Tagged articles

2177 articles

Page 14 of 22

Apr 27, 2022 · Fundamentals

Understanding the ShadowRealm API: Isolated JavaScript Realms and Their Usage

The article introduces the ShadowRealm API, a new JavaScript proposal that creates highly isolated execution realms, explains its type signatures, demonstrates .evaluate() and .importValue() methods with code examples, compares it to eval, Function, iframes, Web Workers, and Node.js vm, and outlines practical use cases such as plugin execution, testing, and web scraping.

JavaScriptShadowRealmWeb API

0 likes · 9 min read

Understanding the ShadowRealm API: Isolated JavaScript Realms and Their Usage

ITPUB

Apr 24, 2022 · Operations

What Happens When You Run These Dangerous Linux Commands?

This article explains several Linux commands—such as rm -rf, fork bombs, direct writes to block devices, and malicious script execution—that can irreversibly damage systems, detailing their effects, typical usage examples, and essential precautions to avoid catastrophic data loss.

LinuxSystem Administrationdangerous-commands

0 likes · 5 min read

What Happens When You Run These Dangerous Linux Commands?

Yunxuetang Frontend Team

Apr 24, 2022 · Frontend Development

Exploring Modern Front‑End Technologies and Security Practices

This article surveys a range of front‑end topics—including alternative web‑framework solutions, the rise of pnpm, JavaScript stack memory, TypeScript overloads, integrating Golang with Node.js, innovative development approaches, and essential network security insights—providing concise technical overviews and references.

FrontendJavaScriptTypeScript

0 likes · 4 min read

Exploring Modern Front‑End Technologies and Security Practices

Architecture Digest

Apr 24, 2022 · Operations

Comprehensive Checklist for Deploying Web Services on Kubernetes in Production

This article presents a detailed checklist covering general information, application requirements, security and compliance, CI/CD practices, Kubernetes configuration, monitoring, testing, and 24/7 service team readiness to ensure reliable production deployment of HTTP‑based web services on Kubernetes.

ci/cdkubernetesproduction deployment

0 likes · 10 min read

Comprehensive Checklist for Deploying Web Services on Kubernetes in Production

Liangxu Linux

Apr 23, 2022 · Information Security

How to Generate Strong Linux Passwords and Verify Their Strength

This tutorial explains how to create complex, high‑entropy passwords on Linux using GPG or OpenSSL, optionally filter out special characters with sed, and then assess password strength with the cracklib‑check tool on CentOS 8, illustrating both weak and strong examples.

GPGOpenSSLcracklib

0 likes · 4 min read

How to Generate Strong Linux Passwords and Verify Their Strength

Java High-Performance Architecture

Apr 19, 2022 · Fundamentals

What’s New in IntelliJ IDEA 2022.1? Explore the Latest IDE Features

IntelliJ IDEA 2022.1 introduces a Dependency Analyzer for conflict resolution, an enhanced New Project wizard, a dedicated Notifications tool window, extensive language and framework support—including Java 18, Kotlin 1.6.20, Go microservices, Kubernetes, and improved security scanning—plus numerous usability upgrades such as uniform tab splitting, UML export formats, and a Gradle progress bar.

Dependency AnalyzerIDE FeaturesIntelliJ IDEA

0 likes · 9 min read

What’s New in IntelliJ IDEA 2022.1? Explore the Latest IDE Features

Continuous Delivery 2.0

Apr 19, 2022 · Fundamentals

Fifteen Guidelines for Ensuring a Healthy Software Supply Chain – Dependency Management (Part 2)

This article presents fifteen practical guidelines for managing software dependencies, covering pre‑inclusion checks such as design review, code quality, testing, security, licensing, and transitive dependencies, as well as post‑use practices like encapsulation, isolation, update strategies, and continuous monitoring to maintain a secure and reliable supply chain.

Risk Assessmentdependency managementsecurity

0 likes · 19 min read

Fifteen Guidelines for Ensuring a Healthy Software Supply Chain – Dependency Management (Part 2)

MaGe Linux Operations

Apr 17, 2022 · Cloud Native

How to Secure Kubernetes Secrets with Bitnami Sealed Secrets

Learn how to protect sensitive data in Kubernetes by encrypting secrets, using Bitnami Sealed Secrets or external secret managers, and safely storing encrypted manifests in Git, with step‑by‑step commands for installing kubeseal, creating sealed secrets, and deploying them as Kubernetes Secrets.

SealedSecretskubernetessecrets

0 likes · 9 min read

How to Secure Kubernetes Secrets with Bitnami Sealed Secrets

Liangxu Linux

Apr 17, 2022 · Artificial Intelligence

Can GitHub Copilot Replace Programmers? A Critical Look at AI Coding Assistants

This article examines GitHub Copilot’s code‑completion, comment‑driven generation, and repetitive‑task automation features, evaluates its accuracy and security concerns, and argues that while it can streamline mundane coding, it will not replace skilled programmers.

AI coding assistantGitHub Copilotcode generation

0 likes · 8 min read

Can GitHub Copilot Replace Programmers? A Critical Look at AI Coding Assistants

Cloud Native Technology Community

Apr 14, 2022 · Information Security

Navigating Cloud‑Native Security: Six Critical Risks and DevSecOps Solutions

The article examines how rapid cloud‑native adoption reshapes application design and operations while introducing six distinct security risks, and proposes a comprehensive DevSecOps framework that integrates early‑stage security controls across infrastructure, compute, development, and management to protect modern containerized environments.

ContainerDevSecOpsRisk Assessment

0 likes · 13 min read

Navigating Cloud‑Native Security: Six Critical Risks and DevSecOps Solutions

IT Services Circle

Apr 14, 2022 · Frontend Development

Understanding the ShadowRealm API: Isolated JavaScript Execution Environments

This article introduces the ShadowRealm API, a new JavaScript proposal that creates independent, highly isolated realms for executing code, explains its type signatures, demonstrates .evaluate() and .importValue() methods with practical examples, and compares it with eval, Web Workers, iframes, and Node.js vm.

JavaScriptRuntimeShadowRealm

0 likes · 10 min read

Understanding the ShadowRealm API: Isolated JavaScript Execution Environments

Top Architect

Apr 12, 2022 · Databases

Key New Features and Changes in Elasticsearch 8.0 Release

Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with registration tokens, system index protection, a preview KNN search API using dense_vector, storage‑saving field mappings, faster geo indexing, PyTorch model support, and numerous deprecations and configuration changes across aggregations, allocation, analysis, authentication, and core infrastructure.

