Luckily, there is absolutely no good reason not to use strict mode for everything — so the solution to this problem is to lobby the authors of those modules to update them.

Then it would tell NPM that “if a package lists me as a dependency, then assume that package also has a dependency on PackageB”.

To make this “if you install me, you better also install X, Y, and Z!” problem easier, peerDependencies was introduced.

When the message say function was called outside component initialization first will look at my code and last at my configuration.

While there is some precedence in other frameworks for using as, the word doesn't fit well. Since you are adding functionality to elements I like the word add better (and it only has 1 more character).

<slot ref:img data-visible="{{visible}}" /> In the above everything on <slot> is lost since slot is a space in the HTML, not an actual element. How could we translate this to zero or ten elements inside the slot?

enhancers

one problem with 'behavior' is that's the terminology we use to describe all of a component's encapsulated logic — methods, transitions, etc.

Is there a good way to do this given the compiler won't know at build time what events are needed? Should I make a wrapper that does addEventListener myself with a bind:this? Would be nice if Svelte could handle dynamic events though.

here you can write your introduction.

Yes, they do but none of them allow arbitrary javascript anywhere in the template it is finely controlled. This deviates from that, in fact that is it's defining feature.

We should also allow passing unrecognised props to the rendered component. eg: tabindex might be required on some instances of a component, and not all. Why should developers have to add tabindex support to their components just that it may potentially be used

The language should work for developers, not the other way around.

Adding my 2 cents to the discussion. Adding a class prop to a component doesn't necessarily mean it should apply the style to the root element, but it makes sense that it should apply it the main element visually. Let's take a modal component as an example.

You're not trying to pass a class to a dom element. You're passing a class to a component. It's up to the component to define what that means for the components use case. In most cases it would be passed to a dom element.

That is, if I remove class={className} from the Child component, and/or remove the class/className prop entirely, then the class:active syntax doesn't have any effect since nothing is rendering the class prop anywhere.

I don’t want my source to be human-readable, not for protective reasons, but because I care about web performance more. I want my website to arrive at light speed on a tiny spec of magical network packet dust and blossom into a complete website. Or do whatever computer science deems is the absolute fastest way to send website data between computers. I’m much more worried about the state of web performance than I am about web education. But even if I was very worried about web education, I don’t think it’s the network’s job to deliver teachability

if the idea of using a template language makes you shudder — your fears are misplaced, but that's a topic for another day

For example, you might want to use the browser’s knowledge of the user’s current time zone to group a collection of elements by date.

Think of useRef as a useState that does not trigger a re-rendering of our component.

Dialogs are purposefully interruptive, so they should be used sparingly.

But it's easy to imagine that the caption was incorrect for too long because those who know the language, know where the mistake is, and those who don't, think that it's the correct way to spell it.

Unless I just loginned, I agree it's "log in".

I think the conjugation is particularly helpful to see why it should be two separate words: "log in" -> "logging in" -> "logged in"

You can also think about each one with the way we stress the different syllables slightly when we're speaking: "log in to host.com" sounds like "log + in + to host.com" (each word is pretty much evenly stressed) "log into host.com" sounds like "log + INto host.com" (the stress is on "in") "login to host.com" sounds like "LOGin + to host.com" (the stress is on "log")

Perhaps someone should give an example of when 'into' is ever correct. "Turn into bed" is definitely incorrect, unless one is morphing into the form of a bed. But what about "he fell into the hole", "she went into the house", or "Star Trek Into Darkness"?

I used to be a staunch defender of proper reply styles, even for casual emails. Insert your replies below the relevant paragraph and trim the exchange to be just about the matters of discussion.

For example, the word dog describes both the species Canis familiaris and male individuals of Canis familiaris, so it is possible to say "That dog isn't a dog, it's a bitch" ("That hypernym Z isn't a hyponym Z, it's a hyponym Y").

"When an OP rejects your edit, please do not edit it back in!" Correspondingly, when a user repeatedly does try to edit, understand that something in your framing isn't working right, and you should reconsider it.

It would be nice if the tests weren't so implementation specific, but rather tested the essence of the functionality. I tried to make them less brittle but failed. To that end, re-writing all the tests in rspec would be (IMHO) a brilliant improvement and pave the way for better tests in the future and more flexibility in implementation.

Context RAILS_ENV webpacker.yml NODE_ENV webpack config

if British Army gunners are doing a countdown before making something go bang, they actually leave out Five in case anyone mishears it as “Fire”.

So, which is better? t.inspect # => "2007-11-01 15:25:00 8483885939586761/68719476736000000 UTC" t.inspect # => "2007-11-01 15:25:00.123456789000000004307366907596588134765625 UTC"

See https://choosealicense.com/ for tl;dr Please, please add a license. The fact none is listed makes using this software a legal quagmire. Currently it is not legal to use this code or its derivatives in any useful software. I may be mistaken but hopefully this is not the intended effect. Currently no license is mentioned anywhere, what makes this code fully copyrighted, like any other creative work. It limits usefulness of this project - and I hope that it is unintentional. For example it seems that it would solve my problem of profiling hilariously slow rspec tests (2036.33 seconds ./spec/word_processor_spec.rb:43), in current situation I would be unable to legally publish project that would use this solution. Obviously, please do not release it under any license if you are not the author (that would be even worse legal quagmire)

Once a test is in quarantine, there are 3 choices: Should the test be fixed (i.e. get rid of its flakiness)? Should the test be moved to a lower level of testing? Should the test be removed entirely (e.g. because there’s already a lower-level test, or it’s duplicating another same-level test, or it’s testing too much etc.)?

