I'm pretty new to the subject of Supply Chain Security (SCS) and there are two important key-terms that I see being used quite heavily (provenance and attestation), but I'm not sure that I understand the difference between the two.
For reference, I've been reading the docs for two open source projects, SLSA and Sigstore, which use the terms provenance and attestation, but I do not understand what they really mean and neither one of these projects really define what they mean. Do these terms refer to a data format, process, or something else?
If someone can provide a clear definition as to what an attestation is and what provenance is, and can explain how they relate to each other, I would greatly appreciate it. Thanks.
I would like to know Is there any way to check that thee given email id is an active or not in python.
I have gone through 'validate_email' but it didn't give me the exact answer. It would be helpful if anyone help me out from this.
Take a look at: https://github.com/scottbrady91/Python-Email-Verification-Script. This may cover most cases. Trincot has a good point though. If an email never leaves an internal network there's no way to know.
When writing API methods that count something I always lose a tremendous amount of time thinking about how to write the thing that is being counted.
Singular or plural?
For instance, how would you name a function that counts results?
getResultsCount or getResultCount ?
This might sound silly, plural sounds more logical, but since both forms are found in the wild (google gives ~4800 results for "getResultCount" and ~4600 for "getResultsCount"), I'm hesitating and it bothers me.
Disclaimer: I'm not a native English speaker :)
Is there only one grammatically correct form or is it a matter of taste?
You should naming it basically for what it will do, if getResultsCount make mores sense than getResultCount, name it getResultsCount, else, name it getResultCount.
Its not that hard, Ill you have to do is give name that sweets better accordinling to the what it will do.
I suggest you read the book Clean Code written by Robert C. Martin, it really give good tips about naming.
My reading of this article suggests that a benefit of ReCAPTCHA is that it can have humans verify words not recognised in the OCR/digitization of books. It does this by using these words in "Are you human?" tests. So ReCAPTCHA kills two birds with one stone. Great!
But I dont get it. If the word can't be recognised by the digitization process then what is the input entered, by the supposed human being, verified against? How does this work?
It shows two words. One of them the computer already knows, the other, it doesn't. It assumes that if you get the known one right, that you must know the other.
You don't know which of the two is already known so you, theoretically can't trick it. Additionally, it will replay a word with multiple people to get independent confirmation before sending it back to the source (newspaper company, book scanning group) as a valid answer.
But if a computer can't read such a
CAPTCHA, how does the system know the
correct answer to the puzzle? Here's
how: Each new word that cannot be read
correctly by OCR is given to a user in
conjunction with another word for
which the answer is already known. The
user is then asked to read both words.
If they solve the one for which the
answer is known, the system assumes
their answer is correct for the new
one. The system then gives the new
image to a number of other people to
determine, with higher confidence,
whether the original answer was
correct.
http://recaptcha.net/learnmore.html
Quoted from LEARN HOW reCAPTCHA WORKS
But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm writing a small app for my friend's business, and thought I'd take the opportunity to brush up on some Agile Project Management training I did at the start of the year.
I (and I think, my current organisation!) have always struggled with gathering requirements in the form of User Stories, which take the form:
As a [User Type] I want [feature] so that [some benefit]
I'm always tempted to miss out the beginning and end, and just leave the feature - but this then just becomes requirements gathering the old way!
But I don't want to just make it fit, so that I can say 'I'm doing Agile'.... for example, if I know that the user is to be presented with a list of items, then the reason is self-evident, is it not?
e.g.
As a [Store Manager] I want [to see a list of Stock Items] so that ... ?
Is it normal practice to leave out the [so that] clause?
We used to miss it out as well. And by leaving it out we missed a lot.
To understand the feature properly and not just do the thing right but DO THE RIGHT THING it is key to know WHY the feature, and for that the next key is WHO (the role)
In DDD terms, stakeholder. Stakeholders can be different, everyone who cares. From programmers and db admins to all the types of users.
So, first understand, who is the stakeholder, then you know 50% of WHY he cares, then the benefit, and then it is already almost obviously WHAT to implement.
Try to not just write "as a user". Specify. "as store manager", or even "as the lead of the shift responsible for closing the day", i need....so that....
Maybe you can implement something different which will give the same stakeholder even better benefit!!!
Try, To Achieve [Business Value] As [User] I need [Feature].
The goal is to focus on the value the feature delivers. It helps you think in vertical slices, which reduces pure "technical tasks" that aren't visible. It's not an easy transition, but when you start thinking vertically you start really being able to reduce the waste in your process.
Another way is to thinking of the acceptance tests that your customer could write to ensure the feature would work. It's a short jump to then using something like FitNesse to automated those tests.
No, it's actually not obvious - there are a lot of reasons to want to see a list, a lot of things you might want to with it - scan it for some info, get an overview, print it, copy and paste it into a word document etc. And what exactly it is will give you valuable hints on reasonable implementation details - formatting of the list, exact content; or even a hint that a different feature might be a better idea to satisfy that need. Don't be surprised to find out that the reason actually is "so that I can count the number of entries"...
Of course, this might in fact not apply to you. My actual point in fact is that there are reasons that people came up with this template - and there are also reasons that a lot of experienced people don't actually use it. And when you are new to the practice, you are not in a good position to assess all the pros and cons of following a practice, so I'd highly recommend to simply try to follow it closely for some time. You might be surprised by the usefulness of it - or not, in which case you still learned something and can drop it with a clear concise... :)
User Stories is another way of saying you need to interview your users to find out what they want and what problems they are trying to solve. That the heart of having this in agile development. If the form is not working for your then take a step back and try a different approach that feels more natural to you or better suited to your capabilities as a writer.
In short don't feel like you have to be in a straight jacket. The important thing is that you follow the spirit of the methodology.
In this specific case you want to get a list of what problems the user has, why they are problems, and what they think will help them.
I think you should really try to get a reason defined, even if it may seem obvious. If you can't come up with a reason then why build the feature in the first place? Also the reason may point out other deficiencies in the design that could trigger improvements in other areas.
I often categorize my stories by the user/persona that it primarily relates to, thus I don't put the user's identity in the story title. My stories also are bigger than some agile methodologies suggest. Usually, I start with a title. I use it for planning purposes. Once I get close to actually working on that story, I flesh it out with some details -- basic idea, constraints, assumptions, related stories -- so that I capture more of the information that I know about it. I also keep my stories in a wiki, not on note cards. I understand the trade-off -- i.e., I may spend too much time on details before I need them, but I am able to capture and share it with, typically, off-site customers easily.
The bottom line for me is that Agile is a philosophy, rather than a specification. There are particular implementations that may (strongly) suggest that you do things a certain way and may be non-negotiable on some items. For example, it's hard to say you're doing XP if you don't pair program. In general, though, I would say that most agilists would say that you ought to do those things that work for you, in the way that they work for you -- as long as they are consistent with the general principles, you can still call yourself agile. The general principles would include things like release early/release often, unit testing, short iterations, acknowledge that change will happen, delay detailed planning until you are ready to implement, ...
Bottom line for me: if the stories work for you without the user and rationale -- as long as you understand who the user is and why they want something -- do it however you want. Just don't require a complete specification before you start implementing.