ElasticsearchRelease Notessearch engine

0 likes · 9 min read

Key New Features and Changes in Elasticsearch 8.0 Release

58 Tech

Apr 12, 2022 · Mobile Development

Fair 2.0: Complete Integration and Usage Guide for Flutter Projects

This article provides a step‑by‑step tutorial on integrating the Fair 2.0 dynamic framework into Flutter applications, covering dependency setup, widget conversion, bundle generation, runtime loading, parameter passing, navigation, plugin bridging, performance evaluation, update strategies, security checks, and practical lessons learned from its deployment in the 58 拍客 app.

Hot UpdateMobile Developmentperformance

0 likes · 12 min read

Fair 2.0: Complete Integration and Usage Guide for Flutter Projects

MaGe Linux Operations

Apr 11, 2022 · Fundamentals

Mastering DNS: From Basics to Advanced Configuration and Security

This comprehensive guide explains the DNS system, its distributed architecture, protocol nuances, hierarchical naming structure, resolution process, caching, smart routing, BIND configuration, load balancing, subdomain delegation, debugging tools, and security considerations such as amplification attacks.

BINDDNSDomain Name System

0 likes · 19 min read

Mastering DNS: From Basics to Advanced Configuration and Security

IT Services Circle

Apr 9, 2022 · Information Security

How to Identify and Avoid Fake Chrome Browser Downloads

The article explains how counterfeit Chrome browsers proliferate in China, how search engine ads and misleading download pages trick users into installing malicious software, and provides a reliable method to obtain the genuine offline Chrome installer to protect against these security threats.

ChromeDownload SafetyFake Browser

0 likes · 6 min read

How to Identify and Avoid Fake Chrome Browser Downloads

Top Architect

Apr 6, 2022 · Information Security

Understanding JWT (JSON Web Token): Definition, Mechanism, Structure, and SSO Applications

This article explains what JSON Web Token (JWT) is, its underlying mechanism and data structure, compares it with traditional session authentication, and demonstrates how JWT can be used for cross‑domain single sign‑on, access/refresh token handling, and secure API authentication.

AuthenticationJWTSSO

0 likes · 11 min read

Understanding JWT (JSON Web Token): Definition, Mechanism, Structure, and SSO Applications

Top Architect

Apr 5, 2022 · Information Security

Understanding JSON Web Token (JWT): Structure, Creation, and Signature

This article explains the lightweight JWT specification, demonstrates how to build a token with header, payload, and signature using Base64 encoding and Node.js, and discusses its security properties, verification process, and suitable use cases for web authentication.

AuthenticationBase64JWT

0 likes · 9 min read

Understanding JSON Web Token (JWT): Structure, Creation, and Signature

Programmer DD

Mar 31, 2022 · Backend Development

What’s the Real Impact of Spring Framework RCE CVE‑2022‑22965 and How to Fix It?

This article explains the officially announced Spring Framework remote code execution vulnerability CVE‑2022‑22965, outlines the affected environments, provides upgrade paths for Spring and Spring Boot, and shares safe code‑based mitigation techniques for developers.

BackendCVE-2022-22965Java

0 likes · 8 min read

What’s the Real Impact of Spring Framework RCE CVE‑2022‑22965 and How to Fix It?

Java Architecture Diary

Mar 31, 2022 · Information Security

How to Mitigate the Unpublished Spring Framework RCE Vulnerability in JDK 9+ Environments

This article explains the newly disclosed Spring Framework remote code execution flaw affecting JDK 9+ Spring MVC/WebFlux applications deployed as WARs on Apache Tomcat, outlines the affected conditions, current patch status, and provides code‑level workarounds for safe remediation.

JavaRCESpring Framework

0 likes · 6 min read

How to Mitigate the Unpublished Spring Framework RCE Vulnerability in JDK 9+ Environments

Open Source Linux

Mar 31, 2022 · Information Security

Misconfigured Kubelet Triggered Crypto‑Mining Breach – Secure Your Cluster Now

A Kubernetes node was compromised for Monero mining due to empty iptables, an exposed kubelet API, and a mis‑commented configuration, prompting a detailed post‑mortem and practical hardening steps to prevent similar attacks.

Incident Responsecrypto miningfirewall

0 likes · 5 min read

Misconfigured Kubelet Triggered Crypto‑Mining Breach – Secure Your Cluster Now

MaGe Linux Operations

Mar 30, 2022 · Operations

9 Compelling Reasons Developers Choose Linux Over Other OSes

This article outlines nine key reasons why developers favor Linux—ranging from its powerful command line and strong security to low resource usage, privacy protection, free licensing, and extensive community support—making it a reliable, developer‑friendly operating system for desktops, servers, and embedded devices.

Developer ToolsLinuxperformance

0 likes · 7 min read

9 Compelling Reasons Developers Choose Linux Over Other OSes

21CTO

Mar 28, 2022 · Backend Development

What Java Trends Will Shape 2022? From LTS Migration to Cloud and Security

This article examines the major Java trends for 2022, including the push to migrate from Java 8 to newer LTS releases, improved cloud and container support, multi‑platform advancements, security lessons from Log4Shell, and upcoming features in Java 18.

JavaLTSMigration

0 likes · 10 min read

What Java Trends Will Shape 2022? From LTS Migration to Cloud and Security

ITPUB

Mar 28, 2022 · Fundamentals

What’s New in Windows 11 Sun Valley 2 (22H2) – Key UI and Security Updates

Microsoft’s upcoming Windows 11 Sun Valley 2 (22H2) update, codenamed SV2, brings a series of refined UI changes such as a revamped Alt+Tab, File Explorer tabs, new personalization options, plus security enhancements like Smart App Control, all rolled out gradually through the Insider preview builds.

Windowsbuild-22579security

0 likes · 11 min read

What’s New in Windows 11 Sun Valley 2 (22H2) – Key UI and Security Updates

Python Programming Learning Circle

Mar 26, 2022 · Information Security

Generating Image Captcha in Python Using graphic-verification-code and captcha Libraries

This tutorial demonstrates two Python approaches for creating image verification codes—using the graphic-verification-code library for a quick four‑line solution and the captcha library for customizable random captchas—complete with installation commands, code examples, and sample outputs.

Captchacaptcha-librarycode-example

0 likes · 3 min read

Generating Image Captcha in Python Using graphic-verification-code and captcha Libraries

Top Architect

Mar 26, 2022 · Information Security

Token-Based Authentication Architecture and OAuth2/JWT Implementation Overview

This article explains the necessity of a unified account management system for enterprise applications, defines key authentication terms, outlines the background and goals of token-based security, details the OAuth2 password‑grant flow with JWT, and discusses technical choices, interface design, and token renewal processes.

