225 Matching Annotations
  1. Mar 2024
    1. I find it ridiculous that we spend energy on debating whether an alternate spelling is "correct" - real people, not English professors and dictionary authorities, are the authorities on English-as-used, and will ultimately make the distinction irrelevant.

      Point: there is no "authority" on which spelling is correct, because normal people using the language are the ones who decide

  2. Feb 2024
    1. The title of the question is what triggered the process of finding this Q/A for material that aided development of the above to solve a real life problem described by the title. The OP declared that base64 decode was not the "real" problem; pedantic constraint of answers to a particular "example" seems less helpful. When this question and its answers were key to helping solve real problems, alternate answers can be gifts to the community in recognition of the fact that many more people will use this Q/A to solve problems. Since the answer is on-topic per the title, I feel it is "game on".
    1. Regardless of what your arguments are, the personal reasons of the developer are what matters for what platforms this game is provided on. You can choose to pay for the game, or not. Paying for the game supports the developer, and allows them to develop more. It is not reasonable to argue that someone should have put in additional unpaid effort to do something for unknown future benefit, or that they should charge less for a game because it's only available on one platform; that's their choice, and their decision.For context, development of Taiji was started in mid 2015; it took seven years to finish. That's with the Commercial Game Engine, and even with that, there were platform-based bugs that needed to be worked around (issues that won't be present on other platforms, or will have different presentations); here's just one of those, involving an issue around mouse sluggishness:https://taiji-game.com/2020/07/13/68-in-the-mountains-of-madness-win32-wrangling...If the developer is not already familiar with Linux, then there's a small mountain of language barriers around using Linux that needs to be overcome first, before being able to get to the game development phase. It's rare for game development to work on different platforms when it can't be tested on those different platforms. While it might be easy to cross-compile on a Windows system (e.g. via IL2CPP), that's only if everything works perfectly (which is unlikely to be the case). 
  3. Jan 2024
    1. I'm not sure that isolating design is something I'd prefer. I'd rather have an issue tagged (labeled) as such, and then attach design artifacts. I start a design in the same way I start frontend, with a list of requirements and acceptance criteria in mind, the design is just an artifact, a deliverable, an asset.
    2. Why should this conversation be separate from other conversations about the work to be done? Design is one consideration alongside frontend and backend considerations, which often all intersect and require the same participants. Shifting this discussion to a separate work item can result in disjointed conversations and difficulty finding where a decision was made.
    3. but from previous experiences like this, the feature set has to be robust at the start or I think adoption will suffer.
    4. I don't know how much impact the "Design management" widget vs. "Design" object decision will have, except for the extremely small number of teams that work exactly like we do.
  4. Dec 2023
    1. The problem with this pile of questions is that, instead of helping the OP get out of the X Y problem, people stay focussed on Y, mark the question as a duplicate of Y in a matter of minutes and X is never properly addressed.

      sticking too much to policy/habit instead of addressing the specific needs of individuals? too much eagerness to close / mark as duplicate?

    1. Rupert Read has the best idea I have heard re international climate negotiations: countries that are serious should have their own conference where they collaborate on strong targets, plans, etc. Part of which should be recognising the dangers of remaining reliant on the petrostates, planning to transcend that reliance and sanctioning them
      • for: good idea - COP alternative, COP alternative - coalition of the willing, COP alternative - social tipping point, Rupert Read - alternative to COP

      • good idea: COP alternative

        • This could work based on the principle of social tipping points
        • The current COP pits the powerful incumbents of the old system delaying as long as possible rapid system change, these are the conservatives
          • This puts the liberals at distinct disadvantage from the conservatives because in a consensus reached agreement, the conservatives can veto any strong and binding language that represents rapid system change
        • In an alternative conference where the 100+ nation states are already in agreement, action in this smaller coalition OF THE WILLING, will lead to rapid action.
        • This could lead to breaking the threshold of system change via reaching the 25% social tipping point threshold
      • question: alternative COP

        • If an alternative COP was held, is the nation state the best level to approach?
        • What about a city level COP?
      • reference

    1. A personalized button gives users a quick indication of the session status, both on Google's side and on your website, before they click the button. This is especially helpful to end users who visit your website only occasionally. They may forget whether an account has been created or not, and in which way. A personalized button reminds them that Sign In With Google has been used before. Thus, it helps to prevent unnecessary duplicate account creation on your website.

      first sighting: sign-in: problem: forgetting whether an account has been created or not, and in which way

