今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#networking

找到 47 篇相关文章

AI 资讯

A Differential Test Harness for Native vs. Generic XDP: Methodology and Baseline

Native XDP and generic SKB-mode XDP are not the same thing in practice. The same BPF program can pass the verifier and still behave differently depending on which mode the kernel uses, this could be a different verdict, different frame bytes, or different metadata. This post ships three things: an open differential test harness, a fixed eleven-packet corpus, and a simple way to classify the differences it finds. A tagged release lets anyone reproduce the virtio/veth baseline on Linux 6.8. The operational risk is straightforward. A firewall or rate-limiter validated only under native XDP can fall back to generic mode on an unsupported driver, a veth port, or after a reload. You keep the same bytecode, but behaviour can change, often without a clear error line. What this release includes: A harness loop: corpus → inject on the RX path → native vs generic sweep → xdpdump capture → compare.py manifest, comparing both the captured frame bytes and the XDP verdict ( PASS / DROP / TX / REDIRECT ). A deterministic corpus with eleven embedded test IDs ( 0xA001 – 0xA005 , 0xA007 – 0xA00C ; 0xA006 is intentionally omitted as a reserved gap in the generator). An operational divergence taxonomy (Class A / B / C). A virtio/veth smoke gate on Linux 6.8; now gating on frame bytes and verdict agreement that shows the full path is reproducible end to end. Scope for this post: native vs generic XDP on the virtio_vm profile only (five BPF programs, pinned manifests). This is part 1 of 2; it establishes the harness and an instrument-validity baseline; a follow-up post covers bare-metal divergence results. Physical NIC results are not part of this baseline. Ordinary conformance checks stop at “did the program load?” Differential testing asks a sharper question: given identical input packets, do the backends produce the same observable outcome at the hook? Background: native vs generic XDP Both modes load the same BPF object. They diverge at the hook point and in how the packet is represen

2026-07-14 原文 →
AI 资讯

PHP Speaks QUIC Now, and OpenSSL Did the Hard Part

I released php-quic 1.0.0, a PHP extension that gives you raw QUIC transport with first-class access to streams. It links against the same OpenSSL that PHP already links against, and that is the whole trick. Why This Was Awkward Before QUIC is not a protocol you bolt on in userland. It is TLS 1.3, congestion control, loss recovery, and stream multiplexing, all riding on UDP, and all of it has to be right before you can send a single useful byte. You could get there from PHP if you were willing to bind to a foreign QUIC library like ngtcp2 or quiche through FFI. That works, but now your PHP app carries a second TLS stack, a second set of CVEs to track, a build story that involves Rust, and a version matrix that has nothing to do with the one your distro maintains. For a language whose entire deployment story is "the package manager handles it," that is a lot of rope. What Changed OpenSSL 3.5 shipped a native QUIC stack. Client and server, in the library PHP is already built against. That reframes the problem. The extension is no longer "embed a QUIC implementation into PHP." It is "expose the QUIC that is already sitting there." No new TLS stack, no FFI layer, no Rust toolchain in your build. If your OpenSSL is patched, your QUIC is patched. The requirements fall out of that directly: PHP 8.4 or newer (8.5 on Windows), NTS or ZTS OpenSSL 3.5.0 or newer, built with QUIC support Transport, Not HTTP/3 The thing I most wanted to avoid was shipping an HTTP/3 client and calling it a QUIC library. QUIC is a transport. HTTP/3 is one protocol that runs on it, and it is not the interesting one for everybody. DNS-over-QUIC runs on it. So does anything you want to invent that needs multiplexed, ordered, loss-recovered streams without head-of-line blocking across them. So php-quic hands you connections and streams, and stays out of the framing business. If you want HTTP/3, you build HEADERS frames and QPACK on top of it, and the README has a worked example. If you want something

