Writing json_populate_record in the FROM clause is good practice, since all of the extracted columns are available for use without duplicate function calls.

while I'm not as strongly against the above example code as the others, specifically because you did call it out as pseudocode and it is for illustrative purposes only, perhaps all of the above comments could be addressed by replacing your query = ... lines with simple query = // Insert case-sensitive/insensitive search here comments as that keeps the conversation away from the SQL injection topic and focuses on what you're trying to show. In other words, keep it on the logic, not the implementation. It will silence the critics.

I know this is an old question but I just want to comment here: To any extent email addresses ARE case sensitive, most users would be "very unwise" to actively use an email address that requires capitals. They would soon stop using the address because they'd be missing a lot of their mail. (Unless they have a specific reason to make things difficult, and they expect mail only from specific senders they know.) That's because imperfect humans as well as imperfect software exist, (Surprise!) which will assume all email is lowercase, and for this reason these humans and software will send messages using a "lower cased version" of the address regardless of how it was provided to them. If the recipient is unable to receive such messages, it won't be long before they notice they're missing a lot, and switch to a lowercase-only email address, or get their server set up to be case-insensitive.

A flaw can become entrenched as a de facto standard. Any implementation of the protocol is required to replicate the aberrant behavior, or it is not interoperable. This is both a consequence of applying the robustness principle, and a product of a natural reluctance to avoid fatal error conditions. Ensuring interoperability in this environment is often referred to as aiming to be "bug for bug compatible".

This doesn't make any sense, though. Once you recognize that the two may represent different addresses, you're arbitrarily choosing the first one in your system as the right one, when the second one is just as right. Just give up at that point and lowercase ’em.

Some say you should treat addresses as case-preserving as opposed to case-sensitive, meaning you don't change IStillUse@AOL.COM to istilluse@aol.com but you still consider it a dupe of iSTilLUSE@aol.com.

Since using case insensitivity is so widespread, take their sign up email address and make it lower case. Whenever they try to log in, convert that to lowercase as well, for comparison purposes, when you go to see if the user exists. As far as sign up and sign in go, do a case insensitive comparison. If the person signs up as Steve@example.com, you'll still want to allow them to sign in later with steve@example.com or sTeVE@example.com.

But you should also keep track of the email address that they signed up with in a case sensitive fashion. Any time you send an email to them, be sure to send it with that original casing. This allows the email server to handle it however it feels like it needs to. So even though the person may always be signing in to your site with steve@example.com, if they signed up as Steve@example.com, you'll always send email to Steve@example.com, just to be safe.

we split the head from the hands, or isolate humane studies from practicallife, we unfortunately tend to suppose that a liberal cultural education is the rightof only an elite few—the heads. Don’t we all—and not just the socially advantaged“heads”—deserve an education that prioritizes human growth?

none of this means we should turn students and teachers intofunctionaries or serfs for, in Dewey’s words in Democracy and Education, a “feudaldogma of social predestination.”

. The problem arises when institutions and policymakers assume,following the logic of the industrial model, that our primary and overriding edu-cational aim is thus to train students to fit the specifications of this existing infra-structure.

The mission of K–12 and higher educationis, in Wisconsin Gov. Scott Walker’s infamous words last year, “to develop humanresources to meet the state’s workforce needs.”

“A being of infinitescope,” she wrote, “must not be treated with an exclusive view to any one relation. . . . Give the soul free course. . . and the being will be fit for any and every relationto which it may be called.”1

If you send links with a secret login token with email, then they should be single-use and expire rather quickly.

If so, then how is sending a link for password reset any more secure? Isn't logging-in using a magic link the same thing as sending a magic link for resetting a password?

Google allowed third parties to build their own Wave services (be it private or commercial) because it wanted the Wave protocol to replace the e-mail protocol.[2][16][17] Initially, Google was the only Wave service provider, but it was hoped that other service providers would launch their own Wave services, possibly designing their own unique web-based clients as is common with many email service providers.

users/me feels like a bad idea because REST prefers to have one url per resource. You will then have: users/me users/123myId Which point to the same resource.

