cp), Kubernetes moving to Go modules, new Envoy request‑mirror and route‑debug features, Knative’s stateful‑serverless experiment, Istio 1.0 EOL, Cilium’s BPF‑based network policy, and emerging Service Mesh trends, all with reference links for deeper reading.
This article compiles a series of Linux mind‑maps and diagrams that outline learning paths, desktop environments, the Filesystem Hierarchy Standard, critical directories, kernel study routes, security coaching visuals, and command reference cheat sheets, each linked to their original sources.
This guide introduces a collection of practical Linux operations tools—including Nethogs, IOZone, IOTop, IPtraf, IFTop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap and Httperf—providing concise installation commands, basic usage examples, and key options to help system administrators monitor performance, security and resources efficiently.
This guide introduces a dozen practical Linux operation tools—including Nethogs, IOZone, IOTop, IPtraf, IFTop, Fail2ban, Tmux, and others—providing concise descriptions, download links, and ready‑to‑run installation commands to help system administrators boost monitoring, performance testing, and security on their servers.
The article details a scalable, extensible cloud‑audit architecture for Tencent Cloud accounts that stores API logs in a Shanghai‑region COS bucket, processes them with EMR‑based Hive tables and hourly partition scripts, aggregates results into a hot MySQL store, and enables administrators to monitor all sub‑accounts with a real‑time “god view.”
This article introduces Electron, explains its architecture, development workflow, performance and security considerations, and demonstrates its practical use in the NFES DevTools platform, providing guidance for developers who want to build cross‑platform desktop applications with web technologies.
This article explains what HTTP cookies are, their basic operation via Set‑Cookie and Cookie headers, the standard cookie format and attributes, how to view them in browsers, and how cookies enable seamless cross‑domain redirects, illustrated with PHP code examples.
The 58 Group Technical Salon on April 23, 2019 presented a comprehensive overview of account system design, risk control, gateway authentication, multi‑active data synchronization, overseas account handling, cloud account platform capabilities, and security strategies, offering practical insights for building robust and secure user authentication infrastructures.
This article explains token authentication, the structure and claims of JSON Web Tokens (JWT), their relationship with OAuth, and demonstrates how to create, sign, and verify JWTs in Java using the JJWT library, while also covering security best practices and useful tooling.
This article explains how to build high‑performance, highly‑available, scalable, extensible, and secure recommendation services by outlining background concepts, defining quality criteria, discussing design challenges, and presenting concrete architectural principles and practical strategies.
This article presents Meituan's real‑world experience with Apache Druid, detailing the platform’s current usage, the usability, security and stability challenges faced, the principles and architecture of Druid SQL, the enhancements made to schema inference, logging, query safety, and the custom security extensions implemented to achieve fine‑grained access control and SSO integration.
This roundup covers GoDaddy's open‑source Kubernetes External Secrets project, free CNCF cloud‑native courses for Chinese developers, major Kubernetes performance and security enhancements, Knative and Istio updates, containerd improvements, a shift from rich‑container ops to cloud‑native practices, and recommended open‑source and reading resources.
This article analyses various client‑side authentication scenarios, classifies tokens into password, session, and API categories, compares their natural and controllable attributes, and proposes a four‑layer hierarchical token architecture to improve security, usability, and decoupling across multiple platforms.
An in‑depth guide walks through the essential layers of modern website architecture—including front‑end optimization, application frameworks, service distribution, storage solutions, backend processing, monitoring, security, and data‑center design—offering practical strategies for building high‑performance, scalable web systems.
The article surveys authentication from ancient token methods to modern password and session techniques, explains OAuth 2.0 flows and their adaptation for WeChat Mini‑Programs—including access‑token retrieval, simplified client‑credentials grants, and cloud‑call automation—while also previewing future trends such as biometrics, blockchain‑based decentralization, and AI‑driven trust models.
