293 Matching Annotations
  1. Last 7 days
    1. using modulesOnly behaves exactly as expected when it warns you that the listed npm libraries do not use the ES6 format and are in fact ignored. This option is meant as a way to determine if you still have commonjs libraries in your dependencies that require special treatment via rollup-plugin-commonjs. Your code will probably not work since the listed dependencies will be missing. You should remove modulesOnly and instead add rollup-plugin-commonjs.
    1. The difference between default and named affects how other people can consume your bundle. If you use default, a CommonJS user could do this, for example:

      include the following content

    2. In other words for those tools, you cannot create a package interface where const lib = require("your-lib") yields the same as import lib from "your-lib". With named export mode however, const {lib} = require("your-lib") will be equivalent to import {lib} from "your-lib".
    1. globals are assumed to have their field value on the window object and can be referenced inside the bundle by their field name globals: { name: 'Value', }, assumes that some other script tag or whatever establishes window.Value and the emitted umd bundle for example, calls the factory like factory(global.Value). So globals is just stuff to bring into the factory on the globals object. It doesn't even make it "global" inside the bundle. Basically, the resolver does not check the globals object during the loading process. The resolver needs to be told how to link these globals and that's what the external option is for. external: ['name'], Then you can reference it like import myName from 'name'; myName();
    2. we've learned why you might want to use external but not globals: libraries. We've started to factor some of our client-side JS as libraries to share between projects. These libraries import $ from 'jquery'. However they don't want to presume how that import might be "fulfilled". In most projects it's fulfilled from a global i.e. a script loaded from a CDN. However in one project it's fulfilled from a local copy of jQuery for reasons I won't get into. So when these libraries bundle themselves for distribution, as ES6 modules, they mark 'jquery' as an external and not as a global. This leaves the import statements in the bundle. (Warning: Don't bundle as an IIFE or UMD, or Rollup will guess at fulfilling the import from a global, as @Rich-Harris mentions above.)
    1. Luckily, there is absolutely no good reason not to use strict mode for everything — so the solution to this problem is to lobby the authors of those modules to update them.
    1. While there is some precedence in other frameworks for using as, the word doesn't fit well. Since you are adding functionality to elements I like the word add better (and it only has 1 more character).
    2. <slot ref:img data-visible="{{visible}}" /> In the above everything on <slot> is lost since slot is a space in the HTML, not an actual element. How could we translate this to zero or ten elements inside the slot?

      But I think this is a solved problem with current Svelte: just pass the lets to the slot content, and the slot content can decide how to pass those let props on to any or all of its child elements as it sees fit...

    3. enhancers
    1. Is there a good way to do this given the compiler won't know at build time what events are needed? Should I make a wrapper that does addEventListener myself with a bind:this? Would be nice if Svelte could handle dynamic events though.
  2. Sep 2020
    1. Yes, they do but none of them allow arbitrary javascript anywhere in the template it is finely controlled. This deviates from that, in fact that is it's defining feature.
    1. We should also allow passing unrecognised props to the rendered component. eg: tabindex might be required on some instances of a component, and not all. Why should developers have to add tabindex support to their components just that it may potentially be used

      Glad to hear this is solved now: $restProps

    2. The language should work for developers, not the other way around.
    1. Adding my 2 cents to the discussion. Adding a class prop to a component doesn't necessarily mean it should apply the style to the root element, but it makes sense that it should apply it the main element visually. Let's take a modal component as an example.
    2. You're not trying to pass a class to a dom element. You're passing a class to a component. It's up to the component to define what that means for the components use case. In most cases it would be passed to a dom element.
    3. That is, if I remove class={className} from the Child component, and/or remove the class/className prop entirely, then the class:active syntax doesn't have any effect since nothing is rendering the class prop anywhere.
    1. I don’t want my source to be human-readable, not for protective reasons, but because I care about web performance more. I want my website to arrive at light speed on a tiny spec of magical network packet dust and blossom into a complete website. Or do whatever computer science deems is the absolute fastest way to send website data between computers. I’m much more worried about the state of web performance than I am about web education. But even if I was very worried about web education, I don’t think it’s the network’s job to deliver teachability
    1. if the idea of using a template language makes you shudder — your fears are misplaced, but that's a topic for another day
    1. For example, you might want to use the browser’s knowledge of the user’s current time zone to group a collection of elements by date.
  3. Aug 2020
    1. But it's easy to imagine that the caption was incorrect for too long because those who know the language, know where the mistake is, and those who don't, think that it's the correct way to spell it.

      those who know the language, know where the mistake is, In other words, they can easily spot the mistake and no better than to repeat it themselves, but either are powerless or too lazy to actually fix it on SE.

      and those who don't, think that it's the correct way to spell it. So those who should no better are inadvertently perpetuating the mistake and teaching others that it is an acceptable/correct usage.

