2 posts tagged with "Scarborough"

• 如果你有统一身份管理信息，可以到 https://scarborough.lzj.ac.cn/ 使用
• 出于合规原因，下面提及的功能目前不对互联网开放注册使用（仅科研及测试使用）。如果你是高校、科研机构的导师、或者我的朋友，请通过其它方式或邮件与我联系 jimmy@lzj.ac.cn。我会很高兴收到你的信息。

Scarborough 斯卡布罗​

Scarborough 是服务台框架，类似一个 Console，用户可以在 Scarborough 平台使用各种科学研究与服务工具。

平台作用​

我规划了许多的项目正在开发，包括知识库、数据仓、智能流控制系统、Limail 等工具。这些工具可以相互配合使用，比如可以使用 数据仓 的指定内容可以使用 智能流控制系统 自动归纳到个人的知识库中。

如果为每个平台独立开发一个 Console 将会无限增大开发与维护难度，也会造成使用的割裂感（特别是在移动端，不方便切换多页面的时候）。Scarborough 就像 一个巨大的集市一样，为各种工具提供一个统一的使用入口。以后会可能会陆续提及这些功能。

Limail 身份系统​

Limail 狸猫是一个消息与身份管理平台，旨在合法的情况下从根源上解决账号安全问题、消息混杂问题。

• 统一信息管理拟解决的问题：

1. 消息来源渠道过多，过于混乱问题。
2. 信息或通知信息熵与信息价混乱，错过重要信息或被无关消息浪费时间问题。
3. 验证码在一堆无关文字中无法迅速找到的问题。
4. 通过邮件或其它方式发送的验证码，无法快速复制的问题。
5. 消息来源无法验证，消息内容可能存在有害信息的问题。

• 在信息安全方面拟解决的问题：

1. 当你的一些识别信息，比如电子邮箱、手机号或者用户名被知晓后，这些信息可能会被用于尝试登录其他平台，以检查你是否在那些平台上也拥有账号的问题。
2. 在网购活动后，可能会出现频繁接到自动语音电话的情况的问题。
3. 点开一份邮件后，对方就已经收到你已读邮件的信息的问题。

上面的问题只是冰山一角，狸猫系统需要解决的问题不仅仅于此。

上图了​

这个网站终于终于，我把图片功能开发好了，丢张AI生成的图纪念一下：

提示词： 想象一个古代欧洲宫廷风格的数据中心油画：一座豪华的大厅，墙壁上挂着精美的壁毯和典雅的画作，天花板上有精致的雕刻和金箔装饰。在大厅中央，放置着服务器大型机柜排列着，上面装满了服务器设备。机柜之间，穿着传统宫廷服饰的人物（男性和女性，展现不同种族）忙碌地在机柜间来回走动，手持羽毛笔和硬盘。在一角，一个穿着华丽服饰的贵族（白人男性）正凝视着一个装饰繁复的屏幕，侧面还有几个人在使用MacBook。整个场景融合了古代欧洲宫廷的奢华与现代数据中心的科技感，展现了一种独特的时空融合。

让我们根据这个描述来生成相应的图像。

Recently, I have been busy with learning English and dealing with a sudden pile of school assignments. The homepage will be temporarily updated with content, and features will be added later as needed.

This is a history of my development in account management. If you're only interested in the technology I am currently using, please skip this historical part.

History​

• Back in 2008, when I set up my first page, I wanted to implement login and registration features. During my elementary school years, the most I could do was manage logins with Excel.
• Then in middle school, I came across VisualBasic, which made it easy to implement a login system. However, I faced two problems: VB programs were easily decompiled to reveal passwords, and I didn't know how to do online authentication (or even write server-side code). The second issue was that an exe program, especially one that was frequently updated, was hard to demonstrate to friends and difficult to distribute (after all, who knows if your program contains viruses).
• Still in middle school, I used VisualBasic to implement monitoring and basic management of multiple Windows servers, and a basic Web backend (returning a string or something similar, without any standards or JSON). Of course, I also implemented web login: account and password verification based on a 404 error for xxx.com/password.html not found.
• By high school, PHP had become "the best language in the world". I implemented login, but the account and password storage method was based on file storage. Looking back, using a database would have been much simpler than what I did with file-based storage, but I chose the most difficult path among the odd and challenging ones.
• In university, with more time on my hands, not only did I start using databases, but I also employed various databases and encryption methods. Below is the latest update on my account management mechanism.

Using Open Source Account Management​

Selection Introduction​

Currently, my approach to account management is domain control + single sign-on. Although I understand most of the principles and have implemented them, creating a complete visual interface is a huge task. So I turned my attention to current open-source projects, such as Zitadel. I have successfully integrated several platforms using Zitadel's SDK, but I've also encountered some pitfalls. I won't go into the specifics of integration and deployment in this blog, but I'll organize this information once I'm more settled (at least one foot on solid ground).

Concerns and Solutions (Out of Sight, Out of Mind)​

1. Could such a project suddenly start harvesting users? I think, if they do, then it's time to build my own (or find another one).
2. What if I encounter a bug I can't fix? Since it's an open-source project, just submit a PR and become a part of the open-source community.
3. Will publicizing my tech stack lead to targeted attacks? Yes, but it's inevitable. Even building my own system won't avoid vulnerabilities, and intentionally hiding my tech stack isn't easy, requiring changes at the core or foundational level. So for most of my projects, I choose not to deliberately hide any technology stack I use. I rely on honeypots, attack tracing, firewalls, and separating services from data for security.
4. Will the authentication system be subject to traffic attacks? Yes, but using a CDN is only for faster static responses. The defense steps are as follows: regional cleaning (region, ASN, operator), then full cleaning, attack tracing, and feature recording (the rest depends on the law). The intent of the attack is also important. I categorize them into three types: accidental, unavoidable. For random attacks, if it's just for fun... why not consider contacting me and becoming friends rather than enemies? For malicious attacks... well, thanks?

Account Allocation​

Currently, I will make as many tools and services publicly available as possible, but some resources are either too costly or need to be protected (like my graduation project), so I have to implement identity verification. Please understand.

Can I get an account? For compliance reasons, I currently do not provide any information registration channels. If you are a faculty member of a college, a scientific research institution, or a good friend of mine, please contact me via email or other means at jimmy@lzj.ac.cn. I would be delighted to hear from you.