FEX 技术周刊 - 2018/07/16
ICML International Conference on Machine Learning
附：Google At ICML 2018、DeepMind papers at ICML 2018、Facebook researchers win Test of Time award at ICML 2018
Postmortem for Malicious Packages Published
On July 12th, 2018, an attacker compromised the npm account of an ESLint maintainer and published malicious versions of the eslint-scope and eslint-config-eslint packages to the npm registry. On installation, the malicious packages downloaded and executed code from pastebin.com which sent the contents of the user’s .npmrc file to the attacker. An .npmrc file typically contains access tokens for publishing to npm. 附：How to revoke npm tokens and clear node_modules recursively after eslint-scope hack、Incident report: npm, Inc. operations incident of July 12, 2018、ESLint backdoor: revoke all the tokens、Two-factor authentication protection for packages.
Goodbye Microservices: From 100s of problem children to 1 superstar
In early 2017 we reached a tipping point with a core piece of Segment’s product. It seemed as if we were falling from the microservices tree, hitting every branch on the way down. Instead of enabling us to move faster, the small team found themselves mired in exploding complexity. Essential benefits of this architecture became burdens. As our velocity plummeted, our defect rate exploded. Eventually, the team found themselves unable to make headway, with 3 full-time engineers spending most of their time just keeping the system alive. Something had to change. This post is the story of how we took a step back and embraced an approach that aligned well with our product requirements and needs of the team. 另附：Newsround, nanoservices and serverless.
Service Mesh and the Promise of Istio
In a microservices environment, neither of these options is ideal. The application overlay approach is application aware and can perform sophisticated content-based routing, but it will lead to a large amount of redundant code in each service and potentially a lower performance. Conversely, relying on traditional L3 or L4 networking means that it has neither the concept nor the visibility of service requests, which are critical to making optimal routing decisions. This is why service mesh is so appealing for the microservice environment — it operates at the L7 level, but is separate from the application code and can enforce L3/L4 policies with app-level insight. To understand this point, we must first dig into the architecture of service mesh.
Thank You for Your Help NoSQL, but We Got It from Here
It’s time for us to admit what we have all known is true for a long time; NoSQL is the wrong tool for many of the modern application use cases, and it’s time that we move on.
洞察 video 超能力系列——玩转 mp4.
只要在 HTML5 中使用过视频播放的同学对 video 标签一定不会陌生，不过很多同学只使用了 video 的基础功能，实际上 video 拥有强大潜能的，只要姿势正确就能让其拥有超能力。不妨从下面几个场景来逐渐了解下video 未曾被发掘的神秘空间： * 清晰度无缝切换 * 节省视频流量。另附：揭秘视频网站video视频倍速播放的实现。
MCI（Mobile continuous integration）是大众点评移动端团队多年来实践总结出来的一套行之有效的架构体系。它能实际解决移动项目中依赖复杂、研发流程琐碎、构建速度慢的问题，同时接入MCI架构体系的移动项目能真正有效实现App质量的提升。
每年，在这个时候，充满了悲欢离合，也总能看到各种活蹦乱跳的小鲜肉。我们毕业了，我们开始赚钱了，我们踏上了一条不归路……。结束一段旅程，开始填新的坑，或者挖一个坑。我总习惯性的会做一些“反省”、总结的文章，它可以帮助我重新回到 “正轨” 上，指出到下一阶段我所需要的内容。另附： Phodal 的前后端分离团队的资源浪费
In my previous article, I tried to explain why I think Hyperapp is a viable alternative to React or Vue and the reasons I found it easier to get started with it. Lots of people criticized that piece, as it was opinionated and didn’t give the other frameworks a proper chance to shine. So, in this article, I’m going to try to compare these three frameworks as objectively as possible, by providing some minimal examples to showcase their capabilities.
Out of Depth with Flutter
In my experience using Flutter (as a member of the Flutter team), development speed is achieved primarily through the following: Stateful hot reload; Reactive programming; Composition; UI as code.
LinkedIn Lite: A Server-Side Rendered PWA
A couple of months ago, we shared details about LinkedIn Lite’s architecture, its evolution as a light-weight mobile web experience, and how it became a huge success in emerging markets. As a pure server-side rendered web app, it was fast, but it wasn’t providing a good user experience.
