Yes, I always review the code, just avoid nitpicking the hell out of it.
Sounds fun, mind sharing your field?
I tend to agree with your points.
The key idea for me is that everything is a dating app. Social media are a great place to get to know someone and become interested in them. However, there is no straightforward way to transition that interest into a connection or a relationship. That's what dating apps provide a way to broadcast your availability along with other parameters like your gender, age, location and interests.
An alternative would be toot on Mastodon or blog about that. That would inform people interested in your online persona that your dms are open for a chat. Of course, that comes with issues on its own...
Spam or unsolicited advances (aka dick pics) are a huge one, especially for women. One way to solve that would be for men do these kind of posts and women to react as they see appropriate. In an ideal society with gender equality, that wouldn't be necessary, but at the moment IMO it's easier to deal with men disguised as russian super models bating for your money, than angry men feeling entitled to your body.
Another issue would be the social repercussions of this information being publicly available. IMO that's easy to deal with since you don't have to tie your online persona to your real Identity. Also, you can have multiple online personas. Hopefully, society gets to a point where expression of sexuality is not taboo, until then there are safe ways to do it.
It's a wild guess, but try to disable Bluetooth or WiFi before suspending.
It's doesn't happen with all hardware, but it is a knowing issue.
A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.
Even though, I have a decent background in software security, it's hard to decide on an encryption schema that's both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.
Great resource!
Write database migrations in both directions so people can downgrade on failures.
Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.
I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:
- Provide init scripts that produce a schema that matches beginning state of the current major.
- Provide major to major migration scripts.
- For every major, provide minor to minor migration scripts.
- Schema changes require at least a minor release.
Make it possible to configure your system via ENV variables, ENV files and config files.
I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.
Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.
I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?
Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.
Ideally, an instance shouldn't be big enough to need it. I know, famous last words, but in my case I think it's a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.
Telemetry
Not even on my radar, thanks for bringing it into my attention ๐
Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like "the devops are going to figure it out"...
To clarify, would an example be supporting sqlite, so people won't have to deploy postgres unless they need to?
My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks ๐
The question is a bit misleading but I understand the desired output is an ordering of the children based on the information provided and our own personal values.
I will start with some thoughts on each child:
- If they are not doing anything while waiting to be accepted, then they got to work on themselves. They could be starting personal projects, learning new things, exploring new hobbies, volunteering... whatever being frozen like that feels sad.
- They are true to themselves, and I applaud them for that.
- No problem with working for the mob, there are far worse things they could be doing.
- I would need to know their intent behind what they are doing, ethics are not black and white, maybe they see some merit to their endeavours and maybe they are right in the end. The specific example would send them to the very bottom of my list (ACAB).
- I am willing to bet there is a phobia for that, I would try to give them the support they need to find their calling.
- I am not against progress, it's not their fault that people will lose their jobs. In the first place it wouldn't have been an issue if people weren't so dependent on our capitalistic overlords.
- They are taking a break, it makes sense to me, keep it up pall, in no time you would be finding new ways to create a better world for all of us.
Overall, I feel the descriptions are too judgy, people are doing the best they can, and you got to give them that.
If I had to choose a single child I would go with #7.
Overall my ordering is 6,7 > 2,3 > 1,5 > 4
I am a software engineer myself, I am interested in contributing. Is there a matrix group or something equivalent I can join?
well, I mostly create SPAs, with big projects a type system is a necessity...
I agree, I would say a reasonable limit for me would be:
- An hour for any maintenance (replace any component, start to finish)
- About 5-10eur for single use materials.
I think anymore would be enough to deter me from doing it the 1 or 2 times a year I really need it.
Not sure if you are being sarcastic or not but I found this review.
https://www.mdpi.com/2073-8994/14/5/858
I had done some research about a year ago, but I don't have the papers saved.