FEX 技术周刊 - 2017/02/27
API Design Guide
This is a general design guide for networked APIs. It has been used inside Google since 2014 and is the guide we follow when designing Cloud APIs and other Google APIs. It is shared here to inform outside developers and to make it easier for us all to work together. 另附：10 Best Practices for Writing Node.js REST APIs、API Design: Think First, Code Later
V8 is going to switch to a new compiler architecture after 5.8 branch cut
对各种 JS 图片处理库进行分析
Node 6 at Wikimedia: Stability and substantial memory savings
Over the last years, Wikimedia engineers have built significant Node.js services to complement the venerable MediaWiki wiki platform implemented in PHP. Over 10 such services are deployed in our production environment, powering features like VisualEditor, scientific formulae rendering, rich maps display and the REST content API. Individual services are built and owned by specific teams on top of the overall Node.js platform, which is maintained by the Wikimedia Services team. Recently, we upgraded our infrastructure to Node.js v6. This blog post describes how we did it, and what we learned in the process.
The Future of Serverless Compute
As we approach the end of the early-adopter period, it’s an interesting exercise to put on our prediction goggles and contemplate where this movement is going next, how it’s getting there, and most importantly what changes we need from our organizations to support it. So, join me as we look at one possible future of Serverless compute.
Cross-Site Request Forgery is dead!
After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it’s trivially simple to deploy, it’s Same-Site Cookies.
2015年10月我加入一家已盈利的创业公司，负责 Web 技术方向。创业过程中为了生存，都是拼快拼狠，难免选用猛糙快的工作方法。随着业务和团队不断扩大，面对的问题也越来越具挑战性。我逐步将一些自动化工具和方法引入到日常工作中，使团队获得一些收益。本文总结我这一年来做持续集成的获得经验教训。持续集成，项目之大事，研发团队负责人不可不察也。持续集成是通过平台串联各个开发环节，实现和沉淀工作自动化的方法。
听徐叔给大家科普 RxJS，另附：An Animated Intro to RxJS
Front-End Developer Handbook 2017
Announcing the first SHA1 collision
Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content. 附：Linus’ reply on Git and SHA-1 collision、Mozila - The end of SHA-1 on the Public Web、 Linus - I thought I’d write an update on git and SHA1
Code review checklist
Over the last couple of months, I’ve developed my own internal code review checklist. I use it both for reviewing for own finished code and my teammates code complete tickets. It’s split up into 3 sections: code, automated testing and manual testing.
A Detailed Introduction To Webpack
Node.js - Quality with Speed
One of the key tenets of the Node.js community is to allow change at a rapid pace in order to foster innovation and to allow Node.js to be used in a growing number of use cases. At the same time the community values quality. Newer versions of the runtime must be as good or better than earlier versions and must not un-intentionally break existing applications. Instead of trading off one for the other, the community looks for the path that allows us to maintain our rate of change while ensuring the required level of quality. Many of the activities undertaken by the community over the last year are in support of this goal. This is our take on how these activities fit together.
Deep dive CSS: font metrics, line-height and vertical-align
Line-height and vertical-align are simple CSS properties. So simple that most of us are convinced to fully understand how they work and how to use them. But it’s not. They really are complex, maybe the hardest ones, as they have a major role in the creation of one of the less-known feature of CSS: inline formatting context.
Big Data Visualization with Meaning
As with all design, the approach we take when creating a user-minded visualization is based on the context and the constraints we have to work with. Good data visualizations—those with meaning—need to be accessible and human even though data is rarely described with those words.
8 Best Practices for Mobile Form Design
Designers have now been building mobile forms for a decade. But, as technology continues to go through metamorphoses and our understanding of users’ needs becomes more refined, good mobile form design is constantly evolving. In this article, I’ll provide eight best practices for mobile form design circa 2017.
3 Key Uses for Animation in Mobile UI Design
With the quick development of technology, animation is less of a visual luxury and more of a functional requirement that users expect. Animation solves a lot of functional problems within interfaces and makes interfaces feel alive and truly responsive to the user. Let’s explore the key animation tactics that improve the functionality and emotional power of your mobile interface.
What Does Being a Fullstack Developer Mean in 2017?
What does fullstack mean? Everyone has their own definition. The problem is the breadth and depth of technologies have expanded so rapidly, fullstack developers are trying to play catch-up when everything is already red‑shifted by the time you’re looking at it. This problem is what makes “fullstack” a contested and controversial title.
Safari Technology Preview 24
挺多值得关注的新特性的，比如：Added as an experimental feature、Implemented dynamic import operator. 另附：ECMAScript 2016+ in Firefox
Announcing TypeScript 2.2
用 TS 的同学可以关注下新特性
Incident report on memory leak caused by Cloudflare parser bug
Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. 附：List of Sites affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak
Introducing Netflix Stethoscope
Netflix is pleased to announce the open source release of Stethoscope, our first project following a User Focused Security approach. Stethoscope is a web application that collects information for a given user’s devices and gives them clear and specific recommendations for securing their systems.
Boundless is a UI toolkit that was conceived to abstract away difficult interface patterns. It follows three main guidelines: Performance is mandatory, not a nice-to-have; Components should be as customizable as possible; Components should be as accessible as possible (falling back to WAI-ARIA attributes when necessary.)
AR.js - Efficient Augmented Reality for the Web using ARToolKit
Efficient Augmented Reality for the Web using ARToolKit - 60fps on mobile!
Promise based HTTP client for the browser and node.js
Bare minimum fetch polyfill in 500 bytes.
A collection of repeatable SVG background patterns for you to use on your web projects.
Upspin - A framework for naming everyone’s everything
Upspin is an experimental project to build a framework for naming and sharing files and other data securely, uniformly, and globally: a global name system of sorts. It is not a file system, but a set of protocols and reference implementations that can be used to join things like file systems and other storage services to the name space.
你可能见过很多关于微信公众号排版的教程，告诉你应该用多少字号、用什么颜色、行距应该设置为多少，大部分教程或许对想速成或直接找一个 todolist 做工作交差的人来说，是有效的。然而，真正要做好排版，并不只是需要获得别人给的 todolist，而是理解排版背后的原理。
Microsoft’s new AI can code by stealing bits of code from other software
微软和剑桥大学正开发具有人工智能的编程软件 DeepCoder，它可以从把其他应用的代码拿过来给自己用。微软首先训练一个神经网络来检测程序的性质，然后将该神经网络的预测输出代入到编程社区的高级搜索工具中。之后运用这种神经网络的 DeepCoder 可以通过现有软件获取的代码拼接在一起写出新程序。此外，DeepCoder 使用机器学习来清理源代码数据库，并对它们按照有用性进行排序。