Evolving the MediaWiki platform: Why we replaced Tidy with a HTML5 parser
Three years ago, the Wikimedia Foundation’s Parsing Team decided to replace Tidy, a tool to fix HTML errors, with an HTML5-based tool. Here’s what we did in that time period, and what kind of complexities we faced in changing pieces of the technical infrastructure powering Wikimedia wikis.
Building a real-time user action counting system for ads
The Pinterest ads team’s mission is to provide the best experience for both Pinners and advertisers. Our ads system is a real-time bidding system that delivers targeted ads based on a variety of attributes. One of the major behavioral attributes is user action counts, the count for a Pinner’s past clicks, impressions and other actions on ads. An important part of user action counts is frequency control, which sets a maximum number of times an ad is shown to a Pinner (impression counts over a period of time enforce this limit).
XARs: An efficient system for self-contained executables
XARs can be used to deploy Python virtual environments, bundle Node.js applications, and even Lua tools. This can result in efficiency wins from lowered overhead for many types of Python tools, reduced size of the binaries deployed, and offer a more reliable production environment for Python tooling. 另附：Talk the Walk: Teaching AI systems to navigate New York through language.
Event Sourcing in Action with eBay’s Continuous Delivery Team
Using an Event-centric approach has enabled our team at eBay to scale to handle millions of events with the resiliency to recover from failures as quickly and reliably as possible. Though similar approaches have been widely adopted to augment large-scale data applications, for eBay’s Continuous Delivery team, Event Sourcing is at the heart of decision-making and application development. To that end, we’ve built a system that continuously scales and tests our ability to handle an increasing volume of events and an ever growing list of external data sources and partner integrations.
Simple, correct, fast: in that order
The single most important quality in a piece of software is simplicity. It’s more important than doing the task you set out to achieve. It’s more important than performance. The reason is straightforward: if your solution is not simple, it will not be correct or fast.
Learning To Code By Writing Code Poems
Learning to code can be tough. In this article, Murat shares his advice on how writing code differently and poetically has helped him overcome his initial struggles and insecurities.
Google Cloud Platform - The Good, Bad, and Ugly (It’s Mostly Good)
A note up front, these are solely my experiences, and it’s quite possible that I’ve misunderstood or misrepresented things here. If I’ve made any mistakes, let me know so I can correct them. I only talk about services that I have experience using. There are a bunch of really good looking services like Google Kubernetes Engine, Google App Engine, and BigQuery, but I haven’t used them enough (or at all) to be able to give a review on them.
Introducing Jib — build Java Docker images better
To address this challenge, we’re excited to announce Jib, an open-source Java containerizer from Google that lets Java developers build containers using the Java tools they know. Jib is a fast and simple container image builder that handles all the steps of packaging your application into a container image. 另附：Minimal Ubuntu, on public clouds and Docker Hub.
npm Joins ECMA International and TC39
Bringing GraphQL to Octokit.NET
If you’ve built apps that connect with GitHub, you are no doubt familiar with Octokit. GitHub offers three official flavors of the easy-to-use Octokit library—one for Ruby, .NET, and Node.js—that work with the GitHub REST API v3. Back in September of 2016, we announced that we would move to GraphQL, the query language developed by Facebook, in part due to the ability to fetch all of the data we wanted in a single request. As a result, the GitHub API v4 is built on GraphQL instead of REST. 另附:Release Radar · June 2018、Supercharging the Git Commit Graph III: Generations and Graph Algorithms.
Announcing TypeScript 3.0 RC
We’ll be discussing a few major items going into TypeScript 3.0: Project references, Extracting and spreading parameter lists with tuples, Richer tuple types, The unknown type, Support for React’s defaultProps.
State of Kotlin 2018
From Google announcing Kotlin support in Android a year ago, to over 100k respondents of the StackOverflow survey voting it the second most loved language, JetBrains’ baby is thriving. At Pusher, we wanted to learn what’s so special about Kotlin so we decided to dig deeper. We surveyed 2,744 people from January to March 2018 and took the pulse of the ecosystem. 另附：Kotlin on the server at Khan Academy.
