Skip to main content

Home/ Larvata/ Contents contributed and discussions participated by 張 旭

Contents contributed and discussions participated by 張 旭

Simple Middle Filter: All | Bookmarks | Topics
張 旭

HTTPS 升级指南 - 阮一峰的网络日志 - 0 views

www.ruanyifeng.com/...igrate-from-http-to-https.html

ssh security network https

shared by 張 旭 on 19 Jan 19 - No Cached
  • 域名认证(Domain Validation):最低级别认证,可以确认申请人拥有这个域名。
  • 公司认证(Company Validation):确认域名所有人是哪一家公司,证书里面会包含公司信息。
  • 扩展认证(Extended Validation):最高级别的认证,浏览器地址栏会显示公司名。
  • ...8 more annotations...
  • 多域名
  • 单域名
  • 通配符
  • 网站的响应头里面,加入一个强制性声明
  • Strict-Transport-Security: max-age=31536000; includeSubDomains
  • 确保浏览器只在使用 HTTPS 时,才发送Cookie。
  • Set-Cookie:
  • ; Secure
張 旭

SSL/TLS协议运行机制的概述 - 阮一峰的网络日志 - 0 views

www.ruanyifeng.com/...ssl_tls.html

ssh security server

shared by 張 旭 on 19 Jan 19 - No Cached
  • 客户端先向服务器端索要公钥,然后用公钥加密信息,服务器收到密文后,用自己的私钥解密。
  • 互联网加密通信协议的历史,几乎与互联网一样长。
  • 将公钥放在数字证书中。只要证书是可信的,公钥就是可信的。
  • ...20 more annotations...
  • 每一次对话(session),客户端和服务器端都生成一个"对话密钥"(session key),用它来加密信息。
  • "对话密钥"是对称加密,所以运算速度非常快
  • 服务器公钥只用于加密"对话密钥"本身,这样就减少了加密运算的消耗时间。
  • "对话密钥"
  • "握手阶段"(handshake)
  • 客户端向服务器端索要并验证公钥
  • "握手阶段"的所有通信都是明文的
  • 客户端发送的信息之中不包括服务器的域名。也就是说,理论上服务器只能包含一个网站,否则会分不清应该向客户端提供哪一个网站的数字证书。这就是为什么通常一台服务器只能有一张数字证书的原因。
  • 2006年,TLS协议加入了一个Server Name Indication扩展,允许客户端向服务器提供它所请求的域名。
  • "客户端证书"。比如,金融机构往往只允许认证客户连入自己的网络,就会向正式客户提供USB密钥,里面就包含了一张客户端证书。
  • 验证服务器证书。如果证书不是可信机构颁布、或者证书中的域名与实际域名不一致、或者证书已经过期,就会向访问者显示一个警告,由其选择是否还要继续通信。
  • 从证书中取出服务器的公钥
  • 随后的信息都将用双方商定的加密方法和密钥发送
  • 前面发送的所有内容的hash值,用来供服务器校验。
  • 随机数用服务器公钥加密
  • 整个握手阶段出现的第三个随机数,又称"pre-master key"。有了它以后,客户端和服务器就同时有了三个随机数,接着双方就用事先商定的加密方法,各自生成本次会话所用的同一把"会话密钥"。
  • 不管是客户端还是服务器,都需要随机数,这样生成的密钥才不会每次都一样。由于SSL协议中证书是静态的,因此十分有必要引入一种随机因素来保证协商出来的密钥的随机性。
  • 一个伪随机可能完全不随机,可是是三个伪随机就十分接近随机了,每增加一个自由度,随机性增加的可不是一。
  • 服务器收到客户端的第三个随机数pre-master key之后,计算生成本次会话所用的"会话密钥"。
  • 客户端与服务器进入加密通信,就完全是使用普通的HTTP协议,只不过用"会话密钥"加密内容。
  • 張 旭 on 19 Jan 19
     
