开源日报 - Page 68 of 262 - Open Source Daily

开源日报第770期：《C++ 那些事》

12 5 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《C++ 那些事》
今日推荐英文原文：《Hackers sell over 73 million stolen user records on the dark web》

今日推荐开源项目：《C++ 那些事》传送门：GitHub链接
推荐理由：这是一个适合初学者从入门到进阶的仓库，解决了面试者与学习者想要深入 C++ 及如何入坑 C++ 的问题。除此之外，本仓库拓展了更加深入的源码分析，多线程并发等的知识，是一个比较全面的 C++ 学习从入门到进阶提升的仓库。
今日推荐英文原文：《Hackers sell over 73 million stolen user records on the dark web》作者：Jon Fingas
原文链接：
推荐理由：一连串的数据泄露事件使许多互联网用户感到头疼。在如今的互联网时代,我们作为使用者应当更加关注自己的信息和隐私安全.
Hackers sell over 73 million stolen user records on the dark web
A string of data breaches is causing headaches for more than a few internet users. ZDNet has learned that the hacking group ShinyHunters is selling about 73.2 million user records the attackers say were stolen from numerous sites. About 30 million come from the dating app Zoosk, while 15 million are from the printing service Chatbooks. The rest come from a variety of sites, including the Star Tribune newspaper (1 million), South Korean fashion and furniture sites (8 million total) and the Chronicle of Higher Education (3 million).

While the legitimacy of some databases couldn’t be verified, ZDNet found that samples from the breach matched real records. Researchers in the community also believed that ShinyHunters was authentic.

This appears to be part of a larger campaign. The group also claimed to have stolen 500GB from Microsoft’s private GitHub repositories, and broke into the Indonesian online store Tokopedia earlier in May. The GitHub breach didn’t include any known sensitive material, but ShinyHunters put Tokopedia’s database on sale for $5,000. Like with many breaches, this appears to have been a cash grab — what’s surprising is the scale and speed of the effort.
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第769期：《管理学 managers-playbook》

11 5 月, 2020
开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《管理学 managers-playbook》
今日推荐英文原文：《A Junior Developer Explains Code Reviews》

今日推荐开源项目：《管理学 managers-playbook》传送门：GitHub链接
推荐理由：随着经验值的积累，队员精英化成为队长是迟早的事，这个项目是一系列在管理方面需要注意的事项列表，尤其是在沟通方面，高效的沟通技巧能够更快的让团队得到所需信息，即使不处在管理层面上，有些技巧也能活用于与同事们的日常沟通中。
今日推荐英文原文：《A Junior Developer Explains Code Reviews》作者：Max Albert
原文链接：https://medium.com/better-programming/a-junior-developer-explains-code-reviews-dd47693b347e
推荐理由：读同事们的代码能够带来的好处
A Junior Developer Explains Code Reviews

Spread influence, provide value, and become a well-rounded dev by improving your code review
There’s so much more to software development than writing code. Many developers totally underestimate the importance of reviewing code.

It’s a shame because reviewing your coworkers’ code is a mission-critical responsibility. In fact, if your goal is to spread influence, provide value to the team, and become a well-rounded developer, then code reviews may be more impactful than the code you write yourself.
Code Reviews Increase Influence
No matter the company involved, when I ask my friends about tech promotions, I notice a common theme: influence. That is to say, developers become great candidates for a promotion when they gather enough influence.

The idea of influence is somewhat malleable. If I were to offer my definition, I would say it is dependent on three things:
1. How often are you weighing in on technical decisions for the team?
2. How often are your peers asking you for help?
3. How much of the production codebase have you touched?
Code reviews are a perfect excuse to get into all three.

Rather than being siloed into a niche section of the codebase, reviews allow you to weigh in on the big picture. The more of the business logic you understand, the more of a resource you can be for the team.

Code reviews allow developers to make technical decisions horizontally as well as vertically.

Writing code may earn you some credibility, but it’ll be specific and niche. Reviewing code is how to spread your knowledge far and wide.
Code Reviews Add Value to the Team
Reviews improve algorithm efficiency. Furthermore, they reduce the likelihood of dumb mistakes getting promoted to production. Reviews can standardize the coding style. They even scrutinize the business logic. The list goes on and on.