    2. Unless I just loginned, I agree it's "log in".
    1. I think the conjugation is particularly helpful to see why it should be two separate words: "log in" -> "logging in" -> "logged in"
    2. You can also think about each one with the way we stress the different syllables slightly when we're speaking: "log in to host.com" sounds like "log + in + to host.com" (each word is pretty much evenly stressed) "log into host.com" sounds like "log + INto host.com" (the stress is on "in") "login to host.com" sounds like "LOGin + to host.com" (the stress is on "log")

      I wouldn't have thought about using the way we pronounce it to make a point about grammar, but somehow it seems to help slightly to make the point.

    3. Perhaps someone should give an example of when 'into' is ever correct. "Turn into bed" is definitely incorrect, unless one is morphing into the form of a bed. But what about "he fell into the hole", "she went into the house", or "Star Trek Into Darkness"?
    1. I used to be a staunch defender of proper reply styles, even for casual emails. Insert your replies below the relevant paragraph and trim the exchange to be just about the matters of discussion.
    1. For example, the word dog describes both the species Canis familiaris and male individuals of Canis familiaris, so it is possible to say "That dog isn't a dog, it's a bitch" ("That hypernym Z isn't a hyponym Z, it's a hyponym Y").
  4. Jul 2020
    1. It would be nice if the tests weren't so implementation specific, but rather tested the essence of the functionality. I tried to make them less brittle but failed. To that end, re-writing all the tests in rspec would be (IMHO) a brilliant improvement and pave the way for better tests in the future and more flexibility in implementation.
    1. if British Army gunners are doing a countdown before making something go bang, they actually leave out Five in case anyone mishears it as “Fire”.
    1. See https://choosealicense.com/ for tl;dr Please, please add a license. The fact none is listed makes using this software a legal quagmire. Currently it is not legal to use this code or its derivatives in any useful software. I may be mistaken but hopefully this is not the intended effect. Currently no license is mentioned anywhere, what makes this code fully copyrighted, like any other creative work. It limits usefulness of this project - and I hope that it is unintentional. For example it seems that it would solve my problem of profiling hilariously slow rspec tests (2036.33 seconds ./spec/word_processor_spec.rb:43), in current situation I would be unable to legally publish project that would use this solution. Obviously, please do not release it under any license if you are not the author (that would be even worse legal quagmire)
    1. Once a test is in quarantine, there are 3 choices: Should the test be fixed (i.e. get rid of its flakiness)? Should the test be moved to a lower level of testing? Should the test be removed entirely (e.g. because there’s already a lower-level test, or it’s duplicating another same-level test, or it’s testing too much etc.)?
    2. Quarantined tests are run on the CI in dedicated jobs that are allowed to fail
    1. I could not find any way to do this with the standard library.

      https://twitter.com/olivierlacan/status/1084964879289778176 / https://hyp.is/aIYDgMVKEequYL8_dgzChQ/twitter.com/olivierlacan/status/1084930269533085696:

      It’s even worse that there’s no alternative method that does the unsurprising thing IMO.

