当前节点:rss
时间节点
2022年5月27日 01:39nccgroup
In April and May 2022, NCC Group Cryptography Services engaged in a security and cryptography assessment reviewing Microsoft’s contributions to the go-cose library, a Go library implementing signing and verification for CBOR Object Signing and Encryption (COSE), as specified in RFC 8152. This library focuses on a minimal feature set to enable the signing and verification of … Continue reading Public Report – go-cose Security Assessment →
2022年4月和5月,NCC Group Cryptography Services 进行了一次安全和加密评估,评估微软对 Go-COSE 库的贡献,这是一个 Go 库,实现了 RFC 8152中规定的 CBOR 对象签名和加密(COSE)的签名和验证。这个库集中于一个最小的特性集,以使签名和验证... 继续阅读公共报告-go-cose 安全评估→
2022年5月27日 00:40Packet Storm
Red Hat Security Advisory 2022-4745-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Red Hat Security Advisory 2022-4745-01-Varnish Cache 是一种高性能的 HTTP 加速器。它将网页存储在内存中,这样网页服务器就不必一遍又一遍地创建相同的网页,从而大大提高了网站的速度。
2022年5月27日 00:40Packet Storm
Ubuntu Security Notice 5445-1 - Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS.
Ubuntu 安全通知5445-1-Ace Olszowka 发现 Subversion 错误地处理了某些 svnserve 请求。远程攻击者可能会利用这个问题导致 svnserver 崩溃,从而导致分布式拒绝服务攻击攻击。这个问题只影响到 Ubuntu 18.04 LTS。Tomas Bortoli 发现 Subversion 错误地处理了某些 svnserve 请求。远程攻击者可能会利用这个问题导致 svnserver 崩溃,从而导致分布式拒绝服务攻击攻击。这个问题只影响到 Ubuntu 18.04 LTS。
2022年5月27日 00:40Packet Storm
qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.
qdPM 9.1版本通过身份验证的远程代码执行利用了一个遍历路径。
2022年5月27日 00:40Packet Storm
Red Hat Security Advisory 2022-2268-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.51.
Red Hat Security Advisory 2022-2268-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为本地或私有云部署而设计。这个建议包含红帽 OpenShift 容器平台4.7.51的容器图像。
2022年5月27日 00:40Packet Storm
Ubuntu Security Notice 5446-1 - Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
Ubuntu 安全通知5446-1-Max Justicz 发现 dpkg 不正确地处理了某些源代码包的解压缩。如果一个用户或者一个自动化系统被欺骗去解压一个特别制作的源代码包,远程攻击者可以修改目标解压目录之外的文件,导致一个分布式拒绝服务攻击或者潜在地获得对系统的访问。
2022年5月27日 00:40Packet Storm
In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
在这份白皮书中,作者证明了滥用持久性跨网站脚本和多语言有效负载可以允许类似 COOLHANDLUKE 的健壮协议创建,并允许攻击者在没有路由器的情况下在 ipv4和 ipv6网络之间进行恶意流量的出境、封装和隧道。作者将该技术和协议称为“ DIRECTIVEFOUR”。此问题影响思科 SMB 和 Sx 系列交换机。
2022年5月27日 00:40Packet Storm
This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
这篇白皮书演示了在一个名为 COOLHANDLUKE 的漏洞中利用跨网站脚本和通用语言来违反网络分段/第二层 VLAN 策略,同时在没有路由器的隔离的、空间隔离的网络之间传送文件。这个问题影响到 HPE Procurve、 Aruba Networks、 Cisco、 Dell 和 Netgear 产品。
2022年5月27日 00:40Packet Storm
ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.
当屏幕被锁定时,ChromeOS 会使用 usbguard,但是似乎会遇到旁路问题。
2022年5月27日 00:40Packet Storm
Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).
