Skip to content

Latest commit

 

History

History
196 lines (145 loc) · 22.5 KB

0716.md

File metadata and controls

196 lines (145 loc) · 22.5 KB

2018.07.16 - Two-factor authentication protection for packages

业界会议

ICML International Conference on Machine Learning
https://icml.cc/Conferences/2018
附:Google At ICML 2018DeepMind papers at ICML 2018Facebook researchers win Test of Time award at ICML 2018

深阅读

Postmortem for Malicious Packages Published
https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes
On July 12th, 2018, an attacker compromised the npm account of an ESLint maintainer and published malicious versions of the eslint-scope and eslint-config-eslint packages to the npm registry. On installation, the malicious packages downloaded and executed code from pastebin.com which sent the contents of the user’s .npmrc file to the attacker. An .npmrc file typically contains access tokens for publishing to npm. 附:How to revoke npm tokens and clear node_modules recursively after eslint-scope hackIncident report: npm, Inc. operations incident of July 12, 2018ESLint backdoor: revoke all the tokensTwo-factor authentication protection for packages.

Goodbye Microservices: From 100s of problem children to 1 superstar
https://segment.com/blog/goodbye-microservices/
In early 2017 we reached a tipping point with a core piece of Segment’s product. It seemed as if we were falling from the microservices tree, hitting every branch on the way down. Instead of enabling us to move faster, the small team found themselves mired in exploding complexity. Essential benefits of this architecture became burdens. As our velocity plummeted, our defect rate exploded. Eventually, the team found themselves unable to make headway, with 3 full-time engineers spending most of their time just keeping the system alive. Something had to change. This post is the story of how we took a step back and embraced an approach that aligned well with our product requirements and needs of the team. 另附:Newsround, nanoservices and serverless.

Service Mesh and the Promise of Istio
https://thenewstack.io/service-mesh-and-the-promise-of-istio/
In a microservices environment, neither of these options is ideal. The application overlay approach is application aware and can perform sophisticated content-based routing, but it will lead to a large amount of redundant code in each service and potentially a lower performance. Conversely, relying on traditional L3 or L4 networking means that it has neither the concept nor the visibility of service requests, which are critical to making optimal routing decisions. This is why service mesh is so appealing for the microservice environment — it operates at the L7 level, but is separate from the application code and can enforce L3/L4 policies with app-level insight. To understand this point, we must first dig into the architecture of service mesh.

Thank You for Your Help NoSQL, but We Got It from Here
http://blog.memsql.com/nosql/
It’s time for us to admit what we have all known is true for a long time; NoSQL is the wrong tool for many of the modern application use cases, and it’s time that we move on.

洞察 video 超能力系列——玩转 mp4. https://techblog.toutiao.com/2018/07/09/untitled-51/
只要在 HTML5 中使用过视频播放的同学对 video 标签一定不会陌生,不过很多同学只使用了 video 的基础功能,实际上 video 拥有强大潜能的,只要姿势正确就能让其拥有超能力。不妨从下面几个场景来逐渐了解下video 未曾被发掘的神秘空间: * 清晰度无缝切换 * 节省视频流量。另附:揭秘视频网站video视频倍速播放的实现

移动持续集成在大众点评的实践
https://tech.meituan.com/mci.html
MCI(Mobile continuous integration)是大众点评移动端团队多年来实践总结出来的一套行之有效的架构体系。它能实际解决移动项目中依赖复杂、研发流程琐碎、构建速度慢的问题,同时接入MCI架构体系的移动项目能真正有效实现App质量的提升。

编程人生:毕业到迈入工作的第五年
https://mp.weixin.qq.com/s?__biz=MjM5Mjg4NDMwMA==&mid=2652975960&idx=1&sn=9539d222eae7a50ddb5ca7d42a24a28f
每年,在这个时候,充满了悲欢离合,也总能看到各种活蹦乱跳的小鲜肉。我们毕业了,我们开始赚钱了,我们踏上了一条不归路……。结束一段旅程,开始填新的坑,或者挖一个坑。我总习惯性的会做一些“反省”、总结的文章,它可以帮助我重新回到 “正轨” 上,指出到下一阶段我所需要的内容。另附: Phodal 的前后端分离团队的资源浪费

微信小程序的下一步:支持NPM、小程序云、可视化编程、支持分包 https://mp.weixin.qq.com/s?__biz=MzUxMzcxMzE5Ng==&mid=2247489190&idx=1&sn=f10a16e2ac08c07c43cbdad76a1f2ec9
微信公开课微信小程序技术专场在上海举行,会上,微信公布了面向开发者的技术规划,内容主要包括小程序技术能力与规划、小程序生态体系、小程序性能优化三个方面。

Javascript Framework Comparison with Examples (React, Vue & Hyperapp)
https://hackernoon.com/javascript-framework-comparison-with-examples-react-vue-hyperapp-97f064fb468d
In my previous article, I tried to explain why I think Hyperapp is a viable alternative to React or Vue and the reasons I found it easier to get started with it. Lots of people criticized that piece, as it was opinionated and didn’t give the other frameworks a proper chance to shine. So, in this article, I’m going to try to compare these three frameworks as objectively as possible, by providing some minimal examples to showcase their capabilities.

