1,116 Matching Annotations
  1. Oct 2020
    1. Adding an API for something is an endorsement of that approach.
    2. One of Svelte's advantages, for me, is that I can test out ideas with relatively few lines of code. the #with feature could save me from adding a separate component for the content of an #each loop. I get frustrated when I have to create a new file, move the content of the #each clause, import it as a component, and add attributes and create exports for that, and implement events to send messages back, and event handlers, when I just wanted to test a small feature.
    1. formvalidation: path.resolve

      Why use resolve.alias to point to 'vendors/formvalidation/dist/es6'? Why not just use an npm package and have package.json name module: 'vendors/formvalidation/dist/es6'

      Then (I think) the examples below like

      import luhn from 'formvalidation/algorithms/luhn';
      

      would work the same but without that workaround.

    1. I'm okay with an overall design that allows people to plugin the parts they need in order to be able to generically support a compile-to-javascript language, but to bake in support for one singular solution because its popular is simply bad engineering.
    2. Of all the compile-to-languages, the one that strikes me as having the least merit is JSX. It's basically a ton of added complexity for the sake of what boils down to syntax. There are no real gains in terms of language semantics in JSX.
    3. Furthermore, JSX encourages bad non-dry code. Having seen a lot of JSX over the past few months, its encourages copypasta coding.
    4. If the react cargo cult didn't have the JSX cowpath paved for them and acclimated to describing their app interface with vanilla javascript, they'd cargo cult around that. It's really about the path of least resistance and familiarity.
    5. hyperscript is more concise because it's just a function call and doesn't require a closing tag. Using it will greatly simplify your tooling chain.

      I suppose this is also an argument that Python tries to make? That other languages have this con:

      • cons: closing tags make it more verbose / increase duplication and that Python is simpler / more concise because it uses indentation instead of closing delimiters like end or } ?
    6. hyperscript is much simpler to refactor and DRY up your code than with JSX, because, being vanilla javascript, its easier to work with variable assignment, loops and conditionals.
    7. I wasn't aware react-hyperscript existed!
    8. @subfuzion That error looks unrelated to the existing discussion.

      I assume they locked it in reaction to someone posting something unrelated / off-topic.

    9. This is the problem with baking in support for frameworks with special cases in the codebase. You can never support all the frameworks. :-(

    Tags

    Annotators

    URL

    1. Alfred Korzybski remarked that "the map is not the territory" and that "the word is not the thing", encapsulating his view that an abstraction derived from something, or a reaction to it, is not the thing itself.
    2. The map–territory relation describes the relationship between an object and a representation of that object, as in the relation between a geographical territory and a map of it.
    1. The default groups, that we talked about before, like domain users and domain admins are security groups. They're used to grant or deny access to IT resources.
    2. A distribution group, is only designed to group accounts and contacts for email communication. You can't use distribution groups for assigning permission to resources.
    1. The service that hosts copies of the Active Directory database are called domain controllers, or DCs
      • Hosts a replica of the Active Directory database and group policy objects.

      • Serve as DNS servers to provide name resolution and service discovery to clients.

      • Provides central authentication through a network security protocol called Kerberos

      • Decides whether or not clients have access to shared resources like file systems and printers

    2. Active Directory has been used to centrally manage networks of computers
      • A native service for Microsoft Windows
      • Knows how to speak LDAP protocol and can interoperate with Linux, OS-X and other non-windows hosts
      • Central repository of Group Policy Objects (GPOs)
    3. One of the most common methods for this authentication is using Kerberos.
      • Kerberos is a network authentication protocol that is used to authenticate user identity, secure the transfer of user credentials, and more
    4. role-based access control, or RBAC
      • Is an approach to restricting system access to authorized users.

      • Controlling access to resources isn't all you can do. You can also centralize configuration management.

        You wouldn't want to setup printers or software for each and every user.