Exactly my thoughts on the matter! I'm coming from XML SOAP background and concept of schema just got into my blood and JSON documents rather don't announce their schema. To me it's whether server "understands" the request or not. If server doesn't know what "sales_tax" is then it's simply 400: "I have no idea what you sent me but definitely not what I want.".

Just because the code is described as part of the WebDAV spec doesn't mean it's WebDAV-specific! Status codes are supposed to be generic.

"There is a robust debate going on in the computing industry about how to create it, and whether it can even be created at all."

Why the 2 separate steps for this? Simple: to make things easier on the front-end side of things. Sending 2 different error codes, one for when the OTP is required but missing, and one where the OTP was provided but invalid, allows us to adjust our login UI accordingly.

User Experience The user experience will be familiar and consistent across many of the user’s devices – a simple verification of their fingerprint or face, or a device PIN, the same simple action that consumers take multiple times each day to unlock their devices.

The problem with using SMS-2FA to mitigate this problem is that there’s no reason to think that after entering their credentials, they would not also enter any OTP.

I believe that SMS 2FA is wholly ineffective, and advocating for it is harmful.

This argument only works if what you’re defending is good. As I’ve already explained, SMS-2FA is not good.

Don’t let the perfect be the enemy of the good. Seat belts aren’t perfect either, do you argue we shouldn’t wear them? Etc, etc. This argument only works if what you’re defending is good. As I’ve already explained, SMS-2FA is not good.

You are currently allowing your users to choose their own password, and many of them are using the same password they use on other services. There is no other possible way your users are vulnerable to credential stuffing.

If you use a third party password manager, you might not realize that modern browsers have password management built in with a beautiful UX. Frankly, it’s harder to not use it.

If you’re a security conscious user... You don’t need SMS-2FA. You can use unique passwords, this makes you immune to credential stuffing and reduces the impact of phishing. If you use the password manager built in to modern browsers, it can effectively eliminate phishing as well.

You can also find the combination verb+in+to, but in that case you're usually dealing with a phrasal verb consisting of a verb and the particle "in", which happens to be followed by the preposition "to".They wouldn't give in to our demands.

"Built in to" appears when you use the phrasal verb "build in" followed by an infinitive, but that is not what you are trying to do in your sentence.There's an electronic switch built in to stop all data transfers.

The house, of course, is not doing the agreeing; Cooper is! Because of the distance between Cooper and the participle phrase that describes him, the comma is necessary.

How can this be called an adjective? The postmodifier here is a participle phrase, 'built into the library'.

take off, should also be counted as a (multi-word) verb.

A survey of 230 diverse bacterial and archaeal genomes found evidence of DNA methylation in 93% of genomes, with a diverse array of methylated motifs (834 distinct motifs; average of three motifs per organism)

conjugative plasmids have broad-host ranges23, are resistant to restriction-modification systems24, are easy to engineer with large coding capacities25, and do not require a cellular receptor26 that would provide a facile mechanism for bacterial resistance.

Bacterial cells are typically one thousandth the volume of mammalian cells, which places them near the edge of instrument detection. At this size it can be challenging to differentiate viable cells from debris of similar size

Detailed descriptions, assumptions, limitations and test cases of many popular statistical methods for ecological research can be found in the GUSTAME server (Buttigieg and Ramette, 2014), and in the review by Paliy and Shankar (2016).

condensing the information into two- or three-dimensional spaces. A very good overview of techniques to achieve this was written by Paliy and Shankar (2016).

There are several widely used tool collections, e.g., QIIME 2 [13], mothur [14], usearch [15], and vsearch [16], and 1-stop pipelines, e.g., LotuS [17], with new approaches continually being developed, e.g., OCToPUS [18] and PEMA [19]

Recently, redox-responsive biomolecules such as phenazines have been used in several electrochemical strategies to interrogate a range of biological activities30,31 and to control gene expression in living cells32,33, where the redox status of the biomolecules could be measured or manipulated by application of electronic potentials

Double quotes for string literals - because pre-committing to whether you'll need interpolation in a string slows people down

Protocols are, by their very nature, open. If you can't read the protocol specification then you can't very well implement it, can you?

