AI 资讯
From one blocking accept() to epoll: a C TCP server up the I/O ladder, measured
I connected one client to a blocking TCP server and held the socket open without sending a single byte. Then I connected a second client and sent it a line of text. The second client sat there for 1.51 seconds with no reply. It got its echo back one millisecond after I closed the first connection. That 1.51 seconds is the reason the other six versions of this server exist. Last week I wrote up why I rebuilt this server seven times : framework knowledge resets every few years, the layer underneath it compounds. That piece stayed at the level of outcomes. This one goes the other way, down into the code and the numbers. The claims that matter here are the kind you can read a hundred times without being able to derive them. "select is O(n)." "epoll only hands you the ready fds." I had read both for years. I wanted to make my own machine say them out loud. The target the whole exercise is built around is Dan Kegel's old C10K problem : how do you serve ten thousand clients at once on one server? Each of the seven versions hits a wall, and the wall is what names the next one. The whole thing is one echo server written seven times, no libraries beyond libc, on GitHub . Every number below is from running it on macOS (Apple clang 21, darwin 25.4) on 2026-06-29. The binaries are built with AddressSanitizer and UBSan on, so read the absolute microseconds loosely. The structure is what holds. Phase 01: blocking, and the 1.5 second stall The first server is the one everybody writes first. Accept a connection, talk to it, close it, accept the next. for (;;) { int client_fd = accept ( server_fd , NULL , NULL ); if ( client_fd == - 1 ) { perror ( "accept" ); continue ; } handle_client ( client_fd ); close ( client_fd ); } handle_client loops on read until the client hangs up. Both accept and read block: when there is nothing to do, the thread sleeps in the kernel. That is good for idle cost and fatal for everything else. While the server is parked in read waiting on client A, client
AI 资讯
Reconciling the Distributed System: How the AI Engineer World's Fair Engineered Human Connection
On Sunday night, the sold-out 2026 AI Engineer World's Fair kicked off its orientation at Moscone...
开发者
Developers Urged To Reach Out And Touch Someone
Monday’s final presentation was perhaps the most unusual one of the day in that it focused more on...
AI 资讯
Abandoning Abstractions: Manually Crafting EtherNet/IP Packets Almost Broke Me
By RUGERO Tesla ( @404Saint ). There is a persistent illusion in Industrial Control Systems (ICS) security research: that high-level libraries, abstraction frameworks, or protocol tooling give you a real understanding of Operational Technology (OT) behavior. They don’t. They hide the architecture. Determined to understand what actually happens when a Programmable Logic Controller (PLC) receives a control-plane command, I built an EtherNet/IP and Common Industrial Protocol (CIP) sandbox from scratch. No Scapy. No protocol wrappers. Just raw sockets, a Linux loopback interface, a cpppo simulator, and a passive monitoring tool ( enip_monitor.py ) capturing traffic in real time. It looked clean on paper. Then I reached the application layer. And things stopped behaving like theory. The Reality of the “Industrial Abstraction Layer” If you come from Modbus or traditional IT networking, you’re used to linear memory spaces—fixed registers, predictable offsets, and flat addressing. EtherNet/IP and CIP discard that model entirely. Instead, they introduce a structured object system wrapped inside multiple encapsulation layers: +-----------------------------------------------------------+ | EtherNet/IP Encapsulation Header (24 bytes) | | → Session control, commands (0x0065, 0x006F) | +-----------------------------------------------------------+ | Common Packet Format (CPF) | | → Routing, addressing, and transport segmentation | +-----------------------------------------------------------+ | CIP Application Layer | | → Service codes (0x4C, 0x4D, 0x10, etc.) | +-----------------------------------------------------------+ To communicate with a PLC at the wire level, your code must: Establish a session using RegisterSession (0x0065) Wrap all subsequent requests in SendRRData (0x006F) Encode routing information inside CPF structures Construct symbolic or logical paths for the CIP Message Router Ensure strict byte alignment across nested payload layers A single mistake in any layer b
AI 资讯
Network Fingerprinting: Analyzing Default ICMP Structures and Payload Mimicry
Research Context "In advanced network observability, understanding the default behavior of various operating systems is vital for traffic profiling. This article explores the structural differences in ICMP Echo Requests across different OS environments and analyzes how 'Traffic Mimicry' can be used to evaluate the accuracy of Network Intrusion Detection Systems (NIDS)." 