55 Matching Annotations
  1. Last 7 days
    1. When defining accessors in Ruby, there can be a tension between brevity (which we all love) and best practice.
    2. a principle I use is: If you have an accessor, use the accessor rather than the raw variable or mechanism it's hiding. The raw variable is the implementation, the accessor is the interface. Should I ignore the interface because I'm internal to the instance? I wouldn't if it was an attr_accessor.
    3. I have been wrapping instance variables in accessor methods whenever I can though.
    4. Setting an instance variable by going through a setter is good practice, and using two access modifiers is the way to accomplish that for a read-only instance variable
  2. Jun 2021
  3. May 2021
  4. Apr 2021
    1. Best Practices for Minimalist Website Design

      Minimalism, the art of less, is a popular modern design approach. Experimenting with colors, transitions, navigation, broken composition, or even the complete removal of all elements – there are more ways to implement minimalism than you can imagine. In this article, we explore minimalism as it’s applied in digital product design, going over its main principles and elements and illustrating them with real-life examples of stunning minimalist websites' designs

  5. Mar 2021
    1. Your validation functions should also treat undefined and '' as the same. This is not too difficult since both undefined and '' are falsy in javascript. So a "required" validation rule would just be error = value ? undefined : 'Required'.
    1. here is my set of best practices.I review libraries before adding them to my project. This involves skimming the code or reading it in its entirety if short, skimming the list of its dependencies, and making some quality judgements on liveliness, reliability, and maintainability in case I need to fix things myself. Note that length isn't a factor on its own, but may figure into some of these other estimates. I have on occasion pasted short modules directly into my code because I didn't think their recursive dependencies were justified.I then pin the library version and all of its dependencies with npm-shrinkwrap.Periodically, or when I need specific changes, I use npm-check to review updates. Here, I actually do look at all the changes since my pinned version, through a combination of change and commit logs. I make the call on whether the fixes and improvements outweigh the risk of updating; usually the changes are trivial and the answer is yes, so I update, shrinkwrap, skim the diff, done.I prefer not to pull in dependencies at deploy time, since I don't need the headache of github or npm being down when I need to deploy, and production machines may not have external internet access, let alone toolchains for compiling binary modules. Npm-pack followed by npm-install of the tarball is your friend here, and gets you pretty close to 100% reproducible deploys and rollbacks.This list intentionally has lots of judgement calls and few absolute rules. I don't follow all of them for all of my projects, but it is what I would consider a reasonable process for things that matter.
  6. Feb 2021
    1. step :direct_debit

      I don't think we would/should really want to make this the "success" (Right) path and :credit_card be the "failure" (Left) track.

      Maybe it's okay to repurpose Left and Right for something other than failure/success ... but only if we can actually change the default semantic of those signals/outputs. Is that possible? Maybe there's a way to override or delete the default outputs?

    2. This connects the failure output to the previous task, which might create an infinity loop and waste your computing time - it is solely here for demonstrational purposes.
  7. Jan 2021
    1. For the future, you should: Install LTS (Long-term support) versions as they have an 8-year life span (with Extended Security Maintenance) or 5 years without. The current LTS version is Ubuntu 18.04.1 LTS Bionic Beaver released on July 26, 2018 with an EOL in April 2023. OR Carefully watch the EOL of the interim / development releases and upgrade frequently.
    1. When you use target="_blank" with Links, it is recommended to always set rel="noopener" or rel="noreferrer" when linking to third party content. rel="noopener" prevents the new page from being able to access the window.opener property and ensures it runs in a separate process. Without this, the target page can potentially redirect your page to a malicious URL. rel="noreferrer" has the same effect, but also prevents the Referer header from being sent to the new page. ⚠️ Removing the referrer header will affect analytics.
  8. Nov 2020
  9. Oct 2020
    1. Teaching Tolerance offers some clear practices that can help establish connectedness:

      Are these not "techniques", "exercises", "manoeuvers", from the "front of the room"? I suppose the answer is that technique and leadership are necessary but not sufficient for building community, and that unlike a "best practice" in a controllable process, they may or may not resonate (and thus work) for any given person or group.

