154 Matching Annotations
  1. Jul 2020
    1. One of the best ways is to use “promises,”
    2. the functions named step* are all of single use, they are created only to avoid the “pyramid of doom.” No one is going to reuse them outside of the action chain. So there’s a bit of namespace cluttering
    3. function that does something asynchronously should provide a callback argument where we put the function to run after it’s complete
    1. No matter how large an incumbent may be, they are always vulnerable to a new entrant that makes buyers and sellers happier. In other words, happiness — not scale — is your moat
    2. The marketplace that wins is the marketplace that figures out how to make their buyers and sellers meaningfully happier than any substitute. GMV is irrelevant
    1. education system taught us to be proud of success and be embarrassed by failures and this extends to the business sector
    1. It's possible for a document to match more than one match statement. In the case where multiple allow expressions match a request, the access is allowed if any of the conditions is true

      overlapping match statements

    2. If you want rules to apply to an arbitrarily deep hierarchy, use the recursive wildcard syntax, {name=**}
    3. Security rules apply only at the matched path, so the access controls defined on the cities collection do not apply to the landmarks subcollection. Instead, write explicit rules to control access to subcollections
    1. Applications built with just React usually have a single root DOM node
    2. Elements are what components are “made of”,
    3. a syntax extension to JavaScript
    1. The Document Object Model (DOM) is a programming interface for HTML and XML documents

      it's an API

    1. HTML, the Web's markup language, is specified in terms of the DOM
    2. (DOM) is a cross-platform, language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. Objects in the DOM tree may be addressed and manipulated by using methods on the objects
    3. the umbrella term "JavaScript" as understood in a web browser context contains several very different elements. One of them is the core language (ECMAScript), another is the collection of the Web APIs, including the DOM (Document Object Model)
    1. JavaScript functions are themselves objects — like everything else in JavaScript — and you can add or change properties on them

      how can we add or change properties on a function?

      edit: see below section (Custom objects)

    2. name provided to a function expression as above is only available to the function's own scope
    3. rest parameter operator is used in function parameter lists with the format: ...variable

      similar to args in python

    4. supports functional programming — because they are objects, functions may be stored in variables and passed around like any other object
    5. most common host environment is the browser, but JavaScript interpreters can also be found in a huge list of other places
    1. only the @firebase/testing Node.js module supports mocking auth in Security Rules, making unit tests much easier
    1. There's not a way to do this. What you could do instead is use Cloud Functions HTTP triggers as an API for writing data. It could check the conditions you want, then return a response that indicates what's wrong with the data the client is trying to write. I understand this is far from ideal, but it might be the best option you have right now

      it's definitely far from ideal :(

  2. Jun 2020
    1. Normalize the database for this case if your data is going to be modified multiple times
    2. Cloud Functions working on the server or WriteBatches working on the client
    3. Duplicated data is a common practice when working with non-relational databases as Firebase. It saves us from performing extra queries to get data making data retrieval faster and easier
    4. normalizing our dabatase will help us. What means normalize? Well, it simply means to separate our information as much as we can

      directly contradicts firebase's official advice: denormalize the structure by duplicating some of the data: https://youtu.be/lW7DWV2jST0?t=378

    1. Denormalization is a database optimization technique in which we add redundant data to one or more tables
    1. Documents in Cloud Firestore should be lightweight, and a chat room could contain a large number of messages
    2. documents support extra data types and are limited in size to 1 MB
    3. In Cloud Firestore, the unit of storage is the document. A document is a lightweight record that contains fields, which map to values. Each document is identified by a name.
    4. Cloud Firestore's NoSQL data model, you store data in documents that contain fields mapping to values
    1. You can use any Firebase Database URL as a REST endpoint. All you need to do is append .json to the end of the URL and send a request
    1. The section of code with exports.app = functions.https.onRequest(app); exposes your express application so that it can be accessed. If you don't have the exports section, your application won't start correctly
    2. can also think of collections similarly to tables in a SQL Database
    3. NoSQL databases typically perform better and are easier to scale due to the nature of their data access and storage
    4. we’re going to use cloud firestore because it’s easier to work with and more versatile
    5. n an enterprise environment, you would likely use the express router and the code would probably look a little less verbose
    6. Firebase Functions enables you to use the ExpressJS library to host a Serverless API. Serverless is just a term for a system that runs without physical servers. This is a bit of a misnomer because it technically does run on a server, however, you’re letting the provider handle the hosting aspect
    1. Serverless architectures refer to applications that significantly depend on third-party services (known as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”). This simply means the application developer does not need to worry about provisioning servers and scaling them but simply relies on infrastructure and services already built for all of that
    1. offline-first application let’s move to some tools available already for Android platform
    2. what if you really need that backend source of data and what if you want to send some data to it as well? The answer is: make it offline-first – design and write your application as if there was no internet connection at all
  3. May 2020
    1. Machine learning has a limited scope
    2. AI is a bigger concept to create intelligent machines that can simulate human thinking capability and behavior, whereas, machine learning is an application or subset of AI that allows machines to learn from data without being programmed explicitly
    1. Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed
    1. machines tend to be designed for the lowest possible risk and the least casualties

      why is this a problem?