This guide outlines practical Linux operations standards, covering safe testing, backup habits, multi‑user coordination, security hardening, continuous monitoring, performance tuning methods, and the right mindset to avoid costly mistakes in production environments.
This article examines how small configuration errors in Docker‑based CI pipelines, especially when using services like AWS CodeBuild and Docker‑in‑Docker, can expose severe security risks, demonstrates real‑world attack steps, and provides practical mitigation strategies to harden the build process.
This article explores the full spectrum of modern operations, covering environment deployment, troubleshooting, backup, high availability, monitoring, security, automation, virtualization, and cloud services, while highlighting essential tools and best practices for both Linux and Windows environments.
This article explains how to extend the default OAuth2 token response by adding business-related fields such as tenant, user, and department IDs, and walks through the relevant Spring Cloud source code that generates and enhances tokens for improved performance and security.
This article provides an in‑depth overview of Android permission architecture, covering permission categories, permission groups, the evolution of permission handling across API levels, special system permissions, custom permissions, common compatibility pitfalls on various OEM ROMs, and a unified design for dynamic permission requests.
This article explains how the default OAuth2 check‑token flow creates a performance bottleneck, then shows how to extend JWT tokens with user details via a custom TokenEnhancer and replace RemoteTokenServices with a custom ResourceServerTokenServices, including configuration, code examples, and the security trade‑offs of using JWT.
This article explains how software teams can select, combine, and interpret nine essential metrics—including lead time, cycle time, team velocity, defect rates, MTBF, MTTR, and security incident counts—to drive continuous improvement, align with business goals, and ultimately achieve successful outcomes.
The article analyzes an arbitrary URL redirect flaw caused by unchecked returnUrl parameters, demonstrates how Java's URL.getHost() can be misused through backslash and hash bypasses, and provides a robust validation code snippet that works across JDK versions.
This guide explains the end‑to‑end home network architecture, common Wi‑Fi problems, and practical optimization, security, and testing methods so you can achieve smooth, high‑speed wireless performance across any household layout.
This article explains the principles of forward and reverse proxy servers, illustrates their roles with everyday analogies, outlines their typical use cases such as bypassing access restrictions, improving speed, hiding IP addresses, load balancing, and enhancing security, and compares the two approaches.
This article outlines ten critical npm security best practices—from avoiding secret leaks and using lockfiles to enabling two‑factor authentication and understanding typosquatting—helping front‑end and back‑end developers safeguard their projects against common package‑related vulnerabilities.
This article explains how to protect Spring Cloud microservices using OAuth2 by configuring an API gateway, an authorization server, and a simple account service, providing a complete token‑based security solution with code examples and testing instructions.
This article analyzes the evolving demands of modern databases, outlines essential features for remote management tools, compares open‑source and cloud‑based solutions, and evaluates Tencent Cloud’s console, DMC, and integrated phpMyAdmin, highlighting strengths, shortcomings, and future development directions.
This article reviews recent Elasticsearch data breaches and presents practical security strategies—including network isolation, non‑root operation, custom ports, and free Search Guard authentication—to help engineers safeguard their search clusters against common attacks.
This guide outlines practical steps and command examples for Linux administrators to identify compromised machines, examine logs, verify user files, monitor login activity, capture abnormal traffic, and recover deleted logs using lsof and /proc information.
During the 2019 Chinese New Year Gala, Baidu mobilized a massive technical operation—scaling cloud resources, isolating traffic, and deploying AI‑driven security—to flawlessly process over 9 billion red‑packet interactions despite unprecedented traffic spikes and login surges.
The paper presents a highly scalable, low‑overhead Host‑based Intrusion Detection System architecture designed for hundreds of thousands of servers, emphasizing cluster high‑availability, strong consistency via a CP‑oriented etcd backend, Go‑based agents with efficient resource management, modular sandboxing, and robust process monitoring to ensure reliable, secure operation at massive scale.
