《故都的秋》郁达夫

秋天,无论在什么地方的秋天,总是好的;可是啊,北国的秋,却特别地来得清,来得静,来得悲凉。我的不远千里,要从杭州赶上青岛,更要从青岛赶上北平来的理由,也不过想饱尝一尝这“秋”,这故都的秋味。

  江南,秋当然也是有的;但草木雕得慢,空气来得润,天的颜色显得淡,并且又时常多雨而少风;一个人夹在苏州上海杭州,或厦门香港广州的市民中间,浑浑沌沌地过去,只能感到一点点清凉,秋的味,秋的色,秋的意境与姿态,总看不饱,尝不透,赏玩不到十足。秋并不是名花,也并不是美酒,那一种半开,半醉的状态,在领略秋的过程上,是不合适的。
  不逢北国之秋,已将近十余年了。在南方每年到了秋天,总要想起陶然亭的芦花,钓鱼台的柳影,西山的虫唱,玉泉的夜月,潭柘寺的钟声。在北平即使不出门去罢,就是在皇城人海之中,租人家一椽破屋来住着,早晨起来,泡一碗浓茶、向院子一坐,你也能看得到很高很高的碧绿的天色,听得到青天下驯鸽的飞声。从槐树叶底,朝东细数着一丝一丝漏下来的日光,或在破壁腰中,静对着象喇叭似的牵牛花(朝荣)的蓝朵,自然而然地也能够感觉到十分的秋意。说到了牵牛花,我以为以蓝色或白色者为佳,紫黑色次之,淡红色最下。最好,还要在牵牛花底,教长着几根疏疏落落的尖细且长的秋草,使作陪衬。
  北国的槐树,也是一种能使人联想起秋来的点缀。象花而又不是花的那一种落蕊,早晨起来,会铺得满地。脚踏上去,声音也没有,气味也没有,只能感出一点点极微细极柔软的触觉。扫街的在树影下一阵扫后,灰土上留下来的一条条扫帚的丝纹,看起来既觉得细腻,又觉得清闲,潜意识下并且还觉得有点儿落寞,古人所说的梧桐一叶而天下知秋的遥想,大约也就在这些深沈的地方。
  秋蝉的衰弱的残声,更是北国的特产;因为北平处处全长着树,屋子又低,所以无论在什么地方,都听得见它们的啼唱。在南方是非要上郊外或山上去才听得到的。这秋蝉的嘶叫,在北平可和蟋蟀耗子一样,简直象是家家户户都养在家里的家虫。
  还有秋雨哩,北方的秋雨,也似乎比南方的下得奇,下得有味,下得更象样。
  在灰沈沈的天底下,忽而来一阵凉风,便息列索落地下起雨来了。一层雨过,云渐渐地卷向了西去,天又青了,太阳又露出脸来了;著着很厚的青布单衣或夹袄曲都市闲人,咬着烟管,在雨后的斜桥影里,上桥头树底下去一立,遇见熟人,便会用了缓慢悠闲的声调,微叹着互答着的说:
  “唉,天可真凉了─—”(这了字念得很高,拖得很长。)
  “可不是么?一层秋雨一层凉了!”
  北方人念阵字,总老象是层字,平平仄仄起来,这念错的歧韵,倒来得正好。
  北方的果树,到秋来,也是一种奇景。第一是枣子树;屋角,墙头,茅房边上,灶房门口,它都会一株株地长大起来。象橄榄又象鸽蛋似的这枣子颗儿,在小椭圆形的细叶中间,显出淡绿微黄的颜色的时候,正是秋的全盛时期;等枣树叶落,枣子红完,西北风就要起来了,北方便是尘沙灰土的世界,只有这枣子、柿子、葡萄,成熟到八九分的七八月之交,是北国的清秋的佳日,是一年之中最好也没有的Golden Days。
  有些批评家说,中国的文人学士,尤其是诗人,都带着很浓厚的颓废色彩,所以中国的诗文里,颂赞秋的文字特别的多。但外国的诗人,又何尝不然?我虽则外国诗文念得不多,也不想开出账来,做一篇秋的诗歌散文钞,但你若去一翻英德法意等诗人的集子,或各国的诗文的An-thology 来,总能够看到许多关于秋的歌颂与悲啼。各著名的大诗人的长篇田园诗或四季诗里,也总以关于秋的部分。写得最出色而最有味。足见有感觉的动物,有情趣的人类,对于秋,总是一样的能特别引起深沈,幽远,严厉,萧索的感触来的。不单是诗人,就是被关闭在牢狱里的囚犯,到了秋天,我想也一定会感到一种不能自己的深情;秋之于人,何尝有国别,更何尝有人种阶级的区别呢?不过在中国,文字里有一个“秋士”的成语,读本里又有着很普遍的欧阳子的《秋声》与苏东坡的《赤壁赋》等,就觉得中国的文人,与秋的关系特别深了。可是这秋的深味,尤其是中国的秋的深味,非要在北方,才感受得到底。
  南国之秋,当然是也有它的特异的地方的,比如廿四桥的明月,钱塘江的秋潮,普陀山的凉雾,荔枝湾的残荷等等,可是色彩不浓,回味不永。比起北国的秋来,正象是黄酒之与白干,稀饭之与馍馍,鲈鱼之与大蟹,黄犬之与骆驼。
  秋天,这北国的秋天,若留得住的话,我愿把寿命的三分之二折去,换得一个三分之一的零头。

