[Weekly Drip 064.1] Vue Native Launches, Intro to Data Structures, Adopting Elixir, and unsecure bluetooth padlocks

News

image alt text

Vue released Vue Native. Key features are declarative rendering, two-way binding, and it compiles to React Native. Get started with the the documentation or look at the code.

image alt text

Adrian Mejia has created a series that focuses on Data Structures for Beginners. The most recent post focuses on graphs. From graph basics to more advanced topics like ‘Breadth-first search’ and space complexity, this 9-part post covers it all. Also, look at the previous post in series, which focuses on arrays, hash maps, and lists.

React Native is working on a massive rewrite. With a goal of making React Native more light weight, the React Native team plans to incorporate async rendering, simplify direct calls between native and JavaScript and change the threading model.

Ben Marx, José Valim and Bruce Tate released a new book called ‘Adopting Elixir’, which is all about the Elixir adoption life-cycle. Read the intro for free, or just buy it because is José Valim awesome. If you need to be convinced to adopt Elixir in the first place, read Cees de Groot’s post on Elixir at PagerDuty, detailing how they decided to adopt Elixir for things they previously used Scala for.

image alt text

The MacBook Pro was once known as the best laptop for developers. However, times have changed. It started with the controversial touchbar, which many now call a failure. Followed by keyboard buttons not working and no escape key. Also, the specs are just not that much of an upgrade from previous MacBook Pros. It’s great that Apple is selling all of these phones, but maybe they should build a decent laptop so developers will continue to use their platform. Charlee Li has gone as far to say ‘Developers Should NOT use MacBook Pro’, and after he has used Linux for a year it has satisfied his daily needs. If you’re interested in Linux alternatives, check out System76, or the Dell XPS 13. [Not an advert, we’re just sick of Apple’s crap.]

image alt text

Fotis Gimian has an issue with packaging, verbosity and implicit private class members in Python. While searching for a Python alternative, Fotis has fallen in love with Crystal. His reasons: 1. Crystal is Fast 2. Real protected and private members 3. Fully native bindings to the C library. Read Fotis’s experiences with the Standard Library, Exception Handling, and a side by side comparison of Crystal, Python, C, C++ and Go. Also, Crystal released version 0.25 this week.

image alt text

David Clements gave a rundown on the best tools and techniques to make Node.js fast. David argues using performance tools like flamegraphs can help optimize your Node.js apps, and just because a JavaScript tool works for the browser that doesn’t mean it is the best tool for Node.

Apple introduced a new feature to developers in iOS 12 that allows users to report unwanted calls (and text) as spam. Developers will now be able to monitor incoming calls and build anti spam platforms for iOS. Users will be able to swipe left on items they would like to report and mark them as spam. Read Chance Miller’s write up for more information.

image alt text

Twitter’s machine learning team, Cortex, has migrated to TensorFlow. In their post, Twitter meets Tensorflow, they explain in detail their machine learning modeling workflow. They moved to TensorFlow from Lua Torch because TensorFlow had much better support for serving models in production. The post includes many screenshots of their internal tooling around their ML models as well.

image alt text

USA didn’t make it to the world cup, but GraphQL did. Sara Vieira published a GraphQL endpoint and its code that allows you to pull world cup data and do whatevs with it. The DailyDrip team is pulling for Brazil in all their ~soccer~ futebol matches.

image alt text

James Chambers has spent a year reverse engineering Animal Crossing for GameCube and shares what he learned and how he learned it (slides). The bulk of the post outlines how to turn on zurumode, which can output a host of debugging information. By reverse engineering the ROM, he identified a heretofore-unknown cheat code that will enable this mode. He’s doing all of this work in an effort to enable modding the game. If you’re interested in ROM hacking or reverse engineering, this is highly valuable.

image alt text

The Tapplock Smartlock was found to be broadcasting the key needed to unlock it. Andrew Tierney on Pen Test Partners explores how he found the exploit, and talks through security testing process in an included youtube video. It’s a good read and funny watch, and exposes methods of thinking about security that many developers aren’t regularly exposed to. tl;dr your lock’s key probably shouldn’t just be a portion of its public Bluetooth Low Energy mac address that it transmits in the clear.

image alt text

GnuPG, Enigmail, GPGTools and potentially other applications using GnuPG can be attacked with in-band signaling. Marcus Brinkman writes a post detailing a new vulnerability he discovered, CVE-2018-12020, which enables remote attackers to spoof arbitrary signatures via GPG. He outlines quite a few potential attack methods - one of which uses ANSI terminal escape sequences to produce a message that is visibly virtually identical to a true signed message.

While not strictly a development story, the SEC announces cryptocurrency Ether is not a security. This decision will have a massive impact on the crypto development space, and US investment in the sector will probably go up. Sounds like a good time to pick up some blockchain development skills.