This guide explains how to use Linux shell commands and a custom Bash script to view, modify, save, and restore file timestamps, enabling attackers to hide forensic evidence while also showing administrators how timestamps can be forged and why they must remain vigilant.
This guide explains how enterprises can build a comprehensive Azure governance scaffold—covering hierarchy, naming standards, policies, initiatives, identity and access management, security, monitoring, cost control, automation, and DevOps—to balance agility with control and risk mitigation across cloud workloads.
The article reflects on Huawei’s public letter urging a comprehensive upgrade of software‑engineering practices, explaining concepts such as IPD, the project‑management triple constraint, architecture, technical debt, security, and cultural change, while emphasizing the need for trustworthy, high‑quality software development.
This guide outlines critical operational practices for Linux server management, emphasizing thorough testing, cautious command execution, regular backups, strict access controls, comprehensive monitoring, performance tuning, and a disciplined mindset to avoid costly incidents and ensure system stability.
This guide walks you through installing JumpServer 3.0 on CentOS, configuring its dependencies, setting up users, assets, and permissions, and accessing the bastion host via web and SSH, providing a complete, step‑by‑step tutorial for a secure jump‑server deployment.
This article warns about ten extremely dangerous Linux commands—such as rm -rf, fork bombs, and direct writes to /dev/sda—explaining how they work, the potential damage they can cause, and safety measures to avoid catastrophic system failures.
This cheat sheet compiles essential Linux commands for penetration testing, covering system enumeration, package management, user handling, compression, file operations, Samba access, shell tricks, Python tips, miscellaneous utilities, bash history clearing, filesystem permissions, and notable files for privilege escalation.
This article recounts several real incidents where disgruntled engineers or admins deleted critical databases as retaliation, highlighting the severe consequences and stressing that proper backups and cautious use of destructive commands are essential for any organization.
The podcast examines AI’s rapid integration into entertainment, security and personalization, highlighting its use in automated video editing, facial-recognition tagging of celebrities and non-celebrities, while debating ethical concerns such as echo-chambers, emotional nuance, and the technology’s transformative yet limited role across industries.
The article revisits the early days of physical server deployments and virtualization, explains how containers emerged as a lightweight alternative to VMs, discusses their security trade‑offs, and promotes a DevOpsLIVE event on Windows‑Linux containers and Azure Kubernetes.
The draft "Internet Personal Information Security Protection Guideline" issued by China's Ministry of Public Security outlines comprehensive management mechanisms, technical safeguards, and business processes to help internet enterprises protect personal data throughout its lifecycle, and invites public feedback via the national security platform.
This comprehensive guide presents 25 practical Linux hardening techniques—from BIOS protection and disk partitioning to SELinux configuration, firewall rules, and user account management—helping system administrators strengthen server security and defend against potential attacks.
This guide presents practical Dockerizing techniques—including choosing lightweight base images, installing only necessary packages, handling file permissions, defining user privileges, exposing ports, configuring entrypoints, externalizing data, and managing logs—to help developers build secure, efficient container images.
This article explores the evolution of authentication and authorization from monolithic to microservice architectures, comparing traditional session-based methods with modern token solutions like JWT and OAuth2, and provides practical guidance on implementing secure, scalable access control across dozens of services.
This article walks through twelve essential Linux security techniques—including console access restrictions, password aging, sudo notifications, SSH hardening, Tripwire intrusion detection, firewalld and iptables firewall management, compiler restrictions, immutable files, SELinux reporting, and sealert usage—providing commands and configuration tips to fortify a system.
This guide walks you through configuring a Python environment, installing essential packages such as virtualenv, IPython, requests, BeautifulSoup, and pwntools, and demonstrates how to perform network communication, binary manipulation, encoding, and C library integration, empowering you to develop security exploits efficiently.
The article explains how the popular Node.js package event-stream was transferred to a new maintainer who injected a malicious flatmap-stream module that steals Bitcoin, outlines the timeline of the supply‑chain attack, and provides steps for developers to detect and remediate the infection.