    1. Warning: Do not accept plain user IDs, such as those you can get with the GoogleUser.getId() method, on your backend server. A modified client application can send arbitrary user IDs to your server to impersonate users, so you must instead use verifiable ID tokens to securely get the user IDs of signed-in users on the server side.
  5. Nov 2023
    1. If I wanted to integrate this with an existing login system, “signing out” would mean signing out of my own application (and not out of my Google account).
    1. One more example of a simple approach to this that might help a lot too is add a PORO generator. It could be incredibly basic - rails g poro MyClass yields class MyClass end But by doing that and landing the file in the app/models directory, it would make it clear that was the intended location instead of lib.
    2. lib/ is intended to be for non-app specific library code that just happens to live in the app for now (usually pending extraction into open source or whatever).
    3. Everything has a place so do better and find it. There is a certain belief that everything within app should be organized into functionally-named directories and any files placed in app/lib actually belongs in app/services or app/interactors or app/models or someplace if the developers just tried harder. The implication is that developers are bad developers if they don’t yet know what kind of constant they have and where its forever home should be. I reject this. Over the lifespan of an application, there will be constants that have not yet found their functional kin, if those kin ever come to exist at all; sometimes you simply need some code and a place to put it. app/lib can be the convention for where those constants can live temporarily or as long as necessary. Autoloading is really nice, let’s treat them to it.
    4. It is confusing that app/lib is named similarly to lib . I agree, but it is not uncommon to have directories with the same name and similar function nested under different contexts. I believe developers can handle this complexity. Most similarly, Linux has lib and usr/lib . Within a new Rails app, there are many such directories that are manageable: app/assets and lib/assets (sometimes even vendor/assets too) app/javascript and vendor/javascript storage and tmp/storage config and app/assets/config app/controllers and app/javascript/controllers
  6. Oct 2023
    1. And as others have pointed out, there is potential for ambiguity: if A is dependent on B, then a dependence or dependency (relationship) exists; but referring to either A or B as the dependency demands context.

      "demands context" :)

    2. There are certainly cases where you can use dependency and cannot use dependence: for example "The UK's overseas dependencies", or "This software releases has dependencies on Unix and Java". So if the dependent things are discrete and countable, it should definitely be "dependency".
  7. Sep 2023
    1. For me, I don't have an issue, but there was one syntax situation I found awkward: I need to sometimes know whether it is a class or a module that I am modifying. So I may have code: module Foo module Bar class Baz versus: class Foo::Bar::Baz It's not a huge issue, but ruby would yield an error if I specify a class or module incorrectly (which can happen if you spread code out into different .rb files, so I understand why there is an error message shown, to avoid accidents). But I then also wondered why I have to care whether it is a module or class, if my primary goal is to modify something, such as by adding a method. If I want to add a method: def foobar; end then I really should never be required to have to know whether I am modifying a class or a module.
  8. Aug 2023
    1. The point of acts_as_paranoid is keeping old versions around, not really destroying them, so you can look at past state, or roll back to past version. Do you consider the attached file part of the state you should be able to look at? If you roll back to past version, should it have it's attachment there too, in the restored version?
  9. Jul 2023
    1. The distinction doesn't refer to the files _contents_ but how to the file is _treated_ when it is being read or written. In "rb"/"wb" modes files are left how they are, in "r"/"w" modes Windows programmers get line ends "\r\n" translated into "\n" what disturbs file positions and string lengths.
    1. I understand Duo follows the spec and attempts to make life easier by giving users the full 30 seconds, but unfortunately service providers don’t honor that recommendation, which leads to lockouts and a bunch of calls to our 1st line teams. You can’t tell users to stop using {platform}, but we can tell them to switch TOTP providers.
    1. Making MoneySerializer reloadable would be confusing, because reloading an edited version would have no effect on that class object stored in Active Job.
  10. Jun 2023
    1. What I do care about, though, is that we might start to accept and adopt opinions like “that feature is bad”, or “this sucks”, without ever pausing to question them or explore the feature ourselves.
    2. If we hand most, if not all responsibility for that exploration to the relatively small number of people who talk at conferences, or have popular blogs, or who tweet a lot, or who maintain these very popular projects and frameworks, then that’s only a very limited perspective compared to the enormous size of the Ruby community.
    1. Have you ever: Been disappointed, surprised or hurt by a library etc. that had a bug that could have been fixed with inheritance and few lines of code, but due to private / final methods and classes were forced to wait for an official patch that might never come? I have. Wanted to use a library for a slightly different use case than was imagined by the authors but were unable to do so because of private / final methods and classes? I have.
    2. If it's dangerous, note it in the class/method Javadocs, don't just blindly slam the door shut.
    3. Been disappointed, surprised or hurt by a library etc. that was overly permissive in it's extensibility? I have not.
    1. Exposing properties gives you a way to hide the implementation. It also allows you to change the implementation without changing the code that uses it (e.g. if you decide to change the way data are stored in the class)
    2. Anything that isn't explicitly enforced by contract is vulnerable to misunderstandings. It's doing your teammates a great service, and reducing everyone's effort, by eliminating ambiguity and enforcing information flow by design.
    3. Far more preferable is to minimize data structure so that it tends to be normalized and not to have inconsistent states. Then, if a member of a class is changed, it is simply changed, rather than damaged.
  11. May 2023
    1. while I'm not as strongly against the above example code as the others, specifically because you did call it out as pseudocode and it is for illustrative purposes only, perhaps all of the above comments could be addressed by replacing your query = ... lines with simple query = // Insert case-sensitive/insensitive search here comments as that keeps the conversation away from the SQL injection topic and focuses on what you're trying to show. In other words, keep it on the logic, not the implementation. It will silence the critics.
    2. I know this is an old question but I just want to comment here: To any extent email addresses ARE case sensitive, most users would be "very unwise" to actively use an email address that requires capitals. They would soon stop using the address because they'd be missing a lot of their mail. (Unless they have a specific reason to make things difficult, and they expect mail only from specific senders they know.) That's because imperfect humans as well as imperfect software exist, (Surprise!) which will assume all email is lowercase, and for this reason these humans and software will send messages using a "lower cased version" of the address regardless of how it was provided to them. If the recipient is unable to receive such messages, it won't be long before they notice they're missing a lot, and switch to a lowercase-only email address, or get their server set up to be case-insensitive.
    1. A flaw can become entrenched as a de facto standard. Any implementation of the protocol is required to replicate the aberrant behavior, or it is not interoperable. This is both a consequence of applying the robustness principle, and a product of a natural reluctance to avoid fatal error conditions. Ensuring interoperability in this environment is often referred to as aiming to be "bug for bug compatible".
    1. This doesn't make any sense, though. Once you recognize that the two may represent different addresses, you're arbitrarily choosing the first one in your system as the right one, when the second one is just as right. Just give up at that point and lowercase ’em.

      which one should be considered the correct one?

