• What is a coding bootcamp?

    A coding bootcamp is a program of technical training teaching the programming skills that employers are looking for. Coding bootcamps allow students with low skills to concentrate on the most significant coding aspects and apply their new coding skills to solve real-world problems.

    The goal of many bootcamp coding attendants is to move into a web development career. They do this by learning to build applications at a professional level – providing the foundation they need to build applications that are ready for production and demonstrating the skills they have to add real value to a potential employer.
    Read more →
  • Quality as Team's responsibility. Our QA experience

    Disclaimer: This is a translation of an article. All rights belongs to author of original article and Miro company.


    I'm a QA Engineer in Miro. Let me tell about our experiment of transferring partially testing tasks to developers and of transforming Test Engineer role into QA (Quality assurance).


    First briefly about our development process. We have daily releases for client side and 3 to 5 weekly releases of server side. Team have 60+ people spitted onto 10 Functional Scrum Teams.


    I'm working in Integration team. Our tasks are:


    • Integration of our service into external products
    • Integration of external products into our service
      For example we have integrated Jira. Jira Cards — visual representation of tasks so it's useful to work with tasks not opening Jira at all.

      image

    How the experiment starts


    All starts with trivial issue. When someone of Test Engineers had sick leave then team performance was degraded significantly. Team was continued working on tasks. However when code was reached testing phase task was hold on. As a result new functionality didn't reach production in time.


    Going onto vacation by Test Engineer is a more complex story. He/she needs to find another Test Engineer who ready to take extra tasks and conduct knowledge sharing. Going onto vacation by two Test Engineers at the sane time is not an applicable luxury.

    Read more →
  • Google News and Leo Tolstoy: visualizing Word2Vec word embeddings using t-SNE


      Everyone uniquely perceives texts, regardless of whether this person reads news on the Internet or world-known classic novels. This also applies to a variety of algorithms and machine learning techniques, which understand texts in a more mathematical way, namely, using high-dimensional vector space.

      This article is devoted to visualizing high-dimensional Word2Vec word embeddings using t-SNE. The visualization can be useful to understand how Word2Vec works and how to interpret relations between vectors captured from your texts before using them in neural networks or other machine learning algorithms. As training data, we will use articles from Google News and classical literary works by Leo Tolstoy, the Russian writer who is regarded as one of the greatest authors of all time.

      We go through the brief overview of t-SNE algorithm, then move to word embeddings calculation using Word2Vec, and finally, proceed to word vectors visualization with t-SNE in 2D and 3D space. We will write our scripts in Python using Jupyter Notebook.

      Read more →
    • Hack the JWT Token

      • Tutorial

      For Educational Purposes Only! Intended for Hackers Penetration testers.

      Issue


      The algorithm HS256 uses the secret key to sign and verify each message. The algorithm RS256 uses the private key to sign the message and uses the public key for authentication.

      If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature. Asymmetric Cipher Algorithm => Symmetric Cipher Algorithm.

      Because the public key can sometimes be obtained by the attacker, the attacker can modify the algorithm in the header to HS256 and then use the RSA public key to sign the data.
      The backend code uses the RSA public key + HS256 algorithm for signature verification.

      Example


      Vulnerability appear when client side validation looks like this:

      const decoded = jwt.verify(
         token,
         publickRSAKey,
         { algorithms: ['HS256'  , 'RS256'] }          //accepted both algorithms 
      )

      Lets assume we have initial token like presented below and " => " will explain modification that attacker can make:

      //header 
      {
      alg: 'RS256'                         =>  'HS256'
      }
      //payload
      {
      sub: '123',
      name: 'Oleh Khomiak',
      admin: 'false'                       => 'true'
      }

      The backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature.
      Read more →
    • NodeMCU simple driver model (SDM) showcase: dynamic user interface

      image


      NodeMCU is an interactive firmware, which allows running Lua interpreter on the ESP8266 microcontroller (ESP32 support is in development). Alongside with all the regular hardware interfaces, it has WiFi module and SPIFFS file system.


      This article describes the new module for the NodeMCU — sdm. SDM stands for simple driver model and it provides device-driver model abstraction for the system. In the first part of this article we will discuss the model itself and in the second part will be a showcase of dynamically created web user interface using sdm with some commentaries.

      Read more →
    • Citymobil — a manual for improving availability amid business growth for startups. Part 3



        This is the next article of the series describing how we’re increasing our service availability in Citymobil (you can read the previous parts here and here). In further parts, I’ll talk about the accidents and outages in detail. But first let me highlight something I should’ve talked about in the first article but didn’t. I found out about it from my readers’ feedback. This article gives me a chance to fix this annoying shortcoming.
        Read more →
      • Blazor now in official preview

          With this newest Blazor release we’re pleased to announce that Blazor is now in official preview! Blazor is no longer experimental and we are committing to ship it as a supported web UI framework including support for running client-side in the browser on WebAssembly.


