FEX 技术周刊 - 2019/02/25
TSLint in 2019
Introducing AVS, an Open Standard for Autonomous Vehicle Visualization from Uber
We’re excited to open source the redesigned and expanded Autonomous Visualization System (AVS), a new way for the industry to understand and share its data. AVS is a new standard for describing and visualizing autonomous vehicle perception, motion, and planning data, offering a powerful web-based toolkit to build applications for exploring, interacting and, most critically, making important development decisions with that data.
Announcing the Ionic React Beta
We’re excited to announce that Ionic React is now available in beta! Take a read below to understand more about this release and how to get started building with Ionic and React.
支付宝小程序从 2016 年开始立项算起，到现在也快 3 年的时间，在这 3 年的过程中，小程序的技术架构也是不断的升级和演进，在满足业务发展的同时对于小程序整体的高可用、性能优化、多端输出方面做了大量的工作。今天给大家分享下我们在支付宝小程序技术这块所做的一些工作。小程序技术架构主要分成四个方面来讲：系统架构，主要给大家说下小程序的架构，以及其中的一些关键技术；性能体验，讲下我们在性能体验这块做的几个 case；开发者工具，怎么更好的帮助开发者开发和管理小程序，和保障线上小程序的质量；多端 inside，将支付宝小程序的技术输出给集团和外部的商户，让他们具备运行小程序的能力。
https://www.zhangxinxu.com/wordpress/2019/02/document-scrollingelement/ 要实现一个返回顶部效果，我们目前的做法是下面两个语句并行：document.documentElement.scrollTop = 0; document.body.scrollTop = 0; 就显得很啰嗦，正是由于这种现状，document.scrollingElement这个属性才应运而生，直接动态识别滚动容器。
We migrated to Next.js to serve our home page 7.5× faster
We migrated our home page from a basic React boilerplate (React Boilerplate) to Next.js, a progressive web app framework for React. We made no other changes, and the switch was basically invisible. The load times were better than we expected—it was basically free performance: On a fast connection, fast CPU, our site load time went from 1.5 seconds to 0.2 seconds — 7.5× faster! On an average connection and device, our site load time went from 7.5 seconds down to 1.3 seconds.
How browsers schedule and execute scripts can impact the performance of web pages. While techniques like
<link rel=preload> (and others) influence script loading, knowing how browsers interpret them can also be helpful. Thanks to Kouhei Ueno, we now have an up to date summary of script scheduling in Chrome. 另附：Resource Prioritization – Getting the Browser to Help You、Preloading Fonts and the Puzzle of Priorities.
How A Screen Reader User Accesses The Web: A Smashing Video
In this Smashing TV webinar recording, join Léonie Watson (a blind screen reader user) as she explores the web, and find out about some unexpected properties of HTML elements that not only have a huge impact on accessibility, but also turn out to be pretty good for performance, too.
10 npm Security Best Practices
In this cheat sheet edition, we’re going to focus on npm security and productivity tips for both open source maintainers and developers. So let’s get started with our list of 10 npm security best practices, starting with a classic mistake: people adding their passwords to the npm packages they publish!
Ten Ways to Secure your Applications
Building self-defending applications and services is no longer aspirational–it’s required. Applying security patches, handling passwords correctly, sanitizing inputs, and properly encoding output is now table stakes. Our attackers keep getting better, and so must we. In this blog post, we’ll take a look at several commonly overlooked ways to secure your web apps. Many of the examples provided will be specific to Java, but any modern programming language will have equivalent tactics.
Avoid Nightmares — NSFW JS
You can use NSFW JS to identify indecent content without having files ever leave the client’s machine, even defensively if you can’t control the content being delivered.
An Introduction to jQuery
Multi vs Cross Platform in the age of Flutter
Since the early days of mobile app development there has been a robust debate about whether to build apps using native platform technologies or cross-platform technologies. Flutter has created a new dimension to this debate as it shares characteristics of both multi and cross platform. The promise of Flutter and interest in the dev community means it is worthwhile enumerating this debate again within the context of Native vs Flutter.