ES6 中的生成器函数

Syntax

function* name([param[, param[, ... param]]]) {
   statements
}

Simple example

function* idMaker() {
  var index = 0;
  while (index < 3)
    yield index++;
}

var gen = idMaker();

console.log(gen.next().value); // 0
console.log(gen.next().value); // 1
console.log(gen.next().value); // 2
console.log(gen.next().value); // undefined
// ...

Example with yield*

function* anotherGenerator(i) {
  yield i + 1;
  yield i + 2;
  yield i + 3;
}

function* generator(i) {
  yield i;
  yield* anotherGenerator(i);
  yield i + 10;
}

var gen = generator(10);

console.log(gen.next().value); // 10
console.log(gen.next().value); // 11
console.log(gen.next().value); // 12
console.log(gen.next().value); // 13
console.log(gen.next().value); // 20

Passing arguments into Generators

function* logGenerator() {
  console.log(yield);
  console.log(yield);
  console.log(yield);
}

var gen = logGenerator();

// the first call of next executes from the start of the function
// until the first yield statement
gen.next(); 
gen.next('pretzel'); // pretzel
gen.next('california'); // california
gen.next('mayonnaise'); // mayonnaise

Return statement in a generator

function* yieldAndReturn() {
  yield "Y";
  return "R";
  yield "unreachable";
}

var gen = yieldAndReturn()
console.log(gen.next()); // { value: "Y", done: false }
console.log(gen.next()); // { value: "R", done: true }
console.log(gen.next()); // { value: undefined, done: true }

Generators are not constructable

function* f() {}
var obj = new f; // throws "TypeError: f is not a constructor"

最后谈一次 JavaScript 异步编程

Elasticsearch 自动重启脚本

#!/bin/bash
cd `dirname $0`
BIN_DIR=`pwd`
export JAVA_HOME=/home/elastic/jdk1.8.0_121
# 获取es进程ID
ES_ID=`ps -ef |grep elasticsearch |grep -w 'elasticsearch-master'|grep -v 'grep'|awk '{print $2}'`
#启动脚本目录
StartES=/root/software/elasticsearch-5.2.2/bin/elasticsearch
# 日志输出
ESMonitorLog=$BIN_DIR/es-master-monitor.log

Monitor()
{
  if [[ $ES_ID ]];then # 这里判断ES进程是否存在
    echo "[info]当前ES进程ID为:$ES_ID"
  else
    echo "[error]ES进程不存在!ES开始自动重启..."
    sh $StartES -d
  fi
}

Monitor>>$ESMonitorLog

cron

*/1 * * * * /bin/sh /home/elastic/es_monitores_monitor.sh

再谈React-Native With Redux [转载]

