惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Attack and Defense Labs
Attack and Defense Labs
O
OpenAI News
AI
AI
Cloudbric
Cloudbric
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Heimdal Security Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Threat Research - Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
腾讯CDC
S
SegmentFault 最新的问题
宝玉的分享
宝玉的分享
Cyberwarzone
Cyberwarzone
博客园 - 【当耐特】
TaoSecurity Blog
TaoSecurity Blog
The Cloudflare Blog
V
Visual Studio Blog
Forbes - Security
Forbes - Security
Apple Machine Learning Research
Apple Machine Learning Research
Spread Privacy
Spread Privacy
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
The Last Watchdog
The Last Watchdog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园_首页
Cisco Talos Blog
Cisco Talos Blog
Security Latest
Security Latest
量子位
W
WeLiveSecurity
V
V2EX
L
Lohrmann on Cybersecurity
S
Security @ Cisco Blogs
小众软件
小众软件
The Hacker News
The Hacker News
阮一峰的网络日志
阮一峰的网络日志
H
Hacker News: Front Page
博客园 - 聂微东
T
Troy Hunt's Blog
S
Schneier on Security
有赞技术团队
有赞技术团队
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
Webroot Blog
Webroot Blog
P
Privacy International News Feed
Jina AI
Jina AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

Sophie Alpert

There are no lossless transformations of natural-language text Deconstructing “services” I don’t want AI agents controlling my laptop Materialized views are obviously useful TODOs aren’t for doing Everyone is wrong about that Slack flowchart Hire me to empower and upskill your eng team How React Changed the Web Forever: A Documentary Fast and maintainable patterns for fetching from a database React Conf: “Building a Custom React Renderer” Why review code? Metrics by proxy Yak shaving and fixing Voice React Conf: “React Today and Tomorrow” Why we host conference talk dry runs React Podcast: Inside React Type errors with inference need stacks React 16: an API-compatible rewrite Hi, I’m trans. Initializing on the main thread using dispatch_once A near-perfect oninput shim for IE 8 and 9 Using React to speed up the Khan Academy question editor What I did at Khan Academy, 2012 edition Preventing XSS attacks when embedding JSON in HTML Rolling back to an old revision in Mercurial (like git reset)
Observable programming
Sophie Alpert · 2018-02-22 · via Sophie Alpert

Excel is unusually good at allowing you to build complex programs while allowing you to see the values of every intermediate computation.

As a result, you often find people who claim to struggle with the abstract thinking that most other programming requires but who construct elaborate Excel workbooks with ease. However, Excel struggles to make the formulas themselves easily observable. (Ever tried to audit the correctness of a complex Excel sheet?) Excel formulas also fail at supporting abstraction well.

In contrast, traditional programming environments make the code you write much clearer. This property is what allows code review to be useful. But they’re usually terrible at allowing you to observe the behavior of your program when subjected to concrete values.

Our best tools are usually manual log statements and debuggers where you can step through code in one direction but which don’t facilitate the same type of observability that Excel produces without trying.

How can we build tools that give us the best of both worlds? Will they be inspired by rr (which lets you step backwards in time) and Prepack (which evaluates many branches at once) or will they be entirely different?

At work we have an interesting framework for handling data privacy. An privacy policy, which is conceptually a single function that returns a boolean value (allow or deny), is written not in conventional code but in a DSL that is an array of Allow*() or Deny*() rules.

// (not our actual privacy rules)
canLoadPostRules = [
  new AllowIfViewerIsAuthor(),
  new DenyIfAuthorIsNotVisible(),
  new DenyIfUnpublished(),
  new AlwaysAllow(),
]

This seemed clumsy to me at first, but two interesting tools have come out of it. First, we are able to use production profiling data to intelligently and automatically reorder the checks for better efficiency without changing the result (ex: if the example’s second Deny check is faster, it can be checked first). Second, we have an internal “privacy debugger” tool that lets you run a privacy policy against a particular input and see exactly how it comes to a decision, including how each subpolicy was processed. The output is rather similar to what Excel shows for every spreadsheet. The tool is specific to this rule DSL, but maybe it doesn’t have to be.

What would it look like if you could run it on any function in a codebase or use it to instrument an entire web request, seeing a complete execution trace of all the executed code?