This is a creation in
Article, where the information may have evolved or changed.
Go 1.4beta1 just released, in Go 1.4beta1, go language stack processing way from the previous "segmented stacks" changed to "continuous stacks". On the Go language of stack processing mechanism, development history, existing problems, cloudflare an official blog has been systematically elaborated, here the content is translated from the
The current version of OPENSSL-1.0.2J does not support Google's CHACHA20 encryption algorithm. The CHACHA20 encryption algorithm is relatively safe relative to RC4, and is optimized for ARM's mobile phone, making it faster and more power-saving.However, the latest Intel processors and ARM V8 processors are optimized for AES-GCM encryption algorithms through the AES-NI instruction set, which is much faster than chacha20, so the Aes-ni encryption algorithm is preferred on devices that support AES-
vulnerable memcached servers as.
Dangerous amplification attacks
The first memcached DDoS attack was detected in, when the Code hosting website GitHub was hit by the largest DDoS attack ever, reaching the peak of tbps.
Memcached is a free and open-source high-performance distributed memory cache system designed to accelerate the running of Dynamic Web applications by reducing the database load.
The client communicates with the memcached server through TCP or UDP on port 11211.
To abuse the me
take Time.now () subtract the time difference has been unexpectedly negative, resulting in CloudFlare CDN service interruption, see https://blog.cloudflare.com/ how-and-why-the-leap-second-affected-cloudflare-dns/, go1.9 modifies the implementation of Time.time without affecting existing application code. The time.time of go1.9 is defined as
A time represents an instant on time with nanosecond precision.//
LimeLight because they seem more trustworthy. However, the recent CloudFlare activity on HackerNews and their umbrella features seem to be an attempt to explore. So I learned about and tested CloudFlare.
It is a good thing to have a lot of demands, but if the web page cannot be opened all the time, it will be the same as the cache gets evicted. If it is the first time a webpage is clicked after it is inact
development package so PHP can connect to the Redis server, where we recommend Predis. Join the WordPress root directory and perform the following[Email protected] src]# wget http://uploads.staticjw.com/ji/jim/predis.php[[email protected] src]# chown PHP-FPM: PHP-FPM predis.phpFront-End cached PHP script, added to the WordPress root directory, perform the following[Email protected] src]# wget https://gist.githubusercontent.com/JimWestergren/3053250/raw/D9e279e31cbee4a1520f59108a4418ae396b2dde/i
of IANA.
You can run the following command to view all the CipherSuite supported by the OpenSSL Library:
openssl ciphers -V | column -t0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHAu=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD... ...
0xCC, 0x14 is the number of CipherSuite, which is used in SSL handshake. ECDHE-ECDSA-CHACHA20-POLY1305 is its name, after several parts are expressed: For TLSv1.2, using ECDH for key exchange, using ECDSA for authentication, using ChaCha20-Poly1305 for
CloudFlare the oldest and most common attack against non-DDoS attacks by protecting millions of websites. In traditional DDoS attacks, attackers control a large number of puppet machines and then send a large number of requests to the target server to prevent legitimate users from accessing the site.However, DDoS attacks have been evolving in recent years: attackers tricked users into attacking activities in a new and interesting way. Last year
1.1. Introducengx_lua– embeds the Lua language into Nginx, enabling it to support LUA to quickly develop business logic based on NginxThe module is not in the Nginx source package, it needs to download and compile the installation itself. Use LUA 5.1 (currently does not support LUA 5.2) or Luajit 2.0.After adding LUA support, the development of complex modules, the cycle is fast, still 100% asynchronous non-blocking.
Ngx_lua which people are using:Taobao, Tencent Finance, NetEase Finance, 360,
. Cucumbertown is a food channel in Nigeria and a quality blogger in Thailand, which makes it popular in different regions. But as you can see, the pages in these countries are a little bit abnormally low.
Cucumbertown is an asset-heavy web site, and although we postponed all the action on Requiejs and then actively loaded JavaScript on demand, we made a lot of effort to load the underlying script.
We have confirmed that Cucumbertown's loading time in the United States is 2.5 seconds, compared
/etc/php. ini[Root @ localhost ~] # Service php-fpm restart
Make wordpress support redisYou need a client Development Kit so that PHP can connect to the redis server. Here we recommend that you add predis to the WordPress root directory and execute the following[Root @ localhost src] # wget http://uploads.staticjw.com/ji/jim/predis.php[Root @ localhost src] # chown php-fpm: php-fpm predis. php
Add the PHP script cached on the front end to the WordPress root directory and execute the following:
[
vulnerability may exist, but it does not seem to use IIS. '; Case self: PATCHED: return';. $ host. '; fixed. '; Case self: NOT_VULN: return'; the patch status cannot be identified ';. $ host.';. IIS is not used and the vulnerability may not exist. '; Case self: NOT_VULN_MS: return'; the patch status cannot be identified ';. $ host.';. The vulnerability may not exist. '; Case self: NOT_VULN_CF: return';. $ host. '; CloudFlare CDN acceleration may be u
, that is, from the sub-certificate to the root certificate. Then, I obtained the corresponding SPKI credential for my key. There are many methods to implement this step. Through the openssl command, I obtained the corresponding credential from the certificate currently in use:
root@burly:/etc/ssl# openssl x509 -in cloudflare-diogomonica.com.crt -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | base64 bDk6Wbfj83EpcaKgT5
=ECDSA Enc=ChaCha20-Poly1305Mac=AEAD
......
0xCC,0x14Is the number of the CipherSuite, which is used in the SSL handshake.ECDHE-ECDSA-CHACHA20-POLY1305Is its name, after several parts are expressed: For TLSv1.2, using ECDH for key exchange, using ECDSA for authentication, using ChaCha20-Poly1305 for symmetric encryption, because the ChaCha20-Poly1305 is a AEAD mode, MAC algorithms are not required, so the MAC column is displayed as AEAD.
To learn more about CipherSuite, read the long article "
Today, I found that the host could not be accessed. I thought there was something wrong with burst. I wrote an email asking why. I accidentally saw an email written by burst in my inbox, the title is that the traffic usage exceeds the standard. I can only use surprise to describe this email, because the traffic of the purchased VPs is 1000 GB/month. How can this problem be solved? What surprised me more, I used veportal to check that the traffic usage was 23424.44 GB. I relied on it for more tha
Talking about JavaScript-based DDOS attacks and javascriptddos
CloudFlare protects millions of websites and summarizes the oldest and most common non-DDoS attacks. In traditional DDoS attacks, attackers can control a large number of bots and then send a large number of requests to the target server to prevent legal users from accessing the website.
However, in recent years, DDoS attack technologies have been constantly updated: attackers use a new an
() // 11:59:59.995event()end := time.Now() // 11:59:59.005 // (really 11:59:60.005)elapsed := end.Sub(start) // -990 ms
Because of this problem, OSes implement a monotonic clock.
October, a bug report requested the addition of a new API to access monotonic clocks.
Russ didn ' t think that it is worth adding new API at the time.
We waited. Waiting was a good the understand the significance of the problem.
Cloudflare had a significant o
This is an article by Cloudflare Filippo Valsorda, published in Gopher Academy in 2016, although it has been in the past two years, but it still has meaning.
Previously crypto/tls too slow and net/http very young, so for Go Web server, it is usually wise of us to put it behind the reverse proxy, such as Nginx, and now do not need.
In CloudFlare we recently experimented with direct burst of pure go service a
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.