There’s a myriad of reasons why companies are invested in code reviews.

When I write an article, I have many different editors review my writing before I publish. That’s because I am only human. I have many biases and will produce mistakes no matter how much I review on my own.

My articles that receive the most editing are more thoughtful and perform the best. For similar reasons, it’s imperative that when we write code, we have editors to check our work.
Code Reviews Are a Learning Opportunity
Code reviews also afford the developer a great opportunity to learn new things.

Last month, I was roped into reviewing some React code that my coworker wrote. Though I do have some React experience, I usually program in Rx-Java. React was outside of my wheelhouse, to say the least.

After reviewing a few more React tasks, I was given the privilege of landing some React code myself. It was easy to do since I knew the codebase surrounding my task from the code reviews!

This is an extreme example, but it highlights my point very well. Code reviews are a great opportunity to get outside your comfort zone. They can teach you new avenues for accomplishing tasks.

To recap, these are the top three reasons why code reviews are tremendously important:
- Influence
- Value
- Learning
Keeping this in mind, these are my tangible tips for what junior developers can do to maximize their code review.
Tip #1: Leave Compliments on Your Coworkers’ Code
Code reviews aren’t only for critiques anymore. It’s important to compliment your coworkers’ code.

And no, compliments on code reviews are not only a nicety to your colleagues — though that is a great benefit.

Code compliments are a great way to spread your influence!

Echoing a coworker’s technical decision by stating, “I understand why the team is implementing this code in this way” makes you a resource that your team can lean on — not only the author of the code. It shows a mastery of understanding and camaraderie.

Here is what I look for when I compliment code:
- Readability — If my coworker made complex business logic easy to digest, I give them a shoutout: “Hey, this is really clean. I understood this very easily. Bravo!”
- Algorithm design — If my coworker implemented technical logic in a fast and memory-efficient solution, I will acknowledge it: “Loved how you designed this algorithm!”
- Improvement — If I notice my coworker made a mistake at first but then revised it, I will compliment them and offer my support of the new design: “I like this implementation a lot more! Well done in finding an alternative solution!”
Important note: I’ve given reviews to developers where I leave a few compliments and no critiques. I’m fine with that. It’s more preferable than granting a pull request and approval without any comments whatsoever.

Plus, if I can’t find any legitimate critiques of a developer’s code, I will not feel pressured to make up a phony critique to feel like I’m contributing. This happens often in the development world — and it’s hugely counterproductive.
Tip #2: Understand Your Team’s Objective With Code Reviews
Some teams have strict technical requirements. Thus they need developers to nitpick each other’s algorithms.

Other teams don’t have such harsh technical requirements but demanding business requirements. These developers need to focus their attention on the business logic.

Some teams have neither! Developers can instead focus on writing clean code that is future-minded.

Finally, some organizations strive to cover all three scenarios. They understand it’s expensive but feel that it’s worth it in the long run.

Whatever the case is, it’s important as a junior developer to find out the goal of code reviews for the team.

You’d be surprised by what those objectives can be. I remember the first time I found a slight optimization in a senior developer’s code.

I brought the optimization to their attention in a code review. They told me, “Yes, I thought of that as well. But the truth is, the optimization is very slight and the code is so much more readable in the current form. Since readability is our highest priority and the application has no speed requirements, I believe it’s best to leave as is. Do you agree?”

Of course, this is an extreme example, but it’s an important one. Spending development time tracing your peers’ technical implementation is expensive and possibly not worthwhile to your team.
Tip #3: Ask Questions About Your Peers’ Code
There is no shame in writing a comment like, “Hey, I would love to approve this code, but I’m having trouble understanding this section. Could you please come over and explain it to me?”

These types of comments provide three great pieces of information to a team.

For starters, these types of comments let the author know that there is a readability issue. If their peers don’t understand the implementation, that is never good. It may be bearable, but it’s not ideal.

