867 Matching Annotations
  1. Nov 2020
    1. Although I agree that -o json should return proper JSON, believe the proper way for external tools like SaltStack etc. to talk to systemd is DBus. See also saltstack/salt#20392 - everything else is more or less just hack-ish and prone to break easily.
  2. Oct 2020
    1. I'll want to generate, upload, and store a certificate for publishing NuGet packages.

    1. Focus on your application: forget about forms details like I'm dirty, field touched...
    2. You may want to execute validations in a given specific order (this can be tricky especially when you have got asynchronous validations).
    3. You can try to build a solution to tackle these issues on your own, but it will cost you time and money... why not use a battle-tested solution to handle all this complexity?
    4. If you want to implement a form with a superb User Experience, you have to take care of many variables:
    5. Form validation can get complex (synchronous validations, asynchronous validations, record validations, field validations, internationalization, schemas definitions...). To cope with these challenges we will leverage this into Fonk and Fonk Final Form adaptor for a React Final Form seamless integration.
    6. Managing Form State (holding field information, check if a control has been touched, if the user has clicked the submit button, who owns the current focus...) can be tedious and prone to errors. We can get help from React Final Form to handle these challenges for us.
    1. In the software industry we use "dependency" to refer to the relationship between two objects. We say "looking for dependents" for relationships to dependent things and "looking for dependencies" for relationships to prerequisite things, so it gets that connotation, but the literal meaning is the relationship itself, not the object. Finding a better word is exactly the point of the question
    1. I highly recommend setting a higher bound on the number of returned entities by each resolve function in your code.
    1. Yeah I see what you're saying. In my case, I had a group of classes that relied on each other but they were all part of one conceptual "module" so I made a new file that imports and exposes all of them. In that new file I put the imports in the right order and made sure no code accesses the classes except through the new interface.
    1. Doing so also means adding empty import statements to guarantee correct order of evaluation of modules (in ES modules, evaluation order is determined statically by the order of import declarations, whereas in CommonJS – and environments that simulate CommonJS by shipping a module loader, i.e. Browserify and Webpack – evaluation order is determined at runtime by the order in which require statements are encountered).

      Here: dynamic loading (libraries/functions) meaning: at run time

    2. Specifically, since Root, Rule and AtRule all extend Container, it's essential that Container is evaluated (and therefore, in the context of a Rollup bundle, included) first. In order to do this, input.js (which is the 'gateway' to all the PostCSS stuff) must import root.js, root.js must import rule.js before it imports container.js, and rule.js must import at-rule.js before it imports container.js. Having those imports ensures that container.js doesn't then try to place Root, Rule or AtRule ahead of itself in the bundle.
    3. Replaced nested `require` statements with `import` declarations for the sake of a leaner bundle. This entails adding empty imports to three files to guarantee correct ordering – see https://github.com/styled-components/styled-components/pull/100
    1. Note that the <WarningEngine/> component must be at the bottom of the form to guarantee that all the fields have registered.
    1. formvalidation: path.resolve

      Why use resolve.alias to point to 'vendors/formvalidation/dist/es6'? Why not just use an npm package and have package.json name module: 'vendors/formvalidation/dist/es6'

      Then (I think) the examples below like

      import luhn from 'formvalidation/algorithms/luhn';
      

      would work the same but without that workaround.

    1. I'm okay with an overall design that allows people to plugin the parts they need in order to be able to generically support a compile-to-javascript language, but to bake in support for one singular solution because its popular is simply bad engineering.
    2. Of all the compile-to-languages, the one that strikes me as having the least merit is JSX. It's basically a ton of added complexity for the sake of what boils down to syntax. There are no real gains in terms of language semantics in JSX.
    3. Furthermore, JSX encourages bad non-dry code. Having seen a lot of JSX over the past few months, its encourages copypasta coding.
    1. An onevent event handler property serves as a placeholder of sorts, to which a single event handler can be assigned. In order to allow multiple handlers to be installed for the same event on a given object, you can call its addEventListener() method, which manages a list of handlers for the given event on the object.
    1. Cons aren't covered by pros.
    2. An alternative (maybe not good) would be to restrict {@const} to certain blocks like {#each} and {#if}. In both cases, it significantly reduces the "multiple ways to do the same thing" problem and avoids ergonomic and performance overhead of our current situation.
    3. it also allows for more divergence in how people write there code and where they put their logic, making different svelte codebases potentially even more different due to fewer constraints. This last point is actually something I really value, I read a lot of Svelte code by a lot of different people and broadly speaking things look the same and are in the same places.
    1. Hannah Stepanek annotated the hell out of this reference. I would do well to read what she had to say.