1. The Anatomy of an ICMP Signature A standard ICMP Echo Request is not just a simple signal; it carries a specific "fingerprint" based on the operating system that generated it. These fingerprints consist of: Total Packet Size TTL (Time to Live) values Default Payload Content 2. Cross-Platform Discrepancies (Linux vs. Windows) When a system sends a "ping," the default data size ($D$) and the total packet length ($L$) vary significantly between architectures. Feature Linux (Typical) Windows (Typical) Data Size ($D$) 56 Bytes 32 Bytes ICMP Header ($H$) 8 Bytes 8 Bytes Total ICMP Length ($L$) 64 Bytes 40 Bytes Default Payload Timestamp + Data abcdefg... The Linux Signature In most Linux distributions, the ping utility sends 56 bytes of data. When combined with the 8-byte ICMP header, it totals 64 bytes. A key characteristic of Linux ICMP traffic is that the first few bytes of the payload are often occupied by a high-resolution timestamp, used to calculate RTT (Round Trip Time) with microsecond precision. The Windows Signature Windows systems default to a 32-byte data payload. The payload content is static and follows a predictable alphabetical sequence: abcdefghijklmnopqrstuvwabcdefghi. This static nature makes Windows ICMP traffic easily identifiable during deep packet inspection (DPI). 3. The Concept of Traffic Mimicry Traffic Mimicry is a research method used to test the resilience of network filters. By aligning custom communication protocols with the default signatures of a specific OS, researchers can evaluate whether a security appliance is biased toward certain traffic patterns. For example, wh
科技前沿
SpaceX plans to launch Starlink mobile service in the US
Move would test whether group can turn ambition into a mass-market phone business.
AI 资讯
DNS Explained: How Your Browser Decodes Website Addresses
You type www.google.com into your browser and hit Enter. The page loads in under a second. But stop and think about what just happened. Your browser didn't know where Google lives on the internet. It had to ask. And in that fraction of a second, a surprisingly elegant chain of lookups took place behind the scenes. That system is called DNS — the Domain Name System. Think of it as the internet's phonebook: it translates human-friendly names like www.google.com into machine-friendly IP addresses like 142.250.80.46 . Without it, you'd have to memorise numbers to visit any website. Let's walk through exactly what happens, step by step. Step 1: You Type a URL — But What Does It Mean? When you type www.bing.com , you're entering a domain name . Domain names have a structure — and reading them right-to-left tells you a lot: www . bing . com │ │ │ │ │ └── Top-Level Domain (TLD): category or country │ └──────── Second-Level Domain (SLD): the brand/org name └─────────────── Subdomain: a section of the site (optional) Some real examples: Domain TLD SLD Subdomain www.bing.com .com bing www news.bbc.co.uk .uk bbc news docs.github.com .com github docs TLDs indicate the type or origin of a site — .com for commercial, .edu for education, .in for India, and so on. Step 2: Your Browser Checks Locally First Before going anywhere on the internet, your browser does a quick local check — two of them, actually. 1. Browser cache Modern browsers cache DNS results from previous lookups. If you visited bing.com five minutes ago, the browser already knows its IP and skips the entire lookup process. 2. The hosts file Your operating system has a plain text file that maps domain names to IPs manually. On most systems it lives at: Windows: C:\Windows\System32\drivers\etc\hosts Mac/Linux: /etc/hosts It looks like this: 127 . 0 . 0 . 1 localhost 192 . 168 . 1 . 10 mydevserver . local Developers use this all the time for local testing — mapping a production domain name to a local IP to test before go
AI 资讯
Record of Site Issues #2 - Playback / GOP
Environment And Situation Control room of an apartment Number of installed product : 3 (PC-based NVR, dual-LAN supported) Remote support : X (I actually went to the site and diagnosed) Reported Issue In viewer, when user changes play speed while playing back the recorded data, it randomly plays the data in hyper speed(almost 30x~60x) For example: 4x play means 4 seconds in video per a second. But in the site, it played 30~60 seconds per a seconds, showing the video stutturing. Diagnosis Checked the overall environment. System(CPU / RAM usage), network environment(bandwidth), resoulution, stream configurations, etc. -> Nothing suspicious. Some of the installed cameras had unusual fps and gop values Normally, fps and gop values are set to be equal(for exmaple, if fps is 30 then gop is also 30 so that iframe can appear every second) But the cameras' set up values were fps 15, gop 60(iframe per 4 seconds) Assumption Somehow the viewer keeps failing to find iframe to play. And it's maybe because iframe appears with a long gap. Quick note: iframe is kind of a key-frame. Since the viewer starts decoding from an iframe, it's necessary when it comes to playback. What I Tried Set all the cameras' gop value to 15(same as fps) Result Ran a test with data before changing the gop values and after. During interval before changing the gop, the issue occurred almost every time I tried. But after chaning the gop, the issue no longer occurred. Concolusion The issue was triggered by large GOP value (GOP 60 with FPS 15). With only one iframe every four seconds, the viewer sometimes failed to find an appropriate iframe after changing the playback speed, causing abnormal playback behavior. According to the viewer developer, this is likely related to the viewer's iframe searching logic, which is still under investigation. Keep This In Mind Check camera settings(especially gop and fps) first when it comes to playback issue. Always check before/after data to confirm assumption.