    1. via ruanyifeng http://www.ruanyifeng.com/blog/2020/09/weekly-issue-127.html

      漫画家斯科特·亚当斯(Scott Adams)曾经提过一种建立个人护城河的方法,就是找到自己最擅长的2个~3个事物的交集。比如,他既不是最好的漫画家,也不是最好的作家,也不是最好的企业家,但他可以是最好的商业类漫画短文作者,这就是他的护城河。

    1. I actually wasn't trying to promote this like I usually promote my articles.
    2. I wasn't really intending this article to get spread as far as it did without context. I never tagged it, I didn't make it a general post on Social media or on Hacker News
    3. you expect some hyperbole during these presentations and you should of course question and verify the claims being made.
    4. helped me carve a niche for what would become SolidJS. I still see that space today, so I'm glad that I did.
    5. If there was a place I thought reactivity would be weak, I embraced it and I worked on it until I was happy with the results.
    6. but everything they were doing started to make sense
    7. This was the piece that made all their other recent work all gel and I gazed into the sun for the beauty that was there.
    8. I started Solid years ago before I thought anyone would be interested in using it. I only started promoting it because it had already achieved the goals I had set out for it.
    1. React does not attempt to provide a complete "application library". It is designed specifically for building user interfaces[3] and therefore does not include many of the tools some developers might consider necessary to build an application.
    1. I'm glad they added this site. Instead of just closing such questions as "off topic" on StackOverflow or SuperUser without having them some place appropriate to send them.

  2. Sep 2020
    1. By default, npx will check whether <command> exists in $PATH, or in the local project binaries, and execute that. Calling npx <command> when <command> isn't already in your $PATH will automatically install a package with that name from the NPM registry for you, and invoke it. When it's done, the installed package won’t be anywhere in your globals, so you won’t have to worry about pollution in the long-term. You can prevent this behaviour by providing --no-install option.
    1. export let client; setContext("client", client);

      Wouldn't this set context to undefined initially? And reassigning a new value to client wouldn't update the value stored in the context, would it? It would only update the let client variable.

      Where does this let client actually get set to the client from async function preload? I guess I need to understand Sapper more to know how this works, but it doesn't seem like it could.

      Update: I think I found the answer (it runs before):

      https://hyp.is/3aHeJgNFEeunkCsh8FVbDQ/sapper.svelte.dev/docs/

      It lives in a context="module" script — see the tutorial — because it's not part of the component instance itself; instead, it runs before the component is created, allowing you to avoid flashes while data is fetched.

    1. This is so common that ECMAScript 2020 recently added a new syntax to support this pattern!export * as utilities from "./utilities.js";This is a nice quality-of-life improvement to JavaScript, and TypeScript 3.8 implements this syntax. When your module target is earlier than es2020, TypeScript will output something along the lines of the first code snippet.
    2. If you’ve used Flow before, the syntax is fairly similar. One difference is that we’ve added a few restrictions to avoid code that might appear ambiguous.
    1. But this is only a halfway decent way to clarify that this is an external dependency, because the only way to resolve a peer dependency warning is to install react from npm—there's no way to notify npm that you resolve the dependency to a browser global. So peer dependencies should be avoided in favor of external declarations. Then Rollup will take care of warning about "unresolved dependencies", even if external declarations can't express a particular version range with which your library is compatible like peer dependencies can.

      Interesting. Didn't realize. From my perspective, I usually do install packages via npm, so wouldn't have known about this problem.

      npm and rollup both try to solve this problem but in different ways that apparently conflict? So if a lib author lists peerDependencies then it can cause problems for those getting lib via browser (CDN)? How come so many libs use it then? How come I've never heard of this problem before?

