HTTPS handshake process

TLS and SSL What is SSL SSL stands for Secure Socket Layer, in short, it is the standard technology for keeping Internet connections secure, protecting any sensitive data sent between two systems and preventing criminals from reading and modifying any transmitted information, including potentially personal details. The two systems can be a server and a client (for example, a shopping site and browser) or server to server (for example, an application with personally identifiable information or payroll information).

Go Modular Programming

The Go language added support for modular programming and a built-in module-based dependency management tool in version 1.11, released in August 2018. modules in the Go language are collections of packages in a file tree, where the go.mod file contained in the module root directory defines the module’s import path, the Go language version, and other dependency requirements for the module. Each module’s dependency requirements are listed as a separate module path and the corresponding module version is specified, and only modules that meet all dependency requirements can be successfully built.

Exceptions & Interrupts in Computer Systems

Interrupts and exceptions can be summarized as an event handling mechanism. A signal is issued by an interrupt or exception, and then the operating system interrupts the current operation and finds the corresponding handler to handle the interrupt or exception according to the signal, and then returns to the original program for further execution according to the result. For exceptions and interrupts different books seem to have different definitions, but in fact speak of the same thing, I use here “intel architectures software developer’s manual” the book inside the definition.

Manually configure IPsec VPN using ip xfrm

WireGuard is a VPN module implemented in the Linux kernel. Thanks to the kernel implementation, it eliminates the need to copy data between the kernel and user states compared to OpenVPN, which is based on tun devices, so performance is naturally much better. However, I know from the WireGuard technical white paper that WireGuard’s performance is only slightly better than IPsec. This made me wonder if the core functionality of IPsec is also implemented in the kernel state.

Git 2.38 was released, introducing a "Scalar" tool for managing giant repositories

Git 2.38 has been officially released. The most notable change in this release is the introduction of Scalar, a repository management tool created by Microsoft to handle giant Git repositories. Introducing Scalar, the giant Git repository management tool NET Core application written in C# (later rewritten in C) and supported on Windows and macOS platforms only . Scalar maximizes the performance of Git commands by setting recommended configuration values and running background maintenance.

Linux 6.0 is officially released!

Linus Torvalds has released a stable version of Linux 6.0, and with 6.0 stable, the Linux 6.1 merge window has opened. According to Linus’ release email, version 6.0 has a total of 15k non-merge commits, one of the larger commit counts. diffstat is dominated by drm (mainly supported by the new AMD chips) and network drivers. Linux 6.0 has many new features, from new hardware support to software innovations. Linus also teased in the 6.

Survey Report Suggests WebAssembly May Be Overhyped

The HTTP Archive has released a 2022 annual State of the Web report, Web Almanac, which combines raw statistics and trends from the HTTP Archive with the expertise of the Web community; it contains 22 chapters covering all aspects of page content, user experience, publishing and distribution. HTTP Archive is a community-run project that has been studying how the Web is built since 2010; using WebPageTest and Lighthouse, metadata from approximately 8.

Create a minimal Docker image

If you’re familiar with docker, you probably know that docker image storage uses Union FS’s tiered storage technology. When you build a docker image, it is built one layer at a time, with the previous layer serving as the foundation for the next layer, and each layer is not changed after it is built. Because of this, when building a docker image, we have to be especially careful to include only what is needed in each layer, and to remove as much extra stuff as possible at the end of the build.

Configuring IPsec IKEv2 VPN based on strongSwan

IPsec is a standard VPN technology that is supported by all major systems and does not require a separate client installation. However, IPsec has a lot of concepts and is very complicated to configure. After a lot of tossing and turning, I finally figured out an easy configuration method based on strongSwan, which supports iOS and macOS dial-in. The server is ubuntu 22.04, first install strongSwan related components. 1 sudo aptitude install strongswan strongswan-swanctl The command to start the strongSwan service is as follows.

Docker Basics

Docker is a groundbreaking product that has unleashed the power of computer virtualization and greatly improved the efficiency of application deployment, testing, and distribution. Although we use docker almost every day, there are still some easy to ignore docker knowledge points, today, we will focus on it. Containers vs. traditional virtual machines It is often said that “docker is a very good performance virtual machine”, this statement is wrong. docker is lighter than the traditional virtual machine technology, in that docker does not virtualize a set of hardware on the host and run a complete operating system, and then run the required application processes on it.

