Monday, September 25, 2017

马云金句

态度比能力重要,选择同样也比能力重要!
做企业赢在细节,输在格局。
领导永远不要跟下属比技能,下属肯定比你强。
你的职责是什么?比别人多勤奋一点、多努力一点、多一点理想,这就是你的职责。
如果一辈子都做事的话,忘了做人,将来一定会后悔。
别把抱怨当习惯。
世界不会记得你说了什么,但一定不会忘记你做了什么!
客户第一、员工第二、股东第三。
心态决定姿态,姿态决定状态。
今天很残酷,明天更残酷,后天很美好。
创业最怕就是看不见,看不起,看不懂,跟不上。


https://mp.weixin.qq.com/s/A1xu3Yu4QWV7pzVV5oFxtA

Wednesday, September 20, 2017

CSP (Content Security Policy)

CSP (Content Security Policy) is a tool which developers can use to lock down their applications in various ways, mitigating the risk of content injection vulnerabilities such as cross-site scripting, and reducing the privilege with which their applications execute.

CSP is not intended as a first line of defense against content injection vulnerabilities. Instead, CSP is best used as defense-in-depth. It reduces the harm that a malicious injection can cause, but it is not a replacement for careful input validation and output encoding.

Besides CSP, Web application should try to avoid Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) etc security attacks.

There are two options to implement CSP, one is on server side through HTTP response header, the other is client side through HTML meta element. Here are the details:

The Content-Security-Policy HTTP response header field is the preferred mechanism for delivering a policy from a server to a client.
Content-Security-Policy: script-src 'self';
                         report-to csp-reporting-endpoint
The Content-Security-Policy-Report-Only HTTP response header field allows web developers to experiment with policies by monitoring (but not enforcing) their effects.
Content-Security-Policy-Report-Only: script-src 'self';
                                     report-to csp-reporting-endpoint
A Document may deliver a policy via one or more HTML meta elements whose http-equiv attributes are an ASCII case-insensitive match for the string "Content-Security-Policy".
<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
There are many directives including script-src, frame-src, style-src, image-src etc to define the content security policies. For details, please check out https://www.w3.org/TR/CSP

Thursday, September 14, 2017

Fucoidan - 褐藻多糖硫酸酯

Fucoidan is a natural food compound with a funny name that has shown promise in fighting cancer. Found in many forms of brown seaweed, fucoidan is a type of complex carbohydrate called a polysaccrharide and is composed of various sugars, sugar acids and sulfur-containing groups. While seaweed has been a staple food in Asian countries for thousands of years, brown seaweed has only been the focus of research for the past decade. Fucoidan, in particular, has received the most attention.

http://www.cancercenter.com/discussions/blog/fucoidan-may-help-fight-cancer-but-research-is-still-early/

In US market, there are two categories of Fucoidan.

One is imported from Japan price around $300:
Nature Medic Fucoidan Powered with AHCC  (http://www.naturemdc.com/)
Umi No Shizuku Fucoidan Umi - 120 capsules (http://www.kfucoidan.com/
http://www.fucoidanllc.com/)
YOHO MEKABU FUCOIDAN

Another is regular supplement, pricing around $30:
Absonutrix 500mg Fucoidan Pure Brown Seaweed Extract 120 Capsules
Optimized Fucoidan with Maritech 926 - Life Extension - 60 Veggie Caps
Doctor's Best Fucoidan 70%, Non-GMO, Vegan, Gluten Free, 60 Veggie Caps

You can also search Fucoidan on amazon and ebay