2026-07-14 原文 →
AI 资讯

EEM 101: On-Box Automation That Runs Even When Your NMS Doesn't

This is Part 1 of a 5-part series on Cisco EEM. We start here with the fundamentals and a few working applets, then build toward self-healing networks, automated diagnostics, compliance guardrails, and a complete real-world deployment. Ask ten network engineers what they use EEM for, and nine will say the same thing: "Oh, I have an applet that auto-recovers err-disabled ports." Then they never touch it again. That's a shame, because Embedded Event Manager is one of the most capable tools already sitting inside every Cisco IOS device you own — and almost nobody uses more than 1% of it. It's a full automation engine that lives on the box . No external server. No API gateway. No orchestration platform. Just the router or switch, watching itself, ready to react the instant something happens — even if the WAN is cut, the NMS is down, and it's three in the morning. This series is about using that other 99%. By the end you'll have a toolkit of applets you can deploy and, more importantly, a way of thinking about on-box automation. But we start at the foundation: what EEM actually is, how it's put together, and why "on the box" is a bigger deal than it sounds. What EEM actually is Embedded Event Manager is an event-driven automation framework built into Cisco IOS, IOS-XE, and NX-OS. Strip away the jargon and it's a very simple idea: When something happens, do something about it — automatically, on the device itself. That "something happens" is an event . That "do something" is one or more actions . Bundle an event with its actions and you have an applet — the basic unit of EEM. That's the whole model. The power comes from how many different things can be an event , and how much an action can do. Events EEM can watch for include: A syslog message matching a pattern (an interface flapping, an HSRP state change, a config being saved). An SNMP OID crossing a threshold (CPU over 85%, a power supply going absent, temperature rising). A CLI command being entered (someone typing wr

2026-07-13 原文 →
AI 资讯

My First Experience with SigNoz

Modern applications, especially AI agents and distributed systems, need more than logs to understand what is happening. That's why I explored SigNoz, an open-source observability platform built on OpenTelemetry. Setting up SigNoz with Docker was simple. After connecting a sample application, I could view logs, metrics, and traces from a single dashboard within minutes. My favorite feature is distributed tracing. Instead of guessing where requests slow down or fail, SigNoz clearly shows the complete request journey across services, making debugging much easier. The built-in dashboards provide valuable insights into CPU usage, memory, request latency, throughput, and error rates. Having centralized logs alongside metrics and traces saves time by eliminating the need to switch between multiple tools. I also liked the alerting feature, which helps detect issues before they affect users. For AI applications, observability is essential. AI agents make multiple API calls, use tools, and perform complex workflows. SigNoz makes it easier to understand each step, identify failures, measure latency, and optimize performance. Overall, my experience with SigNoz was excellent. It combines logs, metrics, traces, dashboards, and alerts into one intuitive platform. Among all its features, distributed tracing impressed me the most because it provides deep visibility into application behavior and simplifies troubleshooting. I'm excited to use SigNoz in future AI and cloud-native projects.

2026-07-11 原文 →
AI 资讯

How to usar Docker networks na pratica

Quando voce cria um container e depois outro, eles podem nao se enxergar. O motivo quase sempre e a rede. Entender os tipos de rede que o Docker oferece resolve isso de uma vez. Comece listando as redes que ja existem no seu Docker. docker network ls A rede bridge e a rede host vem de fabrica. Nenhuma delas oferece resolucao de nomes entre containers. Para isso voce precisa criar a sua propria rede. docker network create minha-rede Agora os containers que entrarem nessa rede conseguem se comunicar pelo nome do container. docker run -d --name app1 --network minha-rede nginx docker run -d --name app2 --network minha-rede alpine sleep 3600 Teste a comunicacao. docker exec app2 ping app1 -c 2 O ping funciona. O DNS interno do Docker resolve app1 para o IP interno do container. Isso resolve 90% dos problemas de comunicacao. A rede bridge padrao nao tem esse recurso. Crie sua propria rede sempre que precisar que containers se enxerguem. Agora a rede host. Ela elimina o isolamento de rede. O container usa a placa do host diretamente, sem NAT e sem mapeamento de porta. docker run -d --name web-host --network host nginx O nginx fica acessivel em http://localhost:80 direto. Sem -p 80:80. Mas so um container pode usar cada porta, porque a porta e a do host de verdade. Para ambientes com mais de uma maquina, existe a rede overlay. Ela precisa do Docker Swarm ou de um cluster. docker swarm init docker network create -d overlay rede-overlay docker service create --name api --network rede-overlay --replicas 3 nginx Os containers em maquinas diferentes se enxergam pelo nome como se estivessem na mesma maquina. No dia a dia, a rede bridge personalizada resolve quase todo caso de uso. Host e para performance ou casos especificos. Overlay e para quando voce escala para mais de uma maquina. That's all for now. Thanks for reading!

