This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

In this report, Bitfury shares analysis completed by its Crystal Blockchain Analytics engineering team on the movement of bitcoin from the Zaif exchange, Bithumb exchange and Electrum wallets.

Google and Facebook are the computerized behemoths who dependably contend. Their answers for designers Angular and React appear matches as well. Demand helps look at both. The article was initially posted here

Toward the start of its advancement, SPA web stages did not have an adaptable however basic framework for making the ventures that could revise and, now and again, supplant both portable and work area applications. Around then, a client whose issue was very basic needed to discover an application equipped for tackling the issue. Over the span of time, the advancements continued pushing ahead making web administrations gain ubiquity since the last had no should be introduced. What was required is simply to visit a site for getting to some administration. Already, such errands could be tackled through sites written in either ActionScript or Java. Nonetheless, those frameworks required to introduce either Flash or Java being in the meantime a long way from the speed expected by the clients.@Angular

By then, JavaScript advanced adequately to desert its adversaries because of a fast, improvement straightforwardness, and ceaseless help of the programs' engineers. The period of JavaScript began inciting such definition as SPA (Single Page Application) which gave another way to deal with the advancement of web stages. Not at all like its precursor MPA (Multi-Page Application), SPA permitted a web administration to work a lot quicker just as to give it an increasingly refined usefulness fit for changing progressively as per clients' needs. The greatest disadvantage was in unadulterated JavaScript which couldn't give a quick improvement when even a crude SPA web administration required a ton of time to be made. That is the reason Google chosen to help the methodology with a system that could enable different organizations to create muddled web administrations without investing a lot of energy for it.

Some time ago among security researchers, it was very “fashionable” to find improperly configured AWS cloud storages with various kinds of confidential information. At that time, I even published a small note about how Amazon S3 open cloud storage is discovered.

However, time passes and the focus in research has shifted to the search for unsecured and exposed public domain databases. More than half of the known cases of large data leaks over the past year are leaks from open databases.

Today we will try to figure out how such databases are discovered by security researchers...

If not to take into account releases for Android and a dozen of abandoned projects just before they were ready, then yes, it is our first game appropriate for more than one platform. How did it all start? Very simply. We worked on another project, let’s call it “project A”, and we’d been working on it for a long time when we decided to make a game during a couple of months and use it to train our marketing skills, and then immediately release our “project A” when we would be more experienced in the promotion of games. But the plan failed and “project A” was kept untouched for the whole year. But this story isn’t about “project A”, it’s about a logical game called «Cubicity: Slide puzzle».

I made the “electric” designer of… cardboard. Alas, the project still remains at the prototype stage, not developing into an industrial “physical” look and is waiting for its time (and investor).

But I decided to go further — once we started making cardboard, we’ll bring the situation to its logical conclusion — we’ll make a complete cardboard board game, but with an electric setting and a learning effect. There were a lot of options — starting from a simple “walker” and ending with Ameritrash from a zombie with electron movement and vicious short circuits and swollen capacitors.

As a result, I decided to dwell on a logical abstract, since the schematics of electrical circuits are very suitable for it. Said and done — as a result of the first iteration, the game “Circuit” was born.

Нажмите здесь, чтобы прочитать русскоязычную версию

Every old hardware enthusiast has a fetish. In the eastern Europe it's often a clone of Sinclair ZX Spectrum, as they were extremely popular there, as well as in Britain and Spain though. Unfortunately, ZX Spectrum left very little legacy. IBM PC 5150 is a different beast. Many love this computer for its heritage. For it has eventually became an ultimate PC. The PC. But although the history of this computer is very well known, surprisingly enough not many people know what was under the bonnet of the very first IBM PC.

Hi, my name is Vladislav, and I am a member of the Tarantool development team. Tarantool is a DBMS and an application server all in one. Today I am going to tell the story of how we implemented horizontal scaling in Tarantool by means of the VShard module.

Some basic knowledge first.

There are two types of scaling: horizontal and vertical. And there are two types of horizontal scaling: replication and sharding. Replication ensures computational scaling whereas sharding is used for data scaling.

Sharding is also subdivided into two types: range-based sharding and hash-based sharding.

Range-based sharding implies that some shard key is computed for each cluster record. The shard keys are projected onto a straight line that is separated into ranges and allocated to different physical nodes.

Hash-based sharding is less complicated: a hash function is calculated for each record in a cluster; records with the same hash function are allocated to the same physical node.

I will focus on horizontal scaling using hash-based sharding.

Somewhere in an alternative Universe, based on MWI, I became a genius in physics. But in our Universe, I just read professional publications in physics, trying to keep myself up to date, meanwhile working as pizza delivery guy as DBA. Because of a slightly deeper knowledge of the subject it is almost impossible for me to watch the Discovery channel and other popular TV shows and the YouTube videos. I see nothing but oversimplifications, lies, and half-truths and can’t enjoy the shows.

I decided to compile a list of the most popular misconceptions. And the winner is...., or course, this one:

The Big Bang

Usually it is pictured like this:

A lot of world’s leading companies experiment and implement IoT solutions for diverse operational areas. The growth of demand for IoT in both consumer and industrial uses is evident.
Internet of Things (IoT) provides gigantic scope of possible applications for:

RUVDS together with Habr.com continues the series of interviews with interesting people in computer field. Previously we met Boris Yangel, who heads AI development of Yandex’s Alice voice assistant.