Our test raises an ActiveRecord::RecordNotFound exception. We know that Rails has special handling to return a 404 status code in this case. However, the request spec still raises the exception.

Although these approaches may differ, all of them concur onthree essential points:

Instead of weighing the balance of pleasure and pain,individuals tend to think about a good life in terms of their life beingmeaningful to them

Often, environmental and social analysts focus on threats, dangers,and damage. They highlight negatives, in terms of limited or non-renewable resources, or the impacts of excessive emissions or effuents.But what if one took the opposite approach and focused on the posi-tives that we want to strive for? We – the authors – believe that everyhuman being, that is you and us and everybody close and far away,wants to be able to live a good life, a life that is worth living. Giventhat the Earth’s resources are limited and distributed highly unevenly,the core objective has to be how everybody can live well within limits.

It requiresa deep and profound orientation toward the good life. It requires usto ponder what the good life is, what conditions must be fulflled forindividuals to live it, and what it takes to create these conditions.

By tying the question of limits to human needsand requirements for their satisfaction, they neither demand asceti-cism or renunciation, nor pursue unspecifed moral suasion in termsof “we should consume less.” Rather, they highlight the necessity –diffcult to pursue but rich in participatory rewards – to jointly defnethe conditions necessary to live a good life, and the subsequent stepsnecessary to make such a good life possible for all individuals. By pro-viding freedom to pursue the good life in an ecologically and sociallyfrayed world, these limits offer the beneft of ensuring that all otherindividuals living now and into the future can do so as well.

Justice in the context of consumption corridorsmeans that every person deserves access to a defned minimum level ofecological and social resources necessary to be able to live a good life,solely because they are a human being (what scholars call a natural-law-based perspective on justice).

Unless physical stature is of relevance in a conversation, simply using a person's name is appropriate.

In the new collection, The Good It Promises, The Harm It Does, activists and scholars address the deeper problems that EA poses to social justice efforts. Even when EA is pursued with what appears to be integrity, it damages social movements by asserting that it has top-down answers to complex, local problems, and promises to fund grass-roots organizations only if they can prove that they are effective on EA’s terms.

I am a developer, and we are developing the app for the customer, that will not publish through the google play store. But when we distribute the app to the customer, customer get that error. I want to avoid that alert of the Play stored.I want to understand, exactly which security concern has been break by my app.

There should thus be an option to give npm a list of vulnerability IDs (CVEs etc.) that it does not need to defend because the admin has decided it does not apply to their edge case.

Result of lots of searching on net is that pre-checkout hook in git is not implemented yet. The reason can be: There is no practical use. I do have a case It can be achieved by any other means. Please tell me how? Its too difficult to implement. I don't think this is a valid reason

The variable x initially has the type unknown: the type of all values. The predicate typeof x === "number" extracts dynamic information about the value bound to x, but the type-checker can exploit this information for static reasoning. In the body of the if statement the predicate is assumed to be true; therefore, it must be the case the value bound to x is a number. TypeScript exploits this information and narrows the type of x from unknown to number in the body of if statement.

This depends on the ruby code. Some projects will be semi-dormant due to various reasons. That's for us to address as a community. Are we going to let a single decade-old gem prevent us from moving Ruby forward? What's the threshold? There's libraries out there that don't work on Ruby 1.9. We left them behind or replaced them. And are people depending on a gem that's unmaintained really going to be the ones to jump on Ruby 3.0 the day after Christmas 2020? This is also still supposition. Name some gems that are unmaintained and in wide use. We can fix them! We have the technology! In my opinion, if matz's objective is to make the transition to ruby 3.0 simple, then it actually makes a lot of sense to postpone frozen strings by default. Postpone until when? 3.1? So then 3.1 will be the hard break? They've been discussed for what, ten years now? How long is long enough? We've added many ways for people to start transitioning to immutable literal strings, and people are using those mechanisms widely. We've pushed this transition a long time, and we still have another year until 3.0 is out and longer than that until people will need to make a move. What is the threshold for being "ready" to make this change? Unless we're planning to wait until Ruby 4.0 in 2030 to do this, I think we should do it now. I use frozen strings in most of my ruby projects, most of them set to true via the toplevel comment, so either way, it would not affect me. Exactly. Most people already do use frozen string literals. And adding a pragma means we can transition troublesome code to the new way with a single line per affected file. Heck, we can even add --enable:mutable-literal-string for people that are stuck with some of that old unmaintained code, allowing them to have a soft landing.

