Skip to main content

Home/ Larvata/ Group items tagged HTTP

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
張 旭

chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables - 0 views

github.com/ufw-docker

iptables docker

shared by 張 旭 on 13 Jul 22 - No Cached
  • It requires to disable docker's iptables function first, but this also means that we give up docker's network management function.
  • This causes containers will not be able to access the external network.
  • such as -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE. But this only allows containers that belong to network 172.17.0.0/16 can access outside.
  • ...13 more annotations...
  • Don't need to disable Docker's iptables and let Docker to manage it's network.
  • The public network cannot access ports that published by Docker.
  • In a very convenient way to allow/deny public networks to access container ports without additional software and extra configurations
  • Enable Docker's iptables feature. Remove all changes like --iptables=false , including configuration file /etc/docker/daemon.json
  • Modify the UFW configuration file /etc/ufw/after.rules
  • There may be some unknown reasons cause the UFW rules will not take effect after restart UFW, please reboot servers.
  • If we publish a port by using option -p 8080:80, we should use the container port 80, not the host port 8080
  • allow the private networks to be able to visit each other.
  • The following rules block connection requests initiated by all public networks, but allow internal networks to access external networks.
  • Since the UDP protocol is stateless, it is not possible to block the handshake signal that initiates the connection request as TCP does.
  • For GNU/Linux we can find the local port range in the file /proc/sys/net/ipv4/ip_local_port_range. The default range is 32768 60999
  • It not only exposes ports of containers but also exposes ports of the host.
  • Cannot expose services running on hosts and containers at the same time by the same command.
  • 張 旭 on 13 Jul 22
     
    "It requires to disable docker's iptables function first, but this also means that we give up docker's network management function."
張 旭

Monorepo Explained - 0 views

monorepo.tools

code repository

shared by 張 旭 on 20 Jul 22 - No Cached
張 旭

Choose when to run jobs | GitLab - 0 views

docs.gitlab.com/...job_control.html

gitlab devops cicd

shared by 張 旭 on 28 Dec 21 - No Cached
  • Rules are evaluated in order until the first match.
  • no rules match, so the job is not added to any other pipeline.
  • define a set of rules to exclude jobs in a few cases, but run them in all other cases
  • ...32 more annotations...
  • use all rules keywords, like if, changes, and exists, in the same rule. The rule evaluates to true only when all included keywords evaluate to true.
  • use parentheses with && and || to build more complicated variable expressions.
  • Use workflow to specify which types of pipelines can run.
  • every push to an open merge request’s source branch causes duplicated pipelines.
  • avoid duplicate pipelines by changing the job rules to avoid either push (branch) pipelines or merge request pipelines.
  • do not mix only/except jobs with rules jobs in the same pipeline.
  • For behavior similar to the only/except keywords, you can check the value of the $CI_PIPELINE_SOURCE variable
  • commonly used variables for if clauses
  • rules:changes expressions to determine when to add jobs to a pipeline
  • Use !reference tags to reuse rules in different jobs.
  • Use except to define when a job does not run.
  • only or except used without refs is the same as only:refs / except/refs
  • If you change multiple files, but only one file ends in .md, the build job is still skipped.
  • If you use multiple keywords with only or except, the keywords are evaluated as a single conjoined expression.
  • only includes the job if all of the keys have at least one condition that matches.
  • except excludes the job if any of the keys have at least one condition that matches.
  • With only, individual keys are logically joined by an AND
  • With except, individual keys are logically joined by an OR
  • To specify a job as manual, add when: manual to the job in the .gitlab-ci.yml file.
  • Use protected environments to define a list of users authorized to run a manual job.
  • Use when: delayed to execute scripts after a waiting period, or if you want to avoid jobs immediately entering the pending state.
  • To split a large job into multiple smaller jobs that run in parallel, use the parallel keyword
  • run a trigger job multiple times in parallel in a single pipeline, but with different variable values for each instance of the job.
  • The @ symbol denotes the beginning of a ref’s repository path. To match a ref name that contains the @ character in a regular expression, you must use the hex character code match \x40.
  • Compare a variable to a string
  • Check if a variable is undefined
  • Check if a variable is empty
  • Check if a variable exists
  • Check if a variable is empty
  • Matches are found when using =~.
  • Matches are not found when using !~.
  • Join variable expressions together with && or ||
  • 張 旭 on 28 Dec 21
     
