Space exploration was always fascinating, and recent developments have reignited the interest to the heights never seen since the last man stood on the Moon. People argue about Mars exploration and features of spaceships as their grandparents would’ve done if the internet existed fifty years ago. I’m an electronics engineer working in the aerospace industry, so I know a thing or two about the technical background of this stuff — and I see that these things aren’t common knowledge, and people often have significantly skewed ideas about the reasons behind many things and decisions. Namely, I’d love to speak of some misconceptions about radiation hardened integrated circuits and the means of protection from radiation-induced damage.
Dive into Email Security: MTA-STS Policies
7 min
In a nutshell: MTA-STS is a way to protect emails against interception (man-in-the-middle aka MitM attacks) between email servers. It partially resolves architectural issues in email protocols and is described in a recent RFC 8461 standard.
IIoT platform databases – How Mail.ru Cloud Solutions deals with petabytes of data coming from a multitude of devices
11 min
Hello, my name is Andrey Sergeyev and I work as a Head of IoT Solution Development at Mail.ru Cloud Solutions. We all know there is no such thing as a universal database. Especially when the task is to build an IoT platform that would be capable of processing millions of events from various sensors in near real-time.
Our product Mail.ru IoT Platform started as a Tarantool-based prototype. I’m going to tell you about our journey, the problems we faced and the solutions we found. I will also show you a current architecture for the modern Industrial Internet of Things platform. In this article we will look into:
- our requirements for the database, universal solutions, and the CAP theorem
- whether the database + application server in one approach is a silver bullet
- the evolution of the platform and the databases used in it
- the number of Tarantools we use and how we came to this
C2x: the future C standard
8 min
I strain to make the far-off echo yield
A cue to the events that may come in my day.
(‘Doctor Zhivago’, Boris Pasternak)
I’ll be honest: I don’t write in pure C that often anymore and I haven’t been following the language’s development for a long time. However, two unexpected things happened recently: С won back the title of the most popular programming language according to TIOBE, and the first truly interesting book in years on this language was published. So, I decided to spend a few evenings studying material on C2x, the future version of C.
Here I will share with you what I consider to be its most interesting new features.
IntelliJ IDEA: Structural Search and Replace
11 min
Tutorial
Translation
Modern IDEs are very powerful tools that can help developers in all kinds of situations. Unfortunately, much of this power is often lost because many functions remain unknown to developers, hiding in the shadows.
Simple example of the one of the such functions
Did you know that when you press F2 in IntelliJ IDEA, the cursor will jump to the nearest error in the file? And in the absence of an error – to the nearest warning? It seems that this is a secret only a few people know about.
Structural search and replace is one such pair of features. They can be extremely useful in situations where a whole variety of other functions can’t quite get the job done.
In this post, I will present some of these situations and go beyond artificial cases by demonstrating examples of real code from two projects:
- 3D-engine for game development, jMonkeyEngine, which is an example of a big, interesting project.
- My own pet project, plantuml-native-image, where I experiment with compiling PlantUML into native executable code using GraalVM Native Image.
In fact, it is this second project that encouraged me to write this post but I’m getting ahead of myself. First things first...
Making a Tarantool-Based Investment Business Core for Alfa-Bank
10 min
A still from «Our Secret Universe: The Hidden Life of the Cell»
Investment business is one of the most complex domains in the banking world. It's about not just credits, loans, and deposits — there are also securities, currencies, commodities, derivatives, and all kinds of complex stuff like structured products.
Recently, people have become increasingly aware of their finances. More and more get involved in securities trading. Individual investment accounts have emerged not so long ago. They allow you to trade in securities and get tax credits or avoid taxes at the same time. All clients coming to us want to manage their portfolios and see their reporting on-line. Most frequently, these are multi-product portfolios, which means that people are clients of different business areas.
Moreover, the demands of regulators, both Russian and international, also grow.
To meet the current needs and lay a foundation for future upgrades, we've developed our Tarantool-based investment business core.
Looking back at 3 months of the global traffic shapeshifting
9 min
There would be no TL;DR in this article, sorry.
Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.
