• Thoughts On Elixir: Pros And Cons Of The Most Popular Tool For High-Load Dev

      Why is Elixir/Phoenix achieving such a high rate of adoption in the software development industry? What are the best use cases of this language? Are there any drawbacks when using it? We talked to Sergiy Kukunin, a full-stack developer at Spotlight and an Elixir expert, to find answers to these and other questions.
      Read more →
    • Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

        Picture 5

        You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
        Read more →
      • Citymobil — a manual for improving availability amid business growth for startups. Part 2

          This is a second article out of a series «Citymobil — a manual for improving availability amid business growth for startups». You can read the first part here. Let’s continue to talk about the way we managed to improve the availability of Citymobil services. In the first article, we learned how to count the lost trips. Ok, we are counting them. What now? Now that we are equipped with an understandable tool to measure the lost trips, we can move to the most interesting part — how do we decrease losses? Without slowing down our current growth! Since it seemed to us that the lion’s share of technical problems causing the trips loss had something to do with the backend, we decided to turn our attention to the backend development process first. Jumping ahead of myself, I’m going to say that we were right — the backend became the main site of the battle for the lost trips.
          Read more →
        • Getting Ready for macOS’s Hardened Runtime and Notary

            With macOS Mojave, Apple introduced support for Hardened Runtime and Notary service. These two services are designed to improve application security on macOS. Recently Apple has stated:

            “Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.”

            Today will help you to understand new rules from the Xamarin point of view.
            Read more →
          • Business processes. BPMN model extraction from the document. Part 1

            • Translation
            The modern projects on the optimization and the automation of many business processes, assume, as a rule, that the first step will be the analysis of the large amount of the client’s documents. The purpose of it is the modelling the business processes “as-is” in a very tight schedule. The list of the analyzed documents includes normative legal acts, industry standards, SCRUM user stories, regulations, technical specifications and other corporate documents.

            The analyst for the project faces a rather time-consuming task which is at the same time a routine one as well. It doesn’t have many means of automation at present. According to the analysis of modern means of business process modelling, even such well-known applications on the market as Enterprise Architect, ARIS, Bizagi Modeler do not have any support mechanisms for business process model building in their text description.

            This article is focused on the BPMN model extraction from the document.
            Read more →
          • Configure Visual Studio across your organization with .vsconfig

              As application requirements grow more complex, so do our solutions. Keeping developers’ environments configured across our organizations grows equally complex. Developers need to install specific workloads and components in order to build a solution. Some organizations add these requirements to their README or CONTRIBUTING documents in their repositories. Some organizations might publish these requirements in documents for new hires or even just forward emails. Configuring your development environment often becomes a day-long chore. What’s really needed is a declarative authoring model that just configures Visual Studio like you need it.

              In Visual Studio 2017 Update 15.9 we added the ability to export and import workload and component selection to a Visual Studio installation configuration file. Developers can import these files into new or existing installations. Checking these files into your source repos makes them easy to share. However, developers still need to import these to get the features they need.

              Automatically install missing components

              New in Visual Studio 2019: you can save these files as .vsconfig files in your solution root directory and when the solution (or solution directory) is opened, Visual Studio will automatically detect which components are missing and prompt you to install them.

              Read more →
            • Free Wireguard VPN service on AWS

              • Translation
              • Tutorial

              Free Wireguard VPN service on AWS

              The reasoning

              The increase of Internet censorship by authoritarian regimes expands the blockage of useful internet resources making impossible the use of the WEB and in essence violates the fundamental right to freedom of opinion and expression enshrined in the Universal Declaration of Human Rights.

              Article 19
              Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

              The following is the detailed 6 steps instruction for non-IT people to deploy free* VPN service upon Wireguard technology in Amazon Web Services (AWS) cloud infrastructure, using a 12 months free account, on an Instance (virtual machine) run by Ubuntu Server 18.04 LTS.

              I tried to make this walkthrough as friendly as possible to people far from IT. The only thing required is assiduity in repeating the steps described below.

              Read more →
            • Zoo AFL


                In this article, we're going to talk about not the classical AFL itself but about utilities designed for it and its modifications, which, in our view, can significantly improve the quality of fuzzing. If you want to know how to boost AFL and how to find more vulnerabilities faster – keep on reading!
                Read more →
              • The most common OAuth 2.0 Hacks

                  OAuth 2 overview

                  This article assumes that readers are familiar with OAuth 2. However, below a brief description of it is presented below.

