2018.07.16 - Two-factor authentication protection for packages

Title: 2018.07.16 – Two‑Factor Authentication Protection for Packages

Industry Conferences

ICML International Conference on Machine Learning https://icml.cc/Conferences/2018 Attachments: Google At ICML 2018, DeepMind papers at ICML 2018, Facebook researchers win Test of Time award at ICML 2018

In‑Depth Reading

Postmortem for Malicious Packages Published https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes
On July 12 2018, an attacker compromised the npm account of an ESLint maintainer and published malicious versions of the eslint-scope and eslint-config-eslint packages to the npm registry. When installed, the malicious packages downloaded and executed code from pastebin.com that sent the contents of the user’s .npmrc file to the attacker. A .npmrc file typically contains access tokens for publishing to npm. Attachments: How to revoke npm tokens and clear node_modules recursively after eslint-scope hack, Incident report: npm, Inc. operations incident of July 12, 2018, ESLint backdoor: revoke all the tokens, Two‑factor authentication protection for packages.

Goodbye Microservices: From Hundreds of Problem Children to One Superstar https://segment.com/blog/goodbye-microservices/
In early 2017 we reached a tipping point with a core piece of Segment’s product. It felt like we were falling from the microservices tree, hitting every branch on the way down. Instead of enabling us to move faster, the small team found itself mired in exploding complexity. The essential benefits of this architecture turned into burdens. As our velocity plummeted, our defect rate exploded. Eventually the team could no longer make headway, with three full‑time engineers spending most of their time just keeping the system alive. Something had to change. This post tells the story of how we stepped back and adopted an approach that aligned with our product requirements and the team’s needs. Additional link: Newsround, nanoservices and serverless.

Service Mesh and the Promise of Istio https://thenewstack.io/service-mesh-and-the-promise-of-istio/
In a microservices environment, neither of the two traditional options is ideal. The application‑overlay approach is application‑aware and can perform sophisticated content‑based routing, but it leads to a lot of redundant code in each service and potentially lower performance. Conversely, relying on traditional L3 or L4 networking provides no notion of service requests, which are critical for optimal routing decisions. This is why a service mesh is so appealing for microservices—it operates at the L7 level, is separate from application code, and can enforce L3/L4 policies with app‑level insight. To understand this, we first need to dig into the architecture of a service mesh.

Thank You for Your Help NoSQL, but We Got It From Here http://blog.memsql.com/nosql/
It’s time to admit what we’ve known for a long time: NoSQL is the wrong tool for many modern application use cases, and it’s time to move on.

Insight: Video Super‑Power Series – Mastering MP4 https://techblog.toutiao.com/2018/07/09/untitled-51/
Anyone who has used video playback in HTML5 is familiar with the <video> tag, but many only use its basic features. In fact, <video> has powerful capabilities that can be unlocked with the right techniques. Below are a few scenarios that reveal the untapped potential of <video>:

• Seamless resolution switching – saves bandwidth. Additional link: How video‑speed playback is implemented on video sites.

Mobile Continuous Integration at Meituan‑Dianping https://tech.meituan.com/mci.html
MCI (Mobile Continuous Integration) is a proven architecture framework distilled from years of practice by the Meituan‑Dianping mobile team. It effectively solves the problems of complex dependencies, cumbersome development workflows, and slow build times in mobile projects. Projects that adopt the MCI framework can truly improve app quality.

Programming Life: The Fifth Year After Graduation https://mp.weixin.qq.com/s?__biz=MjM5Mjg4NDMwMA==&mid=2652975960&idx=1&sn=9539d222eae7a50ddb5ca7d42a24a28f
Every year at this time, there’s a mix of joy and sorrow, and you see countless fresh talents buzzing around. We’ve graduated, we’re earning money, and we’ve stepped onto a road of no return… Finishing one journey, starting a new one, or digging a new pit. I habitually write “reflection” pieces; they help me get back on track and point out what I need for the next stage. Additional link: Resource waste in Phodal’s front‑back separation team.

The Next Step for WeChat Mini‑Programs: NPM Support, Cloud, Visual Programming, and Sub‑packages https://mp.weixin.qq.com/s?__biz=MzUxMzcxMzE5Ng==&mid=2247489190&idx=1&sn=f10a16e2ac08c07c43cbdad76a1f2ec9
WeChat’s public‑course mini‑program technical session held in Shanghai announced the developer‑focused roadmap, covering three main areas: mini‑program capabilities & roadmap, ecosystem, and performance optimization.

JavaScript Framework Comparison with Examples (React, Vue & Hyperapp) https://hackernoon.com/javascript-framework-comparison-with-examples-react-vue-hyperapp-97f064fb468d
In my previous article I explained why I think Hyperapp is a viable alternative to React or Vue and why I found it easier to get started with. Many criticized that piece for being opinionated and not giving the other frameworks a fair chance. In this article I’ll compare the three frameworks as objectively as possible, providing minimal examples to showcase their capabilities.

Out of Depth with Flutter https://medium.com/flutter-io/out-of-depth-with-flutter-f683c29305a8
From my experience using Flutter (as a member of the Flutter team), development speed is achieved primarily through: stateful hot reload; reactive programming; composition; UI as code.

LinkedIn Lite: A Server‑Side Rendered PWA https://engineering.linkedin.com/blog/2018/07/linkedin-lite--a-server-side-rendered-pwa
A few months ago we shared details about LinkedIn Lite’s architecture, its evolution into a lightweight mobile web experience, and how it became a huge success in emerging markets. As a pure server‑side rendered web app it was fast, but it didn’t deliver a good user experience.

Evolving the MediaWiki Platform: Why We Replaced Tidy with an HTML5 Parser https://blog.wikimedia.org/2018/07/09/tidy-html5-replacement/
Three years ago the Wikimedia Foundation’s Parsing Team decided to replace Tidy—a tool for fixing HTML errors—with an HTML5‑based parser. Here’s what we did during that period and the complexities we faced while changing core pieces of the technical infrastructure that powers Wikimedia wikis.

Building a Real‑Time User Action Counting System for Ads https://medium.com/@Pinterest_Engineering/building-a-real-time-user-action-counting-system-for-ads-88a60d9c9a
The Pinterest ads team’s mission is to provide the best experience for both Pinners and advertisers. Our ads system is a real‑time… (content truncated)

---

Originally written by Ping Xia (平侠) and published in Chinese on Web技术周刊 (Web Tech Weekly). Translated and adapted for DriftSeas with permission.