    "客户端先向服务器端索要公钥,然后用公钥加密信息,服务器收到密文后,用自己的私钥解密。"
張 旭

Bash If Statements: Beginner to Advanced - DEV Community - 0 views

dev.to/...ents-beginner-to-advanced-25e6

bash shell programming

shared by 張 旭 on 18 Jan 19 - No Cached
  • "[" is a command. It's actually syntactic sugar for the built-in command test which checks and compares its arguments. The "]" is actually an argument to the [ command that tells it to stop checking for arguments!
  • why > and < get weird inside single square brackets -- Bash actually thinks you're trying to do an input or output redirect inside a command!
  • the [[ double square brackets ]] and (( double parens )) are not exactly commands. They're actually Bash language keywords, which is what makes them behave a little more predictably.
  • ...8 more annotations...
  • The [[ double square brackets ]] work essentially the same as [ single square brackets ], albeit with some more superpowers like more powerful regex support.
  • The (( double parentheses )) are actually a construct that allow arithmetic inside Bash.
  • If the results inside are zero, it returns an exit code of 1. (Essentially, zero is "falsey.")
  • the greater and less-than symbols work just fine inside arithmetic parens.
  • exit code 0 for success.
  • exit code 1 for failure.
  • If the regex works out, the return code of the double square brackets is 0, and thus the function returns 0. If not, everything returns 1. This is a really great way to name regexes.
  • the stuff immediately after the if can be any command in the whole wide world, as long as it provides an exit code, which is pretty much always.
  • 張 旭 on 18 Jan 19
     
    ""[" is a command. It's actually syntactic sugar for the built-in command test which checks and compares its arguments. The "]" is actually an argument to the [ command that tells it to stop checking for arguments!"
張 旭

Storing Sessions in a Database, by Chris Shiflett - 0 views

shiflett.org/...storing-sessions-in-a-database

php session database

shared by 張 旭 on 14 Jan 19 - Cached
  • to store sessions in a database rather than the filesystem
  • server affinity (methods that direct requests from the same client to the same server)
  • store sessions in a central database that is common to all servers
  • ...6 more annotations...
  • security concerns
  • PHP provides a function that lets you override the default session mechanism by specifying the names of your own functions for taking care of the distinct tasks
  • The handler PHP uses to handle data serialization is defined by the session.serialize_handler configuration directive. It is set to php by default.
  • REPLACE
  • REPLACE, which behaves exactly like INSERT, except that it handles cases where a record already exists with the same session identifier by first deleting that record.
  • the _write() function keeps the timestamp of the last access in the access column for each record, this can be used to determine which records to delete.
張 旭

The Twelve-Factor App - 0 views

12factor.net/config

development programming system software

shared by 張 旭 on 01 Jan 19 - No Cached
  • An app’s config is everything that is likely to vary between deploys (staging, production, developer environments, etc)
  • Resource handles
  • Credentials
  • ...8 more annotations...
  • Per-deploy values
  • trict separation of config from code.
  • Config varies substantially across deploys, code does not.
  • he codebase could be made open source at any moment, without compromising any credentials.
  • “config” does not include internal application config
  • stores config in environment variables (often shortened to env vars or env).
  • env vars are granular controls, each fully orthogonal to other env vars
  • They are never grouped together as “environments”
張 旭

The Twelve-Factor App - 0 views

12factor.net/dependencies

development programming system software

shared by 張 旭 on 01 Jan 19 - No Cached
  • Libraries installed through a packaging system can be installed system-wide (known as “site packages”) or scoped into the directory containing the app (known as “vendoring” or “bundling”).
  • A twelve-factor app never relies on implicit existence of system-wide packages.
  • declares all dependencies, completely and exactly, via a dependency declaration manifest.
  • ...8 more annotations...
  • The full and explicit dependency specification is applied uniformly to both production and development.
  • Bundler for Ruby offers the Gemfile manifest format for dependency declaration and bundle exec for dependency isolation.
  • Pip is used for declaration and Virtualenv for isolation.
  • No matter what the toolchain, dependency declaration and isolation must always be used together
  • requiring only the language runtime and dependency manager installed as prerequisites.
  • set up everything needed to run the app’s code with a deterministic build command.
  • If the app needs to shell out to a system tool, that tool should be vendored into the app.
  • do not rely on the implicit existence of any system tools
張 旭

