• Blazor now in official preview

      With this newest Blazor release we’re pleased to announce that Blazor is now in official preview! Blazor is no longer experimental and we are committing to ship it as a supported web UI framework including support for running client-side in the browser on WebAssembly.

      A little over a year ago we started the Blazor experimental project with the goal of building a client web UI framework based on .NET and WebAssembly. At the time Blazor was little more than a prototype and there were lots of open questions about the viability of running .NET in the browser. Since then we’ve shipped nine experimental Blazor releases addressing a variety of concerns including component model, data binding, event handling, routing, layouts, app size, hosting models, debugging, and tooling. We’re now at the point where we think Blazor is ready to take its next step.

      Blazor icon
      Read more →
    • Statistics and monitoring of PHP scripts in real time. ClickHouse and Grafana go to Pinba for help

      • Tutorial
      In this article I will explain how to use pinba with clickhouse and grafana instead of pinba_engine and pinboard.

      On the php project pinba is probably the only reliable way to understand what is happening with performance. But usually people start to use pinba only when problems are already observed and it isn't clear where to look in.

      Often developers have no idea how many RPS each script has. So they begin to optimize starting from places that seem to have problem.

      Someone is analyzing the nginx logs, and someone is slow queries in the database.

      Of course pinba would not be superfluous, but there are several reasons why it is not on every project.

      Read more →
    • Indexes in PostgreSQL — 7 (GIN)

      • Translation
      We have already got acquainted with PostgreSQL indexing engine and the interface of access methods and discussed hash indexes, B-trees, as well as GiST and SP-GiST indexes. And this article will feature GIN index.


      «Gin?.. Gin is, it seems, such an American liquor?..»
      «I'm not a drink, oh, inquisitive boy!» again the old man flared up, again he realized himself and again took himself in hand. «I am not a drink, but a powerful and undaunted spirit, and there is no such magic in the world that I would not be able to do.»

      — Lazar Lagin, «Old Khottabych».

      Gin stands for Generalized Inverted Index and should be considered as a genie, not a drink.
      Read more →
    • TLS 1.3 enabled, and why you should do the same

        As we wrote in the 2018-2019 Interconnected Networks Issues and Availability Report at the beginning of this year, TLS 1.3 arrival is inevitable. Some time ago we successfully deployed the 1.3 version of the Transport Layer Security protocol. After gathering and analyzing the data, we are now ready to highlight the most exciting parts of this transition.

        As IETF TLS Working Group Chairs wrote in the article:
        “In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.”

        TLS 1.3 has arrived after 10 years of development. Qrator Labs, as well as the IT industry overall, watched the development process closely from the initial draft through each of the 28 versions while a balanced and manageable protocol was maturing that we are ready to support in 2019. The support is already evident among the market, and we want to keep pace in implementing this robust, proven security protocol.

        Eric Rescorla, the lone author of TLS 1.3 and the Firefox CTO, told The Register that:
        “It's a drop-in replacement for TLS 1.2, uses the same keys and certificates, and clients and servers can automatically negotiate TLS 1.3 when they both support it,” he said. “There's pretty good library support already, and Chrome and Firefox both have TLS 1.3 on by default.”
        Read more →
      • Thoughts On Elixir: Pros And Cons Of The Most Popular Tool For High-Load Dev

          Why is Elixir/Phoenix achieving such a high rate of adoption in the software development industry? What are the best use cases of this language? Are there any drawbacks when using it? We talked to Sergiy Kukunin, a full-stack developer at Spotlight and an Elixir expert, to find answers to these and other questions.
          Read more →
        • Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

            Picture 5

            You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
            Read more →
          • AdBlock has stolen the banner, but banners are not teeth — they will be back

          • Citymobil — a manual for improving availability amid business growth for startups. Part 2

              This is a second article out of a series «Citymobil — a manual for improving availability amid business growth for startups». You can read the first part here. Let’s continue to talk about the way we managed to improve the availability of Citymobil services. In the first article, we learned how to count the lost trips. Ok, we are counting them. What now? Now that we are equipped with an understandable tool to measure the lost trips, we can move to the most interesting part — how do we decrease losses? Without slowing down our current growth! Since it seemed to us that the lion’s share of technical problems causing the trips loss had something to do with the backend, we decided to turn our attention to the backend development process first. Jumping ahead of myself, I’m going to say that we were right — the backend became the main site of the battle for the lost trips.
              Read more →
            • Getting Ready for macOS’s Hardened Runtime and Notary

                With macOS Mojave, Apple introduced support for Hardened Runtime and Notary service. These two services are designed to improve application security on macOS. Recently Apple has stated:

                “Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.”

                Today will help you to understand new rules from the Xamarin point of view.
                Read more →
              • Business processes. BPMN model extraction from the document. Part 1

                • Translation
                The modern projects on the optimization and the automation of many business processes, assume, as a rule, that the first step will be the analysis of the large amount of the client’s documents. The purpose of it is the modelling the business processes “as-is” in a very tight schedule. The list of the analyzed documents includes normative legal acts, industry standards, SCRUM user stories, regulations, technical specifications and other corporate documents.

                The analyst for the project faces a rather time-consuming task which is at the same time a routine one as well. It doesn’t have many means of automation at present. According to the analysis of modern means of business process modelling, even such well-known applications on the market as Enterprise Architect, ARIS, Bizagi Modeler do not have any support mechanisms for business process model building in their text description.

