1,148 Matching Annotations
  1. Last 7 days
    1. 54:30 Max utopian in his head, trust in random people

      • see index zk on Apollonian and Dionysian theory (idealism, good or bad?)

      57:00 inherently, people are good, but they get corrupted (good and evil)

      57:44 “there is some light” (life can be good): see zk 9 section on light & darkness

    1. use the services of free email providers (Gmail, Live, Yahoo...) which are limited and your data is used for commercial purposes. Install your own email server, which requires important technical knowledge to setup and configure the system.
  2. Sep 2023
    1. In order to enable MPP, users must have Apple devices, configure their email account to use Apple Mail applications, update their operating system to the latest version, and opt into MPP. 
    1. Before Ruby 3.2, there core class Time provided no way to to get back a Time value from any serialization, including even simple Time#inspect or #to_s. The Time.parse provided by standard library time (not core functionality, doesn’t work with explicit require 'time'), and tries to parse every imaginable format, while Time.new with string is stricter.
    2. string ones are those most of the Rubyists remember.
    3. Low-level processing of strings (like networks middleware, or efficient search algorithms, or packing/unpacking) might need an ability to operate on a level of single bytes, regardless of original string’s encoding. It is especially important while handling variable-length encodings like UTF-8. Before methods introduction, the only way to perform byte-level processing was to forcing string encoding into ASCII-8BIT, process, and then force encoding back.
    4. There are many simple use cases like pagination (when “21 items / 10 per page” should yield “3 pages”).
    1. For me, I don't have an issue, but there was one syntax situation I found awkward: I need to sometimes know whether it is a class or a module that I am modifying. So I may have code: module Foo module Bar class Baz versus: class Foo::Bar::Baz It's not a huge issue, but ruby would yield an error if I specify a class or module incorrectly (which can happen if you spread code out into different .rb files, so I understand why there is an error message shown, to avoid accidents). But I then also wondered why I have to care whether it is a module or class, if my primary goal is to modify something, such as by adding a method. If I want to add a method: def foobar; end then I really should never be required to have to know whether I am modifying a class or a module.
    1. We dream of a day when IP reputation does not matter and we can rely on domain reputation, but unfortunately we are not there yet.
  3. Aug 2023
    1. The point of acts_as_paranoid is keeping old versions around, not really destroying them, so you can look at past state, or roll back to past version. Do you consider the attached file part of the state you should be able to look at? If you roll back to past version, should it have it's attachment there too, in the restored version?
    1. After all, Luhmann himself didn’t have automatic backlinking. He had to manually add the cross-references to his analog notecards, and yet the system allowed him to write dozens of books and papers. Indeed, as Christian from Zettelkasten.de has said, automation might actually be an impediment to the cogitation and deep understanding the method seeks to engender.
    1. ActiveStorage has a different approach than what is suggested by @dhh here. The idea there seems to be to rule out a default and to explicitly set ActiveStorage::Current.url_options or by include ActiveStorage::SetCurrent. I don't understand why and asked about it in the Rails Forum. Maybe someone here can point out why we don't use a sensible default in ActiveStorage?
  4. Jul 2023
    1. The distinction doesn't refer to the files _contents_ but how to the file is _treated_ when it is being read or written. In "rb"/"wb" modes files are left how they are, in "r"/"w" modes Windows programmers get line ends "\r\n" translated into "\n" what disturbs file positions and string lengths.
    1. How do we end up designing systems that attract all of the right people into power
      • key question
        • knowing the self-selection effect, how do we design better systems that end up putting good people in positions of power?
    1. I understand Duo follows the spec and attempts to make life easier by giving users the full 30 seconds, but unfortunately service providers don’t honor that recommendation, which leads to lockouts and a bunch of calls to our 1st line teams. You can’t tell users to stop using {platform}, but we can tell them to switch TOTP providers.
    1. The way to do this with Capybara is documented on StackOverflow but, unfortunately, the answer there is buried in a little too much noise. I decided to create my own tiny noise-free blog post that contains the answer. Here it is:
    1. approaches, which typically encapsulate bacteria in hydrogels, have produced deployable optical sensors for explosives14, heavy metals15 and chemical inducers16,17
    1. Translocation to a cell’s surface utilizes a signal peptide (for inner membrane translocation) and AIDAc as an outer membrane autotransporter pore
    1. Making MoneySerializer reloadable would be confusing, because reloading an edited version would have no effect on that class object stored in Active Job.
    1. AHL communication modules with functional devices built from the biological components of the las18, tra18, rpa18, rhl19, cin19 and esa20 quorum-sensing systems
  5. Jun 2023
    1. I’ve heard-suggested that ActiveSupport, which does a ton of monkey-patching of core classes, would make potentially-nice refinements. I don’t hold this opinion strongly, but I disagree with that idea. A big value proposition of ActiveSupport is that it is “omnipresent” and sets a new baseline for ruby behaviors - as such, being global really makes the most sense. I don’t know that anyone would be pleased to sprinkle using ActiveSupport in all their files that use it - they don’t even want to THINK about the fact that they’re using it.
    1. What I do care about, though, is that we might start to accept and adopt opinions like “that feature is bad”, or “this sucks”, without ever pausing to question them or explore the feature ourselves.
    2. If we hand most, if not all responsibility for that exploration to the relatively small number of people who talk at conferences, or have popular blogs, or who tweet a lot, or who maintain these very popular projects and frameworks, then that’s only a very limited perspective compared to the enormous size of the Ruby community.
    1. programming environmental microbes have been applied to a wide range of organisms. Some examples of newly-programmable microbes include