    1. I'm suggesting there should be a way to write lifecycle related code that also responds to changing props, like how useEffect works. I think how React handles this could be a good source of inspiration.
    2. I think it just needs a few changes, possibly non-breaking additions, to be as powerful as hooks, when it comes to abstracting lifecycle related logic, and making it easy to keep effects in sync with props.
    3. I'm not sure I understand the problem, everything you are describing is already possible.
    4. If Svelte came up with some kind of hooks like API maybe it could solve both these issues at once.
    1. A “solution” to GR is more like a model in logic: it may satisfy a theory’s axioms but have other properties that are contingent (unless the theory is categorical, meaning that all of its models are isomorphic).
    1. People constantly suggest that I should have just worked with a different library instead of writing another one.
    2. It was clear no one was interested in what I was working towards.
    3. Very few were interested in furthering the platform in the places they just took for granted.
    4. but everything they were doing started to make sense
    5. Do we need another JS UI Library?
    1. React does not attempt to provide a complete "application library". It is designed specifically for building user interfaces[3] and therefore does not include many of the tools some developers might consider necessary to build an application.
    1. The $: can also be used to trigger effects.
    2. We can run effects when some data changes using watchEffect - it takes a function that runs whenever a reactive value used inside changes.
    3. There's one downside to Reacts reactivity model - the hooks (useState and useEffect) have to always be called in the same order and you can't put them inside an if block.
    4. createState and createSignal are improvements over React's useState as it doesn't depend on the order of calls.
    5. MobX - for me personally MobX is a far better way to manage state than React Hooks. It doesn't care about the UI layer so it can be used outside the React ecosystem, and it's simple to mutate data.
    1. Confidence to express ignorance is a super power. One good way I hone this skill is by saying “Nothing to add” when I have nothing to add, instead of repeating what other people said.
    1. r self-r

      This paragraph discuses the use of the word "bullshit" as it is used in every day life. Decide whether this is arguement, structure or both.

    2. A Kind Word for Bullshit: The Problem of Academic Writin

      Add MLA citation

  3. leanprover.github.io leanprover.github.io
  4. Sep 2020
    1. It is showed as an error, but it is a warning as it doesn't break anything. I hate having warning/error in my console not coming from me. It is not justified as it's not bad practice imho
    1. setContext / getContext can only be used once at component init, so how do you share your API result through context? Related: how would you share those API results if the call was made outside of a Svelte component, where setContext would be even more out of the question (and the API call would arguably be better located, for separation of concerns matters)? Well, put a store in your context.
    1. let:hovering={active}

      It seems like it should be the other way around:

      let:active={hovering}
      

      to make it look like a regular let assignment.

      It's only when you consider what/how let:hovering on its own means/works that it makes a bit more sense that it is the way it is. When it's on its own, it's a little clearer that it's saying to "make use of" an available slot prop having the given name. (Very much like bind, where the LHS is also the name of the prop we're getting the data from.) Obviously we have to identify which prop we're wanting to use/pull data from, so that seems like the most essential/main/only thing the name could be referring to. (Of course, as a shortcut (in this shorthand version), and for consistency, it also names the local variable with the same name, but it wouldn't have to.)

      Another even simpler way to remember / look at it:

      1. Everything on the left hand of an prop/attribute [arg] corresponds to something in the component/element that you're passing the [arg] to. Usually it's a prop that you're passing in, but in this case (and in the case of bind:) it's more like a prop that you're pulling out of that component, and attaching to. Either way, the name on the LHS always corresponds to an export let inside that named component.
      2. Everything on the right side corresponds to a name/variable in the local scope. Usually it passes the value of that variable, but in the case of a let: or bind: it actually "passes the variable by reference" (not the value) and associates that local variable with the LHS (the "remote" side).

      Another example is bind: You're actually binding the RHS to the value of the exported prop named on the LHS, but when you read it (until you get used to it?) it can look like it's saying bind a variable named LHS to the prop on the RHS.