Tigase XMPP 服务器在序列化解析 XML 时没有转义双引号字符,因此存在安全漏洞。这可用于在 XMPP 服务器的输出流中偷运(或者,如果您愿意的话,注入)任意由攻击者控制的节。恶意客户机可以利用这个漏洞向另一个客户机发送任意 XMPP 节(包括只能由服务器发送的控制节)。
2022年5月27日 00:40Packet Storm
Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.
Red Hat Security Advisory 2022-2272-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,设计用于本地或私有云部署。此通知包含红帽 OpenShift 容器平台4.8.41的容器图像。
2022年5月27日 00:40Packet Storm
Ubuntu Security Notice 5447-1 - It was discovered that logrotate incorrectly handled the state file. A local attacker could possibly use this issue to keep a lock on the state file and cause logrotate to stop working, leading to a denial of service.
Ubuntu 安全通知5447-1-发现 logrotate 不正确地处理状态文件。本地攻击者可能会利用这个问题锁定状态文件并导致 logrotate 停止工作,从而导致分布式拒绝服务攻击。
2022年5月27日 00:40Packet Storm
Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
Ubuntu 安全公告5402-2-usn-5402-1修复了 OpenSSL 中的几个漏洞。此更新提供了 Ubuntu 16.04 ESM 的相应更新。Elison Niven 发现 OpenSSL 不正确地处理了 c _ rehash 脚本。当运行 c _ rehash 时,本地攻击者可能会利用这个问题执行任意命令。发现 OpenSSL 在解码证书和密钥时错误地处理了资源。远程攻击者可能会利用这个问题导致 OpenSSL 消耗资源,从而导致分布式拒绝服务攻击攻击。这个问题只影响到 Ubuntu 22.04 LTS。
2022年5月27日 00:10Packet Storm
2022年5月27日 00:10Packet Storm
2022年5月27日 00:10Packet Storm
2022年5月27日 00:10Packet Storm
2022年5月27日 00:10Packet Storm
2022年5月26日 23:39jarcis-cy
motikan2010 starred target/mmk-ui-api May 26, 2022
target/mmk-ui-api
UI, API, and Scanner (Rules Engine) services for Merry Maker
TypeScript
114 Updated Apr 22
Motikan2010星标/mmk-ui-api 2022.5.26
Target/mmk-ui-api
Merry Maker 的用户界面、 API 和扫描仪(规则引擎)服务
打字稿
114/Updated Apr 22
2022年5月26日 23:34Trustwave Blog
Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails.
早在四月初,Trustwave SpiderLabs 就发现了一个针对来自巴西、西班牙和墨西哥的银行用户的 Grandoreiro 恶意软件攻击。这场运动利用了目标国家的税收季节,发送以税收为主题的钓鱼邮件。
2022年5月26日 23:32burp
SHN plays down concerns over medical records breach
SHN 淡化对医疗记录泄露的担忧
2022年5月26日 23:32burp
Social media platform ends private program after paying $250,000 in rewards over eight years
社交媒体平台结束私人项目后,支付250,000美元奖励超过8年
2022年5月26日 22:13Sylvain Kerkour
Introduction APKOA Les outils GO GO GO Bingo ! Plus d’infos Introduction Le reverse engineering, c’est ( en gros ) comprendre le fonctionnement d’un dispositif, par une analyse en profondeur. Comprendre comment les concepteurs ont imaginé le système. Cela peut servir dans le cadre d’une séance de debugging d’un logiciel
2022年5月26日 22:13Sylvain Kerkour
Cut the bullshit, get the shit done and don't be afraid.
