43 Matching Annotations
  1. Apr 2016
    1. A delegated solution means that one site is simply outsourcing its authentication needs to another pre-selected site. If your site uses Facebook Connect, you are delegating your authentication facilities to Facebook. Visitors to your site cannot use any other accounts, only accounts from the vendors you have pre-selected. A federated solution means that visitors to your site can use any account they have, as long as it is compatible. It makes no difference to the site which account is being used, as long as it can interoperate. At its core, OpenID is a federated solution because its most important feature is the ability to use any OpenID account with any OpenID-enabled service. A good example is stores accepting credit cards. A store that accepts any Visa card is using federated payments – payments from any account that “speaks Visa”. But a store that accepts only credit cards issued by a specific vendor, for example, a department store branded card, use delegated payments. The reason why you no longer see many stores accepting only their own credit cards, is because it is bad for business. But not every OpenID implementation is federated, and this is the big dilemma OpenID has to resolve. The question is, can users use any account they want? If a site uses the Yahoo! OpenID service by using the Yahoo! button: but does not offer the ability to use other vendors, it is really just another delegated solution, even if it is powered by OpenID under the hood. In this case, OpenID becomes just a technical detail of the implementation, not part of its design. Much of the recent discussion about OpenID usability centers around using brands as a way to make the service more usable. But the problem with this approach is that is takes away most of the federated value out of OpenID, leaving it simply as a common protocol to implement proprietary delegated services. When implemented this way, OpenID adds no real value to services with an OAuth API. The question which solution to use for sign-in, OpenID or OAuth, is very much application specific. If you are building a brand new site that needs accounts, and want to leverage existing accounts from services such as Google, Yahoo!, and Microsoft, OpenID is a great option that will give your users a lot of flexibility. But if you are extending an existing service, implementing a specific API and building a site that has great dependencies on another service, OAuth gives you everything you need, for very little extra work. It is all about using the right tool for the job.
  2. Sep 2015
  3. Jun 2015
    1. When it comes to writing code, the number one most important skill is how to keep a tangle of features from collapsing under the weight of its own complexity. I’ve worked on large telecommunications systems, console games, blogging software, a bunch of personal tools, and very rarely is there some tricky data structure or algorithm that casts a looming shadow over everything else. But there’s always lots of state to keep track of, rearranging of values, handling special cases, and carefully working out how all the pieces of a system interact. To a great extent the act of coding is one of organization. Refactoring. Simplifying. Figuring out how to remove extraneous manipulations here and there.
    1. People in this position have lost their sense of sight to detect when someone is approaching them. When you add headphones to the equation, they’ve now also lost their sense of hearing. Headphone use in a noisy open plan environment can be a catch-22. The noise is so oppressive that you want to block it out, but then you have to deal with the feeling of vulnerability and frequent startles of people approaching you from behind without hearing them.
    2. Science says we're full of it. Listening to music hurts our ability to recall other stimuli, and any pop song -- loud or soft -- reduces overall performance for both extraverts and introverts. A Taiwanese study linked music with lyrics to lower scores on concentration tests for college students, and other research have shown music with words scrambles our brains' verbal-processing skills. "As silence had the best overall performance it would still be advisable that people work in silence," one report dryly concluded. If headphones are so bad for productivity, why do so many people at work have headphones? That brings us to a psychological answer: There is evidence that music relaxes our muscles, improves our mood, and can even moderately reduce blood pressure, heart rate, and anxiety. What music steals in acute concentration, it returns to us in the form of good vibes.
    1. Simply: require('child_process').spawn('vim', ['test.txt'], {stdio: 'inherit'}); If there is nothing left in the Node.js event loop when vim exits, then node will exit automatically as well. Or, if you need to guarantee node will exit when vim does: var vim = require('child_process').spawn('vim', ['test.txt'], {stdio: 'inherit'}); vim.on('exit', process.exit); As for closing the node application before vim exits, that's not really possible because vim inherits standard input/output/error streams from the spawning process (node) which are destroyed when node exits.
    1. Last year at Google I/O, Dugan showed us "a glimpse at a small band of pirates trying to do epic shit." This year, she’ll give us more than a glimpse: we’ll see several of those projects come to fruition and several more be announced. They include tech-infused fabrics, a new security paradigm for computers, and a computer small enough to fit inside a microSD card. ATAP is also premiering a 360-degree, live-action monster movie directed by Justin Lin called Help! shot with six Red EPIC Dragon cameras on a single rig.
    2. Dugan describes everything ATAP does as "badass and beautiful," and after watching Help!, I’m inclined to agree.
    3. There’s a scale for how to think about science. On one end there’s an attempt to solve deep, fundamental questions of nature; on the other is rote uninteresting procedure. There’s also a scale for creating products. On one end you find ambitious, important breakthroughs; on the other small, iterative updates. Plot those two things next to each other and you get a simple chart with four sections. Important science but no immediate practical use? That’s pure basic research — think Niels Bohr and his investigations into the nature of the atom. Not much science but huge practical implications? That’s pure applied research — think Thomas Edison grinding through thousands of materials before he lit upon the tungsten filament for the lightbulb.
    1. The best way to find branches I've recently used is to use the following command: git for-each-ref --sort=-committerdate refs/heads/
  4. May 2015
    1. git for-each-ref --sort='-committerdate' --format='%(refname)%09%(committerdate)' refs/heads | sed -e 's-refs/heads/--'
    1. When we trivialize learning something new for other people, it sends a message. “This is easy. You should know how to do this. Why don’t you?” It’s demoralizing. If you see someone else struggling, let them know it will be okay and that you’ve been there too. It’s reassuring, as a beginner, to hear that the thing that feels so impossible will one day feel easy.