NGINX Unit 1.3 Available Now
NGINX Unit 1.3 includes these new features: New settings object in the configuration API; Configuration of HTTP timeouts; Configuration of request body size limit; Automatic use of Bundler for Ruby applications; Ansible integration. These new features make your applications more configurable. All parameters can be defined dynamically, without any disruption to running services or loss of connectivity.
The Ultimate Guide to Learning CSS
If you have particular areas of CSS you want to brush up on, you can use the table of contents to jump to them. If you’re looking for comprehensive “learn everything from a single source” resources, you should jump down to comprehensive resources and courses. And finally, if you’re looking for ways to stay up to date, the newsletters portion at the very end will give you a number of options for continuing to hear about the latest and greatest. 另附：9 CSS in JS Libraries You Should Know in 2018.
React/Redux Style Guide
This is a working set of guidelines for developing React applications. We say “guideline” because there are no hard-and-fast rules; best practices, patterns and technology change over time, so we consider this a living set of style guides.
Toast UI ImageEditor
Full featured image editor using HTML5 Canvas. It’s easy to use and provides powerful filters.
Toolkit for building interactive UIs with React
React Fiber renderer for PIXI
A custom React 16+ (Fiber) renderer. Write PIXI applications using React declarative style.
The fastest Node.js library for formatting terminal text with ANSI colors~!
Phenomenon is a very small, low-level WebGL library that provides the essentials to deliver a high performance experience. Its core functionality is built around the idea of moving millions of particles around using the power of the GPU.
PuzzleScript is an open-source HTML5 puzzle game engine.
Browsh is a fully-modern text-based browser. It renders anything that a modern browser can; HTML5, CSS3, JS, video and even WebGL. Its main purpose is to be run on a remote server and accessed via SSH/Mosh or the in-browser HTML service in order to significantly reduce bandwidth and thus both increase browsing speeds and decrease bandwidth costs.
Fathom - simple website analytics
Fathom Analytics is a simpler and more privacy-focused alternative to Google Analytics. Collecting information on the internet is important, but it’s broken. We’ve become complacent in trading information for free access to web services, and then complaining when those web services do crappy things with that data. The problem is this: if we aren’t paying for the product, we are the product.
An experimental analytics database aiming to set a new standard for query performance on commodity hardware. See How to Analyze Billions of Records per Second on a Single Desktop PC for an overview of current capabilities.
Design Systems at GitHub
Design systems have become core to the way we design and build at GitHub. Since 2011 GitHub designers have documented UI patterns and shared common styles. In 2012, CSS and other assets were packaged up into a Ruby Gem for use in GitHub websites — this package was named Primer. Primer continued to be used internally for years before eventually having its CSS and accompanying documentation open-sourced as Primer CSS. In 2016 the design systems team was formed with its first full-time employees. This post shares a brief history of how the team grew, what we’ve been working on, and what’s next.
Dark Side of the Mac: Appearance & Materials
This eventually grew into the longest article on this blog, so instead of deleting some sections, I’ve decided to split it into two parts. This first part will be a bit more theoretical about some underlying features and APIs that make the dark mode work or that are especially relevant now, and the second part will be about the things you need to think about while updating the app (and in the future).
What every product designer should take away from Lyft’s new UI
Lyft took a different approach with their search bar. Instead of a floating field up top, they added it to an overlay towards the bottom-mid section of the screen. This simple change made it more accessible for almost 100% of users.
7 Basic Design Principles We Forget About
There are of course a lot more principles that we should use, but the problem is that a lot of us still don’t use these. And it mainly happens because we prioritise tasks and goals that are not important to our customers. We should always strive to find the right balance that works for our product and users. 另附：15 Simple Habits That Will Help You Become a Better UX Designer
A quick guide to choosing a color palette
It doesn’t have to be overwhelming. With a few well-placed tips and hints, you can take most of the work out of picking fonts and choosing colors. We’ve already covered the former, so here’s some approaches to the latter that should up your design game and make it easier to pick a palette that’s pleasing to the eye and easy to understand.
Welcome Wagon: Classifying Comments on Stack Overflow
Last month, Joe wrote about the Welcome Wagon work that we are doing to make Stack Overflow more welcoming and inclusive. Our current work involves projects across domains from asking questions to framing community standards and more; one project we have been working on is understanding how comments are used and misused on Stack Overflow.
— THE END –