• Introducing Orleans 3.0

      This is a guest post from the Orleans team. Orleans is a cross-platform framework for building distributed applications with .NET. For more information, see https://github.com/dotnet/orleans.

      We are excited to announce the Orleans 3.0 release. A great number of improvements and fixes went in, as well as several new features, since Orleans 2.0. These changes were driven by the experience of many people running Orleans-based applications in production in a wide range of scenarios and environments, and by the ingenuity and passion of the global Orleans community that always strives to make the codebase better, faster, and more flexible. A BIG Thank You to all who contributed to this release in various ways!

      Read more →
    • How elliptic curve cryptography works in TLS 1.3


        A couple of reader alerts:

        In order to (somewhat) simplify the description process and tighten the volume of the article we are going to write, it is essential to make a significant remark and state the primary constraint right away — everything we are going to tell you today on the practical side of the problematics is viable only in terms of TLS 1.3. Meaning that while your ECDSA certificate would still work in TLS 1.2 if you wish it worked, providing backwards compatibility, the description of the actual handshake process, cipher suits and client-server benchmarks covers TLS 1.3 only. Of course, this does not relate to the mathematical description of algorithms behind modern encryption systems.

        This article was written by neither a mathematician nor an engineer — although those helped to find a way around scary math and reviewed this article. Many thanks to Qrator Labs employees.

        (Elliptic Curve) Diffie-Hellman (Ephemeral)

        The Diffie–Hellman legacy in the 21 century

        Of course, this has started with neither Diffie nor Hellman. But to provide a correct timeline, we need to point out main dates and events.

        There were several major personas in the development of modern cryptography. Most notably, Alan Turing and Claud Shannon both laid an incredible amount of work over the field of theory of computation and information theory as well as general cryptanalysis, and both Diffie and Hellman, are officially credited for coming up with the idea of public-key (or so-called asymmetric) cryptography (although it is known that in the UK there were made serious advances in cryptography that stayed under secrecy for a very long time), making those two gentlemen pioneers.

        In what exactly?
        Read more →
      • On request of Embedded Developers: Detecting Errors in Amazon FreeRTOS

          Anyone who programs microcontrollers probably knows about FreeRTOS, or at least heard of this operating system. Amazon developers decided to enhance the abilities of this operating system to work with AWS Internet of Things services. This is how Amazon FreeRTOS appeared. We, developers of the PVS-Studio static code analyzer, were asked by mail and in comments to check these projects. Well, now get what you asked for. Keep reading to find out what came out of it.

          Read more →
        • A City Without Traffic Jams

            Chapter 2.
            (the link to Chapter 1)

            The Art of Designing Road Networks

            Transport problems of a city through the eyes of a Computer Scientist

            If I were recommended an article with the title “The Art of Designing Road Networks,” I would immediately ask how many road networks were built with the participation of its author. I must admit, my professional activity was far from road construction and was recently associated with the design of microprocessors where I, among other responsibilities, was engaged in the resource consumption of data switching. At that time my table stood just opposite the panoramic window which opened up a beautiful view of the long section of the Volgograd Highway and part of the Third Transport Ring with their endless traffic jams from morning to evening, from horizon to horizon. One day, I had a sudden shock of recognition: “The complexities of the data switching process that I struggle with on a chip may be similar to the difficulties the cars face as they flow through the labyrinth of road network”.
            Probably, this view from the outside and the application of methods that were not traditional for the area in question gave me a chance to understand the cause of traffic jams and make recommendations on how to overcome the problem in practice.
            Read more →
          • Checking the OpenCvSharp Wrapper for OpenCV with PVS-Studio

              Рисунок 2

              OpenCV is an open-source library of computer vision and image processing algorithms and general-purpose numerical algorithms. The library is well known among C++ developers. Besides C++, there are also versions for Python, Java, Ruby, Matlab, Lua, and other languages. Since C#, which is the language I specialize in, is not on that list, I chose OpenCvSharp, a C# wrapper of OpenCV, to check it with PVS-Studio. The results of that check are discussed in this article.
              Read more →
            • Improving form controls in Microsoft Edge and Chromium

                Since we began work on the next version of Microsoft Edge based on Chromium, we’ve been investigating ways to modernize form controls to provide a modern appearance as well as the touch friendliness and accessibility that our users expect from Microsoft Edge today.