开发者
🍼 宝宝的小仓库 —— 幼师带你认识"NAS"
🌟 开场白:你有没有这样的烦恼? 小朋友们,有没有遇到过这种情况: 📱 手机里的照片太多, 装不下了 ! 💻 电脑里的视频, 换了电脑就找不到了 ! 👨👩👧 爸爸妈妈爷爷奶奶,想看同一个视频, 要互相发来发去 ! 有没有一个地方, 所有人都能存东西、随时取东西 ? 有!那就是 —— 🏠 NAS N etwork A ttached S torage 网络附加存储 (但老师觉得叫它 "家庭小仓库" 更好懂!) 🎒 第一课:NAS到底是个啥? 先想象一个场景 👇 幼儿园有个 大储物柜 🗄️ 每个小朋友都有 自己的格子 在教室里、在走廊里、甚至在家里 只要知道密码,随时可以取东西! 老师也可以把作业放进去,大家一起看 这个 "随时随地都能访问的大储物柜" ,就是 NAS ! 👩🏫 老师比喻总结: 普通硬盘 NAS 只插在一台电脑上用 接在路由器上,全家都能用 只有这台电脑能访问 手机、平板、电脑都能访问 出门就用不了 出门在外也能访问 🌍 像你自己的小书包 🎒 像幼儿园的公共储物柜 🗄️ 🏗️ 第二课:NAS长什么样? NAS其实就是一台 特别的小电脑 🖥️ 普通电脑 = 有屏幕、键盘、鼠标 NAS = 没有屏幕!没有键盘!没有鼠标! 只有一个"装硬盘的盒子" + 网线插口 ┌─────────────────┐ │ NAS 小盒子 │ │ ┌───┐ ┌───┐ │ │ │硬 │ │硬 │ │ ← 装了好几块硬盘 │ │盘1│ │盘2│ │ │ └───┘ └───┘ │ │ 💡 小灯灯 │ └────────┬────────┘ │ 网线 │ 📡 路由器 / | \ / | \ 手机 电脑 平板 👩🏫 老师比喻: NAS = 一个 装了很多大肚子的小机器人 🤖 它不需要眼睛(屏幕)、不需要手(键盘) 它只需要 网线 ,就能默默给全家服务 💪 🤯 第三课:重点来了! NAS 其实就是一个"网页操作系统"! 小朋友们先回忆一下上次学的 👇 网页 = HTML骨架 + CSS衣服 + JavaScript动作 然后放在 服务器 上,用 浏览器 访问 现在老师告诉你一个秘密 🤫 NAS 本身就是一台服务器! 你管理NAS,不需要接显示器 直接打开浏览器,输入地址 NAS就把它的"控制面板"当网页显示给你! 就像这样 👇 你打开浏览器,输入:http://192.168.1.100 ↓ NAS的"网页控制面板"出现了! 有文件管理、有设置、有相册... 跟用网站一模一样! 👩🏫 老师比喻: NAS = 幼儿园的 全自动智能储物柜 🗄️✨ 你不用去柜子跟前 在家用手机扫一下 → 柜子的 控制屏幕传到你手机上 你在手机上点点点 → 柜子乖乖开门取东西 这个"控制屏幕",就是NAS的 网页界面 ! 🍳 第四课:前端和后端 —— NAS版本! 还记得上次说的"大厨房"吗? 你(浏览器)点菜 → 厨房(服务器)做好送来 NAS也是一样的,分成 前端 和 后端 两个部分! 🎨 前端 —— 你看见的那一面 ┌─────────────────────────────────┐ │ NAS 网页控制台 │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │ │📁文件│ │🖼️相册│ │🎬视频│ │ │ └─────┘ └─────┘ └─────┘ │ │ ┌─────────────────────────┐ │ │ │ 这里显示你的文件列表 │ │ │ └─────────────────────────┘ │ │ [上传] [下载] [删除] │ └─────────────────────────────────┘ 这些你能看见的 = 前端 🎨 👩🏫 老师比喻: 前端 = 储物柜 正面的触摸屏 📱 漂漂亮亮的按钮、图标、列表 你能看见、能点的,都是 前端 ⚙️ 后端 —— 藏在里面干活的 你点击"上传文件" 👆 ↓ 前端说:"收到!我去通知后端!" ↓ 后端收到指令 ⚙️: 1. 检查你有没有权限 🔐 2. 找到硬盘上空的位置 💾 3. 把文件存进去 ✅ 4. 告诉前端:"存好啦!" ↓ 前端显示:"上传成功!✅" 👩🏫 老师比喻: 后端 = 储物柜 里面的机械手臂 🦾 你在触摸屏上点"放东西进去" 机械手臂默默把东西码放整齐 你看不见它,但它一直在努力工作! 🔄 前端和后端怎么说话? 前端(网页) ←→ 后端(NAS系统) ↑ ↑ 你能看见的界面 藏在机器里的程序 它们用"API"互相说话 API = 两个人之间的"对讲机" 📻 👩🏫 老师比喻: 角色 NAS里是谁 幼儿园比喻 前端 网页控制台界面 储物柜的触摸屏 📱 后端 NAS的操作系统程序 里面的机械手臂 🦾 API 前后端通信接口 触摸屏和手臂之间的对讲机 📻
AI 资讯
Use Unix Domain Sockets on Windows Python: Building an AF_UNIX Compatibility API
Python provides socket.AF_UNIX , asyncio.open_unix_connection() , and asyncio.start_unix_server() for working with Unix Domain Sockets on Unix-like operating systems. On Windows, however, support for Unix Domain Sockets tends to depend on the Python version and runtime environment. In particular, differences become apparent when trying to use the higher-level asyncio APIs in the same way as on Unix. To address this, I created a compatibility layer that hides the differences between Unix and Windows and allows AF_UNIX sockets to be used through a largely identical API. This article covers two types of APIs: An asyncio -based AF_UNIX compatibility API A synchronous socket -based AF_UNIX compatibility API Goal The objective is straightforward. On Unix, use the standard library APIs as-is. On Windows, fill in the missing functionality so that application code can remain as unified as possible. For example, on Unix you can write: reader , writer = await asyncio . open_unix_connection ( path ) And on the server side: server = await asyncio . start_unix_server ( handle_client , path ) The goal is to preserve this style of programming on Windows as much as possible. What Was Built The compatibility layer consists of two major components. 1. Asyncio Version This is the asynchronous implementation designed to match the asyncio Unix Domain Socket APIs. The main APIs are: await open_unix_connection ( path , * , limit = ...) await start_unix_server ( callback , path , * , limit = ..., backlog = ...) await create_unix_connection ( protocol_factory , path , ...) await create_unix_server ( protocol_factory , path , ...) install () On Unix-like systems, these simply delegate to the standard asyncio implementation. On Windows, they use Winsock AF_UNIX sockets and combine WSAEventSelect with event-loop handle waiting to implement asynchronous operations. 2. Synchronous Socket Version This version provides a traditional blocking-socket-style API without using asyncio . The main APIs ar
