I fully agree the best solution for security is “javascript.enabled = false”

Lets go back to the original “browser as a document” instead of “browser as OS”.

As I said up-thread, it was promised from Day 1 that browsers would always execute client-side Javascript safely. That was central to its acceptance.

You don’t need microsecond timing on a freaking website – except maybe in graphics and sound, and such functionality could be wrapped and secured in an API. So think that browser makers deserve a bigger slice of blame for making their users so vulnerable. User safety needs to become important again.

Somehow this seems sad, to have to be forced to have computers run fuzzy time because of buggy hardware and nasty abusers of such.

They coincide in most cases, but they don't if there are series of consecutive uppercase letters as in "HTMLParser"

Making MoneySerializer reloadable would be confusing, because reloading an edited version would have no effect on that class object stored in Active Job.

Indeed, if MoneySerializer was reloadable, starting with Rails 7 such initializer would raise a NameError.

Let's imagine your project talks to databases, supports several, and has adapters for each one of them. Those adapters may have top-level require calls that load their respective drivers: # my_gem/db_adapters/postgresql.rb require "pg" but you don't want your users to install them all, only the one they are going to use.

In that line, if two loaders manage files that translate to the same constant in the same namespace, the first one wins, the rest are ignored. Similar to what happens with require and $LOAD_PATH, only the first occurrence matters.

Think the mere existence of a file is effectively like writing a require call for them, which is executed on demand (autoload) or upfront (eager load).

It is very important that your gem reopens the modules ActiveJob and ActiveJob::QueueAdapters instead of defining them. Because their proper definition lives in Active Job. Furthermore, if the project reloads, you do not want any of ActiveJob or ActiveJob::QueueAdapters to be reloaded. Bottom line, Zeitwerk should not be managing those namespaces. Active Job owns them and defines them. Your gem needs to reopen them.

There are project layouts that put implementation files and test files together.

Note that since the directory is ignored, the required adapter can instantiate another loader to manage its subtree, if desired. Such loader would coexist with the main one just fine.

Kernel is already defined by Ruby so the module cannot be autoloaded. Also, that file does not define a constant path after the path name. Therefore, Zeitwerk should not process it at all.

Let's suppose that your gem decorates something in Kernel:

This inflector is like the basic one, except it expects lib/my_gem/version.rb to define MyGem::VERSION.

Zeitwerk raises Zeitwerk::UnsynchronizedReloadError if any of these situations are detected. This is a fatal exception that signals a fundamental bug, you cannot rescue it and expect things to work.

All known use cases of require_dependency have been eliminated with Zeitwerk. You should grep the project and delete them.

if Rails.application.config.reloading_enabled? Rails.autoloaders.main.on_unload("Country") do |klass, _abspath| klass.expire_redis_cache end end

You need to tell the main autoloader to ignore the directory with the overrides, and you need to load them with load instead. Something like this: overrides = "#{Rails.root}/app/overrides" Rails.autoloaders.main.ignore(overrides) config.to_prepare do Dir.glob("#{overrides}/**/*_override.rb").each do |override| load override end end

If your application decorates classes or modules from an engine,

Every element of config.autoload_paths should represent the top-level namespace (Object).

would define a Views module, for example, as an unwanted side-effect.

Some projects want something like app/api/base.rb to define API::Base, and add app to the autoload paths to accomplish that.

By default, app/models/concerns belongs to the autoload paths and therefore it is assumed to be a root directory. So, by default, app/models/concerns/foo.rb should define Foo, not Concerns::Foo.

# config/initializers/zeitwerk.rb ActiveSupport::Dependencies. autoload_paths. delete("#{Rails.root}/app/models/concerns")

Doing so affects how Active Support inflects globally. That may be fine, but if you prefer you can also pass overrides to the inflectors used by the autoloaders:

Once zeitwerk mode is enabled and the configuration of eager load paths double-checked, please run: bin/rails zeitwerk:check

the last "All is good!" is what you are looking for.

To verify the application is running in zeitwerk mode, execute bin/rails runner 'p Rails.autoloaders.zeitwerk_enabled?'

it is highly encouraged to switch to zeitwerk mode because it is a better autoloader

Much of this sort of information was later reverse-engineered, and cross-browser support for basic operations is actually quite good. (Browsers still vary widely on the details.)

Reverse-engineering and standardizing contentEditable

A brief and extremely biased timeline of standardization

export RUBY_THREAD_VM_STACK_SIZE=2000000

This is not a path I'd recommend for small-to-medium-sized teams, but if you're inside a large organization committed to making SPAs with high walls between front-end and back-end departments, it might make sense.

Stimulus is a JavaScript framework with modest ambitions. It doesn’t seek to take over your entire front-end—in fact, it’s not concerned with rendering HTML at all.

We're moving forward by taking things out.

