75 Matching Annotations
  1. Sep 2017
  2. Aug 2017
  3. Jul 2017
    1. o ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request as described in Section 4.1.1, and if included ensure that their values are identical.
    2. If an authorization request is missing the "response_type" parameter, or if the response type is not understood, the authorization server MUST return an error response as described in Section 4.1.2.1.
    3. The authorization server MAY fully or partially ignore the scope requested by the client, based on the authorization server policy or the resource owner's instructions. If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted.
    1. In practice, this is accomplished by monitoring the amount of operational work being done by SREs, and redirecting excess operational work to the product development teams: reassigning bugs and tickets to development managers, [re]integrating developers into on-call pager rotations, and so on. The redirection ends when the operational load drops back to 50% or lower.

      Ensuring that SREs spend 50% of their time doing operational work.

    2. The hero jack-of-all-trades on-call engineer does work, but the practiced on-call engineer armed with a playbook works much better. While no playbook, no matter how comprehensive it may be, is a substitute for smart engineers able to think on the fly, clear and thorough troubleshooting steps and tips are valuable when responding to a high-stakes or time-sensitive page.
    3. The business or the product must establish the system’s availability target. Once that target is established, the error budget is one minus the availability target. A service that’s 99.99% available is 0.01% unavailable. That permitted 0.01% unavailability is the service’s error budget. We can spend the budget on anything we want, as long as we don’t overspend it.

      The goal of SREs is no longer "zero outages", but to allow for maximum product development velocity as long as it stays within the error budget.

    4. Monitoring is one of the primary means by which service owners keep track of a system’s health and availability. As such, monitoring strategy should be constructed thoughtfully.

      Three types of valid monitoring input:

      1. Alerts: A human needs to take action immediately.
      2. Tickets: A human needs to take action, but not immediately, even up to a few days.
      3. Logging: No human needs to look at this, it is recorded for diagnostic or forensic purposes.
    5. Reliability is a function of mean time to failure (MTTF) and mean time to repair (MTTR) [Sch15]. The most relevant metric in evaluating the effectiveness of emergency response is how quickly the response team can bring the system back to health—that is, the MTTR.
    6. In general, for any software service or system, 100% is not the right reliability target because no user can tell the difference between a system being 100% available and 99.999% available.
    7. When they are focused on operations work, on average, SREs should receive a maximum of two events per 8–12-hour on-call shift. This target volume gives the on-call engineer enough time to handle the event accurately and quickly, clean up and restore normal service, and then conduct a postmortem. If more than two events occur regularly per on-call shift, problems can’t be investigated thoroughly and engineers are sufficiently overwhelmed to prevent them from learning from these events.
    8. In general, an SRE team is responsible for the availability, latency, performance, efficiency, change management, monitoring, emergency response, and capacity planning of their service(s).
    9. Therefore, Google places a 50% cap on the aggregate "ops" work for all SREs—tickets, on-call, manual tasks, etc. This cap ensures that the SRE team has enough time in their schedule to make the service stable and operable.

      The other 50% of the time is devoted to development.

    10. By design, it is crucial that SRE teams are focused on engineering. Without constant engineering, operations load increases and teams will need more people just to keep pace with the workload.
    11. What exactly is Site Reliability Engineering, as it has come to be defined at Google? My explanation is simple: SRE is what happens when you ask a software engineer to design an operations team.
    12. Google has chosen to run our systems with a different approach: our Site Reliability Engineering teams focus on hiring software engineers to run our products and to create systems to accomplish the work that would otherwise be performed, often manually, by sysadmins.
  4. May 2017
  5. Mar 2017
    1. Not to display the text and instead a placeholder image if annotation.text is None

      Currently not having a annotation.text value means that it's a highlight and not an annotation, which gets displayed differently. Are we still able to differentiate a nipsa'd highlight from a nipsa'd annotation?

    2. access to the request object which contains the authenticated user and will be responsible for redacting the annotation text for group readers

      I'm not sure if there is another way, but we should take cacheability of these API responses into consideration. We know that we currently can't cache these endpoints, but we should try to not add new uncacheable things onto it.

    3. This field will be available in the annotation object in the client

      I think we should have a discussion about how much we want to hide the fact that an annotation is hidden from the creator of the annotation. Currently there is no definite way for a user to find out if their annotation is nipsa'd, except for checking the page logged-out or with another user account. But we don't explicitly state that an annotation is hidden.

      I just want us to be sure that we want to change this before we add a nipsa key to the annotation response which gets returned from the API.

      A compromise might be to only return the nipsa flag if we don't hide annotation but only black out the text?

    4. Add a field in ES if an annotation hasReplies if an annotation has replies

      When we create a new annotation reply, we need to make sure to re-index the immediate parent.

    5. add a nipsa field to annotation (or possibly another table).

      Now that memex is going to be reintegrated into h again we need to make sure to draw a line of where we want to separate. If we don't need to separate at all, then a nipsa flag on the annotation table is good enough. Otherwise I would suggest to separate nipsa from the rest by adding a nipsa table (like we had), but each record can point to either a user or an annotation.

    1. If the version is less than 24 hours old, you can unpublish it. The package will be completely removed from the registry. No new packages can be published using the same name and version.

      Unpublished npm package versions cannot be reused.