AI 资讯
Ultimate Guide to System and Network Adminstration 🌐 🛠️
In a world completely powered by technology, have you ever wondered what actually keeps our digital lives from crashing down? Enter the unsung heroes: system and network administration . Think of an operating system like Windows or Linux as a computer's command center, orchestrating everything from the heavy-lifting CPU to the smallest plugged-in device. To keep your data safe and your machine stable, it cleverly splits its brain into two zones: a restricted "user mode" where your everyday apps play, and a highly secure, privileged "kernel mode" reserved strictly for critical system operations. When individual computers connect to form massive global networks, the complexity skyrockets. This comprehensive guide breaks down those complex environments into simple, bite-sized concepts. Here is a quick snapshot of what we will cover: Host & OS Administration : This module covers how an operating system functions as the primary intermediary between a user and a computer's raw physical hardware. It explains how the system kernel manages critical computing processes, memory allocation, local storage file systems, and administrative tasks like security patching and automated scripting. Networking Concepts, Topologies, and Protocols : This module explores how individual computer systems connect and communicate across localized or global distances. It details the structural design of network topologies, addressing rules like IPv4 and IPv6, and the standardized layer frameworks that ensure safe and efficient data transmission. 🏛️ Part 1: Operating Systems & Host Administration 🖥️ Computer Resources and Functions At its core, every computer system is a collection of physical machinery and digital structures working together to solve problems. To understand how an operating system manages these pieces, it helps to look at the foundational puzzle blocks of a computer. This section maps out the primary hardware and data elements the system has to control, alongside a simple breakd
AI 资讯
Real-time IP capacity in Google Cloud subnets
When managing Shared VPCs, most teams allocate dedicated IP subnets for each service project to keep firewall rules simple, but this isolation often leads to poor IP utilization — it is not uncommon to see subnet IP utilization hovering in the low teens. On the other hand, using large shared subnets requires coordinating workload deployments to ensure there is enough internal IP address space for everyone. To optimize these shared networks, you need real-time visibility. The WITH_UTILIZATION query parameter on the Method: subnetworks.list | Compute Engine API solves this by returning the exact count of allocated and free IP addresses for each subnet IP range. This capability is designed for query-time decisions. For example, if you need to deploy a GCE workload requiring 100 instances, you can search for a subnet with enough capacity. This query-time data comes directly from Google Cloud's internal IP allocator and includes both primary and secondary CIDR ranges. Automating the search with gcloud and jq To automate capacity checks before you deploy, you can script this check. The script below uses gcloud compute networks subnets list | Google Cloud SDK to grab the utilization data as JSON, and then uses jq to parse, filter, and sort the subnets based on your required capacity: #!