Password Managers: Under the Hood of Secrets Management
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 , 1Password 4 , Dashlane , KeePass , and LastPass .
A faster, more efficient cryptocurrency
MIT researchers have developed a new cryptocurrency that drastically reduces the data users need to join the network and verify transactions — by up to 99 percent compared to today’s popular cryptocurrencies. This means a much more scalable network.
Patterns of Streaming Applications
Monal Daxini presents a blueprint for streaming data architectures and a review of desirable features of a streaming engine. He also talks about streaming application patterns and anti-patterns, and use cases and concrete examples using Apache Flink.
You Do Not Need Blockchain: Eight Popular Use Cases And Why They Do Not Work
People are resorting to blockchain for all kinds of reasons these days. Ever since I started doing smart contract security audits in mid-2017, I’ve seen it all. A special category of cases is ‘blockchain use’ that seems logical and beneficial, but actually contains a problem that then spreads from one startup to another. I am going to give some examples of such problems and ineffective solutions so that you (developer/customer/investor) know what to do when somebody offers you to use blockchain this way. 另附：Two Sides of a Coin: Blockchain, Ethics and Human Rights.
Dear OpenAI - Please Open Source Your Language Model
AI research has benefited substantially from an open source culture. While most other disciplines lock state-of-the-art research behind expensive paywalls, anyone with an internet connection can access the same cutting edge AI research as Stanford professors, and running experiments is as simple as cloning an open source repository and renting a GPU in the cloud for only a few cents an hour. Our dedication towards democratizing AI by publicly releasing learning material, new research, and most importantly, open sourcing our projects is why we have progressed so rapidly as a field. I commend OpenAI for their fantastic new research pushing the limits of language modeling and text generation. 另附：Open data governance and open governance: interplay or disconnect?.
Practical Go: Real world advice for writing maintainable Go programs
My goal over the next two sessions is to give you my advice for best practices writing Go code. This is a workshop style presentation, I’m going to dispense with the usual slide deck and we’ll work directly from the document which you can take away with you today. 另附：A visual guide to Go Memory Allocator from scratch (Golang)、Awesome Go.
Programming Interview Questions Are Too Hard and Too Short
Programming interview questions can feel unnecessarily difficult. Sometimes they actually are. And this isn’t just because they make interviews excessively stressful. Our data shows that harder programming questions actually do a worse job of predicting final outcomes than easier ones. So, here’s our advice, if you actually want to make your interviews more accurate, you probably need to start asking easier programming questions. This doesn’t mean lowering the bar. It just means getting a better signal so you can hire the right people. 另附：Headcount goals, feature factories, and when to hire those mythical 10x people.
Seeking the Productive Life: Some Details of My Personal Infrastructure
The Pursuit of Productivity. I’m a person who’s only satisfied if I feel I’m being productive. I like figuring things out. I like making things. And I want to do as much of that as I can. And part of being able to do that is to have the best personal infrastructure I can. Over the years I’ve been steadily accumulating and implementing “personal infrastructure hacks” for myself. Some of them are, yes, quite nerdy. But they certainly help me be productive. And maybe in time more and more of them will become mainstream, as a few already have.
Learn, design or document codebase by putting breadcrumbs in source code. Live updates, multi-language support, and easy sharing. Essentially you annotate your code in a certain way and it can produce visualizations of how your codebase works.
Code Shelter is a collective of volunteer software developers that aims to help with maintaining popular open source projects whose authors need a hand or don’t have the time to maintain them any more.
An Update About Redis Developments in 2019
The creator of Redis, the popular in-memory data structure server, addresses recent concerns about where Redis is heading. In related news, Redis Labs has raised $60M in a series E round.
Five years of the GitHub Bug Bounty program
GitHub launched our Security Bug Bounty program in 2014, allowing us to reward independent security researchers for their help in keeping GitHub users secure. We’re happy to share some of our highlights from the past year and introduce some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
Is React Translated Yet?
If you would like to help out on a current translation, check out the Languages page and click on the “Contribute” link for your language. Can’t find your language? If you’d like to maintain your langauge’s translation fork, follow the instructions in the translation repo!
