242 Matching Annotations
  1. Jun 2020
    1. For example, if error messages in two narrowly defined classes behave in the same way, the classes can be easily combined. But if some messages in a broad class behave differently, every object in the class must be examined before the class can be split. This illustrates the principle that "splits can be lumped more easily than lumps can be split".
    1. Don’t apply caching if the process is expected to react to changes during the caching period. i.e. Don’t cache when mixing reads and writes.
    2. An example candidate for caching might be a nightly billing task which aggregates billing data for the past month. That kind of task is likely not expecting last minute updates while it runs. It assumes that the state of the world remains constant while processing.
    1. In this case, we notice that comment.post and post should belong to the same database object. But, is Rails smart enough to know that the comment should be removed from both of the associations? Or are comment.post and post different representations of the same database row?
  2. May 2020
    1. Integration specs are relied upon to ensure the application functions, but does not ensure pixel-level stylistic perfection.
    1. Sometimes plugins can conflict with a theme or with each other.  Disable all your plugins and see if the problem persists. If everything is working once the plugins were disabled it means there's a conflict with a plugin or maybe even a set of plugins. Enable the plugins one by one to identify the one that is creating the conflict.
    1. Right click on the /wp-content/plugins folder and rename it plugins.old. This will deactivate all of the plugins. In most cases, this will also lock the WordPress admin area as well.  You will still be able to perform these steps from within the File Manager.Reactivate the plugins folder by following the above instructions and renaming the folder plugins. This will allow you to reactivate each plugin individually to isolate the offending plugin and resolve the 500 Internal Server Error.  This should also allow access to the WordPress Dashboard again. From the WordPress Dashboard: Reactivate each plugin (one at a time) and refresh the website to see if the issue has been resolved.
    1. You should then also create a new View and apply the following filter so as to be able to tell apart which domain a particular pageview occurred onFilter Type: Custom filter > AdvancedField A --> Extract A: Hostname = (.*)Field B --> Extract B: Request URI = (.*)Output To --> Constructor: Request URI = $A1$B1
    1. Hey there. We see you’ve been busy reading, which is fantastic, so we’ve promoted you up a trust level! We’re really glad you’re spending time with us and we’d love to know more about you. Take a moment to fill out your profile, or feel free to start a new topic.
    1. I encourage people to write good commit messages, with a good description that explains what it does.
    2. Having to rebase and cleanup the commits while actively working on something is time and attention consuming.

      I'm not sure how I feel about that. Usually I'd say it's worth it to do it periodically, even while you're working on it. Just not obsessive compulsively to the point that it is distracting from actual work.

    3. It seems weird to me that we are trying to enforce commit messages when they are not really visible or used in the GitLab workflow at all. This is what you see most of the time when interacting with the commit list. I've taken time to compose a nice descriptive body and it is hidden by default:
    4. shouldn't a MR be treated as an unit of work, independent from master?
    5. which might or might not be useful depending on what is the content of the commit.
    6. One way of encouraging users to create good commit message would be to have a better integration with the content of commit message in GitLab itself,
    7. Just to make this clear, I'm on the side that adding strict rules doesn't necessarily improve a situation. Especially with something that is subjective like a commit message.
    8. Good commit hygiene in general is a tough thing to enforce. It requires manual labor and descipline, from both the author and the reviewer.
    9. If we can encourage people to create clean commits as they go, the example as you showed above should be far less common, because cleaning up such history as an after-math is most of the time almost impossible.
    1. sadness.js will not load, however, as document.write() produces script elements which are "parser-inserted".
  3. developer.chrome.com developer.chrome.com
    1. If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.
    1. We group a description of and about personal data (such as a Cookie or IP Address), the purpose of its collection (such as Analytics or Advertising) and the providers (such as Google or even your own website) into what we call services. Each service corresponds to a portion of a privacy policy, and provides all the relevant information to the end users of your website.
    1. "linked data" can and should be a very general term referring to any structured data that is interlinked/interconnected.

      It looks like most of this article describes it in that general sense, but sometimes it talks about URIs and such as if they are a necessary attribute of linked data, when that would only apply to Web-connected linked data. What about, for example, linked data that links to each other through some other convention such as just a "type" and "ID"? Maybe that shouldn't be considered linked data if it is too locally scoped? But that topic and distinction should be explored/discussed further...