/bin/bash # --- Configuration (Replace with your details) --- PROJECT = "<YOUR_PROJECT_ID>" NETWORK_NAME = "<YOUR_VPC_NETWORK_NAME>" REGION = "<YOUR_REGION>" REQUIRED_IP_CAPACITY = 100 echo "Searching $NETWORK_NAME in $REGION for subnets with >= $REQUIRED_IP_CAPACITY free IPs..." echo "------------------------------------------------------------------------" # Fetch subnets with utilization data, output as JSON, and pipe to jq gcloud compute networks subnets list \ --project = " $PROJECT " \ --network = " $NETWORK_NAME " \ --regions = " $REGION " \ --view = WITH_UTILIZATION \ --format = json | \ jq -r --argjson min_ips " $REQUIRED_IP_CAPACITY " ' [ .[] | { name: .name, cidr: .ipCidrRange, #
AI 资讯
The Hidden Linux Routing Issue That Broke My Deployment
The deployment should have taken a few minutes. The application was running, DNS was configured correctly, and the domain was already pointing to the server's public IP. Caddy was configured as a reverse proxy and was listening on ports 80 and 443. Every item on my deployment checklist appeared healthy. Yet every Let's Encrypt validation attempt kept failing. The error looked simple enough: authorization failed timeout during connect likely firewall problem At first, I believed it. I checked DNS resolution, verified firewall rules, confirmed that Caddy was listening on the expected ports, and made sure the application itself was reachable. Every check came back clean. That was the first clue that the problem might not be where the logs were pointing. The Obvious Things The first assumption was DNS. I verified that the domain resolved to the correct public IP. dig +short my-domain.com Everything looked correct. Next came the firewall. sudo ufw status Ports 80 and 443 were open. There were no unexpected deny rules, and nothing suggested inbound traffic was being blocked. Then I checked whether Caddy was actually listening. sudo ss -tulpn | grep -E ':80|:443' Again, everything looked normal. The application itself was healthy too. curl http://localhost:3001 returned a valid response. At this point I had checked most of the things engineers typically check when certificate validation fails. DNS looked good, the firewall looked good, the reverse proxy was healthy, and the application was running. Yet the validation errors continued. The Part That Sent Me In The Wrong Direction The error messages kept mentioning connectivity problems and possible firewall issues. That wording influenced my thinking more than it should have. I spent time investigating firewall rules, reverse proxy configuration, TLS settings, and domain configuration. Every new hypothesis felt reasonable, but none of them explained why local tests consistently succeeded while external validation continued
开发者
How we became the first Indian hosting company to deploy Cloudflare Magic Transit
I run a hosting company. I'm also a BCA student. These two things coexist somehow. GigaNodes started in 2022 as a game server hosting brand — Minecraft, FiveM, ARK, the usual. Over time it grew into a proper VPS and dedicated server operation under GigaNode Technologies Private Limited, with AMD EPYC 7C13 hardware co-located at Yotta DC Noida. Earlier this year we did something I haven't seen any other Indian hosting provider do: we deployed Cloudflare Magic Transit across our entire network. What that actually means Magic Transit is not Cloudflare CDN. It is not a proxy. It is Cloudflare's enterprise network product where your IP prefixes get announced via BGP into Cloudflare's global backbone. All traffic destined for your servers enters Cloudflare's network first, gets scrubbed for attack traffic, and clean packets get forwarded to your data center via GRE tunnel. To deploy it, your infrastructure partner needs to have BGP-level integration with