by The reason why this post seems so long is because over 17 people write this content for our viewers. so enjoy
Here is a record of the technology content worth sharing every week, released on Friday.
this magazineopen source,welcomepost.Weekly otherwise“Who’s Hiring”Service, publish programmer recruitment information.cooperative promotion pleaseemail contact(yifeng.ruan@gmail.com).
cover picture
Pictured above are the winners of the 2022 World Travel Photographer of the Year competition. Najin is one of the only two remaining white rhinos in central Africa. He is 33 years old. In order to protect him from being killed by poachers, the Kenyan government specially arranged guards for him. They were inseparable and rested together on the African savannah at noon. (via)
Topic of the week: An embarrassing server hack
In the early morning of this Monday (February 13), my personal website server was hacked.
Since the intruder didn’t trigger the alarm mechanism, I didn’t notice either. When I woke up, I saw a lot of emails from netizens, asking me to check the website quickly. When I visit any webpage, I will be redirected to the external website of xxx, which is extremely embarrassing.
I checked the server and found that it was indeed the case. the situation is seriousThe other party got the write permission of the web directorydeleted all my HTML pages from the original content, and wrote his jump codewindow.onload="..."。
However, the database was not damaged, and there was no SSH abnormal login alarm, so I judged that the other party did not have the login authority of the server, but just took advantage of the loophole of the Web service.
My first feeling was not panic, nor anger, but helplessness. The long-awaited thing finally happened.
Many friends know that my personal website has not been modified in style for at least 10 years. It’s not that I don’t want to change it, but that I can’t change it, or that it is very troublesome to change it.
The reason is that my background software uses the famous early blogging software MovableType, which has a longer history than WordPress. The latter is already an antique, and you can tell how old it is. Of course, this shows that I am also old. When I chose it, I was still a student.
MovableType has stopped developing a long time ago and was transferred to a Japanese company. All users have to pay a fee to receive code patches. I didn’t pay the fee, so the background of my personal website has been aging for a long time.
Software aging itself is not a big problem, as long as it still works properly and you don’t need new features, then you can get along without incident. The real problem is that its dependencies are all out of date.
The underlying systems and components it relies on are seriously outdated. I’ve tried migrating it to a newer system and got various errors and had to keep running it on a very old system.
I always knew that the old system was not safe, but I didn’t dare to upgrade. The feared thing finally broke out.
In the past two years, I have been attacked once. At that time, as a fluke, I only did some server reinforcement, but I still haven’t upgraded it until now.
When I was attacked this time, I wanted to do the same. The website has regular snapshots. After being hacked, I rolled back to the latest snapshot, changed some server settings, and brought the website back online at noon on Monday. I thought it would be best to get away with it this time.
However, the other party has probably been staring at me online, and within an hour of going online, I was hacked again in exactly the same way.
At this time, I knew something was wrong, so I had to take the website offline again. Fortunately, when I was attacked last time, I made a temporary announcement page, and it still works this time, just point the domain name to it.
For a whole day after that, I was helpless and prepared for the worst, and my personal website might be offline for a long time. During this time, content can only be published via temporary pages.
On Tuesday afternoon, the more I thought about it, the more breathless I became, and I finally decided not to give up. I gritted my teeth and decided to upgrade the server, using a dead horse as a living horse doctor.
I upgraded the underlying system and dependent components to the latest version in one go, and it took more than an hour to install it. This time it was amazing, the website ran normally without any strange errors. Surprisingly, I brought the website back online, and so far everything is normal.
To be honest, I’m not sure the bug has been fixed yet. If the server is hacked again next time, I will have nothing to do. I can only take the website offline for a long time, and then speed up what I originally planned to do this year: rewrite the blog structure by myself and change it to a completely static website.
There are many lessons learned this time. If you want to start an independent blog, I have two suggestions.
(1) Don’t manage the server yourself. Server management is a very tedious and specialized job, and it is difficult to do well without a professional operation and maintenance engineer. Taking a step back, even if you have the expertise in this area, it’s not worth investing a lot of time and effort into your own blog server. The online world is a dark forest. There are people sniping at you everywhere. It is impossible to guard against it. The solution is the next one.
(2) Use a professional cloud service provider. Most cloud server providers now have static website hosting services, and hosting static web pages with them saves time and worry. If you need the backend to dynamically generate content, use cloud functions (called FaaS) to use the edge computing provided by the service provider instead of the CPU computing power that comes with your host.
Technology dynamics
1、Flight Simulator of an Old Airplane
Microsoft has a well-known game “Microsoft Flight Simulator”, in which players can simulate the manipulation of various aircraft and fly in real scenes around the world with very realistic effects.
The game production team has recently focused on the old aircraft in the museum, including the famous Hughes H-4 Hercules giant water transport aircraft.