    1. The benefit of this approach is that rather than having these defaults and fighting against them, it’s fully up to you to decide how to handle everything.
    2. Rollup also does something very different compared to the other bundlers. It only tries to achieve one simple goal: Bundle ES modules together and optimise the bundle.
    3. Unfortunately, many third party libraries, even though they are written in ESM, are published to npm as CJS modules, so we still need to concatenate them.
    1. Luckily, there is absolutely no good reason not to use strict mode for everything — so the solution to this problem is to lobby the authors of those modules to update them.
    1. DX: start sapper project; configure eslint; eslint say that svelt should be dep; update package.json; build fails with crypt error; try to figure what the hell; google it; come here (if you have luck); revert package.json; add ignore error to eslint; Maybe we should offer better solution for this.
    2. When the message say function was called outside component initialization first will look at my code and last at my configuration.
    1. If you want this control then wrap them in a DOM node that the parent controls. If you want to pass in values then use props and if you want to pass in values from higher up the tree, the new style RFC may be able to help.
    1. I think Svelte's approach where it replaces component instances with the component markup is vastly superior to Angular and the other frameworks. It gives the developer more control over what the DOM structure looks like at runtime—which means better performance and fewer CSS headaches, and also allows the developer to create very powerful recursive components.
    2. They don't need to add a prop for every action. The action itself can be passed in as a prop. <script> export let action; </script> <div use:action>whatever</div> The argument for the action can be another prop or can be part of the same prop.
    1. There are tools in Svelte that break this expectation to a degree, but they are a bit annoying to use, which makes it an active decision on the part of the developer. The API hints at the way we want you to do things because we feel that this will give the better experience.
    2. Most of the linked issues, as well as this RFC, attempt to solve this problem by relaxing Svelte's CSS scoping rules, providing a better API with which to use global, or by manually passing down classes. We have never found this to be an acceptable solution which is why those issues have been closed. That position has not changed.
    1. If your reaction to the video was 'fine, but if we use TypeScript and write plugins for each editor then we can get all the autocomplete and syntax highlighting stuff' — in other words, if you believe that in order to achieve parity with CSS it makes sense to build, document, promote and maintain a fleet of ancillary projects — then, well, you and I may never see eye to eye!
  5. Aug 2020
  6. Jul 2020
    1. "that text has been removed from the official version on the Apache site." This itself is also not good. If you post "official" records but then quietly edit them over time, I have no choice but to assume bad faith in all the records I'm shown by you. Why should I believe anything Apache board members claim was "minuted" but which in fact it turns out they might have just edited into their records days, weeks or years later? One of the things I particularly watch for in modern news media (where no physical artefact captures whatever "mistakes" are published as once happened with newspapers) is whether when they inevitably correct a mistake they _acknowledge_ that or they instead just silently change things.
    1. The meta charset information must also be the first child of the <head> tag. The reason this tag must be first is to avoid re-interpreting content that was added before the meta charset tag.

      But what if another tag also specified that it had to be the first child "because ..."? Maybe that hasn't happened yet, but it could and then you'd have to decide which one truly was more important to put first? (Hopefully/probably it wouldn't even matter that much.)

    1. Matz, alas, I cannot offer one. You see, Ruby--coding generally--is just a hobby for me. I spend a fair bit of time answering Ruby questions on SO and would have reached for this method on many occasions had it been available. Perhaps readers with development experience (everybody but me?) could reflect on whether this method would have been useful in projects they've worked on.
  7. Jun 2020
    1. OK, so what about regular messages? Turns out they are not encrypted after all. Where Signal implements the security and privacy protocols right from the start, Telegram separates the two and offers an additional option. The problem is that not everyone is aware of the Secret Chat option and first-time users may send sensitive information in the regular chat window unknowingly.
  8. May 2020
    1. Pipes are great for taking output of one command and transforming it using other commands like jq. They’re a key part of the Unix philosophy of “small sharp tools”: since commands can be chained together with pipes, each command only needs to do one thing and then hand it off to another command.
    1. We believe everyone deserves to report to exactly one person that knows and understands what you do day to day. The benefit of having a technically competent manager is easily the largest positive influence on a typical worker’s level of job satisfaction. We have a simple functional hierarchy, everyone has one manager that is experienced in their subject matter.
    1. The "'strict-dynamic'" source expression aims to make Content Security Policy simpler to deploy for existing applications who have a high degree of confidence in the scripts they load directly, but low confidence in their ability to provide a reasonable list of resources to load up front.
  9. Apr 2020
    1. If you're wearing the same shoes as I have so many times before where you're trying to make yourself heard and do what you ultimately believe is in the organisation's best interests
    1. What we actually want to do is to escape content if it is unsafe, but leave it unescaped if it is safe. To achieve this we can simply use SafeBuffer's concatenation behavior:
    2. Our helper still returns a safe string, but correctly escapes content if it is unsafe. Note how much more flexible our group helper has become because it now works as expected with both safe and unsafe arguments. We can now leave it up to the caller whether to mark input as safe or not, and we no longer need to make any assumptions about the safeness of content.
    1. The only goal is correctness. Code style is not a consideration. Providing the level of configuration necessary to make everyone happy would be a huge distraction from the main purpose. After conversion, I recommend using rubocop's awesome --auto-correct feature to apply your preferred code style.
    1. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    2. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. This isn’t the first time Kerckhoffs’ Principle has come up. I specifically discussed it when talking about creating good, strong Master Passwords, when I said that we should use a system for coming up with Master Passwords that doesn’t lose its strength if the attacker knows the system that we used
    2. Kerckhoffs’ Principle states that you should assume that your adversary knows as much about the system you use as you do. This is why – despite what I may have said on April Fools Day last year – security experts are skeptical of security systems that hide the details of how they operate. They are particularly skeptical of systems that derive their security from keeping the details of how they work secret. I could go on at great length about why openness about the system improves security. Indeed, my first draft of this article did go on at great length.
    1. The handler can be a method or a Proc object passed to the :with option. You can also use a block directly instead of an explicit Proc object.