                Over the past few months, we’ve been collaborating closely with the Google Chrome team on this project, and are excited to share the refreshed controls that will be coming to Microsoft Edge Insider builds, or other Chromium browsers near you.

                Read more →
              • AdBlock has stolen the banner, but banners are not teeth — they will be back

              • Analyzing the Code of ROOT, Scientific Data Analysis Framework

                  Picture 3
                  While Stockholm was holding the 118th Nobel Week, I was sitting in our office, where we develop the PVS-Studio static analyzer, working on an analysis review of the ROOT project, a big-data processing framework used in scientific research. This code wouldn't win a prize, of course, but the authors can definitely count on a detailed review of the most interesting defects plus a free license to thoroughly check the project on their own.


                  Picture 1

                  ROOT is a modular scientific software toolkit. It provides all the functionalities needed to deal with big data processing, statistical analysis, visualisation and storage. It is mainly written in C++. ROOT was born at CERN, at the heart of the research on high-energy physics. Every day, thousands of physicists use ROOT applications to analyze their data or to perform simulations.
                  Read more →
                • Tarantool Kubernetes Operator

                    Kubernetes has already become a de-facto standard for running stateless applications, mainly because it can reduce time-to-market for new features. Launching stateful applications, such as databases or stateful microservices, is still a complex task, but companies have to meet the competition and maintain a high delivery rate. So they create a demand for such solutions.

                    We want to introduce our solution for launching stateful Tarantool Cartridge clusters: Tarantool Kubernetes Operator, more under the cut.
                    Read more →
                  • Scanning the code of Orchard CMS for Bugs

                      Picture 6

                      This article reviews the results of a second check of the Orchard project with the PVS-Studio static analyzer. Orchard is an open-source content manager system delivered as part of the ASP.NET Open Source Gallery under the non-profit Outercurve Foundation. Today's check is especially interesting because both the project and the analyzer have come a long way since the first check, and this time we'll be looking at new diagnostic messages and some nice bugs.
                      Read more →
                    • Tarantool Data Grid: Architecture and Features

                        In 2017, we won the competition for the development of the transaction core for Alfa-Bank's investment business and started working at once. (Vladimir Drynkin, Development Team Lead for Alfa-Bank's Investment Business Transaction Core, spoke about the investment business core at HighLoad++ 2018.) This system was supposed to aggregate transaction data in different formats from various sources, unify the data, save it, and provide access to it.

                        In the process of development, the system evolved and extended its functions. At some point, we realized that we created something much more than just application software designed for a well-defined scope of tasks: we created a system for building distributed applications with persistent storage. Our experience served as a basis for the new product, Tarantool Data Grid (TDG).

                        I want to talk about TDG architecture and the solutions that we worked out during the development. I will introduce the basic functions and show how our product could become the basis for building turnkey solutions.
                        Read more →
                      • Giving a presentation with perfect UI/UX design


                          Every single one of us gives presentations from time to time. What can be difficult about creating a couple of slides with great UI and nice content, right? Well… not really actually. In real life, things may get difficult.

                          You want to cover the whole topic and give as much information as fits on a slide. Then you go to Google to find some awesome pictures, and finally, cover it all with some fancy animation. And here is where things start falling apart: how do you balance all this stuff?

                          Take our helping hand, as we are here to show you how to create a presentation with both perfect user experience and user interface. Let's find out how to create perfect UI & UX design in a presentation.

