Sorrows and joys are summarized older programmers technical management of the road

Others 2019-12-24 12:30:09 views: null

Born in China this piece of land, we do program development people have to face many challenges. As long as there is life, the challenge will never stop.

Such as the recent crazy pass of 35-year-old programmer delivery boy. This clearly points out to engage in development in China, one of the challenges to be faced: age.

Throughout the IT field, most developers are all ordinary people. Only a handful of people can stand forward and lead the cutting-edge technology to technology. So, ordinary developer, also easily be replaced by newcomers. New more affordable, small pressure. And in the case of old technology developers ceiling can not be broken. To face the pattern followed a group of children from dawn to dusk work together. Even appears they are too old, top leaders also small lot-year-old dilemma than themselves.

Sure some people will say that our group of elderly hypocritical. However, few people can do no waves inside it?

This blog is mainly written for our group of developers ordinary situation. Allow me here to the sale of anxiety.

First, the system architecture

As a technology that route, eventually partial architecture direction. Even with technical manager or director. We must have a certain stock of knowledge of the system architecture, in order to prepare to make accurate judgments on the architecture to build and change the team.

This is not to say we have to design the system architecture of some of the more than ten million level PV. As an ordinary developer, to touch millions of platform is relatively not a lot of opportunities. Even if the contact, and also just the platform inside a small screw. To be able to dominate the architecture design, also slightly immature. Once again, I explain, here just only for ordinary developers. It does not refer to those cutting-edge high-tech talent.

In my philosophy among the thousands of levels and below PV framework, usually less than micro-services. So, do not use the service to micro-pit yourself. Increase the complexity of the architecture.

In this system, there are the following technologies / services / documentation may be that we be involved:

  • Queuing Service: Redis, Kafka, RabbitMQ messaging services such as middleware.
  • Cache Service: Redis, Memcache. Here it is not recommended Memcache.
  • Multi-process / multi-thread: asynchronous processing is used to calculate the number of CPU-intensive data processing tasks or asynchronous push, SMS and other tasks.
  • Load Balancing Service: Ali cloud can be used sophisticated load balancing service SLB service.
  • Log storage and analysis services: ELK often hear belongs to a group combination. However, I recommend using Ali cloud logging service. Integrated alarm function. This very practical.
  • File storage services: The system uploads files can not be stored together with the business server. It will affect the server's bandwidth services. Resulting in delays and data exchange timeout business visit. Ali cloud OSS can be used. Generally million level storage systems such as self service, it's just not worth the cost.
  • CDN services: Even if we use a separate folder to store a file server. However, in the time of the visit because the user is in a different network (Telecom, China Mobile, China Unicom), as well as different regions (South / North). So, CDN will speed up user access to files. Enhance the user experience.
  • Database: a master multi-slave architecture. Specific number from the database to be designed according to their volume of business. Ali cloud platform for small and medium generally use the RDS is more cost-effective than self-built database services. Otherwise, the team will be equipped with a professional DBA to maintain the database server. Recommended Ali cloud RDS service. correct. Here that the MySQL database. Other ignore.
  • Monitoring system: now like Ali cloud platform, provides monitoring services. Like server CPU, memory usage alarm. Alarm database resources. Self-built, not only would someone need to maintain, may also result in a loss caused by inadequate monitoring. Ten million PV level is not recommended.
  • Private network VPC: this is said Ali cloud VPC service. Of course, there are other cloud platforms. Its core function is to manage all their virtual servers on a network. Avoid direct access to the external network, or directly access the Internet. To be more direct point is to avoid the risk.

Like me, an ordinary developer older, experienced a lot of large and small projects. To really be able to reach tens of millions of very small level of PV. Challenges usually faced with the following:

  • QPS: i.e. requests per second. Usually we can support server 2000 + can be. Unless to do this type of spike activity snapped, otherwise a lot of Web businesses will never use 2000+.
  • Massive data: database often restrict performance. It is important for mass data storage on the display. For example, orders sub-library sub-table to resolve. Sub-table to solve the single-table query performance, resolve into a single database performance.