    2. machines must weigh the consequences of any action they take, as each action will impact the end result
    3. goals of artificial intelligence include learning, reasoning, and perception
    4. refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions
    1. Illegal economies often work faster than governments’ and NGOs’ ability to formalise and implement conservation strategies
    2. conservationists agree that the solution to saving the world’s tropical forests involves working closely with local communities, empowering them to be active conservationists in their own territories
    3. Environmental authorities also reported an increase in illegal logging, wild animal trafficking and poaching of large cats since quarantine began
    4. increased deforestation they are seeing in lockdown will lead to even bigger forest fires during Brazil’s dry season
    5. ‘the government is distracted with this health crisis, they won’t pay attention to us’
    6. destroying rainforest ecosystems raises the odds of new pathogens making the jump from animals to humans. It also harms our ability to deal with climate change, as tropical forests are a key component in absorbing carbon dioxide from the atmosphere
    7. criminal groups and opportunists expanding their activities, taking advantage of lockdown and diminished forest monitoring and government presence. The second is that people living in these rural areas are facing increased economic pressures and are forced to rely more heavily on nature for food and income
    8. Kenya has reported increased bushmeat and ivory poaching, as well as increases in charcoal production
    9. Environmental agencies have reported an uptick in deforestation during lockdowns, as well as increases in poaching, animal trafficking and illegal mining worldwide
    1. git describe [--tags] describes the current branch in terms of the commits since the most recent [possibly lightweight] tag in this branch's history. Thus, the tag referenced by git describe may NOT reflect the most recently created tag overall.
    1. Digital Asset Links protocol treats subdomains in your intent filters as unique, separate hosts
    2. When android:autoVerify="true" is present on any one of your intent filters, installing your app on devices with Android 6.0 and higher causes the system to attempt to verify all hosts associated with the URLs in any of your app's intent filters
    1. Because Airtable functions like a spreadsheet with rows and columns, it is not suitable for writing long form content or text based notes. You can’t create wikis or write articles. Heck, it is not suitable for taking notes like we do in Evernote and OneNote
    2. Airtable is database driven where you will be working with a spreadsheet for managing data from different sources
    3. Notion is more about creating a hub of knowledge or a knowledgebase
    1. focus not just on design, but on our broader relationship with nature
    2. our houses will need to be better ventilated and offer more light
    3. cities would need to make more provisions for cycling, and cities may need to “offer more paths and small roads so there are alternative ways to get around
    4. the city of the future needs to be more localised, not just in food but in access to day-to-day amenities
    5. to reduce risk, our cities may need to become more localised and self-sufficient in the future
    6. urban farming feeding millions when there is little other choice
    7. building a city resilient to pandemics is thinking about how to source food
    8. Cities of the future are going to have to be designed to deal with completely invisible flows
    9. making different use of our current spaces, implementing further sanitation and transitioning toward more room for pedestrians are all going to be key features in a pandemic-resilient city of the future
    10. our cities will need to be more adaptable, according to Johan Woltjer from University of Westminster’s School of Architecture and Cities. “During a crisis like we’re in at the moment, it would mean creating temporary housing and [having] health centres be built more flexibly and have space available in cities for those
    11. close off parts of the city to traffic and open them up for exercise
    12. Tackling basic sanitation is the first step in building a healthier city. “That means appropriate water and sanitation systems and good quality houses
    13. they are hubs for transnational commerce and mobility, densely populated and hyper-connected cities can amplify pandemic risk

      nyc

    14. calls for cities to focus on health in their planning have been growing. “For the resilient, sustainable cities we all want and need, urban plans need to be designed, evaluated and approved using a health lens,”
    15. As these cities grew, outbreaks of typhoid and cholera became such major public health issues that they led to the construction of entire new sanitation systems: sewers
    16. how might we design the cities of tomorrow so that the outdoors doesn’t become a no-go zone, but remains a safe and habitable space?
    17. Modern cities weren’t designed to cope with life during a pandemic, and this upside-down way of living has turned them into “a disorganised array of disconnected bedrooms and studios”
    1. Dynamic Link Builder API on iOS and Android. This is the preferred way to dynamically create links in your app for user-to-user sharing or in any situation that requires many links

