The followings are references books, talks and links for my talk SRE practices in Mercari Microservices.
#!/bin/bash | |
web_service='nginx' | |
config_file="/usr/local/etc/le-renew-webroot.ini" | |
le_path='/opt/letsencrypt' | |
exp_limit=30; | |
if [ ! -f $config_file ]; then | |
echo "[ERROR] config file does not exist: $config_file" |
2015-01-29 Unofficial Relay FAQ
Compilation of questions and answers about Relay from React.js Conf.
Disclaimer: I work on Relay at Facebook. Relay is a complex system on which we're iterating aggressively. I'll do my best here to provide accurate, useful answers, but the details are subject to change. I may also be wrong. Feedback and additional questions are welcome.
Relay is a new framework from Facebook that provides data-fetching functionality for React applications. It was announced at React.js Conf (January 2015).
This is a workaround for this Hazelcast issue.
To use the alternative TcpIpJoinerOverAWS
:
- Remove
hazelcast-cloud
from your project's classpath, - Add this class in your project or JAR it up if you prefer,
- Do not configure an
accessKey
nor asecretKey
in Hazelcast'sAwsConfig
.
This is my response to an email asking about Domain-Driven Design in golang project.
Thank you for getting in touch. Below you will find my thoughts on how golang works with DDD, changing it. This is merely a perception of how things worked out for us in a single project.
That project has a relatively well-known domain. My colleagues on this project are very knowledgeable, thoughtful and invested in quality design. The story spelled out below is a result of countless hours spent discussing and refining the approach.
Conclusions could be very different, if there was a different project, team or a story-teller.
The attack detailed below has stopped (for the time being) and almost all network access for almost all customers have been restored. We're keeping this post and the timeline intact for posterity. Unless the attack resumes, we'll post a complete postmortem within 48 hours (so before Wednesday, March 26 at 11:00am central time).
Criminals have laid siege to our networks using what's called a distributed denial-of-service attack (DDoS) starting at 8:46 central time, March 24 2014. The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.
Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people
http://co3k.org/blog/csrf-token-should-not-be-session-id について。
この記事では触れられていませんが、
- むかし、セッションIDをHTMLソース中に埋め込んでも脅威は変わらないと主張した人がいました
- 正確には「hiddenの値のみ漏れやすいような特殊な脆弱性が無ければ」という前提であったけれど、実際にそのようなバグはあったし、予見されていた。
- とても影響のある人だったので、色々なサイトや書籍がその方法を紹介し、安全なウェブサイトの作り方にも載ってしまいました
この際ハッキリ言っておくべきだと思うので書きますが、そもそもセッションIDを(HTMLソース中に埋め込む)CSRF対策トークンとして使うのは間違いでした。最初から間違っていたのです。正確に言うとCSRFの話は関係ないですね。CSRF関係なく、特に「単体で」セッションハイジャックが可能になるような値を、HTMLソース中に埋め込むべきではありません。
<?php | |
/* | |
Plugin Name: WP CF7 to Backlog | |
Plugin URI: | |
Description: | |
Author: wokamoto | |
Version: 0.0.1 | |
*/ | |
include_once( ABSPATH . WPINC . '/class-IXR.php' ); |
diff -ru ../ansible/lib/ansible/runner/connection_plugins/ssh.py .env/lib/python2.7/site-packages/ansible/runner/connection_plugins/ssh.py | |
--- ../ansible/lib/ansible/runner/connection_plugins/ssh.py 2013-08-27 10:03:22.000000000 +0100 | |
+++ .env/lib/python2.7/site-packages/ansible/runner/connection_plugins/ssh.py 2013-08-27 10:42:00.000000000 +0100 | |
@@ -181,65 +181,75 @@ | |
p = subprocess.Popen(ssh_cmd, stdin=subprocess.PIPE, | |
stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |
stdin = p.stdin | |
+ try: | |
+ self._send_password() | |