    2. For me, the feeling went away after I realized, like the Director of Photography, that no one else knew what to do either. I also started to listen to conference talks on my way into work as a way of improving and read a few books in my spare time. I talked to my friends about how I felt and asked for advice.
    3. “But what if I don’t know anything and really am an impostor?”
    4. I think we find it uncomfortable to talk about feeling inadequate. It feels like it’s a problem that’s unique to us or to our situation. The general idea is well-documented and has been discussed before by countless others.
    1. Last week we talked about giving away your passwords and how you should never do it. When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. This is a quick guide to illustrate, as simply as possible, how OAuth works. The Actors There are 3 main players in an OAuth transaction: the user, the consumer, and the service provider. This triumvirate has been affectionately deemed the OAuth Love Triangle. In our example, Joe is the user, Bitly is the consumer, and Twitter is the service provided who controls Joe’s secure resource (his Twitter stream). Joe would like Bitly to be able to post shortened links to his stream. Here’s how it works: Step 1 – The user shows intent Joe (User): “Hey, Bitly, I would like you to be able to post links directly to my Twitter stream.” Bitly (Consumer): “Great! Let me go ask for permission.” Step 2 – The consumer gets permission Bitly: “I have a user that would like me to post to his stream. Can I have a request token?” Twitter (Service Provider): “Sure. Here’s a token and a secret.” The secret is used to prevent request forgery. The consumer uses the secret to sign each request so that the service provider can verify it is actually coming from the consumer application. Step 3 – The user is redirected to the service provider Bitly: “OK, Joe. I’m sending you over to Twitter so you can approve. Take this token with you.” Joe: “OK!” <Bitly directs Joe to Twitter for authorization> Note: This is the scary part. If Bitly were super-shady Evil Co. it could pop up a window that looked like Twitter but was really phishing for your username and password. Always be sure to verify that the URL you’re directed to is actually the service provider (Twitter, in this case). Step 4 – The user gives permission Joe: “Twitter, I’d like to authorize this request token that Bitly gave me.” Twitter: “OK, just to be sure, you want to authorize Bitly to do X, Y, and Z with your Twitter account?” Joe: “Yes!” Twitter: “OK, you can go back to Bitly and tell them they have permission to use their request token.” Twitter marks the request token as “good-to-go,” so when the consumer requests access, it will be accepted (so long as it’s signed using their shared secret). Step 5 – The consumer obtains an access token Bitly: “Twitter, can I exchange this request token for an access token?” Twitter: “Sure. Here’s your access token and secret.” Step 6 – The consumer accesses the protected resource Bitly: “I’d like to post this link to Joe’s stream. Here’s my access token!” Twitter: “Done!” Recap In our scenario, Joe never had to share his Twitter credentials with Bitly. He simply delegated access using OAuth in a secure manner. At any time, Joe can login to Twitter and review the access he has granted and revoke tokens for specific applications without affecting others. OAuth also allows for granular permission levels. You can give Bitly the right to post to your Twitter account, but restrict LinkedIn to read-only access. OAuth Isn’t Perfect…Yet OAuth is a solid solution for browser based applications and is a huge improvement over HTTP basic authentication. However, there are limitations, specifically with OAuth 1.0, that make it far less secure and less user-friendly in native and mobile applications. OAuth 2.0 is a newer, more secure version of the protocol which introduces different “flows” for web, mobile, and desktop applications. It also has the notion of token expiration (similar to cookie expiration), requires SSL, and reduces the complexity for developers by no longer requiring signing.
    1. Time Travelling Without Worries But here's the best part - knowing the true nature of history, we can combo it with another cool feature of Vim - persistent undo - to be able to travel in time there and back without fear of losing anything! In other words, if you do: mkdir -p ~/.vim/undodir and then add: set undofile set undodir=~/.vim/undodir to your ~/.vimrc, you get a file-backed infinite undo. And even if you undo like a madman and then edit something, you will not lose your way back to where you’ve been. Which is pretty much a developer’s (or anyone’s, really) text-editing nirvana. Enhance you calm and enjoy a bit saner coding.
    1. Save Work On Focus Lost This feature works best in combo with infinite undo. The idea here is that everytime you leave your Vim window, all your open files are automatically saved. I find this to be extremely helpful, for example when I’m working on a laptop and continuously run unit tests in terminal. My laptop is 13'' so I prefer to run Vim full screen and with this feature, I don’t have to explicitly save my source code file; I just cmd+tab to the terminal, Vim saves the file for me and my unit tests watcher re-runs the suite. If you save unwanted changes by accident you can easily remedy that with undo. To turn autosaving on, add: :au FocusLost * silent! wa to your .vimrc. The silent! flag prevents Vim from complaining when you have open unititled buffers (see this article for details).
    1. It’s one thing to reject particular beliefs or doctrines, another to dismiss the psychological, mythological, and social power that inspires devotion.
    2. like reading an atheist on the subject of religion
    3. I think there’s nothing wrong with being fixated on superheroes when you are seven years old, but I think there’s a disease in not growing up. The enormous sums of money to be made on superhero movies are drying up the streams of financing as well as the prospect for distribution of lower-budget non-action films. They have been poison, this cultural genocide, because the audience is so overexposed to plot and explosions and shit that doesn’t mean nothing about the experience of being human. It’s a false, misleading conception, the superhero. Then, the way they apply violence to it, it’s absolutely right-wing. If you observe the mentality of most of those films, it’s really about people who are rich, who have power, who will do the good, who will kill the bad. Philosophically, I just don’t like them.
    4. Like all good caricatures, these interviews capture something of the truth, even if with exaggeration, and, as in all good interviews, the subjects speak freely, as if they were riffing unguardedly among friends.
    1. If you want a deeper explanation skip down to "The long version". ref~ is shorthand for ref~1 and means the commit's first parent. ref~2 means the commit's first parent's first parent. ref~3 means the commit's first parent's first parent's first parent. And so on. ref^ is shorthand for ref^1 and means the commit's first parent. But where the two differ is that ref^2 means the commit's second parent (remember, commits can have two parents when they are a merge). The ^ and ~ operators can be combined.
    1. You can push an alternative branch to Heroku using Git. git push heroku-dev test:master This pushes your local test branch to the remote's master branch (on Heroku).