      sharing function

    2. Firebase console. This is useful if you're creating promo links to share on social media
    3. four ways you can create a Dynamic Link
    1. you must use a URL prefix with either a different domain or a different path prefix
    2. take care that your Dynamic Link URLs don't conflict with your web URLs. When you configure Dynamic Links to use a particular URL prefix, all URLs that begin with that prefix are treated as Dynamic Links, so you can't use URLs with that prefix to point to ordinary hosted content
    1. Android App Links on Android 6.0 (API level 23) and higher allow an app to designate itself as the default handler of a given type of link
  4. Apr 2020
    1. Not many beginning developers will pick up Dart on their journey and finding new people for your mobile team can also be a challenge
    2. Lack of third-party libraries
    3. follows the reactive development architecture, but with a twist. The main thing to know about reactive programming is that it updates UI contents automatically when you update the variables in the code
    4. open source technology for creating native Android and iOS apps with a single codebase
    1. the relative differences in apk size would likely be smaller with larger apps. Flutter's overhead size is fixed
    1. They are both trying to extract common parts above platform, but Kotlin Multiplatform is interested in logic extraction when Flutter is interested in view definitions extraction. They concentrate on the opposite, and they might highly benefit from working together
    1. Wordless Music seeks to demonstrate that the various boundaries and genre distinctions separating music today – popular and classical; uptown and downtown; high art and low – are artificial constructions in need of dismantling
    1. Validators, like all attribute extensions, are only called by normal userland code; they are not issued when the ORM is populating the object
  5. Dec 2019
    1. Werkzeug provides a development server: a simple web server that you can run with a single command and almost no configuration. When you do flask run (or werkzeug.serving.run_simple()), this development server is what you are getting
  6. Nov 2019
  7. Oct 2019
    1. When using account linking it is important to be aware that some limitations exist. First, only two accounts can participate in a link. If an attempt is made to link to an account which is already linked, the new link will replace the original link. It is also not possible to link two accounts associated with the same authentication provider. While a Facebook account may be linked with a Google account, for example, it is not possible to link two Google provider based accounts. An attempt to link accounts from the same provider will result in an exception containing a message which reads as follows: User has already been linked to the given provider. Account linking can only be performed at the point at which a new account is created. It is not possible, in other words, to link two pre-existing accounts. A workaround to this limitation is to delete one of the two accounts and then establish the link while re-creating the account

      so user cannot have 2 phone numbers or 2 emails :( :(

    1. foundation of empathic design is observation and the goal to identify latent customer needs in order to create products that the customers don't even know they desire, or, in some cases, solutions that customers have difficulty envisioning due to lack of familiarity with the possibilities offered by new technologies or because they are locked in a specific mindset. Empathic design relies on observation of consumers

      people don't always know what they want

    1. recommend using Firebase when the API calls involve any user data and the API is intended to be used in flows where the user has an user interface
    2. An API key is a simple encrypted string that identifies a Google Cloud Platform (GCP) project for quota, billing, and monitoring purposes. A developer generates an API key in a project in the GCP Console and embeds that key in every call to your API as a query parameter
    1. This is useful if just a subset of the operations need the API key

      can we do wildcard paths at all?

    2. PI keys are supposed to be a secret that only the client and server know. Like Basic authentication, API key-based authentication is only considered secure if used together with other security mechanisms such as HTTPS/SSL
    1. API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key

      hmmm... what about client-API architectures where there are no username/pwd pairs?

    2. Cloud Endpoints handles both API keys and authentication schemes, such as Firebase or Auth0
    1. Access control for GCP APIs encompasses authentication, authorization, and auditing. Authentication determines who you are, authorization determines what you can do, and auditing logs record what you did
    2. Application credentials provide the required information about the caller making a request to a GCP API. Valid credential types include API keys, OAuth 2.0 client credentials, or service account keys.
    1. OAuth can be many things. It is most commonly used to allow an application (the consumer) to access data or services that the user (the resource owner) has with another service (the provider), and this is done in a way that prevents the consumer from knowing the login credentials that the user has with the provider
    1. For each call to your API, user should send token with every API request and you should validate the encoded toke and either deny or send back the response.
    1. Cloud IAP enables you to configure Cloud IAP policies for individual resources in a Google Cloud Platform (GCP) project. Multiple apps within a project can each have different access policies
  8. Sep 2019
    1. deploying an App Engine standard or flexible environment application and securing it with Cloud Identity-Aware Proxy (Cloud IAP)

      isn't IAP sufficient to secure apps, then?

    1. On the App Engine flexible environment, ESP is automatically deployed for you when you add a few lines to your app.yaml file. For more information, see Deploying your API and ESP. For the App Engine standard generation 1 environment, you must use Endpoints Frameworks. If you instead deploy the container to one of the compute options above, you can proxy to either generation of App Engine standard runtime.

      ??

    1. Endpoints is a distributed API management system. It provides an API console, hosting, logging, monitoring, and other features to help you create, share, maintain, and secure your APIs
    1. Use your favorite API framework and language, or choose our open source Cloud Endpoints Frameworks in Java or Python. Simply upload an OpenAPI specification and deploy our containerized proxy

      oh so maybe endpoints framework is just their open source implementation that is limited to java 8 & python 2.7, otherwise endpoints is available to any stack?

    1. Endpoints Frameworks for Python is integrated with the App Engine standard Python 2.7 runtime environment. Endpoints Frameworks consists of tools, libraries, and capabilities that let you generate APIs and client libraries from an App Engine application

      this doesn't seem to be about security per se

    1. Endpoints Frameworks is supported only on the App Engine standard Python 2.7 and Java 8 runtime environments

      seems like endpoints frameworks is different from endpoints itself

  9. Jul 2019
    1. you should be mindful how often you request updates to avoid annoying or tiring your users. That is, you should limit requesting in-app updates to only the changes that are important to the functionality of your app
  10. Jun 2019
  11. Apr 2019
    1. App Engine features a local UNIX socket interface for accessing your Cloud SQL instance with automatic authorization using the App Engine service account
  12. Feb 2019