W3C Strategic Highlights: Strengthening the Core of the Web (Fonts & CSS)
Qt Roadmap for 2019
It’s around this time of the year I sit down to write a blog post about our plans and roadmap for the coming year. Typically, some of the items have already been cooking for a while, but some are still plans in the making. If you want to look into the previous roadmap blog posts, here are the ones I wrote for 2016, 2017 and 2018. There is always more to tell than what would reasonably fit in a blog post, but I’ll try to talk about the most interesting items.
React Spike: Rewrite the MDN page header
The Node.js Benchmarking Working Group: Measuring Performance for A Speedier Node.js
The objective of the Benchmarking Working group is to track and evangelize performance gains made between Node.js releases and avoid performance regressions between releases. The approach followed is to: Define the important use cases; Define the key runtime attributes; Find/create benchmarks that provide good coverage for the use cases and attributes (current table).
simdjson : Parsing gigabytes of JSON per second
JSON documents are everywhere on the Internet. Servers spend a lot of time parsing these documents. We want to accelerate the parsing of JSON per se using commonly available SIMD instructions as much as possible while doing full validation (including character encoding).
howler.js - Audio library for the modern web
Worldview is a lightweight, extensible 2D and 3D scene renderer built on React and regl. Performance, ease of use, and extensibility are top priorities.
Declarative, asynchronous routing for React. Use functions, promises and async/await to map URLs to data and views. Use asynchronous data in your components, without touching component state. Pre-render for SEO — without ejecting from create-react-app! Navi is modern router for React that uses Suspense, Hooks and function composition to make real-world routing simple. 附：A
<input/> content when you are typing.
Split.js is a 2kb unopinionated utility for resizeable split views (also called panes or frames). It handles weird edge cases so you don’t have to. Split.js is CSS-driven, only using JS to recalculate CSS styles on drag. Split.js does not attach any window event listeners, instead relying on CSS for the layout when the window size changes. This keeps the JS overhead extremely low.
The fastest, most reliable, Redis-based queue for Node. Carefully written for rock solid stability and atomicity.
dbdiagram.io - Database Relationship Diagrams Design Tool
Draw Entity-Relationship Diagram Easily. A free and simple tool to draw ER diagrams by just writing code. Designed specially for developers and data analysts.
Building a Landing Page Fast Using the Visual Composer Website Builder
What if it were possible to build a landing page from top to bottom, including a header and a footer, and do so without any need for writing code? And even if it was possible, could you reasonably expect to do so as easily and quickly as putting together a puzzle designed for children 8 to 12 years old? Not only are both of these actions possible, but you’re about to find out how you can do both by using a popular web design tool; the Visual Composer Website Builder.
An open network for secure, decentralized communication. Matrix is a set of openly standardised HTTP APIs specified at https://matrix.org/docs/spec for the real-time synchronisation and persistence of arbitrary JSON over a federation of servers. Matrix also describes the open federation of servers and services on the internet which speak these APIs.
Y Combinator Resources for Developers
YC has built many resources that may be helpful for developers over the years. This page collects them in one place. 另附：A List of Hacker News’s Undocumented Features and Behaviors、Summary: How to Start a Startup (YC).
Racket is a general-purpose programming language as well as the world’s first ecosystem for language-oriented programming. 另附：Why language-oriented programming? Why Racket?.
Nginx Quick Reference
This is not an official handbook. Many of these rules refer to external resources. It is rather a quick collection of some rules used by me in production environments (not only). These notes describes how to improve Nginx performance, security and other important things; @ssllabs A+ 100%
A Heavily-Commented Linux Kernel Source Code
This book provides detailed and comprehensive comments and explanations on all source code of the early Linux kernel (V0.12), aiming to enable readers to gain a comprehensive and profound understanding of the working mechanism of Linux in a shortest possible time and to lay a solid foundation for further study of modern Linux systems. Although the version of the analysis is very low, the kernel has been able to compile and run, and it already includes the essence of the working principle of Linux. 另附：Linus Torvalds on Why ARM Won’t Win the Server Space.
