139 Matching Annotations
  1. Last 7 days
    1. But anti- spam software often fetches all resources in mail header fields automatically, without any action by the user, and there is no mechanical way for a sender to tell whether a request was made automatically by anti-spam software or manually requested by a user. To prevent accidental unsubscriptions, senders return landing pages with a confirmation step to finish the unsubscribe request. A live user would recognize and act on this confirmation step, but an automated system would not. That makes the unsubscription process more complex than a single click.

      HTTP: method: safe methods: GETs have to be safe, just in case a machine crawls it.

  2. Nov 2022
    1. For example, if I make an application (Client) that allows a user (Resource Owner) to make notes and save them as a repo in their GitHub account (Resource Server), then my application will need to access their GitHub data. It's not secure for the user to directly supply their GitHub username and password to my application and grant full access to the entire account. Instead, using OAuth 2.0, they can go through an authorization flow that will grant limited access to some resources based on a scope, and I will never have access to any other data or their password.
    1. In other words, if you use Bash to run Jenkins, and then run docker stop, then Jenkins will never see the stop command!
    2. Now, Bash actually does the same thing (reaping zombies), so you're probably wondering: why not use Bash as PID 1?
    3. In other words, someone has to clean up after "irresponsible" parents that leave their children un-wait'ed, and that's PID 1's job.
  3. Oct 2022
    1. The problem is that the caller may write yield instead of block.call. The code I have given is possible caller's code. Extended method definition in my library can be simplified to my code above. Client provides block passed to define_method (body of a method), so he/she can write there anything. Especially yield. I can write in documentation that yield simply does not work, but I am trying to avoid that, and make my library 100% compatible with Ruby (alow to use any language syntax, not only a subset).