2026-07-11 原文 →
AI 资讯

Rosemary

Rosemary: Transparent Network Tunneling Over QUIC (Kernel-Level) Ever SSH into a box and wish you could just use its network without setting up proxy chains or VPNs? Rosemary makes that happen. The server intercepts traffic at the kernel level (no proxy settings, no TUN devices) and tunnels it over encrypted QUIC through a lightweight agent on the remote host. From your laptop, curl , ping , or your browser reach private subnets as if you were there. What you get Kernel-level packet interception, transparent to all your apps TCP, UDP, ICMP, and DNS just work without configuration Route all internet traffic through a chosen agent (egress) SOCKS5 proxies, port forwards, and reverse forwards per agent Multi-hop pivoting through several agents Web dashboard with real-time agent graph Full REST API for automation Works on Linux, Windows, macOS, FreeBSD, and OpenBSD Agents run without root; traffic is AES-256-GCM encrypted over QUIC Quick start # install (requires Go) go install github.com/blue0x1/rosemary/rosemary@latest go install github.com/blue0x1/rosemary/agent@latest # start server (needs sudo for kernel interception) sudo rosemary # deploy agent on remote box ./agent-linux-amd64 -s <server-ip>:2048 -k <your-key> That's it. Open http://server-ip:1024 and you'll see the agent's subnets automatically routed. Set a default egress agent to route all traffic through a jump host: egress agent-1 Now your laptop behaves like it's on the remote network. No proxychains, no ssh -D , no friction. Check the repo blue0x1/rosemary for pre-built binaries, PowerShell agents, and the full API. Use only on systems you own or have permission to test.

2026-07-10 原文 →
AI 资讯

Fixing the 550 SPF Check Failed Error: A Technical Step-by-Step Troubleshooting Guide

Understanding the 550 SPF Check Failed Error The "550 SPF Check Failed" error indicates that a receiving mail server rejected an incoming email. This rejection occurs because the sender's domain failed its Sender Policy Framework (SPF) validation. SPF is an email authentication protocol defined in RFC 7208 . SPF helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. Receiving mail servers perform an SPF check by querying the sender's DNS for an SPF TXT record. If the sending server's IP address is not listed in the domain's SPF record, the SPF check fails. The receiving server then rejects the email based on its configured policy, often resulting in a 550 error. This error protects recipients from unauthorized emails and enhances email security. Initial Diagnosis: Identifying the Root Cause Diagnosing an SPF failure requires examining the bounce message and the domain's DNS records. The bounce message often provides specific details about the SPF failure. Look for phrases like "SPF validation failed," "unauthorized sender," or "IP address not permitted." Common reasons for a 550 SPF Check Failed error include: Missing SPF Record: No SPF TXT record exists for the sending domain. Incorrect SPF Syntax: The SPF record contains errors, making it unreadable or invalid. Incomplete SPF Record: The SPF record does not list all legitimate sending IP addresses or hostnames. DNS Lookup Limit Exceeded: The SPF record requires more than 10 DNS lookups, violating RFC 7208. DMARC Policy Enforcement: A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy ( RFC 7489 ) with p=reject or p=quarantine is in place, enforcing strict SPF failure handling. To begin diagnosis, use our SPF checker to verify your domain's SPF record and its validity. This tool quickly identifies syntax errors and lookup issues. Step-by-Step Troubleshooting and Resolution Resolving SPF failures involves