JWTMicroservicesOAuth2

0 likes · 9 min read

Token-Based Authentication Architecture and OAuth2/JWT Implementation Overview

Top Architect

Mar 26, 2022 · Information Security

Why NanoID Is Replacing UUID: Features, Advantages, and Limitations

This article explains how NanoID, a compact and faster alternative to UUID, offers better security, smaller size, higher performance, and broad language support, while also discussing its limitations and future prospects for unique identifier generation in software development.

JavaScriptnanoidperformance

0 likes · 8 min read

Why NanoID Is Replacing UUID: Features, Advantages, and Limitations

Programmer DD

Mar 26, 2022 · Information Security

What’s New in Spring Authorization Server 0.2.3? Explore Key Features and Code

Spring Authorization Server 0.2.3 introduces default client settings for public clients, splits OAuth2 client authentication providers, optimizes the in‑memory authorization service, adds federated‑identity demos, unifies token generation via OAuth2TokenGenerator, and upgrades core dependencies, with code examples illustrating each enhancement.

JavaOAuth2Spring Authorization Server

0 likes · 7 min read

What’s New in Spring Authorization Server 0.2.3? Explore Key Features and Code

DevOps

Mar 25, 2022 · Information Security

12 Best Practices for Securing Kubernetes (K8s) Environments

This article outlines twelve essential best‑practice steps—including updating to the latest stable release, enforcing PodSecurityPolicy, using namespaces, applying network policies, and hardening API server, scheduler, controller‑manager, etcd, and kubelet settings—to comprehensively secure a Kubernetes cluster.

Best PracticesCluster HardeningDevOps

0 likes · 11 min read

12 Best Practices for Securing Kubernetes (K8s) Environments

Zhuanzhuan Tech

Mar 23, 2022 · Information Security

Design and Implementation of the Cleaner Anti‑Crawler System for Real‑Time Threat Mitigation

The article presents a comprehensive design of the Cleaner anti‑crawler system, detailing its background, current challenges, related research, system architecture—including data processing, ban center, and ban store modules built on Flink, MQ, and Redis—implementation details, effectiveness evaluation, and concluding insights on achieving real‑time accuracy in protecting platform data.

BackendRedisanti‑crawler

0 likes · 17 min read

Design and Implementation of the Cleaner Anti‑Crawler System for Real‑Time Threat Mitigation

Architecture Digest

Mar 20, 2022 · Information Security

Comprehensive Linux Hardening Guide: Kernel, Sysctl, Boot Parameters, and Security Best Practices

This guide provides a detailed, step‑by‑step hardening strategy for Linux systems, covering distro selection, kernel choices, extensive sysctl tweaks, boot‑loader parameters, MAC policies, sandboxing, memory allocator hardening, compile‑time mitigations, root account protection, firewall rules, swap configuration, PAM policies, microcode updates, IPv6 privacy, partition mounting options, entropy sources, and physical security measures.

HardeningLinuxboot

0 likes · 51 min read

Comprehensive Linux Hardening Guide: Kernel, Sysctl, Boot Parameters, and Security Best Practices

Liangxu Linux

Mar 18, 2022 · Information Security

Master Linux SUID & SGID: Set, Verify, and Remove Special Permissions

This guide explains Linux's SUID, SGID, and sticky bit permissions, shows how to inspect them with stat and ls, and provides step‑by‑step commands to set, verify, and revoke these special bits on files and directories.

SGIDSUIDchmod

0 likes · 8 min read

Master Linux SUID & SGID: Set, Verify, and Remove Special Permissions

Aikesheng Open Source Community

Mar 15, 2022 · Databases

Using MySQL 8.0.27 Multi‑Factor Authentication with the authentication_policy Variable

This article explains how MySQL 8.0.27 adds multi‑factor authentication (MFA) via the new authentication_policy system variable, demonstrates configuring the variable, creating users with single or multiple authentication plugins, installing external plugins, and verifies MFA behavior with practical Docker‑based examples.

DatabasesMFAMySQL

0 likes · 10 min read

Using MySQL 8.0.27 Multi‑Factor Authentication with the authentication_policy Variable

Top Architect

Mar 13, 2022 · Information Security

Techniques for Protecting Java Bytecode from Decompilation

This article explains why Java bytecode is easy to decompile and introduces several practical techniques—including isolation, class encryption, native code conversion, and various forms of code obfuscation—to increase the difficulty of reverse‑engineering Java applications.

JavaObfuscationclassloader

0 likes · 13 min read

Techniques for Protecting Java Bytecode from Decompilation

MaGe Linux Operations

Mar 9, 2022 · Information Security

Why Minix Is the Hidden OS Powering Intel’s Management Engine

The article explains Minix’s origin as a teaching OS, its evolution into MINIX 3, its role inside Intel’s Management Engine, the security risks it introduces, and how it compares to Linux, highlighting why it may be the world’s most widely deployed operating system.

Intel Management EngineLinux ComparisonMINIX

0 likes · 6 min read

Why Minix Is the Hidden OS Powering Intel’s Management Engine

MaGe Linux Operations

Mar 6, 2022 · Information Security

How Linux’s Random Number Generator Got a 8450% Speed Boost in 5.18

Under Jason Donenfeld’s leadership, Linux kernel’s random number generator was overhauled in versions 5.17 and 5.18, replacing SHA1 with BLAKE2s and shifting from per‑NUMA to per‑CPU structures, delivering up to a 131% speed increase and an astonishing 8450% boost in getrandom() performance on multi‑core systems.

BLAKE2sLinuxkernel

0 likes · 3 min read

How Linux’s Random Number Generator Got a 8450% Speed Boost in 5.18

360 Quality & Efficiency

Mar 4, 2022 · Information Security

Integrating Apache Shiro with Spring Boot: Core Components, Configuration, and Authentication Flow

This article provides a comprehensive guide on integrating Apache Shiro into a Spring Boot application, covering core components, Maven configuration, bean definitions, security manager setup, custom realms, filter chain configuration, and the complete login authentication flow with code examples.

Apache ShiroAuthenticationAuthorization

0 likes · 12 min read

Integrating Apache Shiro with Spring Boot: Core Components, Configuration, and Authentication Flow

IT Architects Alliance

Mar 3, 2022 · Information Security

Design and Implementation of a Token-Based Unified Authentication System Using OAuth2 and JWT

This article outlines the design rationale, objectives, and technical choices for a unified, token‑based authentication system based on OAuth2 password grant and JWT, detailing terminology, workflow steps, security benefits, and interface specifications to enable cross‑system single sign‑on and secure access control.