      An understandable concern/desire: compatibility

      Added new tag for this: allowing full syntax to be used, not just subset

  4. Sep 2022
    1. Such schemas cannot easily be refactored without removing the benefits of sharing. Refactoring would require forking a local copy, which for schemas intended to be treated as an opaque validation interface with internal details that may change, eliminates the benefit of referencing a separately maintained schema in the first place.
    1. JSON Schema allows for additionalProperties both a boolean or an object value. true is interpreted as "additional properties follow no restrictions", false means "no additional restrictions", and an object is interpreted as a JSON schema applied to the property values (the empty object is thus equivalent to true).
  5. Aug 2022
  6. Jun 2022
    1. The dominant idea is one of attention, by which a representation at a position is computed as a weighted combination of representations from other positions. A common self-supervision objective in a transformer model is to mask out occasional words in a text. The model works out what word used to be there. It does this by calculating from each word position (including mask positions) vectors that represent a query, key, and value at that position. The query at a position is compared with the value at every position to calculate how much attention to pay to each position; based on this, a weighted average of the values at all positions is calculated. This operation is repeated many times at each level of the transformer neural net, and the resulting value is further manipulated through a fully connected neural net layer and through use of normalization layers and residual connections to produce a new vector for each word. This whole process is repeated many times, giving extra layers of depth to the transformer neural net. At the end, the representation above a mask position should capture the word that was there in the original text: for instance, committee as illustrated in Figure 1.
    1. The ORDER BY clause can only be applied after the DISTINCT has been applied. Since only the fields in the SELECT statement are taken into consideration for the DISTINCT operations, those are the only fields may be used in the ORDER BY.
  7. Apr 2022
    1. The backslash character does not concatenate any strings. It prevents the line-break from meaning that those two lines are different statements. Think of the backslash as the opposite of the semicolon. The semicolon lets two statements occupy one line; the backslash lets one statement occupy two lines.
    1. Think the mere existence of a file is effectively like writing a require call for them, which is executed on demand (autoload) or upfront (eager load).
    1. infer is there to say you know you are declaring a new type (in the conditional type's scope) - much like you have to write var, let or const to tell the compiler you know you're declaring a new variable.
  8. Jan 2022
    1. FORBIDDEN: Status code (403) indicating the server understood the request but refused to fulfill it. User/agent known by the server but has insufficient credentials. Repeating request will not work, unless credentials changed, which is very unlikely in a short time span.
    2. This may be because it is known that no level of authentication is sufficient (for instance because of an IP blacklist), but it may be because the user is already authenticated and does not have authority.
    1. The intended behavior for the code snippet above is to reactively update b when a changes allows b temporarily go "out-of-sync" of a when calling update, setting b to 42 in this case, b is not always a * 2 however, if a changes again, b will be updated back to a * 2, instead of staying at 42
    1. When you give an element a width of 100% in CSS, you’re basically saying “Make this element’s content area exactly equal to the explicit width of its parent — but only if its parent has an explicit width.” So, if you have a parent container that’s 400px wide, a child element given a width of 100% will also be 400px wide, and will still be subject to margins, paddings, and borders — on top of the 100% width setting.
  9. Nov 2021
    1. The selective-second-order-with-skips model is a useful way to think about what transformers do, at least in the decoder side. It captures, to a first approximation, what generative language models like OpenAI's GPT-3 are doing.
    1. why is Session not assignable to WithAdditionalParams<Session>? Well, the type WithAdditionalParams<Session> is a subtype of Session with includes a string index signature whose properties are of type unknown. (This is what Record<string, unknown> means.) Since Session does not have an index signature, the compiler does not consider WithAdditionalParams<Session> assignable to Session.
  10. Oct 2021
    1. This function allows you to modify (or replace) a fetch request for an external resource that happens inside a load function that runs on the server (or during pre-rendering). For example, your load function might make a request to a public URL like https://api.yourapp.com when the user performs a client-side navigation to the respective page, but during SSR it might make sense to hit the API directly (bypassing whatever proxies and load balancers sit between it and the public internet).
  11. Sep 2021
    1. When we describe a language as type-checked, we mean that the language won't let you perform operations invalid for the type. Neither statically nor dynamically typed languages will let you multiply strings together, call a number in the place of a function, etc. A language without type checking would let you do all of those things without complaint.
    1. TypeScript is an extension of JavaScript. You can think of it as JavaScript with a few extra features. These features are largely focused on defining the type and shape of JavaScript objects. It requires that you be declarative about the code you're writing and have an understanding of the values your functions, variables, and objects are expecting.While it requires more code, TypeScript is a fantastic means of catching common JavaScript bugs while in development. And for just that reason, it's worth the extra characters.
    1. It is advised to inline any css @import in component's style tag before it hits css-loader. This ensures equal css behavior when using HMR with emitCss: false and production.
    2. Webpack's resolve.mainFields option determines which fields in package.json are used to resolve identifiers. If you're using Svelte components installed from npm, you should specify this option so that your app can use the original component source code, rather than consuming the already-compiled version (which is less efficient).
    1. The important thing to understand is that there is no such thing as a class method in Ruby. A class method is really just a singleton method. There is nothing special about class methods. Every object can have singleton methods. We just call them "class methods" when the object is a Class because "singleton method of an instance of Class" is too long and unwieldy.
  12. Aug 2021
    1. Isolation ensures that concurrent execution of transactions leaves the database in the same state that would have been obtained if the transactions were executed sequentially
    1. If you extend a method to accept keyword arguments, the method may have incompatibility as follows: # If a method accepts rest argument and no `**nil` def foo(*args) p args end # Passing keywords are converted to a Hash object (even in Ruby 3.0) foo(k: 1) #=> [{:k=>1}] # If the method is extended to accept a keyword def foo(*args, mode: false) p args end # The existing call may break foo(k: 1) #=> ArgumentError: unknown keyword k
  13. Jul 2021
    1. The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), whereas successive identical POST requests may have additional effects, akin to placing an order several times.
  14. Jun 2021
  15. May 2021
    1. Why are there so many programming languages and frameworks? Everyone has their own opinion on how something should be done. Some of these systems, like AOL, Yahoo, etc... have been around for a decade, and probably not updated much.
    2. Simple fact is that HTML support is different in them because mail clients are so old, or others are allowed to operate in browsers where not all CSS or even HTML can be applied in a secure manner. Older clients have outdated browsers that you'll likely NEVER see brought up to standards; what with Opera's standalone aging like milk, and thunderbird lagging behind the firefox on which it's even built. Don't even get me STARTED on older clients like Eudora or Outlook.
  16. Apr 2021
    1. >(...) starts the process ... and returns a file representing its standard input. exec &> ... redirects both standard output and standard error into ... for the remainder of the script (use just exec > ... for stdout only). tee -a appends its standard input to the file, and also prints it to the screen.
    1. Why your original solution does not work: exec 2>&1 will redirect the standard error output to the standard output of your shell, which, if you run your script from the console, will be your console. the pipe redirection on commands will only redirect the standart output of the command.
    1. It should be defined inline. If you are using the img tag, that image should have semantic value to the content, which is why the alt attribute is required for validation. If the image is to be part of the layout or template, you should use a tag other than the img tag and assign the image as a CSS background to the element. In this case, the image has no semantic meaning and therefore doesn't require the alt attribute. I'm fairly certain that most screen readers would not even know that a CSS image exists.