Go Reflection

Many languages support reflection, and the Go language is no exception. So what is reflection? In a nutshell, reflection is the ability of a computer programming language to dynamically access, inspect, and modify the state and behavior of any object itself at runtime. Reflection features work differently in different languages, and some languages do not support reflection features. Today we’ll focus on how reflection works in Go. We recommend you read the official Go blog on Reflection: The Laws of Reflection

Go Template Rendering

With the prevalence of Restful architecture in recent years, front-end and back-end separation has become popular, and template rendering has been shifted from the back-end to the front-end, where the back-end only needs to provide resource data, resulting in traditional server-side template scripting languages like JSP and PHP being almost unused. However, in Go, template rendering is not limited to server-side markup languages (e.g. HTML), but GO often uses templating languages to handle, for example, text transformations that insert specific data.

The official Golang dependency injection tool Wire Usage Guidelines

1. Preface I’ve been working with Golang for a while and found that Golang also needs a dependency injection framework similar to Spring in Java. If the project is small, having a dependency injection framework or not is not a big deal. But when the project gets bigger, it is necessary to have a proper dependency injection framework. Through research, we learned that the main dependency injection tools used in

EU Launches Open Web Search Project, Hopes to Replace Google

Fourteen research and computing centers in seven EU countries have collaborated to launch the OpenWebSearch project to build an open infrastructure for Web search in the EU. The European Commission has now approved €8.5 million in funding for the project. The project will promote the development of digital sovereignty in Europe and foster the creation of a people-centric and open search engine marketplace. openWebSearch’s homepage states that although Web search is the backbone of the EU’s digital economy, it is currently dominated by large technology companies.

A new generation of JavaScript sandboxes that are more powerful than eval and iframe!

Today we look at a new JavaScript proposal into statge3: the ShadowRealm API. JavaScript runtime environment realm, a rather abstract word, actually represents a JavaScript independent runtime environment with independent variable scopes. For example, the following code. 1 2 3 4 5 6 7 8 9 10 <body> <iframe> </iframe> <script> const win = frames[0].window; console.assert(win.globalThis !== globalThis); // true console.assert(win.Array !== Array); // true </script> </body> Each iframe has a separate runtime environment, the global object of document is different from the global object of iframe, and similarly, the Array on the global object must be different as well.

Java19 Official GA! See how virtual threads can dramatically increase system throughput

Java19 was released yesterday, bringing a new feature that Java developers have been waiting for - virtual threads. Before Java had this new feature, Golang’s Goroutine had been popular for a long time, and it was a big hit in the field of concurrent programming. With the rapid development and promotion of Golang, it seems that coroutine has become one of the necessary features of the best languages in the world.

Using viper to merge yaml configuration files

As a small company, our infrastructure is not complete enough, the project manager informed us in the mid-autumn festival that our system will be on the second-to-last stage environment and production environment in the near future, so from the consideration of the deployment efficiency of the operation and maintenance staff, we urgently developed a one-click installation script generation tool, so that the operation and maintenance staff can use the tool combined with the actual target environment to generate a one-click installation script, the principle of this tool is very simple, as shown in the following diagram.

IP Forwarding Security Issues in K8S

On any of the K8S nodes, you can see a routing table similar to the following. 1 2 3 4 5 6 > ip route show default via 192.168.0.1 dev ens18 proto static ... 10.42.1.0/24 via 10.42.1.0 dev flannel.1 onlink 10.42.2.0/24 via 10.42.2.0 dev flannel.1 onlink ... The 10.42.1.0/24 and 10.42.2.0/24 subnets in this table happen to be part of the K8S Overlay network. And this routing table gives you a clue that you can access the Pod from any node via Cluster IP.

Why does c++ need std::function, even though it already has function pointers

In C/C++ you can use a pointer to a piece of code, which is called a function pointer, suppose there is a piece of code like this. 1 2 3 4 5 6 7 8 9 10 #include <stdio.h> int func(int a) { return a + 1; } void main() { int (*f)(int) = func; printf("%p\n", f); } We define a function func, then use the pointer variable f to point to the function, then print out the address pointed to by the variable f.

Golang Context

Starting with Go 1.7, the context package was officially introduced into the official standard library. In fact, we often encounter “context” in Go programming, both in general server code and in complex concurrent programs. Today, we’re going to dive into its implementation and best practices. The official documentation explains the context package as follows. Package context defines the Context type, which carries deadlines, cancelation signals, and other request-scoped values across API boundaries and between processes.