HackerTrans
TopNewTrendsCommentsPastAskShowJobs

locknitpicker

756 karmajoined 9 bulan yang lalu

Submissions

OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (2023)

datatracker.ietf.org
1 points·by locknitpicker·14 hari yang lalu·0 comments

Queues Don't Fix Overload (2014)

ferd.ca
67 points·by locknitpicker·bulan lalu·32 comments

Introducing BDD (2006)

dannorth.net
1 points·by locknitpicker·2 bulan yang lalu·0 comments

The Back-end for Front-end Pattern (BFF) (2015)

philcalcado.com
2 points·by locknitpicker·2 bulan yang lalu·1 comments

Roy Fielding's Misappropriated REST Dissertation (2020)

twobithistory.org
1 points·by locknitpicker·3 bulan yang lalu·0 comments

REST APIs must be hypertext-driven (2008)

roy.gbiv.com
3 points·by locknitpicker·3 bulan yang lalu·1 comments

DDD Bounded Contexts: Clear Domain Boundaries for LLM Code Generation

understandingdata.com
1 points·by locknitpicker·3 bulan yang lalu·0 comments

TELeR: A General Taxonomy of LLM Prompts for Benchmarking Complex Tasks (2023)

arxiv.org
2 points·by locknitpicker·3 bulan yang lalu·0 comments

RFC 2295 – Transparent Content Negotiation in HTTP

datatracker.ietf.org
1 points·by locknitpicker·5 bulan yang lalu·0 comments

[untitled]

1 points·by locknitpicker·5 bulan yang lalu·0 comments

Sagas (2012)

vasters.com
1 points·by locknitpicker·6 bulan yang lalu·0 comments

Open Policy Agent

openpolicyagent.org
1 points·by locknitpicker·6 bulan yang lalu·0 comments

OpenGitOps

opengitops.dev
50 points·by locknitpicker·6 bulan yang lalu·50 comments

comments

locknitpicker
·6 hari yang lalu·discuss
Your comment is self-contradictory. Here's what you wrote:

> It's a very common thing to blame the lack of time and "finding" the extra time by suggesting to give up phone or some other form of procrastination. But in my experience, time is almost never a problem. It's usually (...) uninterrupted time (...)

Let's ignore the semantics nitpicking of trying to make believe that "time" does not reflect "energy" or "correct psychological state". Trying to frame "I don't have uninterrupted time" as something distinct from "I don't have time" is a choice that cannot be explained, let alone justified. I mean, do you honestly believe that setting 10minutes aside each day for a task has the same impact as being able to set aside an hour a week to invest in the same task?

Perhaps it's more productive to focus on the actual problem: not having time.
locknitpicker
·13 hari yang lalu·discuss
> 100%. its a horrible code smell (...)

It's a testing technique used particularly in legacy projects called characterization tests. If you are faced with covering with tests a component you didn't wrote and you don't want to introduce a regression when refactoring it, you just mock existing function calls to assert observable behavior.

In compiled languages such as C++ this is even done with link time stubs.

Calling it code smell conveys the idea you are inexperienced and lack any experience managing test coverage.
locknitpicker
·17 hari yang lalu·discuss
> Using GET with a body isn't in the spec,

It's exactly the opposite. The HTTP spec does cover GET with bodies. However, what you fail to account is that the spec specifies they are invalid and a GET with body is meaningless, and represents a potential attack.
locknitpicker
·17 hari yang lalu·discuss
> QUERY won't be supported by them either.

Actually you are quite wrong. HTTP already accommodaties nonstandard methods, so HTTP-compliant servers do support whatever string you put together as the method.

What you are failing to understand is that this proposal defines both a method and its semantics. This means the expected behavior regarding idempotency, safety, cacheabiliry. Nonstandard methods by design are interpreted as being unsafe.

What you are also failing to understand is that GET is explicitly designed to not have a request body. This means that a GET with a body is interpreted as something that violates specifications and is potentially an attack such as request smuggling. Again, some API gateways strip them as a security precaution.

> Most of the systems that are blocking GET/body could be easily tweaked to allow it. Today. As is.

Utter nonsense. You are talking about things like home routers and old phones.

> QUERY will likely need firmware updates, core engine updates, etc.

Not really, only if those devices do not comply with HTTP.

The real value proposition is the semantics of a QUERY operarion regarding safety and caching. It's not a coincidence that this proposal is backed by the likes of Cloudflare. All HTTP compliant requests are just forwarded through all internet boxes, and the likes of Cloudflare sits at the edge safely caching them.
locknitpicker
·18 hari yang lalu·discuss
> zero. Many libs will/can just request method as a string so you can start coding now

Not so fast, champ. It matters nothing what your library let's you run away with. What matters is that every single box in the internet between you and the origin server will tolerate, and your pet library doesn't have a say in that.

