And can someone explain how I'm supposed to implement SSO? We have a bunch of subdomains that support SSO by communicating with an iframe that has the logon status stored, but it appears that the iframe wouldn't have access to its own data anymore. Is that right?
The HTML5 spec refers to the site's registrable domain according to the URL spec:
> A host’s registrable domain is a domain formed by the most specific public suffix, along with the domain label immediately preceding it, if any. [3]
Public Suffixes are defined according to a database that you have to explicitly register in [4]. If you aren't sure whether your base domain is registered as a public suffix, then it probably isn't.
"Doesn't work how you'd expect" reminds me of the time that we had users receiving responses from other people's requests.
Why? Our API is idempotent, but we needed to use POST instead of GET to let the browser send a request body. Our API is very slow, so we put NGINX in front of our API to cache responses. We used something like
proxy_cache_key "$request_uri|$request_body";
I don't think I was completely remiss in thinking that $request_body means "request body". Testing showed that it worked just fine. In production, some users made requests that were larger than our tests - and then $request_body is empty, and users will get each others' responses. This behavior is helpfully documented as follows:
"The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives when the request body was read to a memory buffer."
His whole point is that the occasional person who IS "phoning it in all the time" will appear to be very good at their job, possibly better than the people who are really trying their best to get it right.
I like this idea, but the pro-patent argument says that some things become obvious only after you see them. Once a company starts selling a product with the new idea, everyone will figure it out, and it will become part of the set of things that are obvious to experts.
In my opinion that's not what patents are about. Patents are about how to do something. The obvious purpose is that revealing your patent advances the state of the art.
Otherwise, why would the community grant a relatively long term (about 20 years) of monopoly? It doesn't make sense to do that just for a clever business idea.
I basically agree with you. The counterargument says that some innovation simply doesn't happen for centuries, until it finally occurs to someone. You want to incentivize those kinds of innovations as well, to get people to revisit old issues. For example, the stirrup. Evident once you see it, but a big innovation, or it would have shown up centuries earlier.
Why would you expect a company that pays for buffers to be able to compete with a company that doesn't, even if the first company is owned by benevolent founders? Shouldn't the company that's cut inventory to a minimum be able to charge less than the competition, and drive the high-inventory competition out of business? I understand that not having inventory might create long-term problems, but how is the high-inventory company supposed to compete during the good times?
They're not making money from the person who defaults (well, maybe if they default after a long series of payments). They're making money on average by lending to a lot of people, of which only a subset default. If you look like a bad risk, you pay more to subsidize all the people who also look like bad risks and will actually default.
Without the (old) extra inconvenience, it would probably be higher than 1%. Also, it could be that this mechanism substitutes for some of the previous anti-theft measures, so it's hard to use the $719,548 figure to conclude anything about whether this would be cost effective.
I'm curious if there's good data on what constitutes a "sedentary lifestyle" over time. In the early 1900s, I suspect people with desk jobs had a lot of small activity over the course of the day that we can now avoid. I take an elevator, drive for errands, and look up just about anything without leaving my desk. I don't even have to cross the room to turn on the modern equivalent of the radio. I don't have to get anything from a filing cabinet except for perhaps a few times a year. Is that the same as "sedentary" of old?
That's an interesting observation and you may well be right that people in the past were more active in this way.
On the other hand, the contribution small levels of exercise (such as getting up from your desk and walking at a normal pace, even climbing a few flights of stairs a couple of times per day) to calorie consumption is likely to be almost nothing - a few dozens of kcal over the course of a day at best. I know that there have been studies for example of the additional kcal consumption from a standing desk compared to a normal desk, and the result is almost non-existent, less than 10 kcal over the course of a workday.
The question is whether the small-scale activity has an impact on hunger, though. Very anecdotally, when I'm active, I have an easier time feeling full.
The alternative is hiding most of the reports by default. It's a firehose, and almost all of it is guaranteed to be useless. For example, denial of service in a devDependency shouldn't be shown unless the user specifically requests it. Denial of service shouldn't be marked "high" importance, even though occasionally it might be quite important to some user.