    2. Some say you should treat addresses as case-preserving as opposed to case-sensitive, meaning you don't change IStillUse@AOL.COM to istilluse@aol.com but you still consider it a dupe of iSTilLUSE@aol.com.
  12. Apr 2023
  13. Mar 2023
    1. Exactly my thoughts on the matter! I'm coming from XML SOAP background and concept of schema just got into my blood and JSON documents rather don't announce their schema. To me it's whether server "understands" the request or not. If server doesn't know what "sales_tax" is then it's simply 400: "I have no idea what you sent me but definitely not what I want.".
    2. Just because the code is described as part of the WebDAV spec doesn't mean it's WebDAV-specific! Status codes are supposed to be generic.
    1. The problem with using SMS-2FA to mitigate this problem is that there’s no reason to think that after entering their credentials, they would not also enter any OTP.
    2. This argument only works if what you’re defending is good. As I’ve already explained, SMS-2FA is not good.
    3. You are currently allowing your users to choose their own password, and many of them are using the same password they use on other services. There is no other possible way your users are vulnerable to credential stuffing.
    1. You can also find the combination verb+in+to, but in that case you're usually dealing with a phrasal verb consisting of a verb and the particle "in", which happens to be followed by the preposition "to".They wouldn't give in to our demands.
    1. The house, of course, is not doing the agreeing; Cooper is! Because of the distance between Cooper and the participle phrase that describes him, the comma is necessary.
    1. Double quotes for string literals - because pre-committing to whether you'll need interpolation in a string slows people down
    1. Protocols are, by their very nature, open. If you can't read the protocol specification then you can't very well implement it, can you?
  14. Jan 2023
    1. This depends on the ruby code. Some projects will be semi-dormant due to various reasons. That's for us to address as a community. Are we going to let a single decade-old gem prevent us from moving Ruby forward? What's the threshold? There's libraries out there that don't work on Ruby 1.9. We left them behind or replaced them. And are people depending on a gem that's unmaintained really going to be the ones to jump on Ruby 3.0 the day after Christmas 2020? This is also still supposition. Name some gems that are unmaintained and in wide use. We can fix them! We have the technology! In my opinion, if matz's objective is to make the transition to ruby 3.0 simple, then it actually makes a lot of sense to postpone frozen strings by default. Postpone until when? 3.1? So then 3.1 will be the hard break? They've been discussed for what, ten years now? How long is long enough? We've added many ways for people to start transitioning to immutable literal strings, and people are using those mechanisms widely. We've pushed this transition a long time, and we still have another year until 3.0 is out and longer than that until people will need to make a move. What is the threshold for being "ready" to make this change? Unless we're planning to wait until Ruby 4.0 in 2030 to do this, I think we should do it now. I use frozen strings in most of my ruby projects, most of them set to true via the toplevel comment, so either way, it would not affect me. Exactly. Most people already do use frozen string literals. And adding a pragma means we can transition troublesome code to the new way with a single line per affected file. Heck, we can even add --enable:mutable-literal-string for people that are stuck with some of that old unmaintained code, allowing them to have a soft landing.
  15. datatracker.ietf.org datatracker.ietf.org
    1. If the client knows the access token expired, it skips to step (G); otherwise, it makes another protected resource request.

      It doesn't have to wait until it gets an invalid token error. It can independently be checking the expiration time before making a request, and if it sees that it has expired, don't even bother making the request, just skip directly to using the refresh token.

  16. Dec 2022
    1. I once had a cut on my arm. Someone asked me, is it serious? “It depends,” I replied, “on how much I scratch.”
    1. Pleeaasse don't give "it" a name.There is no "it". You believers are part of the church in your location and you meet together.There is zero biblical precedent for a group of believers giving their particular group a name.I understand that nearly all believers do .... That in no way makes it right.Names seperate us from others of the church in our area.
  17. Nov 2022
    1. You might notice that the “expires_in” property refers to the access token, not the refresh token. The expiration time of the refresh token is intentionally never communicated to the client. This is because the client has no actionable steps it can take even if it were able to know when the refresh token would expire.
    1. Rebuilding the same Dockerfile should result in the same version of the image being packaged, even if the second build happens several versions later, or the build should fail outright, such that an inadvertent rebuild of a Dockerfile tagged as 0.1.0 doesn't end up containing 0.2.3.
    1. Glyph 0 must be assigned to a .notdef glyph. The .notdef glyph is very important for providing the user feedback that a glyph is not found in the font. This glyph should not be left without an outline as the user will only see what looks like a space if a glyph is missing and not be aware of the active font’s limitation.
    1. While there are many great answers regarding the "glyph not found" glyph, that won't help you actually detect it, as the text string in code will still have the character regardless of the font used to render it.
    1. A glyph can also represent more than one character at once. Take an f_f_f ligature as an example. It represents three f characters in a row. Ligatures do not have Unicodes, because the separate characters already have codes and the the fact that it’s a ligature does not change the meaning of its parts.
  18. Oct 2022
    1. It's really not always a better user experience to keep things in one browser... What if they are in a sign-up or check-out flow in your SPA, and at the last step they need to agree to some conditions in an external page? Unless you use a modal, opening in a new window would really be preferable to the user completely losing context and having to go through the whole process again.
    1. I expect RuboCop to either make no suggestion on how to resolve the ambiguity, or to suggest something that does not change the semantics of the code as it stands.
    2. However, the code as it stands associates the block with bar, and if the code is currently working, the programmer should definitely not parenthesize the parameter, because it would change the meaning of the code.
    1. But this sounds like spreading fear and doubt when the Ruby parser has no such concepts :) {} always binds tightly to the call right next to it. This block {} will never go to using, unless it's rewritten as do ... end.
  19. Sep 2022
    1. Why not use map, which we already have for collections? Generally speaking, the map function isn't just about collections (though that's usually how it's used in Ruby). map is more about putting an object in a context (a block in Ruby's case), modifying the object, and returning the modified object.
  20. Aug 2022
    1. Weak sequencing reduces to a parallel merge when the operands are on different sets of participants. Weak sequencing reduces to strict sequencing when the operands work on the same participant.