> Using POST instead comes with no drawbacks

There's a hefty share of ignorance in your comment. Between POST being classified as an unsafe method and the absence of support for cashing, there are plenty of downsides of abusing POST for query requests.

As the RFC was initially proposed by someone from Cloudflare, were you aware that not even Cloudflare support caching POST requests? Their unofficial support for caching POST requests is to create a fake GET request to serve as cache key and use that to cache the response. This is the kind of hacks everyone is forced to go through instead of using something like QUERY
locknitpicker
·18 hari yang lalu·discuss
> The difference is the method. Query you're saying I can use body. GET you should never use body.

The biggest win is how intermediary boxes now have concrete guidance that a specific HTTP request is both safe, idempotent, and carries a request body. Up until now none of this existed, and at best developers could use unsafe methods to carry request bodies (see GraphQL and how it uses POST for queries)
locknitpicker
·18 hari yang lalu·discuss
> "Using GET with a Body works"

Except it doesn't. Some API gateways outright strip request bodies from GET requests to prevent them from being forwarded.

It sounds like most people with the "just use GET" nonsense are far from having any experience in cloud computing.
locknitpicker
·19 hari yang lalu·discuss
> If a model can take a series of increasingly complex instructions and satisfy the requirements without human intervention (...)

This is the wrong metric to target. Today's models can feel one-shot but they are so at the expense of resilient ReAct loops that brute force their way out of the mess initial prompts created.

And each iteration is expensive.

Sometimes failing fast and early is better than going for one-shot models that try to mitigate the mess they created with reasoning steps and ReAct loops.
locknitpicker
·20 hari yang lalu·discuss
> A poorly documented, poorly implememented, and poorly understood protocol is a worthless protocol.

The world seems to manage just well to get CORS to work, though. If developers fucking up implementations of any standard is enough justification to argue that something is worthless, you'd be hard pressed to find any software engineering topic that by your personal definition would be deemed worthless.
locknitpicker
·20 hari yang lalu·discuss
It's the graphql way.
locknitpicker
·20 hari yang lalu·discuss
> This one puzzles me though. How can DELETE be idempotent?

It's the textbook definition of idempotence. So much so that wikipedia's article on idempotence mentions it and provides links to primary sources.
locknitpicker
·20 hari yang lalu·discuss
> If you haven't figured out a good abstraction at 5-100 customers, God help you.

This blend of opinion is very naive. Every single project is a business requirement away from having the wrong abstraction in place.

https://xkcd.com/1425/
locknitpicker
·20 hari yang lalu·discuss
> If you’ve “written” something with AI, I have idea if you even read it, thus I have no idea if it even really reflects your thoughts. And I don’t care what a computer has to say, I care what a human has to say.

At a more fundamental level, if AI generated it then I have no trust it is actually true or reflects facts or matches reality. It's insulting to throw AI slop at us because you expect us to read something you didn't bothered to write or perhaps even read. The text is probably all wrong with a veneer of well sounding verbiage, and potentially is created to drive engagement instead of actually communicating useful information.
locknitpicker
·21 hari yang lalu·discuss
> He's not really up for re-election, so I'm not sure what approval numbers have to do with it

As an outsider, it seems the US midterm elections are a couple of months from now. If republicans lose, Donald Trump will most likely be impeached for all the mind numbingly high-level corruption and involvement in a pedophile ring.
locknitpicker
·24 hari yang lalu·discuss
> I'm curios why you are avoiding social media?

You make it sound as if that's undesirable.
locknitpicker
·24 hari yang lalu·discuss
> I'd rather have an icon next to the link that implies "Open in new Tab" like one of these with the arrow:

That is a valid option for detachable UI elements seen in desktop apps.

Opening links in a separate tab or window is not that thought. That is a first class user flow in web design.
locknitpicker
·24 hari yang lalu·discuss
> Exactly. This is a design choice and there’s no right or wrong here.

I don't agree. If your design choice forces a user flow that is surprising, awkward, and redundant then it's definitely the wrong choice. It's still a call to be made by the design team, though.
locknitpicker
·24 hari yang lalu·discuss
> (...) your anonymized chats, they will be public as paid training data.

If they are PII then under GDPR they are obligated to delete the data.

If not then they will be liable to pay fines up to $20 million or 4% of their total global turnover.
locknitpicker
·24 hari yang lalu·discuss
> Yes we have heard this before, React is only 30kb!

Not quite. You might be surprised to know, but the whole JOSE standard, and JWT in particular, specify a very limited set of fields. Whenever anyone starts requiring more than that, the responsibilities start to be offloaded to the likes of OpenID Connect.
locknitpicker
·24 hari yang lalu·discuss
> They’re spending Monopoly money.

They also seem to be desperate to buy their way into a monopoly, even though the company itself has a long track record of failing to deliver anything noteworthy.