The Twelve-Factor App - 0 views

12factor.net/codebase

development programming system software

shared by 張 旭 on 01 Jan 19 - No Cached
  • A copy of the revision tracking database is known as a code repository, often shortened to code repo or just repo.
  • always a one-to-one correlation between the codebase and the app
  • If there are multiple codebases, it’s not an app – it’s a distributed system.
  • ...4 more annotations...
  • Each component in a distributed system is an app
  • only one codebase per app, but there will be many deploys of the app.
  • A deploy is a running instance of the app.
  • The codebase is the same across all deploys, although different versions may be active in each deploy.
  • 張 旭 on 01 Jan 19
     
    "A copy of the revision tracking database is known as a code repository, often shortened to code repo or just repo."
張 旭

The Twelve-Factor App - 0 views

12factor.net

development software web

shared by 張 旭 on 01 Jan 19 - No Cached
  • software is commonly delivered as a service: called web apps, or software-as-a-service.
  • Use declarative formats for setup automation
  • offering maximum portability between execution environments
  • ...18 more annotations...
  • obviating the need for servers and systems administration
  • Minimize divergence between development and production
  • scale up without significant changes to tooling, architecture, or development practices
  • Ops engineers who deploy or manage such applications.
  • developer building applications which run as a service
  • One codebase
  • many deploys
  • in the environment
  • services as attached resources
  • Explicitly declare
  • separate build and run stages
  • stateless processes
  • Export services via port binding
  • Scale out
  • fast startup and graceful shutdown
  • as similar as possible
  • logs as event streams
  • admin/management tasks as one-off processes
  • 張 旭 on 01 Jan 19
     
    "software is commonly delivered as a service: called web apps, or software-as-a-service"
張 旭

A Clear, Concise & Comfy Code Review Checklist - DEV Community - 0 views

dev.to/...code-review-checklist-14ke

programming code development

shared by 張 旭 on 29 Dec 18 - No Cached
  • 2 blocks doing similar things might be allowable, but 3 or more is a definitive red cross from me!
  • This would ultimately be integrated into your CI/CD pipelines running on each build/commit/deploy too; stopping any rogue commits getting in.
  • not to say that every code block that is duplicated needs to be refactored
  • ...13 more annotations...
  • Refactoring is a cyclical process
  • Before accessing variables within objects and collections make sure they are there! PLEASE!
  • If that variable is a constant or won't be changed then use the Const keyword in applicable languages and the CAPITALISATION convention to let users aware of your decisions about them.
  • The name of a method is more important than we give it credit for, when a method changes so should its name.
  • Make sure you are returning the right thing, trying to make it as generic as possible.
  • Void should do something, not change something!
  • Private vs Public, this is a big topic
  • keeping an eye of the access level of a method can stop issues further down the line
  • Gherkin is a Business Readable, Domain Specific Language created especially for behavior descriptions.
  • specify the 3 main points of a test, including what you expect to happen using the following keywords GIVEN,  WHEN / AND , THEN.
  • look at how the code is structured, make sure methods aren't too long, don't have too many branches, and that for and if statements could be simplified.
  • Use your initiative and discuss if a rewrite would benefit maintainability for the future.
  • it's unnecessary to leave commented code when working in and around areas with them.
張 旭

