Just the day before yesterday, the biggest developer community website in China, CSDN, was cracked, and the database is leaked. In the leaked database, the password was stored in plain text. People are tweeting password and security related message around...

在 昨天的研究 中，发现 BCrypt 最大的隐患在于性能。 BCrypt 的安全性是通过牺牲性能来获取的。 BCrypt 比传统 hash+salt 要安全一万倍，但是代价是使用 BCrypt 做认证对比密码和密文时候，性能也比 hash+salt 要慢一万倍。 所以，我得出一个结论。如果使用传统 hash+salt 需要 N 台认证服务器的话，那用 BCrypt 就需要添加 10000*N 台服务器才能达到同样的性能。比如一个邮件系统使用了 2 台服务器来专门作认证，那使用 BCrypt...

今天在 weibo.com 上看到一则消息说 , 用 md5/sha1+salt 的方法保存密码是不安全的 . 文章中用连续 9 个 Bcrypt 加感叹号来强调 , 保存密码一定要用 Bcrypt. 这个消息非常应景 , 因为 csdn.net 两天前把数据库弄丢了 , 里面的密码是明文保存的 . 我对密码和安全没有研究 , 但是在我粗浅的记忆中 , hash+salt 是非常主流的方法 . 如果说这样也不靠谱 , 那我正好借这个机会复习一下 . 我把密码安全分为两个等级 , 黄色和红色...

The Chinese version is available here (中文链接在): http://blogs.msdn.com/b/lixiong/archive/2011/12/03/win8.aspx Learning how things work internally has always been my favorite. The first thing I did was to launch debugger when I got Win8 installed....

我安装好Win8 CTP后做的第一件事情就是用调试器研究Win8各个组件的协作关系. 从我半天的研究结果看来, Win8真是一个让我爱不释手的产品. Win8里面涉及到的很多技术正好也是我的兴趣所在. 这篇文章简单回顾一下这些技术的变迁, 优缺点, 和对Win8的影响. 注意, 下面提到的对Win8的分析, 是基于公开的Win8 CTP来做的. 相信Win8面世的时候, 这些技术和细节, 都会发生重大改变. 所以这篇文章不具备实践上的指导价值. COM -Component Object...

To evaluate the possibility of using pure HTML for our next UI, I started to learn Javascript, Jquery and relative technology to build a prototype , which is a HTML single paged application. There is a test mode for testing purpose in my prototype...

Windows Server 2008 R2 has been released about 2 years now. It’s time to review my previous project which ships with Win2k8R2. The project was ADAC -- Active Directory Administrative Center. The main purpose for ADAC was to replace the old MMC...

最近对developer的贡献有一些感想. 简单的说, developer的特有贡献不在于产品, 而在于代码. 考虑这样的情况. 假设做出了一个成功的产品, 把产品卖出去, 和把这个产品的源代码卖出去, 是有本质差别的. 作为一个好的developer, 她会让这个产品的code base非常有价值. 因为任何人都可以很轻松的在上面进行二次生产. 而产品本身的好坏, 很多时候是受到这个团队左右的. Something I learned about being...

你可以说test对产品质量的贡献很重要 但是不要忘了 任何组织的资源都是有限的 有的组织 会冒险把很少很少的资源放在test上 这样他们在其它方面就会有显著的优势 所以 如果作为test的你 你要仔细想想 你是否为产品的进步 做出了相应的贡献 你是否能够说服你自己 把你这个资源放在test上 比把这个资源放在其它领域 是更有价值的 Yes, test is very important for...

最近二三事 我们项目组的产品: SystemCenter Advisor, RC了. 地址在: https://www.systemcenteradvisor.com 这是我给我们团队设计的T-Shirt. 在做了3年多的tester后, 我想尝试一下做dev的感觉. 希望我以后不要给tester带来太多麻烦. 在离开support后, 我基本上就不写blog了. 因为在研发领域, 我发现我不了解的东西太多了, 不敢妄言. 刚开始做test的时候, 觉得没有做support有趣...

Related reading: http://blogs.msdn.com/b/lixiong/archive/2009/12/05/ui-automation-under-the-hood.aspx http://blogs.msdn.com/b/lixiong/archive/2009/03/28/msaa-uia-brief-explanation.aspx Chinese: http://www.cnblogs.com/stbchina/archive/2010...

What should SDET CONTRIBUTE? I transferred to R&D group from support team 3 years ago. In the interview, I picked up SDE as my first choice, but the interviewer marked me as “suggest SDET”. I was suspicious about this conclusion, but it turns out...

UI Automation -- Under the Hood (1) The desktop development technology revolved from Win32 SDK, .NET WinForm to WPF and Silverlight. The relative UI Automation testing technology changes as well. This doc describes UI Automation technology on Windows...

MSAA, UIA brief explanation 中文链接 : http://eparg.spaces.live.com/blog/cns!59BFC22C0E7E1A76!4008.entry What is MSAA: http://msdn.microsoft.com/en-us/library/ms971310.aspx MSAA is the same as IAccessible Interface. The interface...

Section 3: UI Automation execution covers test hole which normal test cannot In previous sections, I discussed the UI Automation preparation and development. I want to deliver the message that UI Automation is not test repeating happens automatically...

Section 2: UI Automation development is an important, unique, and effective bug finding process If you think UI Automation is no more than repeating the manual testing automatically, you are completely wrong. Many people expect to record the...

My understanding of UI Automation Section 1: UI Automation means more to get a test result Section 2: UI Automation development is an important, unique, and effective bug finding process Section 3: UI Automation execution covers...

The hierarchy in flat memory: Heap and Stack This section discusses Heap, related heap corruption/memory leak, and how to use pageheap to troubleshoot. Heap is designed for efficiency use of the flat memory space In Chinese version,...

Exception and Debug Event, the feedback from OS This section will firstly brief exception related tech, and then use example to demonstrate how to use exception to troubleshoot effectively. Exception Brief Exception is a mechanism to...

Chapter Two, Assemnly code, Exception, Memory, Synchronization and Debugger (To save time, I will not translate the full Chinese content. I will skip some knowledge introduction) This chapter covers usermode debugging related knowledge and...

How the Chinese UI in SharePoint turns to English randomly. Problem Description: Windows SharePoint Portal is a web application that runs on .NET Framework, based on ASP.NET. The Administrator is able to configure the UI language, like English...

A boring, but typical, difficult case, ASP.NET session lost Problem Description It was an large ASP.NET project. In testing environment, everything is fine. In production environment, when the load went up, an unhandled NullReferenceException...

Problem Description: A customer called in, complained angrily. “A call to ShellExecute API, passing in a local txt file path, it opens a GIF file occasionally with the txt file! Definitely!” The customer was sure that the parameter was correct,...

1.0 Warm up. Firstly my mentor shared the following question with me: Why the image gets reversed in mirror horizontally, but vertically. I asked many people about this question, but seldom gave me the accurate answer in 3 mins. Some...

I almost finished my paper about "UserMode Effective Debugger" in Chinese, in my spare time. The paper is about how to debug application, like tess's blog. Now I will try to translate it to English here. The paper is divied into four parts. The first...