Algorithm

Problem

Move Zeroes

Given an array nums, write a function to move all 0's to the end of it while maintaining the relative order of the non-zero elements.

Solution

var moveZeroes = function(nums) {
    let j = 0
    for (let i = 0; i < nums.length; i++) {
        if (nums[i] != 0) {
            if (i != j) {
                nums[j] = nums[i]
                nums[i] = 0
            }    
            j++
        }
    }
};

Review

Artical

Hardening Your HTTP Security Headers

Link

https://www.keycdn.com/blog/http-security-headers

Review

Seven different HTTP security headers:

1. Content Security Policy

This example below allows scripts from both the current domain (defined by 'self') as well as google-analytics.com

Content-Security-Policy: script-src 'self' https://www.google-analytics.com

2. X-XSS-Protection

The X-XSS-Protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. 

X-XSS-Protection: 1; mode=block

3. HTTP Strict Transport Security (HSTS)

The Strict-Transport-Security header is a security enhancement that restricts web browsers to access web servers solely over HTTPS.

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

4. X-Frame-Options

The X-Frame-Options header provides clickjacking protection by not allowing iframes to load on your website.

X-Frame-Options: SAMEORIGIN

5. Expect-CT

The Expect-CT header prevents misissued certificates from being used by allowing websites to report and optionally enforce Certificate Transparency requirements. 

Expect-CT: max-age=604800, enforce, report-uri="https://www.example.com/report"

6. X-Content-Type-Options

The X-Content-Type-Options header prevents Internet Explorer and Google Chrome from sniffing a response away from the declared Content-Type. 

X-Content-Type-Options: nosniff

7. Feature-Policy

The Feature-Policy header grants the ability to allow or deny browser features, whether in its own frame or content within an inline frame element (<iframe>).

Feature-Policy: autoplay 'none'; camera 'none'

How to check your HTTP security headers

1. KeyCDN's HTTP Header Checker tool

2. Chrome DevTools response headers

3. Scan your website with Security Headers https://securityheaders.com/

Taobao is in grade R; Baidu is in grade F; Google is in grade D;The website itself is A.

Tips

What do you do when you nend to exchange the value of two variables?

// Traditional approach
int a = 10;
int b = 12;
int temp;
temp = a;
a = b;
b = temp;
// here may be something new to you
int a = 10;
int b = 12;
a = a^b
b = a^b
a = a^b // now a and b have exchanged their value.
// this is because a = a^b^a;  ^ means Exclusive OR （xor）  



Share

Artical

Open Source Benefits to Innovation and Organizational Agility

Link

https://www.infoq.com/news/2019/03/open-source-benefits/

Summary

Open Source Generations

1. Generation one,  make software free to allow anybody to contribute to their improvement.

2. Generation two，think about how to commercialize open source and launched the first few commercial open source companies.

3. Generation three， they created software that enabled them to create new streaming technologies, allowing communities and companies to innovate around these.

4. Generation four, These organizations are not only consuming open source in huge quantities, but they are also contributing to open source development, while open sourcing their own projects. 

Five leading open source benefits

1. Financial benefits and secondary innovation.

2. Teams’ ability to safely experiment and fail fast.

3. Offer a better way of building software.

4. Attract and retain the best software developer talent.

5. Developers become proficient faster, reducing the number of defects in their code base.