      weak sequencing - reduces to: - or: - parallel (simultaneous) - strict sequencing

    1. "you can verb any noun". :) Though, comparing "ssh into a workstation" to "login to host.com", where "log in" exists, it's a bit like saying "entrance the building" when "enter the building" already works
    1. When we have our git rev-parse examine our Git repository to view our origin/HEAD, what we see is whatever we have stored in this origin/HEAD. That need not match what is in their HEAD at this time. It might match! It might not.
    2. There are many questions we can ask and answer about branch names. Each one is specific to one particular repository because all branch names are local to that particular repository. Any changes anyone makes in that repository affect only that one repository, at least at the time they make them.

      which assumption? well, people make the assumption that our local repo should know some fact about the remote repo, like its default branch, without actually asking the remote about itself

  21. Jun 2022
    1. Logically, if you just want a distinct list of event_id values, what order they occur in should be irrelevant. If order does matter, then you should add the start_time to the SELECT list so that there is context for the order.
  22. May 2022
    1. 1/ It fits into existing spec based testing infrastructure nicely, including running on travis, code coverage using SimpleCov, switching between generating a profile (RubyProf), a benchmark (Benchmark::IPS) or normal test run. 2/ Some of my benchmarks do have expect clauses to validate that things are working before invoking the benchmark.

      Answering the question:

      I don't understand the point of putting it in a spec. What does that gain you over using benchmark-ips the normal way?

    1. Giants that prefer the hyphenated spelling—Merriam-Webster, The Chicago Manual of Style, and The New Yorker, have a good reason for doing so. E-mail is a compound noun, made out of two words—“electronic” and “mail.” The e in e-mail is an abbreviation for “electronic,” and it’s used in a lot of other words as well—e-commerce, e-learning, and e-business, for example. There are also other compound nouns formed from an abbreviation and a noun, like the H-bomb, which is short for hydrogen bomb. The general rule of hyphenation in compound words that combine a single letter (or a number) and a word is to hyphenate them. So, based on tradition, e-mail is the correct way to do it.
  23. Apr 2022
    1. It's always a good idea to avoid things like 'both', since it's not future-proof — if we decided we wanted to support method overrides via headers, for example (which is sometimes used to get around firewalls that disallow non-GET/POST requests), then 'both' would need to become 'all', which would be a breaking change.
    1. Will be executed right after outermost transaction have been successfully committed and data become available to other DBMS clients.

      Very good, pithy summary. Worth 100 words.

      The first half was good enough. But the addition of "and data become available to other DBMS clients" makes it real-world and makes it clear why it (the first part) even matters.

  24. Mar 2022
    1. No need to construct strings that then need to be deconstructed later.
    2. In any significant project I worked in the last 15 years, logging text messages resulted in a large amount of strings which was hard to make sense of, thus mostly ignored.

      hard to make sense of, thus mostly ignored

  25. Jan 2022
    1. Maybe once the core onError lifecycle is implemented (if maintainers decide to go that way) everyone will discover you're right and an implementation will be built in. I think that's probably what's going to happen. But until real life has proved it, it's usually best to go for the smallest most broadly applicable solution. I can definitely imagine <svelte:error> eventually being a thing, but it's a pretty dramatic change compared to an added importable function.
    2. I think the issue is that it's not totally perfect. It doesn't define what should happen in parent components, it's not as flexible as onError and it doesn't allow you (for instance) to nest a svelte:head inside, or decide what to do with the rest of the rendering. What do you do with <div>My component</div> in your example? What about changing the <title>? I assume you can inspect the error...does <svelte:error> allow specifying which error types to expect?
    3. Boilerplate is only boilerplate if it's the same everywhere, which it shouldn't be.
    4. Additionally, if you're writing a notification display in every single component, wrapped in a <svelte:error> tag, that's the very definition of boilerplate.

      In other words, adding a svelte:error tag wouldn't help much.

    1. Meaning if you have your own roll-your-own login process and never use HTTP Authentication, 403 is always the proper response and 401 should never be used.
    2. While this seems to me like it's probably an accurate interpretation of the old RFC 2616, note that RFC 7231 defines the semantics of a 403 differently, and in fact explicitly states that "The client MAY repeat the request with new or different credentials."
    3. it depends on the application but generally, if an authenticated user doesn't have sufficient rights on a resource, you might want to provide a way to change credentials or send a 401.