                This article is focused on the BPMN model extraction from the document.
                Read more →
              • Configure Visual Studio across your organization with .vsconfig

                  As application requirements grow more complex, so do our solutions. Keeping developers’ environments configured across our organizations grows equally complex. Developers need to install specific workloads and components in order to build a solution. Some organizations add these requirements to their README or CONTRIBUTING documents in their repositories. Some organizations might publish these requirements in documents for new hires or even just forward emails. Configuring your development environment often becomes a day-long chore. What’s really needed is a declarative authoring model that just configures Visual Studio like you need it.

                  In Visual Studio 2017 Update 15.9 we added the ability to export and import workload and component selection to a Visual Studio installation configuration file. Developers can import these files into new or existing installations. Checking these files into your source repos makes them easy to share. However, developers still need to import these to get the features they need.

                  Automatically install missing components

                  New in Visual Studio 2019: you can save these files as .vsconfig files in your solution root directory and when the solution (or solution directory) is opened, Visual Studio will automatically detect which components are missing and prompt you to install them.

                  Read more →
                • Free Wireguard VPN service on AWS

                  • Translation
                  • Tutorial

                  Free Wireguard VPN service on AWS

                  The reasoning

                  The increase of Internet censorship by authoritarian regimes expands the blockage of useful internet resources making impossible the use of the WEB and in essence violates the fundamental right to freedom of opinion and expression enshrined in the Universal Declaration of Human Rights.

                  Article 19
                  Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

                  The following is the detailed 6 steps instruction for non-IT people to deploy free* VPN service upon Wireguard technology in Amazon Web Services (AWS) cloud infrastructure, using a 12 months free account, on an Instance (virtual machine) run by Ubuntu Server 18.04 LTS.

                  I tried to make this walkthrough as friendly as possible to people far from IT. The only thing required is assiduity in repeating the steps described below.

                  Read more →
                • Zoo AFL


                    In this article, we're going to talk about not the classical AFL itself but about utilities designed for it and its modifications, which, in our view, can significantly improve the quality of fuzzing. If you want to know how to boost AFL and how to find more vulnerabilities faster – keep on reading!
                    Read more →
                  • The most common OAuth 2.0 Hacks

                      OAuth 2 overview

                      This article assumes that readers are familiar with OAuth 2. However, below a brief description of it is presented below.

                      1. The application requests authorization to access service resources from the user. The application needs to provide the client ID, client secret, redirect URI and the required scopes.
                      2. If the user authorizes the request, the application receives an authorization grant
                      3. The application requests an access token from the authorization server by presenting authentication of its own identity, and the authorization grant
                      4. If the application identity is authenticated and the authorization grant is valid, the authorization server issues the access and refresh (if required) token to the application. Authorization is complete.
                      5. The application requests the resource from the resource server and presents the access token for authentication
                      6. If the access token is valid, the resource server serves the resource to the application

                      The are some main Pros and Cons in OAuth 2.0

                      • OAuth 2.0 is easier to use and implement (compared to OAuth 1.0)
                      • Wide spread and continuing growing
                      • Short lived Tokens
                      • Encapsulated Tokens

                      — No signature (relies solely on SSL/TLS ), Bearer Tokens
                      — No built-in security
                      — Can be dangerous if used from not experienced people
                      — Too many compromises. Working group did not make clear decisions
                      — Mobile integration (web views)
                      — Oauth 2.0 spec is not a protocol, it is rather a framework — RFC 6749

                      Read more →
                      • +16
                      • 16.9k
                      • 2
                    • New features for extension authors in Visual Studio 2019 version 16.1

                        Earlier this week, we released Visual Studio 2019 version 16.1 Preview 1 (see release notes). It’s the first preview of the first update to Visual Studio 2019. If you’re not already set up to get preview releases, then please do that now. The preview channel installs side-by-side with the release channel and they don’t interfere with each other. I highly recommend all extension authors install the preview.

                        Got the 16.1 preview installed now then? That’s great. Here are some features in it you might find interesting.

                        Read more →
                      • Citymobil — a manual for improving availability amid business growth for startups. Part 1

                          In this first part of an article series «Citymobil — a manual for improving availability amid business growth for startups» I’m going to break down the way we managed to dramatically scale up the availability of Citymobil services. The article opens with the story about our business, our task, the reason for this task to increase the availability emerged and limitations. Citymobil is a rapid-growing taxi aggregator. In 2018, it increased by more than 15 times in terms of number of successfully completed trips. Some months showed 50% increase compared with the previous month.

                          The business grew like a weed in every direction (it still does): there was an increase in server load, team size and number of deployments. At the same time the new threats to service availability emerged. The company faced a task of the most importance — how to increase availability without compromising company growth. In this article, I’ll talk about the way we managed to solve this task in a relatively short time.
                          Read more →
                        • Analyzing the Code of CUBA Platform with PVS-Studio

                            Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
                            Read more →
                          • Breaking down the fundamentals of C #: allocating memory for a reference type on the stack

                            • Translation
                            This article will show you the basics of types internals, as of course an example in which the memory for the reference type will be allocated completely on the stack (this is because I am a full-stack programmer).


                            This article does not contain material that should be used in real projects. It is simply an extension of the boundaries in which a programming language is perceived.

                            Before proceeding with the story, I strongly recommend you to read the first post about StructLayout, because there is an example that will be used in this article (However, as always).
                            Read more →