    "Rules are evaluated in order until the first match."
張 旭

3. Hello, world! - Err 9.9.9 documentation - 0 views

errbot.readthedocs.io/...basics.html

chatops

shared by 張 旭 on 18 Feb 22 - No Cached
  • The first is a Message object, which represents the full message object received by Errbot.
  • The second is a string (or a list, if using the split_args_with parameter of botcmd()) with the arguments passed to the command.
  • args would be the string “Mister Errbot”.
  • ...6 more annotations...
  • If you return None, Errbot will not respond with any kind of message when executing the command.
  • a file that ends with the extension .plug and it is used by Errbot to identify and load plugins.
  • The key Module should point to a module that Python can find and import.
  • The key Name should be identical to the name you gave to the class in your plugin file
  • The presence of __init__.py indicates lib is a Python regular package.
  • the !status command,
張 旭

Language Server Protocol - Wikipedia - 0 views

en.wikipedia.org/...Language_Server_Protocol

vim programming

shared by 張 旭 on 28 Jan 22 - No Cached
  • Modern IDEs provide developers with sophisticated features like code completion, refactoring, navigating to a symbol's definition, syntax highlighting, and error and warning markers.
  • an IDE needs a sophisticated understanding of the programming language that the program's source is written in.
  • Conventional compilers or interpreters for a specific programming language are typically unable to provide these language services, because they are written with the goal of either transforming the source code into object code or immediately executing the code.
  • ...5 more annotations...
  • Prior to the design and implementation of the Language Server Protocol for the development of Visual Studio Code, most language services were generally tied to a given IDE or other editor.
  • The Language Server Protocol allows for decoupling language services from the editor so that the services may be contained within a general purpose language server.
  • LSP is not restricted to programming languages. It can be used for any kind of text-based language, like specifications[7] or domain-specific languages (DSL).
  • When a user edits one or more source code files using a language server protocol-enabled tool, the tool acts as a client that consumes the language services provided by a language server.
  • The protocol does not make any provisions about how requests, responses and notifications are transferred between client and server.
張 旭

20 年軟體工程生涯所學到的 20 件事 (摘譯) - Ant ATField - 0 views

blog.gcos.me/...0-years-as-a-software-engineer

architecture programming

shared by 張 旭 on 04 Jun 22 - No Cached
  • 你永遠無法償還所有的技術債、你永遠無法設計出完美的界面、你的測試總是太慢。
  • 這不是一個不把事情做得更好的藉口,而是給你一個視角,不要擔心優雅和完美
  • 有新團隊成員要加入?注意他們在哪裡感到困惑,以及他們問了什麼問題。
  • ...14 more annotations...
  • 軟體是達到目標的手段,而不是目標本身。目標是定向的,但手段要可隨時變通。
  • 不需要維護的程式
  • 10 倍工程師是愚蠢神話。有人能在 1 天內完成另一個有能力、努力工作、有類似經驗的工程師在 2 週內完成的工作,這種想法很愚蠢。
  • 。一個人能夠成為 10 倍工程師的唯一方法,是你把他們和 0.1x 的工程師相比。
  • between a senior engineer and a junior engineer is that they’ve formed opinions about the way things should be
  • 沒有什麼比一個對自己的工具或如何建構軟體沒有意見的資深工程師更讓我擔心了。
  • 如果你正在使用你的工具,而你對它們不愛也不恨,那麼你需要去體驗更多。
  • 你的資料可能會比你的程式長壽。花點精力保持秩序和乾淨
  • 存活下來的老技術是鯊魚,不是恐龍。
  • 軟體工程師應該定期撰寫部落格、日記、文件,總之做任何需要他們保持書面溝通能力之事。
  • 如果你把一個人從他們的工作成果中抽離,他們就會對他們的工作不那麼關心。這也是跨職能團隊運作良好的主要原因,也是 DevOps 變得如此流行的原因。從頭到尾擁有整個過程,並直接負責交付價值。讓一群充滿熱情的人對設計、建構和交付一個軟體 (或任何東西) 擁有完全的自主,這終將發生令人驚奇之事。
  • 面試最好是用來瞭解某人是誰,以及他們對某一專業領域的興趣如何。嘗試找出他們會成為多好的團隊成員是一個沒有結果的努力。
  • 你在建構一個系統的過程中會學到很多東西,你最終會迭代成一個比你當初設計的更好的系統。
  • stop sharpening the saw, and just start cutting shit
張 旭