      Example of: letting you either pass a proc (as a keyword arg in this case) or as a block.

  10. Mar 2020
    1. you have less direct control as you must rely on the vendor’s adherence to IAB’s guidelines for compliance.
    2. Directly blocking the vendor scripts (using another prior blocking method), then executing them only after consent has been collected. This method requires more implementation work and it’s a bit slower in terms of execution time, but it allows personalized ads to be served from the first page view (where consent hasn’t been collected yet) and gives you more direct and solid control in regards to ensuring compliance.

      pros:

      • allows personalized ads to be served from the first page view (where consent hasn’t been collected yet)
      • gives you more direct and solid control in regards to ensuring compliance.
    1. When submitting new methods for consideration, it is best if each method (or tightly related set of methods) is in it's own pull request. If you have only one method to submit then a simple commit will do the trick. If you have more than one it best to use separate branches. Let me emphasizes this point because it makes it much more likely that your pull request will be merged. If you submit a bunch of methods in a single pull request, it is very likely that it will not be merged even if methods you submitted are accepted!
    1. Earlier this year it began asking Europeans for consent to processing their selfies for facial recognition purposes — a highly controversial technology that regulatory intervention in the region had previously blocked. Yet now, as a consequence of Facebook’s confidence in crafting manipulative consent flows, it’s essentially figured out a way to circumvent EU citizens’ fundamental rights — by socially engineering Europeans to override their own best interests.
    1. The business had a policy that you should report safety incidents when you see them. The process around that was you fill out a form and fax it to a number and someone will take action on it. The safety manager in this company saw that and decided to digitize this workflow and optimize it. Once this process was put into place, the number of safety incidents reported increased 5 times. The speed at which safety incidents were addressed increased by 60%.
  11. Feb 2020
  12. Jan 2020
    1. One thing well. rbenv is concerned solely with switching Ruby versions. It's simple and predictable.
  13. Dec 2019
    1. Best to-do list app for taking control of your to-do list
    2. Games are fantastic at motivating mundane activity—how else can you explain all that time you've spent on mindless fetch quests? Habitica, formerly known as HabitRPG, tries to use principles from game design to motivate you to get things done, and it's remarkably effective
    3. The best to-do list apps
    4. Because keeping track of your tasks is an intensely personal thing, and people will reject anything that doesn't feel right pretty much instantly.
    1. For example: I wanted a way to add recurring tasks to my list, so I wrote a simple bash script called goodmorning.sh. It uses the command prompt client to quickly add a bunch of tasks to my todo list of choice. I run this script first thing in the morning every workday, and I like it better than any built-in system I’ve found for recurring tasks, because it’s fully under my control.
    1. It doesn't use a database (unlike Keepass) and thus doesn't open all passwords at once. Just one at a time. Since it's just a directory of encrypted files, you can access your passwords with any PGP-compatible tool.
    1. Using find and cpio is a more unix-y approach in that you let find do the file selection with all the power that it has, and let cpio do the archiving. It is worth learning this simple use of cpio, as you find it easy to solve problems you bang your ahead against when trying tar.
  14. Nov 2019
    1. Knowing the "risk", I was very happy to find this post (and the comments for the actual keyword). I didn't want more than read two frickin' paragraphs. I did not intend to give any personal details, payment information or whatever. Maybe there was a man in the middle and the information displayed had been altered - so what? "There's someone wrong on the internet" - nothing more. I have to check if the information I get from the site is plausible, that's part of my job. There was no "risk". I, as an informed user, should always have the possibility to access sites like that. The keyword-thing makes this harder for simple FaceTube-Clickers, and for a good reason, but I think it is a good solution, given my example.