跳出运维,才能做好运维(凤凰项目)书评 - 0 views

book.douban.com/9346219

devops system

shared by 張 旭 on 29 Dec 18 - No Cached
  • 1. 业务项目:这些通常是公司业务部门,比如产品研发部门或销售部门所提出的需求,比如新产品发布上线、为客户做实施、双十一这种大促活动的规划等等。这些工作通常具有一定的系统性,需要部门间通力合作。2. 内部项目:运维部门内部围绕业务项目所实施的一些列基础设施研发,部署自动化、多环境构建、持续交付、监控报警等等。3. 变更:根据其它部门申请,对运维组件进行变更操作,相对于业务项目,变更通常都会比较零散,比如加权限、开端口、开机器等等。对于变更,我们要维护好操作记录,做到有迹可寻。4. 计划外的工作:无法预料的问题处理,即“救火”。
  • 计划外的工作越多,就会占用其它三种工作的时间,导致其它三种工作大量积累。
  • 运维内部的基础建设跟不上,无法从根上去思考和解决计划外的工作,就会造成一种恶性循环,做不完的工作越堆越多(书中喜欢叫这玩意儿"半成品")直至让人崩溃。
  • ...4 more annotations...
  • 一些周期性的工作对于运维其实也是非常重要的,比如对组件进行周期性的巡检、压测、像ChaosMonkey那样对分布式系统进行随机破坏、灾难演习、备份演习等等。不过这些也可以归结在内部项目之中
  • 流水线可视化了后,除了解决掉瓶颈节点,其它的诸如任务优先级、任务的依赖关系、每批次解决的任务数量,也都会显示出来并得到解决。
  • 反馈和朔源。我们需要知道每种任务流水线的每个环节的执行情况,效率、质量,然后与该环节相关的部门一起去探讨和优化改进的措施,比如部署时间过长,那么就要与开发团队一起优化打包流程和部署所依赖的中间件架构;线上故障太多,那么就需要联合开发和QA部门一道,去审视这些故障所爆发的源头,定制解决方案,等等
  • 第三步,就需要建立一种文化机制,努力把这种工作方式延续下去,做到持续改进,越来越好!
張 旭

从《凤凰项目》谈一谈"业务IT一体化" - 知乎 - 0 views

zhuanlan.zhihu.com/27662792

devops system

shared by 張 旭 on 29 Dec 18 - No Cached
  • IT能多大程度上参与到业务系统中去帮助到业务部门,甚至影响到业务部门,你的价值就有多大。这项工作列为紧急并且重要
  • “IT内部的项目”,有一些IT部门很热衷做这方面的项目,在我看来部分的原因是因为做这些东西相对来说是IT比较好玩或者擅长的。
  • 重要但不紧急的工作,例如认真地研究和建立devops的基础环境。
  • ...11 more annotations...
  • 但变更虽然不可避免,我个人觉得应该尽可能减少(至少做到可预测),并且将变更流程自动化。
  • 最容易被人忽视的是“计划外工作”,它偷走了我们的时间。这就等于我们经常在讲的那些紧急但不重要,或者那些不紧急也不重要的事情。
  • 约束管理( Theory Of Constrain )理论
  • 他太厉害,所以不屑于写文档;他太重要,所以可以随心所欲地改东西而不走流程;他太忙,所以很多事情都要排队等他的时间来做。
  • 需要布伦特这样的人才,只是说布伦特成为了团队的约束点,怎么利用好他成为工作成败的关键(建立一些好的机制,确保他们能够更好地工作,而不是在一些低价值的内容上),而怎么帮助他提高到一个新的水平(或者培养更多的布伦特)才是长治久安的方法。
  • “业务IT一体化”与传统的模式有一个根本的区别,就是大量地使用了自动化的技术,减少中间环节。
  • IT部门内部开发、测试、运维、安全等环节的信任
  • 第一步,从产品构想、设计、开发、测试、运维到客户,这个正向的工作流,一定要理顺
  • 第二步,从客户往回推,如何建立一个健康和高效的反馈流。这里我总结为快速试错和迭代
  • 第三步,我觉得是讲到点子上了—— 业务IT一体化当然是好啊,但流程再合理,工具再强大,领导再重视,如果没有一个所有员工都认同的企业文化来做支撑,都将流于形式。没有信任来谈创新,终究是扯淡。
  • 各部门只关注自己的小目标,以自己干了多少事为荣,而不管这些事到底对于整个公司的目标实现意味着什么。
張 旭