kube-proxy | Kubernetes - 0 views

kubernetes.io/...kube-proxy

kubernetes networking

shared by 張 旭 on 09 Jun 22 - No Cached
  • The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends.
  • Service cluster IPs and ports are currently found through Docker-links-compatible environment variables specifying ports opened by the service proxy.
  • 張 旭 on 09 Jun 22
     
    "The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends."
張 旭

architecture - Difference between a "coroutine" and a "thread"? - Stack Overflow - 0 views

stackoverflow.com/...tween-a-coroutine-and-a-thread

programming

shared by 張 旭 on 09 Jun 22 - No Cached
  • Co stands for cooperation. A co routine is asked to (or better expected to) willingly suspend its execution to give other co-routines a chance to execute too. So a co-routine is about sharing CPU resources (willingly) so others can use the same resource as oneself is using.
  • A thread on the other hand does not need to suspend its execution. Being suspended is completely transparent to the thread and the thread is forced by underlying hardware to suspend itself.
  • co-routines can not be concurrently executed and race conditions can not occur.
  • ...8 more annotations...
  • Concurrency is the separation of tasks to provide interleaved execution.
  • Parallelism is the simultaneous execution of multiple pieces of work in order to increase speed.
  • With threads, the operating system switches running threads preemptively according to its scheduler, which is an algorithm in the operating system kernel.
  • With coroutines, the programmer and programming language determine when to switch coroutines
  • In contrast to threads, which are pre-emptively scheduled by the operating system, coroutine switches are cooperative, meaning the programmer (and possibly the programming language and its runtime) controls when a switch will happen.
  • preemption
  • Coroutines are a form of sequential processing: only one is executing at any given time
  • Threads are (at least conceptually) a form of concurrent processing: multiple threads may be executing at any given time.
  • 張 旭 on 09 Jun 22
     
    "Co stands for cooperation. A co routine is asked to (or better expected to) willingly suspend its execution to give other co-routines a chance to execute too. So a co-routine is about sharing CPU resources (willingly) so others can use the same resource as oneself is using."
張 旭

GoJS - 0 views

gojs.net/latest

architecture

shared by 張 旭 on 20 May 22 - No Cached
張 旭

The package-lock.json file - 0 views

nodejs.dev/...the-package-lock-json-file

nodejs

shared by 張 旭 on 22 May 22 - No Cached
  • You don't commit to Git your node_modules folder, which is generally huge, and when you try to replicate the project on another machine by using the npm install command,
  • Even if a patch or minor release should not introduce breaking changes
  • The package-lock.json sets your currently installed version of each package in stone, and npm will use those exact versions when running npm ci
  • ...1 more annotation...
  • The package-lock.json file needs to be committed to your Git repository
  • 張 旭 on 22 May 22
     
    "You don't commit to Git your node_modules folder, which is generally huge, and when you try to replicate the project on another machine by using the npm install command,"
張 旭

Cloudflare outage on June 21, 2022 - 0 views

blog.cloudflare.com/udflare-outage-on-june-21-2022

networking network

shared by 張 旭 on 22 Jun 22 - No Cached
  • This mesh allows us to easily disable and enable parts of the internal network in a data center for maintenance or to deal with a problem.
  • As part of this protocol, operators define policies which decide which prefixes (a collection of adjacent IP addresses) are advertised to peers (the other networks they connect to), or accepted from peers.
張 旭

Kubernetes YAML Generator - 0 views

k8syaml.com

kubernetes

shared by 張 旭 on 24 Mar 22 - No Cached
« First ‹ Previous 1401 - 1420 of 1420
Showing 20 items per page