      I believed this when I first read it, but changed my mind when I read this good rebuttal: https://hyp.is/f1ndKJ5eEeu_IBtubiLybA/stackoverflow.com/questions/640190/image-width-height-as-an-attribute-or-in-css

    2. Ah yes, excactly the right answer. Img tags are for information, css backgrounds are for layout.
    1. is a mechanism designed for creating an external host for character-mode subsystem activities that replace the user interactivity portion of the default console host window

      My paraphrase: A pseudoterminal replaces (fakes/pretends to be?) the user interactivity portion.

    1. Yet, in all these instances, life offers no crystal ball; there's no way of knowing what the future holds, or to be cognizant of something we are unaware of. This is the essence of "You don't know what you don't know," only it's being expressed in a comical way
    1. shared_contexts is any setup code that you can use to prepare a test case . This allows you to include test helper methods or prepare for the tests to run.
  17. Mar 2021
    1. The reason Final Form does this is so that pristine will be true if you start with an uninitialized form field (i.e. value === undefined), type into it (pristine is now false), and then empty the form field. In this case, pristine should return to true, but the value that the HTML DOM gives for that input is ''. If Final Form did not treat '' and undefined as the same, any field that was ever typed in would forever be dirty, no matter what the user did.
    1. The hierarchical structure of semantic fields can be mostly seen in hyponymy.

      Good explanation about semantic fields.

      I assume the same or an even stronger statement can be made about semantic classes (which to me are like more clear-cut, distinct semantic fields), then? 

