⽬录遍历 Apache ActiveMQ 未授权访问,5.12 之前的版本 fileserver存在 PUT任意写 CVE-2015-5254 Apache Solr CVE-2017-12629 CVE-2019-0193 [ Apache Solr 5.x - 8.2.0 ] Apache Zookeeper 未授权访问,敏感信息泄露 Apache Shiro

Product Ops  Product Management  Every technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  Oracle, DB2, SQL Server  How we got better  We read and we studied.

& Assessment, LLC A Few Themes Getting in Our Own Way: First, that we have locked ourselves into a frame of reference that is getting in our way as we try to become Agile. This frame of reference includes execution and when we substitute execution according to plan for thinking and adapting. A Better Way to Plan: Nevertheless, planning is important. In my role, I need to decide whether to allow an initiative Requirements Requirements simply don’t exist: A requirement is a constraint. It is a way of saying “create value this way, rather than other ways.” Really, a requirement is a constraint masquerading as a

the key values of the contractor-control model. But it doesn’t. Requirements: Requirements are a way of controlling the development team by constraining their creativity. Instead of requirements, we fit.I don’t mean that standards are bad. Let’s just agree that they might be overrated. A Better Way – Treat IT as an Enterprise Asset (EA): When we add all of our current IT capabilities together, we cause expensive break-fix activity.  It has good monitoring tools in place.  It is coded in a way that resists hard-to-find defects like concurrency errors. Build Versus Buy Everyone knows that in

custom development. Governance and Oversight: Governance has traditionally been viewed as a filter; a way of allocating scarce IT resources among many competing projects. But in a world where IT is integral negative impact resulting from uncertainty. We can reduce risk—often at a cost —but there is generally no way to eliminate it.  Almost all of our decisions have potential negative consequences, if only the opportunity risks are bounded and can be itemized, that we can know the risks in advance, and that we have a way to (try to) control them.  The relationship between uncertainty, risk, and change is far too complicated

effectively. Figure 1 Agile Acquisition Guidebook Venn Diagram Because there is no single right way to “do Agile,” program managers can adopt the Agile practices that best suit their program and environment 1. What did you do yesterday? 2. What are you going to do today? 3. What obstacles are in your way? At the end of each sprint, the development team demonstrates the functionality to users and other apply some new methods, and rename your milestones to ‘iteration exit.’ Agile will challenge the way your organization is set up, and it will affect the daily work of each individual.” — Strober and

Ways [2] The First Way emphasizes the performance of the entire system, as opposed to the performance of a specific silo of work or department. The outcomes of putting the First Way into practice include flow, and always seeking to achieve profound understanding of the system (as per Deming). The Second Way is about creating the right to left feedback loops. The goal of almost any process improvement initiative Second Way include understanding and responding to all customers, internal and external, shortening and amplifying all feedback loops, and embedding knowledge where we need it. The Third Way is about

The DevOps Handbook – Part 4: The Second Way – The Technical Practices of Feedback 1. Introduction a. Goal – Implement fast feedback loops i. Enable working towards shared goals ii. See problems as just in case it decides to make a run for it…Tracking everything is key to moving fast, but the only way to do it is to make tracking anything easy…We enable engineers to track what they need to track, at kept apologizing, saying things like, “Sorry, there’s probably a better way to do this.” Unfortunately, there wasn’t a better way to do that operation.” d. HAVE DEVELOPERS INITIALLY SELF-MANAGE THEIR

was small batch sizes of work b. Agile, Continuous Delivery, and the Three Ways 7 c. The First Way: The Principles of Flow 15 i. MAKE OUR WORK VISIBLE 1. A significant difference between technology e. Waiting: f. Motion: g. Defects: h. Nonstandard or manual work:i. Heroics: d. The Second Way: The Principles of Feedback 27 i. KEEP PUSHING QUALITY CLOSER TO THE SOURCE 1. In complex systems need to provide feedback to everyone as quickly as possible, in minutes, not months.” e. The Third Way: The Principles of Continual Learning and Experimentation 37 i. culture of fear and low trust 1.

The DevOps Handbook – Parts 5 & 6 – Part 5: The Third Way – The Technical Practices of Continual Learning and Experimentation; 1. Introduction a. Goal – practices to enable learning as quickly, frequently POST-MORTEM MEETINGS AFTER ACCIDENTS OCCUR i. Blameless Post-Mortem – meeting to examine “mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision- making process CODE REPOSITORY FOR OUR ENTIRE ORGANIZATION i. Firm-wide shared source code repository is powerful way to share local discoveries to the entire organization 1. Configuration standards for libraries, infrastructure