      A 403 doesn't tell the client / user agent what the next step is or provide a way to change credentials.

      So maybe a 302 redirect is the best answer after all? Even though it sadly lacks the nice semantic distinction that 401/403 provide...

  26. Nov 2021
    1. considering people rarely make meta posts about how great their question was received, it's pretty expected that it'd be net negative.
  27. Oct 2021
    1. Desktop files are NOT executed. The line inside them that has an executable command line is the one that gets executed. The rest of the file is parsed by the Desktop Environment.
    1. For example, there is no point in defining reloadable Rack middleware, because changes would not be reflected in the instance stored in the middleware stack anyway
  28. Sep 2021
    1. If your configuration is not provided by a name server (like the information given in /etc/hosts) those tools will not show them, because they directly ask the name server.
    1. Conversely, the more dynamically typed the language is, the less I am using an IDE and the more I am using a text editor. Of course, my productivity plummets at that point. Refactoring becomes more difficult and more (completely) reliant on unit tests to ensure they are done properly.
  29. Aug 2021
    1. The TypeScript team has made it clear. They do not follow semver. "minor" (X.X) releases can contain breaking changes. . The fact that someone has made a bad policy clear, does not mean that the policy is therefore good. Major releases (X) have very little meaning. This negates the usefulness of using such versioning in the first place.
    1. which seems to resolve the issue for me and makes no casts, ensuring that Typescript can keep doing its good job of widening as much as necessary and narrowing as much as possible without me having to claim I know better than the compiler. I'm posting it here since it doesn't seem to have been mentioned anywhere.

      makes no casts, ensuring that Typescript can keep doing its good job of widening as much as necessary and narrowing as much as possible without me having to claim I know better than the compiler.

    1. * Now it's correct within the laws of the type system, but makes zero practical sense, * because there exists no runtime representation of the type `Date & string`. * * The type system doesn't care whether a type can be represented in runtime though.

      new tag?: makes zero practical sense

      makes zero practical sense because there exists no runtime representation of the type

    1. In the vast majority of cases when I'm using prettier-ignore I'm only really looking to prevent it from breaking my code into new lines, whilst keeping its other transformations such as switching quotes and adding space between brackets. When ignoring single lines, fixing these formatting problems by hand is very manageable. With the ability to have Prettier ignore entire blocks of code I think the ability to specify what you want it to ignore is essential.
    1. We focus so much on black magic and avoiding it that we rarely have a chance to enjoy any of the benefits. When used responsibly and when necessary, it gives a lot of power and expressiveness.
    1. Isolation ensures that concurrent execution of transactions leaves the database in the same state that would have been obtained if the transactions were executed sequentially
  30. Jul 2021
  31. Jun 2021
    1. I wouldn't consider it switching behavior. Ultimately it's including a module -- either a manually defined and referenced one from the user, or a RSpec::Core::SharedExampleGroupModule created for the user when they defined the shared example group and referenced via the group name.
    1. “The data does not exist independently in the world, nor is it generated spontaneously. Data is constructed by people, from people,” (source 1).
    1. I've seen (and fixed) Ruby code that needed to be refactored for the client objects to use the accessor rather than the underlying mechanism, even though instance variables aren't directly visible. The underlying mechanism isn't always an instance variable - it can be delegations to or manipulations of a class you're hiding behind a facade, or a session store with a particular format, or all kinds. And it can change. 'Self-encapsulation' can help if you need to swap a technology, a library, an object specification, etc.
    2. a principle I use is: If you have an accessor, use the accessor rather than the raw variable or mechanism it's hiding. The raw variable is the implementation, the accessor is the interface. Should I ignore the interface because I'm internal to the instance? I wouldn't if it was an attr_accessor.
    1. And, if you think about it, only the pointy ones are used un-paired in regex construct's. All the other pairs are balanced. I'd steer clear of that pair <>
    1. We need to be really careful about what's 'same origin' because the server has no idea what host/path the various cookies are associated with. It just has a list of cookies that the browser had determined to be relevant for this SSR'd page, and not for any other subrequests.
  32. May 2021
    1. I like the idea in theory, however it doesn’t feel very robust – you are relying on the layout of the page in question. Many authors regularly revisit articles and add new sections and paragraphs. Now your #h2:3 link points to a previous section. (This is far less likely to happen with IDs.)
    2. Linking directly to someone’s blog comment is very useful. Even if a blog doesn’t have an active link for each comment, it’s pretty easy to use developer tools to find the comment’s id and link to it. I’ve done this many times on Smashing Magazine (they don’t have live links on each comment). If there was no way to link to an individual blog comment, this would be a great hindrance to linking on the web. It would not be enough to link to the “#comments” section and then hope for the best. So CMSs like WordPress do the right thing by dynamically adding a unique identifier to each comment.
    3. The reason fragments should be identifiable by users is because a user, not the content creator or the developer, will ultimately decide whether or not a portion of content is valuable or notable in some way.
    4. Yes, the content creator should have the ability to decide how a page is generally divided, if they choose to do so. But the end user should not be restricted from linking to content fragments just because a developer couldn’t be bothered to add id attributes to every element on the page. And that’s besides the fact that it would be a waste of time for a developer to do that or to have to build a CMS that does it automatically.
    5. The simple problem that I see with fragment identifiers is that their existence and functionality relies completely on the developer rather than the browser. Yes, the browser needs to read and interpret the identifier and identify the matching fragment. But if the developer doesn’t include any id attributes in the HTML of the page, then there will be no identifiable fragments. Do you see why this is a problem? Whether the developer has coded identifiers into the HTML has nothing to do with whether or not the page actually has fragments. Virtually every web page has fragments. In fact, sectioning content as defined in the HTML5 spec implies as much. Every element on the page that can contain content can theoretically be categorized as a “fragment”.