Cloudflare. Individual companies can't just sign up for it. We made it work through our partnership with Advika Datacenters Private Limited (AS135682) at Yotta DC Noida. The result: DDoS traffic never reaches our hardware. Our servers don't see the attack at all. Why no other Indian provider had done this Most Indian hosting providers use blackholing. When an attack comes in, they null-route your IP. Server goes offline. Attack stops eventually. Server comes back. That is the standard. That is what "DDoS protection included" usually means in India. The difference with Magic Transit is that legitimate traffic keeps flowing while attack traffic gets dropped. Your server stays online. Players stay connected. Trades don't get interrupted. We found out pretty quickly this actually works. We took a 1.7 Tbps attack after deployment. The servers didn't notice. A 1.7 Tbps volumetric attack hit our network in May 2026. Cloudflare absorbed it at the edge. No downtime. No support tickets from customers. We found out from the Cloudfla
开发者
YouTube字幕突然消失?原来是节点的锅——一次极其小众的排障经历
问题降临:毫无征兆 那天和往常一样,打开YouTube准备看一个英文视频。习惯性地点开字幕按钮—— 没反应。 不是字幕延迟,不是字幕错位,而是整个字幕功能像是从这个世界上蒸发了一样。原始语言的字幕不可用,点进字幕设置一看,连翻译选项都是灰的。没有原始字幕,自然也就没有任何语言的翻译字幕。 一整个功能链,从根部断裂。 第一反应:一定是扩展插件搞的鬼 作为一个浏览器里装了不少扩展和油猴脚本的用户,我的第一直觉非常明确—— 肯定是哪个插件冲突了。 这个判断合情合理。浏览器扩展劫持页面元素、油猴脚本注入自定义代码,这些操作干扰YouTube的正常功能,实在是太常见了。之前遇到过播放器界面异常、按钮消失之类的问题,十次有八次都是扩展惹的祸。 于是我开始了标准排障流程: 禁用所有油猴脚本 → 刷新 → 字幕依然不可用 禁用所有浏览器扩展 → 刷新 → 字幕依然不可用 开无痕模式 (彻底排除扩展和缓存影响)→ 字幕依然不可用 三轮操作下来,扩展插件的嫌疑被彻底洗清。 但这还不是最让人困惑的部分。 真正的诡异之处:薛定谔的字幕 在反复测试的过程中,我发现了一个极其反直觉的现象: 字幕的可用性是随机的。 开着所有扩展 → 有时候字幕 有 ,有时候 没有 关掉所有扩展 → 有时候字幕 有 ,有时候 没有 这完全打破了因果逻辑。如果问题出在扩展上,那么"关掉扩展"就应该稳定地解决问题。但现实是,开和关都呈现随机状态,说明扩展根本不是变量—— 真正的变量藏在别的地方。 这种"薛定谔的字幕"状态让我一度非常迷茫。你没办法用常规的控制变量法去定位一个表现为随机的问题,除非你能找到那个真正在变化的隐藏变量。 灵光一闪:换个节点试试? 在排除了浏览器层面的所有可能之后,我突然想到了一个平时根本不会和"字幕"联系在一起的东西—— 网络节点。 抱着试一试的心态,我切换了代理节点,选了一个不同地区的服务器。 刷新页面。 字幕回来了。 原始字幕、自动翻译、多语言选项——一切恢复正常,仿佛之前的问题从未发生过。 我又切回原来的节点——字幕消失了。再切到新节点——字幕回来了。反复测试了好几次,结果完全一致。 真相大白:问题出在节点上。 恍然大悟:视频和字幕,原来是两套系统 这次经历让我意识到一个之前从未注意到的事实: YouTube的视频流和字幕数据,很可能是由不同的服务器(或CDN节点)分别提供的。 这意味着: 视频能正常播放 ≠ 字幕能正常加载 你的网络可以顺畅地连接到视频服务器,但与此同时,字幕服务器可能对你当前的IP/地区/节点不可达或响应异常 不同的代理节点连接到的Google后端服务器不同,某些节点恰好无法正常获取字幕数据 这也完美解释了之前"随机可用"的现象。我在测试扩展的过程中,代理工具可能在后台自动切换了节点(很多代理工具有负载均衡或自动切换功能),导致有时碰巧连上了能提供字幕的服务器,有时则没有。我一直以为变量是"扩展的开关",实际上真正在暗中变化的是"网络节点"。 技术推测 虽然Google没有公开YouTube的完整架构细节,但根据这次经历可以合理推测: YouTube使用分布式CDN架构 ,视频内容、字幕数据、评论、推荐信息等可能分布在不同的微服务和服务器集群上 字幕API的端点 可能与视频流的端点不同,它们的可用性、地理限制、负载状况都是独立的 某些地区的某些IP段可能因为各种原因(服务器维护、区域限制、DNS解析差异、临时故障)无法正常访问字幕服务 这种问题具有 高度的偶发性和地域性 ,这也是为什么它如此小众,在网上几乎搜不到相关讨论 写在最后 这大概是我遇到过的最小众、最反直觉的技术问题之一。 它小众到什么程度呢?你去搜索"YouTube字幕不可用",得到的答案几乎都是:清除缓存、禁用扩展、检查字幕是否被上传者关闭、换个浏览器试试。 没有人会告诉你"换个代理节点"。 因为在绝大多数人的认知里,"视频都能看"就等于"网络没问题",不会有人把字幕缺失和网络节点联系在一起。 但事实就是这么奇怪: 视频能播放,不代表字幕能加载,因为它们根本就不在同一条路上。 这次经历也给了我一个教训:当排障陷入死胡同的时候,不要只盯着最明显的嫌疑犯。真正的问题,有时候藏在你认为"完全不可能"的地方。 下次再遇到YouTube的某个功能莫名其妙消失,而视频本身却能正常播放的时候——先换个节点试试。说不定,答案就在那里。
AI 资讯
Turn any PHP host into a gateway to your local network with host2gateway
Ever wanted to turn a simple PHP host into a gateway for your local network? I built host2gateway to do exactly that. ProfiDE / host2gateway Uses a PHP host or web server to create a gateway that securely allows access to clients through it. host2gateway host2gateway is a tool designed to provide access from a web server (Gateway) to a client without requiring static IP addresses, port forwarding, changing firewall rules, or other complex configurations . It is written in PHP and can be deployed on most hosting provider environments. Features No need for static IP or port forwarding: There is no requirement to modify your firewall or router settings. Platform-independent: Works anywhere PHP 8.2 or higher is supported, making it suitable for most shared hosting services. Lightweight and simple: Minimal dependencies and easy deployment. Strong encryption built-in: Uses a powerful encryption mechanism that secures all communication, even if SSL/TLS is not available on the hosting provider. Your data is protected at all times, regardless of your environment. How It Works The client establishes an outbound connection to a Gateway server that is accessible from the internet (a PHP-enabled web host). Both sides communicate… View on GitHub 🔥 What is host2gateway? It's a lightweight tool that transforms any server running PHP into a gateway that can route traffic, manage requests, and act as a bridge between your local network and external services. No heavy dependencies. No complex configs. Just PHP, Cron and a network interface. 🧠 Why I built this Most gateway solutions are bulky, written in Go or Rust, and require root access and system-level changes. But what if you only have: A shared hosting account A basic VPS with PHP enabled A Raspberry Pi running a PHP server host2gateway fills that gap. It gives you gateway-like capabilities using the tools you already have. 🛡️ Use cases Use Case Description Local network bridge Connect isolated parts of your network Traffic inspe
AI 资讯
How the Web Actually Works: HTTP from the Ground Up
I've been going through Jim Kurose's networking lectures lately, and I kept finding myself pausing to re-read the same sections. Not because they were confusing - because things I'd been using for years were finally clicking into place. This post is me writing down what I learned, in the order it started making sense. Before HTTP, there's a webpage A webpage isn't one file. When you open a URL, your browser fetches a base HTML file - and that file references other objects. Images. Scripts. Stylesheets. Each one lives at its own URL. Each one has to be fetched separately. So loading a single "page" might mean firing off 20+ individual requests. This detail matters because the entire evolution of HTTP - from 1.0 to 3 - is basically the story of making those 20 fetches faster. HTTP runs on TCP. That has consequences. HTTP doesn't manage its own connections. It hands that job to TCP. When your browser wants something, it first opens a TCP connection to the server (port 80 for HTTP, 443 for HTTPS), and then asks for the object. Opening a TCP connection isn't free. It takes a round-trip - your machine says "hello," the server says "hello back," and then you can actually talk. That's one RTT(Round Trip Time) just to shake hands, before a single byte of your webpage arrives. So every HTTP request carries at least 2 RTTs of overhead: 1 to open the TCP connection, 1 for the actual request/response. Do that 20 times and you've spent 40 RTTs before the page renders. HTTP/1.0 vs HTTP/1.1: one change that mattered a lot HTTP/1.0 (non-persistent): open a TCP connection, fetch one object, close the connection. Repeat for every object. HTTP/1.1 (persistent): open a TCP connection, fetch as many objects as you need, then close. The server leaves the connection open after each response. That one change cuts subsequent fetches from 2 RTTs to 1 RTT each. For a page with 20 objects, that's real time saved - not microseconds, but hundreds of milliseconds that users actually feel. What an
AI 资讯
AI Agents Are the Best Thing to Happen to Network Administration Since SDN