      I love its application to web technologies, but I wish there were a distinct term for that application ("linked web data"?) so it could be clearer from reading the word whether you meant general case or not. May not be a problem in practice. We shall see.

      Granted/hopefully most use of linked data is in the context of the Web, so that the links are universal / globally scoped, etc.

    2. The above diagram shows which Linking Open Data datasets are connected, as of August 2014.
    1. This change was made because GitLab License Management is now renamed to GitLab License Compliance. After review with users and analysts, we determined that this new name better indicates what the feature is for, aligns with existing market terminology, and reduces confusion with GitLab subscription licensing features.
    1. $10 donation = $9.41 deposited into your bank account the next business day $100 donation = $96.80 deposited into your bank account the next business day
    1. that a number x {\displaystyle x} is rational (S) is sufficient but not necessary to x {\displaystyle x} being a real number (N) (since there are real numbers that are not rational)
    2. being a male is a necessary condition for being a brother, but it is not sufficient—while being a male sibling is a necessary and sufficient condition for being a brother
    3. in order for human beings to live, it is necessary that they have air
    1. This does not have to be an additional form. In practice, you can simply add several checkboxes informing the user of each additional purpose and allowing them to give consent specific to those cases.

      See the images above, which are a good example of how to do it and how not to do it.

    1. By itself the name John Smith may not always be personal data because there are many individuals with that name. However, where the name is combined with other information (such as an address, a place of work, or a telephone number) this will usually be sufficient to clearly identify one individual.
    2. Simply because you do not know the name of an individual does not mean you cannot identify that individual. Many of us do not know the names of all our neighbours, but we are still able to identify them.
    1. If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.
    1. It would be best to offer an official way to allow installing local, unsigned extensions, and make the option configurable only by root, while also showing appropiate warnings about the potential risks of installing unsigned extensions.
    2. I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.
    3. I will need to find a workaround for one of my private extensions that controls devices in my home network, and its source code cannot be uploaded to Mozilla because of my and my family's privacy.
    1. Using a very different theoretical approach, Robbins (2009a) suggests that one of the primary reasons for Pentecostal expansion among those most disenfranchised by late capitalism may very well be the ease with which this religion creates social cohesion despite the ‘institutional deficit’ of the neoliberal global order (B. Martin 1998: 117‐18

      This is very interesting to me because of the absence of the state and Catholic church, which led to the growth of prosperity gospel within the Brazilian lower classes. In other words, a clash between "pre-modern" and "post-modern". "Institutional deficit" is a key word coming from the available journal article Robbins (2009a). Martin (1998) is a book chapter that interested me a lot as well, and it is available at the library but not eletronically (maybe Libgen?).

    2. Central to this interpretation has been Comaroff and Comaroff's work on ‘occult economies’ (Comaroff & Comaroff 1999; 2000), which situates the prosperity gospel alongside witchcraft accusations, rumours of zombies, and lurid tales of Faustian pacts with the Devil.

      Very similar folk tales are shared informally in Brazilian prosperity gospel churches of pacts with the Devil and witchcraft explaining mysterious economic events. Comaroff's mechanism of market fetishization is a very materialist and economicist explanation to prosperity gospel according to the article's author.