      good citations of engineering non-model organisms

    1. To date, serine integrases have not been used extensively in plant systems

      although they have been shown to work in principle in Arabidopsis23, Nicotiana benthamiana2421, barley25 and wheat26

    1. Have you ever: Been disappointed, surprised or hurt by a library etc. that had a bug that could have been fixed with inheritance and few lines of code, but due to private / final methods and classes were forced to wait for an official patch that might never come? I have. Wanted to use a library for a slightly different use case than was imagined by the authors but were unable to do so because of private / final methods and classes? I have.
    2. I'm not saying never mark methods private. I'm saying the better rule of thumb is to "make methods protected unless there's a good reason not to".
    3. Marking methods protected by default is a mitigation for one of the major issues in modern SW development: failure of imagination.
    4. If it's dangerous, note it in the class/method Javadocs, don't just blindly slam the door shut.
    5. Been disappointed, surprised or hurt by a library etc. that was overly permissive in it's extensibility? I have not.
    6. The old wisdom "mark it private unless you have a good reason not to" made sense in days when it was written, before open source dominated the developer library space and VCS/dependency mgmt. became hyper collaborative thanks to Github, Maven, etc. Back then there was also money to be made by constraining the way(s) in which a library could be utilized. I spent probably the first 8 or 9 years of my career strictly adhering to this "best practice". Today, I believe it to be bad advice. Sometimes there's a reasonable argument to mark a method private, or a class final but it's exceedingly rare, and even then it's probably not improving anything.
    1. Are protected members/fields really that bad? No. They are way, way worse. As soon as a member is more accessible than private, you are making guarantees to other classes about how that member will behave. Since a field is totally uncontrolled, putting it "out in the wild" opens your class and classes that inherit from or interact with your class to higher bug risk. There is no way to know when a field changes, no way to control who or what changes it. If now, or at some point in the future, any of your code ever depends on a field some certain value, you now have to add validity checks and fallback logic in case it's not the expected value - every place you use it. That's a huge amount of wasted effort when you could've just made it a damn property instead ;) The best way to share information with deriving classes is the read-only property: protected object MyProperty { get; } If you absolutely have to make it read/write, don't. If you really, really have to make it read-write, rethink your design. If you still need it to be read-write, apologize to your colleagues and don't do it again :) A lot of developers believe - and will tell you - that this is overly strict. And it's true that you can get by just fine without being this strict. But taking this approach will help you go from just getting by to remarkably robust software. You'll spend far less time fixing bugs.