In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.
The Anatomy of LuaJIT Tables and What’s Special About Them
10 min
I don't know about you, but I really like to get inside all sorts of systems. In this article, I’m going to tell you about the internals of Lua tables and special considerations for their use. Lua is my primary professional programming language, and if one wants to write good code, one needs at least to peek behind the curtain. If you are curious, follow me.
Windows Native Applications and Acronis Active Restore
9 min
Translation
We continue telling you about our cooperation with Innopolis University guys to develop Active Restore technology. It will allow users to start working as soon as possible after a failure. Today, we will talk about Native Windows applications, including details on their development and launch. Under the cut, you will find some information about our project, and a hands-on guide on developing native apps.
Service for Active Restore or the Story of an Industrial Project at Innopolis
8 min
Translation
Hello, Habr! My name is Roman. Today I would like to share a story of how we at Innopolis University developed a test stand and a service for Acronis Active Restore system, which will soon become part of the company’s product range. Those interested to know how the University builds its relationship with industrial partners are welcome to click the «Read More» button.
Deploying Tarantool Cartridge applications with zero effort (Part 2)
11 min
Tutorial
We have recently talked about how to deploy a Tarantool Cartridge application. However, an application's life doesn't end with deployment, so today we will update our application and figure out how to manage topology, sharding, and authorization, and change the role configuration.
Feeling interested? Please continue reading under the cut.
Active Restore: Can we Recover Faster? Much Faster?
5 min
Translation
Backing up valuable data is a proven practice, but what if we need to continue work immediately after a natural disaster or other disruptive events, and every minute is important? Our team at Acronis decided to see how quickly we can start an operating system. This is our first post from the Active Restore series. Today I will tell you how we launched our project with Innopolis University, which solutions were studied, and what we are working on today. All the details are under the Cut.
This is how you deal with route leaks
2 min
That, we must say, is the unique story so far.
Here’s the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP — Rostelecom (AS12389) — was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.
Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. The route leak was distributed quite well through Rascom (AS20764), then Cogent (AS174) and in a couple of minutes through Level3 (AS3356) to the world. The issue suddenly became bad enough that it saturated the route decision-making process for a few Tier-1 ISPs.
It looked like this:
With that:
Here’s the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP — Rostelecom (AS12389) — was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.
Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. The route leak was distributed quite well through Rascom (AS20764), then Cogent (AS174) and in a couple of minutes through Level3 (AS3356) to the world. The issue suddenly became bad enough that it saturated the route decision-making process for a few Tier-1 ISPs.
It looked like this:
With that:
What does «clean code» mean in 2020?
9 min
«Clean Code» and a clean cat
There is nothing developers enjoy better than arguing about clean code: Dan Abramov, for example, has recently fueled the hype with his blog post, «Goodbye, Clean Code».
However, “clean code” per se doesn’t even have a clear definition. The main book on the subject is Clean Code, where Robert «Uncle Bob» Martin states that there are perhaps as many definitions as there are programmers. But he doesn’t walk away from the fact with a conclusion that there’s no reason to discuss clean code, rather — compare several definitions and highlight general ideas. Therefore he cites the views of several outstanding programmers on what clean code is.
So we have also become interested in what people in 2020 think of clean code. Have the views changed since the publication of the book? Do opinions vary in different IT fields (maybe backend developers perceive the idea of clean code differently from testers)?
This spring, Uncle Bob comes to St. Petersburg to give talks at our three conferences: they are about .NET development, testing and JavaScript. Therefore, we’ve asked speakers from each of those conferences to share their opinion on clean code so we could compare the opinions of the industry experts in 2020.
We've already published the results in Russian, and here's the English version. Since the topic is known to provoke discussions, feel free to give your own definition or argue about those already given!
UPD: When we posted this article, Uncle Bob had our conferences in his schedule. Unfortunately, the situation has changed. We updated this post on March 12, to avoid any misunderstanding.