废话少说,把事情搞定,不要害怕。
2022年5月26日 22:13Sylvain Kerkour
Structured logging Interface Performance What to log Logs vs Metrics Implementation As the term log is ambigous, I want to clarify that we will talk about application logging. Logging is hard. I think logging is a critical piece of infrastructure. Chances are if you’re a software engineer, you’ll be staring
结构化日志接口性能日志与度量标准实现之间的对比日志这个术语是双音节的,我想澄清一下,我们将讨论应用程序日志。伐木是很困难的。我认为日志记录是基础设施的一个关键部分。如果你是一个软件工程师,你可能会盯着看
2022年5月26日 22:13Sylvain Kerkour
Polyglot systems Astro Polyglot systems Today's advent of containers, orchestration technologies and services oriented architectures leads to the fact that we use more and more programming languages for the same application. Thus programmers have to code in more than one programming language. The problem is that each programming language have
多语言系统 Astro 多语言系统今天,容器、编排技术和面向服务架构的出现,导致我们为同一个应用程序使用越来越多的编程语言。因此,程序员必须使用多种编程语言进行编码。问题是每种编程语言都有
2022年5月26日 22:13Sylvain Kerkour
Start with Why The infinite game and the infinite players And before you ask, my just cause? Empowering the world with open technologies. I've created Bloom to fulfill this purpose.
从为什么无限的游戏和无限的玩家开始在你问之前,我的正当理由?用开放的技术赋予世界权力。我创造布鲁姆就是为了达到这个目的。
2022年5月26日 22:13Sylvain Kerkour
🇬🇧 English version here Il ne faut pas compter sur ceux qui ont créé les problèmes pour les résoudre. Des défis universels et inédits (Pourquoi ?) Open source, access, data... (Comment ?) Bloom : le master plan top secret (Quoi ?) En résumé TL;DR Pour faire face aux défis universels
2022年5月26日 22:13Sylvain Kerkour
🇫🇷 Version française ici We cannot solve our problems with the same thinking we used when we created them. Universal and unprecedented challenges (Why?) Open source, access, data... (How?) Bloom: the top-secret master plan (What?) In summary TL;DR To bring an answer to the universal and unprecedented challenges of our
我们无法用创造问题时的思维方式来解决问题。普遍和前所未有的挑战(为什么?)开源,访问,数据... (怎么做?)布鲁姆: 最高机密的总体规划(什么?)为我们面临的全球性和前所未有的挑战提供一个答案
2022年5月26日 22:13Sylvain Kerkour
Thank you very much for the support! The past days were pretty intense and we really didn't expect such traction. We sincerely apologize for the bugs and latencies: our systems were not scaled to handle the load (which in a sense is good news 😊). Here are some clarifications about
非常感谢你们的支持!过去的日子非常紧张,我们真的没有想到会有这样的牵引力。我们真诚地为 bug 和延迟道歉: 我们的系统没有进行扩展以处理负载(从某种意义上说这是个好消息)。这里有一些澄清
2022年5月26日 22:13Sylvain Kerkour
It's been exactly 6 months since Bloom launched. 6 incredible months with a lot of sweat and some sleepless nights. But something even more incredible is coming during the next month: The launch of Bloom's native applications, featuring among other things end to end encryption and offline support. The past
布鲁姆上市已经整整6个月了。难以置信的6个月,汗流浃背,辗转难眠。但是更不可思议的事情将在下个月发生: Bloom 的本地应用程序的发布,特色之一是端到端加密和离线支持。过去
2022年5月26日 22:13Sylvain Kerkour
While developing Bloom I realized how much I love open source. So I decided to share this passion with the world. Whether it be in software, in hardware, in education, in ecology, in science or in agriculture, open source have proved its superiority. However it's very difficult to find interesting
