读修改软件的艺术

Posted on Fri 17 July 2020 in Journal

书摘

随手翻翻,不乏真知灼见,不过毕竟知易行难,说起来容易,做起来难呀

修改软件的艺术 - david scott bernstein

产品负责人的7个策略

  1. 成为特定领域专家
  2. 在开发过程中探索
  3. 帮助开发者理解为什么和为了谁
  4. 描述你想要什么,而不是怎么做
  5. 及时回答问题
  6. 消除依赖
  7. 支持重构

提高代码质量的7个策略

  1. 明确代码质量的定义
  2. 对基本的实践达成一致
  3. 放弃完美主义
  4. 理解取舍
  5. 用“什么”来隐藏“怎么”
  6. 良好的命名
  7. 保持代码的可测试性

编写可维护代码的7个策略

  1. 代码集体所有权
  2. 积极重构
  3. 坚持结对编程
  4. 频繁的代码审查
  5. 学习其他开发者的风格
  6. 不断学习软件开发
  7. 读代码,写代码,练习编码

OWASP 十大漏洞

Open Web Application Security Project 开放式 Web 应用安全项目组总结的如下十大安全漏洞

  1. 注入
  2. 失效的身份验证和会话管理
  3. 跨站脚本攻击
  4. 失效的访问控制
  5. 安全配置出现失误
  6. 敏感数据泄漏
  7. 防范攻击不足
  8. CSRF
  9. 使用含有已知漏洞的组件
  10. API 保护不足

Metrics tools

  • cAdvisor

cAdvisor is a metrics collection agent developed at Google that has native support for Docker containers but should also work well with other types of container runtimes. It gathers metrics about resource utilization, resource isolation, historical utilization, and more, both at the container level and the system level. It exposes both a remote REST API endpoint for examining metrics, as well as a built in WebUI for visualizing collected data. Many other metrics collection systems make use of cAdvisor as an underlying technology to gather metrics.

  • Heapster

Heapster is a performance monitoring and metrics collection system compatible with Kubernetes versions 1.0.6 and above. It allows for the collection of not only performance metrics about your workloads, pods, and containers, but also events and other signals generated by your cluster. The great thing about Heapster is that it is fully open source as part of the Kubernetes project, and supports a multitude of backends for persisting the data, including but not limited to, Influxdb, Elasticsearch, and Graphite.

  • Prometheus

Prometheus is an open source metrics collection system originally developed at Soundcloud, and more recently inducted into the CNCF. Prometheus is powerful thanks to its data model, rich set of client libraries, and its ability to create alerts based off of metrics. Prometheus comes standard with it’s own dashboard which is available for running ad-hoc queries or quick debugging, but the best experience will be had when using an integration with visualization backends such as Grafana. Support for bridging in data from other 3rd party tools such as HaProxy, StatsD, or system level metrics allows for Prometheus to act as a centralized hub for all of your metrics data collection.

  • InfluxData TICK Stack

InfluxData is a company that has developed tools specifically designed for metrics collection, aggregation, and visualization. Their product known as the TICK-Stack is based on an open source core made up of 4 distinct projects, Telegraf, InfuxDB, Chronograf, and Kapacitor. Those components are responsible for collecting metrics and events from your cluster, storing them, visualizing, and creating custom logic around alerting. Like Prometheus, alerts and visualizations are the core competency of this platform, and it does so in a very performant way. The only downside is that in order to have high availability of the InfluxDB storage engine, users must pay for InfluxData Enterprise, or InfluxCloud, their hosted solution.

  • StatsD

StatsD is a standard and, by extension, a set of tools that can be used to send, collect, and aggregate custom metrics from any application. Originally, StatsD referred to a daemon written by Etsy in Node.js. Today, the term StatsD refers to both the protocol used in the original daemon, as well as a collection of software and services that implement this protocol.

A StatsD system requires three components: a client, a server and a backend. The client is a library that is invoked within your application code to send metrics. These metrics are collected by the StatsD server (sometimes also called the daemon). The server aggregates these metrics, then sends the aggregates to one or more backends at regular intervals. Backends perform various tasks with your data — for example, Graphite is a commonly used backend that allows you to view real-time graphs of your metrics. StatsD components are modular, so different implementations can be added, removed or replaced without affecting the rest of the system.

English

  • Companies can pay for the cost of day care at a nursery

nursery 英 [ˈnɜːsəri] 美 [ˈnɜːrsəri] n. 苗圃;托儿所;温床

  • Having strong employee morale can boost productivity

morale 英 [məˈrɑːl] 美 [məˈræl] n. 士气,斗志

  • A business strategy defines how a company will achieve its goals

  • A employee can use their housing fund to pay back their mortgage

mortgage 英 [ˈmɔːɡɪdʒ] 美 [ˈmɔːrɡɪdʒ]

n. 抵押;抵押贷款额 v. 抵押;以某人的前途作代价

  • Employees often use paid leave when they go on vacation

journal blog

Previous Post Next Post

You might enjoy