AI Agents Are the Best Thing to Happen to Network Administration Since SDN A single API key, an AI agent, and a router behind a double-NAT in Southeast Asia. What happened next changed how I think about network management. I manage UniFi routers spread throughout the ASEAN region — some for friends, some for relatives, one for a charity. They're in different cities, different ISPs, different levels of network hostility. Most sit behind carrier-grade NAT. A few are in places where the government firewall blocks VPN protocols at the transport layer. UniFi's own management interface has always been good. The web dashboard, accessible through Ubiquiti's cloud, gives me visibility into every site: device health, client lists, traffic stats, WiFi experience scores. It's one of the reasons I chose UniFi in the first place — the centralized GUI just works. But the GUI is still a GUI. It's clicks and menus and dropdowns. It's fast for one site, manageable for three, and tedious at ten. For anything beyond what Ubiquiti built into the interface, you'd need to write your own tooling. I never bothered, because I'm not a developer, and the built-in dashboard was good enough. Then AI agents arrived, and suddenly the calculation changed. The Discovery I knew UniFi had an API. I'd heard about it in passing — some REST endpoints for the controller, vaguely documented, probably read-only. I never looked into it seriously because what was I going to do with it? Write a Python script to poll client counts? Build a custom dashboard? Without a team of developers, an API is just a locked door. But when I started working with an AI agent, I gave it my UniFi cloud API key on a whim. I figured it could pull basic stats — the stuff from the Site Manager API at api.ui.com/v1 . Read-only. Dashboard-level. Useful as context for answering questions. Then the agent discovered something I'd completely missed: the Cloud Connector API . I owe this discovery in large part to the Art of WiFi PHP client
AI 资讯
HLD Fundamentals #1: Network Protocols
Network Protocols Network protocols define how computers communicate over a network. Whether you're opening Instagram, sending a WhatsApp message, watching Netflix, or transferring money through a banking app, some protocol is working behind the scenes to make communication possible. Client-Server Model What is it? The Client-Server model is a communication architecture where: Client requests a service or data. Server processes the request and returns a response. Most modern applications follow this architecture. How Does It Work? Client ---------- Request ----------> Server Client <--------- Response ---------- Server The client always initiates communication, and the server listens for incoming requests. Real World Example Instagram When you open Instagram: Mobile app sends a request. Instagram servers process the request. Feed data is fetched from databases. Posts are returned to your phone. Instagram App | V Instagram Server | V Database Advantages Centralized control Easier security management Easy maintenance Easier data consistency Disadvantages Server can become a bottleneck Single point of failure if not replicated Interview One-Liner Client-Server architecture is a centralized model where clients request resources and servers provide them. Peer-to-Peer (P2P) Model What is it? In a Peer-to-Peer network, every machine can act as both: Client Server There is no central server controlling communication. How Does It Work? Peer A <------> Peer B ^ ^ | | V V Peer C <------> Peer D Each peer can directly share resources with others. Real World Example BitTorrent Instead of downloading a file from one server: User | +--> Peer 1 | +--> Peer 2 | +--> Peer 3 Different parts of the file are downloaded from multiple peers simultaneously. Blockchain Bitcoin and Ethereum networks operate using Peer-to-Peer communication. Advantages Highly scalable No central server cost Better fault tolerance Disadvantages Harder to manage Security challenges Data consistency issues Inter
科技前沿
Threads of underground fungal networks are long enough to reach beyond the Solar System
Researchers have quantified the length and mass of arbuscular mycorrhizal fungal networks globally.