  4. Apr 2020
    1. purposes are grouped into 5 categories (strictly necessary, basic interactions & functionalities, experience enhancement, measurement, targeting & advertising)
    2. Strictly necessary (id 1). Purposes included:Backup saving and managementHosting and backend infrastructureManaging landing and invitation pagesPlatform services and hostingSPAM protectionTraffic optimization and distributionInfrastructure monitoringHandling payments
    1. A website (also written as web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server
    1. It’s true that there are two hard problems in computer science and one of them is naming things. Why? Because good names are important. A good name teaches about purpose and responsibility, so you have to spend some time thinking about it.
    1. In math, idempotence describes only unary functions that you can call on their own output. Math-idempotence is, “If you take the absolute value of a number, and then you take the absolute value of that, the result doesn’t change on the second (or subsequent) operations.” Math.abs is math-idempotent. Math-idempotence only applies to functions of one parameter where the parameter type and return type are the same. Not so useful in programming.
    1. Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
    1. Here you can do some social good; we know how much passwords are reused and the reality of it is that if they've been using that password on one service, they've probably been using it on others too. Giving people a heads up that even an outgoing password was a poor choice may well help save them from grief on a totally unrelated website.
    2. you could even provide an incentive if the user proactively opts to change a Pwned Password after being prompted, for example the way MailChimp provide an incentive to enabled 2FA:
    1. I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.
    2. For now the laws are on my side because there has to be intent to commit or facilitate a crime
    3. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    4. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. One suggestion is to check user's passwords when they log in and you have the plain text password to hand. That way you can also take them through a reset password flow as they log in if their password has been pwned.
    1. I think it's useful to differentiate especially because there are many situations where "hack", and its conjugations, is the only effective term to describe something that has nothing to do with malicious violation of security measures or privacy.
    1. Over the years, many people have said "well, the data is public anyway by virtue of it having been breached, what's the problem if you now store the password in your system?" Here's the philosophical problem I have with that:
    1. If you don't—or can't—lock your users in, the best way to compete is to innovate at a breakneck pace. Let's use Google Search as an example. It's a product that cannot lock users in: users don't have to install software to use it; they don't have to upload data to use it; they don't have to sign two-year contracts; and if they decide to try another search engine, they merely type it into their browser's location bar, and they're off and running.
    2. Want to keep your users? Just make it easy for them to leave.
    1. Google's move to release location data highlights concerns around privacy. According to Mark Skilton, director of the Artificial Intelligence Innovation Network at Warwick Business School in the UK, Google's decision to use public data "raises a key conflict between the need for mass surveillance to effectively combat the spread of coronavirus and the issues of confidentiality, privacy, and consent concerning any data obtained."
  5. Mar 2020
    1. Google Analytics Premium (later to be renamed Google Analytics 360)

      Google Analytics Premium was a better name, because it is very clear what it is.

      Google Analytics 360 sounds dumb to me. What does 360 have to do with anything?

      Reminds me Xbox Live 360 (and, though an unrelated number, Office 365). Are they copying Microsoft?

      Reminds me of YouTube Red. Where do they come up with this stuff?

    1. The process of collecting and storing user consent from a technical perspective
    2. First-party cookies are the lifeblood of every website, enabling businesses to remember key pieces of information about users and to collect analytics data. Third-party cookies are the bread and butter of AdTech, allowing publishers to monetize their websites, and brands to run advertising and marketing campaigns.
    1. They are in place to prevent brute forcing a password. If you had to complete these every time you login, a person has to be there to answer it. This makes it so you can’t leave a guessing software to break your password. So, in short, it's for your account’s safety.
    1. Don't be discouraged when you get feedback about a method that isn't all sunshine and roses. Facets has been around long enough now that it needs to maintain a certain degree of quality control, and that means serious discernment about what goes into the library. That includes having in depth discussions the merits of methods, even about the best name for a method --even if the functionality has been accepted the name may not.

      about: merits

    1. The whole point of not relying on debt excessively in normal times is precisely to be able to use debt massively and without hesitation in situations like this.
    1. It is recommended that a library should have one subclass of StandardError or RuntimeError and have specific exception types inherit from it. This allows the user to rescue a generic exception type to catch all exceptions the library may raise even if future versions of the library add new exception subclasses.
    1. Historically, the communitarian bases of the American legal system supported the subordination of individual rights when necessary for the preservation of common good. Quarantine measures were subjected to a deferential review supporting the states' right to substantially limit individual rights for the community's benefit.
    2. The treatment of quarantine reflects the latter. Courts and academics rarely expressed doubt about the validity of quarantine regulations, since the courts presumed that actions taken under the police power were constitutional.10,11 Challenges to the Fourteenth Amendment, usually successful when governmental intervention interfered with individual liberties, were not well received by the courts when communicable disease regulations, including quarantine, were involved.
    3. quarantine was already a well established form of public health regulation, and was considered proper exercise of the police power of the states; the Supreme Court, in its affirmation of this power, noted that the state had the power to quarantine “to provide for the health of the citizens.”10,11 The uncontrollable nature of epidemic diseases moved the Supreme Court to uphold such extreme measures on the basis of the defense of the common good.8
    1. The visitors of that blog post will get third-party non-essential cookies unless they previously set their browser to block cookies.
    1. Also, make sure your client will handle an unexpected response. Don’t assume that the comment-check API will always return either true or false. An invalid request may result in an error response; additional information will usually be available in HTTP headers. And of course, a connectivity problem may result in no response at all. It’s important not to misinterpret an invalid response as meaning spam or ham.
    1. Then there’s markup inside each paragraph, like links and such. You could do it right in the translation strings, but your translator then needs to know how to handle the markup, and you risk duplicating knowledge if you go as far as to hard-code link URLs. What I do is split up the translations, but keep them under the same key: en.yml1 2 3 4 log_in_or_sign_up: text: "%{log_in} or %{sign_up} to do stuff." log_in: "Log in" sign_up: "Sign up" header.erb1 2 3 4 5 <%= t( :'log_in_or_sign_up.text', log_in: link_to(t(:'log_in_or_sign_up.log_in'), login_path), sign_up: link_to(t(:'log_in_or_sign_up.sign_up'), signup_path) ) %> This way, the translator sees no code or markup (except for the i18n interpolation syntax) and there is no duplication.
    2. You probably don’t want one translation key per sentence, though. It’s helpful for the translator to have context rather than a lot of short strings, and less fiddly on your part.
    1. Translatable strings should be limited to one paragraph; don’t let a single message be longer than ten lines. The reason is that when the translatable string changes, the translator is faced with the task of updating the entire translated string. Maybe only a single word will have changed in the English string, but the translator doesn’t see that (with the current translation tools), therefore she has to proofread the entire message.
    1. Layouts uses the Bootstrap framework, so everything you build with it is responsive. Sites that you build with Layouts display great on desktops, tablets and phones. The Bootstrap grid will shift and adjust automatically according to the screen size. Layouts gives you additional control over the exact appearance in every width. You can manually select how the grid will appear, to get perfect positioning on every device. You can even completely hide parts of the page if you don’t want them to appear on narrow screens.