在开发 Bloom 的过程中,我意识到自己是多么热爱开源。所以我决定与世界分享这份激情。无论是在软件、硬件、教育、生态、科学还是农业领域,开源已经证明了它的优越性。但是很难找到有趣的东西吗
2022年5月26日 22:13Sylvain Kerkour
Hello world! Thank you for subscribing to Open Source Weekly. If you have any feedback, feel free to respond to this email or open a ticket on GitHub. Enjoy your reading :) Did you know? Free Software vs Open source While we are all facing an uncertain future due to
你好,世界!感谢您订阅开源周刊。如果你有任何反馈,请随时回复这封邮件或者在 GitHub 上打开一张票。享受你的阅读:)你知道吗?自由软件 vs 开放源码虽然我们都面临着一个不确定的未来,因为
2022年5月26日 22:13Sylvain Kerkour
Thank you everyone for your positive feedback! It’s really encouraging 🤗 To the enthusiastic person who emailed me about the PinePhone but never received a response, sorry, I inadvertently deleted your email before replying 🙃 Did you know? Free Software vs Open source 2/2: Philosophy Last week we saw the
谢谢大家的积极反馈!这真的很鼓舞人心,对于那个给我发了一封关于 PinePhone 的邮件却没有收到回复的人,抱歉,我不小心在回复之前删除了你的邮件你知道吗?3软件 vs 开源2/2: 哲学上周我们看到了
2022年5月26日 22:13Sylvain Kerkour
Did you know? Intellectual property: Copyrights vs Patents vs Trademarks "Intellectual property" (strange oxymoron) is a vague term at which people love to throw everything and anything. Do you really know the differences between Copyrights, Patents and Trademarks? Copyrights Copyright is the exclusive right given to the creator of a
你知道吗?知识产权: 版权 vs 专利 vs 商标“知识产权”(奇怪的矛盾修饰法)是一个模糊的术语,人们喜欢抛弃一切和任何东西。你真的知道版权、专利和商标之间的区别吗?版权著作权是赋予作者的专有权利
2022年5月26日 22:13Sylvain Kerkour
You are certainly asking yourself what to do with this sudden amount of free time now we are all in quarantine and no longer have to commute every day. The answer is obvious: VIDEO GAMES!!!! Welcome for a special edition of OpenSourceWeekly.org dedicated to gaming 🕹️ Gaming on Linux You
你肯定在问自己,现在我们都处于隔离状态,不再需要每天通勤了,如何利用这突如其来的空闲时间。答案是显而易见的: 电子游戏!欢迎收看 Linux 游戏 opensourceweekly.org 的特别版
2022年5月26日 22:13Sylvain Kerkour
Welcome for your weekly dose of inspiring open source projects! Open source is more than ever relevant in these tough times and the world is slowly discovering that centralization and closed ecosystems literally kill people 😷 Projects Drop-in Minimal CSS This is THE revelation of the week. We can code
欢迎你每周参与一些鼓舞人心的开源项目!在这个艰难的时代,开放源码比以往任何时候都更加重要,而且世界正在慢慢发现,集中化和封闭的生态系统实际上会杀死人。我们会写代码
2022年5月26日 22:13Sylvain Kerkour
Faster than expected. The past few weeks taught us that when sh*t is knocking at the door, it’s already too late. Unfortunately, there are a lot of other subjects where serious people are warning us that our current trajectory is not good. You get it, today we are going to
比预期的要快。过去的几周告诉我们,当该死敲门的时候,已经太晚了。不幸的是,还有很多其他的问题,严肃的人警告我们,我们目前的轨迹并不好。你明白了,今天我们要
2022年5月26日 22:13Sylvain Kerkour
Today we are going to talk about high performance. Not the standard distributed cloud blahblah but high performance on a single core on a single machine. Please welcome SIMD instructions. Did you know? What are SIMD instructions? SIMD (for Single Instruction, Multiple Data) are special instructions on CPUs and GPUs