JWTOAuth2access control

0 likes · 8 min read

Design and Implementation of a Token-Based Unified Authentication System Using OAuth2 and JWT

Laravel Tech Community

Mar 2, 2022 · Backend Development

Generating a PNG CAPTCHA Image with PHP

This tutorial explains how to create a simple PNG CAPTCHA using PHP by generating a random four‑character code, drawing it with random rotation and position, adding noise lines and dots, and outputting the image for use in form validation.

Captchaimage generationsecurity

0 likes · 3 min read

DataFunTalk

Mar 1, 2022 · Cloud Native

Alibaba Cloud Native Data Lake with Apache Iceberg: Architecture, Challenges, and Solutions

The presentation outlines Alibaba Cloud's native data lake solution built on Apache Iceberg, covering data lake fundamentals, cloud migration challenges, Iceberg's architecture and features, real‑time ingestion with Flink, unified metadata management, security guarantees, and testing practices to ensure reliable, scalable big‑data analytics.

Apache IcebergBig DataData Lake

0 likes · 16 min read

Alibaba Cloud Native Data Lake with Apache Iceberg: Architecture, Challenges, and Solutions

Top Architect

Feb 25, 2022 · Fundamentals

Understanding DNS Root Servers: Their Role, Operation, and Global Distribution

This article explains what DNS root servers are, how they function in the hierarchical name‑resolution process, why there are only thirteen IPv4 root addresses, where they are located worldwide—including China’s nodes—and lists common public DNS services for both IPv4 and IPv6.

DNSInternet infrastructureRoot Server

0 likes · 10 min read

Understanding DNS Root Servers: Their Role, Operation, and Global Distribution

Liangxu Linux

Feb 24, 2022 · Information Security

Secure Your Linux Passwords with Pass: Install, Configure, and Use GPG Encryption

This guide walks you through installing the Unix‑style Pass password manager on Linux, configuring GnuPG keys, initializing a secure password store, using basic Pass commands, and integrating it with browsers via PassFF for seamless, encrypted credential management.

CLIGPGencryption

0 likes · 7 min read

Secure Your Linux Passwords with Pass: Install, Configure, and Use GPG Encryption

Sohu Tech Products

Feb 23, 2022 · Information Security

Understanding Browser Caching, Security Risks, and Recommended Configurations

This article explains how HTTP caching works, highlights security and privacy risks such as those introduced by the Spectre vulnerability, and recommends safe cache-control settings like using private caches and varying by Cookie to protect sensitive web resources.

Cache-ControlSpectreVary

0 likes · 10 min read

Understanding Browser Caching, Security Risks, and Recommended Configurations

DevOps

Feb 22, 2022 · Information Security

From DevOps to DevSecOps: Evolution, Benefits, and Implementation Challenges

This article traces the development of DevOps, explains how its evolution into DevSecOps integrates security early in the software lifecycle, outlines the resulting benefits of faster, cheaper, and safer delivery, and discusses the technical, cultural, and organizational challenges that must be overcome for successful adoption.

DevOpsDevSecOpsautomation

0 likes · 13 min read

From DevOps to DevSecOps: Evolution, Benefits, and Implementation Challenges

Top Architect

Feb 21, 2022 · Databases

Key New Features in Elasticsearch 8.0

Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with registration tokens, known issues on ARM/macOS, a preview KNN search API using dense_vector, storage reductions for keyword and text fields, faster geo indexing, PyTorch model support, and numerous other enhancements across aggregations, allocation, analysis, authentication, and core infrastructure.

ElasticsearchPyTorchVersion 8

0 likes · 10 min read

Open Source Linux

Feb 21, 2022 · Fundamentals

Unlocking ARMv8‑A: How Stage‑2 Translation Powers Secure Virtualization

This article explains ARMv8‑A AArch64 virtualization support, covering Stage 2 page‑table translation, virtual exceptions, traps, hypervisor types, memory management, device emulation, interrupt handling, clock virtualization, VHE, nested virtualization, and the performance overhead of context switches.

ARMStage2Virtualization

0 likes · 33 min read

Unlocking ARMv8‑A: How Stage‑2 Translation Powers Secure Virtualization

MaGe Linux Operations

Feb 19, 2022 · Information Security

How to Detect If Your Linux Server Has Been Compromised: 10 Essential Checks

This guide outlines ten practical methods for Linux system administrators to identify signs of intrusion, from missing logs and altered password files to unusual network traffic and recovering deleted log files using process file descriptors.

intrusion detectionlog analysissecurity

0 likes · 8 min read

How to Detect If Your Linux Server Has Been Compromised: 10 Essential Checks

21CTO

Feb 17, 2022 · Backend Development

10 Essential API Design Rules for Consistent Backend Services

This guide presents a concise set of best‑practice rules for designing consistent, RESTful backend APIs—including naming conventions, URL structures, HTTP methods, versioning, pagination, security, and documentation tools—to help developers create clear, maintainable, and user‑friendly services.

BackendHTTP methodsREST

0 likes · 9 min read

10 Essential API Design Rules for Consistent Backend Services

IT Services Circle

Feb 16, 2022 · Information Security

10 Unknown Security Pitfalls for Python

This article outlines ten lesser‑known Python security pitfalls—from optimized‑away asserts and directory permission quirks to path traversal, regex misuse, Unicode normalization attacks, and IP address normalization—illustrating how subtle language features can lead to serious vulnerabilities in real‑world applications.

Best PracticesCode ReviewPython

0 likes · 16 min read

MaGe Linux Operations

Feb 15, 2022 · Backend Development

What’s New in Elasticsearch 8.0? Key Features, Security, and API Changes

Elasticsearch 8.0 introduces major updates including 7.x REST API compatibility headers, default-enabled security with enrollment tokens, protected system indices, a preview KNN search API, storage‑saving field encodings, faster geo indexing, and numerous deprecations and enhancements across aggregations, authentication, cluster coordination, and packaging.

API compatibilityElasticsearchindexing

0 likes · 10 min read

What’s New in Elasticsearch 8.0? Key Features, Security, and API Changes

Java High-Performance Architecture

Feb 15, 2022 · Backend Development

What’s New in Elasticsearch 8.0? Key Features, Security Enhancements, and Performance Boosts

Elasticsearch 8.0 introduces 7.x REST API compatibility headers, default‑on security features with automatic enrollment tokens, tighter protection of system indices, a preview KNN search API, storage‑saving field encodings, faster geo‑point and geo‑shape indexing, PyTorch model support, and a long list of deprecations and internal improvements.

BackendElasticsearchsearch engine

0 likes · 10 min read

What’s New in Elasticsearch 8.0? Key Features, Security Enhancements, and Performance Boosts

21CTO

Feb 14, 2022 · Information Security

Why Adobe, JetBrains, and Google Are Racing to Patch Critical Vulnerabilities in 2022

Adobe released an emergency patch for a critical Magento zero‑day (CVE‑2022‑24086), JetBrains removed Log4j from the IntelliJ platform, and Google unveiled Android 13 "Tiramisu" with new privacy and UI enhancements, highlighting the industry's rapid response to security and usability challenges.

