• Analyzing the Code of CUBA Platform with PVS-Studio


      Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
      Read more →
    • You Do Not Need Blockchain: Eight Well-Known Use Cases And Why They Do Not Work

        image


        People are resorting to blockchain for all kinds of reasons these days. Ever since I started doing smart contract security audits in mid-2017, I’ve seen it all. A special category of cases is ‘blockchain use’ that seems logical and beneficial, but actually contains a problem that then spreads from one startup to another. I am going to give some examples of such problems and ineffective solutions so that you (developer/customer/investor) know what to do when somebody offers you to use blockchain this way.


        Disclaimers


        • The described use cases and problems occur at the initial stage. I am not saying these problems are impossible to solve. However, it is important to understand which solutions system creators offer for particular problems.
        • Even though the term ‘blockchain use’ looks strange and I am not sure that blockchain can be used for anything other than money (Bitcoin), I am going to use it without quotes.

        1. Supply chain management


        Let’s say you ordered some goods, and a carrier guarantees to maintain certain transportation conditions, such as keeping your goods cold. A proposed solution is to install a sensor in a truck that will monitor fridge temperature and regularly transmit the data to the blockchain. This way, you can make sure that the promised conditions are met along the entire route.

        Read more →
      • 6 Applications for the Industrial IoT

          “Come on, baby, what’s wrong? Tell me what you need,” my uncle Nicholas was shredding up his old car’s engine, which totally refused to start. Being a schoolboy back then, I was absolutely sure that any exhortation my uncle voiced was powerless against a dumb ton of metal. Talking to a car was just a psychological trick that probably helped my uncle cope with exasperation. Moreover, neither me nor my uncle believed in a possibility to communicate with “dead metal” sometime in the near future. That was in the mid-1980s. When I reached the age of my uncle, the situation changed radically.
          Read more →
        • Vim for beginners

          • Tutorial


          Like any developer, you are constantly developing. You are learning new technologies by reading books, watching online lessons, attending some courses, and so on and so forth. You know that if you stop learning, you become uncompetitive. But have you ever thought about your performance? How do you improve that? If you don't know how to answer than welcome under the cut.

          Read more →
          • +22
          • 8.7k
          • 2
        • My experience of advertising and development of Android and iOS application



            Let me share an interesting experience in promotion of a mobile game.

            1. Introduction


            I am going to describe all the benefits and of course show the final results. The example will be the mobile game Quick Brain which is available for Android и iOS. Quick Brain Android was released the first that's why its possibilities differ considerably from iOS version.

            I have been always kept by the thoughts that everyone's talking about high returns in contrast with Android. I just couldn't resist such attractive prospects and started more active refinement of iOS version in order to feel less embarrassed about it.

            After Google play iOS has become an absolutely new field for the games for me. During my comparative experiment I've found out that iOS version can bring comparable earnings to Android with daily audience 3 to 10 times less depending on the country.
            Читать дальше →
          • What to think during NALSD interview

              There are a lot of posts about what a typical coding interview at Google looks like. But, while not as widely described and discussed, there is also quite often a system design interview. For an SRE position it’s NALSD: non-abstract large system design. The key difference between SWE and SRE interviews consists in these two letters: NA.

              So, what is the difference? How to be prepared for this interview? Let’s be non-abstract, and use an example. To be more non-abstract, let’s take something from the material world, such that you won’t be asked the exact same thing at the real interview (at least, not at the Google interview) :)

              So, let’s design a public library system. For the paper books, like you have seen everywhere around. The whole text below was written all at once within around one hour, to roughly show you the areas that you should be able to cover / touch during the interview. Please excuse some disorder, that’s how I think (therefore I am).
              Read more →
            • Why anyone would bother to learn out-of-demand languages. A case study of the F# community

              • Translation


              We all hear of iconic movies, games, books or musical compositions that get vehemently praised by the community of sophisticados, professionals and critics, yet never seem to attract tangible commercial success or the attention of the wider audience. Such situations leave me deeply frustrated.

              When it comes to development, good tech also sometimes never gets into the limelight. Take F# for example. All I know about it is that it is a super-cool, yet totally unpopular language which makes it hard for developers – upon getting to know it – to get back to the languages they’re used to.