      In other words, make the member variable itself private, but can be abstracted (and access provided) via public methods/properties

    2. Exposing properties gives you a way to hide the implementation. It also allows you to change the implementation without changing the code that uses it (e.g. if you decide to change the way data are stored in the class)
    3. Anything that isn't explicitly enforced by contract is vulnerable to misunderstandings. It's doing your teammates a great service, and reducing everyone's effort, by eliminating ambiguity and enforcing information flow by design.
    4. Far more preferable is to minimize data structure so that it tends to be normalized and not to have inconsistent states. Then, if a member of a class is changed, it is simply changed, rather than damaged.
    5. Another point is that properties are good in that you can place breakpoints in them to capture getting/setting events and find out where they come from.
    1. Derived classes need to follow their base class contracts, but may choose to expose a subtype of base class with more capabilities. This includes making protected members public:
    1. Writing json_populate_record in the FROM clause is good practice, since all of the extracted columns are available for use without duplicate function calls.
  6. May 2023
    1. while I'm not as strongly against the above example code as the others, specifically because you did call it out as pseudocode and it is for illustrative purposes only, perhaps all of the above comments could be addressed by replacing your query = ... lines with simple query = // Insert case-sensitive/insensitive search here comments as that keeps the conversation away from the SQL injection topic and focuses on what you're trying to show. In other words, keep it on the logic, not the implementation. It will silence the critics.
    2. I know this is an old question but I just want to comment here: To any extent email addresses ARE case sensitive, most users would be "very unwise" to actively use an email address that requires capitals. They would soon stop using the address because they'd be missing a lot of their mail. (Unless they have a specific reason to make things difficult, and they expect mail only from specific senders they know.) That's because imperfect humans as well as imperfect software exist, (Surprise!) which will assume all email is lowercase, and for this reason these humans and software will send messages using a "lower cased version" of the address regardless of how it was provided to them. If the recipient is unable to receive such messages, it won't be long before they notice they're missing a lot, and switch to a lowercase-only email address, or get their server set up to be case-insensitive.
    1. A flaw can become entrenched as a de facto standard. Any implementation of the protocol is required to replicate the aberrant behavior, or it is not interoperable. This is both a consequence of applying the robustness principle, and a product of a natural reluctance to avoid fatal error conditions. Ensuring interoperability in this environment is often referred to as aiming to be "bug for bug compatible".
    1. This doesn't make any sense, though. Once you recognize that the two may represent different addresses, you're arbitrarily choosing the first one in your system as the right one, when the second one is just as right. Just give up at that point and lowercase ’em.

      which one should be considered the correct one?

    2. Some say you should treat addresses as case-preserving as opposed to case-sensitive, meaning you don't change IStillUse@AOL.COM to istilluse@aol.com but you still consider it a dupe of iSTilLUSE@aol.com.
    1. Since using case insensitivity is so widespread, take their sign up email address and make it lower case. Whenever they try to log in, convert that to lowercase as well, for comparison purposes, when you go to see if the user exists. As far as sign up and sign in go, do a case insensitive comparison. If the person signs up as Steve@example.com, you'll still want to allow them to sign in later with steve@example.com or sTeVE@example.com.
    2. But you should also keep track of the email address that they signed up with in a case sensitive fashion. Any time you send an email to them, be sure to send it with that original casing. This allows the email server to handle it however it feels like it needs to. So even though the person may always be signing in to your site with steve@example.com, if they signed up as Steve@example.com, you'll always send email to Steve@example.com, just to be safe.
    1. we split the head from the hands, or isolate humane studies from practicallife, we unfortunately tend to suppose that a liberal cultural education is the rightof only an elite few—the heads. Don’t we all—and not just the socially advantaged“heads”—deserve an education that prioritizes human growth?

      YES ABSOLUTELY!!!!

