- Rafert parentI know of https://github.com/Shopify/toxiproxy but it is not protocol aware, you might be able to add it yourself.
- > This is one of the frustrating realities of these attacks: once the malware runs, identifying the source becomes extremely difficult. The package doesn't announce itself. The pnpm install completes successfully. Everything looks normal.
Sounds like there’s no EDR running on the dev machines? You should have more to investigate if Sentinel One/CrowdStrike/etc were running.
- > Using UUIDv7 is generally discouraged for security when the primary key is exposed to end users in external-facing applications or APIs.
I would not call this “generally discouraged” when APIs generally surface a created_at timestamp in their responses. A real life example are Stripe IDs which have similar properties (k-sorted) as UUIDv7: https://brandur.org/nanoglyphs/026-ids#ulids
- We've used it for about a year - Blazer is okay if you need a quick SQL query console, but we found it lacking as a business intelligence tool. The support for graphs and dashboards is limited, for graphs it requires you to structure the query in an exact way as you can see in the Blazer readme. There is no customizability at all.
After some research on available alternatives that don't break the bank, we decided to deploy a self-hosted instance of Metabase[0]. This took only a few minutes to set up using their Docker image[1] and it has much better graphing capabilities and you can easily put a custom layout together for dashboards. Upgrading is similarly easy (just redeploy). Also easy to configure: additional data sources, hiding or changing the data type of a column, G Suite sign-in for our domain. It has 'models' as sources of truth to build other queries in - eg a single definition of an 'active user'.
In short, moving from Blazer to Metabase was a huge win for us. Highly recommend it if you need anything more than Blazer's table output.
[0]: https://github.com/metabase/metabase [1]: https://docs.render.com/deploy-metabase
- > It would be quite unfortunate to end up with a UUID v7 in PostgreSQL that’s not quite the standardized one because the patch got merged too quickly.
The chances of that seem extremely low at this point. The contents of a version 7 UUID have not changed since work started on RFC 4122 bis in October 2022: https://author-tools.ietf.org/iddiff?url1=draft-ietf-uuidrev...
- Things changed quite a bit since this quote from February 17:
> “There’s no cuts coming for us,” Harley Finkelstein told The Canadian Press. “We’re in a really good place.”
https://globalnews.ca/news/9494197/shopify-outlook-no-layoff...
- Have you tried Tapioca (https://github.com/Shopify/tapioca) with Sorbet? Typing in general has ways to go sure, but I find this combination quite usable in my day to day.
- They were locked into long term leases anyway: https://storeys.com/shopify-the-well-toronto-office-space-su...
- ULID hits most of these, and can be converted to UUID for use with databases supporting this datatype (not a strong column): https://github.com/ulid/spec
- The Basecamp folks feel that web and mobile are the same target: https://turbo.hotwired.dev/handbook/native
Rails doesn't stop you from building a backend for your React and React Native frontends, for example just look at Shopify.
- Tab stops are called out in the footnotes:
> Never attempt to line up text by using spaces. The only exception is if you are using a monospaced font. But in word processing applications, there are appropriate tools available for lining up text, like tables[1] and tab stops[2].
[1]: https://practicaltypography.com/tables.html [2]: https://practicaltypography.com/tabs-and-tab-stops.html
- https://github.com/ruby/psych defaults to only loading permitted classes since 4.0 so that seems less of a concern now?
- WebAuthn does not mandate any kind of form factor[1], external tokens use CTAP for USB/Bluetooth/NFC, Apple FaceID/TouchID and Windows Hello using proprietary interfaces with the built-in hardware. Blink-based browsers ships with a virtual authenticator for debugging[2] and there are a few more[3].
Apple and Google already announced cloud syncing earlier this year, using "passkey" as a friendlier term for end-users. QR codes already allow for cross-ecosystem non-synced use cases, like using my personal Android phone to log in an account with my work Macbook. https://securitycryptographywhatever.buzzsprout.com/1822302/... is a good listen to catch up on the latest developments.
[1]: https://www.w3.org/TR/webauthn-2/#authenticator-model [2]: https://developer.chrome.com/docs/devtools/webauthn/ [3]: https://github.com/herrjemand/awesome-webauthn#software-auth...
- Was curious about 7-zip too, TIL about "origin laundering": https://textslashplain.com/2016/04/04/downloads-and-the-mark...
- With the Screen Capture API: https://developer.mozilla.org/en-US/docs/Web/API/Screen_Capt...
- People do switch clouds, but sure it's never trivial. https://about.gitlab.com/blog/2019/05/02/gitlab-journey-from... for example.
- You don't need those either, perhaps https://github.com/herrjemand/awesome-webauthn is more to your liking than the website of a standards organization.
- Why not, it seems to be coming to 1Password: https://www.youtube.com/watch?v=lYFxfchhR1g
- They've already put this WebAuthn teaser up: https://www.youtube.com/watch?v=lYFxfchhR1g