We're way overdue a correction back to simplicity for the frontend. ES6/HTTP2/Import maps looks like they'll deliver just that.

Unless new evidence comes to bear that refutes the basic tenets of this analysis

Rails 7.0 will aim to give you a default setup based on import maps, and leave the Webpacker approach as an optional alternative.

The final piece that's pushing the two first crucial changes over the paradigm hill is import maps. They allow the use of logical references for modules in ES6 (also known as ESM), rather than explicit file references.

Five years later, the facts on the ground have finally changed. I no longer believe that this bargain is worth it for most new applications.

Transpiling with Babel ushered in the era of horrendously complicated transpiling pipelines and tooling. Writing the JavaScript of the future wasn't free. The price was an ever expanding web of complexity. This clearly wasn't the finish line.

Today, many web developers are even using JavaScript's native module syntax, but combining it with bare import specifiers, thus making their code unable to run on the web without per-application, ahead-of-time modification. We'd like to solve that, and bring these benefits to the web.

For now, we'll concentrate on the semantics of the mapping, deferring the installation discussion.

The heart of Hotwire is Turbo. A set of complementary techniques for speeding up page changes and form submissions, dividing complex pages into components, and stream partial page updates over WebSocket. All without writing any JavaScript at all. And designed from the start to integrate perfectly with native hybrid applications for iOS and Android.

It feels great to get an email from someone you care about. Or a newsletter you enjoy. Or an update from a service you like. That’s how email used to feel all the time.

Email gets a bad rap, but it shouldn’t. Email’s a treasure.

Now email feels like a chore, rather than a joy. Something you fall behind on. Something you clear out, not cherish. Rather than delight in it, you deal with it.

HEY’s fresh approach transforms email into something you want to use, not something you’re forced to deal with.

Email sucked for years. Not anymore — we fixed it.

The core benefit of Marginalia is being able to decorate SQL queries with details of the context of the source of the query.

d

Niemand liest Rezensionen, also sag ich einfach mal dass ich schwul bin!

All that can be forgiven, but not charging $10 USD for this bundle worsener (they dumped it very quick into shovelware game bundles). $10 gets you a lot of great games on Steam like Frostpunk, Metro and Skyrim, so it's impossible to ask anyone considers this against the competition.

I get it, game development is hard, not everyone gets to be an astronaut, you must be this tall to take the ride.

what looks like a Unity Asset Store flipped robot

Boston AInamics (an unauthorised riff on the name of the robotics company, Boston Dynamics, I hope they sue)

Grundsätzlich eine nette Idee. Aber an der Umsetzung hapert es. Mein Roboter stößt manchmal gegen unsichtbare Wände oder wird plötzlich in die Luft geschleudert. Zudem wird das Spielprinzip aufgrund der eingeschränkten Bewegungsmöglichkeiten und der immer gleichen Texturen sehr schnell langweilig.

_refs.filter(Boolean)

let _refs = [] $: refs = _refs.filter(Boolean)

It is best practice not to use user input to dictate where your app is going to redirect, this is highly exploitable.

Update 2 - I have confused myself as well.

I found something wired! I had a target=blank in my kindergarten.svelte file that when I click on a link that opens in a new tab , in that tab when I click on other links page doesn't load without refresh! It's a little bit confusing !

In fact, "stuff" was a better name. If I said "put it in the context", there were like 15 things in the codebase called "context", but "put it in stuff", well, there's only one thing called "stuff". Because no one else was brave/silly enough to use that name.

I suppose most systems use a word like "context", "environment", "data", "info", "headers", "metadata"... but those words really aren't any more descriptive, now are they! They are just stuff!

Loading in, receiving, and/or passing cargo

Synonyms include bequest and primogeniture, which are both wonderfully ridiculous suggestions

The drawback of a few more keystrokes is a hit I'll gladly take.

Since context just fits best if it wasn't taken already, I propose layoutContext or loadContext to show a) the semantic similarity to contexts but b) make it visible that this is different and belongs to a specific part.

inherit inherits inherited pipe chain context (keep as is) locals (again) tunnel metadata env scene domain foo $layout

payload bag obj

yield, present, furnish

isn't ideal but it sort of works if you squint

Some ideas that were floated, in no particular order of terribleness:

I tried mapping out the different flow of information for the two different contexts:

it's the fact that Microsoft hasn't prioritized this work. There's nothing magical about Blink or V8 that makes the Chrome password manager better than Edge's; it's just that Google has taken the time to do the work.

Will be executed right after outermost transaction have been successfully committed and data become available to other DBMS clients.

(I can't imagine use case for it but if you can, please open a pull request or issue).

after_commit { puts "We're all done!" }

We're all done!