      at the mercy of author

    6. So why is it up to the developer (or content creator) to define whether or not a specific portion of the content can be linked to? When any page of content is created, there is no way of knowing which sections of the page are worthy of being identified.
    1. Making effective use of this mechanism requires either control of the targeted document or generous creators of targeted documents who have liberally applied id attributes throughout a document.

      unlikely for anyone/most people to actually do that

    1. They don't look like advertisements. The second the recipient interprets your email as an ad, promotion, or sales pitch—and it does take just a second—its chances of being read or acted upon plummet towards zero. A plain email leads people to start reading it before jumping to conclusions.

      forces you to read before deciding

  33. Apr 2021
    1. From a practical point of view it's highly desirable to specify them to prevent page reflows as mentioned above. However those suggesting it should be in the html because of this are missing the fact browsers use css when building the page initially. If they didn't the page would have to be redrawn for floated elements, specified padding, margins etc.
    2. CSS seems like the right place to put visual information. On the other hand, few would argue that image "src" should not be specified as an attribute and the height/width seem as tied to the binary image data as the "src" is.
    1. “Who cares? Let’s just go with the style-guide” — to which my response is that caring about the details is in the heart of much of our doings. Yes, this is not a major issue; def self.method is not even a code smell. Actually, that whole debate is on the verge of being incidental. Yet the learning process and the gained knowledge involved in understanding each choice is alone worth the discussion. Furthermore, I believe that the class << self notation echoes a better, more stable understanding of Ruby and Object Orientation in Ruby. Lastly, remember that style-guides may change or be altered (carefully, though!).
    1. I actually think this is Not Constructive, since there's no absolute rule about which pairings can be joined into a single word or hyhenated, and it's pointless having "votes" here about each specific case. Follow a style guide if you have one, or search Google Books and copy whatever the majority do. Or just make your own decision.
  34. Mar 2021
    1. The hierarchical structure of semantic fields can be mostly seen in hyponymy.

      Good explanation about semantic fields.

      I assume the same or an even stronger statement can be made about semantic classes (which to me are like more clear-cut, distinct semantic fields), then? 

    1. Some types exist as descriptions of objects, but not as tangible physical objects. One can show someone a particular bicycle, but cannot show someone, explicitly, the type "bicycle", as in "the bicycle is popular."
    1. However, if the distinctions between the two concepts appear to be superficial, intentional conflation may be desirable for the sake of conciseness and recall
    1. Dictionary writers list polysemes under the same entry; homonyms are defined separately.

      This describes how you can tell which one it is by looking at the dictionary entry.

    2. Polysemy is thus distinct from homonymy—or homophony—which is an accidental similarity between two words (such as bear the animal, and the verb to bear); while homonymy is often a mere linguistic coincidence, polysemy is not.
    1. vim-athena doesn't depend on or use any version of GTK+. If you use sudo apt-get build-dep vim-athena, it probably will install GTK+ and GNOME related libraries, because the vim-athena binary package is built from the same source package as vim and other vim-providing packages. In any case, you shouldn't need to build from source, as the binaries provided by vim-athena are already built against Athena and not against GTK+ or other graphical toolkits.
    2. If you built vim against Qt rather than GTK+ and python-complete still isn't working, that suggests the problem isn't actually a consequence of trying to link to both GTK+2 and GTK+3.
    1. This issue hasn’t been deemed a high enough priority to be fixed yet. It will be addressed one day, I’m sure. There are many issues in GLib which many people on the internet think are important.
    1. The absence of a method name here is per design: this object does only one thing, and hence what it does is reflected in the class name.
  35. Feb 2021
    1. Do you have collaborators who could have generated keys and sold them on their own? DIG's Steam keys and other stores' Steam keys must have some source, after all. Keys don't generate themselves, and only your accounts should be able to request them.This particular game was in Bunch Keys Indie Wizardry Bundle. I assume you had a proper contract for that. Maybe DIG or an intermediary bought 50-200 copies of it?
    2. It isn't stealing because you or an associate must have generated and given them the keys in some way or another?Ideally you would ask a DIG bundle buyer to show you their key for your game, so you can figure out what key request batch it came from, and then you can scratch your head and wonder who you gave those keys to and what journey they took afterwards.
    1. Regardless of origin, allow/deny are simply clearer terms that does not require tracing the history of black/white as representations of that meaning. We can simply use the meaning directly.
    1. In the telecommunications industry, on a conceptual level, value-added services add value to the standard service offering, spurring subscribers to use their phone more and allowing the operator to drive up their average revenue per user.
    1. note that TRB source code modifications are not proprietary

      In other words, you can build on this software in your proprietary software but can't change the Trailblazer source unless you're willing to contribute it back.

      loophole: I wonder if this will actually just push people to move their code -- which at the core is/would be a direction modification to the source code - out to a separate module. That's so easy to do with Ruby, so this restriction hardly seems like it would have any effect on encouraging contributions.