Today we bring you an interview with Richard (Levelord) Gray — level designer of such legendary games as Duke Nukem, American McGee Alice, Heavy Metal F.A.K.K.2, SiN, and Serious Sam. And he is the one who coined the famous phrase «You are not supposed to be here». Richard was born and spent most of his life in USA, but several years ago he moved to Moscow to his russian wife and daughter.

These who speak to Richard are Nick Zemlyanskiy, editor of Habr.com, and Nikita Tsaplin, co-founder and managing partner of RUVDS company.


→ Text and video in Russian

Sometimes you can meet a case when a cyber-attacker uses VPN to establish a reliable channel between C2 server and infected IT-infrastructure. And, as Threat Intelligence experts say, attackers often use native Windows VPN connection tools and Windows .pbk (phonebook) files. Lets find out how we can detect it using a memory dump.

What is .pbk file and how does it look inside? It's just a text file with a lot of different parameters using when VPN connection is establishing.

Interface

In the first article, we've mentioned that an access method must provide information about itself. Let's look into the structure of the access method interface.

Properties

All properties of access methods are stored in the «pg_am» table («am» stands for access method). We can also get a list of available methods from this same table:

postgres=# select amname from pg_am;

 amname
--------
 btree
 hash
 gist
 gin
 spgist
 brin
(6 rows)

Although sequential scan can rightfully be referred to access methods, it is not on this list for historical reasons.

In PostgreSQL versions 9.5 and lower, each property was represented with a separate field of the «pg_am» table. Starting with version 9.6, properties are queried with special functions and are separated into several layers:

• Access method properties — «pg_indexam_has_property»
• Properties of a specific index — «pg_index_has_property»
• Properties of individual columns of the index — «pg_index_column_has_property»

The access method layer and index layer are separated with an eye towards the future: as of now, all indexes based on one access method will always have the same properties.

Create your first intelligent bot with Microsoft AI

Artificial intelligence (AI) is accelerating the digital transformation for every industry, with examples spanning manufacturing, retail, finance, healthcare, and many others. At this rate, every industry will be able to use AI to amplify human ingenuity. In this e-book, Anand Raman and Wee Hyong Tok from Microsoft provide a comprehensive roadmap for developers to build their first AI-infused application.

Using a Conference Buddy as an example, you’ll learn the key ingredients needed to develop an intelligent chatbot that helps conference participants interact with speakers. This e-book provides a gentle introduction to the tools, infrastructure, and services on the Microsoft AI Platform, and teaches you how to create powerful, intelligent applications.

This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

If someone of you has tried create angular libraries, he may face the issue with lazy loading Feature Module from node_modules. Let's dive deeper and go thru the dark water.

Creating library tools

Just a few months ago there were a lot of buzz because IETF in expedited time frame (about one year) accepted DNS over HTTPS (DoH) as a standard (RFC-8484). The discussions about that are still going on because of its controversy. My personal opinion is that DoH is good for personal privacy (if you know how to use it and trust your DNS provider) but it is a security risk for enterprises. DNS over TLS (DoT) is a better alternative for enterprise customers only because it uses a well-defined TCP port but for personal privacy it is not good because of the same reason (easy to block).

Discovering git vendor extension.

Cross-post from my medium blog: https://medium.com/opsops/git-vendor-295db4bcec3a

I would like to introduce the proper way to handle vendoring of git repositories.

What is is ‘vendoring’?

Vendoring is a way to integrate other’s work into your own. It’s the opposite of ‘linking’ against third-party library. Instead of having that library as a dependency, application uses this library as a part of own source code and keep that code ‘inside’ itself.

Normally, vendoring is done by language tooling: bundler, cargo, pip, etc. But sometimes you need to vendor something not covered by any existing toolset, or something multi-language, that it’s impossible to find the ‘core’ language tool for that.

The solution for this situation is vendoring on a git level. You have your own git repository (I call it ‘destination repo’), and you want to incorporate some other repository (I call it ‘source repo’) as a directory into your (destination repo).

The things you expect from a well-designed vendoring system (regardless of Git it is or not):

• Visibility. You want to know that some code is vendored, means it wasn’t written by committer.

^{Beautiful scheme for BGP connection to Qrator filtering network}

A little historical overview

• BGP hijacks — when an ISP originates an advertisement of address space that does not belong to it;
• BGP route leaks — when an ISP advertises prefixes received from one provider or peer to another provider or peer.

This week it has been 11 years since the memorable YouTube BGP incident, provoked by the global propagation of a more specific prefix announce, originated by the Pakistan Telecom, leading to an almost 2 hour in duration traffic disruption in the form of redirecting traffic from legitimate path to the bogus one. We could guess if that event was intentional, and even a correct answer wouldn’t help us completely prevent such incidents from happening today. While you read this, a route leak or a hijack is spreading over the networks. Why? Because BGP is not easy, and configuring a correct and secure setup is even harder (yet).

In these eleven years, BGP hijacking became quite damaging attack vector due to the BGP emplacement in the architecture of modern internet. Thanks to BGP, routers not only acquire peer information, and therefore all the Internet routes — they are able of calculating the best path for traffic to its destination through many intermediate (transit) networks, each representing an individual AS. A single AS is just a group of IPv4 and/or IPv6 networks operating under a single external routing policy.

In autumn, we announced we were going to expand our IT team from 49 to 250 developers. And immediately we were buried under an avalanche of questions — mostly, people were interested why a pizza chain needs so many software engineers. How did we come up with such a number? So now I want to answer that.