[Notes] 迷幻药和脑科学（下）

September 21, 2019September 21, 2019 WeiranLeave a comment

万维钢的这一课的内容，让我想到或许自闭症的人难以进入默认模式网络，很多表现都能和文中提到的类似。如果真是，那就很讽刺了，所谓自闭，恰恰是他们对“自”（me）无感，把自己跟世界一起“闭”于门外。而屋内热闹的人们，大部分时间活在自己的小屋里，只有不感到恐惧的片刻，偶尔开窗看看外面的世界，同时却忧心门外的他们，除了拥有整个世界，似乎只有孤独。

而现在一个最新的认识，说默认模式网络，是“自我”的来源 —— 你可以叫它 “Me Network”。

我理解，当你专注地做一件事的时候，会进入“心流”状态，它的特征恰恰是“忘我” —— 这也正好是默认模式网络活动降低的状态。

自闭症的人进入“心流”，那是分分钟的事。

科学家认为人在刚出生的时候并没有默认模式网络，是长大了慢慢才形成。

他们就是难以甚至无法形成默认模式网络。

科学家曾经猜想，既然致幻剂让人的感情都变得更强烈了，是不是说致幻剂能增强大脑的活动呢？结果发现不是。使用致幻剂后，大脑的供血量和供氧量都下降了。

很好奇他们的大脑供血量跟一般人是不是有区别？

但是使用了迷幻蘑菇之后，大脑的各个网络之间就增加了很多横向的、全局性的交流。现在的大脑“全球化”了 ——
视觉和听觉直接对话，你会感到颜色是有声音的。听觉和触觉直接对话，你会感到声音有质感，可以触摸。

他们的确有不同程度的通感能力，而且不限于五官之间，而是在同一感官，也能产生抽象和形象之间的融合。例如不少自闭算数天才，每个数字对于他们都是一种颜色和图案。对于Temple Grandin，物品在时间轴上可以随意切换。至于波子，过去的事件和日历的对标对于他稀松平常。

从这里脑科学角度来说，就是当你的默认模式网络开启、你有自我意识的时候，你的大脑会自动过滤外界信息。
比如走路，你只会注意路的方向、有没有障碍物、有没有行人，你会把鸟叫的声音、树叶的颜色都忽略掉。再比如读书，你会注意文字的意思，而不会一直观察墨水和纸张的细微结构。过滤增加了你的效率，但同时也给你带上了有色眼镜，你不能客观地去体验这个世界。

对这些跟目标动作无关的“多余”细节的注意，正是自闭者的一大特征。其实细节是客观存在的，之所以多余，是因为常人的默认模式网络开启之后，根据立场，不自觉过滤掉的。而自闭者没有这种“功利心”。

[Notes] Strategies for implementing user authentication in serverless applications

September 18, 2019September 18, 2019 WeiranLeave a comment

https://serverless.com/blog/strategies-implementing-user-authentication-serverless-applications/

Typically, you would store session data in either Redis or Memcached. But for Serverless projects, it makes sense to use hosted datastores instead—Amazon ElastiCache or DynamoDB, Google Cloud Datastore, etc.

AWS Lambda offers a convenient way to perform authentication outside of your core functions. With API Gateway’s Custom Authorizers, you can specify a separate Lambda function that is only going to take care of authenticating your users.

Still a lot of heavy-lifting. The whole point of going serverless is to focusing more on coding the business logic. 😦

[Notes] GOTO 2015 • Agile is Dead

September 17, 2019September 17, 2019 WeiranLeave a comment

Agility – What to do
1) find out where you are
2) take a small step towards your goal
3) adjust your understanding based on what you learned
4) repeat

Agility – How to do it
When faced with two of more alternatives that deliver roughly the same value, take the path that makes future change easier.

That applies to most of the design decisions.

[Notes] Your coding conventions are hurting you

September 17, 2019 WeiranLeave a comment

http://www.carlopescio.com/2011/04/your-coding-conventions-are-hurting-you.html

Alan is very explicit about the idea of methods as goals, something you want to happen, unconcerned about how it is going to happen.

The fundamental reason behind TDD.

If we can’t find a good name, we obviously don’t know enough about either the problem domain or the solution domain.

I would suggest that you focus on class/interface names first. If you can’t find a proper name for the class, try naming functions. Look at those functions. What is keeping them together? You can apply them to… that’s the class name :-).

