23 Matching Annotations
  1. Last 7 days
    1. With Svelte, components and files have a one-to-one relationship. Every file is a component, and files can't have more than one component. This is generally a "best practice" when using most component frameworks.
  2. Jul 2020
  3. Jun 2020
    1. On April 24, the U.S. National Security Agency published an advisory document on the security of popular messaging and video conferencing platforms. The NSA document “provides a snapshot of best practices,” it says, “coordinated with the Department of Homeland Security.” The NSA goes on to say that it “provides simple, actionable, considerations for individual government users—allowing its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation.” Again somewhat awkwardly, the NSA awarded top marks to WhatsApp, Wickr and Signal, the three platforms that are the strongest advocates of end-to-end message encryption. Just to emphasize the point, the first criteria against which NSA marked the various platforms was, you guessed it, end-to-end encryption.
  4. Apr 2020
    1. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    2. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. One suggestion is to check user's passwords when they log in and you have the plain text password to hand. That way you can also take them through a reset password flow as they log in if their password has been pwned.
    1. In 2017 NIST (National Institute of Standards and Technology) as part of their digital identity guidelines recommended that user passwords are checked against existing public breaches of data. The idea is that if a password has appeared in a data breach before then it is deemed compromised and should not be used. Of course, the recommendations include the use of two factor authentication to protect user accounts too.
    1. When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.
  5. Feb 2020
    1. Do Browse like a user wouldTake natural pauses that users would take to consume page contentFocus on the most common use cases, rather than all the possible use casesTake note of pages where forms/logins occur, you will likely need to complete some scripting there
  6. Nov 2019
    1. Published by the American Sociological Association, the article addresses best practices for meeting the needs of military students in sociology classes in higher education. Drawing on Knowles' andragogy, the authors give tips for course organization, feedback, content, and communication.

      9/10

  7. Oct 2019
    1. Yes, absolutely, no two projects are alike. This step is moving towards a direction where we have a set of best practices for webpack isolated in a bundled package and can be maintained in isolation without impacting upgrades or end-user experience. If you have seen next.js or create-react-app they sort of do they same thing for ease and maintainability. Rails is a great example for this - there are some built-in best practices, opinionated defaults and gems that are hidden behind the scene plus power to do advance things where needed.
  8. Apr 2019
    1. Two commonly used change strategies are clearly not effective: developing and testing “best practice” curricular materials and then making these materials available to other faculty and “top‐down” policy‐making meant to influence instructional practices.

      Would this be predicted by the Cynefin framework? Teaching problems are rarely obvious enough for "best" practices; "better" practices may be the best we can hope for.

  9. Jul 2017
    1. (It's usually a mistake to pass back the concrete type of an error rather than error, for reasons discussed in the Go FAQ, but it's the right thing to do here because ServeHTTP is the only place that sees the value and uses its contents.)

      Good clarifying comment on when to pass back the concrete type of an error.

  10. Jan 2017
    1. Component classes should be lean. They don't fetch data from the server, validate user input, or log directly to the console. They delegate such tasks to services.

      A really good point! Lean-ness is something to strive for.

  11. Oct 2016
  12. Feb 2014
    1. For example, imagine you are annotating the second page of a New York Times article. You probably want to see your annotation when you are looking at the article later as a single page, right? Or perhaps you've annotated the HTML for a PLOS ONE article. Wouldn't you like to see those annotations when you are looking at the PDF version of the same article? If annotations were only associated with the URL you happened to be looking at in your browser then the scenarios above would not work, because the documents being annotated all have different URLs.

      Publisher Best Practices is a great idea that I would like to see codified in the authoring and publishing tools to make the practices commonplace by default.

      I would like to mix PBP with other techniques, though, for richer connection between source and rendering-- I have some source mapping ideas that make it possible to keep annotations linked even as the original source is edited over time.