AdobeAndroid13Magento

0 likes · 6 min read

Why Adobe, JetBrains, and Google Are Racing to Patch Critical Vulnerabilities in 2022

IT Architects Alliance

Feb 14, 2022 · Information Security

RBAC as It Was Meant to Be – A Comprehensive Guide to Access‑Control Models

This article traces the evolution from DAC through MAC to RBAC and ABAC, critiques common implementations, and presents a practical, tag‑based permission system that cleanly separates roles, policies, and objects for scalable, secure access control.

AuthorizationRBACRoles

0 likes · 25 min read

RBAC as It Was Meant to Be – A Comprehensive Guide to Access‑Control Models

Laravel Tech Community

Feb 13, 2022 · Backend Development

Key New Features and Changes in Elasticsearch 8.0 Release

Elasticsearch 8.0 introduces major updates such as 7.x REST API compatibility headers, default‑enabled security with enrollment tokens, protected system indices, a preview KNN search API, storage‑efficient field types, faster geo indexing, PyTorch model support, and numerous deprecations and bug fixes across aggregations, allocation, analysis, authentication, and core engine components.

APISearchsecurity

0 likes · 9 min read

Big Data Technology & Architecture

Feb 13, 2022 · Big Data

What's New in Elasticsearch 8.0 – Key Features and Changes

The article provides a comprehensive overview of Elasticsearch 8.0, highlighting major updates such as 7.x REST API compatibility headers, default-enabled security, system‑index protection, a new KNN search API, storage and indexing optimizations, PyTorch model support, and numerous deprecations and feature removals across the stack.

8.0APIBig Data

0 likes · 10 min read

What's New in Elasticsearch 8.0 – Key Features and Changes

Alibaba Terminal Technology

Feb 11, 2022 · Operations

How to Execute a Multi‑Phase IPv6 Migration for Large‑Scale Services

This guide outlines a comprehensive, three‑stage IPv6 migration roadmap—including network upgrades, DNS/HTTPDNS redesign, security hardening, cloud and CDN adaptation, and mobile/app adjustments—to achieve full IPv6‑only support across infrastructure, services, and end‑users while ensuring seamless performance and security.

IPv6MobileNetwork Migration

0 likes · 22 min read

How to Execute a Multi‑Phase IPv6 Migration for Large‑Scale Services

Efficient Ops

Feb 8, 2022 · Information Security

Kubelet Misconfiguration Triggered a Mining Attack – What We Learned

After discovering a compromised node in our self‑built Kubernetes cluster that was being used for Monero mining, we traced the breach to empty iptables rules and a misconfigured kubelet allowing anonymous API access, then outlined firewall hardening, network isolation, and secure kubelet practices to prevent future intrusions.

Mining Attackfirewallkubelet

0 likes · 6 min read

Kubelet Misconfiguration Triggered a Mining Attack – What We Learned

Refining Core Development Skills

Feb 8, 2022 · Fundamentals

Comprehensive Overview of DNS: Architecture, Query Process, Caching, and Security

This article provides a thorough introduction to the Domain Name System (DNS), covering its hierarchical design, query workflow, caching mechanisms, message structure, resource record types, and common security threats along with mitigation techniques, offering essential knowledge for networking fundamentals.

DNSDomain Name Systemnetworking

0 likes · 22 min read

Comprehensive Overview of DNS: Architecture, Query Process, Caching, and Security

Java Architect Essentials

Feb 7, 2022 · Databases

Why Deploying Databases in Docker Containers Is Problematic: Seven Key Reasons

The article explains why placing databases inside Docker containers is generally unsuitable, outlining seven major issues—including data safety, performance, networking, statefulness, resource isolation, cloud platform incompatibility, and environment requirements—while also offering practical mitigation strategies.

ContainerizationDatabaseDevOps

0 likes · 8 min read

Why Deploying Databases in Docker Containers Is Problematic: Seven Key Reasons

IT Architects Alliance

Feb 7, 2022 · Backend Development

Best Practices for Consistent Backend API Design

This guide presents a concise set of best‑practice rules for designing consistent, RESTful backend APIs—including naming conventions, versioning, pagination, security, monitoring, and error handling—to improve developer experience and maintainability across microservice architectures.

HTTP methodsRESTURL conventions

0 likes · 10 min read

Best Practices for Consistent Backend API Design

Architects' Tech Alliance

Feb 3, 2022 · Fundamentals

Arm Announces Armv9 Architecture: New ISA Features, Security, AI, and SVE2 Enhancements

Arm's newly revealed Armv9 architecture introduces major ISA extensions, a confidential compute model, AI‑focused vector capabilities, and performance road‑maps that together aim to unify mobile, server and future workloads while strengthening security and software ecosystem compatibility.

AIARMArmv9

0 likes · 11 min read

Arm Announces Armv9 Architecture: New ISA Features, Security, AI, and SVE2 Enhancements

21CTO

Jan 29, 2022 · Information Security

How Linus Torvalds Exposed a GitHub Fake‑Commit Vulnerability

The article explains how a seemingly prank README submitted by Linus Torvalds leveraged a GitHub "fake‑commit" flaw, demonstrates the malformed URLs used to hide commits, and discusses related GitHub vulnerabilities that remain unpatched, offering insight for security‑aware developers.

GitHubLinus TorvaldsVulnerability

0 likes · 5 min read

How Linus Torvalds Exposed a GitHub Fake‑Commit Vulnerability

Refining Core Development Skills

Jan 28, 2022 · Information Security

Detecting a Hidden Mining Virus in a Linux System: A Narrative

A dramatized Linux security incident shows how administrators use commands like top, ps, netstat, and the unhide tool to discover hidden mining processes, isolate suspicious network connections, and finally terminate the malicious hidden PID, illustrating practical techniques for rootkit detection and response.

LinuxRootkit DetectionSystem Calls

0 likes · 7 min read

Detecting a Hidden Mining Virus in a Linux System: A Narrative

Rare Earth Juejin Tech Community

Jan 26, 2022 · Information Security

No Vue Vulnerabilities: SonarQube Issue Is a Backend API Auth Flaw, Not a Front‑end Problem

Recent rumors claimed that foreign hacker groups were exploiting SonarQube and Vue.js to attack government and enterprise systems, but investigation shows the SonarQube flaw is a pure backend API authentication issue unrelated to Vue, and Vue itself has no known security vulnerabilities when standard front‑end safety practices are followed.