I'm a big fan of refinements (yes, I am), and that's what I did to make this code look simpler and more beautiful:

These callbacks are smart enough to run after the final (outer) transaction* is committed. * Usually, there is one real transaction and nested transactions are implemented through savepoints (see, for example, PostgreSQL).

These callbacks are focused on the transactions, instead of specific model actions.

This is beneficial

In this case, the worker process query the newly-created notification before main process commits the transaction, it will raise NotFoundError, because transaction in worker process can't read uncommitted notification from transaction in main process.

I am not looking for model based after commits on update/create/etc, I want to be able to dynamically define a block that will be executed only if the current (top-most) transaction passes:

This would work if your transaction only wraps a single model's save operation. I need to wrap at least Node + Version + Attachment

We’re going to build the query from the inside out; concentrate on what each step means and how we combine them, not what it will return if run in isolation.

(Note this is NOT post.comments.order... we don’t know what post, yet. We want the final query to return comments, so our filter starts with Comment.)

SELECT lateral_subquery.* FROM posts JOIN LATERAL ( SELECT comments.* FROM comments WHERE (comments.post_id = posts.id) LIMIT 3 ) lateral_subquery ON true WHERE posts.id

You want the front page to show a few hundred posts along with the top three comments on each post. You’re planning on being very popular, so the front page will need to be very fast. How do you fetch that data efficiently from postgresql using Activerecord?

Making one Comment query per Post is too expensive; it’s N+1 queries (one to fetch the posts, N to fetch the comments). You could use includes to preload all the comments for all the posts, but that requires hydrating hundreds of thousands of records, even though you only need a few hundred for your front page. What you want is some kind of GROUP BY with a LIMIT on each group — but that doesn’t exist, either in Activerecord nor even in postgres. Postgres has a different solution for this problem: the LATERAL JOIN.

Beer.scoped.arel.class => Arel::SelectManager

beer = Beer.arel_table union = Beer.where(name: "Oberon") \ .union(Beer.where(name: "Two Hearted")) Beer.from(beer.create_table_alias(union, :beers)).all

Inner Join Venn Diagram

Description of the problem: Select all users from a DB with their parents which have the association by parent_id column. Possible solution: Recursive Common Table Expression.

join = Arel::Nodes::NamedFunction.new('json_b_array_elements', [Arel::Nodes::SqlLiteral.new("subscriptions")]) .as(Arel::Nodes::NamedFunction.new('sd', [Arel::Nodes::SqlLiteral.new("subscription_data")]).to_sql) p = e.project( Arel::Nodes::SqlLiteral.new( Arel::Nodes::Grouping.new( Arel::Nodes::InfixOperation.new('->>', sd[:subscription_data], Arel::Nodes::SqlLiteral.new("'id'"))).to_sql) << '::uuid' ).where( Arel::Nodes::InfixOperation.new('->>', sd[:subscription_data], Arel::Nodes::SqlLiteral.new("'type'").eq( Arel::Nodes::SqlLiteral.new("'Company'") ) ).and(e[:slug].eq(event_slug))) p.join_sources << Arel::Nodes::StringJoin.new( Arel::Nodes::SqlLiteral.new('CROSS JOIN LATERAL')) << join

SELECT "users".* FROM "users" wHERE 'admin' = ANY("users"."roles")

any_role = Arel::Nodes::NamedFunction.new("ANY", [User[:roles]])

c2 = Comment.arel_table.alias s1 = Comment.arel_table. project(c2[:user_id], c2[:created_at].maximum.as('max_created_at')). from(c2).group('user_id').as('s1') puts s1.to_sql # (SELECT "comments_2"."user_id", MAX("comments_2"."created_at") AS max_created_at # FROM "comments" "comments_2" GROUP BY user_id) s1

Generates the following sql in sqlite3: "SELECT \"patients\".* FROM \"patients\" INNER JOIN \"users\" ON \"users\".\"id\" = \"patients\".\"user_id\" WHERE (\"users\".\"name\" LIKE '%query%')" And the following sql in postgres (notice the ILIKE): "SELECT \"patients\".* FROM \"patients\" INNER JOIN \"users\" ON \"users\".\"id\" = \"patients\".\"user_id\" WHERE (\"users\".\"name\" ILIKE '%query%')" This allows you to join with simplicity, but still get the abstraction of the ARel matcher to your RDBMS.

def self.current_table_name current_table = current_scope.arel.source.left case current_table when Arel::Table current_table.name when Arel::Nodes::TableAlias current_table.right else fail end end

Product. joins(Arel::Nodes::InnerJoin.new(subquery, Arel::Nodes::On.new( t[:version_id].eq(subquery[:version_id]).and( t[:date].eq(subquery[:max_date])))))

Since elements can overlap each other in a CSS grid, it doesn't even try to align them. As its name suggests, it is a grid, not a column layout.

However, when 2 elements begin at the same grid row, they overlap.