The article explains how Alibaba leveraged large‑scale IPv6 deployment during the 2018 Double 11 shopping festival, detailing the end‑to‑end network architecture, big‑data‑driven optimization, security measures, and the strategic reasons behind moving from IPv4 to IPv6 across cloud, mobile, and IoT ecosystems.
Alibaba’s campus face‑recognition system, handling over 200,000 daily scans, combines hardware upgrades, software image‑quality management, algorithmic grouping, and database‑photo enhancements to cut mis‑recognition to 0.1%, illustrating large‑scale AI deployment in security and payment scenarios.
This article introduces thirteen practical Linux operation tools—including Nethogs, IOZone, IOTop, IPtraf, IFTop, Fail2ban, and more—providing concise descriptions, download links, and step‑by‑step installation commands to help system administrators monitor performance, network traffic, and protect against attacks.
This article surveys multiple double‑spend attack vectors discovered on major public blockchains such as Bitcoin, EOS, and NEO, classifies them into verification flaws, VM execution inconsistencies, and consensus weaknesses, and proposes an efficient mitigation method based on write‑operation hashing.
This article recounts a Redis server hijack incident, detailing the detection, forensic investigation, removal of malicious files and cron jobs, and provides practical hardening recommendations to prevent similar attacks on Linux environments.
This article presents a comprehensive guide on strengthening Linux systems by applying console restrictions, password policies, sudo notifications, SSH hardening, Tripwire intrusion detection, firewalld and iptables firewall management, compiler restrictions, immutable files, and SELinux tools such as aureport and sealert.
This article explains the OAuth protocol, its role in providing secure third‑party access to user resources, describes the overall authorization architecture, outlines the involved parties and step‑by‑step flow, and details the four main grant types along with token refresh mechanisms.
This article explores Deno—a runtime created by Node.js co‑founder Ryan Dahl—covering its recent releases, TypeScript support, security roadmap, and how it aims to replace Node.js as a modern, secure backend platform.
This article outlines comprehensive Linux security measures—including account hardening, remote access protection, file system safeguards, rootkit detection tools, and step‑by‑step post‑attack response—to help system administrators strengthen server defenses and quickly recover from compromises.
This guide walks Linux administrators through common signs of server compromise, shows how to examine logs, user files, active processes, network traffic, and demonstrates using lsof and /proc to recover deleted log files, all with concrete command examples.
This article outlines the overall architecture of a generic open platform, detailing its web server, API gateway, portal, management services, service registry, security components, OAuth, service composition, and best‑practice security measures for building a robust backend system.
This article explains why open platforms emerged, outlines their essential functional modules such as service gateways, management, proxy, security, OAuth, registration, sandbox, and developer portals, and discusses future trends and technology evolution for open API platforms.
This guide outlines key PHP backend practices—including abandoning deprecated mysql_ functions, avoiding unnecessary reference passing, writing efficient queries, validating user input, and embracing modern tools and languages—to help developers produce clean, secure, and high‑performance applications.
This article outlines a comprehensive, multi‑layer web architecture covering front‑end optimization, application‑level frameworks, service‑oriented components, storage solutions, backend analytics, monitoring, security measures, and data‑center design for building highly scalable and reliable websites.
JD Security researchers attended the BRUCON conference to unveil a new fuzz‑testing operation that extends AFL with custom instrumentation, enabling faster testing across multiple CPU architectures and overcoming the limitations of existing fuzzers for closed‑source and non‑x86 systems.
This article examines the challenges of unifying multiple independent account systems within 58 Group and presents three technical approaches—full account merging, account linking with single sign‑on, and a unified cloud account platform—detailing their benefits, difficulties, and implementation considerations.
Tencent’s architecture platform team explains how they monitor, automate, and secure billions of daily operations across storage, CDN, and live services, using multi‑dimensional metrics, real‑time and instant computation, AI‑driven anomaly detection, and a custom control platform for safe changes.