      Push a local non-master branch to heroku master

    1. Dr. Lamport received a doctorate in mathematics from Brandeis University, with a dissertation on singularities in analytic partial differential equations. This, together with a complete lack of education in computer science, prepared him for a career as a computer scientist at Massachusetts Computer Associates, SRI, Digital, and Compaq. He claims that it is through no fault of his that of those four corporations, only the one that was supposed to be non-profit still exists. He joined Microsoft in 2001, but that company has not yet succumbed. Dr. Lamport's initial research in concurrent algorithms made him well-known as the author of LaTeX, a document formatting system for the ever-diminishing class of people who write formulas instead of drawing pictures. He is also known for writing A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable. which established him as an expert on distributed systems. His interest in Mediterranean history, including research on Byzantine generals and the mythical Greek island of Paxos, led to his receiving five honorary doctorates from European universities, and to the IEEE sending him to Italy to receive its 2004 Piore Award and to Quebec to receive its 2008 von Neumann medal. However, he has always returned to his home in California. This display of patriotism was rewarded with membership in the National Academy of Engineering, the National Academy of Sciences, and the American Academy of Arts and Sciences. More recently, Dr. Lamport has been annoying computer scientists and engineers by urging them to understand an algorithm or system before implementing it, and scaring them by saying they should use mathematics. In an attempt to get him to talk about other things, the ACM gave him the 2013 Turing Award.