Second, the site hijacking

Website Hijack This is a general name for. There are several actual hijacking:

  • Jump URL hijacking type: Input domain A, domain B forced to jump.
  • Injection type hijacking.
  • DNS hijacking.

The injection type hijacking, was divided into the following categories:

  • JS class injection hijacking: JS inject code for hijacking a normal page. Common carrier is forced to inject ads JS.
  • iframe hijacking class: the normal page or a page in an iframe increase iframe page.
  • Tampering page class hijacking: normal hijack web page appears superfluous label, resulting in overall page size changes.

DNS hijacking:
At work, there is often a user feedback with our customer service colleagues can not open App or error. This part of which is due to DNS hijacking. App request interface after hijacking get data or get specific data, will certainly be an error. Affect the normal user access.

Jump type URL hijacking hijacking and injection type can be resolved by way of HTTPS. The DNS hijacking would rather special.

About way to resolve DNS hijacking is to be resolved through direct access to the DNS trusted. Because this DNS hijacking is usually caused by operator Local DNS cache issues. For example, the attacker contaminates the root DNS servers. Cause pollution caused operators to synchronize data. Natural access will be a problem.

Fortunately, we can use a similar HTTPDNS Ali cloud services platform provided by this. To solve the problem of DNS hijacking.
HTTPDNS functional properties:

  • Anti-hijacking: bypass the operators Local DNS, domain name hijacking avoid, so that every time access is unimpeded.
  • Precise scheduling: based on the source IP access, to obtain the most accurate analysis results, allowing the client access to nearby business node.
  • 0ms resolve the delay: the pre-resolving domain name via hotspot, caching DNS resolution result, the analysis result lazy update strategy, etc. to achieve 0 delay to resolve.
  • Rapid entry into force: Avoid Local DNS authority does not follow TTL, resolve the problem of the results for a long time can not be updated.
  • Analytical reduced failure rate: effective to reduce the ratio of failure in a wireless scenario parsing.
  • Stable and reliable: 99.9% availability, to ensure stable and reliable DNS service.

Third, the system security

System security really really particularly important. As a developer veteran, hearts always have a string: the first of millions of lines of code, security.

Common security:

  • Network security: all the service server through a dedicated network isolation network VPC, then purchase the fortress machine server management.
  • Password strength: administrator account must be mixed case and containing a number 20 or more in length. Service system user password can not be purely digital and the length must be greater than eight. While avoiding continuous same password. For example: AAAAAAAA.
  • Password changed regularly: Whether the password again perfectly preserved, there will always miss lead to information disclosure. The regular replacement can detect and block these vulnerabilities. Recommended every three months to replace.
  • SQL-injection: now basically mature language has a complete set of anti-implantation mechanism. For example, pre-language PHP PDO extension mechanism provided (of course, the database must support the pre-treatment).
  • XSS (cross-site scripting attacks): XSS able to intercept the user's private Web content, Cookie data. JavaScript script is usually caused. The best way is to turn the text storage.
  • CSRF (cross-site request forgery): lethal. All sensitive data reading and writing operations using the POST limits. And it does not allow cross-domain request. When submitting information, do the authentication token restrictions once.
  • File upload vulnerability: mainly to avoid users to upload malicious script code to get to see our rights. The solution is to strictly limit the extension of the uploaded file. Meanwhile upload files into professional file server. For example, put on the OSS server Ali cloud provides.

Fourth, the code specification

Even if you are the type of outsourcing or establishment of project development, code specifications can help you reduce the pain caused by maintenance project cross.
Whether backend PHP, Java, Go, or Web front-end, or Android / iOS client. There must be a code specifications.

  • General specifications current PHP code: PSR .
  • Java code standards: Most will follow Ali set out to develop open-source specification. Search Keywords: Ali official Java code specifications.
  • Go: itself himself on behalf of a set of coding standards. Can directly follow the norms of language.
  • Web front-end code specification: Currently online a lot about finishing this specification. Reference can be set.
  • Android code specification: https://blog.csdn.net/jun5753/article/details/83786825
  • iOS code specification: http://www.cocoachina.com/articles/19599

In fact, this thing is a code specification convention provisions. Not a layer of the same dogma. Local conditions should be in the form of use. It can not be applied mechanically. Generally no problem as long as the small team can be. Large groups may need special mechanisms Review code, as well as auxiliary plug-in code submitted to verify the code specifications.