2026-07-05 原文 →
AI 资讯

The Hidden Dangers of DMARC p=none: Why It's Undermining Your Email Security (Not Just Deliverability)

Understanding DMARC and the 'p=none' Policy DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489, is an email authentication protocol. It builds upon SPF (Sender Policy Framework, RFC 7208) and DKIM (DomainKeys Identified Mail, RFC 6376) to provide domain owners with greater control. DMARC instructs recipient mail servers on how to handle emails that fail authentication and provides reporting on these failures. The p=none policy is often adopted as a preliminary step in DMARC implementation. It instructs recipient servers to take no specific action on emails failing DMARC alignment. Its primary function is to enable the collection of aggregate and forensic reports without impacting email deliverability. Many organizations view p=none as a safe, non-disruptive way to begin their DMARC journey. This initial perception, however, overlooks critical security implications. While it offers visibility, p=none provides no actual enforcement against malicious email. The Critical Security Vulnerability of p=none The fundamental flaw of DMARC p=none lies in its complete lack of enforcement. When a DMARC record is set to p=none , recipient mail servers will not block, quarantine, or reject messages that fail DMARC authentication. This includes emails that spoof your domain directly. Threat actors exploit this vulnerability to conduct phishing, business email compromise (BEC), and brand impersonation attacks. They can send emails appearing to originate from your legitimate domain, knowing that p=none offers no protective barrier. The recipient mail server simply delivers the fraudulent message. This policy effectively leaves your domain unprotected against direct domain spoofing. Despite having a DMARC record, your organization remains susceptible to advanced phishing techniques. The security posture of your email ecosystem is compromised. The Illusion of Insight: Data Without Action DMARC p=none does provide valuable data through its repor

2026-07-05 原文 →
AI 资讯

Configuring DMARC p=quarantine: A Technical Step-by-Step Guide to Secure Your Domain and Improve Deliverability

Introduction to DMARC and the p=quarantine Policy DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489 , is an email authentication protocol. It builds upon SPF and DKIM to provide domain owners with the ability to protect their domain from unauthorized use. DMARC enables senders to specify how receiving mail servers should handle unauthenticated emails originating from their domain. It also provides a mechanism for receiving servers to report back to the domain owner about authentication results. DMARC policies dictate the action receiving mail servers should take when an email fails DMARC authentication. The three primary policies are: p=none : Monitor mode. Receiving servers take no action on failed messages but send reports. This is the initial deployment phase. p=quarantine : Receiving servers should treat failed messages as suspicious. They are typically placed in the recipient's spam folder or flagged for further review. p=reject : Receiving servers should outright reject messages that fail DMARC authentication. This is the strongest enforcement policy. Implementing p=quarantine is a critical step towards full domain protection. It allows domain owners to mitigate spoofing and phishing attempts without immediately blocking legitimate, but misconfigured, email streams. This policy provides a balance between security enforcement and minimizing potential deliverability disruptions. Prerequisites for DMARC p=quarantine Implementation Before deploying a p=quarantine policy, proper configuration of SPF and DKIM is mandatory. DMARC relies on these underlying authentication mechanisms and their alignment with the sending domain. SPF (Sender Policy Framework) SPF, specified in RFC 7208 , allows domain owners to publish a list of authorized sending IP addresses in their DNS. Receiving mail servers check the SPF record to verify if an incoming email originated from an authorized server. An SPF record is a TXT record at the root of

2026-07-04 原文 →
AI 资讯

I run my homelab like a miniature data centre — here's the network design that made it possible