    2. So why isn't there an easy way to remove an element from such an array in a way that respects both the order and number (count) of each element? Why do all methods for removing elements from an array assume that you always want to remove all matching elements from the receiver, with no option to do otherwise?
  5. Jun 2020
    1. For example, if error messages in two narrowly defined classes behave in the same way, the classes can be easily combined. But if some messages in a broad class behave differently, every object in the class must be examined before the class can be split. This illustrates the principle that "splits can be lumped more easily than lumps can be split".
    1. Don’t apply caching if the process is expected to react to changes during the caching period. i.e. Don’t cache when mixing reads and writes.
    2. An example candidate for caching might be a nightly billing task which aggregates billing data for the past month. That kind of task is likely not expecting last minute updates while it runs. It assumes that the state of the world remains constant while processing.
    1. In this case, we notice that comment.post and post should belong to the same database object. But, is Rails smart enough to know that the comment should be removed from both of the associations? Or are comment.post and post different representations of the same database row?
  6. May 2020
    1. Integration specs are relied upon to ensure the application functions, but does not ensure pixel-level stylistic perfection.
    1. Sometimes plugins can conflict with a theme or with each other.  Disable all your plugins and see if the problem persists. If everything is working once the plugins were disabled it means there's a conflict with a plugin or maybe even a set of plugins. Enable the plugins one by one to identify the one that is creating the conflict.
    1. Right click on the /wp-content/plugins folder and rename it plugins.old. This will deactivate all of the plugins. In most cases, this will also lock the WordPress admin area as well.  You will still be able to perform these steps from within the File Manager.Reactivate the plugins folder by following the above instructions and renaming the folder plugins. This will allow you to reactivate each plugin individually to isolate the offending plugin and resolve the 500 Internal Server Error.  This should also allow access to the WordPress Dashboard again. From the WordPress Dashboard: Reactivate each plugin (one at a time) and refresh the website to see if the issue has been resolved.
    1. You should then also create a new View and apply the following filter so as to be able to tell apart which domain a particular pageview occurred onFilter Type: Custom filter > AdvancedField A --> Extract A: Hostname = (.*)Field B --> Extract B: Request URI = (.*)Output To --> Constructor: Request URI = $A1$B1
    1. Hey there. We see you’ve been busy reading, which is fantastic, so we’ve promoted you up a trust level! We’re really glad you’re spending time with us and we’d love to know more about you. Take a moment to fill out your profile, or feel free to start a new topic.
    1. I encourage people to write good commit messages, with a good description that explains what it does.
    2. Having to rebase and cleanup the commits while actively working on something is time and attention consuming.

      I'm not sure how I feel about that. Usually I'd say it's worth it to do it periodically, even while you're working on it. Just not obsessive compulsively to the point that it is distracting from actual work.

    3. It seems weird to me that we are trying to enforce commit messages when they are not really visible or used in the GitLab workflow at all. This is what you see most of the time when interacting with the commit list. I've taken time to compose a nice descriptive body and it is hidden by default:
    4. shouldn't a MR be treated as an unit of work, independent from master?
    5. which might or might not be useful depending on what is the content of the commit.
    6. One way of encouraging users to create good commit message would be to have a better integration with the content of commit message in GitLab itself,
    7. Just to make this clear, I'm on the side that adding strict rules doesn't necessarily improve a situation. Especially with something that is subjective like a commit message.
    8. Good commit hygiene in general is a tough thing to enforce. It requires manual labor and descipline, from both the author and the reviewer.
    9. If we can encourage people to create clean commits as they go, the example as you showed above should be far less common, because cleaning up such history as an after-math is most of the time almost impossible.
    1. sadness.js will not load, however, as document.write() produces script elements which are "parser-inserted".
  7. developer.chrome.com developer.chrome.com
    1. If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.
    1. We group a description of and about personal data (such as a Cookie or IP Address), the purpose of its collection (such as Analytics or Advertising) and the providers (such as Google or even your own website) into what we call services. Each service corresponds to a portion of a privacy policy, and provides all the relevant information to the end users of your website.
    1. "linked data" can and should be a very general term referring to any structured data that is interlinked/interconnected.

      It looks like most of this article describes it in that general sense, but sometimes it talks about URIs and such as if they are a necessary attribute of linked data, when that would only apply to Web-connected linked data. What about, for example, linked data that links to each other through some other convention such as just a "type" and "ID"? Maybe that shouldn't be considered linked data if it is too locally scoped? But that topic and distinction should be explored/discussed further...

      I love its application to web technologies, but I wish there were a distinct term for that application ("linked web data"?) so it could be clearer from reading the word whether you meant general case or not. May not be a problem in practice. We shall see.

      Granted/hopefully most use of linked data is in the context of the Web, so that the links are universal / globally scoped, etc.

    2. The above diagram shows which Linking Open Data datasets are connected, as of August 2014.
    1. This change was made because GitLab License Management is now renamed to GitLab License Compliance. After review with users and analysts, we determined that this new name better indicates what the feature is for, aligns with existing market terminology, and reduces confusion with GitLab subscription licensing features.
    1. $10 donation = $9.41 deposited into your bank account the next business day $100 donation = $96.80 deposited into your bank account the next business day
    1. that a number x {\displaystyle x} is rational (S) is sufficient but not necessary to x {\displaystyle x} being a real number (N) (since there are real numbers that are not rational)
    2. being a male is a necessary condition for being a brother, but it is not sufficient—while being a male sibling is a necessary and sufficient condition for being a brother
    3. in order for human beings to live, it is necessary that they have air
    1. This does not have to be an additional form. In practice, you can simply add several checkboxes informing the user of each additional purpose and allowing them to give consent specific to those cases.

