Author Archives: Xu Weidong

XXE attack and mitigation

Recently I’ve got a security violation report from Sonar. It is the XXE attack. This is indeed a scary scenario, with attacker able to access server internal file with ease. The simplest approach is to disable this feature. However in … Continue reading

Posted in Computer and Internet, Programming and Algorithm | Tagged | Leave a comment

在线课程推荐:Astrophysics: The Violent Universe

edX 在线课程 Astrophysics: The Violent Universe 很多人都知道宇宙中除恒星之外的那些奇异天体:白矮星,中子星,黑洞,也听说过诸如新星和超新星这样的暂态现象。然而多数人并不了解人类是如何发现和理解数万乃至数亿光年之外的天体的物理形态和物质组成。 得益于科学和技术进步,一方面,更大更精确的天文望远镜成为可能,最终有了大气层外的哈伯太空望远镜;另一方面,无线电,X射线,gamma射线,乃至中微子和引力波的发现则进一步拓宽了观测手段。 而量子力学和相对论的理论突破则提供了理解和计算这些极端条件下的天体构成的手段和方法。 该 Astrophysics 系列由4门课程组成: Greatest Unsolved Mysteries of the Universe Exploring Exoplanets The Violent Universe Cosmology

Posted in Science | Tagged | Leave a comment


简易版的杭州毅行线路。龙井村 十里琅珰 上至 真际寺,下到 九溪烟树,再上至 贵人阁,下到 虎跑泉 结束。全程两座山,十几公里。

Gallery | Leave a comment

Oracle 某项目的 Database Design Guidelines

涉及用户数据的表必须有USER_ID列。主要为了sharding。相应的,表和索引基于USER_ID做partition。 使用基本构造。Heap表,B-tree索引,VARCHAR2(数据库整体应该已经是unicode编码了)。 不使用Trigger。这部分逻辑应该放在中间层。 不使用PL/SQL。同上。 数据生命周期。主要是注意数据的清理。 不使用并行操作。大多数时间并不只有一个模块在运行。 不在运行时使用DDL。DDL只在downtime执行。 可以的话使用global temporary table。 不使用foreign key。这个比较意外,主要是为了migration方便。 压缩索引。使用”COMPRESS ADVANCED LOW”。

Posted in Computer and Internet | Tagged | Leave a comment

Ozymandias by Percy Shelley

I met a traveller from an antique land Who said: Two vast and trunkless legs of stone Stand in the desert… near them, on the sand, Half sunk, a shattered visage lies, whose frown, And wrinkled lip, and sneer of … Continue reading

Posted in Book, Entertainment | Leave a comment


This gallery contains 2 photos.

Gallery | Tagged | Leave a comment

Learning with XGBoost

There is a Mercedes-Benz Greener Manufacturing competition hosted on Kaggle. Data size is small and relatively simple, so it fits well as a quick weekend diversion. As usual, before modeling the data, pre-processing is required. In this case, the categorical … Continue reading

Posted in Computer and Internet, Machine Learning | Tagged | Leave a comment