The homelab started flat. One /24, everything on it. My workstation, the NAS, the Proxmox host, and — over time — a growing list of workloads sharing the same broadcast domain because that was the path of least resistance. For a while, that was fine. A homelab running one workload doesn't need segmentation any more than a house needs an office door. Then I stood up an Akash provider. An Akash provider is, in shape, a Kubernetes cluster that accepts inbound tenant workloads from the internet — real deployments, paying for compute, containers I didn't write landing in namespaces on my hardware. The provider itself is documented at github.com/jjozzietech/akash-provider-ops-public — this piece is about the network underneath it. The containerisation posture itself is fine. I trust the isolation model. But trust isn't a network design. And the network at that moment had the tenant workload cluster sitting on the same subnet as my workstation, my NAS, and my Proxmox management interface. That was the moment I stopped thinking of the rack as a home network with extra boxes, and started thinking of it as a small data centre. This piece is the network design that came out of that shift. I'll cover the layout, the rules that hold it together, and the Nexus and Proxmox configs that anchor it — with the specifics of my own deployment sanitised. It's not a step-by-step replication guide. It's the design pattern, with enough of the shape to be useful and enough restraint to not double as a recon document for my own rack. // the original design The flat layout looked like this: home lan — 192.168.1.0/24 opnsense (perimeter) cisco nexus (dumb L2 switching) proxmox host workload VMs (all on the same subnet) What it got right: zero routing complexity, everything reachable from everywhere, fast to stand up. If you're running one project on a homelab, this is the correct design. Don't over-engineer it. What stopped working, as soon as the second project landed on the rack, was that the

2026-07-02 原文 →
AI 资讯

From one blocking accept() to epoll: a C TCP server up the I/O ladder, measured

I connected one client to a blocking TCP server and held the socket open without sending a single byte. Then I connected a second client and sent it a line of text. The second client sat there for 1.51 seconds with no reply. It got its echo back one millisecond after I closed the first connection. That 1.51 seconds is the reason the other six versions of this server exist. Last week I wrote up why I rebuilt this server seven times : framework knowledge resets every few years, the layer underneath it compounds. That piece stayed at the level of outcomes. This one goes the other way, down into the code and the numbers. The claims that matter here are the kind you can read a hundred times without being able to derive them. "select is O(n)." "epoll only hands you the ready fds." I had read both for years. I wanted to make my own machine say them out loud. The target the whole exercise is built around is Dan Kegel's old C10K problem : how do you serve ten thousand clients at once on one server? Each of the seven versions hits a wall, and the wall is what names the next one. The whole thing is one echo server written seven times, no libraries beyond libc, on GitHub . Every number below is from running it on macOS (Apple clang 21, darwin 25.4) on 2026-06-29. The binaries are built with AddressSanitizer and UBSan on, so read the absolute microseconds loosely. The structure is what holds. Phase 01: blocking, and the 1.5 second stall The first server is the one everybody writes first. Accept a connection, talk to it, close it, accept the next. for (;;) { int client_fd = accept ( server_fd , NULL , NULL ); if ( client_fd == - 1 ) { perror ( "accept" ); continue ; } handle_client ( client_fd ); close ( client_fd ); } handle_client loops on read until the client hangs up. Both accept and read block: when there is nothing to do, the thread sleeps in the kernel. That is good for idle cost and fatal for everything else. While the server is parked in read waiting on client A, client