              I tried to find out what is the story behind this. In fact, who are the people who use it and why are they doing this if the language is out of demand in business? To find answers, I joined the Russian-speaking F# community on Telegram – our round table for the discussion.
              Read more →
            • 286 and the network

              • Translation
              Author of the original post in Russian: old_gamer

              image

              I'm a ragman. I have a closet full of old hardware. From Boolean logic microchips in DIP-cases to Voodoo5. Of course, there's no practical value in all of this, but some people enjoy messing with old hardware. If you are one of them, I invite you under the cut, where I will tell you how the computer based on AMD 286 processor worked with a modern network, and what came out of it.
              Read more →
            • Disposable pattern (Disposable Design Principle) pt.2


                SafeHandle / CriticalHandle / SafeBuffer / derived types


                I feel I’m going to open the Pandora’s box for you. Let’s talk about special types: SafeHandle, CriticalHandle and their derived types.


                This is the last thing about the pattern of a type that gives access to an unmanaged resource. But first, let’s list everything we usually get from unmanaged world:


                The first and obvious thing is handles. This may be an meaningless word for a .NET developer, but it is a very important component of the operating system world. A handle is a 32- or 64-bit number by nature. It designates an opened session of interaction with an operating system. For example, when you open a file you get a handle from the WinApi function. Then you can work with it and do Seek, Read or Write operations. Or, you may open a socket for network access. Again an operating system will pass you a handle. In .NET handles are stored as IntPtr type;


                This chapter was translated from Russian jointly by author and by professional translators. You can help us with translation from Russian or English into any other language, primarily into Chinese or German.

                Also, if you want thank us, the best way you can do that is to give us a star on github or to fork repository github/sidristij/dotnetbook.
                Read more →
              • Generating multi-brand multi-platform icons with Sketch and a Node.js script — Part #2



                  This is the second part of a post about the creation of a pipeline that can take a Sketch file and export all the icons included in the file, in different formats, for different platforms, with the possibility of AB testing each icon.

                  You can read the first part of the post here.



                  The Sketch files, with all the icons collected, styled and properly named, were ready. Now it was time to start writing the code.

                  Suffice to say, the process was very much a trial and error: after the important initial code core, developed by my team lead Nikhil Verma (who set the script foundations), I went through an incremental process that required at least three phases of refactoring and quite a few revisions. For this reason, I won’t go into too much detail on how the script was developed, but rather focus on how the script works today, in its final shape.
                  Read more →
                • Detecting Web Attacks with a Seq2Seq Autoencoder

                    image

                    Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early 1980s.

                    Nowadays, an entire attack detection industry exists. There are a number of kinds of products—such as IDS, IPS, WAF, and firewall solutions—most of which offer rule-based attack detection. The idea of using some kind of statistical anomaly detection to identify attacks in production doesn’t seem as realistic as it used to. But is that assumption justified?
                    Read more →
                  • Indexes in PostgreSQL — 1

                    • Translation

                    Introduction


                    This series of articles is largely concerned with indexes in PostgreSQL.

                    Any subject can be considered from different perspectives. We will discuss matters that should interest an application developer who uses DBMS: what indexes are available, why there are so many different types of them, and how to use them to speed up queries. The topic can probably be covered in fewer words, but in secrecy we hope for a curious developer, who is also interested in details of the internals, especially since understanding of such details allows you to not only defer to other's judgement, but also make conclusions of your own.

                    Development of new types of indexes is outside the scope. This requires knowledge of the C programming language and pertains to the expertise of a system programmer rather than an application developer. For the same reason we almost won't discuss programming interfaces, but will focus only on what matters for working with ready-to-use indexes.

                    In this article we will discuss the distribution of responsibilities between the general indexing engine related to the DBMS core and individual index access methods, which PostgreSQL enables us to add as extensions. In the next article we will discuss the interface of the access method and critical concepts such as classes and operator families. After that long but necessary introduction we will consider details of the structure and application of different types of indexes: Hash, B-tree, GiST, SP-GiST, GIN and RUM, BRIN, and Bloom.

                    Before we start, I would like to thank Elena Indrupskaya for translating the articles to English.
                    Things have changed a bit since the original publication. My comments on the current state of affairs are indicated like this.
                    Read more →
                  • Why does Dodo Pizza need 250 developers?

