That would have been a life saver on my last trip 😳

Here is a list of note-taking apps:

https://github.com/tehtbl/awesome-note-taking

By the way, I am building my own Journaling system, it’s still early stages and I am looking for ideas!

Typing in python leaves a lot to be desired… Being looking at peps for quite some time, but it’s really hard for the language to make progress without breaking compatibility.

Hopefully at some point MOJO becomes mature enough to use in a professional setting.

I am not using Jenkins anymore but this seems like a lifesaver, thanks for sharing

Unless you are using groovy (jenkins), then you are running the pipeline to find syntax errors.

neither, I am autistic, it’s not a choice, it’s a need.

You spelled Fin Tech Bros wrong

A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.

Even though, I have a decent background in software security, it’s hard to decide on an encryption schema that’s both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.

twelve factor app

Great resource!

Write database migrations in both directions so people can downgrade on failures.

Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.

I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:

1. Provide init scripts that produce a schema that matches beginning state of the current major.
2. Provide major to major migration scripts.
3. For every major, provide minor to minor migration scripts.
4. Schema changes require at least a minor release.

Make it possible to configure your system via ENV variables, ENV files and config files.

I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.

Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.

I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?

Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.

Ideally, an instance shouldn’t be big enough to need it. I know, famous last words, but in my case I think it’s a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.

Telemetry

Not even on my radar, thanks for bringing it into my attention 🙏

Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like “the devops are going to figure it out”…

To clarify, would an example be supporting sqlite, so people won’t have to deploy postgres unless they need to?

My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks 🙏

dude was frustrated, he quit and became a farmer

Most people get over it during uni when everyone is arguing over “X vs Y” language or “vim vs productivity”. At some point you realize how pointless these debates are and continue with your life.

For anyone wanting to publish their code, remember it’s probably better than most OSS code. If you don’t believe that go read a python or js library:

1. python’s celery for example has hard coded timeouts on every control operation
2. react mui has so overcomplicated types that they break webstorm inspections
3. I once found a typing hack on an python library where they reversed a string in order to conditionally import types only when mypy was running in order to avoid cyclic imports.

I still love those libraries, use them at my work and will recommend them to anyone with similar needs as I.

Last but not least, if you aren’t using git something is wrong with you 🤣.

good question, probably the transpiled code does not match the optimized js. Maybe, if they targeted the same js version as js version they are benchmarking, the results would be equivalent?

Also, if they are using a node version with ts support, it will compile the ts before execution which means they are measuring the impact of the compiler, which can be a lot for small snippets.

last week I had misconfigured my auto-format and it was leaving commas and whitespaces. The amount of “WHAT HAVE YOU DONE???” comments I got were of the chart.

There was a linter in place, I literally could not merge unless the issues were fixed, yet people felt compelled to point them out.

PQXDH is designed for asynchronous settings where one user (“Bob”) is offline but has published some information to a server. Another user (“Alice”) wants to use that information to send encrypted data to Bob, and also establish a shared secret key for future communication.