15 Matching Annotations
  1. Apr 2022
    1. Note though that restarts are an essential part of updating software, by refusing to restart when you apply an update you are risking having a less stable software running as well as postponing what could be security updates and putting yourself at risk. There is a reason software asks for restarts and you absolutely should respect that.

      Software should never force something on the user. The user should always be the one in complete control. You can warn of the risks, but let the human decide what is best for the human at this exact moment. For example, they may just need to look something up. It may be an emergency. They may have private tabs that would be lost if they restarted now, and they need to wait until a better time.

      It's no different than Windows or other OS updates.

      See also: https://askubuntu.com/questions/1398179/firefox-restart-required-how-to-disable

    2. Not saying that occasionally there isn't a "feature only" release, but 99% of the time, the updates have fixes and many times they are of a critical security nature. FF, like others, has a responsibility and lawsuits to avoid.
    1. Boston AInamics (an unauthorised riff on the name of the robotics company, Boston Dynamics, I hope they sue)

      It's sufficiently different. Plays on other names should be permitted.

  2. Jan 2022
    1. Authentication by schemes outside of RFC2617 is not supported in HTTP status codes and are not considered when deciding whether to use 401 or 403.

      What does "are not considered when deciding whether to use 401 or 403" mean exactly? What exactly should not be considered, and what exactly should be considered instead? In other words, how did someone arrive at the conclusion that "if you have your own roll-your-own login process and never use HTTP Authentication, 403 is always the proper response and 401 should never be used."? Why is 403 okay to use for non-HTTP authentication, but not 401?

      Oh, I think I understand the difference now.

      They should have said:

      Authentication by schemes outside of (not defined by) RFC7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication should not use HTTP status 401, because 401 Unauthorized is only defined (by current RFCs) by RFC7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication, and has semantics and requirements (such as the requirement that "A server generating a 401 (Unauthorized) response MUST send a WWW-Authenticate header field containing at least one challenge.") that simply don't make sense or cannot be fulfilled if using a non-HTTP authentication scheme.

      403 Forbidden, on the other hand, is defined by the broader HTTP standard, in RFC7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content and RFC7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication.

      In conclusion, if you have your own roll-your-own login process and never use HTTP Authentication, 403 is always the proper response and 401 should never be used.

      See also my comments in https://hyp.is/p1iCnnowEeyUPl9PxO8BuQ/www.rfc-editor.org/rfc/rfc7235

    1. If the ticket is incorrect or damaged, you cannot even go through the airport security: when they check your ticket, it will be refused. You are Forbidden to enter the boarding area of the airport.

      It depends what we mean by "incorrect"/damaged "credentials ("ticket")...

      A. If they are invalid or incorrect in the sense that we can't authenticate them as anyone (as it sounds like you mean with "incorrect" or "damaged") (they're not a user in our database or the password doesn't match a user in our database), then you should actually use 401, meaning that the client can/should try (again) to authenticate with different credentials.

      B. But if by "incorrect" you mean (as it sounds like you mean with "you cannot even go through the airport security: when they check your ticket, it will be refused") that the credentials were valid enough to authenticate you as someone (a user in our database), but that (known( user has insufficient credentials, then correct, it should be a 403 forbidden.

      It's even easier to explain / think about if you just think of 401 as being used for any missing or failed authentication. See:

  3. Jul 2021
    1. Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues. If you have found a problem that seems similar to this, please open a new issue.
  4. Jun 2021
    1. As aforementioned, the usage of master as a branch most likely originated from the first meaning

      The meaning:

      An original recording, film, or document from which copies can be made.

      makes more sense to me. Why would they have meant the other meaning?

    1. I don't think this warrants adding to the Array class, since it's not generalizable to all the types that Arrays can contain.

      You could say the same thing about Array#sort. It can cause an error if elements of the array aren't all of the same type/shape. Just make sure it's safe to use first, and thenArray#sort, Array#sum, Array#average, ... are all quite handy and useful to have on Array class.

    2. I don't know, using instance_eval this way just seems weird, and it has a lot of gotchas associated with it that make this approach a bad idea, IMO. (For example, if you tried to access and instance variable or a method on self inside that block, you'd run into problems.) instance_eval is more for metaprogramming or DSL.

      But that's exactly when/why you'd use it: to make self refer to the instance! Just learn that and you'll be fine. You can still access locals from outside the block. And if you need to access instance variables/methods of a different instance, then sure, it's probably a sign you shouldn't be using instance_eval here.

    3. I agree, don't use this in your application code.
  5. May 2021
    1. If the hosting company (or any organization that you're trying to get support from) wanted you to know something, they would have already told you or made that information available.
  6. Apr 2021
    1. stunning HD retro-style graphics

      It looks low-res, so how can they claim it's HD?

  7. Mar 2021