This guide catalogs over fifty essential Docker‑related tools—including orchestration platforms like Kubernetes and Swarm, CI/CD services such as Jenkins and GitLab, monitoring solutions like Prometheus, logging utilities, security scanners, storage plugins, and networking options—helping developers, DevOps, SREs, and architects select the right solution for each stage of container development.
Blockchain’s decentralized, secure ledger can empower AI by enabling open data sharing, trustworthy model licensing, and auditable provenance, while AI contributes decision‑making and pattern recognition, together creating a decentralized operating system that enhances security, transparency, and scalability across sectors such as healthcare, finance, and beyond.
This article provides a comprehensive technical guide on using Kubernetes and OpenShift for container‑cloud deployment, covering architecture, multi‑tenant isolation, security, load balancing, logging, monitoring, CI/CD, storage options, and best practices especially for financial‑industry microservice workloads.
The article examines the advantages and disadvantages of microservice architectures, discussing flexibility, scalability, autonomy, monitoring, build and release complexity, security, and data replication, while highlighting practical trade‑offs and lessons learned from real‑world implementations.
This article provides a comprehensive overview of internet operations, detailing how service‑centric stability, security, and efficiency are achieved through infrastructure management, monitoring, risk mitigation, and continuous optimization, while outlining the various operational roles, their duties, and the evolution of ops practices.
MQTT is a lightweight, open‑source publish/subscribe protocol that powers the IoT’s global nervous system by delivering small‑header messages over TCP/IP with configurable QoS, low bandwidth, and optional TLS security, making it ideal for battery‑constrained devices, scalable deployments, and real‑time applications such as home monitoring.
This guide walks you through creating a Raspberry Pi‑based Python tool that automatically detects inserted USB drives, logs their file names and paths to a text file, and sends the information to a designated WeChat account, while explaining the required hardware, Linux setup, and code details.
This article explains why Jenkins' HTML Publisher Plugin often fails to load custom CSS and JavaScript due to its default Content Security Policy, and provides two solutions: temporarily disabling CSP via a Groovy command and permanently applying the change using a startup-triggered job.
This article presents a comprehensive set of Linux interview questions covering basic file handling, process management, networking, security concepts, HTTP protocols, load balancing, and Python scripting, providing clear tasks and explanations for each topic.
The article translates and explains a typical IoT platform architecture, outlining its core Gather‑Analyze‑Act functions, common building blocks such as device interfaces, messaging brokers, storage and analytics layers, and highlights key differentiators like multi‑tenancy, protocol support, security, and extensible rule engines.
This article warns about ten powerful Linux commands—such as rm -rf, fork bombs, and direct disk writes—that can cause irreversible damage if misused, especially with root privileges, and offers safety tips for each.
This article explains the concept of FUZZ testing, describes its two main techniques, presents the design and core functions of a self‑developed FUZZ testing tool, showcases real‑world test results on SQL and HTTP interfaces, and outlines future enhancements for broader applicability.
This article explains the fundamentals of HTTP's stateless nature, session handling, and login state, then introduces the challenges of multi‑system environments and presents a detailed overview of Single Sign‑On (SSO) concepts, flow, deployment, and step‑by‑step Java code examples for both client and server sides.
This article walks through twelve essential Linux security techniques—from console access restrictions and password aging to SSH hardening, Tripwire intrusion detection, firewalld and iptables configuration, compiler restrictions, immutable files, SELinux auditing, and more—providing concrete commands to fortify a system against evolving threats.
This article outlines the key characteristics of large‑scale websites and presents a comprehensive set of architectural goals, patterns, and techniques—including performance tuning, high availability, scalability, extensibility, security, and agile operations—to guide the design of robust, user‑centric online platforms.
This article examines the shortcomings of macOS's native kernel monitoring subsystems, details the design and implementation of the open‑source Kemon framework with inline hooks and pre/post callbacks, and showcases its practical applications and vulnerability discoveries presented at major security conferences.