It’s the biggest plane ever built, about the size of a football field. It flew only once in 1947, briefly out of the water for tens of seconds, and then placed in the warehouse until it was scrapped and moved to the museum.
Microsoft has moved this aircraft into the game, and players can now simulate driving it and experience the driving experience of this legendary aircraft. The picture below is the game screen.
The production team plans to move more old planes into the game in the next step, and “resurrect” those planes that can no longer go to the sky. Currently, about 300 old aircraft have been scanned.
2、Disney’s Age Adjustment Algorithm
Disney has released a movie-specific age-adjustment algorithm that makes actors younger or older.
This algorithm allows older actors to play younger people and vice versa.
Now viewers must understand that everything you see may be fake. The appearance can be beautiful, the age can be added or subtracted, the background can be green screened, nothing is impossible.
Children’s playgrounds are usually some traditional facilities, such as slides, swings, parallel bars, seesaws and so on.
A New Zealand architect believes that these facilities are not fun, and that mimicking the natural environment is a better choice.
He designed a children’s playground that resembles a wild environment.
The amusement facilities are all built on boulders, but they are not as dangerous as they seem. The boulders are fixed by steel rods, and the ground is made of elastic rubber floor, which will not hurt you.
In the month since it opened, the kids have enjoyed it and no one has been hurt.
Traditional bandages cannot know the healing status of the wound. Sometimes when the bandage is untied, it is found that the medicine is ineffective and the wound is still festering.
To solve this problem, an international research team has developed a smart bandage.
The smart bandage uses an ultra-thin, bendable circuit board that automatically detects how well a wound is healing and releases antibiotics or other medications based on bacterial growth.
It has a wireless module to transmit data. For thinness, it does not have a battery and receives energy through an antenna.
article
1、The difference between Next, Nuxt and Nest(English)
Next.js, Nuxt, NestJS are three popular JS frameworks, this article explains their differences.
2、Why the industry is turning to memory-safe languages(English)
This article describes the use of memory-safe languages (Java, Rust, and Kotlin) by large companies as an alternative to C/C++.
3、How to generate aerial images using 360 camera?(English)
The author introduces how to use the OpenDroneMap software to model the video captured by the 360 camera and synthesize it into a spatial image model from the perspective of aerial photography.
4、Create my home office environment(English)
The author introduces in detail how he arranges a comfortable computer working environment at home.
5、How do I make a living with SerenityOS(English)
The author is the author of the open source software SerenityOS. Starting in 2021, he will devote himself to open source development full-time. He describes how he makes a living.
6、My Personal IT Infrastructure(English)
Stephen Wolfram, the founder of Mathematica software, introduced his home IT infrastructure. He works at home all year round.
He also built a “walking desk” (above) that he can use on his laptop while walking.
7、How Playwright Bypass Login Captcha(English)
Playwright is a headless browser framework for scripting and automated testing of website UIs. The login of some websites requires a one-time verification code of the authenticator, how to bypass it?
8、Understanding the Network Stack Using the Ruby Language(English)
This article uses examples from the Ruby language to explain basic networking concepts. The first part explains the UDP protocol and is well written.
tool
1、Convex
A state management service similar to Firebase, the front-end state can be stored on its server, and then all your clients can get real-time status updates.
2、Customized avatar for the Year of the Rabbit
Upload a photo and synthesize a head portrait of the Year of the Rabbit, with multiple styles to choose from, codeopen source。(@xiaoli1999 post)
An ElasticSearch desktop client for monitoring ES status and operations. ( @lin2415016 post)
4、RATH
Open source data analysis and data visualization tools, only need to import data, it automatically analyzes the data, finds out the rules, and generates a visual view. (@AntoineYANG post)
A web application that demonstrates various media streaming functions based on WebRTC, codeopen source。(@iamtsm post)
6、EasyNode
Simple personal Linux server management panel (based on Node.js), both front and back end are open source. (@chaos-zhu post)
VS Code plugin to automatically generate Git commit instructions using the GPT model. (@pwwang post)
A most simplified task management Web App, very simple and elegant.
An open source MacOS application that can fine-tune various display parameters of Apple computers.
10、berty
A group chat application, the biggest feature is that it does not need the Internet and communicates through Bluetooth low energy consumption, which is very suitable for live broadcasting in a small area.
resource
1、Mastering Bitcoin(second edition)
Free English-language e-book explaining the principles of cryptocurrency.
Web-based satellite orbit visualization project, you can view different categories of satellites, codeopen source。(@jiangteng2019 post)
This website provides free icons, currently there are more than 1900 icons, all icons are in a unified style, simple and beautiful.
An illustrated introduction to assembly language in English, aimed at beginners with zero foundation, can be read in half an hour, with code examples for further learning.
A small game launched by Google. The system tells you a word (such as bicycle, glasses, ship…) and asks you to draw it on a web page. Artificial intelligence will guess what you are drawing, as long as it guesses correctly, it means that your drawing is very similar.
picture
In the 1930s, Guatemala discovered huge heads buried in the ground, all of which were 2 to 3 meters high.