原文

redux三大原则

首先,我们明确一点:redux的核心思想就是FLux架构,单向数据流。

单一数据源

在redux中,所有的state最后都会被combine起来,变为一个大的state树,这个state树只存在于唯一的一个store中。这么做的好处是开发和调试都变得很方便,也很好理解。

state只读

改变state唯一的办法就是通过触发action,别无他法。这么做非常纯粹,确保没其他副作用,state不会被任意修改。

纯函数修改state

想要修改state,在action被触发之后,需要编写reducer来进行修改,reducer只是一些纯函数,它会接受到action和state,返回全新的state。
继续阅读“再谈React-Native With Redux [转载]”

Redux Example



react-pxq

import React, { Component } from 'react'
import PropTypes from 'prop-types'
import ReactDOM from 'react-dom'
import { createStore } from 'redux'
import { Provider, connect } from 'react-redux'

// React component
class Counter extends Component {
  render() {
    const { value, onIncreaseClick } = this.props
    return (
      <div>
        <span>{value}</span>
        <button onClick={onIncreaseClick}>Increase</button>
      </div>
    )
  }
}

Counter.propTypes = {
  value: PropTypes.number.isRequired,
  onIncreaseClick: PropTypes.func.isRequired
}

// Action
const increaseAction = { type: 'increase' }

// Reducer
function counter(state = { count: 0 }, action) {
  const count = state.count
  switch (action.type) {
    case 'increase':
      return { count: count + 1 }
    default:
      return state
  }
}

// Store
const store = createStore(counter)

// Map Redux state to component props
function mapStateToProps(state) {
  return {
    value: state.count
  }
}

// Map Redux actions to component props
function mapDispatchToProps(dispatch) {
  return {
    onIncreaseClick: () => dispatch(increaseAction)
  }
}

// Connected Component
const App = connect(
  mapStateToProps,
  mapDispatchToProps
)(Counter)

ReactDOM.render(
  <Provider store={store}>
    <App />
  </Provider>,
  document.getElementById('root')
)

React Native Proguard Rules

# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in /usr/local/Cellar/android-sdk/24.3.3/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
#   public *;
#}

# Disabling obfuscation is useful if you collect stack traces from production crashes
# (unless you are using a system that supports de-obfuscate the stack traces).
-dontobfuscate

# React Native

# Keep our interfaces so they can be used by other ProGuard rules.
# See http://sourceforge.net/p/proguard/bugs/466/
-keep,allowobfuscation @interface com.facebook.proguard.annotations.DoNotStrip
-keep,allowobfuscation @interface com.facebook.proguard.annotations.KeepGettersAndSetters

# Do not strip any method/class that is annotated with @DoNotStrip
-keep @com.facebook.proguard.annotations.DoNotStrip class *
-keepclassmembers class * {
    @com.facebook.proguard.annotations.DoNotStrip *;
}

-keepclassmembers @com.facebook.proguard.annotations.KeepGettersAndSetters class * {
  void set*(***);
  *** get*();
}

-keep class * extends com.facebook.react.bridge.JavaScriptModule { *; }
-keep class * extends com.facebook.react.bridge.NativeModule { *; }
-keepclassmembers,includedescriptorclasses class * { native <methods>; }
-keepclassmembers class *  { @com.facebook.react.uimanager.UIProp <fields>; }
-keepclassmembers class *  { @com.facebook.react.uimanager.annotations.ReactProp <methods>; }
-keepclassmembers class *  { @com.facebook.react.uimanager.annotations.ReactPropGroup <methods>; }

-dontwarn com.facebook.react.**

# okhttp

-keepattributes Signature
-keepattributes *Annotation*
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**

# okio

-keep class sun.misc.Unsafe { *; }
-dontwarn java.nio.file.*
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
-dontwarn okio.**

jQuery data binding library or plugin recommendation

原文

look into rivets.js.

rivets is a Lightweight (3.4kb minified and gzipped) and powerful data binding and templating library.

Rivets.js is completely agnostic about your model / controller layer and works well with existing libraries that employ an event-driven model such as Backbone.js and Stapes.js. It ships with a built-in adapter for subscribing to plain JS objects using ES5 natives, however this can be replaced with a Watch.JS adapter or an Object.observe adapter.

Some of the features you get out-of-the-box with Rivets.js:

  • Bi-directional data binding to and from DOM nodes.
  • Computed properties through dependency mapping.
  • Formatters to allow mutating values through piping.
  • Iteration binding for binding items in an array.
  • Custom event handlers to fit your ideal workflow.
  • Uniform APIs for easily extending any of the core concepts.