Fault Tolerance Web Architecture for Our Cloud Solutions
10 min
Hi Habr,
I'm Artyom Karamyshev, a system administration team leader at Mail.Ru Cloud Solutions (MCS). We launched many products in 2019. We've aimed to make API services easily scalable, fault-tolerant, and ready to accommodate rapid growth. Our platform is running on OpenStack, and in this article, I describe all the component fault tolerance issues that we've resolved.
The overall fault tolerance of the platform is consists of its components fault tolerance. So, I'm going to show you step by step tutorial about all levels where we've found the risks.
Tips and tricks from my Telegram-channel @pythonetc, January 2020
3 min
It is a new selection of tips and tricks about Python and programming from my Telegram-channel @pythonetc.
← Previous publications.
The order of
except blocks matter: if exceptions can be caught by more than one block, the higher block applies. The following code doesn’t work as intended:
Hypercube. How we gave developers test devices without losing any
11 min
You can’t properly test and debug mobile apps without test devices, which there should be plenty of considering how the same code may behave differently on different models. So how do we keep track of these devices? How do we quickly provide developers and testers with the smartphones they need, configured the way they need, and without much red tape?
I’m Alexey Lavrenuke. Over the years, I’ve worn many hats: one of the authors behind Yandex.Tank, a speaker on load testing, and the guy who calculated energy consumption by mobile phones. Now I’m a Yandex.Rover developer on the self-driving car team.
After the phones and before Yandex.Rover, there was Hypercube.
A few years ago, the head of mobile development popped in to the load testing department and mentioned a problem they were having with test devices: phones had a tendency to inexplicably migrate from one desk to another. Picking the right device and then finding it had become a challenge. We already experienced working with mobile devices from building a digital ammeter to calculate energy consumption, so we decided to help our coworkers out and quickly rig up a handy contraption. We figured the whole thing wouldn’t take more than three months. Oh how wrong we were. Let me tell you what we were really in for.
''Dallas cube''
I’m Alexey Lavrenuke. Over the years, I’ve worn many hats: one of the authors behind Yandex.Tank, a speaker on load testing, and the guy who calculated energy consumption by mobile phones. Now I’m a Yandex.Rover developer on the self-driving car team.
After the phones and before Yandex.Rover, there was Hypercube.
A few years ago, the head of mobile development popped in to the load testing department and mentioned a problem they were having with test devices: phones had a tendency to inexplicably migrate from one desk to another. Picking the right device and then finding it had become a challenge. We already experienced working with mobile devices from building a digital ammeter to calculate energy consumption, so we decided to help our coworkers out and quickly rig up a handy contraption. We figured the whole thing wouldn’t take more than three months. Oh how wrong we were. Let me tell you what we were really in for.
''Dallas cube''
Making a demo for NES — HEOHdemo
26 min
There is a lengthy history of computer arts festivals, also known as demo parties, held in Russia over the last quarter century. For decades, once in a while people from all over the country gather together to compete in their ingenuity at getting what was once deemed impossible out of the old or new computer hardware and mere bytes of code. A few leading annual events has been established in the early years. One of them, creatively named CAFe (an acronym for Computer Art FEstival), was held in Kazan from 1999 to 2003. It went under the radar since, making the way for the everlasting Chaos Constructions (1999 — now) and DiHalt (2005 — now). After so long hiatus, the last year CAFe made a loud comeback, returning in full glory — at least by the number of prods released, if not in the scale of the event itself. Presentation of the compo entries went far into the night, with the last demos being shown at 6 AM to the popping eyes of the few hardy ones. There was my demo, too, and this is the story of its making.
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
6 min
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Tips and tricks from my Telegram-channel @pythonetc, December 2019
2 min
It is a new selection of tips and tricks about Python and programming from my Telegram-channel @pythonetc.
← Previous publications.
Different
asyncio tasks obviously have different stacks. You can view at all of them at any moment using asyncio.all_tasks() to get all currently running tasks and task.get_stack() to get a stack for each task.Hubs
Authors' contribution
alizar 94361.8marks 24166.6ru_vds 22864.9alexzfort 14179.0XaocCPS 10986.2ptsecurity 10891.7pronskiy 10649.4m1rko 10382.0Andrey2008 9907.2ph_piter 9899.7