- In docker, simply clearly define the interface (ip) and port. It can be 0.0.0.0:80 for example. No bypass happens.
- There is never a need to store a pin in the database, store it in temporary storage like redis. Set the TTL to the expiration date. You can hash if needed, but I’m less concerned that someone hacks into your reds instance and steals your pins from the last 10 minutes, bc everything else is gone.
There should never be a need to return a pin to the client. You’ve already texted/emailed it to them. They are going to send it back to you. You will check against your temporary storage, verify/reject, and delete it immediately after.
- Sure. But why are we blaming libraries. This is the development process. Are BE developers not looking at their output anymore? Are we just vibe coding everything? If the UI does not complain then go to prod? This can’t be the expectation. And then you claim that your app is secure. Based on what review. Does not look like you even did an internal review? If you’re going to design a PIN feature, and don’t consider securing it, what part of design did you do?
I keep seeing people try to explain away incompetence by blaming unaccountable things aka the tool or system. Exposed password? Must be the library. People really should stop using it. No, the library is not wrong, ppl should be better developers.
Peer reviewed paper is full of AI slop, must not be the reviewer’s fault, the citations were there, they were just fake. What is going on?
- Focus on short sentences and simplicity is an American trait. It is a bit different with UK English. As a native Portugese speaker, I spent my time before the US doing exactly the same as the author, I could write well structured prose by the time I was in 5th grade. I grew up with a dictionary. My mother would come back from work and ask me for the list of "difficult words". The expectation was that I spent time reading and would have found some new words, looked them up and now needed to sync with her to see if I got the correct meanings in the context where I found them.
Then I moved to the US and noticed that even the books were sort of written in a way that required no extra effort. The English I learned while playing RPGs (with no speech at the time) was enough to read most books from the library and a dictionary was only needed occasionally. And everyone basically just knew the same set of words, youth and adults alike. I also noticed that US English has a distinct tendency of making up new words that are simpler and more intuitive than the original expressions. It turns things into verbs. This is why people Google, Tweet and Vibe.
Then I went to an Engineering College, and it teaches us to distill everything into it's simpler fundamental components. I like it, and I now want people to be as direct as possible.
As a non native english speaker, I've always had to speak and write better than native speakers, and always had to tolerate the "You speak/write really well, where are you from?". Today they no longer ask, AI is their answer and they judge accordingly.
- building on imaginary someone else? That's exactly the same as lying. Is a review not about verifying that the paper and even data is correct? I get reviewers can make mistakes, but this seems like defending intentional mistakes.
I mean, in college I have had to review papers, and so took peer review lectures, and nowhere in there was it ever stated that citations are not the reviewer's job. In fact, citation verification was one to the most important parts of the lectures, as in, how to find original sources (when authoring), and how to verify them (when reviewing).
When did peer review get redefined?
- It is absolutely the reviewers job to check citations. Who else will check and what is the point of peer review then? So you’d just happily pass on shoddy work because it’s not your job? You’re reviewing both the authors work and if there were people to at needed to ensure citations were good, you’re checking their work also. This is very much the problem today with this “not my problem” mindset. If it passes review, the reviewer is also at fault. Not excuses.
- Really appreciate you listening, looking forward to taking another look
- I’ve read some opinions where cameras are actually a good idea, and when we get there it will be awesome. That’s fine, if we get there I agree it will be awesome. But did people not buy the car now on a promise that this would be here now (considering when the promises were made)? At which point does the legal definition of fraud apply?
The free market is an interesting thing. I assume a lot of regulation is not applied as hard because throughout the decision process many are HODLing TSLA. What would happen if Tesla had to refund all these sales and presales?
So we sort of have to just keep giving stern warnings and issuing very selective recalls.
- To add a little bit to this and why I am so principled against this. I will subscribe to a service, because a service means ongoing work. If you spent months or years building software, and have finished it, charge people what you believe is fair for the work you did up to now. Charge $50, charge $500, your call, sell to 1M people, your call. You have no running costs, you're just selling an app.
If you were running this on some cloud, maybe had some other extras built in that cost you time and money, then there could be a subscription.
If you want to keep your software updated, and are pushing updates daily, weekly, monthly, etc, I could squint at a subscription, but I would rather you just do critical fixes (bc if your product is broken you do owe paying customers a fix without a charge), and put new features in a new version that you will also sell.
People are selling git clients, calculators, db clients on subscription. it's crazy what the world has come to. We don't work to pay you guys rent.
The second I saw this app I was about to click buy (looking for a table plus alternative), went to pricing, saw subscription and immediately dropped it without even trying the free version.
- It's a no for me. I don't want a subscription. Charge whatever you need, give us 1y of updates, charge next year for an upgrade. Do not pull folks into yet another subscription.
- And it is new. Before iPhones, no one cared how long you held a phone for. Now it's an economic crisis.
- I can't imagine how they were not paid to publish this.
- Did you guys notice the number of steps that need to happen to share something as simple as a photo?
- This is terrible. Of all things k8s, ingress was the part I just did not want to have to mess with. It just worked and was stable, this gateway is completely unnecessary. And it seems to me that nginx retiring is just because people were pushing for the gateway so much that they threw in the towel. Infra is not react, people need to leave it alone.
- They are aware, they have learned to not waste their limited lifespan fighting a losing battle, often, they've already given enough, lost enough loved ones that they'd rather enjoy what little life gives them. They're not less intelligent.
- If time is not real, your renderer already knows you peeked at that galaxy, maybe they expected you to, so that is likely the only galaxy that is actually rendered. You might find all the bugs inside back holes :-).
- It’s promises make me interested, but the syntax is my main turnoff. I am a Go person, and I think what brings people to go is the opposite of what brings people to Rust. I am willing to sacrifice some memory safety (because I maybe naively think I can manage to write software without many memory bugs) for the simplicity and dev experience that Go offers.
- I think the value of the interaction matters. Who ever got an LLM to reply wanted to learn? be thoughtful? argue? what? And will this interaction be valuable for anyone replying to it? reading it? I think yelling at the void and hearing the coherent echo of a million people is not the same as having a conversation.
- This just means that maybe the entire independent component concept is bad design. You tried to solve a problem by making it more complex so you could build apps like legos. What we had was a data layer or a parent component that handled this coordination. Apps were still built and still worked well. Browsers were not begging for forgiveness due to performance issues.
Also, before this, I've always been able to easily write the components you mention, easily I should say, without any of this N+1 madness. So why did components need to become their own apps inside a larger app?
Soon you're going to tell us that those components need their own infra, all pulled from different CDNs, all using separate auth and security contexts, and all will need to be sandboxed by the browser so they cannot access each others cookies. And that this is all needed and important and an improvement.
App servers run docker, with images that run a single executable (no os, no shell), strict cpu and memory limits. Most of my apps only require very limited temporary storage so usually no need to mount anything. So good luck executing anything in there.
I used, way back in the day, to run Wordpress sites. Would get hacked monthly every possible way. Learned so much, including the fact that often your app is your threat. With Wordpress, every plugin is a vector. Also the ability to easily hop into an instance and rewrite running code (looking at you scripting languages incl JS) is terrible. This motivated my move to Go. The code I compiled is what will run. Period.