    1. Then, the projects that use these libraries get to process these import statements how they like when they are bundled. For the ones that wish to load jQuery from a global, we again mark 'jquery' as an external—since we still don't want Rollup to bundle jQuery—and as a global.
    1. Luckily, there is absolutely no good reason not to use strict mode for everything — so the solution to this problem is to lobby the authors of those modules to update them.
    1. Basically, the idea is that a train tried to start with the caboose brakes stuck on. After releasing the caboose, the train still could not start. The problem was that when the train attempted to start with the caboose brake on, it stretched all the inter-car couplings so that the whole train was just like one big car. At this point, the friction from the engine train wheels was not enough to get the whole thing going. Instead, you need to just get one car moving at a time - this is why there is space between the couplings.
    1. DX: start sapper project; configure eslint; eslint say that svelt should be dep; update package.json; build fails with crypt error; try to figure what the hell; google it; come here (if you have luck); revert package.json; add ignore error to eslint; Maybe we should offer better solution for this.
    2. When the message say function was called outside component initialization first will look at my code and last at my configuration.
    1. This isn't really a bug, because if you have an async function that returns a function, it doesn't really return a function - it returns a promise. I don't remember whether the Svelte internals currently check for the onMount callback's return being a function or whether they check for it being truthy. Maybe there's some adjustment to be made there.
    1. Svelte will not offer a generic way to support style customizing via contextual class overrides (as we'd do it in plain HTML). Instead we'll invent something new that is entirely different. If a child component is provided and does not anticipate some contextual usage scenario (style wise) you'd need to copy it or hack around that via :global hacks.
    2. The main rationale for this PR is that, in my hones opinion, Svelte needs a way to support style overrides in an intuitive and close to plain HTML/CSS way. What I regard as intuitive is: Looking at how customizing of styles is being done when applying a typical CSS component framework, and making that possible with Svelte.
    3. Explicit interfaces are preferable, even if it places greater demand on library authors to design both their components and their style interfaces with these things in mind.
    4. The RFC is more appropriate because it does not allow a parent to abritrarily control anything below it, that responsibility still relies on the component itself. Just because people have been passing classes round and overriding child styles for years doesn't mean it is a good choice and isn't something we wnat to encourage.
    5. margin, flex, position, left, right, top, bottom, width, height, align-self, justify-self among other is CSS properties that should never be modified by the child itself. The parent should always have control of those properties, which is the whole reason I'm asking for this.
    6. new style RFC

    Tags

    Annotators

    URL

    1. This has already forced me to forgo Svelte Material because I would like to add some actions to their components but I cannot and it does not make sense for them to cater to my specific use-case by baking random stuff into the library used by everyone.
    2. The point of the feature is to not rely on the third-party author of the child component to add a prop for every action under the sun. Rather, they could just mark a recipient for actions on the component (assuming there is a viable target element), and then consumers of the library could extend the component using whatever actions they desire.
    1. Does it look like a decorator plugin in Ractive, right
    2. Lets not extend the framework with yet another syntax
    3. Your LazyLoad image is now inextensible. What if you want to add a class? Perhaps the author of LazyLoad thought of that and sets className onto the <img>. But will the author consider everything? Perhaps if we get {...state} attributes.
    4. I totally get not wanting to extend the syntax. I tried doing these things and in practice it was not easy or pretty. Actions provide a much cleaner and easier way to accomplish a certain set of functionality that would be much more difficult without it.
    1. And to illustrate another way actions are helpful, take your above example and put the button into a {{#each}}. It gets more complicated.
    2. I'm just pushing on the "is this really a good idea" front
    3. If this was tied into Svelte's flow with hooks this would not be necessary since it would know when it was being removed from the DOM.
    4. Another problem I ran into was knowing when an element is removed. I had to add a MutationObserver on the current tooltip target so if it gets removed by Svelte while the tooltip is visible (e.g. if a click moves to another route) the tooltip isn't left hanging around on the screen. No mouseleave/mouseout events are dispatched on elements that are removed.

