While CRIME was mitigated by disabling TLS/SPDY compression (and by modifying gzip to allow for explicit separation of compression contexts in SPDY), BREACH attacks HTTP responses. It is important to note that the attack is agnostic to the version of TLS/SSL, and does not require TLS-layer compression. Additionally, the attack works against any cipher suite.
不過仔細看了一下,他的條件是 HTTP body 裡要有 secret 和 user generated data,所以一般沒滿足條件的 JSON 的確沒事。
Experimental Reactive Relational Database Connectivity Driver, R2DBC, Announced at SpringOne1
The end goal is try to influence the Asynchronous Database Access (ADBA) specification.
其實 json 壓縮後小的可憐,隨便一張 50kb 的 jpeg 都大的多,而且現在都是用 http/2 了,一堆小的 request 根本沒什麼。以這些優點來推 graphQL 不太夠
钱都去哪儿了?
拿的到錢時都不會問錢是哪來的,只覺得自己很厲害,站上了風口
新興國家都會有一次機會錢淹腳目,熱錢一直進,做什麼賠本生意都有人投。熱潮退了就會打回原型,中美貿易戰只是催化劑讓這事提早發生而已。
flare 這工具很殺
desktop 和 web 平台都開工了.
flutter 會不會實現當初 java write once run everywhere 的終極目標咧
也許都用 gRPC 這類 framework 自帶的?或被 protocol library 自動作掉?
上回 Josh 來 demo 時有展示 RSocket,不過他是直接用 jackson 的 object mapper 來做,預設情況應該就會中了 cve-2017-49951