2026-06-30 原文 →
AI 资讯

DNS Explained: How Your Browser Decodes Website Addresses

You type www.google.com into your browser and hit Enter. The page loads in under a second. But stop and think about what just happened. Your browser didn't know where Google lives on the internet. It had to ask. And in that fraction of a second, a surprisingly elegant chain of lookups took place behind the scenes. That system is called DNS — the Domain Name System. Think of it as the internet's phonebook: it translates human-friendly names like www.google.com into machine-friendly IP addresses like 142.250.80.46 . Without it, you'd have to memorise numbers to visit any website. Let's walk through exactly what happens, step by step. Step 1: You Type a URL — But What Does It Mean? When you type www.bing.com , you're entering a domain name . Domain names have a structure — and reading them right-to-left tells you a lot: www . bing . com │ │ │ │ │ └── Top-Level Domain (TLD): category or country │ └──────── Second-Level Domain (SLD): the brand/org name └─────────────── Subdomain: a section of the site (optional) Some real examples: Domain TLD SLD Subdomain www.bing.com .com bing www news.bbc.co.uk .uk bbc news docs.github.com .com github docs TLDs indicate the type or origin of a site — .com for commercial, .edu for education, .in for India, and so on. Step 2: Your Browser Checks Locally First Before going anywhere on the internet, your browser does a quick local check — two of them, actually. 1. Browser cache Modern browsers cache DNS results from previous lookups. If you visited bing.com five minutes ago, the browser already knows its IP and skips the entire lookup process. 2. The hosts file Your operating system has a plain text file that maps domain names to IPs manually. On most systems it lives at: Windows: C:\Windows\System32\drivers\etc\hosts Mac/Linux: /etc/hosts It looks like this: 127 . 0 . 0 . 1 localhost 192 . 168 . 1 . 10 mydevserver . local Developers use this all the time for local testing — mapping a production domain name to a local IP to test before go

2026-06-26 原文 →
AI 资讯

Record of Site Issues #2 - Playback / GOP

Environment And Situation Control room of an apartment Number of installed product : 3 (PC-based NVR, dual-LAN supported) Remote support : X (I actually went to the site and diagnosed) Reported Issue In viewer, when user changes play speed while playing back the recorded data, it randomly plays the data in hyper speed(almost 30x~60x) For example: 4x play means 4 seconds in video per a second. But in the site, it played 30~60 seconds per a seconds, showing the video stutturing. Diagnosis Checked the overall environment. System(CPU / RAM usage), network environment(bandwidth), resoulution, stream configurations, etc. -> Nothing suspicious. Some of the installed cameras had unusual fps and gop values Normally, fps and gop values are set to be equal(for exmaple, if fps is 30 then gop is also 30 so that iframe can appear every second) But the cameras' set up values were fps 15, gop 60(iframe per 4 seconds) Assumption Somehow the viewer keeps failing to find iframe to play. And it's maybe because iframe appears with a long gap. Quick note: iframe is kind of a key-frame. Since the viewer starts decoding from an iframe, it's necessary when it comes to playback. What I Tried Set all the cameras' gop value to 15(same as fps) Result Ran a test with data before changing the gop values and after. During interval before changing the gop, the issue occurred almost every time I tried. But after chaning the gop, the issue no longer occurred. Concolusion The issue was triggered by large GOP value (GOP 60 with FPS 15). With only one iframe every four seconds, the viewer sometimes failed to find an appropriate iframe after changing the playback speed, causing abnormal playback behavior. According to the viewer developer, this is likely related to the viewer's iframe searching logic, which is still under investigation. Keep This In Mind Check camera settings(especially gop and fps) first when it comes to playback issue. Always check before/after data to confirm assumption.

2026-06-26 原文 →
开发者

🍼 宝宝的小仓库 —— 幼师带你认识"NAS"