    2. none of this means we should turn students and teachers intofunctionaries or serfs for, in Dewey’s words in Democracy and Education, a “feudaldogma of social predestination.”

      Yes!

    3. . The problem arises when institutions and policymakers assume,following the logic of the industrial model, that our primary and overriding edu-cational aim is thus to train students to fit the specifications of this existing infra-structure.

      BARSSSSS

    4. The mission of K–12 and higher educationis, in Wisconsin Gov. Scott Walker’s infamous words last year, “to develop humanresources to meet the state’s workforce needs.”

      Ridiculous. But indicative of how much of the system is set up, in relaity

    5. “A being of infinitescope,” she wrote, “must not be treated with an exclusive view to any one relation. . . . Give the soul free course. . . and the being will be fit for any and every relationto which it may be called.”1

      Right, and that is particularly what is stripped away when people are only seen as employees. When the personage of workers is ignored, they are restricted in relation only to vocation.

  7. Apr 2023
    1. If you send links with a secret login token with email, then they should be single-use and expire rather quickly.
    2. If so, then how is sending a link for password reset any more secure? Isn't logging-in using a magic link the same thing as sending a magic link for resetting a password?

      In my opinion: It's not any different or less secure.

    1. Google allowed third parties to build their own Wave services (be it private or commercial) because it wanted the Wave protocol to replace the e-mail protocol.[2][16][17] Initially, Google was the only Wave service provider, but it was hoped that other service providers would launch their own Wave services, possibly designing their own unique web-based clients as is common with many email service providers.
  8. Mar 2023
    1. Exactly my thoughts on the matter! I'm coming from XML SOAP background and concept of schema just got into my blood and JSON documents rather don't announce their schema. To me it's whether server "understands" the request or not. If server doesn't know what "sales_tax" is then it's simply 400: "I have no idea what you sent me but definitely not what I want.".
    2. Just because the code is described as part of the WebDAV spec doesn't mean it's WebDAV-specific! Status codes are supposed to be generic.
    1. Why the 2 separate steps for this? Simple: to make things easier on the front-end side of things. Sending 2 different error codes, one for when the OTP is required but missing, and one where the OTP was provided but invalid, allows us to adjust our login UI accordingly.
    1. User Experience The user experience will be familiar and consistent across many of the user’s devices – a simple verification of their fingerprint or face, or a device PIN, the same simple action that consumers take multiple times each day to unlock their devices.
    1. The problem with using SMS-2FA to mitigate this problem is that there’s no reason to think that after entering their credentials, they would not also enter any OTP.
    2. I believe that SMS 2FA is wholly ineffective, and advocating for it is harmful.

      Would this also appyl to OTP by e-mail??

    3. This argument only works if what you’re defending is good. As I’ve already explained, SMS-2FA is not good.
    4. Don’t let the perfect be the enemy of the good. Seat belts aren’t perfect either, do you argue we shouldn’t wear them? Etc, etc. This argument only works if what you’re defending is good. As I’ve already explained, SMS-2FA is not good.
    5. You are currently allowing your users to choose their own password, and many of them are using the same password they use on other services. There is no other possible way your users are vulnerable to credential stuffing.
    6. If you use a third party password manager, you might not realize that modern browsers have password management built in with a beautiful UX. Frankly, it’s harder to not use it.
    7. If you’re a security conscious user... You don’t need SMS-2FA. You can use unique passwords, this makes you immune to credential stuffing and reduces the impact of phishing. If you use the password manager built in to modern browsers, it can effectively eliminate phishing as well.