今天我们要讨论的是高性能。不是标准的分布式云之类的东西,而是在一台机器上的单核上的高性能。请欢迎 SIMD 指示。你知道吗?什么是 SIMD 指令?SIMD (用于单指令,多数据)是 cpu 和 gpu 上的特殊指令
2022年5月26日 22:13Sylvain Kerkour
Great news for CLI lovers: starting today, all the weekly emails will be sent with both a HTML and a Text version 🎉 We all know that the world shifted from a material-based economy to one based on the capacity of human attention. Yet, because these social networks and apps
对于 CLI 爱好者来说,好消息是: 从今天开始,所有每周的电子邮件都将同时以 HTML 和文本的形式发送。我们都知道,世界已经从物质经济转变为以人类注意力为基础的经济。然而,因为这些社交网络和应用程序
2022年5月26日 22:13Sylvain Kerkour
Hello everyone, I hope you are doing well 🙏 I’m about to release the new version of my open source project Bloom (encrypted Notes, Calendar, Contacts, Files…) which will feature end-to-end encryption. Before that I’m looking for feedback on the cryptographic design, so if you are a cryptography / security
大家好,我希望你们都做得很好我即将发布我的开源项目 Bloom 的新版本(加密笔记,日历,联系人,文件...) ,它将以端对端加密为特色。在此之前,我正在寻找关于加密设计的反馈,因此如果您是一名加密/安全人员
2022年5月26日 22:13Sylvain Kerkour
Hi everyone 👋 As you may have noticed I have updated the website (from opensourceweekly.org to kerkour.com) because it was too much of a burden for me to maintain 2 websites. If you use an RSS reader, please update your feed to: https://kerkour.com/feed.xml Otherwise Open Source Weekly will continue as
大家好你们可能已经注意到我更新了网站(从 opensourceweekly.org 到 kerkour. com) ,因为维护2个网站对我来说负担太重了。如果你使用 RSS 阅读器,请将你的 feed 更新为:  https://kerkour.com/feed.xml 文档,否则开源周刊将继续作为
2022年5月26日 22:13Sylvain Kerkour
Hello everyone 👋 This week we are going to talk about Linux and especially which flavor of Linux to choose. I know this is a rather controversial topic but as I'm often asked, I felt it was time to write it down. Dear esteemed reader, please don’t feel offended if
大家好本周我们将讨论 Linux,特别是选择哪种风格的 Linux。我知道这是一个相当有争议的话题,但正如我经常被问到的那样,我觉得是时候把它写下来了。尊敬的读者,请不要觉得被冒犯了
2022年5月26日 22:13Sylvain Kerkour
I spent the past two days rebuilding my website from scratch, ditching Bootstrap, JQuery and custom fonts (you’ll be horrified to learn how much traffic custom fonts are accountable for) in order to improve its performance, readability and computing resources usage. I’m pretty satisfied with the effort: now, any page
我花了两天时间从头开始重建我的网站,抛弃了 Bootstrap、 JQuery 和自定义字体(如果你知道自定义字体对流量负有多大责任,你会感到震惊) ,以提高它的性能、可读性和计算资源的使用。我对这些努力非常满意: 现在,任何一页
2022年5月26日 22:13Sylvain Kerkour
Projects RudderStack RudderStack is a platform for collecting, storing and routing customer event data to dozens of tools. It can run in your cloud environment (AWS, GCP, Azure or even your data-centre) and provides a powerful transformation framework to process your event data on the fly. Scuttlebot: Peer-to-peer database, identity
Projects RudderStack RudderStack 是一个用于收集、存储客户事件数据并将其路由到几十个工具的平台。它可以在您的云环境(AWS、 GCP、 Azure,甚至是您的数据中心)中运行,并提供了一个强大的转换框架来动态处理事件数据。Scuttlebot: 对等数据库、身份
2022年5月26日 22:13Sylvain Kerkour
From the Linux kernel to Firefox and Wordpress, Open Source is changing the world for the better. But how to achieve financial sustainability when you produce something that can legally be copied, by design, at zero cost? Revenue models for Open Source A lot has been written about achieving profitability