                  1. The application requests authorization to access service resources from the user. The application needs to provide the client ID, client secret, redirect URI and the required scopes.
                  2. If the user authorizes the request, the application receives an authorization grant
                  3. The application requests an access token from the authorization server by presenting authentication of its own identity, and the authorization grant
                  4. If the application identity is authenticated and the authorization grant is valid, the authorization server issues the access and refresh (if required) token to the application. Authorization is complete.
                  5. The application requests the resource from the resource server and presents the access token for authentication
                  6. If the access token is valid, the resource server serves the resource to the application

                  The are some main Pros and Cons in OAuth 2.0

                  • OAuth 2.0 is easier to use and implement (compared to OAuth 1.0)
                  • Wide spread and continuing growing
                  • Short lived Tokens
                  • Encapsulated Tokens

                  — No signature (relies solely on SSL/TLS ), Bearer Tokens
                  — No built-in security
                  — Can be dangerous if used from not experienced people
                  — Too many compromises. Working group did not make clear decisions
                  — Mobile integration (web views)
                  — Oauth 2.0 spec is not a protocol, it is rather a framework — RFC 6749

                  Read more →
                  • +16
                  • 12.3k
                  • 2
                • New features for extension authors in Visual Studio 2019 version 16.1

                    Earlier this week, we released Visual Studio 2019 version 16.1 Preview 1 (see release notes). It’s the first preview of the first update to Visual Studio 2019. If you’re not already set up to get preview releases, then please do that now. The preview channel installs side-by-side with the release channel and they don’t interfere with each other. I highly recommend all extension authors install the preview.

                    Got the 16.1 preview installed now then? That’s great. Here are some features in it you might find interesting.

                    Read more →
                  • Citymobil — a manual for improving availability amid business growth for startups. Part 1

                      In this first part of an article series «Citymobil — a manual for improving availability amid business growth for startups» I’m going to break down the way we managed to dramatically scale up the availability of Citymobil services. The article opens with the story about our business, our task, the reason for this task to increase the availability emerged and limitations. Citymobil is a rapid-growing taxi aggregator. In 2018, it increased by more than 15 times in terms of number of successfully completed trips. Some months showed 50% increase compared with the previous month.

                      The business grew like a weed in every direction (it still does): there was an increase in server load, team size and number of deployments. At the same time the new threats to service availability emerged. The company faced a task of the most importance — how to increase availability without compromising company growth. In this article, I’ll talk about the way we managed to solve this task in a relatively short time.
                      Read more →
                    • Analyzing the Code of CUBA Platform with PVS-Studio

                        Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
                        Read more →
                      • Breaking down the fundamentals of C #: allocating memory for a reference type on the stack

                        • Translation
                        This article will show you the basics of types internals, as of course an example in which the memory for the reference type will be allocated completely on the stack (this is because I am a full-stack programmer).


                        This article does not contain material that should be used in real projects. It is simply an extension of the boundaries in which a programming language is perceived.

                        Before proceeding with the story, I strongly recommend you to read the first post about StructLayout, because there is an example that will be used in this article (However, as always).
                        Read more →
                      • Introducing Time Travel Debugging for Visual Studio Enterprise 2019

                          The Time Travel Debugging (TTD) preview in Visual Studio Enterprise 2019 provides the ability to record a Web app running on a Azure Virtual Machine (VM) and then accurately reconstruct and replay the execution path. TTD integrates with our Snapshot Debugger offering and allows you to rewind and replay each line of code however many times you want, helping you isolate and identify problems that might only occur in production environments.

                          Read more →
                        • Analytics For Azure DevOps Services is Now Generally Available

                            Reporting has been an important capability for Azure DevOps customers who rely on Analytics to make data driven decisions.

                            Today, we’re excited to announce that the following Analytics features listed below will be included in our Azure DevOps Services offering at no additional cost. Customers will start to see these changes rolled out to their accounts soon.

                            Read more →
                          • Selecting, caching and displaying photos on the map

                            • Translation

                            In this article, I decided to describe how the functionality of selecting and displaying photos on a specific place on the map was implemented in our photo service gfranq.com. The photo service does not work now.

                            Since we had a lot of photos in our service and sending requests to database every time the viewport changes was too resource-intensive, it was logical to divide the map into several areas that contain information about the retrieved data. For obvious reasons, these areas have rectangular shape (although hexagonal grid was considered too). As the areas become more spherical at large scales, elements of spherical geometry and tools for it were also considered.

                            In this article, the following issues were raised:

                            • Storing and retrieving photos from the database and caching them on the server (SQL, C#, ASP.NET).
                            • Downloading necessary photos on the client side and saving them to the client cache (JavaScript).
                            • Recalculation of photos that must be hidden or shown when the viewport changes.
                            • Elements of spherical geometry.
                            Read more →