Quarantined tests are run on the CI in dedicated jobs that are allowed to fail

Explanation

reading a thesaurus is pretty much a bad way to improve any writing skill

I could not find any way to do this with the standard library.

So why isn't there an easy way to remove an element from such an array in a way that respects both the order and number (count) of each element? Why do all methods for removing elements from an array assume that you always want to remove all matching elements from the receiver, with no option to do otherwise?

It’s even worse that there’s no alternative method that does the unsurprising thing IMO.

a mixin does not need to extend AS::Concern to be a concern

For example, if error messages in two narrowly defined classes behave in the same way, the classes can be easily combined. But if some messages in a broad class behave differently, every object in the class must be examined before the class can be split. This illustrates the principle that "splits can be lumped more easily than lumps can be split".

Don’t apply caching if the process is expected to react to changes during the caching period. i.e. Don’t cache when mixing reads and writes.

An example candidate for caching might be a nightly billing task which aggregates billing data for the past month. That kind of task is likely not expecting last minute updates while it runs. It assumes that the state of the world remains constant while processing.

In this case, we notice that comment.post and post should belong to the same database object. But, is Rails smart enough to know that the comment should be removed from both of the associations? Or are comment.post and post different representations of the same database row?

<script> let a = 1; let b = 2; </script> <input type="number" bind:value={a}> <input type="number" bind:value={b}> <p>{a} + {b} = {a + b}</p>

Wish more questions are asked that way

It's funny that in such a complex gem like this, there's only one open issue, exactly about what I came here to post.

Rails follows a simple set of coding style conventions:

Bad people will always be motivated to go the extra mile to do bad things.

Meanwhile, criminals would just continue to use widely available (but less convenient) software to jump through hoops and keep having encrypted conversations.

They also argue that it cannot fall to them to determine good actors from bad—not all governments are forces for good, and who decides how each one should be treated.

Because we would eventually rebalance our test suite across many nodes, we would quickly hit a bottleneck. Our test suite would only be as fast as our slowest test file.

there’s 3 steps to building software: Make it work Make it right Make it fast

In this example

GitLab CI/CD

Integration specs are relied upon to ensure the application functions, but does not ensure pixel-level stylistic perfection.

Sometimes plugins can conflict with a theme or with each other.  Disable all your plugins and see if the problem persists. If everything is working once the plugins were disabled it means there's a conflict with a plugin or maybe even a set of plugins. Enable the plugins one by one to identify the one that is creating the conflict.

Right click on the /wp-content/plugins folder and rename it plugins.old. This will deactivate all of the plugins. In most cases, this will also lock the WordPress admin area as well.  You will still be able to perform these steps from within the File Manager.Reactivate the plugins folder by following the above instructions and renaming the folder plugins. This will allow you to reactivate each plugin individually to isolate the offending plugin and resolve the 500 Internal Server Error.  This should also allow access to the WordPress Dashboard again. From the WordPress Dashboard: Reactivate each plugin (one at a time) and refresh the website to see if the issue has been resolved.

You should then also create a new View and apply the following filter so as to be able to tell apart which domain a particular pageview occurred onFilter Type: Custom filter > AdvancedField A --> Extract A: Hostname = (.*)Field B --> Extract B: Request URI = (.*)Output To --> Constructor: Request URI = $A1$B1

Cross-channel conversion paths See the big picture. Understand the value of upper funnel ad clicks in multi-click, cross-channel journeys.

Sometimes it's useful to refine the type of an issue. In those cases, you can add facet labels.

Hey there. We see you’ve been busy reading, which is fantastic, so we’ve promoted you up a trust level! We’re really glad you’re spending time with us and we’d love to know more about you. Take a moment to fill out your profile, or feel free to start a new topic.

I encourage people to write good commit messages, with a good description that explains what it does.

Having to rebase and cleanup the commits while actively working on something is time and attention consuming.

It seems weird to me that we are trying to enforce commit messages when they are not really visible or used in the GitLab workflow at all. This is what you see most of the time when interacting with the commit list. I've taken time to compose a nice descriptive body and it is hidden by default:

shouldn't a MR be treated as an unit of work, independent from master?

which might or might not be useful depending on what is the content of the commit.

One way of encouraging users to create good commit message would be to have a better integration with the content of commit message in GitLab itself,

Just to make this clear, I'm on the side that adding strict rules doesn't necessarily improve a situation. Especially with something that is subjective like a commit message.

Good commit hygiene in general is a tough thing to enforce. It requires manual labor and descipline, from both the author and the reviewer.

If we can encourage people to create clean commits as they go, the example as you showed above should be far less common, because cleaning up such history as an after-math is most of the time almost impossible.

sadness.js will not load, however, as document.write() produces script elements which are "parser-inserted".