      First sighting: MutationObserver

    5. You must: reference each element you are extending using refs or an id add code in your oncreate and ondestroy for each element you are extending, which could become quite a lot if you have a lot of elements needing extension (anchors, form inputs, etc.)
    6. This is where hooks/behaviors are a good idea. They clean up your component code a lot. Also, it helps a ton since you don't get create/destroy events for elements that are inside {{#if}} and {{#each}}. That could become very burdensome to try and add/remove functionality with elements as they are added/removed within a component.
    7. I would be willing to take a stab at it if you think it would be a task within reach.
    1. Re Object.keys(undefined), I think I'm ok with that failing. AFAIK it would also fail in React
    2. The more I think about this, the more I think that maybe React already has the right solution to this particular issue, and we're tying ourselves in knots trying to avoid unnecessary re-rendering. Basically, this JSX... <Foo {...a} b={1} {...c} d={2}/> ...translates to this JS: React.createElement(Foo, _extends({}, a, { b: 1 }, c, { d: 2 })); If we did the same thing (i.e. bail out of the optimisation allowed by knowing the attribute names ahead of time), our lives would get a lot simpler, and the performance characteristics would be pretty similar in all but somewhat contrived scenarios, I think. (It'll still be faster than React, anyway!)
    1. When a component reaches such a size that this becomes a problem, the obvious course of action is to refactor it into multiple components. But the refactoring is complex for the same reason: extracting the styles that relate to a particular piece of markup is an error-prone manual process, where the relevant styles may be interleaved with irrelevant ones.
    1. You can help ensure your RFC is reviewed in a timely manner by putting in the time to think through the various details discussed in the template. It doesn't scale to push the thinking onto a small number of core contributors.
    1. There are tools in Svelte that break this expectation to a degree, but they are a bit annoying to use, which makes it an active decision on the part of the developer. The API hints at the way we want you to do things because we feel that this will give the better experience.
    2. There is an escape hatch in :global() that facilitates this. It is verbose, and we are okay with that, we don't want it to be too pleasant to use. We don't want people doing this at all, but it is there when needed.
    3. I understand what you're getting at, but we shouldn't miss out on useful features just because a few developers will abuse it...
    1. If your reaction to the video was 'fine, but if we use TypeScript and write plugins for each editor then we can get all the autocomplete and syntax highlighting stuff' — in other words, if you believe that in order to achieve parity with CSS it makes sense to build, document, promote and maintain a fleet of ancillary projects — then, well, you and I may never see eye to eye!
    1. I don’t want my source to be human-readable, not for protective reasons, but because I care about web performance more. I want my website to arrive at light speed on a tiny spec of magical network packet dust and blossom into a complete website. Or do whatever computer science deems is the absolute fastest way to send website data between computers. I’m much more worried about the state of web performance than I am about web education. But even if I was very worried about web education, I don’t think it’s the network’s job to deliver teachability
    1. Now of course we know how React handles this conflict: it takes the new nodes in your virtual DOM tree — the waters in your flowing river — and maps them onto existing nodes in the DOM. In other words React is a functional abstraction over a decidedly non-functional substrate.

      To me this is a warning sign, because in my experience, the bigger the gap between an abstraction and the thing it abstracts, the more likely you are to suffer what programmers like to call ‘impedance mismatches’, and I think we do experience that in React.

    1. Now I know what you're thinking, "this is an atrocity, what a horrible mess!" and you're right, it's kind of ugly. In fact it's just about impossible to think this is a good idea the first time you see it — you have to actually try it.
  3. Aug 2020
    1. If you are a senior, try talking to a junior or someone less experienced than you. Many companies are running what is called ”reverse mentoring” programs where juniors coach senior members of a company. Senior’s experience is traded for a fresh perspective from a junior. You’d be amazed at how much you could learn and share.
    1. We share our labor of love

      Here's something to share from the margins--George Carlin. Like Carlin, we in the margins need is to crash into the open and yoke academic power (good ideas, clearly expressed, and openly political) to systemic change. Open education seems too tame to do that. Prove me wrong.

      https://youtu.be/Nyvxt1svxso

    1. Fix it, please, if it's incorrect.
    2. FWIW, I would have raised it earlier if I thought it would have made a difference.

      This is different from apathy; it's more like powerlessness.

    3. If we've gone more than a year without this being a problem in the slightest, I don't see how the next year would be any different.
    4. +1 for taking the language back.
    5. Can't upvote this enough. It is highly irritating to see language destroyed (and we wonder why kids bastardize the language..).
    1. my point is that using "into" in such a case is just as incorrect as using "inas" would be. The fact that people make mistakes doesn't change this.

      "Log in" is the only correct way to spell the verb, and the only way to be consistent with 1000s of other phrasal verbs that are spelled with a space in them.

      We don't need nor want an exception to the general rule just for "login" just because so many people have made that mistake.

