微軟的 CodePush

看到微軟推出的 CodePush,針對 CordovaReact Native 類透過 WebView 跑的程式提出的方案。原因是 Apple 的 App Store 審核都要很久,透過 CodePush 可以直接更新程式:

CodePush is a cloud service that enables Cordova and React Native developers to deploy mobile app updates directly to their users’ devices. It works by acting as a central repository that developers can publish certain updates to (e.g. JS, HTML, CSS and image changes), and that apps can query for updates from (using our provided client SDKs). This allows you to have a more deterministic and direct engagement model with your end-users, while addressing bugs and/or adding small features that don’t require you to re-build a binary and/or re-distribute it through any public app stores.

FAQ 文件裡提到了這點:(Frequently Asked Questions · CodePush)

Does the Apple App Store allow developers to perform these types of updates?

According to section 3.3.2 of Apple’s developer agreement, as long as you are using the CodePush service to release bug fixes and improvements/features that maintain the app’s original/presented purpose (i.e. don’t CodePush a calculator into a first-person shooter), then you will be fine, and your users will be happy. In order to provide a tangible example, our team published a (pretty cheesy!) CodePush-ified game to the Google Play Store and Apple App Store, and had no problems getting it through the review process.

Because Cordova apps are executed within a WebView, and React Native apps are executed within JavaScriptCore, from a technology perspective, these runtimes are unique in their ability to leverage dynamic code downloads according to the aforementioned Apple developer agreement.

同樣的想法如果真的可行,應該會有其他更開放的 open source 方案可以用 (而非綁定性的服務,而是可以掛到自己的 CDN 上下載更新),先觀察一陣子...

TPP (The Trans-Pacific Partnership) 對 GPL 的影響

TPP (The Trans-Pacific Partnership跨太平洋戰略經濟夥伴關係協議) 的黑箱作業在 Wikileaks 揭露後 (TPP Treaty: Intellectual Property Rights Chapter - 5 October 2015) 才被大量解讀,而與預期的一樣,既然會黑箱當然就是見不得人,違反公眾利益的事情。

EFF 有導讀專欄分析,有興趣的可以從這邊下手:「Trans-Pacific Partnership Agreement」。

這邊要講的是 TPP 裡對 GPL 的影響:「TPP has provision banning requirements to transfer of or access to source code of software」。

其中這組條款對原始程式碼 (source code) 的約束直接衝擊 GPL 類強制要求 open source 的約束:

Article 14.17: Source Code

  • No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.
  • For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure.
  • Nothing in this Article shall preclude:
    (a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or
    (b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement.
  • This Article shall not be construed to affect requirements that relate to patent applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party.
  • 使用 WordPress 的內容佔有全 Web 的 25% 比率

    WordPressMatt Mullenweg 在他的 blog 上提到了 WordPress 的內容建構了 Web 上的 25% 內容:「Seventy-Five to Go」,出自 W3Techs 的「 Historical yearly trends in the usage of content management systems for websites 」這邊的資料。

    WordPress 從 2004 年 MovableType 的 license 爭議事件後崛起 (Commitment to a Free Version, while getting our pricing right),後來就愈站愈穩了,而 MovableType 在 2007 年又宣布 open source (Movable Type Open Source),但也已經無法挽回了...

    而且 WordPress 的比率目前還在緩緩攀升...

    Google Chrome 上面的畫面截圖套件

    記得之前有提到最多人裝的那幾個 extension 都有嵌入各種 malware 或 spyware,所以試著找有哪個是正常的... 後來想到用 GoogleGitHub 上的 open source 專案,找到這個:「One-click full page screen captures in Google Chrome」,官方說明頁面在「Full Page Screen Capture Chrome Extension」:

    It’s open source (on github) and malware free.

    看起來這個應該是可以用的... 看起來很久沒更新了,不過實際測試還是會動的 :p

    又一個 Open Source 版本的 Slack Clone:Mattermost

    在「Open source Slack-alternative reaches 1.0: Self-host ready, Slack-compatible, MIT licensed」這邊看到 Mattermost 這套 Slack clone,而 Mattermost 的標語是:

    Mattermost is an open source, on-prem Slack-alternative

    後面也是弄了一個團隊 (Team),有種 GitLab 的感覺...

    D-Link 的 open source package 內包含了拿來簽名用的 Private Key

    D-LinkDCS-5020L 的 open source package (因 GPL 要求) 裡放了簽名用的 private key:「D-Link spilled its private key onto the web – letting malware dress up as Windows apps」。

    而這把 key 由 Verisign 所簽,因此被 Windows 所信任,所以這把 key 可以用來簽 malware:

    而不幸的是,這把 key 已經洩漏出來超過半年了:

    The D-Link key was leaked in late February, and expired on September 3, it appears.

    又是一連串的 revoke 過程... orz

    Facebook 更新在 Open Source 軟體裡的專利授權條款

    Facebook 的 Open Source 專案一般都採用 BSD licenses 放出,而由於 BSD licenses 並沒有專利授權,所以 Facebook 自己附帶專利授權條款讓使用者不用擔心在使用時侵犯到 Facebook 的專利。

    而前陣子這個條款更新了:「Updating Our Open Source Patent Grant」,範例可以參考 osquery 裡的檔案:舊版的可以參考「PATENTS」這裡,而新版的可以參考「PATENTS」這裡,差異可以看「Update patent grant」這個 commit。

    不過看起來還是不怎麼友善...

    2006 年的 jQuery 程式碼...

    對於現在變成 Web JS 代名詞 jQuery 的誕生。

    John Resig (jQuery 的發明人) 的懷舊文:「Annotated Version of the Original jQuery Release」。

    重點在「Annotated jQuery Release」裡他寫了不少註解 (以 2015 年現在的觀點來寫),有很多感嘆啊 XDDD

    Google 宣佈關閉 Google Code

    Google 公告後馬上傳遍:「Bidding farewell to Google Code」。

    幾個時間點:

    • 2015 年 3 月 12 日:停止新的 project 的申請。
    • 2015 年 8 月 24 日:唯讀。
    • 2016 年 1 月 25 日:停止操作服務,不過 2016 年整年還是提供一整包 tarball 下載回去。

    Google 有提供「Export to GitHub」這個服務轉換到 GitHub 上,或是透過手動轉換:Git 的部份比較簡單,直接推上新的 hosting 即可,而其他的需要工具轉換。

    Windows 10 都市傳說的佐證...

    續上篇「Windows 10 的都市傳說...」,先不管微軟內部的 code 如何,以及跳過 Windows 9 的真正原因,但 open source 專案的確有不少人這樣判斷 Windows 95 與 Windows 98:

    還有各種變形的:

    		} else if (osName.startsWith("Windows")) {
     			if (osName.indexOf("9") != -1) {
     				jvm = WINDOWS_9x;

    這該怎麼說呢...