    1. Sorry you’re surprised. Issues are filed at about a rate of 1 per day against GLib. Merge requests at a rate of about 1 per 2 days. Each issue or merge request takes a minimum of about 30 minutes (across at least 2 people) to analyse, put together a fix, test it, review it, fix it, review it and merge it. I’d estimate the average is closer to 3 hours than 30 minutes. Even at the fastest rate, it would take 3 working months to clear the backlog of ~1000 issues. I get a small proportion of my working time to spend on GLib (not full time).
    2. This issue hasn’t been deemed a high enough priority to be fixed yet. It will be addressed one day, I’m sure. There are many issues in GLib which many people on the internet think are important.
    1. Here's the four case: foo.js Load/Require dependencies Concatenate dependencies foo.js.map Load foo.js Currently grabs metadata[:map] from asset to build an asset, need to move that generation somewhere else to accomplish de-coupling map generation foo.debug.js Load foo.js Load foo.js.map Add comment to end of foo.js with path to foo.js.map foo.source.js The raw file on disk, the map file will need to point to source files.
    1. Before a bug can be fixed, it has to be understood and reproduced. For every issue, a maintainer gets, they have to decipher what was supposed to happen and then spend minutes or hours piecing together their reproduction. Usually, they can’t get it right, so they have to ask for clarification. This back-and-forth process takes lots of energy and wastes everyone’s time. Instead, it’s better to provide an example app from the beginning. At the end of the day, would you rather maintainers spend their time making example apps or fixing issues?
    1. I'd say an equation is anything with an equals sign in it; a formula is an equation of the form A= stuffA= stuffA={\rm\ stuff} where AAA does not appear among the stuff on the right side.
    2. An equation is meant to be solved, that is, there are some unknowns. A formula is meant to be evaluated, that is, you replace all variables in it with values and get the value of the formula.
    3. The key idea is that the equation captures not just the ingredients of the formula, but also the relationship between the different ingredients.
    4. In your case, "mpg = distance/gallons" is best understood as "a formula in the form of an equation", which means that in this instance the two words are interchangeable.
  18. Feb 2021
    1. While you could program this little piece of logic and flow yourself using a bunch of Ruby methods along with a considerable amount of ifs and elses, and maybe elsif, if you’re feeling fancy, a Trailblazer activity provides you a simple API for creating such flow without having to write and maintain any control code. It is an abstraction.
    1. This text wound up founding the discipline which we today call "metaphysics", and one way to describe what this subject encompasses is that it covers things at a level of abstraction above physics.
    1. ActiveInteraction also supports merging errors. This is useful if you want to delegate validation to some other object. For example, if you have an interaction that updates a record, you might want that record to validate itself. By using the #merge! helper on errors, you can do exactly that.
    1. People often hear what they think should be said, not the words that are actually spoken. This comes from the tendency of people to think faster than they talk. A listener makes assumptions about what they expect because their minds race ahead. This can be especially problematic when you misinterpret what your boss said. 
    1. For now I feel ActiveForm is still a bit early to transition to a gem  as there are still things to improve and work out. One day I'll invest more time into making it extendable and release it as a gem. For now I feel it's an unnecessary complexity.

      If he's like most of us, though, this means it will never happen...