    1. There are times where it is useful to know whether a value was passed to run or the result of a filter default. In particular, it is useful when nil is an acceptable value.

      Yes! An illustration in ruby:

      main > h = {key_with_nil_value: nil}
      => {:key_with_nil_value=>nil}
      
      main > h[:key_with_nil_value]
      => nil
      
      main > h[:missing_key]  # this would be undefined in JavaScript (a useful distinction) rather than null, but in Ruby it's indistinguishable from the case where a nil value was actually explicitly _supplied_ by the caller/user
      => nil
      
      # so we have to check for "missingness" ("undefinedness"?) differently in Ruby
      
      main > h.key?(:key_with_nil_value)
      => true
      
      main > h.key?(:missing_key)
      => false
      

      This is one unfortunate side effect of Ruby having only nil and no built-in way to distinguish between null and undefined like in JavaScript.

    2. Inside the interaction, we could use #find instead of #find_by_id. That way we wouldn't need the #find_account! helper method in the controller because the error would bubble all the way up. However, you should try to avoid raising errors from interactions. If you do, you'll have to deal with raised exceptions as well as the validity of the outcome.

      What they're referring to:

      Account.find('invalid') will raise an error but Account.find_by(id: 'invalid') will not.

    3. For this one we'll define a helper method to handle raising the correct errors. We have to do this because calling .run! would raise an ActiveInteraction::InvalidInteractionError instead of an ActiveRecord::RecordNotFound. That means Rails would render a 500 instead of a 404.

      True, but why couldn't it handle this for us?

    1. My understanding of "programming to an interface" is different than what the question or the other answers suggest. Which is not to say that my understanding is correct, or that the things in the other answers aren't good ideas, just that they're not what I think of when I hear that term.
    2. If the program was important enough, Microsoft might actually go ahead and add some hack to their implementation so the the program would continue to work, but the cost of that is increased complexity (with all the ensuing problems) of the Windows code. It also makes life extra-hard for the Wine people, because they try to implement the WinAPI as well, but they can only refer to the documentation for how to do this, which leads to many programs not working as they should because they (accidentally or intentionally) rely on some implementation detail.
    1. Encapsulation is used to hide the values or state of a structured data object inside a class, preventing direct access to them by clients in a way that could expose hidden implementation details or violate state invariance maintained by the methods.
    1. Unlike naming children, coding involves naming things on a daily basis. When you write code, naming things isn’t just hard, it’s a relentless demand for creativity. Fortunately, programmers are creative people.
    2. If we renamed things more often, then it probably wouldn’t be so hard to name them in the first place.
    3. This is funny because it’s unexpected. Cache invalidation sounds like a hard thing, while naming sounds more straightforward. The joke works because it violates our expectation that hard things should be technical. It’s also funny because it’s true.
    1. Now let me ask you, do you write JS for a single page application differently from a "traditional" web application? I sure hope you do! In a "traditional" application, you can get away with being sloppy because every time the user navigates to a new page, their browser destroys the DOM and the JavaScript context. SPAs, though, require a more thoughtful approach.
    1. When people talk about "beginner distros" they mean distros that are no hassle to get started, it doesnt mean they are somewhat inferior or less capable.
  36. Jan 2021
    1. This is a dynamic value because of hybrid devices which can use a mix of mouse and touch input.
    1. if you set text-decoration: underline for all links then you will have to set text-decoration: none for special links which you don't need an underline.
    1. It’s all very well telling Canonical what to do, but someone needs to pay those developers for their time. It’s not free.
    2. Repeatedly posting in this thread that there are problems, won’t actually get anything fixed.
    3. The best place to let the developers know, and track those bugs is in the bug tracker. There are hundreds of forums online, all over the place in many languages. We can’t be expected to read all of them. Anyone with a launchpad ID (thus, anyone who has an account on this discourse instance) has the capability to file a bug. I’d strongly recommend doing so, for each specific issue. Taking just a few minutes to do that will help tremendously.
    4. Just saying “snaps are slow” is not helpful to anyone. Because frankly, they’re not. Some might be, but others aren’t. Using blanket statements which are wildly inaccurate will not help your argument. Bring data to the discussion, not hearsay or hyperbole.
    5. Progress is made of compromises, this implies that we have to consider not only disadvantages, but also the advantages. Advantages do very clearly outweigh disadvantages. This doesn’t mean it perfect, or that work shouldn’t continue to minimize and reduce the disadvantages, but just considering disadvantages is not the correct way.
    6. Only folks who help package Chromium get to decide how Chromium gets packaged. This gives anyone two options: You can get involved and help package Chromium so you have a voice in the decision-making, or not.
    1. We can lay blame for this semantic drift squarely at the feet of trend. Designers and developers eager to try the latest and greatest invite ambiguity in with outstretched arms. Leadership chases perceived value to stay relevant.
    2. However, the W3C provides us with an important clue as to who is right: the download attribute.
    3. The debate about whether a button or link should be used to download a file is a bit silly, as the whole purpose of a link has always been to download content. HTML is a file, and like all other files, it needs to be retrieved from a server and downloaded before it can be presented to a user. The difference between a Photoshop file, HTML, and other understood media files, is that a browser automatically displays the latter two. If one were to link to a Photoshop .psd file, the browser would initiate a document change to render the file, likely be all like, “lol wut?” and then just initiate the OS download prompt. The confusion seems to come from developers getting super literal with the “links go places, buttons perform actions.” Yes, that is true, but links don’t actually go anywhere. They retrieve information and download it. Buttons perform actions, but they don’t inherently “get” documents. While they can be used to get data, it’s often to change state of a current document, not to retrieve and render a new one. They can get data, in regards to the functionality of forms, but it continues to be within the context of updating a web document, not downloading an individual file. Long story short, the download attribute is unique to anchor links for a reason. download augments the inherent functionality of the link retrieving data. It side steps the attempt to render the file in the browser and instead says, “You know what? I’m just going to save this for later…”
  37. Dec 2020
    1. It’s worth mentioning that Svelte limits its scope to being only a UI component framework. Like React, it provides the view layer, but it has more batteries included with its component-scoped CSS and extensible stores for state management. Others like Angular and Vue provide a more all-in-one solution with official routers, opinionated state management, CLIs, and more. Sapper is Svelte’s official app framework that adds routing, server-side rendering, code splitting, and some other essential app features, but it has no opinions about state management and beyond. Some devs prefer Svelte’s minimal approach that defers problems to userland, encouraging more innovation, choice, and fragmentation, and other devs prefer a more fully integrated toolkit with a well-supported happy path.

