megawatthours's comments

>And don't even get me started on the async keyword

Please do! Genuinely curious what you don't like about it.

That code does the same thing as https://news.ycombinator.com/item?id=15302465 but not the same thing as the code in the article.

Same reason given in the bluebird library documentation:

> Promise.reduce will start calling the reducer as soon as possible, this is why you might want to use it over Promise.all (which awaits for the entire array before you can call Array#reduce on it).

Whether this is ever necessary is another matter :)

Is there a standard way to avoid attacks based on abusing your window.location.replace() calls?

Something I see often and is a huge code smell to me is not using the most restrictive form of iteration.

If you see collection.map(...) you know that each iteration is simply a pure function from original element to transformed element, which is an immense help when reading the code.

If you can use only map / filter / takeWhile / join etc to express what you are doing, use those! If not, try and just use reduce / foreach. If not, try and just use for. Only use while if nothing else works!

foobar works perfectly and with no noticeable performance difference on linux in wine, and is imo miles better than any of the native linux apps.

Very well designed website.

You can do this in Java using derive4j: https://github.com/derive4j/derive4j.

It generates code for algebraic data types which offer a typesafe interface similar to the `case` statements in languages that natively support pattern matching.

Relevant and very entertaining read: The Dice Man

> would have to know the hash of the file which requires them to already know the contents of the file

That is incorrect. Knowing the hash does not mean you know the contents of the file. You should generate encryption keys randomly, preferably using a secure random method such as that shipped with SJCL, rather than JavaScript's random API.

From looking at "upload.js" you are using AES in counter mode.

    var aesCtr = new aesjs.ModeOfOperation.ctr(encryptionKeyBytes, new aesjs.Counter(-1));

Please use https://github.com/bitwiseshiftleft/sjcl which supports a very high-level sjcl.encrypt(passphrase, plaintext) API and has been audited, instead of using crypto primitives.

One specific issue is you are only encrypting, not authenticating, so if the servers are compromised someone could send back a fake plaintext.

The map doesn't change on page reload, and I'm guessing you didn't change it while training. Doesn't that mean these cars are trained only for this map?

Surprisingly, they seem to successfully avoid user-added obstacles.

It's really easy with Mate or gnome-flashback.

  sudo apt-get install mate-desktop

gets you a really nice desktop, almost identical to Ubuntu pre-Unity. Then you just need to use

  main = xmonad mateConfig

in xmonad.hs and change the window manager using gconf-editor.

Unity 3D is a Compiz plugin so you can't use XMonad with it.

Gnome 3.8 and later only support gnome-shell as a window manager; it is not possible to integrate xmonad or any other window manager with it

XMonad hits a sweet spot no other window manager does for me:

  import XMonad.Config.Mate

  main = xmonad mateConfig

and just like that I have XMonad running inside my mate desktop, without the need to manually configure a status bar for volume, wifi, keyboard input language, clock, etc.

I don't even use tiling that much as I prefer to have one app per workspace, but just having focus-follows-mouse and the option to tile if I need it is really sweet.

I think you're being overly obtuse. The point they're making is that browsers don't automatically send anything after the # to the server.

This makes it possible to implement apps where all decryption is done on the client and the server never sees either the plaintext or the key (which they are mistakenly calling 'Zero-Knowledge' apps).

Whether this is beneficial, and how easy it is to bypass (court order to modify the JavaScript, MITM to modify the JavaScript, extensions which dial in to the mothership with all URLs including the hash fragment), is another question.

But if you assume that your browser or that app are compromised and arbitrary scripts are running in it, then the attacker already has access to all the data anyway, and the location hash itself becomes irrelevant.

They don't claim it's a silver bullet, but they rightfully claim that this at least has the benefit of protecting your data in case someone leaks or sub-poeanas it from the servers hosting it.

Many web apps successfully use this model, most notably client-encrypted pastebin clones like privnote and password managers like KeePassWeb and LastPass.

I never got the Java argument. I would much rather fail early and noisily with an NPE than return false and let my program happily chug along when it wasn't expecting a null. If the value is intended to be nullable, I would use an optional.

This claims to improve static websites by adding hot reloading, search, React, the NPM ecosystem, and faster page load.

Search can already be done using Jekyll https://blog.algolia.com/instant-search-blog-documentation-j... (same idea of indexing at build time).

Jekyll can hot reload with jekyll serve.

Anyone who is familiar with React is familiar with HTML and CSS, whereas the opposite is not necessarily true. This means if you are able to use Phenomic, you are able to use Jekyll, but not vice versa.

The NPM ecosystem is useful for authoring templates, not for the end user. If I were writing a Jekyll template I'd probably use webpack and npm, but I don't need that baked into the static site generator itself.

Finally, page load is a really dubious claim, here's some numbers:

On phenomic.io, the HTML for the index page weighs 3K gzipped (measured by copying HTML, removing what can be externalized and cached like styles + scripts, and gzipping index.html)

When using Phemonic to do client-side loading, the JSON for the different pages is from 600B to 2.9K (as seen in network tools when clicking on the links in the top nav).

A page load with phemonic therefore saves you: * 2KB of bandwidth for some pages * a few 302 not modified requests for static resources, which are negligible if you use HTTP/2

On the flip side of the coin, phemonic.js, the script bundle which makes all this magic possible, weighs 132KB, ie 44 times the size of the content the user wants to view.

I can't see the value here.

JS: The Good Parts is obsolete

In webpack.config.js

> if (IS_PRODUCTION) { > config.devtool = 'source-map';

Ouch! This will make for a huge bundle. See https://webpack.github.io/docs/configuration.html#devtool

Merge request here: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9028