                          Read more →
                          • +16
                          • 2.6k
                          • 2
                        • Don't forget about Open Graph

                          • Tutorial
                          Open Graph protocol is a web standard originally developed by Facebook that turns any webpage into a graph object with title, description, image and so on. Even though there is no direct correlation between OG meta tags and improved SEO rankings, it still drives more traffic to your webpage by making it more “attractive” in social networks (Facebook, Twitter, Linkedin, etc).

                          An example of a link shared in Twitter that has «og:image» and «og:title».


                          Adding OG (and not only) meta tags into your React app

                          Without further due let’s jump into newly created React app with create-react-app and OG meta tags to /public/index.html. It should look like something like this:

                          <!DOCTYPE html>
                                <meta charSet="utf-8"/>
                                <meta http-equiv="x-ua-compatible" content="ie=edge"/>
                                <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
                                <link rel="alternate" type="application/rss+xml" href="/rss.xml"/>
                                <title>Awesome App</title>
                                <meta property="og:title" content="Awesome app - the best app ever" />
                                <meta property="og:type" content="website" />
                                <meta property="og:image" content="https://picsum.photos/id/52/1200/600" />
                                <meta property="og:description" content="Describe stuff here." />
                                <meta property="og:url" content="yourawesomeapp.com" />
                                <noscript>This app works best with JavaScript enabled.</noscript>
                                <div id="root"></div>

                          Read more →
                        • MacOS 10.15 no longer supports 32-bit apps. What can you do?

                            Picture 2

                            On October 7, 2019, Apple released a new version of its Mac operating system, macOS Catalina. Version 10.15 contains many changes and improvements. One of the significant is the complete phasing out of 32-bit applications. As a developer of such macOS apps, what can you do? That's right, port the app to the 64-bit platform. Will the application work properly from the first attempt? Perhaps, it's possible. Depends on the complexity and amount of the code. But most likely, developers will face a lot of non-obvious errors, which can previously detected using PVS-Studio.
                            Read more →
                          • Vue.js Is Good, But Is It Better Than Angular or React?

                            Vue.js is a JavaScript library for building web interfaces. Combining with some other tools It also becomes a “framework”. Now, from our last blog, you already know that Vue.js is one of the top JavaScript frameworks and it is replacing Angular and React in many cases. This brings in the topic of this blog ‘Vue.js is good, but is it better than Angular or React?

                            In case you’ve never heard or used Vue.js before, you are probably thinking: Come on! yet another JavaScript framework! We get it. However, Vue.js is not new in the custom software development domain. It was first released in 2013 and now it has 130549 stars on Github and downloaded a number of times this year.
                            Read more →
                          • Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using PVS-Studio

                              Picture 11

                              Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.
                              Read more →
                            • Тarantool Cartridge: Sharding Lua Backend in Three Lines

                                In Mail.ru Group, we have Tarantool, a Lua-based application server and a database united. It's fast and classy, but the resources of a single server are always limited. Vertical scaling is also not the panacea. That is why Tarantool has some tools for horizontal scaling, or the vshard module [1]. It allows you to spread data across multiple servers, but you'll have to tinker with it for a while to configure it and bolt on the business logic.

                                Good news: we got our share of bumps (for example, [2], [3]) and created another framework, which significantly simplifies the solution to this problem.

                                Тarantool Cartridge is the new framework for developing complex distributed systems. It allows you to concentrate on writing business logic instead of solving infrastructure problems. Under the cut, I will tell you how this framework works and how it could help in writing distributed services.
                                Read more →
                              • Azure PowerShell: Mostly Harmless

                                  Picture 6

                                  Hello, everyone. Today we have another Microsoft project on the check. By the title of this article, you can guess that this time developers didn't «please» us with a large number of errors. We hope the project's authors won't be offended by the title. After all, a small number of errors is great, isn't it? However, we still managed to find something intriguing in the Azure PowerShell code. We suggest getting to know the features of this project and checking out errors, found using the PVS-Studio C# analyzer.
                                  Read more →