because most languages treat strings as immutable, which helps ensure you don't accidentally modify them and can improve performance. Fewer state changes in a program mean less complexity. It's better to opt-in to mutability after careful consideration rather than making everything mutable by default. What is immutability and why should I worry about it? may help.

If the client knows the access token expired, it skips to step (G); otherwise, it makes another protected resource request.

This larger perspective is offered by an analysis of citizenship and the common good. I begin with the idea of citizenship as being a practice entrusted with the preservation and conservation of the nexus of recognitional practices in a society. Then I move to the notion of the common good, interpreted not as a collective thing, a transcendent principle, or an abstract concept, but as the flourishing of the recognitional nexus itself. 

belongs_to does not ensure reference consistency, so depending on the use case, you might also need to add a database-level foreign key constraint on the reference column, like this: create_table :books do |t| t.belongs_to :author, foreign_key: true # ... end

class String alias strip_ws strip def strip chr=nil return self.strip_ws if chr.nil? self.gsub /^[#{Regexp.escape(chr)}]*|[#{Regexp.escape(chr)}]*$/, '' end end

That tends to be the biggest cop out excuse for libraries. Just do a major version release. The fact this library lies about the encodingis extremely problematic and causes numerous bugs. Any program currently using this library is already incorrect because of this behavior. Actually exposing the problem makes it easier for people to fix.

what do you think? Is Germany good for Indian students? To know more, read this article till the end.

It's usually undesirable to add a default scope. It will take more effort to work around and will cause more headaches. If you know you need a default scope, it's easy to add yourself .

I once had a cut on my arm. Someone asked me, is it serious? “It depends,” I replied, “on how much I scratch.”

Pleeaasse don't give "it" a name.There is no "it". You believers are part of the church in your location and you meet together.There is zero biblical precedent for a group of believers giving their particular group a name.I understand that nearly all believers do .... That in no way makes it right.Names seperate us from others of the church in our area.

has_scope :category do |controller, scope, value|  value != 'all' ? scope.by_category(value) : scope end

But anti- spam software often fetches all resources in mail header fields automatically, without any action by the user, and there is no mechanical way for a sender to tell whether a request was made automatically by anti-spam software or manually requested by a user. To prevent accidental unsubscriptions, senders return landing pages with a confirmation step to finish the unsubscribe request. A live user would recognize and act on this confirmation step, but an automated system would not. That makes the unsubscription process more complex than a single click.

The target of the POST action is the same as the one in the GET action for a manual unsubscription, so this is intended to allow the same server code to handle both.

subject { described_class.do_something }

I would like to understand this design then. In my experience it has only served to limit what I can achieve, and gained me no additional benefit.

You might notice that the “expires_in” property refers to the access token, not the refresh token. The expiration time of the refresh token is intentionally never communicated to the client. This is because the client has no actionable steps it can take even if it were able to know when the refresh token would expire.

For example, if I make an application (Client) that allows a user (Resource Owner) to make notes and save them as a repo in their GitHub account (Resource Server), then my application will need to access their GitHub data. It's not secure for the user to directly supply their GitHub username and password to my application and grant full access to the entire account. Instead, using OAuth 2.0, they can go through an authorization flow that will grant limited access to some resources based on a scope, and I will never have access to any other data or their password.

The Console now supports redeclaration of const statement, in addition to the existing let and class redeclarations. The inability to redeclare was a common annoyance for web developers who use the Console to experiment with new JavaScript code.

Honestly, at this point, I don't even know what tools I'm using, and which is responsible for what feature. Diving into the code of capybara and cucumber yields hundreds of lines of metaprogramming magic that somehow accretes into a testing framework. It's really making me loathe TDD despite my previous youthful enthusiasm.