It’ll fill the area by default, but it doesn’t have to. It could be smaller or bigger. It could be aligned into any of the corners or centered.

Perhaps the most interesting limitation is that you can’t target the grid area itself.

So you can’t apply a background and know it will cover that whole grid area anymore.

This is one of the games ever made

A major issue with G Suite legacy free accounts is that they act as Google accounts for the whole Google ecosystem. In addition to emails, calendar events and contacts, some users with G Suite legacy free accounts have been using those accounts with YouTube, Google Maps, purchases on Google Play, Google Drive and more.

I've hosted close friend's and family's email for a decade now on an old G Apps instance. We only ever used it for email on a custom domain.

where the balance is between optimal behavior and having to ship a whole bunch of attribute/property lookup information to the browser with the app whenever someone uses spread attributes.

Taking a look at the ~20 svelte form solutions out there, this either means the market is now filled with good solutions, or, like with the many flutter state management libraries, all current solutions are not good enough.

FWIW, I'm using triggers to get around AR's habit of sending NULL instead of DEFAULT: create function medias_insert_make_uuid() returns trigger as $$ begin NEW.uuid := random_characters(12); return NEW; end $$ language plpgsql; create trigger medias_insert_make_uuid before insert on medias for each row execute procedure medias_insert_make_uuid();

If I create a model ActiveRecord sends NULL values for every field that is not defined. Postgres dutifully writes the NULL value into the field instead of the default value. Activerecord should either send nothing (preferable) or send DEFAULT.

infer is there to say you know you are declaring a new type (in the conditional type's scope) - much like you have to write var, let or const to tell the compiler you know you're declaring a new variable.

4.3.9 undefined value primitive value used when a variable has not been assigned a value 4.3.11 null value primitive value that represents the intentional absence of any object value

You are not allowed to automate the Gmail interface, whether to send, delete, or filter emails, in a manner that misleads or deceives users.

Please keep in mind that your definition of “unsolicited” or “unwanted” mail may differ from your email recipients’ perception. Exercise judgment when sending email to a large number of recipients, even if the recipients elected to receive emails from you in the past.

When Gmail users mark emails as spam, it increases the likelihood that future messages you send will also be classified as spam by our anti-abuse systems.

Calls initiated via the REST API are rate-limited to one per second. You can queue up as many calls as you like as fast as you want, but each call is popped off the queue at a rate of one per second.

mpv -playlist <(find "$PWD" -type f)

So no, nnn doesn't try to guess your environment and use-cases and per-decide workflows. It tries to remain generic with sane examples (in the form of plugins) to extend the functionality.

so the effort to make it work for every audio player on all user environments is futile.

Let's say the user is in the process of selecting some files. The names don't indicate anything. So she has to listen and select.

just because a tool does it on-the-fly on Enter doesn't mean it is the right behaviour.

Setting "img max-width:100%" is a technique employed in responsive/fluid web site design so that images re-size proportionally when the browser is re-sized. Apparently some css grid systems have started setting this style by default. More info about fluid images here: http://www.alistapart.com/articles/fluid-images/

Now, our img element will render at whatever size it wants, as long as it’s narrower than its containing element. But if it happens to be wider than its container, then the max-width: 100% directive forces the image’s width to match the width of its container.

me. We recommend using cloud-based TOTP apps such as: 1Password

When setting up SAML SSO in your organization, you can test your implementation without affecting your organization members by leaving Require SAML SSO authentication for all members of the organization name organization unchecked.

I know about the interpolation brackets method, but what if the selector is deeper in the three, for example three of four layers deep? I only want its parent selector to be duplicated, not the whole selector tree.

In Rails, this is known as nested layouts, and it is a bit awkward to use. The standard Rails practice for nested layouts is complicated and involves these considerations:

Either way, I’m a fan of leaving the math in the authored code.

which I hope would extend to iframes.

When a web page is viewed on a screen with a large physical size (assuming a maximised browser window), the author might wish to include some less relevant parts surrounding the critical part of the image. When the same web page is viewed on a screen with a small physical size, the author might wish to show only the critical part of the image.

We tend to put images into flexible container elements, and the image inside is set to width: 100%;

There are ways to create aspect-ratio sized boxes in HTML/CSS today. None of the options are particularly elegant because they rely on the “hack” of setting a zero height and pushing the boxes height with padding. Wouldn’t it be nicer to have a platform feature to help us here?

t's annoying there's no native event for this yet (popstate did not work for me)

A type lockup is a typographic design where the words and characters are styled and arranged very specifically.

Danke! Danke! Danke! ich suche seit Tagen nach einer Lösung und das hier ist es!

you can use -ic option to close the window directly: $ wmctrl -ic 0x02e00085

Assumes you're using screen 0 (if you didn't know that displays could have more than one screen, ignore this).