Also, these comments can actually speed up a team’s productivity. Spending ten minutes of a developer’s time to get a teammate unstuck is usually a great trade.

In conclusion, this is a great learning opportunity for the reviewer. Often, the reviewer learns a new “trick” and it becomes common practice across the codebase. These types of interactions produce smart developers.

Code reviews are an art form. Developers often lean on their peers to review their code and are elated when they find colleagues who are exceptional at it.

During my first internship as a full-stack web developer, I was hesitant to raise my first pull request: “I’m not sure if my code is optimized enough. I want to take some more time to clean it up.”

My colleague replied, “Just raise the PR and don’t sweat it! The other developers are great resources to help find those optimizations!”

From then on, I was much more comfortable pushing code and thankful to have a great support system of teammates.
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第768期：《WeChatExtension-ForMac》

10 5 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《WeChatExtension-ForMac》
今日推荐英文原文：《4 New GitHub Products That Will Change How You Code》

今日推荐开源项目：《WeChatExtension-ForMac》传送门：GitHub链接
推荐理由：Mac版微信的功能拓展，包括不同的主题模式，消息防撤回，手机接收撤回消息，免认证登录与多开，自定义回复和AI自动撩妹，显示小程序详情，Alfred，退群监控以及微信多开兼容小程序。
今日推荐英文原文：《4 New GitHub Products That Will Change How You Code》作者：Benjamin Soyka
原文链接：https://medium.com/better-programming/4-new-github-products-that-will-change-how-you-code-27933401faa0
推荐理由：GitHub还将为我们带来什么？
4 New GitHub Products That Will Change How You Code

Exciting announcements from the first virtual GitHub Satellite event

(Photo by Caleb White on Unsplash.)
Just recently, GitHub ran its first-ever virtual GitHub Satellite event. Thousands of people tuned in for the day of live-streaming that featured a keynote, live-coded music, and more.

At the start of the day, GitHub announced a few new features coming soon to the platform, including a live web-based development environment. These new features are sure to change the way we make open-source happen in the future.

Codespaces

(Codespaces environment in a web browser — Photo from GitHub Blog.)
Setting up a development environment is often difficult, but GitHub is testing out a solution. It’s created Codespaces, which brings a full environment based on VS Code to your web browser, including most VS features and even terminal access.

You’ll even be able to start a codespace and connect to it from your favorite desktop IDE, giving more customization along with the ability to add any VS Code extensions on the web.

At the time of writing this article, Codespaces is in a limited public beta and pricing is not yet final.

Discussions

(Discussions tab on zeit/next.js — Photo from GitHub Blog.)
Previously, open-source communities were only able to communicate on GitHub through issues and pull requests. Soon, GitHub will be releasing a new feature for organizing conversations and creating a community knowledge base.

Discussions will be in your project’s repository, so they’ll be where your community already is. Discussions are already available in a few open-source communities, including zeit/next.js and twbs/bootstrap.
Code Scanning and Secret Scanning

(Code scanning demonstration — Photo from GitHub Blog.)
GitHub has made code scanning a native experience. Now, every push to your repo will be scanned for vulnerabilities using GitHub Actions. It’s free for open-source and any public project can sign up for the limited public beta.

GitHub has also expanded its secret scanning to private repositories. This feature has been available for public repos since 2018 and will now be available for private code as well.

Private Instances
GitHub will soon be offering a new, fully managed option for its enterprise clients. Its plans for Private Instances bring enhanced security and new policy features to meet each customer’s needs for compliance and security.

This product is not yet in beta but may be soon.

Conclusion
Soon enough, GitHub will release these features to the public, making open-source software development more seamless, efficient, and safe. What will the company have in store for us next?

Note: The information in this article is from this Blog post as well as the virtual event hosted on May 6, 2020.

The author is not affiliated with GitHub in any way.

