This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| fun RepositoryHandler.enableMirror() { | |
| all { | |
| if (this is MavenArtifactRepository) { | |
| val originalUrl = this.url.toString().removeSuffix("/") | |
| urlMappings[originalUrl]?.let { | |
| logger.lifecycle("Repository[$url] is mirrored to $it") | |
| this.setUrl(it) | |
| } | |
| } | |
| } |
| name: Security audit | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| push: | |
| paths: | |
| - '**/Cargo.toml' | |
| - '**/Cargo.lock' | |
| jobs: | |
| security_audit: |
The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.
国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。
Dockerized 实践 https://github.com/y0ngb1n/dockerized
Comparison of Spring Cloud with Eureka
I feel Consul.io does better in the following area:
The focus on scriptable configuration allows for better container management.
Eureka requires either external Configuration Server or multiple configuration files.
The options for securing communications is more advanced.
Eureka requires creating application with security settings desired. Default will allow HTTP only. Registration of end points assumes http but can be forced to https with code.
| // Paste these lines into website's console (Win/Linux: Ctrl + Shift + I / Mac: Cmd + Alt + I) | |
| if(!!window.React || | |
| !!document.querySelector('[data-reactroot], [data-reactid]') || | |
| Array.from(document.querySelectorAll('*')).some(e => e._reactRootContainer !== undefined || Object.keys(e).some(k => k.startsWith('__reactContainer'))) | |
| ) | |
| console.log('React.js'); | |
| if(!!document.querySelector('script[id=__NEXT_DATA__]')) | |
| console.log('Next.js'); |
The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.
The correct way of creating a private frok by duplicating the repo is documented here.
For this assignment the commands are:
git clone --bare git@github.com:usi-systems/easytrace.git
| ZigZag-Encoding | |
| --------------- | |
| Maps negative values to positive values while going back and | |
| forth (0 = 0, -1 = 1, 1 = 2, -2 = 3, 2 = 4, -3 = 5, 3 = 6 ...) | |
| (i >> bitlength-1) ^ (i << 1) | |
| with "i" being the number to be encoded, "^" being | |
| XOR-operation and ">>" would be arithemtic shifting-operation |