      Good illustration

    1. the feature was dropped to “lack of use.”

      I don't find the reason "lack of use" sufficient in its own right. (I personally didn't use this feature.) People might not use it because they don't know about. And those that do use may find it extremely useful; it's not their fault if others don't know about it or use. It seems to discriminate a bit against the minority who may use a useful feature. They would rather be in the majority, safe from having one of their favorite features removed.

      But I do understand and appreciate the good explanation given below.

  6. Feb 2020
    1. As a result, there is a natural tendency for people to prefer private channels of communication. The intentions are good, as people are looking to reduce noise for others, but this can lead to the same problems as described elsewhere on this page
    1. Do Browse like a user wouldTake natural pauses that users would take to consume page contentFocus on the most common use cases, rather than all the possible use casesTake note of pages where forms/logins occur, you will likely need to complete some scripting there
    1. But, let’s be pragmatic for a second, the 80/20 rule states that you get 80% of the value from 20% of the work and a couple of simple tests are vastly better than no tests at all. Start small and simple, make sure you get something out of the testing first, then expand the test suite and add more complexity until you feel that you’ve reached the point where more effort spent on realism will not give enough return on your invested time.
    1. Load Testing Manifesto Simple testing is better than no testingLoad testing should be goal orientedLoad testing by developersDeveloper experience is super importantLoad test in a pre-production environment
    1. Nix is a purely functional package manager. This means that it treats packages like values in purely functional programming languages such as Haskell — they are built by functions that don’t have side-effects, and they never change after they have been built.
    1. I was able to use the "Gift to a Friend" link on HB on a game I already owned and was able to generate an email to a friend. They were able to successfully get the game.Seeing that my Steam account is linked to HB, I was more worried about clicking the "Reveal Your Steam Key" and getting hosed that way.
    1. It's a good practice to create respond_to_missing? if you are overriding method_missing. That way, the class will tell you the method you are calling exists, even though it's not explicitly declared.
    2. In my opinion respond_to_missing? should never return true as default. Instead, it should be something like check_if_method_meet_condition || super . Another thing is that it is usually defined as respond_to_missing(method_name, include_private = false)
  7. Jan 2020
    1. a private library is not an ego-boosting appendages but a research tool. The library should contain as much of what you do not know as your financial means … allow you to put there. You will accumulate more knowledge and more books as you grow older, and the growing number of unread books on the shelves will look at you menacingly. Indeed, the more you know, the larger the rows of unread books. Let us call this collection of unread books an antilibrary.
  8. Dec 2019
    1. "The replication crisis, if nothing else, has shown that productivity is not intrinsically valuable. Much of what psychology has produced has been shown, empirically, to be a waste of time, effort, and money. As Gibson put it: our gains are puny, our science ill-founded. As a subject, it is hard to see what it has to lose from a period of theoretical confrontation. The ultimate response to the replication crisis will determine whether this bout is postponed or not."