59 Matching Annotations
  1. Jan 2022
    1. Next, let’s say that your ticket is correct (so you made through security just fine!) and the gate number in your ticket says “Gate 24” but you walk to Gate 27. The attendant cannot authorize you to go through that gate because it’s not the right gate for your ticket.

      They have these mixed up! (Which is understandable, because 401 is misnamed "Unauthorized but should be named "Unauthenticated")

      Checking if authenticated (which, if it fails the check, should return 401 for authentication error) comes first,

      and then checking if authorized (which, if it fails the check, should return 403 for authorization error)

      See https://hyp.is/wRF7wHopEeynafOqKj81vw/stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses

    2. In other words, an “incorrect ticket” is similar to messing up your credentials: wrong username and/or password and you receive back a 403 Forbidden. Using the correct credentials but trying to access a resource that is not allowed for those credentials returns you a 401 Unauthorized.

      They have these mixed up! (Which is understandable, because 401 is misnamed "Unauthorized but should be named "Unauthenticated")

      Checking if authenticated (which, if it fails the check, should return 401 for authentication error) comes first,

      and then checking if authorized (which, if it fails the check, should return 403 for authorization error)

      See for example https://www.loggly.com/blog/http-status-code-diagram/

    3. You can also think that 403 happens before 401, despite the natural number order: you will not receive a 401 until you resolve a 403.

      They have these mixed up! (Which is understandable, because 401 is misnamed "Unauthorized but should be named "Unauthenticated")

      Checking if authenticated (which, if it fails the check, should return 401 for authentication error) comes first,

      and then checking if authorized (which, if it fails the check, should return 403 for authorization error)

      See for example https://www.loggly.com/blog/http-status-code-diagram/

    4. If the ticket is incorrect or damaged, you cannot even go through the airport security: when they check your ticket, it will be refused. You are Forbidden to enter the boarding area of the airport.

      It depends what we mean by "incorrect"/damaged "credentials ("ticket")...

      A. If they are invalid or incorrect in the sense that we can't authenticate them as anyone (as it sounds like you mean with "incorrect" or "damaged") (they're not a user in our database or the password doesn't match a user in our database), then you should actually use 401, meaning that the client can/should try (again) to authenticate with different credentials.

      B. But if by "incorrect" you mean (as it sounds like you mean with "you cannot even go through the airport security: when they check your ticket, it will be refused") that the credentials were valid enough to authenticate you as someone (a user in our database), but that (known( user has insufficient credentials, then correct, it should be a 403 forbidden.

      It's even easier to explain / think about if you just think of 401 as being used for any missing or failed authentication. See:

  2. Aug 2021
    1. The final line of the output is the AMI ID you will pass into your Terraform configuration in the next step.

      Where is the finished image stored? How does it become accessible by the cloud?

    2. The source block generates a template for your AMI.

      Is the source used instead of a resource? What is the equivalent of AMIs on GCP?

    1. But the better solution is to replace Docker machine with the GitLab fork11, which also copes with Container-Optimized OS.

      Should I use Container-Optimized OS or not? What is used here?

    2. running on the Gitlab hardware

      Not on Gitlab but on GCP hardware?

    1. only a reboot is necessary to use the latest updates.

      Do I need to reboot (manually) or not to get newest updates?

    1. multiple configurations for the same provider

      So I could have a data resource with exactly the same block labels only being different when it comes to the provider?

    2. This behavior can be avoided when desired by indirectly referencing the managed resource values through a local value.

      How? What is a local value?

    3. local-only data sources exist for rendering templates, reading local files, and rendering AWS IAM policies

      I cannot imagine what rendering means in this case...

    1. list(list) and list(map)

      Can I choose an arbitrary type for the values of the nested list or map, respectively?

  3. Jul 2021
    1. Inodes do not contain its hardlink names, only other file metadata.
  4. Jun 2021
    1. a value is scannable if it is a struct with no exported fields (eg. time.Time)
    1. A SafeArea widget is also used to properly pad the text so it appears below the display on the top of the screen.

      What is this for?

    1. this allows you to interact with Firestore using the default Firebase App used whilst installing FlutterFire on your platform
    1. “projection” in SQL

      I thought that they were possible using the client SDKs.

      After some research, the author seems to be right for the client SDKs. But this limitation doesn't seem to apply for neither server SDKs nor the REST API.

    2. Realtime Database or Cloud Firestore

      I thought that they were the same.

  5. May 2021
  6. Apr 2021
    1. Dry humor is a delivery technique. As such, it shouldn't be confused with specific types of humor or with sarcasm. Sarcasm is delivered without humor because it's generally not funny but intended to mock or convey contempt. Dry humor pertains to something funny.
    1. Q-4: T/F: It is necessary to have an else statement after an if statement? (Hint: Test it out in the code above)

      Tested it out, didn't give me an output

    1. false == 0 and true = !false i.e. anything that is not zero and can be converted to a Boolean is not false, thus it must be true.

      don't quite get

  7. Mar 2021
    1. I don't get it. Can someone please explain? I've upgraded my Rails project to Sprockets 4, just to get source maps in production. Instead I got sourcemaps in development?
  8. Jan 2021
  9. Sep 2020
    1. Calling the Dream,

      Would this be a personification of a dream or an unnamed deity (like Morpheus) that puts this into Agamemnon's mind?