    1. I don't think it should be the individual application's responsibility to add Cache-Control: Vary when that negotiation/routing is done by Rails on behalf of the app, do you?
    2. At a certain point it is up to the application to specify when they're varying.
    1. you could imagine my extreme disappointment after i came back after a year and a half to find that the entire exploration map was about 80% smaller, every different island was within clear view of your starting island completely decimating any sense of adventure or exploration you could have had.Almost all materials could be collected and all items built within four and a half hours. Islands are literally numbered one to five to display they're level of danger.not only that but you were practically spoon fed each advancement in the game, it feels like it was taken from a greatly ambitious open world, exploration survival game that would take months to finish and achieve everything in. To now being an arcade style iphone app game catered to ten year olds that would foolishly enter their parents card details in order to buy 10,000 roblox coins.
    1. I have over 689 hours into this game and would like to talk about the changes made to the Exploration. In my opinion the Exploration which made this game amazing now stinks!. You know longer need a ship to hit the islands. The exploration has pretty much been removed. One of the things that made this game so amazing was grinding to make your ship and heading out to Explore and find the other islands. Now all the islands are really close to the spawn point, there are not that many and well they stink. There is no reason or need to make a ship because you can easily reach all the island with a raft.
  4. Jul 2020
    1. "AOO is not, and isn't designed to be, the 'super coolest open source office suite with all the latest bells and whistles,'" Jagielski continued. "Our research shows that a 'basic,' functional office suite, which is streamlined with a 'simple' and uncluttered, uncomplicated UI, serves an incredible under-represented community.
    1. Article 7(3) of the GDPR prescribes that the controller must ensure that consent can be withdrawn bythe data subject as easy as giving consent and at any given time. The GDPR does not say that givingand withdrawing consent must always be done through the same action.
    2. consent is obtained through use of a service-specific user interface (for example, via a website, an app,a log-on account, the interface of an IoT device or by e-mail), there is no doubt a data subject must beable to withdraw consent via the same electronic interface, as switching to another interface for thesole reason of withdrawing consentwould require undue effort.
    3. The controller informs customers that they havethe possibility to withdraw consent. To do this, they could contact a call centre on business daysbetween 8am and 5pm, free of charge. The controller in this example doesnotcomply with article 7(3)of the GDPR. Withdrawing consent in this case requires a telephone call during business hours, this ismore burdensome than the one mouse-click needed for giving consent through the online ticketvendor, which is open 24/7.
    1. The User has the right to object to such processing and may exercise that right by visiting the privacy policies of the respective vendors.

      It's not like going to a privacy policy really helps you exercise your right to object? How? By providing an address to which to send your objections?

    1. These seem to be better reasons to support sub-nanosecond resolution. I think either storing picoseconds or storing sec fraction as 64-bit integer are better approaches than storing a rational. However, either change would be very invasive, and it seems unlikely to be worth the effort.
    1. JSON parsing is always pain in ass. If the input is not as expected it throws an error and crashes what you are doing. You can use the following tiny function to safely parse your input. It always turns an object even if the input is not valid or is already an object which is better for most cases.

      It would be nicer if the parse method provided an option to do it safely and always fall back to returning an object instead of raising exception if it couldn't parse the input.

    1. In your environment you may want to always configure internationalization, routers, user data etc. If you have many different React roots it can be a pain to set up configuration nodes all over the place. By creating your own wrapper you can unify that configuration into one place.
    1. is to make sure that students have sufficient background knowledge to stimulate interest and avoid confusion.

      Scaffolding teaching? Providing those hints that are mentioned earlier in the article?