    1. An intent filter is an expression in an app's manifest file that specifies the type of intents that the component would like to receive. For instance, by declaring an intent filter for an activity, you make it possible for other apps to directly start your activity with a certain kind of intent. Likewise, if you do not declare any intent filters for an activity, then it can be started only with an explicit intent.
    1. 100vw is 100% of the viewport width not accounting for scrollbars (unless the root element has anything other than overflow: auto set, but auto is the default value). Thus, when the page content overflows the viewport vertically, the browser renders the vertical scroll bar, which reduces the visible viewport area by a few pixels. But the 100vw value doesn't update to account for this, so the selected div retains the same width as before the vertical scrollbar appeared. This results in the horizontal scroll bar rendering.
    1. the 2 hardest problems in computer science are essentially the 2 hardest problems of life in general, as far as humans and information are concerned.
    2. The non-determinism is why cache invalidation — and that other hard problem, naming things — are uniquely and intractably hard problems in computer science. Computers can perfectly solve deterministic problems. But they can’t predict when to invalidate a cache because, ultimately, we, the humans who design and build computational processes, can’t agree on when a cache needs to be invalidated.
    1. justify-content Sometimes the total size of your grid might be less than the size of its grid container. This could happen if all of your grid items are sized with non-flexible units like px. In this case you can set the alignment of the grid within the grid container.
  19. Jan 2021
    1. Basically the typescript compiler emits no code for interfaces, so webpack can not find them in the compiled module; except when a module consists of only interfaces. In that case the module will end up completely empty and then webpack will not investigate the exports.
    1. I don't know what I'd expect this to do, if not create an infinite loop. You're asking Svelte to do something before every update, and one of the things you're asking it to do is to flush any pending changes and trigger an update.
    1. In other words, programs that send messages to other machines (or to other programs on the same machine) should conform completely to the specifications, but programs that receive messages should accept non-conformant input as long as the meaning is clear.
    1. For example, we might request some data from a stock exchange API, and along with our usual API parameters, we give it a callback, like ?callback=callThisWhenReady. The web service then wraps the data with our function and returns it like this: callThisWhenReady({...data...}). Now as soon as the script loads, your browser will try to execute it (as normal), which in turns calls our arbitrary function and feeds us the data we wanted.
    1. Explained: Reason for the “The following packages have been kept back” error and how it was fixed The above suggested fix should solve the problem for you. But are you curious what caused the error and how was it fixed? Let me explain that to you. Normally, when you run the sudo apt update and sudo apt upgrade commands, it updates all the installed packages to their available newer versions. However, if the dependencies of an installed package have been changed such that it requires installation of new packages, the installed package won’t be upgraded with the system update and you’ll see package kept back error.
    1. Dialogs use text buttons because the absence of a container helps unify the action with the dialog text. Align text buttons to the right edge for left-to-right scripts.
    2. Text buttons are often embedded in contained components like cards and dialogs, in order to relate themselves to the component in which they appear. Because text buttons don’t have a container, they don’t distract from nearby content.
  20. Dec 2020
    1. A listener watches for an event to be fired. For example, a KeyListener waits for KeyEvents, a MessageListener waits for messages to arrive on a queue and so on. The handler is responsible for dealing with the event. Normally, listeners and handlers go hand-in-hand. For example, the KeyListener tells the ExitHandler that "the letter Q was pressed" and the handler performs logic such as cleaning up resources and exiting the application gracefully. Similary a ButtonClickListener would tell the same ExitHandler that the "Exit button was clicked". So, in this case you have two different events, two different listeners but a single handler.

      You can use the same handler for multiple events/listeners.

    2. The most basic difference is the association Listener is associated with Event Source (Ex: key board) Handler is associated with an Event (Ex: keydown)
  21. Nov 2020
    1. As mentioned in #2937, this is the sort of thing that happens when you have two copies of Svelte's internal scheduler running. If you're importing the compiled version of an external Svelte component into another Svelte component, this is what you end up with. There's a svelte field in package.json that's respected by rollup-plugin-svelte and which is intended to point at the uncompiled Svelte source, so that the external component can be bundled together with the main app, without any duplicated internals.
    1. positive feedback loops, in which a change in a given direction causes additional change in the same direction.For example, an increase in the concentration of a substance causes feedback that produces continued increases in concentration. negative feedback loops, in which a change in a given direction causes change in the opposite direction.For example, an increase in the concentration of a substance causes feedback that ultimately causes the concentration of the substance to decrease.
    1. Gas engines are so complicated/intricate/messy. I wish we could just use electric motors for everything. Clean, simple, and maintenance-free.