Is the Client absolutely trusted with user credentials?

Which OAuth 2.0 Flow Should I Use?

Good commit hygiene is considered a best practice. GitLab should encourage and enable these kinds of best practices. This feature currently creates a problem and requires workarounds that remove information, or significant manual work.

To use a good book as a sedative is conspicuous waste.

Rebuilding the same Dockerfile should result in the same version of the image being packaged, even if the second build happens several versions later, or the build should fail outright, such that an inadvertent rebuild of a Dockerfile tagged as 0.1.0 doesn't end up containing 0.2.3.

Because the official images are intended to be learning tools for those new to Docker as well as the base images for advanced users to build their production releases, we review each proposed Dockerfile to ensure that it meets a minimum standard for quality and maintainability. While some of that standard is hard to define (due to subjectivity), as much as possible is defined here, while also adhering to the "Best Practices" where appropriate.

Why was the SIGSTOP-ed process not responding to SIGTERM? Why does the kernel keeps it in the same state? Why did it get killed the moment it received the SIGCONT signal? If it was because of the previous SIGTERM signal, where was it kept until the process resumed?

In other words, if you use Bash to run Jenkins, and then run docker stop, then Jenkins will never see the stop command!

Now, Bash actually does the same thing (reaping zombies), so you're probably wondering: why not use Bash as PID 1?

In other words, someone has to clean up after "irresponsible" parents that leave their children un-wait'ed, and that's PID 1's job.

Let's look at a concrete example. Suppose that your container contains a web server that runs a CGI script that's written in bash. The CGI script calls grep. Then the web server decides that the CGI script is taking too long and kills the script, but grep is not affected and keeps running. When grep finishes, it becomes a zombie and is adopted by the PID 1 (the web server). The web server doesn't know about grep, so it doesn't reap it, and the grep zombie stays in the system.

Glyph 0 must be assigned to a .notdef glyph. The .notdef glyph is very important for providing the user feedback that a glyph is not found in the font. This glyph should not be left without an outline as the user will only see what looks like a space if a glyph is missing and not be aware of the active font’s limitation.

Consider a text file containing the German word für (meaning 'for') in the ISO-8859-1 encoding (0x66 0xFC 0x72). This file is now opened with a text editor that assumes the input is UTF-8. The first and last byte are valid UTF-8 encodings of ASCII, but the middle byte (0xFC) is not a valid byte in UTF-8. Therefore, a text editor could replace this byte with the replacement character symbol to produce a valid string of Unicode code points. The whole string now displays like this: "f�r".

While there are many great answers regarding the "glyph not found" glyph, that won't help you actually detect it, as the text string in code will still have the character regardless of the font used to render it.

A glyph can also represent more than one character at once. Take an f_f_f ligature as an example. It represents three f characters in a row. Ligatures do not have Unicodes, because the separate characters already have codes and the the fact that it’s a ligature does not change the meaning of its parts.

Conversely, even before the mainstream began leeching off alternative cultures, the underground satirically appropriated from the mainstream.

The problem is that the caller may write yield instead of block.call. The code I have given is possible caller's code. Extended method definition in my library can be simplified to my code above. Client provides block passed to define_method (body of a method), so he/she can write there anything. Especially yield. I can write in documentation that yield simply does not work, but I am trying to avoid that, and make my library 100% compatible with Ruby (alow to use any language syntax, not only a subset).

You cannot use yield inside a define_method block. This is because blocks are captured by closures, observe: def hello define_singleton_method(:bye) { yield } end hello { puts "hello!" } bye { puts "bye!" } #=> "hello!"

grammar Parser { rule TOP { I <love> <lang> } token love { '♥' | love } token lang { < Raku Perl Rust Go Python Ruby > } } say Parser.parse: 'I ♥ Raku'; # OUTPUT: ｢I ♥ Raku｣ love => ｢♥｣ lang => ｢Raku｣ say Parser.parse: 'I love Perl'; # OUTPUT: ｢I love Perl｣ love => ｢love｣ lang => ｢Perl｣

It's really not always a better user experience to keep things in one browser... What if they are in a sign-up or check-out flow in your SPA, and at the last step they need to agree to some conditions in an external page? Unless you use a modal, opening in a new window would really be preferable to the user completely losing context and having to go through the whole process again.

def initialize_copy(original_animal) self.age = 0 super end def initialize_dup(original_animal) self.dna = generate_dna self.name = "A new name" super end def initialize_clone(original_animal) self.name = "#{original_animal.name} 2" super end

Are There Other Methods to Copy Something?