  10. Sep 2020
    1. With Svelte, components and files have a one-to-one relationship. Every file is a component, and files can't have more than one component. This is generally a "best practice" when using most component frameworks.
  11. Jul 2020
  12. Jun 2020
    1. On April 24, the U.S. National Security Agency published an advisory document on the security of popular messaging and video conferencing platforms. The NSA document “provides a snapshot of best practices,” it says, “coordinated with the Department of Homeland Security.” The NSA goes on to say that it “provides simple, actionable, considerations for individual government users—allowing its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation.” Again somewhat awkwardly, the NSA awarded top marks to WhatsApp, Wickr and Signal, the three platforms that are the strongest advocates of end-to-end message encryption. Just to emphasize the point, the first criteria against which NSA marked the various platforms was, you guessed it, end-to-end encryption.
  13. Apr 2020
    1. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    2. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. One suggestion is to check user's passwords when they log in and you have the plain text password to hand. That way you can also take them through a reset password flow as they log in if their password has been pwned.
    1. In 2017 NIST (National Institute of Standards and Technology) as part of their digital identity guidelines recommended that user passwords are checked against existing public breaches of data. The idea is that if a password has appeared in a data breach before then it is deemed compromised and should not be used. Of course, the recommendations include the use of two factor authentication to protect user accounts too.
    1. When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.
  14. Feb 2020
    1. Do Browse like a user wouldTake natural pauses that users would take to consume page contentFocus on the most common use cases, rather than all the possible use casesTake note of pages where forms/logins occur, you will likely need to complete some scripting there
  15. Nov 2019
    1. Published by the American Sociological Association, the article addresses best practices for meeting the needs of military students in sociology classes in higher education. Drawing on Knowles' andragogy, the authors give tips for course organization, feedback, content, and communication.

      9/10

  16. Oct 2019
    1. Yes, absolutely, no two projects are alike. This step is moving towards a direction where we have a set of best practices for webpack isolated in a bundled package and can be maintained in isolation without impacting upgrades or end-user experience. If you have seen next.js or create-react-app they sort of do they same thing for ease and maintainability. Rails is a great example for this - there are some built-in best practices, opinionated defaults and gems that are hidden behind the scene plus power to do advance things where needed.
  17. Apr 2019
    1. Two commonly used change strategies are clearly not effective: developing and testing “best practice” curricular materials and then making these materials available to other faculty and “top‐down” policy‐making meant to influence instructional practices.

      Would this be predicted by the Cynefin framework? Teaching problems are rarely obvious enough for "best" practices; "better" practices may be the best we can hope for.

  18. Jul 2017
    1. (It's usually a mistake to pass back the concrete type of an error rather than error, for reasons discussed in the Go FAQ, but it's the right thing to do here because ServeHTTP is the only place that sees the value and uses its contents.)

      Good clarifying comment on when to pass back the concrete type of an error.

  19. Jan 2017
    1. Component classes should be lean. They don't fetch data from the server, validate user input, or log directly to the console. They delegate such tasks to services.

      A really good point! Lean-ness is something to strive for.

  20. Oct 2016
  21. Feb 2014
    1. For example, imagine you are annotating the second page of a New York Times article. You probably want to see your annotation when you are looking at the article later as a single page, right? Or perhaps you've annotated the HTML for a PLOS ONE article. Wouldn't you like to see those annotations when you are looking at the PDF version of the same article? If annotations were only associated with the URL you happened to be looking at in your browser then the scenarios above would not work, because the documents being annotated all have different URLs.

      Publisher Best Practices is a great idea that I would like to see codified in the authoring and publishing tools to make the practices commonplace by default.

      I would like to mix PBP with other techniques, though, for richer connection between source and rendering-- I have some source mapping ideas that make it possible to keep annotations linked even as the original source is edited over time.