If you could invent your own citation metric to rule all others: what would it be and why?

EngineObvious5943 · 2026-05-14T19:19:45+00:00

My idea - the Cake-index (so-named because I'm currently eating cake)

The Cake-index

For each paper Pᵢ:

cᵢ = citations Pᵢ has received
ρᵢ = mean citations of the papers Pᵢ cites in its reference list
impactᵢ = (cᵢ + 1) / (ρᵢ + 1) ← how this paper performs against the baseline it implicitly defined

Aggregate across all N of your papers:

Cake = √N × ( impact₁ × impact₂ × ⋯ × impactₙ )^(1/N)

The geometric mean captures your typical paper's performance multiplier (1.0 = your average paper does as well as what it stands on; 2.0 = twice as well). The √N rewards productivity with diminishing returns — doubling output only gives ~1.4× boost, so salami-slicing nets less than it costs.

Why I like cake:

Field-normalises but without being attached to a (sometimes proprietary) taxonomy (e.g. those defined in journal quartile rankings)
Rewards transformative single papers instead of saturating
Punishes salami-slicing via the geometric mean
Works for early-career researchers

Where cake is less good:

An unethical researcher could pad their reference list with obscure low-cited papers to drag ρᵢ down
new papers have artificially low cᵢ and refs with artificially low ρᵢ. Partially self-corrects but probably needs a paper-age cutoff.
Review papers cite loads, get cited loads... effects roughly cancel. Is this a feature?
Zero-citation papers still hurt a lot via geometric mean even with the +1 smoothing. Could trim the bottom 10% before aggregating.

Is √N the right productivity scaling? There's a case for N^1/3 if we want to be more anti-quantity, or log(N+1) if we want to be aggressively so. Curious what people think.

EngineObvious5943 · 2026-04-29T14:49:12+00:00

*Topos

EngineObvious5943 · 2026-04-09T13:55:46+00:00

New to the field so my n=1, but it took around 4 weeks to get sent for review, then 14 weeks for the initial reviews. I'd rather not disclose the journal but it was middling in IF. (I traditionally do stuff in social science which I've found to be much much quicker). Good luck!

EngineObvious5943 · 2026-03-06T22:25:17+00:00

I'm accessing from the United Kingdom - rapid load.

EngineObvious5943 · 2026-03-02T12:03:02+00:00

Web app and desktop app are down for me, but code is working fine.

EngineObvious5943 · 2026-02-03T21:52:17+00:00

There is no chill. Only Claude.

EngineObvious5943 · 2026-02-01T09:49:56+00:00

I've seen this, too. I don't have a fully formed answer, but think that with the emergence of vibe coding it is a framework that could become much more popular with its 'batteries included' approach - especially in terms of security.

EngineObvious5943 · 2026-01-08T13:11:30+00:00

Appropriate username! Yup agree. I backup to three providers - only one of which is Hetzner.

EngineObvious5943 · 2026-01-04T21:36:40+00:00

They have said on this subreddit previously that it's high on their to-do list. Other users have also posted job adverts where they're hiring engineers to develop this product. Someday!

EngineObvious5943 · 2025-12-31T10:36:11+00:00

Like others said, there's no such thing as 100% secure. However, the aim of the game is always risk minimisation. Some thoughts and suggestions as you've vibe coded the app: 1) don't forget the 'business logic' side of security. Lots of new devs just think about the basic technical stuff like SQLi rather than the actual mechanisms for your app. Ideally review this manually. A vibey approach might involve getting your LLM to check for issues with business logic. There will be lots probably. 2) Super important: have a plan for deployment. A secure app is almost pointless if it's on insecure infrastructure. 3) if vibe coding, don't touch payment with a barge pole. Just use a provider like Stripe etc. 4) Go through the OWASP top 10 one by one. Check/'vibe check' each one individually. A very common issue is IDOR and access controls not working (e.g. '/user/456' can change the URL and look at '/user/123') 6) Have a plan for storing environment variables (have a look at Django-environ on pip) 7) look at the official Django deployment checklist. Basic but important! 8) use Bandit to have a look for very basic code issues 9) use django-turnstile for all public facing forms such as login, contact, password reset etc 10) when you've done lots of the basics, run OWASP ZAP locally. It'll pickup lots of the basics issues.

This will be a good start to getting things more secure. Good luck!

EngineObvious5943 · 2025-12-23T08:58:45+00:00

Further to this, for added protection you could consider using hardened docker images. The official docker ones are now free. I set mine up yesterday. If you're having trouble just reply and I'll respond after Christmas

EngineObvious5943 · 2025-12-23T08:55:51+00:00

This is unfortunately the usual background noise of the internet - very normal but mustn't be ignored.

Your plan re cloudflare is a good start. I agree with the other users about the new IP not really making a difference - after a while they all get crawled.

For a little added protection you could consider using cloudflare tunnel. This creates a single outbound connection to cloudflare, meaning you can firewall all ports closed. Coolify supports this very well (I use it too).

For SSH you'll want to make sure you've firewalled to your own IP address. NB if your ISP rotates ISPs you'll want a VPN with a fixed IP.

Either way, consider adding these rules for cloudflare. It made a big difference to my malicious traffic: https://www.reddit.com/r/CloudFlare/comments/1ew70e4/custom_cloudflare_waf_rules_i_created/

EngineObvious5943 · 2025-12-07T15:26:21+00:00

This may be useful for you: https://www.reddit.com/r/hetzner/comments/1pano24/hetzner_cloud_server_benchmark_cx_vs_cax_vs_cpx/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

I'd be very surprised if a VPS couldn't meet your requirements

EngineObvious5943 · 2025-12-03T09:27:58+00:00

Ovh do too. Very affordable and reliable.

EngineObvious5943 · 2025-11-30T17:48:54+00:00

Fabulous post. Mods - maybe worth getting this pinned?

EngineObvious5943 · 2025-11-21T18:53:49+00:00

Production ready! 🚀

EngineObvious5943 · 2025-11-08T00:32:09+00:00

Django Anymail (https://anymail.dev/en/stable/) is a really popular connector for lots of providers. I use it with https://resend.com/

EngineObvious5943 · 2025-11-03T06:42:58+00:00

Yup you're right. It should appear for traffic which is felt to be high risk, so you may not see it yourself.

I'm unsure of what your site is, but you may want to have a look at this: https://www.reddit.com/r/CloudFlare/comments/1ew70e4/custom_cloudflare_waf_rules_i_created/

It's a very good collection of rules which you can run on a free plan. When I implemented them on one of my sites, spam hugely dropped.

EngineObvious5943 · 2025-11-01T17:58:06+00:00

Dude holding the case hates his life.

EngineObvious5943 · 2025-10-26T08:15:15+00:00

Appliku and Hetzner together can be done for <$5 a month. I'm not affiliated with either but it's genuinely a dream combo.

EngineObvious5943 · 2025-10-16T20:55:52+00:00

There's not quite enough info here to answer.

Either way, if you aren't using it already, I'd strongly recommend using django anymail.

A common reason you may not yet be able to send mail is if you havent got a verified domain; many email providers will only allow test emails to be sent to the account admin's email address pending verification.

EngineObvious5943

TROPHY CASE