下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第767期：《covid-sim》

9 5 月, 2020
开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《covid-sim》
今日推荐英文原文：《10 Things Every Good Software Development Method Does》

今日推荐开源项目：《covid-sim》传送门：GitHub链接
推荐理由：这是由位于伦敦帝国理工学院的 MRC 全球新型冠状病毒肺炎传染病分析中心开发的 CovidSim 微观仿真模型。随着时间的推移，CovidSim 模拟了新型冠状病毒肺炎感染在整个空间和社会结构人群中的传播动态和严重程度。它能够模拟干预政策和医疗保健提供如何影响新型冠状病毒肺炎的传播。随着参数的变化，它可以用来模拟其他呼吸道病毒，如流感病毒。
今日推荐英文原文：《10 Things Every Good Software Development Method Does 》原文链接：https://codemanship.wordpress.com/2020/05/04/10-things-every-software-developer-should-know/
推荐理由：作者做程序员已经有40年了——其中3年是专业的——在过去的25年里，作者一直热衷于“软件开发”。以下作者认为的每个软件开发者都应该知道的10件事:
10 Things Every Good Software Development Method Does
I’ve been a programmer for the best part of four decades – three of them professionally – and, for the last 25 years, a keen student of this thing we call “software development”. I’ve studied and applied a range of software development methods, principles, and techniques over those years. While, on the surface, Fusion may look different to the Unified Process, which may look different to Extreme Programming, which may look different to DSDM, which may look different to Cleanroom Software Engineering, when you look under the hood of these approaches, they actually have some fundamental things in common.