Fifth, work reports

If you are the boss probably you do not need to report up work. Otherwise, no matter what class, the work report must be the work of an important part. And each level of employee reporting to work the way there are different priorities.

This refers to the work report, rather than project progress report.

(1) non-core development staff

Such employees should report to work the following points:

  • Specifically what had been done. Percent complete. Such as: Sign-featured development. When the three days have been used. The progress of 80%.
  • What are the problems encountered. What work experience technical problems, whether they can do it, if you do not get if requested before the core development team leader level or assistance.
  • Follow-up plan. This is to allow the head of department and managers know what the next task should be to make arrangements.

(2) core development staff

Such employees as the core output. And non-core development staff is still a difference:

  • Specifically what work is completed.
  • Working encountered.
  • Non-core development assistance what had been done.
  • Follow-up plan.

The core staff focus was on the core business of writing code. And guidance and assist with various problems encountered by non-core development staff. When necessary, employees also need this here in the bottom tier of technical training. Enabling them to quickly grow slowly grow into the core staff.
Secondly, key employees not only identify problems but also solve the problem. When department managers need to make decisions, it is with A / B to the decision-making scheme.

(3) the director level employees

This is actually a type of staff and core development staff almost. Coordination will be assigned to work in a layer above the core staff development.

Sixth, clear responsibilities

This is for the purposes of development of technology transfer management of route people. Let every developer knows exactly what they are responsible. The truth is that duties and responsibilities.
If the responsibilities are not clear, some have nothing to do with the mentality of inaccessible people, it can cause things get difficult to advance. Only after a clear mandate, when things are not run, you know who is responsible.

Seven, performance appraisal

The sixth point echoes. The only difficulty is to be able to make timely and accurate assessment of the liability, the performance buckle buckle performance. This award will reward. We must not dragging its feet, indecisive. Especially in the case of refusal over Justifying occur.

Eight, up and down relationship

Many had just transferred the management of people have developed a fault. To find technical strength to make people obey. This is clearly not appropriate. Technical ability is important, but not upside down. Thousands and thousands of world technology. To do this thinking technology management. I believe that few people can not sit firm in this world.

So, technology is much more to this thing, that is something to be concerned about the theory. Such was the crucial moment can make the right choice.

Some people also think keep following people mingle to make others subject to their own working arrangements. I do not think so. Work in the lead up to disobedience or opinions contrary to those who tried to please you usually are. When we do manage only need to uphold the principles of fair and open, and to treat everyone to work.

Those who do not want to obey, whether to pay a good relationship or far, should promptly stop and criticism. If still the case, it is his personal problem the problem, not our management. Unless we work arrangements indeed a serious injustice unreasonable situation.

These are some conclusions of their own blind force force.

The management job, it's not easy to do. But fortunately able to repair the break to learn some practical experience in here to test their deficiencies. But also the honor of the thing.

Guess you like

Origin www.cnblogs.com/daniumiqi/p/12090681.html
Recommended
Open Source Daily | Altman's Seven Deadly Sins; Microsoft Bing is down globally; the United States restricts AI exports; phase out VBScript; PostgreSQL 17
Ranking
Track news source code analysis RocketMQ
marked.js implements markdown table to HTML table, and then converts to json
Impossible d'ajouter la fenêtre android.view.ViewRootImpl$W@9b9fc47 -- autorisation refusée pour le type de fenêtre 2002
2019 digital-analog felt
[JS] study notes the first day of entry Vue.js
How to compare generic structs in C++?
CleanMyMac2024 free license activation code
20191213_bind DNS
Recursive (VI): Recursive applet to read
Jetson installs Anaconda (miniforge3)
Daily
More
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)

Code World

© 2018 codetd.com