API authenticationFrontendSonarQube

0 likes · 6 min read

No Vue Vulnerabilities: SonarQube Issue Is a Backend API Auth Flaw, Not a Front‑end Problem

Programmer DD

Jan 26, 2022 · Information Security

Why Chinese Agencies Are Auditing Vue.js and SonarQube: Security Concerns Explained

Chinese authorities have ordered government bodies and key enterprises to investigate the use of open‑source tools SonarQube and Vue.js amid claims that foreign hackers are exploiting these platforms, prompting a public response from Vue.js founder Evan You about the projects' security posture.

ChinaSonarQubeVue.js

0 likes · 3 min read

Why Chinese Agencies Are Auditing Vue.js and SonarQube: Security Concerns Explained

DevOps

Jan 21, 2022 · Information Security

Enterprise DevSecOps: Integrating Security into DevOps

This article provides a comprehensive guide to implementing DevSecOps in enterprises, covering fundamental principles, collaboration between security and development teams, integration of security testing, building a secure toolchain, and practical strategies for scaling security within DevOps pipelines.

DevOpsDevSecOpsSAST

0 likes · 62 min read

Enterprise DevSecOps: Integrating Security into DevOps

Architects' Tech Alliance

Jan 20, 2022 · Industry Insights

Why NVIDIA’s BlueField DPU Is Redefining Modern Data Center Architecture

The 2021 China DPU Industry Whitepaper outlines how NVIDIA’s BlueField DPU series—BlueField‑2, the upcoming 400 Gb/s BlueField‑3, and future BlueField‑4—offload and accelerate networking, storage, security, and AI workloads, offering programmable ARM cores, high‑performance NICs, and a rich DOCA ecosystem that reshapes data‑center infrastructure.

BlueFieldDOCADPU

0 likes · 14 min read

Why NVIDIA’s BlueField DPU Is Redefining Modern Data Center Architecture

Selected Java Interview Questions

Jan 20, 2022 · Information Security

A Practical Guide to Common Intranet Penetration Tools: nps, frp, EW, and ngrok

This article provides a comprehensive overview of popular intranet penetration tools—including nps, frp, EW, and ngrok—detailing their features, installation steps, configuration examples, and usage scenarios for exposing internal services such as HTTP, SSH, RDP, and file sharing to the public internet.

NPSfrpintranet

0 likes · 15 min read

A Practical Guide to Common Intranet Penetration Tools: nps, frp, EW, and ngrok

Practical DevOps Architecture

Jan 19, 2022 · Information Security

Step‑by‑Step Upgrade of Ubuntu 16 to OpenSSH 8.8 with OpenSSL and zlib

This guide provides step‑by‑step shell commands to upgrade Ubuntu 16’s OpenSSH to version 8.8, including installing required packages, compiling OpenSSL, zlib, and OpenSSH from source, and updating configuration files to enhance system security on the server.

LinuxOpenSSHUbuntu

0 likes · 4 min read

Step‑by‑Step Upgrade of Ubuntu 16 to OpenSSH 8.8 with OpenSSL and zlib

Architecture Digest

Jan 17, 2022 · Information Security

Understanding Single Sign-On (SSO) with OAuth2.0 and Spring Boot Implementation

This article explains the principles and workflow of Single Sign-On (SSO) using OAuth2.0, illustrates the process with a real‑life scenario, compares multi‑point and single‑point login, and provides a complete Spring Boot example for building an authorization server, client, and role‑based access control in micro‑service architectures.

AuthenticationAuthorizationMicroservices

0 likes · 10 min read

Understanding Single Sign-On (SSO) with OAuth2.0 and Spring Boot Implementation

Programmer DD

Jan 15, 2022 · Information Security

Why Did a Developer Sabotage Popular npm Packages Colors and Faker?

A wave of developers discovered their applications spewing garbled output after a malicious update to the widely used npm libraries colors and faker, revealing a deliberate sabotage by maintainer Marak Squires that sparked heated debate over open‑source ethics, corporate exploitation, and security responsibilities.

Fakercolorsnpm

0 likes · 9 min read

Why Did a Developer Sabotage Popular npm Packages Colors and Faker?

DevOps Engineer

Jan 14, 2022 · Operations

Dockerfile and Docker Image Best Practices for Python Developers

This article presents a comprehensive set of Dockerfile and Docker image best‑practice recommendations—including multi‑stage builds, command ordering, minimal base images, layer reduction, unprivileged containers, proper use of COPY versus ADD, caching strategies, health checks, image signing, and resource limits—to help Python developers create smaller, more secure, and maintainable container images.

ContainerizationDockerfilebest-practices

0 likes · 29 min read

Dockerfile and Docker Image Best Practices for Python Developers

Top Architect

Jan 11, 2022 · Information Security

Comprehensive Guide to Authentication: UI Login, API Call Verification, SSO, and CAS

This article provides a detailed overview of authentication mechanisms, covering UI login methods such as Basic, LDAP, OAuth, Kerberos, and SSO, API call verification techniques like HMAC and JWT, and practical design guidelines for implementing SSO with CAS in micro‑service architectures.

AuthenticationCASHMAC

0 likes · 18 min read

Comprehensive Guide to Authentication: UI Login, API Call Verification, SSO, and CAS

Open Source Linux

Jan 11, 2022 · Cloud Native

Why Bare‑Metal Kubernetes Beats Virtual Machines: 6 Compelling Advantages

This article explains why deploying Kubernetes on bare‑metal servers offers six key benefits—simpler networking, better cost efficiency for demanding workloads, superior performance, stronger security, workload‑specific optimization, and freedom from vendor lock‑in—making it a smarter choice than virtual‑machine‑based solutions.

Bare MetalScalabilitycloud-native

0 likes · 7 min read

Why Bare‑Metal Kubernetes Beats Virtual Machines: 6 Compelling Advantages

IT Architects Alliance

Jan 11, 2022 · Cloud Computing

Understanding SaaS Architecture: Layers, Multi‑Tenant Design, and Core Components

This article explains SaaS as a software‑delivery model, outlines its presentation, scheduling, business, and data layers, describes essential components such as security, data isolation, configurability, scalability, zero‑downtime upgrades, and multi‑tenant support, and details maturity levels, storage options, tenant identification, and performance optimizations.

Cloud ComputingMulti‑tenantSaaS

0 likes · 14 min read

Understanding SaaS Architecture: Layers, Multi‑Tenant Design, and Core Components

Spring Full-Stack Practical Cases

Jan 10, 2022 · Information Security

How to Secure Spring WebFlux Applications with Reactive Security Configurations

This guide walks through setting up Spring Security for WebFlux, covering Maven dependencies, reactive security beans, password encoding, filter chain rules, functional routing, and method‑level authorization with complete code examples for a Spring Boot 2.5.8 project.