      Talk about badass introductions

    1. It helps toughen us, and it helps us understand the way the world actually is, which is to say, at times, really quite indifferent to our well-being. Maybe we grow up a little bit, or somehow become less attached to the material world. I like to think that maybe I grew a little that last time I was truly and terrifyingly lost in New Mexico, with no idea of which way to turn. At the very least, I gained a better appreciation for Jack London.
    2. It may be that the generations after us are, like sheltered children, less used to loss and therefore suffer even more from it than we do now. It is something of the paradox of technological progress that, in our efforts to become invulnerable, we usually gain new, unexpected vulnerabilities, leaving us in vaguely the same condition after all.
    1. Every shell has some startup files that it consults for its configuration. Zsh has system-wide startup items in /etc/ (or, in distributions such as Ubuntu, in /etc/zsh/) and user-specific startup files (in the home directory). When Zsh starts up, it reads the following things in this order: /etc/zshenv and ~/.zshenv If the shell is a login shell: /etc/zprofile and ~/.zprofile If it’s an interactive shell: /etc/zshrc and ~/.zshrc If the shell is a login shell: /etc/zlogin and ~/.zlogin And when a user logs out from a login shell, Zsh reads /etc/zlogout and ~/.zlogout. To work out which commands you have to write in which startup files, it's important to know the different types of shells. A login shell is one that's spawned when you log in - for example, via SSH or on a virtual terminal. An interactive shell displays a prompt to the user where you can type commands - for instance, when you open a terminal window in Ubuntu. However, if you run ssh host somecommand, then this is a login shell, but is in fact a non-interactive one.
    2. Every shell has some startup files that it consults for its configuration. Zsh has system-wide startup items in /etc/ (or, in distributions such as Ubuntu, in /etc/zsh/) and user-specific startup files (in the home directory). When Zsh starts up, it reads the following things in this order: /etc/zshenv and ~/.zshenv If the shell is a login shell: /etc/zprofile and ~/.zprofile If it’s an interactive shell: /etc/zshrc and ~/.zshrc If the shell is a login shell: /etc/zlogin and ~/.zlogin And when a user logs out from a login shell, Zsh reads /etc/zlogout and ~/.zlogout. To work out which commands you have to write in which startup files, it's important to know the different types of shells. A login shell is one that's spawned when you log in - for example, via SSH or on a virtual terminal. An interactive shell displays a prompt to the user where you can type commands - for instance, when you open a terminal window in Ubuntu. However, if you run ssh host somecommand, then this is a login shell, but is in fact a non-interactive one.
    3. There's also a function periodic() that is executed every PERIOD seconds if the latter variable is set.

      Periodic commands in ZSH

    4. Zsh also makes it possible to run particular code automatically on certain occasions. You just have to define some special functions. The two most frequently used are chpwd and precmd. Zsh calls the former each time the current directory changes. The latter is called just before Zsh shows you a new prompt. Both functions are regularly used to show the current directory in the title bar of your terminal emulator. If you use programs other than the shell, which alter the title of your terminal emulator (Vim is one example), you should use precmd - it restores the title after another command has run. So this is how we show the current directory in the title bar (adapted from the manual page):

      Run commands

    5. precmd() { [[ -t 1 ]] || return case $TERM in (sun-cmd) print -Pn "\e]l%~\e\\" ;; (*xterm*|rxvt|(dt|k|E)term) print -Pn "\e]2;%~\a" ;; esac }

      Execute a command before prompt is displayed.

    6. REPORTTIME=5 TIMEFMT="%U user %S system %P cpu %*Es total"

      Report times of long running shell commands

  5. Apr 2015
    1. Like anything that cultivates an association with magic, Crystal is less impressive once you know how it works.
    2. But surely there’s a point at which algorithmically informed communication curls back around, mobius-strip style, and we end up even more remote and unknowable to each other than we were when we started.
    1. An LSH family [1] [2] [3] is defined for a metric space , a threshold and an approximation factor . This family is a family of functions which map elements from the metric space to a bucket . The LSH family satisfies the following conditions for any two points , using a function which is chosen uniformly at random: if , then (i.e., and collide) with probability at least , if , then with probability at most . A family is interesting when . Such a family is called -sensitive. Alternatively[4] it is defined with respect to a universe of items that have a similarity function . An LSH scheme is a family of hash functions coupled with a probability distribution over the functions such that a function chosen according to satisfies the property that for any . Amplification[edit] Given a -sensitive family , we can construct new families by either the AND-construction or OR-construction of .[1] To create an AND-construction, we define a new family of hash functions , where each function is constructed from random functions from . We then say that for a hash function , if and only if all for . Since the members of are independently chosen for any , is a -sensitive family. To create an OR-construction, we define a new family of hash functions , where each function is constructed from random functions from . We then say that for a hash function , if and only if for one or more values of . Since the members of are independently chosen for any , is a -sensitive family.