    1. Linear mixed models are an extension of simple linear models to allow both fixed and random effects, and are particularly used when there is non independence in the data, such as arises from a hierarchical structure
    1. So let's say we pull down evil/foo which is FROM ubuntu followed by RUN apt-get update except with a small surprise included in the image. Subsequent builds using those same commands will be compromised.
    1. With the advent of JavaScript modules (import and export), it's possible to build libraries that are tree-shakeable. This means that a user of your library can import just the bits they need, without burdening their users with all the code you're not using.
  22. Oct 2020
    1. One of the significant differences between the two is that a call to a partially applied function returns the result right away, not another function down the currying chain; this distinction can be illustrated clearly for functions whose arity is greater than two.
    2. As such, curry is more suitably defined as an operation which, in many theoretical cases, is often applied recursively, but which is theoretically indistinguishable (when considered as an operation) from a partial application.
    1. Not all application state belongs inside your application's component hierarchy. Sometimes, you'll have values that need to be accessed by multiple unrelated components, or by a regular JavaScript module.
    2. A store is simply an object with a subscribe method that allows interested parties to be notified whenever the store value changes. In App.svelte, count is a store, and we're setting count_value in the count.subscribe callback.
    1. Just like elements can have children... <div> <p>I'm a child of the div</p> </div>...so can components. Before a component can accept children, though, it needs to know where to put them. We do this with the <slot> element.
    1. Escaping is a subset of encoding: You only encode certain characters by prefixing a special character instead of transferring (typically all or many) characters to another representation.
    1. Any variable referenced on the lines marked with $: is marked as a dependency of the derived variable.
    2. It's possible to run a function whenever some reactive state changes using the useEffect hook. In the example we log the length of the todoList whenever it changes. The first argument to useEffect is the function we want to run, and the second is a list of reactive values to track - whenever one of these values changes the effect will run again.
  23. Sep 2020
    1. using modulesOnly behaves exactly as expected when it warns you that the listed npm libraries do not use the ES6 format and are in fact ignored. This option is meant as a way to determine if you still have commonjs libraries in your dependencies that require special treatment via rollup-plugin-commonjs. Your code will probably not work since the listed dependencies will be missing. You should remove modulesOnly and instead add rollup-plugin-commonjs.
    1. The difference between default and named affects how other people can consume your bundle. If you use default, a CommonJS user could do this, for example:

      include the following content

    2. In other words for those tools, you cannot create a package interface where const lib = require("your-lib") yields the same as import lib from "your-lib". With named export mode however, const {lib} = require("your-lib") will be equivalent to import {lib} from "your-lib".
    1. globals are assumed to have their field value on the window object and can be referenced inside the bundle by their field name globals: { name: 'Value', }, assumes that some other script tag or whatever establishes window.Value and the emitted umd bundle for example, calls the factory like factory(global.Value). So globals is just stuff to bring into the factory on the globals object. It doesn't even make it "global" inside the bundle. Basically, the resolver does not check the globals object during the loading process. The resolver needs to be told how to link these globals and that's what the external option is for. external: ['name'], Then you can reference it like import myName from 'name'; myName();
    2. we've learned why you might want to use external but not globals: libraries. We've started to factor some of our client-side JS as libraries to share between projects. These libraries import $ from 'jquery'. However they don't want to presume how that import might be "fulfilled". In most projects it's fulfilled from a global i.e. a script loaded from a CDN. However in one project it's fulfilled from a local copy of jQuery for reasons I won't get into. So when these libraries bundle themselves for distribution, as ES6 modules, they mark 'jquery' as an external and not as a global. This leaves the import statements in the bundle. (Warning: Don't bundle as an IIFE or UMD, or Rollup will guess at fulfilling the import from a global, as @Rich-Harris mentions above.)
  24. Aug 2020
  25. Jul 2020
  26. May 2020
  27. developer.chrome.com developer.chrome.com
    1. If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.
    1. If you’re selling products and keep record of users’ choices for marketing purposes, dividing them into meaningful categories, such as by age, gender, geographical origin etc., you’re profiling them.
  28. Apr 2020
    1. A website (also written as web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server
    1. In math, idempotence describes only unary functions that you can call on their own output. Math-idempotence is, “If you take the absolute value of a number, and then you take the absolute value of that, the result doesn’t change on the second (or subsequent) operations.” Math.abs is math-idempotent. Math-idempotence only applies to functions of one parameter where the parameter type and return type are the same. Not so useful in programming.
    1. Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
  29. Mar 2020
    1. The process of collecting and storing user consent from a technical perspective
    2. First-party cookies are the lifeblood of every website, enabling businesses to remember key pieces of information about users and to collect analytics data. Third-party cookies are the bread and butter of AdTech, allowing publishers to monetize their websites, and brands to run advertising and marketing campaigns.
    1. They are in place to prevent brute forcing a password. If you had to complete these every time you login, a person has to be there to answer it. This makes it so you can’t leave a guessing software to break your password. So, in short, it's for your account’s safety.