validation – Best practice with error messages say what is wrong, or how to remedy the error?

I’ve had a quick search and probably explaining the situation is why I can’t find anythign useful to help me. It’s best to describe the sitation with an example!

Take a form where a user must input a positive integer. If they don’t put in a correct value, say -1, the form will fail validation. Naturally you want some feedback returned to the user so they can fix the problem.

Should this error message explain what is wrong and why this field failed validaton, or the how to fix it.

E.g:

Field cannot be a negative number

or

Field must be a greater than 0

Ultimately both mean the same thing, and I understand it’s an English language thing, but from a UX best practice perspective what is better. (Please note in my case UI limitations mean it can’t be a combination of both)

(I also know that it could be a case of either are OK, just make it consistent through the UI).

interaction design – Best practice for Styling links when used in tables and headings

Should links in data tables be styled like regular text links or only have some indication on hover?

For example Shopify tables have default black text color and only change to blue on hover:

enter image description here

I dont want a table full of blue text when each cell has a link as this might be overkill to the experience when viewed as a whole. I also dont know if its best practice to only indicate they are links when the user hovers.

c++ – Is it best practice to define a member function directly in a class?

When a function is defined as part of the class definition, it is implicitly inline (regardless of whether you use that keyword). This has a number of consequences.

  • The function may be inlined by the compiler, potentially but not necessarily resulting in a faster program.
  • Thus, different compilation units can get different copies of this function.
  • The One Definition Rule (ODR) does not apply, which usually requires that each function or object has only one definition in the entire program. Instead, you promise that all copies of the function are equivalent. (This could be violated if you change the function in the header, but don’t recompile all compilation units that include the header).
  • Changing an inline function breaks ABI compatibility, requiring recompilation.

Whether the function is defined as part of the class definition, or as an inline function outside of the class definition but still within the header is equivalent:

class C {
    int func();
}

inline int C::func() { return ... ; }

Now when we put the function definition into a separate compilation unit, we have a different set of consequences:

  • The function cannot be inlined (unless your compiler does link-time optimization) which might be slightly less efficient.
  • The function is only defined in that compilation unit. To call the function from other compilation units, the object code has to be linked by the compiler.

The large practical difference is what happens when you modify this function.

  • For an inline function, you have to recompile all code that uses this definition.
  • For a non-inline function, you only have to compile that one compilation unit that defines it, and then re-link with other compilation units.

On large projects, avoiding recompilation is very important in order to enable fast feedback when making changes. This leads to various strategies:

  • keep header files as minimal as possible, possibly have multiple header files so that dependent compilation units can only pull in those declarations they need
  • prefer defining functions in separate compilation units
  • if compile time performance and ABI stability are more important than run time performance, the pImpl idiom can be used

However, inline functions still have their uses:

  • the function definition is trivial, unlikely to change, and should be inlined, e.g. getters or setters
  • templates are inline
  • the function should be available for inlining due to performance reasons

If you want to enable inlining optimizations within a compilation unit, declaring it as inline is not necessary or appropriate. It is more important that the function has “internal linkage”. For example, free functions (that are not class members) have internal linkage when declared static. The contents of an anonymous namespace have internal linkage. This is useful for helpers within a .cpp file.

If performance and compilation times and ABI stability are no concern, then defining your functions as part of the class definition is perfectly fine. This is the case in many smaller projects that are internally used libraries or executables. Some people prefer having the function definitions right in the class. Other people prefer keeping the definitions separate, so that it’s easier to get an overview of all members of the class.

This answer applies to all versions of the C++ standard, with the caveat that the C++ 20 module system changes this. If a function is defined within a class definition that is part of a module, it will not be considered inline.

ux designer – Is it a bad practice if we position breadcrumb to the right side of page header?

Most breadcrumbs are on the left of the page because it’s simply not possible to know exactly how far it will extend to the right as the user moves through the site.

Because this layout is so common, most users will expect to be able to find the breadcrumb trail on the left of the page.

It is, of course, possible to place it anywhere you wish provided that you know you have room for it – The one caveat being that, if you are going to place it in the right side of the page, it should always extend to the right:

level 1 >
level 1 > level 2 >
level 1 > level 2 > level 3 >

and not extend left-wards:

                    level 1 >
          level 1 > level 2 >
level 1 > level 2 > level 3 >

to prevent the user from becoming confused with which link they want to click on

design – Continuously updating a state object bad practice?

Say I have a state machine which returns a State object. Depending on the State (“Home”, “Lost”, “Known Location”), I would like to enforce some logic, e.g. if State is “Lost” I need to enforce dropping a breadcrumb.