      not needed: password manager: 3rd-party

    1. You can also find the combination verb+in+to, but in that case you're usually dealing with a phrasal verb consisting of a verb and the particle "in", which happens to be followed by the preposition "to".They wouldn't give in to our demands.
    2. "Built in to" appears when you use the phrasal verb "build in" followed by an infinitive, but that is not what you are trying to do in your sentence.There's an electronic switch built in to stop all data transfers.
    1. The house, of course, is not doing the agreeing; Cooper is! Because of the distance between Cooper and the participle phrase that describes him, the comma is necessary.
    1. A survey of 230 diverse bacterial and archaeal genomes found evidence of DNA methylation in 93% of genomes, with a diverse array of methylated motifs (834 distinct motifs; average of three motifs per organism)
    1. conjugative plasmids have broad-host ranges23, are resistant to restriction-modification systems24, are easy to engineer with large coding capacities25, and do not require a cellular receptor26 that would provide a facile mechanism for bacterial resistance.
    1. Bacterial cells are typically one thousandth the volume of mammalian cells, which places them near the edge of instrument detection. At this size it can be challenging to differentiate viable cells from debris of similar size
    1. Detailed descriptions, assumptions, limitations and test cases of many popular statistical methods for ecological research can be found in the GUSTAME server (Buttigieg and Ramette, 2014), and in the review by Paliy and Shankar (2016).
    2. condensing the information into two- or three-dimensional spaces. A very good overview of techniques to achieve this was written by Paliy and Shankar (2016).
    1. There are several widely used tool collections, e.g., QIIME 2 [13], mothur [14], usearch [15], and vsearch [16], and 1-stop pipelines, e.g., LotuS [17], with new approaches continually being developed, e.g., OCToPUS [18] and PEMA [19]
    1. Recently, redox-responsive biomolecules such as phenazines have been used in several electrochemical strategies to interrogate a range of biological activities30,31 and to control gene expression in living cells32,33, where the redox status of the biomolecules could be measured or manipulated by application of electronic potentials
    1. Double quotes for string literals - because pre-committing to whether you'll need interpolation in a string slows people down
    1. Protocols are, by their very nature, open. If you can't read the protocol specification then you can't very well implement it, can you?
    1. Our test raises an ActiveRecord::RecordNotFound exception. We know that Rails has special handling to return a 404 status code in this case. However, the request spec still raises the exception.
    1. Although these approaches may differ, all of them concur onthree essential points:
      • Paraphrase
      • three essential points for having a good life:
        • A good life goes beyond mere survival and moves into a life that humans value
        • A good life ensures that individuals have the opportunity to flourish
        • A good life requires providing the conditions and resources individuals need to satisfy or develop their full potential
    2. Instead of weighing the balance of pleasure and pain,individuals tend to think about a good life in terms of their life beingmeaningful to them

      // - from this perspective, the meaning crisis is a threat to a good life

    3. Often, environmental and social analysts focus on threats, dangers,and damage. They highlight negatives, in terms of limited or non-renewable resources, or the impacts of excessive emissions or effuents.But what if one took the opposite approach and focused on the posi-tives that we want to strive for? We – the authors – believe that everyhuman being, that is you and us and everybody close and far away,wants to be able to live a good life, a life that is worth living. Giventhat the Earth’s resources are limited and distributed highly unevenly,the core objective has to be how everybody can live well within limits.

      // - A key shift is required to mobilize people at scale - This strategy is already being adopted by change agents around the globe but the change in perspective needs to become greater - Living within doughnut economics reaches the same conclusion: https://jonudell.info/h/facet/?max=100&expanded=true&user=stopresetgo&exactTagSearch=true&any=a+good+life+for+all - and currently, as the "Good Life for All" study showed at a national (country) scale, very few if any countries are meeting this requirement - the great inequality implies that the poor must be uplifted materially, whilst the rich must be encouraged to share material and economic wealth - the poor of the world will receive material and economic gain while the economic elites of the world gain nonmaterial wealth

    4. It requiresa deep and profound orientation toward the good life. It requires usto ponder what the good life is, what conditions must be fulflled forindividuals to live it, and what it takes to create these conditions.

      // - Orienting towards the good life is needed to mobilize action. - Why? - Because shifting from a negative vision to a positive one is necessary to mobilize action (at scale) - It is the difference between: - being coerced vs being self-motivated - being reactive vs being proactive - being depressed and lethargic vs being joyful and energetic - hence, in this transition journey, we must accompany the limits with the positive transformation that allows us to achieve wellbeing within them.