🌟 开场白:你有没有这样的烦恼? 小朋友们,有没有遇到过这种情况: 📱 手机里的照片太多, 装不下了 ! 💻 电脑里的视频, 换了电脑就找不到了 ! 👨‍👩‍👧 爸爸妈妈爷爷奶奶,想看同一个视频, 要互相发来发去 ! 有没有一个地方, 所有人都能存东西、随时取东西 ? 有!那就是 —— 🏠 NAS N etwork A ttached S torage 网络附加存储 (但老师觉得叫它 "家庭小仓库" 更好懂!) 🎒 第一课:NAS到底是个啥? 先想象一个场景 👇 幼儿园有个 大储物柜 🗄️ 每个小朋友都有 自己的格子 在教室里、在走廊里、甚至在家里 只要知道密码,随时可以取东西! 老师也可以把作业放进去,大家一起看 这个 "随时随地都能访问的大储物柜" ,就是 NAS ! 👩‍🏫 老师比喻总结: 普通硬盘 NAS 只插在一台电脑上用 接在路由器上,全家都能用 只有这台电脑能访问 手机、平板、电脑都能访问 出门就用不了 出门在外也能访问 🌍 像你自己的小书包 🎒 像幼儿园的公共储物柜 🗄️ 🏗️ 第二课:NAS长什么样? NAS其实就是一台 特别的小电脑 🖥️ 普通电脑 = 有屏幕、键盘、鼠标 NAS = 没有屏幕!没有键盘!没有鼠标! 只有一个"装硬盘的盒子" + 网线插口 ┌─────────────────┐ │ NAS 小盒子 │ │ ┌───┐ ┌───┐ │ │ │硬 │ │硬 │ │ ← 装了好几块硬盘 │ │盘1│ │盘2│ │ │ └───┘ └───┘ │ │ 💡 小灯灯 │ └────────┬────────┘ │ 网线 │ 📡 路由器 / | \ / | \ 手机 电脑 平板 👩‍🏫 老师比喻: NAS = 一个 装了很多大肚子的小机器人 🤖 它不需要眼睛(屏幕)、不需要手(键盘) 它只需要 网线 ,就能默默给全家服务 💪 🤯 第三课:重点来了! NAS 其实就是一个"网页操作系统"! 小朋友们先回忆一下上次学的 👇 网页 = HTML骨架 + CSS衣服 + JavaScript动作 然后放在 服务器 上,用 浏览器 访问 现在老师告诉你一个秘密 🤫 NAS 本身就是一台服务器! 你管理NAS,不需要接显示器 直接打开浏览器,输入地址 NAS就把它的"控制面板"当网页显示给你! 就像这样 👇 你打开浏览器,输入:http://192.168.1.100 ↓ NAS的"网页控制面板"出现了! 有文件管理、有设置、有相册... 跟用网站一模一样! 👩‍🏫 老师比喻: NAS = 幼儿园的 全自动智能储物柜 🗄️✨ 你不用去柜子跟前 在家用手机扫一下 → 柜子的 控制屏幕传到你手机上 你在手机上点点点 → 柜子乖乖开门取东西 这个"控制屏幕",就是NAS的 网页界面 ! 🍳 第四课:前端和后端 —— NAS版本! 还记得上次说的"大厨房"吗? 你(浏览器)点菜 → 厨房(服务器)做好送来 NAS也是一样的,分成 前端 和 后端 两个部分! 🎨 前端 —— 你看见的那一面 ┌─────────────────────────────────┐ │ NAS 网页控制台 │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │ │📁文件│ │🖼️相册│ │🎬视频│ │ │ └─────┘ └─────┘ └─────┘ │ │ ┌─────────────────────────┐ │ │ │ 这里显示你的文件列表 │ │ │ └─────────────────────────┘ │ │ [上传] [下载] [删除] │ └─────────────────────────────────┘ 这些你能看见的 = 前端 🎨 👩‍🏫 老师比喻: 前端 = 储物柜 正面的触摸屏 📱 漂漂亮亮的按钮、图标、列表 你能看见、能点的,都是 前端 ⚙️ 后端 —— 藏在里面干活的 你点击"上传文件" 👆 ↓ 前端说:"收到!我去通知后端!" ↓ 后端收到指令 ⚙️: 1. 检查你有没有权限 🔐 2. 找到硬盘上空的位置 💾 3. 把文件存进去 ✅ 4. 告诉前端:"存好啦!" ↓ 前端显示:"上传成功!✅" 👩‍🏫 老师比喻: 后端 = 储物柜 里面的机械手臂 🦾 你在触摸屏上点"放东西进去" 机械手臂默默把东西码放整齐 你看不见它,但它一直在努力工作! 🔄 前端和后端怎么说话? 前端(网页) ←→ 后端(NAS系统) ↑ ↑ 你能看见的界面 藏在机器里的程序 它们用"API"互相说话 API = 两个人之间的"对讲机" 📻 👩‍🏫 老师比喻: 角色 NAS里是谁 幼儿园比喻 前端 网页控制台界面 储物柜的触摸屏 📱 后端 NAS的操作系统程序 里面的机械手臂 🦾 API 前后端通信接口 触摸屏和手臂之间的对讲机 📻