So I have a function goForWalk that is maybe a MDP, I am debating between the two following designs:

def goForWalk():
   walk_state = State()
   for numSteps in walk:
      current_state = calculateState().
         if current_state == "Known Location":
            walk_state.updateState("Home")
         elif current_state == "Lost":
            walk_state.updateState("Lost")
   return walk_state

class State:
   def __init__(self):
      self.state = None
   def updateState(state):
      if state == "Lost":
         drop_breadcrumb()
      self.state = state

Under the constraint that TerminalState needs to execute some logic based on its state, which could be continuously updated, (I may go from “Lost” to “Known Location” to “Lost” again). I feel like there is a better way to do this if there are suggestions/pointers!

security – Best Practice Angular HTTPOnly Cookies and RoleGuards

I want to improve my security of my web-applications and started to look for actual security concepts for Angular >= 10.

So I came over HTTPOnly cookies, which seemed to be state-of-the art. Since now, I only worked with “Standard” JWT tokens and extracted the props e.g. iat, exp and my data from the jwt and built related guards based on it.

But if I understood it correct as stated here HTTP Only Stackoverflow Question the cookie can not be accessed on the client side.

So my question to you is:

How can I build up a role based guard on the client side, without accessing the cookie and not duplicating the effort to still send the jwt-token via the request header.

Thanks a lot in advance for your comments!
Best regards
Ragitagha

ids – Are sequential patterns used in practice?

I study computer security and I read articles about the potential usage of sequential pattern mining in IDPS products:

I am curious if any of you have seen these sequential patterns and set any rule for them in practice e.g. in a SIEM or IDPS system. I have the impression that most products support only association rules and don’t analyse the sequence of the events, packets, etc. I think some attacks can be detected only by checking the sequence, because a single event or packet does not contain enough info about the ongoing attack. I guess most people do this manually instead of using sequential pattern mining and matching algorithms or they use a fully automated system and don’t even know about this kind of filtering. Am I right or is this used in practice?

ids – Did any of you met with sequential patterns in practice?

I study computer security and I read articles about the potential usage of sequential pattern mining in IDPS products: https://www.sciencedirect.com/science/article/abs/pii/S2214212620308115#! https://www.sciencedirect.com/science/article/abs/pii/S0164121206003517 I am curious if any of you met with these sequential patterns and set any rule for them in practice e.g. in a SIEM or IDPS system. I have the impression, that most products support only association rules and don’t analyse the sequence of the events, packets, etc. I think some attacks can be detected only by checking the sequence, because a single event or packet does not contain enough info about the ongoing attack. I guess most people do this manually instead of using sequential pattern mining and matching algorithms or they use a fully automated system and don’t even know about this kind of filtering. Am I right or is this used in practice?

updating – What is the best practice for handling abandoned packages required by the drupal core?

When I run composer update on a Drupal 9 website, I get this warning:

Package doctrine/reflection is abandoned, you should avoid using it. Use roave/better-reflection instead.

A similar question has alreday been asked, answered and accepted on StackOverflow.

To summarise the accepted answer:

  • edit your composer.json and replace the abandoned package with the recommended replacement
  • then run composer update again

However, that answer doesn’t apply in the case of “doctrine/reflection”. When looking into my composer.json, there is no mention of it, so there is nothing to edit.

So I am checking why it is required:

$ composer why doctrine/reflection
doctrine/common          2.13.3  requires  doctrine/reflection (^1.0)   
doctrine/persistence     1.3.8   requires  doctrine/reflection (^1.2)   
drupal/core              9.1.7   requires  doctrine/reflection (^1.1)   
drupal/core-recommended  9.1.7   requires  doctrine/reflection (1.2.2)  

So this abandoned package is required by drupal/core (and others).

Two questions:

  1. Why is the most recent version of drupal/core requiring an abandoned package (instead of its recommended replacement roave/better-reflection)?
  2. What is the best practice for handling abandoned packages required by the drupal core?

streaming algorithm – What hash functions are used in practice for hyperloglog?

In the hyperloglog paper it says:

We postulate that the hash function has been designed in such a way
that the hashed values closely resemble a uniform model of randomness,
namely, bits of hashed values are assumed to be independent and to
have each probability 1/2 of occurring—practical methods are known
(20), which vindicate this assumption, based on cyclic redundancy
codes (CRC), modular arithmetics, or a simplified cryptographic use of
boolean algebra (e.g., sha1).

Given that this is a widely used method in practice by Google etc., what hash function (family) is really used?