          A little over a year ago we started the Blazor experimental project with the goal of building a client web UI framework based on .NET and WebAssembly. At the time Blazor was little more than a prototype and there were lots of open questions about the viability of running .NET in the browser. Since then we’ve shipped nine experimental Blazor releases addressing a variety of concerns including component model, data binding, event handling, routing, layouts, app size, hosting models, debugging, and tooling. We’re now at the point where we think Blazor is ready to take its next step.


          Blazor icon
          Read more →
        • Statistics and monitoring of PHP scripts in real time. ClickHouse and Grafana go to Pinba for help

          • Tutorial
          In this article I will explain how to use pinba with clickhouse and grafana instead of pinba_engine and pinboard.

          On the php project pinba is probably the only reliable way to understand what is happening with performance. But usually people start to use pinba only when problems are already observed and it isn't clear where to look in.

          Often developers have no idea how many RPS each script has. So they begin to optimize starting from places that seem to have problem.

          Someone is analyzing the nginx logs, and someone is slow queries in the database.

          Of course pinba would not be superfluous, but there are several reasons why it is not on every project.


          Read more →
        • Indexes in PostgreSQL — 7 (GIN)

          • Translation
          We have already got acquainted with PostgreSQL indexing engine and the interface of access methods and discussed hash indexes, B-trees, as well as GiST and SP-GiST indexes. And this article will feature GIN index.

          GIN


          «Gin?.. Gin is, it seems, such an American liquor?..»
          «I'm not a drink, oh, inquisitive boy!» again the old man flared up, again he realized himself and again took himself in hand. «I am not a drink, but a powerful and undaunted spirit, and there is no such magic in the world that I would not be able to do.»

          — Lazar Lagin, «Old Khottabych».

          Gin stands for Generalized Inverted Index and should be considered as a genie, not a drink.
          README
          Read more →
        • Indibiome is the new black

            Indibiome is the new black, following the steps of electric and computer engineering industries, we are foreseeing indibiome design bureaus able to solve unmet needs in healthcare, agriculture, food production, industrial applications.

            Indibiome is discussed in my previous paper in Russian (link). Shortly indibiome is indigenous microbiome, like indigenous people, term is used below in the meaning «inherent to the media, localised and optimised for sustainable existence»).

            Microbes have always been there, however technologies allowing efficient microbes manipulation and accumulated genetic and experimental data on variety of microbial communities has been on the rise only last decade. Below is my concept of interdisciplinary «indibiome bureau» and you are most welcome to give feedback.
            Read more →
          • TLS 1.3 enabled, and why you should do the same



              As we wrote in the 2018-2019 Interconnected Networks Issues and Availability Report at the beginning of this year, TLS 1.3 arrival is inevitable. Some time ago we successfully deployed the 1.3 version of the Transport Layer Security protocol. After gathering and analyzing the data, we are now ready to highlight the most exciting parts of this transition.

              As IETF TLS Working Group Chairs wrote in the article:
              “In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.”

              TLS 1.3 has arrived after 10 years of development. Qrator Labs, as well as the IT industry overall, watched the development process closely from the initial draft through each of the 28 versions while a balanced and manageable protocol was maturing that we are ready to support in 2019. The support is already evident among the market, and we want to keep pace in implementing this robust, proven security protocol.

              Eric Rescorla, the lone author of TLS 1.3 and the Firefox CTO, told The Register that:
              “It's a drop-in replacement for TLS 1.2, uses the same keys and certificates, and clients and servers can automatically negotiate TLS 1.3 when they both support it,” he said. “There's pretty good library support already, and Chrome and Firefox both have TLS 1.3 on by default.”
              Read more →
            • Thoughts On Elixir: Pros And Cons Of The Most Popular Tool For High-Load Dev



                Why is Elixir/Phoenix achieving such a high rate of adoption in the software development industry? What are the best use cases of this language? Are there any drawbacks when using it? We talked to Sergiy Kukunin, a full-stack developer at Spotlight and an Elixir expert, to find answers to these and other questions.
                Read more →
              • Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

                  Picture 5

                  You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
                  Read more →
                • Citymobil — a manual for improving availability amid business growth for startups. Part 2



                    This is a second article out of a series «Citymobil — a manual for improving availability amid business growth for startups». You can read the first part here. Let’s continue to talk about the way we managed to improve the availability of Citymobil services. In the first article, we learned how to count the lost trips. Ok, we are counting them. What now? Now that we are equipped with an understandable tool to measure the lost trips, we can move to the most interesting part — how do we decrease losses? Without slowing down our current growth! Since it seemed to us that the lion’s share of technical problems causing the trips loss had something to do with the backend, we decided to turn our attention to the backend development process first. Jumping ahead of myself, I’m going to say that we were right — the backend became the main site of the battle for the lost trips.
                    Read more →
                  • Getting Ready for macOS’s Hardened Runtime and Notary

                      With macOS Mojave, Apple introduced support for Hardened Runtime and Notary service. These two services are designed to improve application security on macOS. Recently Apple has stated:


                      “Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.”



                      Today will help you to understand new rules from the Xamarin point of view.
                      Read more →