Fabrício Silva fabriciofmsilva

Node security

Content Security Policy (CSP): Grants site operators control over where resources on their site can be loaded from. In this way it prevents Cross-Site Scripting (XSS) vulnerabilities. Can also be used to upgrade HTTP to HTTPS.
Cookies: All cookies should be created such that their access is as limited as possible. This can help minimize damage from Cross-Site Scripting (XSS) vulnerabilities, as these cookies often contain session identifiers or other sensitive information.
Cross-Origin Resource Sharing: Restricts which foreign origins are allowed to access the content of pages on your domain via scripts. Use cases include Content Delivery Networks (CDNs) that provide hosting for JavaScript/CSS libraries and public API endpoints
HTTP Public Key Pinning (HPKP): Caution! This response header should only be implemented under extreme care, and only if you really need to. HPKP instructs a user agent to bind a site to specific root certificate authority, intermediate certific

npm

# create a package.json file
npm init

# once you have listed all the packages you want to use in your project, install and save them by using
npm install --save

# ignores package.json and install dependencies as specified in package-lock.json only.

User-centric Performance Metrics

What metrics most accurately measure performance as perceived by a human?
How do we measure these metrics on our actual users?
How do we interpret our measurements to determine whether an app is "fast"?
Once we understand our app's real-user performance, what do we do to prevent regressions and hopefully improve performance in the future?

User-centric performance metrics

Is it happening? Did the navigation start successfully? Has the server responded?

Progressive Web App Architectures

Instant Loading with Service Workers and Application Shells

Offline -> Cache Storage API or IndexedDB

Service workers

Intercepting HTTP/HTTPS requests so your app can decide what gets served from a cache, the local data store, or the network.
Receiving push messages from your server

Design System

Typography

The typeface (font-family) you want to use
Type (modular) scale
Responsiveness of the text (size unit and breakpoints)
Spacing and vertical rhythm
Colors (theming)

metrics

Quantity-based metrics

Maximum size of images
Maximum number of web fonts
Maximum size of scripts, including frameworks
Total number of external resources, such as third-party scripts

Milestone timings

People

`:bowtie:`	😄 `:smile:`	😆 `:laughing:`
😊 `:blush:`	😃 `:smiley:`	☺️ `:relaxed:`
😏 `:smirk:`	😍 `:heart_eyes:`	😘 `:kissing_heart:`
😚 `:kissing_closed_eyes:`	😳 `:flushed:`	😌 `:relieved:`
😆 `:satisfied:`	😁 `:grin:`	😉 `:wink:`
😜 `:stuck_out_tongue_winking_eye:`	😝 `:stuck_out_tongue_closed_eyes:`	😀 `:grinning:`
😗 `:kissing:`	😙 `:kissing_smiling_eyes:`	😛 `:stuck_out_tongue:`

Investor

Letter to a Young Investor

Passion
Find yourself
Just do it
Invest, don’t gamble
How do you start?
Embrace ambiguity

Build barriers for candidates to climb. I intentionally made applying for the job a very time-consuming exercise. We asked for the following from the candidates:

List the books you’ve read over last twelve months (not limited to just investment books);
Give us a sample of a stock idea analysis;
Write a few paragraphs about two people (dead or alive) who impacted you the most and tell us why;
Tell us about three books that have impacted you the most and why; and finally,
Write us a cover letter to tell us why we’d be making the biggest mistake of our professional lives by not hiring you.

	// Extends for a native component
	customElements.define('custom-footer', CustomFooter, { extends: 'footer' });