  6. Feb 2017
    1. Try to get a Ralph Gibson neg expose tri-x at E.I. 200 and overdevelop the neg if I remember correctly something along the lines of 11mins in Rodinal 1:25 20°C

      Normal Tri-X at ISO 200 in Rodinal takes 7 minutes according to the massive dev chart, 11 minutes is an increase in 57%.

    1. The negative I used was developed in Rodinal 1+25 for 16 minutes at 20*C and has still provided fairly soft tone gradation despite extended development.

      As mentioned further down:

      She simply set her spotmeter to the recommended ISO rating and placed the black ball of wool in the basket onto zone 3. Additional exposure was then given for the bellows extension factor. The recommended development time for Rodinal diluted 1+25 was 8 minutes, so that time was doubled

      Seems to be that exposing FP4+ at box speed and then doubling the development time can lead to adequate negatives for salt printing.

  7. Jan 2017
  8. Dec 2016
    1. Make sure your PagerDuty account is set up correctly and test your notification settings.

      A good starting point for the notification rules is:

      • Immediately after it's assigned to me: push notification (install iOS/Android app!)
      • 2 minutes after it's assigned to me: sms to mobile
      • 5 minutes after it's assigned to me: phone call to mobile

      Make sure to install the PagerDuty iOS/Android app on your phone, and add the PagerDuty phone number to your contacts and then favourites, and allow your favourites during "Do not disturb" (a.k.a. in the middle of the night).

  9. Nov 2016
    1. The former use of the area left an extensive contamination of soil and groundwater with cyanides, phenols and tar that after German reunification had to be cleared by excavation and bioremediation.
  10. Oct 2016
    1. Each field is treated as an integer and has its value printed as a zero-filled hexadecimal digit string with the most significant digit first. The hexadecimal values "a" through "f" are output as lower case characters and are case insensitive on input.

      Also see above:

      The internal representation of a UUID is a specific sequence of bits in memory.

      PostgreSQL for example is storing UUIDs as zero-filled hexadecimal digit strings, and thus they should be safe to pass around (including in URLs).

    1. The "RS256" algorithm, from [JWA], is a mandatory-to-implement JSON Web Signature algorithm for this profile.

      What does "is a mandatory-to-implement JSON Web Signature algorithms" mean in this context?

    2. In order to issue an access token response as described in OAuth 2.0 [RFC6749]

      A successfull access token response according to RFC6749 (section 5.1) looks like this:

      HTTP/1.1 200 OK
      Content-Type: application/json;charset=UTF-8
      Cache-Control: no-store
      Pragma: no-cache
      
      {
        "access_token":"2YotnFZFEjr1zCsicMWpAA",
        "token_type":"example",
        "expires_in":3600,
        "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
        "example_parameter":"example_value"
      }
      

      The refresh token is optional, and the expiration in seconds is recommended but not required.

  11. Sep 2016
    1. The login program in early versions of Unix executed the crypt function only when the login name was recognized by the system. This leaked information through timing about the validity of the login name, even when the password was incorrect.

      To not leak information about which usernames exist in order to prevent time attacks, the password should always be checked.

    1. working at Hypothes.is

      Hello from Hypothesis

  12. Aug 2016
  13. Jul 2016
    1. We think we’ll save ourselves the commute and we’ll be able to flexibly weave in and out of work and home life.

      I would also add that hiring remote people allows for finding great people wherever they live and not constrain the search to a particular city/area.

  14. May 2016
    1. Support multiple instance by Active-Standby model

      Might be possible to run celery workers with the -b flag and then run it on every worker instance?

    1. Because this is not always needed, and there are many choices available on how to index, declaration of a foreign key constraint does not automatically create an index on the referencing columns.

      PostgreSQL does not automatically create an index for foreign key constraints, it does however for primary keys.

  15. Apr 2016
  16. Mar 2016
    1. Someone is on a phone, i.e. a slow computer with a slow connection.

      This is one of the most important points, the web on even fairly modern phones can be excruciatingly slow.

  17. Feb 2016
    1. The rule of thumb is to avoid using more than two expressions in a list comprehension. This could be two conditions, two loops, or one condition and one loop. As soon as it gets more complicated than that, you should use normal if and for statements and write a helper function
    2. Dictionaries and sets have their own equivalents of list comprehen-sions.

      It gets better an better!

      d = { "foo": "bar", "baz": "qux" }
      r = {val: key for key, val in d.items()}
      #=> { "bar": "foo", "qux": "baz" }
      
    3. Unlike map, list comprehensions let you easily filter items from the input list, removing corresponding outputs from the result.

      This might be the greatest advantage of list comprehensions. Even in Ruby requires one to return a nil value from a map and then a call to compact, like: array.map(&:transform).compact.

    4. Beware that indexing a list by a negative variable is one of the few situations in which you can get surprising results from slicing. For example, the expression so melist[-n:] will work fine when n is greater than one (e.g., somelist[-3:]). However, when n is zero, the expression so melist[-0:] will result in a copy of the original list.

      Which is the same for somelist[:]. Not sure what the author is getting at. Maybe he meant to say that using variables as indexes when slicing can become confusing?

    5. Slicing can be extended to any Python class that implements the__getitem__ and __setitem__ special methods
    6. In a file, functions and classes should be separated by two blank lines.

      I wonder what the reasoning for having two blank lines for separating functions and one blank line for methods is. Seems like an arbitrary distinction.