If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.

We group a description of and about personal data (such as a Cookie or IP Address), the purpose of its collection (such as Analytics or Advertising) and the providers (such as Google or even your own website) into what we call services. Each service corresponds to a portion of a privacy policy, and provides all the relevant information to the end users of your website.

The above diagram shows which Linking Open Data datasets are connected, as of August 2014.

This change was made because GitLab License Management is now renamed to GitLab License Compliance. After review with users and analysts, we determined that this new name better indicates what the feature is for, aligns with existing market terminology, and reduces confusion with GitLab subscription licensing features.

$10 donation = $9.41 deposited into your bank account the next business day $100 donation = $96.80 deposited into your bank account the next business day

It even proclaims that "the processing of personal data should be designed to serve mankind."

that a number x {\displaystyle x} is rational (S) is sufficient but not necessary to x {\displaystyle x} being a real number (N) (since there are real numbers that are not rational)

being a male is a necessary condition for being a brother, but it is not sufficient—while being a male sibling is a necessary and sufficient condition for being a brother

in order for human beings to live, it is necessary that they have air

This does not have to be an additional form. In practice, you can simply add several checkboxes informing the user of each additional purpose and allowing them to give consent specific to those cases.

By itself the name John Smith may not always be personal data because there are many individuals with that name. However, where the name is combined with other information (such as an address, a place of work, or a telephone number) this will usually be sufficient to clearly identify one individual.

Simply because you do not know the name of an individual does not mean you cannot identify that individual. Many of us do not know the names of all our neighbours, but we are still able to identify them.

If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.

It would be best to offer an official way to allow installing local, unsigned extensions, and make the option configurable only by root, while also showing appropiate warnings about the potential risks of installing unsigned extensions.

I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.

I will need to find a workaround for one of my private extensions that controls devices in my home network, and its source code cannot be uploaded to Mozilla because of my and my family's privacy.

in the absence of an immediate need, it is simpler to leave out error handling until a final .catch() statement.

Using a very different theoretical approach, Robbins (2009a) suggests that one of the primary reasons for Pentecostal expansion among those most disenfranchised by late capitalism may very well be the ease with which this religion creates social cohesion despite the ‘institutional deficit’ of the neoliberal global order (B. Martin 1998: 117‐18

Central to this interpretation has been Comaroff and Comaroff's work on ‘occult economies’ (Comaroff & Comaroff 1999; 2000), which situates the prosperity gospel alongside witchcraft accusations, rumours of zombies, and lurid tales of Faustian pacts with the Devil.

purposes are grouped into 5 categories (strictly necessary, basic interactions & functionalities, experience enhancement, measurement, targeting & advertising)

Strictly necessary (id 1). Purposes included:Backup saving and managementHosting and backend infrastructureManaging landing and invitation pagesPlatform services and hostingSPAM protectionTraffic optimization and distributionInfrastructure monitoringHandling payments

A website (also written as web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server

It’s true that there are two hard problems in computer science and one of them is naming things. Why? Because good names are important. A good name teaches about purpose and responsibility, so you have to spend some time thinking about it.

In math, idempotence describes only unary functions that you can call on their own output. Math-idempotence is, “If you take the absolute value of a number, and then you take the absolute value of that, the result doesn’t change on the second (or subsequent) operations.” Math.abs is math-idempotent. Math-idempotence only applies to functions of one parameter where the parameter type and return type are the same. Not so useful in programming.

Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.

You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript

I would call this output encoding instead of sanitization

When sanitizing, protecting or verifying something, prefer whitelists over blacklists.

Here you can do some social good; we know how much passwords are reused and the reality of it is that if they've been using that password on one service, they've probably been using it on others too. Giving people a heads up that even an outgoing password was a poor choice may well help save them from grief on a totally unrelated website.

you could even provide an incentive if the user proactively opts to change a Pwned Password after being prompted, for example the way MailChimp provide an incentive to enabled 2FA:

in order to track the always-improving upstream project, we continuously rebase our patches on top of the upstream master

I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.

For now the laws are on my side because there has to be intent to commit or facilitate a crime

it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.

The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.

One suggestion is to check user's passwords when they log in and you have the plain text password to hand. That way you can also take them through a reset password flow as they log in if their password has been pwned.

I think it's useful to differentiate especially because there are many situations where "hack", and its conjugations, is the only effective term to describe something that has nothing to do with malicious violation of security measures or privacy.

Over the years, many people have said "well, the data is public anyway by virtue of it having been breached, what's the problem if you now store the password in your system?" Here's the philosophical problem I have with that:

If you don't—or can't—lock your users in, the best way to compete is to innovate at a breakneck pace. Let's use Google Search as an example. It's a product that cannot lock users in: users don't have to install software to use it; they don't have to upload data to use it; they don't have to sign two-year contracts; and if they decide to try another search engine, they merely type it into their browser's location bar, and they're off and running.

Want to keep your users? Just make it easy for them to leave.

Remove upper bound in our dependencies Doing this we are only asking people to fork our gem or open issues when they want to use a new version of the dependency and we still didn't tested with it.