Systems Thinking, Unlocked
The system serves people, not the other way around. It’s the designers and engineers, the real customers of design systems, who need to be at the center of our work. With a storied background in this space, Yujin Han and I—Design Manager and Experience Design Lead, respectively—know the challenge of getting teams to contribute. So now we’re asking ourselves, “How might we set teams up for success by helping them incorporate our design language system (DLS) in their daily work?” Here’s how we’re evolving our model to be inclusive and empower teams to engage with the system.
Evolving the Microsoft Fluent Design System
Reflections on our design history, the progression, and the potential of how we collectively design for the future.
Including Animation In Your Design System
It’s important to understand how animation can be used (or not used) in your design system. In this article, Val Head explains how you can help ensure that your brand is using animation consistently and effectively while also helping your team work faster.
If You’re Not Using UX Data, It’s Not UX Design
Intuition and experience are assets, but separated from UX data, they lead to a dangerous assumption: Designer knows best. Sadly, no small number of digital products are built on the shallow soil of this premise, so we’re drawing a line in the sand: UX design must flow from UX data. If design decisions aren’t based on research findings and real user insights, it’s not UX.
What UX Designers Can Learn from Video Games’ Obsession with UI
In video games, the user interface (UI) is everything. It helps foster an experience that looks and behaves in a convincing way and keeps players immersed in the game. Over the years, games have continued to innovate in their approach to UI, experimenting and iterating on how they present vital information to users without breaking their belief in the experience. Well before I started working in UX, I knew all about UI because I was used to reading about it in game reviews. And although most web and software designers would argue that their product is the furthest thing from a video game, there is still much to learn about UI design from video games.
处于数据和分析位置的领导人必须审视这些趋势对业务带来的潜在影响，并相应调整业务模式和运营，否则就有可能失去竞争优势。增强型数据分析，增强型数据管理，持续型智能，可解释的 AI，数据结构，NLP/对话式分析，商业 AI 和 ML，区块链和持久性内存服务器共同构成了 Gartner 2019 年十大「数据和分析技术趋势」。
微软中国 CTO：请把 AI 拉下神坛
「我们不能用制造问题时的同一思维水平来解决问题」，这句出自爱因斯坦的箴言，对于身处智能时代的人类社会而言，意义匪浅。引用此言的是微软（中国）首席技术官韦青。如何看待人工智能，又应怎样理解深度学习？如果依赖于电气化时代和信息化时代的固有思维方式，人们就无法深刻理解智能时代，人脑的思维方式与机器的计算方式之间异同点。人工智能解放人类手脑的同时，也在唾弃平庸无为之辈。一些人习惯把傲慢与偏见对准「人工智能」，另一群人则是对 AI 迷信到底。很明显，「人们还没有了解人工智能到底是怎么一回事」，韦青直言不讳道。
ine 自从 2012 年上线以来已经有 6 年的历史，比许多我们现在用的写作工具还要早的多。作为一款专业的写作工具，Zine 在编辑和排版、文字分发、云服务等功能方面的全面在众多写作工具中也可以说无出其右。 Zine 的创始人路意自己也是一位多年的写作者，经常在 Zine 以及社交网络中分享自己的经历和思考。对于写作工具和阅读社区，路意也有自己独特的观点和对于产品未来的规划。本期幕后，我们就请到了 Zine 的创始人路意，和他就 Zine 的设计理念、未来规划以及对于写作工具的思考等进行了讨论。
腾讯决定把公司未来20年交到这个人手里。为什么是他？为什么是他汤道生？因为汤道生人如其名，坚硬如水。他兼具水的力量和水的柔软，不断向前，包覆一切崎岖和泥泞。这个腾讯人，自己就像水一样，成为了容器的一部分。阿里云当年的第一人王坚，是个心理学家，如今腾讯云的第一人汤道生，则梦想成为一个数学家。互联网真的是一张网，它把这样千奇百怪的人物都搜罗进来，以便每天都有好故事发生。这张看不见的网，才是真正的物种起源。既然这张网会继续生长，那么TO B or not TO B，已经不再是个问题。
– THE END –