W06 - Reflections on QCon Beijing 2023 — Front-end Frontiers Session

The first topic concerns web motion effects. The industry has evolved from rudimentary activities like lotteries and prize wheels to large-scale events resembling client games, showing an increasingly competitive trend. This is the result of iterative accumulation across gameplay, marketing, and visual presentation, and it brings many new challenges to frontend development.

• Compared with common business requirements, complex animated events involve much higher collaboration complexity upstream in the delivery chain than downstream. Traditional requirement design only needs UI and UX, whereas complex large-scale events require multiple design disciplines—key art, 3D modeling, animation, special effects—each requiring deep frontend involvement. Similar to games, this is why many organizations pull resources from game teams when building complex motion effects.

• Events that include large amounts of 3D animation impose technical and domain knowledge requirements different from those of traditional web engineers—for example, familiarity with computer graphics. Based on Kuaishou’s experience with large events like the Spring Festival Gala and the Winter Olympics, internal iteration cycles can be very fast. The engineering challenges, however, remain within classic problem domains. A platform-based approach can balance performance, stability, and iteration efficiency.

The second topic is about H5 security hardening, which essentially means source code protection. The talk centered on anti-scraping practices developed around the 58 Information Security team, focusing on two main approaches.

• One is AST-based hardening to perform obfuscation, anti-formatting, anti-debugging, and similar protections.

• The other is an H5 security hardening scheme based on code virtualization. This code virtualization refers to JSVMP, which stands for Virtual Machine based code Protection for JavaScript—i.e., a JavaScript code virtualization protection scheme. It’s not exactly brand new, just outside the typical problem domain for many practitioners. A complete JSVMP protection system generally has this architecture: server reads JavaScript code —> lexical analysis —> syntax analysis —> generate AST —> generate private instructions —> generate a corresponding private interpreter; the private instructions are encrypted and, along with the private interpreter, sent to the browser, where they are interpreted and executed.

• This topic reminded me of Jack Works’ GMTC talk last year about SES (Secure ECMAScript). Security issues in the web ecosystem are increasingly discussed, and many require fixes at the standards level. Otherwise web security often has to be exchanged for performance loss, as with the JSVMP approach mentioned above. My understanding is that SES creates a fully trusted sandbox to protect the runtime environment’s safety; regarding source-code anti-scraping, the ES standard hasn’t yet reached stage 3/4.

The third topic was about industrial software; the presentation was not well delivered and wasn’t very clear. If you’re interested, the slides are sufficient—there wasn’t much additional information delivered live.

The fourth topic was about PWA. PWAs aren’t cutting-edge technology, but some insights were fresh. PWA adoption in China is extremely low, largely due to the advanced development of super-platforms like mini programs. During Q&A I asked whether Apple is blocking PWA development; the answer was that Apple cannot stop the larger trend. One reason is the speaker’s background—representing Microsoft’s strong push for PWAs. Another is the nature of the “larger trend.”

• This “larger trend” is interesting. China’s mobile-first process has basically peaked, and in its leapfrog development it has created a huge gap in PC penetration compared with Europe and the U.S. China’s PC penetration is currently only around 20%, while developed countries are generally around 70% and the U.S. reaches as high as 90%—a stark difference. The data comes from a report by the Chinese Academy of Social Sciences and sounds surprising. We can roughly view mobile as representing digital consumption and PC as representing digital production. The PC is gradually shifting from a household appliance to a tool for generating content—representing productivity and the population’s ability to apply ICT to production problems. From a development perspective, China’s PC penetration has significant room to grow. That could lead to a reverse trend toward desktop usage after widespread mobile adoption, and PWA may be a good fit for that.

In summary, the frontend frontier segment was a mixed bag—some topics repeated old ground, giving the impression that the ceiling for frontend innovation isn’t very high. Looking forward to something more exciting next year.