Archaeologists believe they were made by the ancient Olmecs, some 3,000 to 5,000 years ago.
After decades of excavation, a total of 17 head portraits have been discovered, and they are all displayed in themuseum。
abstract
1、The History of Apple’s Acquisition of NeXT
Twenty-five years ago on December 20, 1996, I worked as a systems engineer at NeXT Corporation. The company was founded by Jobs in 1985, and I was one of only three employees in Canada.
None of us had cell phones at the time, and most of the company’s messages to us went through a voicemail system called Audix. When we receive messages, dial 1-800-345-5588 and listen to company messages in voicemail.
That day, out of the blue, we received an urgent message that all employees had to call this number at 2pm to announce a major event. I was out on the street and had to look around for a reliable landline and finally found a museum pay phone.
By 2pm, we were told that NeXT had been bought by Apple for $400 million. (In hindsight, the correct statement would have been that Apple paid NeXT $400 million to acquire itself. A few years later, about 70 percent of Apple’s VPs were at NeXT.)
I was shocked, I didn’t expect this to happen.
At the time, NeXT was actually having a hard time. Founder Jobs seems to spend all his time at his other company, Pixar. While NeXT still makes some money, it’s mostly from selling WebObjects (a Java application server). Jobs must have been frustrated that the revolutionary new workstations and operating systems he had proclaimed weren’t coming to fruition, and that he was now living on enterprise server software that he sold for $50,000.
Apple also appears to be in a death spiral and is very close to running out of money.
Of most interest to Apple is NeXT’s NeXTSTEP operating system, which originally shipped with NeXT workstations but has been ported to Intel CPUs. To be honest, those of us at NeXT don’t really use the system that much.
It wasn’t clear to anyone at NeXT whether the merger would work, but it turned out well. The merger happened at an all-time low for Apple, and once Jobs returned as Apple CEO, an incredible technological and business shift began to take place.
NeXT’s software and hardware became the foundation of everything Apple made. The NeXTSTEP operating system replaced Mac OS and became the basis of Mac OS X; NeXT’s Project Builder and Interface Builder became Xcode; and NeXT’s love of the Objective-C language eventually created Swift.
At the time of the merger, NeXT had about 400 employees, while Apple had only a few thousand. Today, Apple has 160,000 employees. I wonder how many NeXT workers are still at Apple. I know a dozen, and there may be more. Will it reach 100?
remarks
1、
I’m a React user, and what annoys me the most is that the React team doesn’t seem to have a clue about the real problems developers face, just focusing on less important things.
They designed a lot of new practices (such as event handling, data acquisition, etc.), which can indeed load web pages faster. But asking developers to focus on these things, for advanced use, is just plain wrong.
2、
The role of a leader is not to exercise power but to distribute it.
Effective leaders save themselves time and amplify their influence by setting direction, identifying people (finding people with the right skills and background), empowering others, and ensuring that decisions are carried out.
— “My Entrepreneurship Proverbs”
3、
In the minds of programmers, they think of themselves as architects. When they come to a new place, the first thing they want to do is bulldoze the place and build something grand.
Programmers aren’t interested in incremental renovations: tinkering, improving, putting greenery in the flower beds…they don’t want to do that, they always want to throw out the old code and start over, not because they think the old Code is a mess, but it’s a fundamental law of programming: reading code is harder than writing it.
4、
When developing the Chrome browser, we once discussed how many times a web page should be allowed to redirect. Someone proposed to set it to 10 times. If this number is exceeded, Chrome will give up loading the webpage. Then another person said no, it had to be set to 30 or the New York Times website would stop working. Therefore, Chrome’s redirect limit is 30 times.
— “My 10 Years on the Chrome Team”
5、
There was a time when it was possible to be a full-stack developer with good familiarity with every layer of a moderately complex system.
However, today’s systems involve so many components that it is impractical to keep track of every component of every stack. As one developer put it: “Programmers now have to act as some kind of giant manual management layer across hundreds of APIs.”
this week in history
Have you ever done a project where you didn’t care about the outcome?(2022 No.195)
If everyone does not go out, what will happen to the economy?(2021 No.145)
There will be more and more roaming games(2020 No.93)
a fun paper(2019 No.43)
thank you
Weekly received a new generation of domestic knowledge management and collaboration platform FlowUs Thanks a lot for your help.
FlowUS = document + form + network disk. You can use it to write documents, make a home page, manage data, store files, and more.
Each issue of the magazine is simultaneously published in the FlowUs columnWelcome everyone to open your own column and homepage.
(over)
document information
- Copyright statement: free reprint – non-commercial – non-derivative – keep the signature (Creative Commons 3.0 License)
- Date published: February 17, 2023
