惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

Sophie Alpert

There are no lossless transformations of natural-language text Deconstructing “services” I don’t want AI agents controlling my laptop Materialized views are obviously useful TODOs aren’t for doing Everyone is wrong about that Slack flowchart Hire me to empower and upskill your eng team How React Changed the Web Forever: A Documentary Fast and maintainable patterns for fetching from a database React Conf: “Building a Custom React Renderer” Why review code? Metrics by proxy Yak shaving and fixing Voice React Conf: “React Today and Tomorrow” Why we host conference talk dry runs React Podcast: Inside React Type errors with inference need stacks React 16: an API-compatible rewrite Hi, I’m trans. Initializing on the main thread using dispatch_once A near-perfect oninput shim for IE 8 and 9 Using React to speed up the Khan Academy question editor What I did at Khan Academy, 2012 edition Preventing XSS attacks when embedding JSON in HTML Rolling back to an old revision in Mercurial (like git reset)
Observable programming
Sophie Alpert · 2018-02-22 · via Sophie Alpert

Excel is unusually good at allowing you to build complex programs while allowing you to see the values of every intermediate computation.

As a result, you often find people who claim to struggle with the abstract thinking that most other programming requires but who construct elaborate Excel workbooks with ease. However, Excel struggles to make the formulas themselves easily observable. (Ever tried to audit the correctness of a complex Excel sheet?) Excel formulas also fail at supporting abstraction well.

In contrast, traditional programming environments make the code you write much clearer. This property is what allows code review to be useful. But they’re usually terrible at allowing you to observe the behavior of your program when subjected to concrete values.

Our best tools are usually manual log statements and debuggers where you can step through code in one direction but which don’t facilitate the same type of observability that Excel produces without trying.

How can we build tools that give us the best of both worlds? Will they be inspired by rr (which lets you step backwards in time) and Prepack (which evaluates many branches at once) or will they be entirely different?

At work we have an interesting framework for handling data privacy. An privacy policy, which is conceptually a single function that returns a boolean value (allow or deny), is written not in conventional code but in a DSL that is an array of Allow*() or Deny*() rules.

// (not our actual privacy rules)
canLoadPostRules = [
  new AllowIfViewerIsAuthor(),
  new DenyIfAuthorIsNotVisible(),
  new DenyIfUnpublished(),
  new AlwaysAllow(),
]

This seemed clumsy to me at first, but two interesting tools have come out of it. First, we are able to use production profiling data to intelligently and automatically reorder the checks for better efficiency without changing the result (ex: if the example’s second Deny check is faster, it can be checked first). Second, we have an internal “privacy debugger” tool that lets you run a privacy policy against a particular input and see exactly how it comes to a decision, including how each subpolicy was processed. The output is rather similar to what Excel shows for every spreadsheet. The tool is specific to this rule DSL, but maybe it doesn’t have to be.

What would it look like if you could run it on any function in a codebase or use it to instrument an entire web request, seeing a complete execution trace of all the executed code?