W06 - Impressions from QCon Beijing 2023: Front-End Frontier Session

The first theme concerns web motion effects. The industry has evolved from early simple activities like raffles and spinners to today’s large-scale events resembling desktop games, showing an increasingly competitive trend. This is the result of continuous iteration and accumulation in gameplay, marketing, and expressive capability, and it brings many new challenges to frontend development.

• Compared with common business requirements, complex animated events involve much greater collaboration complexity upstream in the delivery chain than downstream. Traditional requirement and design phases only need UI and UX, whereas complex large-scale events require multiple design disciplines—concept art, 3D models, animations, visual effects, etc.—and all require deep frontend involvement. Similar to games, this explains why many organizations pull resources from game teams when building complex motion effects.

• Events containing substantial 3D animation impose requirements on developers’ technical background and knowledge domains that differ from those of traditional web engineers, such as familiarity with computer graphics. Based on Kuaishou’s experience in past large events like the Spring Festival Gala and the Winter Olympics, internal iteration cycles can be very fast. The engineering challenges, however, still lie within classic problem domains. Using a platform-based approach can help balance performance, stability, and iteration efficiency.

The second theme is H5 security hardening, essentially source code protection. The discussion of anti-scraping practices around 58 InfoSec covered two main approaches.

• One is AST-based hardening measures: obfuscation, anti-formatting, anti-debugging, and the like.

• The other is an H5 security hardening scheme based on code virtualization. This code virtualization refers to JSVMP, short for Virtual Machine based code Protection for JavaScript — a JS code virtualization protection scheme. It’s not entirely new, just outside most people’s usual problem space. A complete JSVMP protection system typically has this architecture: server reads JavaScript code → lexical analysis → syntactic analysis → generate AST → generate private bytecode/instructions → generate corresponding private interpreter; the private instructions are encrypted and, together with the private interpreter, sent to the browser, where they are interpreted and executed.

• This topic reminded me of Jack Works’ presentation on SES (Secure ECMAScript) at last year’s GMTC. Security issues in the web ecosystem are being raised more frequently, and many need fixes at the standards level. Otherwise web security largely gets paid for with performance loss, as with JSVMP above. My understanding is that SES aims to create a fully trustworthy sandbox to protect the runtime environment; regarding source-code anti-scraping, the ES standard has likely not yet reached stage 3 or 4.

The third theme was about industrial software. The presentation was poor overall and unclear; if you’re interested, the slides are sufficient—there wasn’t much additional information on-site.

The fourth theme was PWA. PWAs aren’t cutting-edge tech, but some insights were fresh. PWA adoption in China is extremely low, largely due to the advanced development of super-platforms like mini-programs. During Q&A, someone asked whether Apple is blocking PWA development; the answer was that Apple cannot stop the larger trend. One reason is the speaker’s background—representing Microsoft’s strong push for PWAs. Another reason lies in the meaning of that larger trend.

• This “larger trend” is interesting. China’s mobile-first progress has largely peaked, and in its leapfrog development it has created a huge gap in PC penetration compared with Europe and the US. China’s PC penetration is only about 20% today, while developed countries are generally around 70%, and the US is as high as 90%—a stark difference. The data came from a report by the Chinese Academy of Social Sciences and sounds incredible. We can roughly think of mobile as representing digital consumption and PC as digital production. The PC is gradually shifting from a consumer good to a productive tool, representing productivity and the population’s ability to apply ICT to solve production problems. From a development perspective, China’s PC penetration has great room to grow. That could bring about a reverse desktopification trend following mobile-first development, and PWAs are a strong option in that context.

In summary, the front-end frontier session was a mixed bag. Some topics rehashed old ground, leaving the impression that the frontier’s ceiling wasn’t very high. Looking forward to something more exciting next year.