    1. Matz, alas, I cannot offer one. You see, Ruby--coding generally--is just a hobby for me. I spend a fair bit of time answering Ruby questions on SO and would have reached for this method on many occasions had it been available. Perhaps readers with development experience (everybody but me?) could reflect on whether this method would have been useful in projects they've worked on.
    1. I agree in general splitting an array, according to some property using the order of the elements (no take_drop_while) or to some other array (this request) is more difficult than it could be.
  5. Jun 2020
    1. According to our understanding of the inconsistencies, the feature was likely trying to support too many edge cases. All caching strategies have weaknesses and eventually break down if the usage is not properly scoped.
    1. Sometimes, the line between 'bug' and 'feature' is a hard one to draw. Generally, a feature is anything that adds new behavior, while a bug is anything that causes incorrect behavior. Sometimes, the core team will have to make a judgment call.
    1. OK, so what about regular messages? Turns out they are not encrypted after all. Where Signal implements the security and privacy protocols right from the start, Telegram separates the two and offers an additional option. The problem is that not everyone is aware of the Secret Chat option and first-time users may send sensitive information in the regular chat window unknowingly.
  6. May 2020
    1. Pipes are great for taking output of one command and transforming it using other commands like jq. They’re a key part of the Unix philosophy of “small sharp tools”: since commands can be chained together with pipes, each command only needs to do one thing and then hand it off to another command.
    1. CodeGuard relies upon industry best practices to protect customers’ data. All backups and passwords are encrypted, secure connections (SFTP/SSH/SSL) are utilized if possible, and annual vulnerability testing is conducted by an independent agency. To-date, there has not been a data breach or successful hack or attack upon CodeGuard.
    1. We iterate to deliver features, so we often don't have functionality that people expect. For this reason, 'people could reasonably expect this functionality' does not make it a bug.
    1. The "'strict-dynamic'" source expression aims to make Content Security Policy simpler to deploy for existing applications who have a high degree of confidence in the scripts they load directly, but low confidence in their ability to provide a reasonable list of resources to load up front.
    1. Eric Schmidt, former Google CEO and Chairman, famously said “Google’s policy on a lot of these things is to get right up to the creepy line, but not cross it.” But for most people, that line was crossed by Google, Facebook, and others long ago.
    1. When is your site not built with the Jamstack? Any project that relies on a tight coupling between client and server is not built with the Jamstack.
    1. In natural languages, some apparent tautologies may have non-tautological meanings in practice. In English, "it is what it is" is used to mean 'there is no way of changing it'.[1] In Tamil, vantaalum varuvaan literally means 'if he comes, he will come', but really means 'he just may come'.[2]
    1. An entity not established in the EU offers goods or services (even if the offer is for free) to people in the EU. The entity can be government agencies, private/public companies, individuals and non-profits;
    2. Determining your law of reference Generally, the laws of a particular region apply if: You base your operations there; or You use processing services or servers based in the region; or Your service targets users from that region This effectively means that regional regulations may apply to you and/or your business whether you’re located in the region or not. For that reason, it’s always advisable that you approach your data processing activities with the strictest applicable regulations in mind.
    1. This scope effectively covers almost all companies and, therefore, means that the GDPR can apply to you whether your organization is based in the EU or not. As a matter of fact, this PwC survey showed that the GDPR is a top data protection priority for up to 92 percent of U.S. companies surveyed.
    1. What's terrible and dangerous is a faceless organization deciding to arbitrarily and silently control what I can and can not do with my browser on my computer. Orwell is screaming in his grave right now. This is no different than Mozilla deciding I don't get to visit Tulsi Gabbard's webpage because they don't like her politics, or I don't get to order car parts off amazon because they don't like hyundai, or I don't get to download mods for minecraft, or talk to certain people on facebook.
    2. They don't have to host the extension on their website, but it's absolutely and utterly unacceptable for them to interfere with me choosing to come to github and install it.
    3. I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.
  7. Apr 2020
    1. Despite their awarded diplomas in the art of writing, you'd be surprised at how many editors and journalists in the United States make English mistakes. For instance, "an" is still often coupled with words that begin with an "H" sound, even though this is improper. I'd advise against treating material from news sources as if it were error-free or even a higher authority on grammar.
    1. What we actually want to do is to escape content if it is unsafe, but leave it unescaped if it is safe. To achieve this we can simply use SafeBuffer's concatenation behavior:
    2. Our helper still returns a safe string, but correctly escapes content if it is unsafe. Note how much more flexible our group helper has become because it now works as expected with both safe and unsafe arguments. We can now leave it up to the caller whether to mark input as safe or not, and we no longer need to make any assumptions about the safeness of content.
    1. Other sites could absolutely spend time crawling for new lists of breached passwords and then hashing and comparing against their own. However this is an intensive process and I'm sure both Facebook and Google have a team dedicated to account security with functions like this.
    2. Before embarking on the effort to scrape the web for new password breaches and compare against your entire user database you also need to consider the ROI. The beauty of the pwned passwords API and this, and other, implementations of it is that you can get a good improvement in your account security with comparatively little engineering effort.
    1. Now, do I care which one you use? No. As long as you test your code, I am happy. A professional developer should be able to work in either one of these because they essentially do the same thing: test your code.
    1. The only goal is correctness. Code style is not a consideration. Providing the level of configuration necessary to make everyone happy would be a huge distraction from the main purpose. After conversion, I recommend using rubocop's awesome --auto-correct feature to apply your preferred code style.