Java 的本质[ZZ]

发信人: nimi (泥股拉不二八雞), 信区: Java
标 题: Java 的本质
发信站: 水木社区 (Thu Jul 24 00:02:37 2014), 站内

==请勿对号入座==

Java 在业界得到广泛应用理所当然,因为再也找不到更好的异化奴役程序员的编程语言。

OO,Frameworks,IOC,你的代码不再是你的,甚至连 main 函数都不是你的。在框架底下你就是一颗螺丝钉,随时等待着被回收。

每天打开公司帮你配好的 IDE,调用指定的库,遵循一堆咒语般的 patterns。默默无闻的螺丝钉,即使是名校毕业,也不再用思考。为什么这里要这么写?这里框架到底做了什么?谁知道呢?就算读完 500 页的文档也找不到答案。管他呢。

久而久之,自己也变成了这个系统里的一员,张口闭口也是各种架构,就连读一个 CSV 文件都要写 10 层对象包起来,并肆意蹂躏着无法理解你为什么要这么做的小弟们。

直到有一天,新的技术来临了,框架不再需要你。拖着疲惫的身躯回到房贷还没还清的家中,打开还是大学时用的旧电脑,却发现,离开了框架和 IDE,你一行代码也跑不起来。

iOS后门笔记

lockdownd的tcp端口62078,文档 libimobiledevice.org,厂家有Cellebrite,AccessData (Mobile Phone Examiner),Elcomsoft

com.apple.pcapd 抓包服务

com.apple.mobile.file_relay 文件传输服务。就不说文件了,SQLite库,Voicemail(AMR格式)等啥都包括了。甚至最后一次键盘拼写自动修正是什么单词!一开始是iTunes用来传输用的。

其他自动启动服务:

com.apple.iosdiagnostics.relay 统计app数据上网流量

com.apple.mobile.installation_proxy 企业证书安装app的

com.apple.syslog_relay 用来NSLog()的

iOS 7做了一个重要的安全改进:不能连接到localhost或者本地IP了。比如localhost:62078

如何在Info.plist指定后台运行的app

<key>SBAppTags</key> 
<array> 
<string>hidden</string> 
</array> 
<key>UIBackgroundModes</key> 
<array> 
<string>voip</string> 
</array> 

来源,作者 @JZdziarski

if you don’t read

"Well sonny boy, if you don’t read, you start eating marijuana. When you eat marijuana, you get hepatitis X. Hepatitis X is like Hepatitis B except 10X stronger. When you get Hepatitis X, your private parts fall off and you start developing a taste for the band Limb Bizkit. Your hairs starts growing frosted tips, your hat turns itself backwards and your shirt will say "obey." If you don’t read, you turn into a douchey dude bro. And nobody likes a douchy dude bro.

有理有据令人信服。。。

via

A rule of thumb is that you have security by obscurity

摘录一些

Jack Voth, Algenol’s information technology chief, stumbled on something odd: a telnet connection to its videoconference camera from an Internet Protocol address in China

Hacking attacks come from many countries, he says, but most are efforts to steal credit-card information. Chinese hackers, by contrast, tend to target trade secrets and unique technology.

Algenol executives did not know that Aliyun was the cloud computing part of Alibaba, and they never tried to make contact.

Alibaba said that two former Algenol employees had signed up for an Alibaba marketing e-mail. Once they left Algenol and the marketing e-mails bounced back, Alibaba said that its own security system checked on the accounts and that Algenol mistook those inquiries as attacks.

Voth, however, is not convinced. He disputed Alibaba’s explanation about the marketing e-mails to employees who left Algenol four years ago, and said that to mistake an Alibaba security response for an attack would mean that there was a flaw with the widely used firewall language called Snort, which is updated constantly.

He said that since Jan. 1, each of 539 IP addresses has attacked Algenol computers 5,000 times or more.

The largest numbers of hacking probes came from the United States, China, Taiwan and Russia, he added. The single IP address that has attacked Algenol the most is a German address; the top Chinese IP address attacking Algenol ranked 10th.

Voth said the fight to protect Algenol’s computer system would be a long one. “A rule of thumb is that you have security by obscurity,” Voth said. “We’d rather have a low profile. But clearly the bad guys have our addresses.”

尼玛这报道真心无敌了。几个想法:

  1. 地球上媒体都一个德行,真jb恶心。

  2. 商标和责任的对外宣传,国内还有非常,特别,很长的路要走。Aliyun对外云服务老外压根就不明白,也懒得联系。

  3. 外行做安全的特点就是:特别傻逼而且特别自信。

via

Haskell, Ruby, Python, Nodejs如何把一个句子的词语倒序

Haskell:

unwords . reverse . words $ sentence

Ruby:

sentence.split.reverse.join ' '

Python:

" ".join(reversed(sentence.split()))

Node.js:

var EventEmitter = require('events').EventEmitter;

var emitter = new EventEmitter();

emitter.on('got sentence', function(sentence) {
    emitter.emit('split sentense', sentence.split(' '));
});
emitter.on('split sentense', function(splitted) {
    emitter.emit('reversed', splitted.reverse());
});
emitter.on('reversed', function(reversed) {
    emitter.emit('joined', reversed.join(' '));
});
emitter.on('joined', function(sentence) {
    console.log(sentence);
    emitter.emit('got sentence', sentence);
});

emitter.emit('got sentence', 'hello world');

Nodejs胜出。谁不服就是不客观。

via

系统IO一些数据

Macmini 下

$ pv /dev/zero > /dev/null [11.6GiB/s]

这个应该是DDR3内存带宽了。

$ pv /dev/zero > 1.dat [ 102MiB/s]

Macmini的硬盘速度还是不错。没有SSD快。

$ yes | pv > /dev/null [20.3MiB/s]

yes这么慢没想到啊。

$ pv /dev/urandom > /dev/null [11.9MiB/s]

过一下CPU速度就减半了。

HUAWEI ec315 

上市时间:2012年 5月 15日 目标人群:多Wi-Fi设备连接上网需求用户 标准配置:无配件 外观设计:直插 产品尺寸:90.6×28.6×12.6 mm 重量: < 50 g
屏幕显示:无屏幕 电池容量: 无电池 网络支持: CDMA2000 1x/EVDO Rev.A,800MHz
基带芯片: Qualcomm MDM6600 应用处理器:无 操作系统: Qualcomm REX 内存: RAM: 64 MByte, Flash内存: 128 MByte 扩展内存:外置存储卡 MicroSD(最大可支持32G) 摄像头: 无摄像头 FM:不支持 蓝牙:不支持 耳机接口:不支持 WAPI/WIFI:802.11b/g/n C+W统一认证功能: 不支持 USB: 2.0 Full Speed JAVA: 不支持 GPS导航: 不支持 基本功能:USB即插即用,快速移动上网;PIN/PUK码管理;Wi-Fi AP 特色功能:免驱动快速上网;Wi-Fi AP 增值业务:无 软件版本: 11.102.53.00.00