JavaSpring Bootconfiguration

0 likes · 4 min read

How to Secure Spring WebFlux Applications with Reactive Security Configurations

Top Architect

Jan 9, 2022 · Backend Development

Designing a Multi‑Account Unified Login System: Schemas, Flows, and Optimizations

This article explains how to design a scalable multi‑account login system by describing self‑built phone‑number authentication, optimized password‑less registration, third‑party OAuth integration, database schema separation, and one‑click carrier‑based login, while highlighting advantages, drawbacks, and implementation details.

AuthenticationBackendDatabase Design

0 likes · 16 min read

Designing a Multi‑Account Unified Login System: Schemas, Flows, and Optimizations

DataFunSummit

Jan 9, 2022 · Artificial Intelligence

Applying Graph Neural Networks to Fraud Detection: Background, Research Progress, Methods, and Resources

This article reviews the fundamentals of fraud, surveys the evolution of graph neural network research for fraud detection, outlines practical application steps, discusses key challenges such as disguise, scalability, and label scarcity, and provides representative papers, new research directions, industrial case studies, and open-source resources.

AIGNNfraud detection

0 likes · 23 min read

Applying Graph Neural Networks to Fraud Detection: Background, Research Progress, Methods, and Resources

Code Ape Tech Column

Jan 7, 2022 · Information Security

Integrating RBAC Permission Model into Spring Cloud Gateway for Authentication and Authorization

This article explains how to implement a Role‑Based Access Control (RBAC) permission model in Spring Cloud Gateway, covering the design, loading URL‑role mappings into Redis, customizing UserDetailsService, and integrating OAuth2.0 with code examples and database schema.

JavaRBACRedis

0 likes · 9 min read

Integrating RBAC Permission Model into Spring Cloud Gateway for Authentication and Authorization

Architect

Jan 5, 2022 · Cloud Native

Introduction to Service Mesh and Istio: Concepts, Architecture, and Hands‑On Guide

This tutorial explains the fundamentals of service mesh, outlines Istio’s architecture and core components, demonstrates how to install Istio on Kubernetes, and walks through practical examples such as traffic routing, security policies, observability, and common use‑cases, while also comparing alternative solutions.

IstioMicroservicesObservability

0 likes · 20 min read

Introduction to Service Mesh and Istio: Concepts, Architecture, and Hands‑On Guide

NiuNiu MaTe

Jan 2, 2022 · Fundamentals

Why Receiving a TCP RST Doesn’t Always Close the Connection

This article explains the purpose of the TCP RST flag, how the kernel and application layers detect it, the various scenarios that trigger RST, why an RST may not terminate a connection, and the security implications of RST attacks.

Linux kernelNetwork ProtocolRST

0 likes · 15 min read

Why Receiving a TCP RST Doesn’t Always Close the Connection

HomeTech

Dec 29, 2021 · Information Security

2021 npm Year‑End Review: Major Releases, Supply‑Chain Attacks, and Future Outlook

The article reviews npm’s 2021 milestones—including the official release of npm 7.0 with performance gains and new features—while highlighting a wave of supply‑chain attacks on popular packages, discussing the rise of Corepack, and offering a forward‑looking perspective on the ecosystem’s challenges and opportunities.

CorepackNode.jsSupply Chain

0 likes · 9 min read

2021 npm Year‑End Review: Major Releases, Supply‑Chain Attacks, and Future Outlook

DevOps Cloud Academy

Dec 28, 2021 · Cloud Native

Using Traefik Log4Shell Plugin to Mitigate the Log4J Vulnerability

This article explains how to deploy Traefik's Log4Shell plugin—a middleware that mitigates the Log4J (CVE‑2021‑44228) vulnerability—by configuring it via Pilot token, static files, Kubernetes CRDs, Ingress annotations, or Docker labels, with example code snippets for each method.

DockerLog4ShellTraefik

0 likes · 4 min read

Using Traefik Log4Shell Plugin to Mitigate the Log4J Vulnerability

Efficient Ops

Dec 27, 2021 · Information Security

Zhongtai Securities’ Path to Advanced DevSecOps Maturity – Key Takeaways

The 2021 GOLF+ IT Governance Forum highlighted Zhongtai Securities’ successful DevSecOps assessment, revealing how the company’s online business system met the second‑level security and risk management standards, and sharing detailed insights on cultural, procedural, and technical practices that drove their advanced security maturity.

DevOpsDevSecOpsMaturity Assessment

0 likes · 10 min read

Zhongtai Securities’ Path to Advanced DevSecOps Maturity – Key Takeaways

Efficient Ops

Dec 27, 2021 · Information Security

How GuoXin Securities Achieved Advanced DevSecOps Maturity in Its GoldSun App

GuoXin Securities' GoldSun platform passed the CAICT DevSecOps Level‑2 security and risk management assessment, showcasing how standardization, tool empowerment, and a collaborative DevOps culture can elevate a financial app's security posture to an advanced domestic level.

DevOpsDevSecOpsMaturity Assessment

0 likes · 10 min read

How GuoXin Securities Achieved Advanced DevSecOps Maturity in Its GoldSun App

Efficient Ops

Dec 27, 2021 · Operations

How Zhongyuan Bank Achieved Advanced DevSecOps Maturity: A Success Story

Zhongyuan Bank’s personal mobile banking project passed the national DevSecOps security and risk management assessment, showcasing how standardized DevOps practices, a dedicated security platform, and cultural, procedural, and technical integration can elevate a financial institution’s development lifecycle to an advanced, industry‑leading level.

DevOpsDevSecOpsDigital Transformation

0 likes · 13 min read

How Zhongyuan Bank Achieved Advanced DevSecOps Maturity: A Success Story

Senior Brother's Insights

Dec 25, 2021 · Information Security

Why Logback 1.2.7 Is Vulnerable and How to Safely Upgrade

This article explains the Logback CVE‑2021‑42550 vulnerability affecting versions before 1.2.9, outlines the three conditions required for exploitation, compares its severity to Log4j, and provides concrete steps—including upgrading to 1.2.9 and setting the configuration file read‑only—to protect Java applications.

CVE-2021-42550JavaVulnerability

0 likes · 5 min read

Why Logback 1.2.7 Is Vulnerable and How to Safely Upgrade

OPPO Amber Lab

Dec 23, 2021 · Information Security

How Java Deserialization Vulnerabilities Enable Remote Code Execution

This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.