    5. By tying the question of limits to human needsand requirements for their satisfaction, they neither demand asceti-cism or renunciation, nor pursue unspecifed moral suasion in termsof “we should consume less.” Rather, they highlight the necessity –diffcult to pursue but rich in participatory rewards – to jointly defnethe conditions necessary to live a good life, and the subsequent stepsnecessary to make such a good life possible for all individuals. By pro-viding freedom to pursue the good life in an ecologically and sociallyfrayed world, these limits offer the beneft of ensuring that all otherindividuals living now and into the future can do so as well.
      • Comment
      • perspective is critical.
      • Rather than employing moral suasion, we need to really define what is meant by a good life.
      • Many of the materially wealthy are emotionally unhappy, and so material wealth does not equate to "a good life"
      • This point must be really understood by the elites of the world.
      • Often elites come from a background of escaping poverty themselves and wealth acts as a pathological buffer against extreme poverty
    6. Justice in the context of consumption corridorsmeans that every person deserves access to a defned minimum level ofecological and social resources necessary to be able to live a good life,solely because they are a human being (what scholars call a natural-law-based perspective on justice).
      • Definition - Natural Law
      • a natural law based perspective of justice claims that every person deserves access to a defined minimum level of ecological and social resources necessary to live a "good life".
    1. //

      • This is a good resource to explore doughnut economics at a national scale for many countries of the world.
      • The two quadrants show a major pattern and dualism between 1) many developed countries that can meet socio-economic well-being, but only at the high price of exceeding planetary boundaries, and 2) many countries that stay under planetary boundary limits, but only at the expense of poor socio-economic indicators.
      • The conclusion of the study is that currently, a good life for all within planet boundaries does not exist
    1. In the new collection, The Good It Promises, The Harm It Does, activists and scholars address the deeper problems that EA poses to social justice efforts. Even when EA is pursued with what appears to be integrity, it damages social movements by asserting that it has top-down answers to complex, local problems, and promises to fund grass-roots organizations only if they can prove that they are effective on EA’s terms.
    1. I am a developer, and we are developing the app for the customer, that will not publish through the google play store. But when we distribute the app to the customer, customer get that error. I want to avoid that alert of the Play stored.I want to understand, exactly which security concern has been break by my app.
  9. Feb 2023
    1. There should thus be an option to give npm a list of vulnerability IDs (CVEs etc.) that it does not need to defend because the admin has decided it does not apply to their edge case.

      should be optional

    1. Result of lots of searching on net is that pre-checkout hook in git is not implemented yet. The reason can be: There is no practical use. I do have a case It can be achieved by any other means. Please tell me how? Its too difficult to implement. I don't think this is a valid reason
    1. The variable x initially has the type unknown: the type of all values. The predicate typeof x === "number" extracts dynamic information about the value bound to x, but the type-checker can exploit this information for static reasoning. In the body of the if statement the predicate is assumed to be true; therefore, it must be the case the value bound to x is a number. TypeScript exploits this information and narrows the type of x from unknown to number in the body of if statement.
  10. Jan 2023
    1. This depends on the ruby code. Some projects will be semi-dormant due to various reasons. That's for us to address as a community. Are we going to let a single decade-old gem prevent us from moving Ruby forward? What's the threshold? There's libraries out there that don't work on Ruby 1.9. We left them behind or replaced them. And are people depending on a gem that's unmaintained really going to be the ones to jump on Ruby 3.0 the day after Christmas 2020? This is also still supposition. Name some gems that are unmaintained and in wide use. We can fix them! We have the technology! In my opinion, if matz's objective is to make the transition to ruby 3.0 simple, then it actually makes a lot of sense to postpone frozen strings by default. Postpone until when? 3.1? So then 3.1 will be the hard break? They've been discussed for what, ten years now? How long is long enough? We've added many ways for people to start transitioning to immutable literal strings, and people are using those mechanisms widely. We've pushed this transition a long time, and we still have another year until 3.0 is out and longer than that until people will need to make a move. What is the threshold for being "ready" to make this change? Unless we're planning to wait until Ruby 4.0 in 2030 to do this, I think we should do it now. I use frozen strings in most of my ruby projects, most of them set to true via the toplevel comment, so either way, it would not affect me. Exactly. Most people already do use frozen string literals. And adding a pragma means we can transition troublesome code to the new way with a single line per affected file. Heck, we can even add --enable:mutable-literal-string for people that are stuck with some of that old unmaintained code, allowing them to have a soft landing.
    1. because most languages treat strings as immutable, which helps ensure you don't accidentally modify them and can improve performance. Fewer state changes in a program mean less complexity. It's better to opt-in to mutability after careful consideration rather than making everything mutable by default. What is immutability and why should I worry about it? may help.
    1. https://www.imdb.com/title/tt11534762/