从 Linux 内核到 Firefox 和 Wordpress,开源让世界变得更美好。但是,当你生产的东西可以合法地被复制,通过设计,零成本,如何实现财务可持续性?开源的收入模式已经有很多关于实现盈利能力的文章
2022年5月26日 22:13Sylvain Kerkour
I started developing web services (JSON APIs) in Rust a little bit more than 2 years ago, so I thought it was time to shake the preconceived ideas and share what I've learned. The prejudices Rust code is ugly: Rust is explicit. Undeniably. But when I write code, my IDE
两年多以前,我开始在 Rust 中开发 web 服务(JSON api) ,所以我认为是时候动摇先入为主的想法,分享我所学到的东西了。偏见锈病密码是丑陋的: 锈病是明确的。不可否认。但是当我写代码的时候,我的 IDE
2022年5月26日 22:13Sylvain Kerkour
Sending emails in Rust can be achieved in two ways: either by using an SMTP server or by using a third-party service with an API such as AWS SES or Sendgrid. SMTP SMTP is the standard protocol for sending emails. Thus, it's the most portable way to send emails as
在 Rust 中发送电子邮件可以通过两种方式实现: 要么使用 SMTP 服务器,要么使用带有 API (如 AWS SES 或 Sendgrid)的第三方服务。SMTP SMTP 是发送电子邮件的标准协议。因此,这是最便携的方式来发送电子邮件
2022年5月26日 22:13Sylvain Kerkour
Its fast-paced development cycles. For more data points, please go here, search for 'Compatibility Notes' and 'Language'. I love Rust. I can build web servers, create web apps with WebAssembly, use it for embedded development, craft shellcodes, and above all, it reduced the number of bugs in my programs by
其快节奏的开发周期。如需更多数据点,请点击这里,搜索“兼容性说明”和“语言”。我喜欢 Rust。我可以构建网络服务器,用 WebAssembly 创建网络应用程序,用它进行嵌入式开发,编写工艺贝尔代码,最重要的是,它减少了我的程序中的 bug
2022年5月26日 22:13Sylvain Kerkour
Executing code from memory in Rust is very dependant of the platform as all modern Operating Systems implement security measures to avoid it. The following applies to Linux. There are at least 3 ways to execute raw instructions from memory: By embedding the shellcode in the .text section of our
在 Rust 中从内存执行代码非常依赖于平台,因为所有现代操作系统都实现了安全措施来避免这种情况。下面的内容适用于 Linux。在内存中执行原始指令至少有三种方法: 将 shell 代码嵌入到。文字部分
2022年5月26日 22:13Sylvain Kerkour
Building minimal Docker images to deploy Rust brings up a lot of benefits: it's not only good for security (reduced attack surface) but also to improve deployment times, reduce costs (less bandwidth and storage), and reduce the risk of dependency conflicts. Table of contents Code FROM scratch (15.9MB) FROM alpine
构建最小的 Docker 映像来部署 Rust 会带来很多好处: 它不仅有利于安全(减少攻击面) ,而且还可以提高部署时间,降低成本(减少带宽和存储) ,并减少依赖冲突的风险。目录代码从头开始(15.9 MB)从阿尔卑斯山
2022年5月26日 22:13Sylvain Kerkour
A lot of people want to learn Rust but are afraid that the language or the ecosystem is not production-ready yet, or that they may not find a job. Be reassured, Rust is already used in production, from small shops to the largest companies in the world, serving billions of
许多人想学习 Rust,但是他们担心语言或者生态系统还没有做好生产准备,或者他们可能找不到工作。值得放心的是,从小商店到世界上最大的公司,锈已经用于生产,为数十亿人提供服务
2022年5月26日 22:13Sylvain Kerkour
Hello everyone, Yesterday I had the opportunity to exchange with students from the Simplon school. We talked about programming, infosec, entrepreneurship, and async work. Here are some links we shared during the meeting and some additional to deepen the topics we discussed. Async life The next frontier after remote work