DeserializationFastJSONJava

0 likes · 7 min read

How Java Deserialization Vulnerabilities Enable Remote Code Execution

Selected Java Interview Questions

Dec 22, 2021 · Backend Development

User Login Flow, Token Management, and Anonymous Access Implementation in a Java Backend

This article explains the complete user login process, token generation and validation, token expiration policies, logout handling, and two approaches for anonymous requests—authorized tokens with rate limiting and path‑based regex rules—illustrated with diagrams and Java/Redis code examples.

AuthenticationTokengateway

0 likes · 9 min read

User Login Flow, Token Management, and Anonymous Access Implementation in a Java Backend

Laravel Tech Community

Dec 19, 2021 · Information Security

Apache Log4j 2.17.0 Release Fixes CVE‑2021‑45105 and Other Vulnerabilities

Apache Log4j 2.17.0 has been released, addressing CVE‑2021‑45105 and fixing recursive string‑replacement vulnerabilities that could cause StackOverflowError DoS attacks, while also tightening JNDI usage and correcting several configuration and appender issues, with recommended mitigation steps for earlier versions.

CVE-2021-45105DoSJava

0 likes · 4 min read

Apache Log4j 2.17.0 Release Fixes CVE‑2021‑45105 and Other Vulnerabilities

Java Captain

Dec 17, 2021 · Backend Development

Jeepay: Open‑Source Payment System Overview and Architecture

Jeepay is an open‑source, Spring Boot‑based payment platform that supports multiple channels such as WeChat Pay, Alipay, and UnionPay, offering distributed deployment, high concurrency, secure signing, and a modular front‑back separation with comprehensive management and merchant interfaces.

Microservicesopen-sourcepayment

0 likes · 6 min read

Jeepay: Open‑Source Payment System Overview and Architecture

Sohu Tech Products

Dec 15, 2021 · Mobile Development

iOS Virtual Location Techniques and Detection Methods

This article explains the various ways to simulate GPS location on iOS devices—including Xcode GPX files, iTools, external Bluetooth accessories, and jailbreak hooks—while also detailing practical detection strategies such as altitude checks, type inspection, callback analysis, and method‑swizzling to identify fake positioning.

iOSlocation simulationsecurity

0 likes · 16 min read

iOS Virtual Location Techniques and Detection Methods

Architects' Tech Alliance

Dec 15, 2021 · Fundamentals

Understanding the Metaverse from a Network Access Perspective and Its Implications for Network Technology

The article examines the concept of the Metaverse as an evolution of internet access terminals, analyzes how VR/AR headsets reshape communication‑type devices, and discusses the resulting new security, ultra‑low‑latency, and deterministic quality‑of‑service challenges for network infrastructure.

LatencyMetaverseQoS

0 likes · 16 min read

Understanding the Metaverse from a Network Access Perspective and Its Implications for Network Technology

Architects' Tech Alliance

Dec 14, 2021 · Industry Insights

Why NVIDIA’s BlueField DPU Is Redefining Data‑Center Architecture

The article provides an in‑depth analysis of NVIDIA’s BlueField DPU series—detailing the roadmap from BlueField‑2 to BlueField‑4, the technical capabilities of BlueField‑3 across networking, security, and storage, and the DOCA ecosystem that enables programmable, hardware‑accelerated data‑center services, positioning DPUs as a core pillar of modern cloud infrastructure.

BlueFieldDPUData Center

0 likes · 14 min read

Why NVIDIA’s BlueField DPU Is Redefining Data‑Center Architecture

Laravel Tech Community

Dec 14, 2021 · Backend Development

Apache Log4j 2.16.0 Released – New Features, Security Fixes, and Upgrade Guidance

Apache Log4j 2.16.0 has been released, offering updated SLF4J adapters, disabling JNDI by default to mitigate CVE‑2021‑44228, removing message lookups, and requiring Java 8+, with detailed upgrade instructions and links to download and issue trackers.

JNDIJavaLogging

0 likes · 4 min read

Apache Log4j 2.16.0 Released – New Features, Security Fixes, and Upgrade Guidance

Laravel Tech Community

Dec 13, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.

JNDI injectionRemote Code Executionlog4j

0 likes · 5 min read

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

Alibaba Cloud Native

Dec 13, 2021 · Information Security

How to Block Log4j2 RCE Attacks in Four Simple Steps with Alibaba Cloud ARMS

The article explains the massive impact of the Log4j2 remote code execution vulnerability, details why its JNDI lookup is easily exploitable, lists affected software, and provides a concise four‑step guide using Alibaba Cloud ARMS RASP to detect, monitor, and block attacks while offering remediation recommendations.

ARMSRASPRCE

0 likes · 6 min read

How to Block Log4j2 RCE Attacks in Four Simple Steps with Alibaba Cloud ARMS

Programmer DD

Dec 10, 2021 · Backend Development

How to Quickly Fix the Log4j2 Vulnerability in Spring Boot

This article explains the recent Log4j2 critical vulnerability, shows the official patch, and provides the simplest Spring Boot configuration change—adding a property in pom.xml—to upgrade Log4j2 safely while highlighting why the default logging component is Logback and offering advice on avoiding unnecessary third‑party replacements.

securityspring-boot

0 likes · 4 min read

How to Quickly Fix the Log4j2 Vulnerability in Spring Boot

21CTO

Dec 9, 2021 · Fundamentals

Top 5 Linux Distros Every Developer Should Try

This article introduces five popular Linux distributions—Ubuntu, Linux Mint, Kali Linux, Parrot OS, and Fedora—explaining their features, target audiences, and why they are well‑suited for programmers and developers seeking open‑source, customizable development environments.

DevelopmentLinuxlinux distributions

0 likes · 7 min read

Top 5 Linux Distros Every Developer Should Try

Architects Research Society

Dec 9, 2021 · Fundamentals

Key Challenges in Designing Distributed Systems

Designing a distributed system involves overcoming major challenges such as heterogeneity, transparency, openness, concurrency, security, scalability, and fault tolerance, each of which must be addressed to build a reliable, extensible, and performant system.

ConcurrencyDistributed SystemsScalability

0 likes · 7 min read

Key Challenges in Designing Distributed Systems

IT Architects Alliance

Dec 9, 2021 · Backend Development

How to Build a Billion‑User Scalable User Center: Architecture, APIs, Token Fallback, and Security

This article presents a comprehensive, practical design for an ultra‑large‑scale user center, covering microservice architecture, API separation, token generation with graceful degradation, data‑sharding strategies, password encryption, asynchronous processing, and detailed monitoring to ensure high availability, performance, and security.

MicroservicesScalabilitySharding

0 likes · 16 min read

How to Build a Billion‑User Scalable User Center: Architecture, APIs, Token Fallback, and Security