  10. Jul 2020
    1. The IAB Transparency and Consent Framework supports both Server-specific consent and Global consent. The former is given by the consumer to a Publisher or Vendor to access their browser and/or perform the requested processing purposes where a Publisher or vendor requires consent for their site

      Consent for the publisher to "access their browser"? Hmm. The Web is a pull-based, client/server, request/response model, not a push model. So it seems odd to me to talk about a publisher needing consent to "access" the user's browser. It is the user's browser (user agent) that made the HTTP request to the publisher's web server. Doesn't the publisher have the right, then, to send a response containing whatever content they wish, since the user requested the content? If the client wishes to filter/block/exclude some of that content, it seems like they have that right, but it seems the responsibility for that is on the client side, not the server side.

      Not that I like ads, but I wonder how much of these new policies are based on a misunderstanding of how web technologies actually work....

      Maybe the distinction is that the publisher of whom you requested content may dynamically load content (ads) from 3rd parties that the user did not specifically request content from? That too is just how the web works, and it is the publisher who controls what other content to load from other domains/sources. But it still may be a worthwhile distinction...?

  11. May 2020
    1. If we already have a shared ssh key to push things up from the server to Gitlab, why do we need to do all this just to get Gitlab to send commands for our server to run?
  12. Mar 2020
    1. Well, the checkbox type has nothing to do with AI, but I’ve read that the type where you have to select “Which picture is …” does collect data to train AIs. It seems dear Dave is confusing between the 2 types.
  13. Sep 2019
    1. The writer introduces the article with a very detailed comparison between the man in the photo and the actual victims. Word usage: tags

  14. Feb 2019
    1. Visualization of "Kingdom Hearts"

      Personally, I'm a bit confused as to how these visualizations are able to catch the entirety of the Kingdom Hearts game play. Is it that these are video snapshots of how long the gameplay takes, and that this is on an online interface to see the gameplay? I understand how this works for a singular image, but gameplay is difficult for me to understand.

  15. May 2018
    1. The amount of carbon dioxide in the atmosphere just hit its highest level in 800,000 years and scientists predict deadly consequences

      Overall scientific credibility: 'neutral', according to scientists who analyzed this article.

      evaluation card

      Find more details in the annotations below and in Climate Feedback's analysis

  16. Jan 2018
    1. My second premise is the plausible hypothesis that there is some unified body of scientific theories, of the sort we now accept, which together provide a true and exhaustive account of all physi- cal phenomena

      I found the beginning of this section difficult to understand in terms of the validity of his statement. I found it interesting that one of Lewis' premises was posed in a rather hopeful manner. I think the way he stated that there is "some unified body of scientific theories" was unclear to me in how much he would be able to use evidence from this notion.

    2. I rely on Oppenheim and Putnam for a detailed exposition of the hypothesis that we may hope to find such a unified physicalistic body of scientific theory and for a presentation of evidence that the hypothesis is credible.

      I have a couple questions concerning this last passage. First, it seems that we have to have one of two options. The first is to accept this view, with substantial credited backing, or, choose to believe that our natural sciences are greatly flawed and we have failed to account for this other stuff. Now, my question is, is there any evidence throughout history that this "other stuff" as ever existed? Or if there has ever been any evidence that suggests otherwise?

    1. THIS PHRASE

      I am definitely intrigued and intimidated by this course so far. There is a lack of understanding on my part with regards to the use of the online platforms. I feel that I am slowly getting the hang of it now and I am very exited to become more familiarized with the online tools for this class. Judging from Professor Graham's website and the content of the first lecture, it seems that this course will provide me with a great opportunity to improve many skills that are currently underdeveloped and allow me to look at a very different perspective of history. I am excited for the experience ahead.

  17. Apr 2017
    1. Derrideandeconstructiondoesnotmerelyhelprhetoricalcriticsanalysetexts,inaddition,itpromotesarigorousreevaluationandrebuild-ingoftheconcept-metaphor"rhetoricalsituation"thatdrivesanddelimitsmuchcontemporarycriticalpracticeinthisfield.

      So she is saying that Derridean deconstruction, or differance, can allow us to reevaluate the concept of the rhetorical situation.... However, Biesecker spent so much time explaining differance that I didn't find a clear explanation for her take on "rhetorical situation." I remember her saying something to the effect of: "differance/deconstruction has an effect on the rhetorical situation" but I don't recall her actually explaining how/why. Can anyone clear this up for me? Did I miss something, or did she actually just not explain it?

  18. Sep 2015
  19. Aug 2015
    1. In order to avoid the confused deputy problem, asubject must be careful to maintain the associationbetween each authority and its intended purpose. Using the key analogy, one could imagine immediatelyattaching a label to each key upon receiving it, wherethe label describes the purpose for which the key is tobe used. In order to know the purpose for a key, thesubject must understand the context in which the key is received; for example, labelling is not possible if keysmagically appear on the key ring without the subject’sknowledge.
    2. Even if one can distinguish the keys, decidingto try all available keys puts one at risk of becoming aconfused deputy.