Out of Depth with Flutter
https://medium.com/flutter-io/out-of-depth-with-flutter-f683c29305a8
In my experience using Flutter (as a member of the Flutter team), development speed is achieved primarily through the following: Stateful hot reload; Reactive programming; Composition; UI as code.

LinkedIn Lite: A Server-Side Rendered PWA
https://engineering.linkedin.com/blog/2018/07/linkedin-lite--a-server-side-rendered-pwa
A couple of months ago, we shared details about LinkedIn Lite's architecture, its evolution as a light-weight mobile web experience, and how it became a huge success in emerging markets. As a pure server-side rendered web app, it was fast, but it wasn’t providing a good user experience.

Evolving the MediaWiki platform: Why we replaced Tidy with a HTML5 parser
https://blog.wikimedia.org/2018/07/09/tidy-html5-replacement/
Three years ago, the Wikimedia Foundation’s Parsing Team decided to replace Tidy, a tool to fix HTML errors, with an HTML5-based tool. Here’s what we did in that time period, and what kind of complexities we faced in changing pieces of the technical infrastructure powering Wikimedia wikis.

Building a real-time user action counting system for ads
https://medium.com/@Pinterest_Engineering/building-a-real-time-user-action-counting-system-for-ads-88a60d9c9a
The Pinterest ads team’s mission is to provide the best experience for both Pinners and advertisers. Our ads system is a real-time bidding system that delivers targeted ads based on a variety of attributes. One of the major behavioral attributes is user action counts, the count for a Pinner’s past clicks, impressions and other actions on ads. An important part of user action counts is frequency control, which sets a maximum number of times an ad is shown to a Pinner (impression counts over a period of time enforce this limit).

XARs: An efficient system for self-contained executables
https://code.fb.com/data-infrastructure/xars-a-more-efficient-open-source-system-for-self-contained-executables/
XARs can be used to deploy Python virtual environments, bundle Node.js applications, and even Lua tools. This can result in efficiency wins from lowered overhead for many types of Python tools, reduced size of the binaries deployed, and offer a more reliable production environment for Python tooling. 另附:Talk the Walk: Teaching AI systems to navigate New York through language.

Event Sourcing in Action with eBay's Continuous Delivery Team
https://www.ebayinc.com/stories/blogs/tech/event-sourcing-connecting-the-dots-for-a-better-future/
https://www.ebayinc.com/stories/blogs/tech/event-sourcing-in-action-with-ebays-continuous-delivery-team/
Using an Event-centric approach has enabled our team at eBay to scale to handle millions of events with the resiliency to recover from failures as quickly and reliably as possible. Though similar approaches have been widely adopted to augment large-scale data applications, for eBay's Continuous Delivery team, Event Sourcing is at the heart of decision-making and application development. To that end, we've built a system that continuously scales and tests our ability to handle an increasing volume of events and an ever growing list of external data sources and partner integrations.

Simple, correct, fast: in that order
https://drewdevault.com/2018/07/09/Simple-correct-fast.html
The single most important quality in a piece of software is simplicity. It’s more important than doing the task you set out to achieve. It’s more important than performance. The reason is straightforward: if your solution is not simple, it will not be correct or fast.

Learning To Code By Writing Code Poems
https://www.smashingmagazine.com/2018/07/writing-code-poems/
Learning to code can be tough. In this article, Murat shares his advice on how writing code differently and poetically has helped him overcome his initial struggles and insecurities.

Google Cloud Platform - The Good, Bad, and Ugly (It's Mostly Good)
https://www.deps.co/blog/google-cloud-platform-good-bad-ugly/
A note up front, these are solely my experiences, and it’s quite possible that I’ve misunderstood or misrepresented things here. If I’ve made any mistakes, let me know so I can correct them. I only talk about services that I have experience using. There are a bunch of really good looking services like Google Kubernetes Engine, Google App Engine, and BigQuery, but I haven’t used them enough (or at all) to be able to give a review on them.

