if an ID token is intercepted and the system doesn’t validate it properly, attackers can impersonate users.

user has granted a permission for the client to get an ID token, but she didn’t imagine that the permission would enable the client to call APIs of the irrelevant resource server.

client that has no relationship with the resource server can access APIs of the resource server using an ID token that the client has legitimately obtained in an utterly irrelevant context.

your ID token will not have granted scopes

API shouldn’t accept a token that is not meant for it. If it does, its security is at risk. In fact, if your API doesn't care if a token is meant for it, an ID token stolen from any client application can be used to access your API

If your API accepts an ID token as an authorization token, to begin with, you are ignoring the intended recipient stated by the audience claim

REST must be the most broadly misused technical term in computer programming history

"be conservative in what you do, be liberal in what you accept from others"

scientifique doit tout savoir sur ce qui est attendu avant de pouvoir être surpris, et cela nécessite de l'expérience sur le terrain.

best way to estimate is to do ranking.

The only way in which one can know the world is through the means by which they know the world; a method cannot justify itself. This argument can be seen as directly related to Wittgenstein's theory of language

Nudges steer people towards a particular behaviour by creating environmental conditions that trigger a given heuristic strategy. In contrast, boosts change behaviour by fostering people’s decision-making competences

Loaded language (also known as loaded terms, emotive language, high-inference language and language-persuasive techniques) is rhetoric used to influence an audience by using words and phrases with strong connotations.

Scrum makes visible the relative efficacy of current management, environment, and work techniques, so that improvements can be made.

{ "kind":"reveal", "source":"tz1WmhTgcckoDagACbXAxatWMKy7yesY349p", "fee":"0", "counter":"1527770", "gas_limit":"10000", "storage_limit":"0", "public_key":"edpkva47oZEvUyhonx13xfBBVckJDYHWXHUZmdoz7gxiZE8tW45FjK" }

REST concentrates all of the control state into the representations received in response to interactions. The goal is to improve server scalability by eliminating any need for the server to maintain an awareness of the client state beyond the current request. An application's state is therefore defined by its pending requests, the topology of connected components (some of which may be filtering buffered data), the active requests on those connectors, the data flow of representations in response to those requests, and the processing of those representations as they are received by the user agent.

REST components perform actions on a resource by using a representation to capture the current or intended state of that resource and transferring that representation between components

model application is therefore an engine that moves from one state to the next by examining and choosing from among the alternative state transitions in the current set of representations. Not surprisingly, this exactly matches the user interface of a hypermedia browser.

application state is controlled and stored by the user agent and can be composed of representations from multiple servers

REST is defined by four interface constraints: identification of resources; manipulation of resources through representations; self-descriptive messages; and, hypermedia as the engine of application stat

// Create a wallet const wallet = arianee.fromRandomKey();

one can subscribe to an RSS/ATOM feed of annotations

Contrairement à l'enregistrement, aucun des services susmentionnés ne nécessite un agrément obligatoire pour pouvoir exercer

Remembrance Agent

what is the goal of a scientific experiment at hand? If the goal is to establish a discrepancy with the null hypothesis and/or establish a pattern of order, because both requires ruling out equivalence, then NHST is a good tool

The figure was prepared with G-power for a one-sided one-sample t-test, with a sample size of 32 subjects, an effect size of 0.45, and error rates alpha=0.049 and beta=0.80. In Fisher’s procedure, only the nil-hypothesis is posed, and the observed p-value is compared to an a priori level of significance. If the observed p-value is below this level (here p=0.05), one rejects H0. In Neyman-Pearson’s procedure, the null and alternative hypotheses are specified along with an a priori level of acceptance. If the observed statistical value is outside the critical region (here [-∞ +1.69]), one rejects H0.

A note that is not connected to this network will get lost in the card file and ill be forgotten by it.

There are two possible ways to assemble a draft with the help of notes from the archive: Copy and paste everything into a single document and rewrite later. This creates a strong relationship between your draft and your notes right away. If you change the notes in the process, the changes won’t be reflected in your draft. Reference notes instead of pasting their content. This is a much weaker relationship. You don’t rely on the content of a note itself, but on the note’s existence

don’t like wikis for knowledge work

Middle Layer: Structure Notes