An interesting fact here is that Rails deliberately chose to override the #initialize_dup method instead of the #initialize_copy method. Why would it do that? Let's investigate.

I expect RuboCop to either make no suggestion on how to resolve the ambiguity, or to suggest something that does not change the semantics of the code as it stands.

However, the code as it stands associates the block with bar, and if the code is currently working, the programmer should definitely not parenthesize the parameter, because it would change the meaning of the code.

But this sounds like spreading fear and doubt when the Ruby parser has no such concepts :) {} always binds tightly to the call right next to it. This block {} will never go to using, unless it's rewritten as do ... end.

Rules formulated with openVALIDATION are thus at the same time a formal, machine-processable specification, but also a documentation that is easy for people to understand.

First, to clarify - what is "code", what is "data"? In this article, when I say "code", I mean something a human has written, that will be read by a machine (another program or hardware). When I say "data", I mean something a machine has written, that may be read by a machine, a human, or both. Therefore, a configuration file where you set logging.level = DEBUG is code, while virtual machine instructions emitted by a compiler are data. Of course, code is data, but I think this over-simplified view (humans write code, machines write data) will serve us best for now...

Why not use map, which we already have for collections? Generally speaking, the map function isn't just about collections (though that's usually how it's used in Ruby). map is more about putting an object in a context (a block in Ruby's case), modifying the object, and returning the modified object.

I don't know about you guys but I like dots on the second line when combined with indentation : # Example 1 one.two.three .four # Example 2 my_array.select { |str| str.size > 5 } .map { |str| str.downcase }

Is there a problem or not?If there is a problem, on which side is it? On the client or on the server side?

Code explains what and how Documentation explains why.

So make sure to write your documentation, but do not explain your spells.

The server possibly can send back a 406 (Not Acceptable) error code when unable to serve content in a matching language. However, such a behavior is rarely implemented for a better user experience, and servers often ignore the Accept-Language header in such cases.

without a schema, you do not have a spec, you have an aspiration.

Such schemas cannot easily be refactored without removing the benefits of sharing. Refactoring would require forking a local copy, which for schemas intended to be treated as an opaque validation interface with internal details that may change, eliminates the benefit of referencing a separately maintained schema in the first place.

JSON Schema allows for additionalProperties both a boolean or an object value. true is interpreted as "additional properties follow no restrictions", false means "no additional restrictions", and an object is interpreted as a JSON schema applied to the property values (the empty object is thus equivalent to true).

Prefer alias when aliasing methods in lexical class scope as the resolution of self in this context is also lexical, and it communicates clearly to the user that the indirection of your alias will not be altered at runtime or by any subclass unless made explicit.

But others, including Garner, believe, I think rightly, that while it can be ok to omit the hyphen in compound-noun adjectives, the better practice is to include the hyphen to ensure no confusion (especially since including the hyphen never triggers a miscue).

Weak sequencing reduces to a parallel merge when the operands are on different sets of participants. Weak sequencing reduces to strict sequencing when the operands work on the same participant.

I recommend using the term “parallel” when the simultaneous execution is assured or expected, and to use the term “concurrent” when it is uncertain or irrelevant if simultaneous execution will be employed.

Concurrency is about dealing with lots of things at once. Parallelism is about doing lots of things at once.

Concurrency means that an application is making progress on more than one task at the same time (concurrently)

Each commit should meet the following criteria: Have a well-written commit message. Has all tests passing when used on its own (e.g. when using git checkout SHA). Can be reverted on its own without also requiring the revert of commit that came before it. Is small enough that it can be reviewed in isolation in under 30 minutes or so.