新鲜货

Introducing Jib — build Java Docker images better
https://cloudplatform.googleblog.com/2018/07/introducing-jib-build-java-docker-images-better.html
To address this challenge, we're excited to announce Jib, an open-source Java containerizer from Google that lets Java developers build containers using the Java tools they know. Jib is a fast and simple container image builder that handles all the steps of packaging your application into a container image. 另附:Minimal Ubuntu, on public clouds and Docker Hub.

npm Joins ECMA International and TC39
https://blog.npmjs.org/post/175722319045/npm-joins-ecma-international-and-tc39
We’re excited to announce that npm has joined ECMA International and is participating in TC39, the working group of ECMA International that defines the standard for the JavaScript programming language.

Bringing GraphQL to Octokit.NET
https://blog.github.com/2018-07-13-graphql-for-octokit/
If you’ve built apps that connect with GitHub, you are no doubt familiar with Octokit. GitHub offers three official flavors of the easy-to-use Octokit library—one for Ruby, .NET, and Node.js—that work with the GitHub REST API v3. Back in September of 2016, we announced that we would move to GraphQL, the query language developed by Facebook, in part due to the ability to fetch all of the data we wanted in a single request. As a result, the GitHub API v4 is built on GraphQL instead of REST. 另附:Release Radar · June 2018Supercharging the Git Commit Graph III: Generations and Graph Algorithms.

Announcing TypeScript 3.0 RC
https://blogs.msdn.microsoft.com/typescript/2018/07/12/announcing-typescript-3-0-rc/
We’ll be discussing a few major items going into TypeScript 3.0: Project references, Extracting and spreading parameter lists with tuples, Richer tuple types, The unknown type, Support for React’s defaultProps.

State of Kotlin 2018
https://pusher.com/state-of-kotlin
From Google announcing Kotlin support in Android a year ago, to over 100k respondents of the StackOverflow survey voting it the second most loved language, JetBrains’ baby is thriving. At Pusher, we wanted to learn what’s so special about Kotlin so we decided to dig deeper. We surveyed 2,744 people from January to March 2018 and took the pulse of the ecosystem. 另附:Kotlin on the server at Khan Academy.

NGINX Unit 1.3 Available Now
https://www.nginx.com/blog/nginx-unit-1-3-available-now/
NGINX Unit 1.3 includes these new features: New settings object in the configuration API; Configuration of HTTP timeouts; Configuration of request body size limit; Automatic use of Bundler for Ruby applications; Ansible integration. These new features make your applications more configurable. All parameters can be defined dynamically, without any disruption to running services or loss of connectivity.

Bootstrap 4.1.2
http://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
Beyond the file structure changes, here are the highlights for v4.1.2: Fixed an XSS vulnerability in tooltip, collapse, and scrollspy plugins; Improved how we query elements in our JavaScript plugins; Inline SVGs now have the same vertical alignment as images; Fixed issues with double transitions on carousels…

The Ultimate Guide to Learning CSS
https://zendev.com/ultimate-guide-to-learning-css.html
If you have particular areas of CSS you want to brush up on, you can use the table of contents to jump to them. If you're looking for comprehensive "learn everything from a single source" resources, you should jump down to comprehensive resources and courses. And finally, if you're looking for ways to stay up to date, the newsletters portion at the very end will give you a number of options for continuing to hear about the latest and greatest. 另附:9 CSS in JS Libraries You Should Know in 2018.

React/Redux Style Guide
https://github.com/iraycd/React-Redux-Styleguide
This is a working set of guidelines for developing React applications. We say "guideline" because there are no hard-and-fast rules; best practices, patterns and technology change over time, so we consider this a living set of style guides.

Toast UI ImageEditor
https://github.com/nhnent/tui.image-editor
Full featured image editor using HTML5 Canvas. It's easy to use and provides powerful filters.

ReaKit
https://reakit.io/
Toolkit for building interactive UIs with React

React Fiber renderer for PIXI
https://reactpixi.org/#/
A custom React 16+ (Fiber) renderer. Write PIXI applications using React declarative style.

Kleur
https://github.com/lukeed/kleur
The fastest Node.js library for formatting terminal text with ANSI colors~!

Phenomenon
https://github.com/vaneenige/phenomenon
Phenomenon is a very small, low-level WebGL library that provides the essentials to deliver a high performance experience. Its core functionality is built around the idea of moving millions of particles around using the power of the GPU.

PuzzleScript
https://www.puzzlescript.net/
PuzzleScript is an open-source HTML5 puzzle game engine.

Browsh
https://www.brow.sh/
Browsh is a fully-modern text-based browser. It renders anything that a modern browser can; HTML5, CSS3, JS, video and even WebGL. Its main purpose is to be run on a remote server and accessed via SSH/Mosh or the in-browser HTML service in order to significantly reduce bandwidth and thus both increase browsing speeds and decrease bandwidth costs.