Rivets uses DOM-based templating system:

Instead of parsing and compiling template strings into HTML, Rivets.js wires up your models directly to existing parts of DOM that contain binding declarations and control flow instructions directly on the DOM nodes. You just pass in your models when binding to the parent DOM node and Rivets.js takes care of the rest.

In short, for example assume you want to display the data in a product object like:

var productInfo= {
 name: "test",
 price: 1000
}

in following HTML:

<ul id="product">
  <li>Name</li>
  <li>Price</li>
</ul>

Your can bind the data using rivets like:

rivets.bind($('#product'), {
  product: productInfo // product will be the alias name inside HTML template
});

And the corresponding rivets template will be:

<ul id="product">
  <li rv-text="product.name"></li>
  <li v-text="product.price"></li>
</ul>

or more semantically:

<ul id="product">
  <li data-rv-text="product.name"></li>
  <li data-rv-text="product.price"></li>
</ul>

The rivets.bind method accepts the template element, the model data, as well as any options you wish to override from the main rivets object (optional)


Or if you are binding an array of product objects:

rivets.bind($('#product'), {
  product: ProductArray // where productArray is an array of products
});

You can use iteration bindings using rv-each like:

<ul class="products" data-rv-each-product="products">
  <li data-rv-text="product.name"></li>
  <li data-rv-text="product.price"></li>
</ul>

rivets will create n number of lists according to the items in array.

There are many more cool features which you can find in the guide.

生于忧患,死于安乐

舜发于畎亩之中,傅说举于版筑之间,胶鬲举 于鱼盐之中,管夷吾举于土,孙叔敖举于海,百里奚举于市。

故天将降大任于是人也,必先苦其心志,劳其筋骨,饿其体肤,空乏其身, 行拂乱其所为,所以动心忍性,曾益其所不能。

人恒过, 然后能改;困于心,衡于虑,而后作;征于色,发于声,而后喻。入则无法家拂士,出则无敌国外患者,国恒亡。

然后知生于忧患而死于安乐也。

How to do stateless (session-less) & cookie-less authentication?

How to do stateless (session-less) & cookie-less authentication?

I’ve seen multiple ways to do this during my stints during application assessments. One of the popular ways is the playing tennis way that you mentioned – sending the username and password in every request to authenticate the user. This, in my opinion, is unsafe, especially if the application isn’t single page. It is also not scalable, especially if you want to add authorization to your app in addition to authentication in the future (although I guess you could build something based on logins too)

One popular, although not completely stateless mechanism (assuming you have JavaScript execution) is to embed the session cookie in the JavaScript. The security guy in me is screaming at this, but it could actually work – every request has a X-Authentication-Token header or something like that, and you map that to a database, file-store in memory, etc. on the backend to validate the user. This token can have a timeout of whatever time you specified, and if it times out, the user has to log in again. It’s fairly scalable – if you store it in a database, its one SQL statement executed, and with the correct indexes, it should take very little time to execute, even with multiple simultaneous users. Load testing here would definitely help though. If I read the question correctly, this would be your encrypted token mechanism – although, I would strongly suggest that you use a cryptographically random token of say 32 characters, versus using a combination of username + password + whatever else – this way, it stays unpredictable, but you can still associate it with the user ID or some such thing.

Whichever you do end up using, ensure it is sent to you safely. HTTPS protects you across the wire, but it doesn’t protect you if you leak the session token via the URL (or worse, credentials via the URL). I would recommend using a header, or if that’s not feasible, sending the token via a POST request every time (this would mean a hidden form field on the user’s browser.) The latter approach of using a POST request should use CSRF defenses, just in case, though I suspect using the token itself might be some sort of a CSRF defense.

Last, but not the least, make sure you have some mechanism in the backend to purge expired tokens. This has been the bane of many applications in the past – a rapidly growing database of authentication tokens which never seems to go away. If you need to support multiple user logins, make sure you either limit the number, or have a shorter time limit on each token. As I said before, load testing may be the answer to this.

There are some other security concerns that I can think of, but they are too broad to be addressed at this stage – if you keep all the use (and abuse) cases in mind, you should probably be able to do a fairly good implementation of this system.