Here are the 10 things every software developer should know:
1. Design starts with end users and their goals – be it with use cases, or with user stories, or with the “features” of Feature-Driven Development, the best development approaches drive their solution designs by first asking: Who will be using this software, and what will they be using it to do?
2. Designs grow one usage scenario at a time – scenarios or examples drive the best solution designs, and those designs are fleshed out one scenario at a time to satisfy the user’s goal in “happy paths” (or to recover gracefully from not satisfying the user’s goal, which we call “edge cases”). Developers who try to consider multiple scenarios simultaneously tend to bite off more than they can chew.
3. Solutions are delivered one scenario at a time – teams who deliver working software in end-to-end slices of functionality (e.g., the UI, business logic and database required to do a thing the user requires) tend to fare better than teams who deliver horizontal slices across their architecture (the UI components for all scenarios, and then the business logic, and then the database code). This is ffor two key reasons. Firstly, they can get user feedback from working features sooner, which speeds up the learning process. Secondly, if they only manage to deliver 75% of the software before a release date, they will have delivered 75% of end-to-end working features, instead of 75% of the layers of all features. We call this incremental delivery.
4. Solutions evolve based on user feedback from increments – the other key ingredient in the way we deliver working software is how we learn from the feedback we get from end users in each increment of the software. With the finest requirements and design processes – and the best will in the world – we can’t expect to get it right first time. Maybe our solution doesn’t give them what they wanted. Maybe what they wanted turns out to be not what they really needed. The only way to find out for sure is to deliver what they asked for and let them take it for a spin. And then the feedback starts flooding in. The best approaches accept that feedback is not just unavoidable, it’s very desirable, and teams seek it out as often as possible.
5. Plans change – if we can’t know whether we’re delivering the right software for sure until we’ve delivered it, then our approach to planning must be highly adaptable. Although the wasteland of real-world software development is littered with the bleached bones of “waterfall” projects that attempted to get it right first time (and inevitably failed), the idealised world of software development methods rejected that idea many decades ago. All serious methods are iterative, and all serious methods tell us that the plan will necessarily change. It’s management who resist change, not methods.
6. Code changes – if plans change based on what we learn from end users, then it stands to reason that our code must also change to accommodate their feedback. This is the sticking point on many “agile” development teams. Their management processes may allow for the plan to change, but their technical practices (or the lack of them) may mean that changing the code is difficult, expensive and risky. There are a range of factors in the cost of changing software, but in the wider perspective, it essentially boils down to “How long will it take to deliver the next working iteration to end users?” If the answer is “months”, then change is going to be slow and the users’ feedback will be backed up like the LA freeway on a Monday morning. If it’s “minutes” then you can iterate very rapidly and learn your way to getting it right much faster. Delivery cycles are fundamental. They’re the metabolism of software development.
7. Testing is fast and continuous – if the delivery cycle of the team is its metabolism, then testing is its thyroid. How long it takes to establish if our software’s broken will determine how fast our delivery cycle’ can be (if the goal is to avoid delivering broken software, of course.) If you aspire to a delivery cycle of minutes, then that leaves minutes to re-test your software. If all your testing’s done manually, then a modestly complex system will likely take weeks to re-test. And it’s a double whammy. Studies show that the longer a bug goes undetected, the exponentially greater it costs to fix it. If I break some code now and find out a minute from now, it’s a trifle to fix it. If I find out 6 weeks from now, it’s a whole other ball game. Teams who leave testing late typically end up spending most of their time fixing bugs instead of delivering valuable features and changes. All of this can profoundly impact delivery cycles and the cost of adapting to user feedback. Testing early and often is a feature of all serious methods. Automating our tests so they run fast is a feature of all the best methods.
8. All work is undo-able – If we accept that its completely unrealistic to expect to get things right first time, then we must also accept that all the work we do is essentially an experiment from which we must learn. Sometimes, what we’ll learn is that what we’ve done is simply no good, and we need to do over. Software Configuration Management (of which version control is the central pillar) is a key component of all serious software development methods. A practice like Continuous Integration, done right, can bring us high levels of undo-ability, which massively reduces risk in what is a pretty risky endeavour. To use an analogy, think of software development as a multi-level computer game. Experienced gamers know to back up their place in the game frequently, so they don’t have to replay huge parts of it after a boo-boo. Same thing with version control and SCM. We don’t want our versions to be too far apart, or we’ll end up in a situation where we have to redo weeks or months of work because we took a wrong turn in the maze.
9. Architecture is a process (not a person or a thing) – The best development methods treat software architecture and design as an ongoing activity that involves all stakeholders and is never finished. Good architectures are driven directly from user goals, ensuring that those goals are satisfied by the design above all else (e.g., use case realisations in the Unified Process), and applying organising principles – Simple Design, “Tell, Don’t Ask”, SOLID etc – to the internals of the solution design to ensure the code will be malleable enough to change to meet future needs. As an activity, architecture encompasses everything from the goals and tasks of end users, to the modular structure of the solution, to the everyday refactorings that are performed against code that falls short, the test suites that guard against regressions, the documentation that ships with the end product, and everything else which is informed by the design process. Since architecture is all-encompassing, all serious development methods mandate that it be a shared responsibility. The best methods strongly encourage a high level of architectural awareness within the team through continuous visualisation and review of the design. To some extent, everyone involved is defining the architecture. It is ever-changing and everyone’s responsibility.
10. “Done” means we achieved the customer’s end goal – All of our work is for nothing if we don’t solve the problem we set out to solve. Too many teams are short-sighted when it comes to evaluating their success, considering only that a list of requested features was delivered, or that a product vision was realised. But all that tells us is that we administered the medicine. It doesn’t tell us if the medicine worked. If iterative development is a search algorithm, then it’s a goal-seeking search algorithm. One generation of working software at a time, we ask our end users to test the solution as a fit to their problem, learn what worked and what didn’t, and then go around again with an improved solution. We’re not “done” until the problem’s been solved. While many teams pay lip service to business goals or a business context, it’s often more as an exercise in arse-covering – “We need a business case to justify this £10,000,000 CRM system we’ve decided to build anyway!” – than the ultimate driver of the whole development process. Any approach that makes defining the end goal a part of the development process has put the cart before the horse. If we don’t have an end goal – a problem to be solved – then development shouldn’t begin. But all iterative development methods – and they’re all iterative to some degree – can be augmented with an outer feedback loop that considers business goals and tests working software in business situations, driving everything from there.
As a methodologist, I could spin you up an infinite number of software development methods with names like Goal-Oriented Object Delivery, or Customer Requirement Architectural Process. And, on the surface, I could make them all look quite different. But scratch the surface, and they’d all be fundamentally the same, in much the same way that programming languages – when you look past their syntax – tend to embrace the same underlying computing concepts.

下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/