Fathom - simple website analytics
https://github.com/usefathom/fathom
Fathom Analytics is a simpler and more privacy-focused alternative to Google Analytics. Collecting information on the internet is important, but it’s broken. We’ve become complacent in trading information for free access to web services, and then complaining when those web services do crappy things with that data. The problem is this: if we aren’t paying for the product, we are the product.

LocustDB
https://github.com/cswinter/LocustDB
An experimental analytics database aiming to set a new standard for query performance on commodity hardware. See How to Analyze Billions of Records per Second on a Single Desktop PC for an overview of current capabilities.

设计

Design Systems at GitHub
https://medium.com/@broccolini/design-systems-at-github-c8e5378d2542
Design systems have become core to the way we design and build at GitHub. Since 2011 GitHub designers have documented UI patterns and shared common styles. In 2012, CSS and other assets were packaged up into a Ruby Gem for use in GitHub websites — this package was named Primer. Primer continued to be used internally for years before eventually having its CSS and accompanying documentation open-sourced as Primer CSS. In 2016 the design systems team was formed with its first full-time employees. This post shares a brief history of how the team grew, what we’ve been working on, and what’s next.

Dark Side of the Mac: Appearance & Materials
https://mackuba.eu/2018/07/04/dark-side-mac-1/
This eventually grew into the longest article on this blog, so instead of deleting some sections, I’ve decided to split it into two parts. This first part will be a bit more theoretical about some underlying features and APIs that make the dark mode work or that are especially relevant now, and the second part will be about the things you need to think about while updating the app (and in the future).

What every product designer should take away from Lyft’s new UI
https://uxdesign.cc/what-every-product-designer-should-take-away-from-lyfts-new-ui-742c9668b067
Lyft took a different approach with their search bar. Instead of a floating field up top, they added it to an overlay towards the bottom-mid section of the screen. This simple change made it more accessible for almost 100% of users.

7 Basic Design Principles We Forget About
https://uxplanet.org/7-basic-design-principles-we-forget-about-8f5c15d4b527
There are of course a lot more principles that we should use, but the problem is that a lot of us still don’t use these. And it mainly happens because we prioritise tasks and goals that are not important to our customers. We should always strive to find the right balance that works for our product and users. 另附:15 Simple Habits That Will Help You Become a Better UX Designer

A quick guide to choosing a color palette
https://www.invisionapp.com/blog/quick-guide-color-palette/
It doesn’t have to be overwhelming. With a few well-placed tips and hints, you can take most of the work out of picking fonts and choosing colors. We’ve already covered the former, so here’s some approaches to the latter that should up your design game and make it easier to pick a palette that’s pleasing to the eye and easy to understand.

产品及其它

Welcome Wagon: Classifying Comments on Stack Overflow https://stackoverflow.blog/2018/07/10/welcome-wagon-classifying-comments-on-stack-overflow/
Last month, Joe wrote about the Welcome Wagon work that we are doing to make Stack Overflow more welcoming and inclusive. Our current work involves projects across domains from asking questions to framing community standards and more; one project we have been working on is understanding how comments are used and misused on Stack Overflow.

2018知识付费和在线教育从业者生存状况报告
https://mp.weixin.qq.com/s?__biz=MzI2NTY4MDg1NA==&mid=2247492803&idx=1&sn=40c00b35884db60ebb6c30b5a15ae8dd
知识付费和在线教育行业已经火了几年,期间虽然经历了一些起起伏伏,但整体的态势来看,可以称作是野蛮生长的几年。但行业发展到今天,却很少有人真正了解它的发展状况以及从业者的生存现状。基于此,三节课联合了新榜、多知网和荔枝微课,发起了《知识付费和在线教育从业者生存状况》的调查,一是希望帮助从业者了解整个行业的基本状况,了解自己的同行在做什么,想什么,同时也希望收集到的数据和一些结论能够对从业者的思考和决策有切实的帮助。

河南教育之殇 | 关于乡村教育的思索
https://mp.weixin.qq.com/s?__biz=MzI3OTYyNDQ0OQ==&mid=2247483889&idx=1&sn=3d24e1a8a07b585ad62ab85dfa74ba0c
这些年一直在西部地区跑。10多年前,一起探访西部的小花博士,作为河南籍的新上海人说期望有一天OFS也能去河南乡村开展工作。最近几年也陆续听闻了一些河南乡村教育的情况,感觉需求情况也不小,所以就想去走走看看,机缘合适的话可以做点力所能及之事,信心满满。去了之后,看到的、听到的、想到的,很多还是让我无法面对现实,回来一个多星期了心情五味杂陈,想写点东西,却不知道怎么下笔说说这“隔壁的中国”。因为我明白,有的时候,空有使命感也不行呢。

— THE END --