BytePower 技术周刊 - 023
📘 封面
NASA 计划发射金星探测器(DAVINCI),用于探测金星大气层,暂定于 2029 年 6 月发射,2031 年 6 月进入金星大气层。
📖 文章
The Twelve-Factor App ☞ (中文)
如今,软件通常会作为一种服务来交付,它们被称为网络应用程序,或软件即服务(SaaS)。12-Factor 为构建如下的 SaaS 应用提供了方法论:
- 使用标准化流程自动配置,从而使新的开发者花费最少的学习成本加入这个项目。
- 和操作系统之间尽可能的划清界限,在各个系统中提供最大的可移植性。
- 适合部署在现代的云计算平台,从而在服务器和系统管理方面节省资源。
- 将开发环境和生产环境的差异降至最低,并使用持续交付实施敏捷开发。
- 可以在工具、架构和开发流程不发生明显变化的前提下实现扩展。
这套理论适用于任意语言和后端服务(数据库、消息队列、缓存等)开发的应用程序。
月活 12.8 亿的微信如何防止崩溃?| 后台过载保护策略 ☞ (中文)
微信整个负载控制的流程如图所示:
- 当用户从微信发起请求,请求被路由到接入层服务,分配统一的业务和用户优先级,所有到下游的字请求都继承相同的优先级。 根据业务逻辑调用 1 个或多个下游服务,当服务收到请求,首先根据自身服务准入优先级判断请求是接受还是丢弃。服务本身根据负载情况周期性的调整准入优先级。
- 当服务需要再向下游发起请求时,判断本地记录的下游服务准入优先级,如果小于则丢弃,如果没有记录或优先级大于记录则向下游发起请求。
- 下游服务返回上游服务需要的信息,并且在信息中携带自身准入优先级。
- 上游接受到返回后解析信息,并更新本地记录的下游服务准入优先级。
Abigail's regex to test for prime numbers ☞ (英文)
通过一个正则表达式判断一个正数是否为质数:
perl -wle 'print "Prime" if (1 x shift) !~ /^1?$|^(11+?)\1+$/' [number]
(图片由 Regexper 生成)
Inspecting Web Views in macOS ☞(英文)
(图片来自 Jim Nielsen 的博客)
Browser In The Browser (BITB) Attack ☞(英文)
For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an extent that makes URLs unreliable.
All of this eventually lead me to think, is it possible to make the “Check the URL” advice less reliable? After a week of brainstorming I decided that the answer is yes.
一条更新 SQL 语句是如何执行的? ☞(中文)
update user set name='aaa' where id=1;
整个执行过程如下:
- 执行器先通过存储引擎找到 id=1 这一行数据。ID 是主键,引擎直接用树搜索找到这一行。如果 ID=1 这一行所在的数据页本来就在内存中,就直接返回给执行器;否则,需要先从磁盘读入内存,然后再返回。
- 执行器拿到引擎给的行数据,把 name 改成 aaa,再调用存储引擎接口写入这行新数据。
- 存储引擎将这行新数据更新到内存中,同时将这个更新操作记录到 redo log 里面,此时 redo log 处于 prepare 状态。然后告知执行器执行完成了,随时可以提交事务。
- 执行器收到这个通知后记录 binlog,并把 binlog 写入磁盘。
- 执行器调用引擎的提交事务接口,引擎把刚刚写入的 redo log 改成提交 commit 状态,更新完成。
InnoDB 架构
GitHub: Python Cheatsheet ☞
只是偶尔写一下 Python 的同学,难免有什么基础语法、基础库忘记了,可以来这里查一下。
Python 基础速查
1. Collections: List, Dictionary, Set, Tuple, Range, Enumerate, Iterator, Generator.
2. Types: Type, String, Regular_Exp, Format, Numbers, Combinatorics, Datetime.
3. Syntax: Args, Inline, Import, Decorator, Class, Duck_Types, Enum, Exception.
4. System: Exit, Print, Input, Command_Line_Arguments, Open, Path, OS_Comma`nds.
5. Data: JSON, Pickle, CSV, SQLite, Bytes, Struct, Array, Memory_View, Deque.
6. Advanced: Threading, Operator, Introspection, Metaprograming, Eval, Coroutines.
7. Libraries: Progress_Bar, Plot, Table, Curses, Logging, Scraping, Web, Profile,
NumPy, Image, Audio, Games, Data.
🧰 工具
GitHub: uutils coreutils ☞
uutils aims to work on as many platforms as possible, to be able to use the same utils on Linux, Mac, Windows and other platforms. This ensures, for example, that scripts can be easily transferred between platforms. Rust was chosen not only because it is fast and safe, but is also excellent for writing cross-platform code.
GitHub: Yaade(Yet Another API Development Environment) ☞
Yaade is an open-source, self-hosted, collaborative API development environment.
GitHub: Hidden Bar ☞
如果你的 Mac 菜单栏图标过多,可以试试这个开源的小工具。
🐠 有趣的东西
Biometric Authentication by Grinding Your Teeth ☞ (英文)
一种新的生物认证技术
The ToothSonic paper outlines the many unique characteristics in a user’s dentition, including classes of occlusion (such as overbite), enamel density and resonance, missing aural information from extracted teeth, unique characteristics of porcelain and metal substitutions (among other possible materials), and cusp morphology, among many other possible distinguishing features.
The authors state:
‘[The] toothprint-induced sonic waves are captured via the user’s private teeth-ear channel. Our system thus is resistant to advanced mimic and replay attacks as the user’s private teeth-ear channel secures the sonic waves, which are unlikely uncovered by adversaries.’
Since jaw movement has a limited range of mobility, the authors envisage ten possible manipulations that could be recorded as viable biometric prints, illustrated below as ‘advanced teeth gestures’:
欧莱雅和 EMOTIV 带来的这款设备,要用神经科学告诉你该买哪款香水 ☞ (中文)
选择困难症的福音。