Can you please explain this? It makes no sense to me (as c# developer) that `["1", "2", "3"].map(parseInt)` whould get different result from `["1", "2", "3"].map(a => parseInt(a))`.
I would argue this particular example has more to do with the radix parameter of parseInt being optional and having a complex behavior.
More generally, javascript functions accepting any number of parameters, regardless of those specified in the function declaration, is quite error prone when passing functions around.
I always use anonymous functions or 'bind' to explicitly match the parameters unless all functions involved are curried.
The other reason to avoid passing 'naked' functions around too happily is the behavior of this.
I also find most optimizations to focus on simple, explicit code. Nothing like using the less common, more dynamic features of the language to hit deoptimizations.
I wouldn't call it "hidden". If someone expected that to work, or couldn't figure out what the article example was doing, they just haven't read the documentation for 2 common functions. In fact, last I checked, always using the second parameter of parseInt was considered good practice.
There are generally two schools of thought: one is that the programmer should know better, memorize the documention and specs. The other one is that if it violates the principle of least astonishment it's just badly designed. Personally I believe that the truth is somewhere in the middle. It's good to know one's tools (including docs and specs) but I wouldn't call this kind of "clever" code maintainable.
Auditing binaries wouldn't really do anything as it's their hardware that'd run the binary. So the hardware can be programmed to lie or to still have some backdoor.
I wouldn't recommend XPS. I have version 9350 and it constantly have one problem after another. In no particular order: slow boot time (it can take 7 seconds to see dell logo after pressing power button), coil whine, a firmware update killed the laptop once. I don't know how much of these problems can be attributed to Intel but I fear hardware manufacturers have adopted "release early fix later through firmware" mind-set. Good things about Dell: next business day warranty where a guy will come and replace the motherboard in case the update renders it useless.
I’d heard that some had fixed the problem by updating the intel graphics driver.
I did a Dell “update everything including the BIOS” and it made my QT development IDE and my application have bad rendering problems so I did a system restore.
The “pause” is a complete lock up, mouse and keyboard stop responding.
> There are some kinds of battery that only work at those temperatures - molten salt batteries. Used on earth for a few types of missile and some grid batteries.
Not an expert in batteries but Wikipedia says molten salt batteries provide high amount of power only for a short period of time:
> Once activated, they provide a burst of high power for a short period (a few tens of seconds to 60 minutes or more), with output ranging from watts to kilowatts.
Actually I read the rechargeable section but there is no explicit mention there of how quickly does the rechargeable battery provide power. Is this implied that it's not in quick bursts because it's rechargeable? Or maybe I missed something? (I re-read the section again now).
Yes, there is no mention because it's not very different from other technologies.
Molten salt batteries are mostly not practical (who wants to carry around some explosives at boiling water temperature), but the single use cells get some usage because of this feature. Rechargeable ones don't.
I don't want to sound negative but I guess almost 100% of the web relies on quickly updating resources and being fresh so I wouldn't hold my breath for when "resource pinning" would happen.
For the record one can already do it if all resources would use Subresource Integrity. Hashes of leaf resources would be embedded in parent resources up to the root document that you could announce out-of-band (e.g. https://example.com on 23rd of November 2017 has hash 1234566...). Then you'd have a cryptographic proof (like a Merkle tree) that nothing in the page changed.
There are no standards and protocols in place for this, and there's no browser that enforces this.
If you think that taking something that's 80% there and filling in the last 20% for yourself counts as something that's "already" possible, then nothing is new and everything is already possible.
> Hashes of leaf resources would be embedded in parent resources up to the root document that you could announce out-of-band (e.g. https://example.com on 23rd of November 2017 has hash 1234566...)
This is really janky and not at all what I'm talking about. What I'm talking about is as simple as what happens now, e.g., "GitLab/Mastodon/Whatever XX.x Released".
> There are no standards and protocols in place for this, and there's no browser that enforces this.
And there will never be especially for web apps because there are no parties interested in this. Look at what happened with HPKP. It looked good on the surface but it turned out that extreme security is a little bit too extreme.
> If you think that taking something that's 80% there and filling in the last 20% for yourself counts as something that's "already" possible, then nothing is new and everything is already possible.
I'm just pointing out that you can already construct a scheme with the same security properties as what you described. If you'd rather wait for some hypothetical standard and implementation that will probably never happen then that's your decision.
> This is really janky and not at all what I'm talking about. What I'm talking about is as simple as what happens now, e.g., "GitLab/Mastodon/Whatever XX.x Released".
Perfect is the enemy of good and "GitLab/Mastodon/Whatever XX.x Released" seems to be just good enough. For paranoid people OpenPGP is there to verify build artifacts.
Are you an authority on this? Or just trying your hand at being pundit with an endless supply of unsubstantiated stop energy?
> I'm just pointing out that you can already construct a scheme with the same security properties as what you described.
No, you can't. You're writing as if the "you" here is the party in control of the service backend—the developer. That's not what this is about. This is about how you—the user—can trust that out of the n times you visited the site it didn't serve up tampered assets to backdoor the process. If this were about developers, we wouldn't be having this discussion; the developer doesn't need to request proof that he or she hasn't done any tampering to covertly introduce a backdoor.
> "GitLab/Mastodon/Whatever XX.x Released" seems to be just good enough.
I'm convinced at this point that either you're just responding without actually giving any consideration to the words coming from either one of us, or I'm having a frustrating exchange with a chatbot.
I'm the one who wrote that a release announcement on the project blog suffices to verify out-of-band that the user should expect the resources to change. You're the one who wrote this:
> Hashes of leaf resources would be embedded in parent resources up to the root document that you could announce out-of-band
So why are you now trying to explain to me that a release announcement blog post is "good enough"? Clearly if I didn't think so, I wouldn't have argued for it.