      The Good Fight S4 E5 "The Gang Goes to War"

      This episode features Diane chatting with a co-star about her note taking experience. The woman indicates that she took notes incessantly and voraciously, but that she never referred back to them. The experience just caused her extreme stress so she gave it up completely as she felt it never gave her any benefit. She resorted instead to a more zen practice of drawing circles in her notebooks. She showed Diane a pile of notebooks filled with circles in various designs and colors. Later in the episode while in court the woman asked Diane about it and Diane showed her some of her new circle "note" pages.

      [Watched the episode passively sometime in the past two weeks.]

  11. datatracker.ietf.org datatracker.ietf.org
    1. If the client knows the access token expired, it skips to step (G); otherwise, it makes another protected resource request.

      It doesn't have to wait until it gets an invalid token error. It can independently be checking the expiration time before making a request, and if it sees that it has expired, don't even bother making the request, just skip directly to using the refresh token.

    1. This larger perspective is offered by an analysis of citizenship and the common good. I begin with the idea of citizenship as being a practice entrusted with the preservation and conservation of the nexus of recognitional practices in a society. Then I move to the notion of the common good, interpreted not as a collective thing, a transcendent principle, or an abstract concept, but as the flourishing of the recognitional nexus itself. 

      !- interpretation of citizenship : from perspective of common good - common good as the flourishing of the nexus of recognitional practices in a society.

      !- comment : salience of citizenship and common good - it's important to educate the public on what it means to be a citizen from the perspective of our empowering role in creating the society we want to live in

    1. belongs_to does not ensure reference consistency, so depending on the use case, you might also need to add a database-level foreign key constraint on the reference column, like this: create_table :books do |t| t.belongs_to :author, foreign_key: true # ... end
    1. class String alias strip_ws strip def strip chr=nil return self.strip_ws if chr.nil? self.gsub /^[#{Regexp.escape(chr)}]*|[#{Regexp.escape(chr)}]*$/, '' end end
    1. It's usually undesirable to add a default scope. It will take more effort to work around and will cause more headaches. If you know you need a default scope, it's easy to add yourself .
  12. Dec 2022
    1. I once had a cut on my arm. Someone asked me, is it serious? “It depends,” I replied, “on how much I scratch.”
    1. Pleeaasse don't give "it" a name.There is no "it". You believers are part of the church in your location and you meet together.There is zero biblical precedent for a group of believers giving their particular group a name.I understand that nearly all believers do .... That in no way makes it right.Names seperate us from others of the church in our area.
    1. But anti- spam software often fetches all resources in mail header fields automatically, without any action by the user, and there is no mechanical way for a sender to tell whether a request was made automatically by anti-spam software or manually requested by a user. To prevent accidental unsubscriptions, senders return landing pages with a confirmation step to finish the unsubscribe request. A live user would recognize and act on this confirmation step, but an automated system would not. That makes the unsubscription process more complex than a single click.

      HTTP: method: safe methods: GETs have to be safe, just in case a machine crawls it.