153 ☞ Sourcing a shell script in Make - 0 views

blog.153.io/...source-a-shell-script-in-make

makefile programming shell script

shared by 張 旭 on 24 Dec 18 - No Cached
  • Make runs its commands in a subshell, so the variables exported by source aren’t available to other commands.
  • Make and Bash have awfully similar syntaces for setting variables
  • Make doesn’t parse quotes
  • ...2 more annotations...
  • needs to run before any target
  • If there’s a target for makefile, and its prerequisites are new, the target will run before anything, because the makefile might change.
張 旭

Makefiles - Best practices and suggestions | MDN - 0 views

developer.mozilla.org/...Best_practices_and_suggestions

linux makefile programming development

shared by 張 旭 on 24 Dec 18 - No Cached
  • hardcoded values - avoid them like the plague
  • For classes of hardware (unix/windows) place your makefile in a subdirectory, unix/Makefile.in
  • Initial make call should always be the workhorse: build, generate, deploy, install, etc.
  • ...6 more annotations...
  • All subsequent make calls must become a NOP unless sources or dependencies change or have been removed.
    • 張 旭
      張 旭 on 24 Dec 18
       
      No Operation 或 No Operation Performed 的縮寫,意為無操作
    • 張 旭
      張 旭 on 24 Dec 18
  • Do not use directories as a dependency for generated targets, ever.
  • Parallel make: add an explicit timestamp dependency (.done) that make can synchronize threaded calls on to avoid a race condition.
  • Maintain clean targets - makefiles should be able to remove all content that is generated so "make clean" will return the sandbox/directory back to a clean state.
  • Wrapper check/unit tests with a ENABLE_TESTS conditional
張 旭

pre-commit - 0 views

pre-commit.com

programming code development

shared by 張 旭 on 21 Dec 18 - No Cached
  • a multi-language package manager for pre-commit hooks
  • pre-commit is specifically designed to not require root access
  • We copied and pasted unwieldy bash scripts from project to project and had to manually change the hooks to work for different project structures.
  • ...3 more annotations...
  • adding pre-commit plugins to your project is done with the .pre-commit-config.yaml configuration file.
  • The pre-commit config file describes what repositories and hooks are installed.
  • This configuration says to download the pre-commit-hooks project and run its trailing-whitespace hook
  • 張 旭 on 21 Dec 18
     
    "a multi-language package manager for pre-commit hooks"
張 旭

GNU make: Special Variables - 0 views

www.gnu.org/...Special-Variables.html

linux makefile programming

shared by 張 旭 on 20 Dec 18 - No Cached
  • include inc.mk
  • .DEFAULT_GOAL
  • assigning more than one target name to .DEFAULT_GOAL is invalid and will result in an error.
  • ...6 more annotations...
  • If the variable is empty (as it is by default) that character is the standard tab character.
  • “else if” non-nested conditionals
  • .ONESHELL special target
  • target-specific and pattern-specific
  • “shortest stem” method of choosing which pattern
  • make searches for included makefiles (see Including Other Makefiles)
張 旭

迷途工程師: Makefile的賦值運算符(=, :=, +=, ?=) - 0 views

dannysun-unknown.blogspot.com/...makefile.html

linux makefile programming

shared by 張 旭 on 20 Dec 18 - No Cached
  • = 是最基本的賦值 := 會覆蓋變數之前的值 ?= 變數為空時才給值,不然則維持之前的值 += 將值附加到變數的後面
  • = 在執行時擴展(values within it are recursively expanded when the variable is used, not when it's declared) := 在定義時擴展(values within it are expanded at declaration time)
  • 張 旭 on 20 Dec 18
     
    "= 是最基本的賦值 := 會覆蓋變數之前的值 ?= 變數為空時才給值,不然則維持之前的值 += 將值附加到變數的後面 "
« First ‹ Previous 281 - 300 of 596 Next › Last »
Showing 20 items per page