When Peter wrote that (1993), the idea of an Helper class was mostly unheard of. But as more people got into the OOP bandwagon, they started creating larger and larger, uncohesive classes. The proper OO thing to do, of course, is to find the right cooperating, cohesive concepts. The lazy, fake OO thing to do is to take a bunch of methods, move them outside the overblown class X, and group them in XHelper. While doing so, you often have to weaken encapsulation in some way, because XHelper needs a privileged access to X. Ouch.

Wow, I’ve never paid attention to that since helper class is so much “needed” for every project. Lol

Handler, again, is an obvious resurrection of procedural thinking. What is an handler if not a damn procedure? Why do something need to be “handled” in the first place? Oh, I know, you’re thinking of events, but even in that case, EventTarget, or even plain Target, is a much better abstraction than EventHandler.

Again, eye opening!

Still, at some point people thought it was fine to look at an interface (or at a class), see if there was some kind of “main method” or “main responsibility” (which is kinda obvious if you only have one) and name the class after that. Which is a very simple way to avoid thinking, but it’s hardly a good idea. It’s like calling a nail “Hammerable”, because you known, that’s what you do with a nail, you hammer it. It encourages procedural thinking, and leads to ineffective abstractions.

Unusual perhaps, but that’s because of the common drift toward the mechanics of things and away from concepts (because the mechanics are usually much easier to get for techies).

Sort of calling a concept IDollar instead of Currency.

A List is an IEnumerable (what??) A List is a Sequence (well, all right!)

[Notes] The Ultimate Guide to handling JWTs on frontend clients (GraphQL)

September 15, 2019September 15, 2019 WeiranLeave a comment

The Ultimate Guide to handling JWTs on frontend clients (GraphQL)
— Read on blog.hasura.io/best-practices-of-using-jwt-with-graphql/

So far, this is the best article I have read that explains and answers questions on JWT (both server and client.)

That’s why it’s also really important not to store JWT on the client, say via cookies or localstorage. Doing so you make your app vulnerable to CSRF & XSS attacks, by malicious forms or scripts to use or steal your token lying around in cookies or localstorage.

So memory only? For cookies, with HttpOnly and Secure, there should be no concern about XSS or man-in-the-middle. Yes, chance of CSRF is still there. So you need anti-forgery. For example, keeping an anti-forgery token in localstorage (since value in localstorage won’t be sent automatically with each request.)

So it really depends on the balance of security vs. cost to keep it absolutely secure.

A very good point has been made in this SO thread.

This is a painful discussion on the Internet. Our short (and opinionated answer) is that backend developers like using JWTs because a) microservices b) not needing a centralized token database.

Indeed yes, the two most important benefits.

This token is issued as part of authentication process along with the JWT. The auth server should saves this refresh token and associates it to a particular user in its own database, so that it can handle the renewing JWT logic.

The refresh token is sent by the auth server to the client as an HttpOnly cookie and is automatically sent by the browser in a /refresh_token API call.

Persisting JWT token in localstorage (prone to XSS) < Persisting JWT token in an HttpOnly cookie (prone to CSRF, a little bit better for XSS) < Persisting refresh token in an HttpOnly cookie (safe from CSRF, a little bit better for XSS).

[Notes] Our journey to type checking 4 million lines of Python

September 10, 2019September 10, 2019 WeiranLeave a comment

https://blogs.dropbox.com/tech/2019/09/our-journey-to-type-checking-4-million-lines-of-python/

Gradually migrating using mypy.

Once your project is tens of thousands of lines of code, and several engineers work on it, our experience tells us that understanding code becomes the key to maintaining developer productivity.

Type comments were also handy for Python 2 support, which has no built-in notion of type annotations:

[Notes] Difference between del, remove and pop on lists

September 4, 2019September 4, 2019 WeiranLeave a comment

https://stackoverflow.com/questions/11520492/difference-between-del-remove-and-pop-on-lists

Object? Yes -> remove()

No -> Index range? Yes -> del

No -> return value? Yes -> pop()

No -> del

[Notes] Azure Cosmos DB update for August 2019

September 2, 2019 WeiranLeave a comment

https://channel9.msdn.com/Shows/Azure-Friday/Azure-Cosmos-DB-update-for-August-2019

Azure Cosmos DB is getting more and more powerful. Now Apache Spark can be enabled. It comes with Jupyter Notebooks. You can work directly on the data. So there is no need to copy the data around. Spark worker can be auto-scaled up and down with your DB. Aggregation query performance improvement is fantastic, both faster and cost less.

Weiran's Recycle Bin

Life means something

Month: September 2019