2026-06-26 原文 →
AI 资讯

Use Unix Domain Sockets on Windows Python: Building an AF_UNIX Compatibility API

Python provides socket.AF_UNIX , asyncio.open_unix_connection() , and asyncio.start_unix_server() for working with Unix Domain Sockets on Unix-like operating systems. On Windows, however, support for Unix Domain Sockets tends to depend on the Python version and runtime environment. In particular, differences become apparent when trying to use the higher-level asyncio APIs in the same way as on Unix. To address this, I created a compatibility layer that hides the differences between Unix and Windows and allows AF_UNIX sockets to be used through a largely identical API. This article covers two types of APIs: An asyncio -based AF_UNIX compatibility API A synchronous socket -based AF_UNIX compatibility API Goal The objective is straightforward. On Unix, use the standard library APIs as-is. On Windows, fill in the missing functionality so that application code can remain as unified as possible. For example, on Unix you can write: reader , writer = await asyncio . open_unix_connection ( path ) And on the server side: server = await asyncio . start_unix_server ( handle_client , path ) The goal is to preserve this style of programming on Windows as much as possible. What Was Built The compatibility layer consists of two major components. 1. Asyncio Version This is the asynchronous implementation designed to match the asyncio Unix Domain Socket APIs. The main APIs are: await open_unix_connection ( path , * , limit = ...) await start_unix_server ( callback , path , * , limit = ..., backlog = ...) await create_unix_connection ( protocol_factory , path , ...) await create_unix_server ( protocol_factory , path , ...) install () On Unix-like systems, these simply delegate to the standard asyncio implementation. On Windows, they use Winsock AF_UNIX sockets and combine WSAEventSelect with event-loop handle waiting to implement asynchronous operations. 2. Synchronous Socket Version This version provides a traditional blocking-socket-style API without using asyncio . The main APIs ar

2026-06-21 原文 →
AI 资讯

Ultimate Guide to System and Network Adminstration 🌐 🛠️

In a world completely powered by technology, have you ever wondered what actually keeps our digital lives from crashing down? Enter the unsung heroes: system and network administration . Think of an operating system like Windows or Linux as a computer's command center, orchestrating everything from the heavy-lifting CPU to the smallest plugged-in device. To keep your data safe and your machine stable, it cleverly splits its brain into two zones: a restricted "user mode" where your everyday apps play, and a highly secure, privileged "kernel mode" reserved strictly for critical system operations. When individual computers connect to form massive global networks, the complexity skyrockets. This comprehensive guide breaks down those complex environments into simple, bite-sized concepts. Here is a quick snapshot of what we will cover: Host & OS Administration : This module covers how an operating system functions as the primary intermediary between a user and a computer's raw physical hardware. It explains how the system kernel manages critical computing processes, memory allocation, local storage file systems, and administrative tasks like security patching and automated scripting. Networking Concepts, Topologies, and Protocols : This module explores how individual computer systems connect and communicate across localized or global distances. It details the structural design of network topologies, addressing rules like IPv4 and IPv6, and the standardized layer frameworks that ensure safe and efficient data transmission. 🏛️ Part 1: Operating Systems & Host Administration 🖥️ Computer Resources and Functions At its core, every computer system is a collection of physical machinery and digital structures working together to solve problems. To understand how an operating system manages these pieces, it helps to look at the foundational puzzle blocks of a computer. This section maps out the primary hardware and data elements the system has to control, alongside a simple breakd

2026-06-21 原文 →