      tag?: what scope of provided features / recommended happy path is needed?

  38. Nov 2020
    1. Svelte by itself is great, but doing a complete PWA (with service workers, etc) that runs and scales on multiple devices with high quality app-like UI controls quickly gets complex. Flutter just provides much better tooling for that out of the box IMO. You are not molding a website into an app, you are just building an app. If I was building a relatively simple web app that is only meant to run on the web, then I might still prefer Svelte in some cases.
    1. from my point of view, it is (by far) the best way, to build a layer on top https://github.com/material-components/material-components-web . This is also the path that the Angular Material team has taken, although they have already made a huge effort to create the components themselves.
    1. is not required to point to "svelte": "src/main.html" if you're bundling for es, "module": "dist/main.mjs" would suffice. I mean, it's a good thing to provide a single file, not the whole sources again.
    1. Man, for some reason, I really like this answer. I recognize it's a bit more complicated, but it seems so useful. And given that I'm no bash expert, it leads me to believe that my logic is faulty, and there's something wrong with this methodology, otherwise, I feel others would have given it more praise. So, what's the problem with this function? Is there anything I should be looking out for here?

      I think the main thing wrong with it is the eval (which I think can be changed to $("$@") and it's pretty verbose.

      Also, there are more concise ways to do it that would probably appeal more to most bash experts...

      like set -x

      and it does unnecessary things: why save output to a variable? Just let output go to where it would normally go...

      So yeah, I can see why this solution isn't very popular. And I'm rather surprised by all the praise comments it's gotten.

    1. I wondered about that. But as you mention, the control flow makes it tricky, because it's not really a template literal — it's a DSL. I thought perhaps it's better to have something that's explicitly different, than something a bit 'uncanny valley'.
  39. Oct 2020
    1. There are contradicting definitions: "dependence: one that is relied on", "dependency: something that is dependent on something else", "dependent: one that is dependent" which also says "archaic : DEPENDENCY" which is certainly the inverse of what is usually meant in technology... is it more correct to install the "dependences"? (wiktionary gives it as the plural)
    1. I'm afraid there's only so much the docs & tutorials can do about something like this actually. When you first read them, you don't get Svelte well enough (since you're reading a tutorial...) for this to make sense to you. Then you try something, encounter a behaviour, question it, understand better... That's learning.
    1. Could you please explain why it is a vulnerability for an attacker to know the user names on a system? Currently External Identity Providers are wildly popular, meaning that user names are personal emails.My amazon account is my email address, my Azure account is my email address and both sites manage highly valuable information that could take a whole company out of business... and yet, they show no concern on hiding user names...

      Good question: Why do the big players like Azure not seem to worry? Microsoft, Amazon, Google, etc. too probably. In fact, any email provider. So once someone knows your email address, you are (more) vulnerable to someone trying to hack your account. Makes me wonder if the severity of this problem is overrated.

      Irony: He (using his full real name) posts:

      1. Information about which account ("my Azure account is my email address"), and
      2. How high-value of a target he would be ("both sites manage highly valuable information that could take a whole company out of business...")

      thus making himself more of a target. (I hope he does not get targetted though.)

    1. One of Svelte's advantages, for me, is that I can test out ideas with relatively few lines of code. the #with feature could save me from adding a separate component for the content of an #each loop. I get frustrated when I have to create a new file, move the content of the #each clause, import it as a component, and add attributes and create exports for that, and implement events to send messages back, and event handlers, when I just wanted to test a small feature.
    1. JavaScript is, of course, a dynamic language that allows you to add and remove objects and their members at any point in time. For many, this is precisely why they enjoy the language: there are very few constraints imposed by the language.
    1. Just like elements can have children... <div> <p>I'm a child of the div</p> </div>...so can components. Before a component can accept children, though, it needs to know where to put them. We do this with the <slot> element.
    1. However, this would lead to further divergence. Tooling that is built around the assumptions imposed by template literals wouldn't work. It would undermine the meaning of template literals. It would be necessary to define how JSX behaves within the rest of the ECMAScript grammar within the template literal anyway.
    2. Template literals work well for long embedded DSLs. Unfortunately the syntax noise is substantial when you exit in and out of embedded arbitrary ECMAScript expressions with identifiers in scope.