大家好,昨天我有机会和辛普伦学校的学生交流。我们讨论了编程、信息安全、企业家精神和异步工作。以下是我们在会议期间分享的一些链接,以及一些可以深化我们讨论的主题的附加链接。异步生活: 远程工作之后的下一个前沿
2022年5月26日 22:13Sylvain Kerkour
Think twice. Worker pools are not a great fit for Rust due to its ownership model. Instead, embrace functional programming and immutable data. Rust provides simpler to use and more elegant tools: parallel Iterators and Streams. Update: Someone (rightfully) pointed out that I didn't really define what my definition of
三思而行。由于其所有权模式,工人池不是一个很适合锈病。相反,应该接受函数式编程和不可变数据。Rust 提供了更简单、更优雅的工具: 并行迭代器和流。更新: 有人(正确地)指出我没有真正定义我的定义
2022年5月26日 22:13Sylvain Kerkour
Initially planned for July 2021, the book is a little bit off schedule. I could invoke many pretexts such as: 100% of tech projects are off schedule, COVID-19, English is not my native language, or that the weather is terrible (??)... But I won't. The principal reason is simple: I
最初计划在2021年7月出版,但是这本书的出版时间有点落后。我可以找到很多借口,比如: 100% 的科技项目没有按计划进行,2019冠状病毒疾病,英语不是我的母语,或者天气很糟糕但我不会的。主要原因很简单:
2022年5月26日 22:13Sylvain Kerkour
Rust takes a loooot of time to compile, even with incremental compilation. It's not rare that a small change leads to 2 or 3 minutes of compilation to test the change, which frustrates a lot of new rustaceans. It's a deliberate choice made by the language designers to favor runtime
锈病需要大量的时间来编译,即使是增量编译。很多情况下,一个小小的改变就会导致2到3分钟的编译时间来测试这个改变,这会让很多新的开发者感到沮丧。语言设计者有意地选择支持运行时
2022年5月26日 22:13Sylvain Kerkour
Initially used for simple metadata, HTTP headers now play an important role in the vast field that web security is. Setting up HTTP security headers is the quickest, less expensive, and probably the most effective way to secure a web application today. Here is how. But first, you may be
HTTP 头最初用于简单的元数据,现在在 web 安全这个庞大的领域中发挥着重要作用。设置 HTTP 安全头文件是目前保护 web 应用程序最快、成本更低、可能也是最有效的方法。以下是如何做到这一点。但首先,你可能是
2022年5月26日 22:13Sylvain Kerkour
Due to its unrivaled reliability and performance, Rust is more and more appreciated by companies for web development. And when we talk about web development, Heroku is never far away. So here is the easiest way to deploy a Rust app on Heroku (whether it be a worker or a
由于其无与伦比的可靠性和性能,锈是越来越多的赞赏公司的网络开发。当我们谈到 web 开发时,Heroku 从未离我们远去。因此,这是在 Heroku 上部署 Rust 应用程序的最简单方法(无论是一个 worker 还是一个
2022年5月26日 22:12Sylvain Kerkour
There is this growing sentiment in tech that stacking more and more layers of complexity to reach the sacrosanct "infinite scalability" is not the way forward. First, because it rarely materializes: you need a lot of other things than fancy tech to reach millions of people. Second, because the tradeoffs
科技界越来越多的人认为,为了达到神圣不可侵犯的“无限可扩展性”而将越来越多的复杂层叠起来,并不是前进的方向。首先,因为它很少实现: 你需要很多其他的东西,而不是花哨的技术,以达到数以百万计的人。第二,因为权衡
2022年5月26日 22:12Sylvain Kerkour
Earlier this week, while searching on google for "use after free", a kind of memory vulnerability, I had a surprise: the links on the result page stopped working and this strange message appeared. WTF?? After some (more) googling, I learned that Google is running a kind of secret hiring program
本周早些时候,当我在谷歌上搜索“免费后再使用”(一种内存漏洞)时,我有一个惊喜: 搜索结果页面上的链接停止工作,这条奇怪的消息出现了。卧槽?经过一些(更多)的谷歌搜索,我了解到谷歌正在运行一种秘密的招聘程序