      "The TLDR; is that it stops users from clicking through security warnings"

      So it's a restriction on users. As a user, I cannot accept that. It's war against ME.

    1. As Onivim 2 completely handles the rendering layer, this Vim-modelled-as-a-pure-function could focus on just buffer manipulation.
    2. It is responsible for
    1. Epiphany aims to present the simplest interface possible for a browser. Simple does not necessarily mean less-powerful. The commonly-used browsers of today are too big, buggy, and bloated. Epiphany is a small browser designed for the web: not for mail, newsgroups, file management, instant messaging, or coffeemaking. The UNIX philosophy is to design small tools that do one thing and do it well.
  15. Oct 2019
  16. Sep 2019
  17. Aug 2019
  18. Jul 2019
    1. We will study how a Disc Jockey’s (DJ’s) endorsement of recording on radio, in the 1950s, could boost sales into the millions.

  19. Jun 2019
    1. AtthecoreofmyargumentisthewayinwhichGooglebiasessearchtoitsowneconomicinterests—foritsprofitabilityandtobolsteritsmarketdominanceatanyexpense

      I have been trying to avoid the word "money" in my annotations to avoid coming off as anti-capitalist as I really am, but yes: Corporations do not give a care about individuals or marginalized groups outside of how they can profit off of their oppression. Remember this June; this Pride Month; that any company selling you rainbow merchandise is not doing it out of legitimate care about LGBTQ+ rights but because it's profitable! Yes, even if they're giving 20% of proceeds to charity - where do you think the other 80% goes?

  20. Mar 2019
    1. therefore at least to some extent a failure

      this is strange; I suppose you can 'succeed' in carrying out the utterance, but it does not consecrate anything, which... is the entire point? So, strange to say that it fails only in part when in another sense it fails completely. It's like I succeeded in taking a shot but missed the basket?

    2. One thing we might go on to do, of course, is to take it all back

      How can you take back an action? (though you could retract a claim about an action, of course)

    3. So far then we have merely felt the firm ground of prejudice slide away beneath our feet.

      Not absolute; not bedrock (though we thought it was). And merely? This is "merely" the dissolution of what you thought reality was?

    4. That this is SO can perhaps hardly be proved, but it is, I should claim, a fact.

      Haha - claiming "truth" for something that he acknowledges might not be provable - 'take my word for it, it's a fact'. Use of the performative again in "claim," e.g. "I claim" cannot be responded to with "that's not true!"

    5. outward and audible sign

      Proverbial tip of the iceberg; the "seen" part.

    6. Here we should say that in saying-these words we are doing some- thing-namely, marrying, rat her than reporting some- thing, namely that we are marrying

      Important distinction between doing and reporting; the former obviously an action, and the latter a verifiable statement. But can the lines blur? Is "I do" ever reporting the fact that you are getting married, which is verifiable?

    7. Yet to be 'true' or 'false' is traditionally the characteristic mark of a statement.

      All statements are boolean: T/F

    8. all cases considered

      Not sure that all cases considered are worth considering...?

    9. the only merit I should like to claim for it is that of being true, at least in parts

      You would think the goal of an essay would be to find or argue a truth, but here he is marginalizing it; truth is not the goal.

      Arguing that truth and falsehood are not what matters; that the performative exists outside such claims (as we learn later).

      Using the performative in his opening through the use of "I claim"; and here he claims truth. He performs his own argument.

    10. we shall next consider what we actually do say about the utterance concerned when one or another of its normal concomitants is absent

      So the utterance is surrounded by other ceremonial trappings, and without which there is a presumption that the utterance is hollow, that the accompaniments make it "complete"; suggests that the ceremony becomes greater than the sum of its parts by being able to bring about this binding force which the parts cannot do individually; or can they - is just the utterance enough to describe and seal the inward act? The other question is, does the utterance imply (and describe) the other trappings?

    11. our word is our bond

      And yet these are just words; as believable or unbelievable as the uttering of an oath?