    2. The target of the POST action is the same as the one in the GET action for a manual unsubscription, so this is intended to allow the same server code to handle both.
  13. Nov 2022
    1. You might notice that the “expires_in” property refers to the access token, not the refresh token. The expiration time of the refresh token is intentionally never communicated to the client. This is because the client has no actionable steps it can take even if it were able to know when the refresh token would expire.
    1. For example, if I make an application (Client) that allows a user (Resource Owner) to make notes and save them as a repo in their GitHub account (Resource Server), then my application will need to access their GitHub data. It's not secure for the user to directly supply their GitHub username and password to my application and grant full access to the entire account. Instead, using OAuth 2.0, they can go through an authorization flow that will grant limited access to some resources based on a scope, and I will never have access to any other data or their password.
    1. The Console now supports redeclaration of const statement, in addition to the existing let and class redeclarations. The inability to redeclare was a common annoyance for web developers who use the Console to experiment with new JavaScript code.
    1. Honestly, at this point, I don't even know what tools I'm using, and which is responsible for what feature. Diving into the code of capybara and cucumber yields hundreds of lines of metaprogramming magic that somehow accretes into a testing framework. It's really making me loathe TDD despite my previous youthful enthusiasm.

      opinion: too much metaprogramming magic

      I'm not so sure it's "too much" though... Any framework or large software project is going to feel that way to a newcomer looking at the code, due to the number of layers of abstractions, etc. that eventually were added/needed by the maintainers to make it maintainable, decoupled, etc.

    1. Rebuilding the same Dockerfile should result in the same version of the image being packaged, even if the second build happens several versions later, or the build should fail outright, such that an inadvertent rebuild of a Dockerfile tagged as 0.1.0 doesn't end up containing 0.2.3.
    2. Because the official images are intended to be learning tools for those new to Docker as well as the base images for advanced users to build their production releases, we review each proposed Dockerfile to ensure that it meets a minimum standard for quality and maintainability. While some of that standard is hard to define (due to subjectivity), as much as possible is defined here, while also adhering to the "Best Practices" where appropriate.
    1. Why was the SIGSTOP-ed process not responding to SIGTERM? Why does the kernel keeps it in the same state? Why did it get killed the moment it received the SIGCONT signal? If it was because of the previous SIGTERM signal, where was it kept until the process resumed?
    1. In other words, if you use Bash to run Jenkins, and then run docker stop, then Jenkins will never see the stop command!
    2. Now, Bash actually does the same thing (reaping zombies), so you're probably wondering: why not use Bash as PID 1?
    3. In other words, someone has to clean up after "irresponsible" parents that leave their children un-wait'ed, and that's PID 1's job.
    1. Let's look at a concrete example. Suppose that your container contains a web server that runs a CGI script that's written in bash. The CGI script calls grep. Then the web server decides that the CGI script is taking too long and kills the script, but grep is not affected and keeps running. When grep finishes, it becomes a zombie and is adopted by the PID 1 (the web server). The web server doesn't know about grep, so it doesn't reap it, and the grep zombie stays in the system.
    1. Glyph 0 must be assigned to a .notdef glyph. The .notdef glyph is very important for providing the user feedback that a glyph is not found in the font. This glyph should not be left without an outline as the user will only see what looks like a space if a glyph is missing and not be aware of the active font’s limitation.
    1. Consider a text file containing the German word für (meaning 'for') in the ISO-8859-1 encoding (0x66 0xFC 0x72). This file is now opened with a text editor that assumes the input is UTF-8. The first and last byte are valid UTF-8 encodings of ASCII, but the middle byte (0xFC) is not a valid byte in UTF-8. Therefore, a text editor could replace this byte with the replacement character symbol to produce a valid string of Unicode code points. The whole string now displays like this: "f�r".
    1. While there are many great answers regarding the "glyph not found" glyph, that won't help you actually detect it, as the text string in code will still have the character regardless of the font used to render it.
    1. A glyph can also represent more than one character at once. Take an f_f_f ligature as an example. It represents three f characters in a row. Ligatures do not have Unicodes, because the separate characters already have codes and the the fact that it’s a ligature does not change the meaning of its parts.