                    • Translation
                    In autumn, we announced we were going to expand our IT team from 49 to 250 developers. And immediately we were buried under an avalanche of questions — mostly, people were interested why a pizza chain needs so many software engineers. How did we come up with such a number? So now I want to answer that.


                    Read more →
                  • Long journey to Tox-rs. Part 1

                      Tox logo

                      Hi everyone!


                      I like Tox and respect the participants of this project and their work. In an effort to help Tox developers and users, I looked into the code and noticed potential problems that could lead to a false sense of security. Since I originally published this article in 2016 (in Russian), many improvements have been made to Tox, and I lead a team that re-wrote secure Tox software from scratch using the Rust programming language (check out Tox-rs). I DO recommend using tox in 2019. Let's take a look what actually made us rewrite Tox in Rust.


                      Original article of 2016


                      There is an unhealthy tendency to overestimate the security of E2E systems only on the basis that they are E2E. I will present objective facts supplemented with my own comments for you to draw your own conclusions.


                      Spoiler: The Tox developers agree with my points and my source code pull request was accepted.

                      Here go facts:
                    • Particle systems: a Christmas story



                        Christmas has always been one of my favourite times of the year. For me, Christmas is a season that brings so much love, laughter, happiness, and other magical things into our lives.

                        I was born and raised in Spain, more specifically in Tenerife, a sunny subtropical island in the middle of the Atlantic Ocean just off the African coast. I have to say that Christmas in Tenerife is very different to my the last two Christmases I’ve spent in London since joining Badoo.

                        One amazing plus of living in London is that I have got to see snow for the first time in my life, real snowflakes falling from the sky. Just incredible!

                        Talking of snowflakes, I have an interesting story to tell you about something that happened to me one day in the office the last Christmas.  It was right before I was heading home to Tenerife to spend a few days with my family.

                        It just so happened that last December I’d been assigned a very interesting ticket with the following description
                        Read more →
                      • Citymobil — a manual for improving availability amid business growth for startups. Part 2



                          This is a second article out of a series «Citymobil — a manual for improving availability amid business growth for startups». You can read the first part here. Let’s continue to talk about the way we managed to improve the availability of Citymobil services. In the first article, we learned how to count the lost trips. Ok, we are counting them. What now? Now that we are equipped with an understandable tool to measure the lost trips, we can move to the most interesting part — how do we decrease losses? Without slowing down our current growth! Since it seemed to us that the lion’s share of technical problems causing the trips loss had something to do with the backend, we decided to turn our attention to the backend development process first. Jumping ahead of myself, I’m going to say that we were right — the backend became the main site of the battle for the lost trips.
                          Read more →
                        • TLS 1.3 enabled, and why you should do the same



                            As we wrote in the 2018-2019 Interconnected Networks Issues and Availability Report at the beginning of this year, TLS 1.3 arrival is inevitable. Some time ago we successfully deployed the 1.3 version of the Transport Layer Security protocol. After gathering and analyzing the data, we are now ready to highlight the most exciting parts of this transition.

                            As IETF TLS Working Group Chairs wrote in the article:
                            “In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.”

                            TLS 1.3 has arrived after 10 years of development. Qrator Labs, as well as the IT industry overall, watched the development process closely from the initial draft through each of the 28 versions while a balanced and manageable protocol was maturing that we are ready to support in 2019. The support is already evident among the market, and we want to keep pace in implementing this robust, proven security protocol.

                            Eric Rescorla, the lone author of TLS 1.3 and the Firefox CTO, told The Register that:
                            “It's a drop-in replacement for TLS 1.2, uses the same keys and certificates, and clients and servers can automatically negotiate TLS 1.3 when they both support it,” he said. “There's pretty good library support already, and Chrome and Firefox both have TLS 1.3 on by default.”
                            Read more →
                          • C++ Binary Compatibility and Pain-Free Upgrades to Visual Studio 2019

                              Visual Studio 2019 pushes the boundaries of individual and team productivity. We hope that you will find these new capabilities compelling and start your upgrade to Visual Studio 2019 soon.


                              As you are considering this upgrade, rest assured that Visual Studio 2019 makes it distinctively easy to move your codebase from previous versions of Visual Studio. This post captures the reasons why your upgrade to Visual Studio 2019 will be pain-free.


                              Read more →