      See the images above, which are a good example of how to do it and how not to do it.

    1. By itself the name John Smith may not always be personal data because there are many individuals with that name. However, where the name is combined with other information (such as an address, a place of work, or a telephone number) this will usually be sufficient to clearly identify one individual.
    2. Simply because you do not know the name of an individual does not mean you cannot identify that individual. Many of us do not know the names of all our neighbours, but we are still able to identify them.
    1. If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.
    1. It would be best to offer an official way to allow installing local, unsigned extensions, and make the option configurable only by root, while also showing appropiate warnings about the potential risks of installing unsigned extensions.
    2. I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.
    3. I will need to find a workaround for one of my private extensions that controls devices in my home network, and its source code cannot be uploaded to Mozilla because of my and my family's privacy.
    1. Using a very different theoretical approach, Robbins (2009a) suggests that one of the primary reasons for Pentecostal expansion among those most disenfranchised by late capitalism may very well be the ease with which this religion creates social cohesion despite the ‘institutional deficit’ of the neoliberal global order (B. Martin 1998: 117‐18

      This is very interesting to me because of the absence of the state and Catholic church, which led to the growth of prosperity gospel within the Brazilian lower classes. In other words, a clash between "pre-modern" and "post-modern". "Institutional deficit" is a key word coming from the available journal article Robbins (2009a). Martin (1998) is a book chapter that interested me a lot as well, and it is available at the library but not eletronically (maybe Libgen?).

    2. Central to this interpretation has been Comaroff and Comaroff's work on ‘occult economies’ (Comaroff & Comaroff 1999; 2000), which situates the prosperity gospel alongside witchcraft accusations, rumours of zombies, and lurid tales of Faustian pacts with the Devil.

      Very similar folk tales are shared informally in Brazilian prosperity gospel churches of pacts with the Devil and witchcraft explaining mysterious economic events. Comaroff's mechanism of market fetishization is a very materialist and economicist explanation to prosperity gospel according to the article's author.

  8. Apr 2020
    1. purposes are grouped into 5 categories (strictly necessary, basic interactions & functionalities, experience enhancement, measurement, targeting & advertising)
    2. Strictly necessary (id 1). Purposes included:Backup saving and managementHosting and backend infrastructureManaging landing and invitation pagesPlatform services and hostingSPAM protectionTraffic optimization and distributionInfrastructure monitoringHandling payments
    1. A website (also written as web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server
    1. It’s true that there are two hard problems in computer science and one of them is naming things. Why? Because good names are important. A good name teaches about purpose and responsibility, so you have to spend some time thinking about it.
    1. In math, idempotence describes only unary functions that you can call on their own output. Math-idempotence is, “If you take the absolute value of a number, and then you take the absolute value of that, the result doesn’t change on the second (or subsequent) operations.” Math.abs is math-idempotent. Math-idempotence only applies to functions of one parameter where the parameter type and return type are the same. Not so useful in programming.
    1. Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
    1. Here you can do some social good; we know how much passwords are reused and the reality of it is that if they've been using that password on one service, they've probably been using it on others too. Giving people a heads up that even an outgoing password was a poor choice may well help save them from grief on a totally unrelated website.
    2. you could even provide an incentive if the user proactively opts to change a Pwned Password after being prompted, for example the way MailChimp provide an incentive to enabled 2FA:
    1. I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.
    2. For now the laws are on my side because there has to be intent to commit or facilitate a crime
    3. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    4. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. One suggestion is to check user's passwords when they log in and you have the plain text password to hand. That way you can also take them through a reset password flow as they log in if their password has been pwned.
    1. I think it's useful to differentiate especially because there are many situations where "hack", and its conjugations, is the only effective term to describe something that has nothing to do with malicious violation of security measures or privacy.
    1. Over the years, many people have said "well, the data is public anyway by virtue of it having been breached, what's the problem if you now store the password in your system?" Here's the philosophical problem I have with that:
    1. If you don't—or can't—lock your users in, the best way to compete is to innovate at a breakneck pace. Let's use Google Search as an example. It's a product that cannot lock users in: users don't have to install software to use it; they don't have to upload data to use it; they don't have to sign two-year contracts; and if they decide to try another search engine, they merely type it into their browser's location bar, and they're off and running.
    2. Want to keep your users? Just make it easy for them to leave.