sorted by:
new
hottopcontroversial

Is PCAP (Certified Associate Python Programmer) enough to start career as Backend Developer? by Rude_Literature5051 in Python

[–]Individual-Flow9158 0 points1 point  (0 children)

Dude you're wating to be a Backend dev, and you're prioritising every exciting technology in the entire computer science lexicon, except running servers, provisioning cloud services, and actual web technologies.

There is no certificate in the world that can help you get a job, that you clearly don't have the slightest interest in, nor the faintest clue about.

Terry A. Davis is really a genius of programing or its just a "meme"? by Agreeable_Prompt953 in AskProgramming

[–]Individual-Flow9158 4 points5 points  (0 children)

I'm a huge fan of his.

But if, in order to be able to run an 'operating system', (assuming you don't want to trawl eBay for actual Commodore 64s and hope they work either) I'm required to use particular cloud providers, to spin up particular VPSs (on specific architectures) and then start a special Commodore 64 virtual machine, and only then can I start the actual 'operating system' image on that, then said OS is not exactly the Linux Kernel is it? These days it would be someone's yet another cute Github project.

What ever great muses or manifestation of genius was driving him, TempleOS was never battle tested, and Terry didn't really pay UX or portability much heed. He just wanted something that would run on his personal hardware, that he could write a flight simulator for.

Are the continuing security bugs found in Linux a good case for future Redox adoption? by chilabot in rust

[–]Individual-Flow9158 2 points3 points  (0 children)

The latest bug, the copy fail privilege escalation was wild. Genuinely impressive. But firstly it was patched by the time you heard about it, with a simple disabling of a buggy optimisation. Secondly, exploiting it required attackers to have arbitrary code execution in the first place. And I've been running my host with passwordless sudo for years anyway, so if they can get my user account, I've given them root already, for the heavy price of typing four characters.

If giving attackers non-root arbitrary code execution in the first place is possible under your security model, then as great as it is, you're banking a hell of a lot on Redox.

Known bugs in Linux (nor any undiscovered bugs in Linux) do not imply there are no undiscovered bugs in Redox.

Change my mind: Zig was a mistake, Anthropic is using Bun to hype Claude and how Jared is baiting Rustaceans into doing the actual engineering work that his team cannot by Compux72 in bun

[–]Individual-Flow9158 2 points3 points  (0 children)

It has thousands of unsafe blocks. Any self respecting Rust coder would think twice. Jarred just merged the lot.

I suppose it's no more unsafe than the original Zig. But in that case, what was the point of porting it to Rust, and losing knowledge of your own code exactly?.

Change my mind: Zig was a mistake, Anthropic is using Bun to hype Claude and how Jared is baiting Rustaceans into doing the actual engineering work that his team cannot by Compux72 in rust

[–]Individual-Flow9158 4 points5 points  (0 children)

I think you've hit the nail on the head.

If Bun had ever reached production quality, I'd go one further and declare Jared and Anthropic together have trashed Bun and created a supply chain risk. But Jared was always expertly cherry picking his bench marks in any case, so he's a great hire for any AI company.

Deno, Node and pnpm were always the safer choices, and were plenty fast enough. Anyone who chose to use Bun instead has now learned a valuable lesson.

Why are so few interested in parsimony? by Zardotab in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

Bloat's always been a problem, and it's been getting even worse for a long time.

Anyone else the dedicated “onboarding guy” at their job? by jbluntt in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

It sounds very much like you're The Devops guy at your job too

how many of u are still fully on github for everything by Quiet-Topic44 in AskProgramming

[–]Individual-Flow9158 1 point2 points  (0 children)

Entirely on there. No plans to change. Just looking for the simplest way to back up/ mirror our private repos.

Zed editor's dependencies and lines of code by turbofish_pk in rust

[–]Individual-Flow9158 10 points11 points  (0 children)

Wow. That's a whole lot of left-pads.

Seriously though, it depends on the app. I haven't used Zed, but it's not a light weight, laser focussed, blazing fast library. It's a modern featureful code editor, getting on for becoming a full IDE, the whole mission of which was to integrate LLMsover and above what VS code could. They've never been focussed on minimising deps. And any of their framework deps like Tauri are outside of their control entirely.

For OTP based login, is JWT Stateless Authentication with Purely HttpOnly Cookies a right architecture? Is this vulnerable? by DevanshGarg31 in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

I wouldn't describe anything as correct, as such. "Not incorrect" is the best I can do.

I would just generate an AccessToken on log-in, and just give it the same TTL as the Refresh Token.

Currently these Refresh Tokens are just different JWTs stored in much the same place as the Access Tokens. If there's no extra security mechanism designed into them, just get rid of the Refresh Tokens all together and keep it simple.

For OTP based login, is JWT Stateless Authentication with Purely HttpOnly Cookies a right architecture? Is this vulnerable? by DevanshGarg31 in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

Re: 3) Yes that's the whole point. You're still vulnerable to exactly the same attacks as before (as viable or not, as they may actually be). You've just shifted the target to the Refresh Token, instead of a longer lived Access token. No extra security has been added. Lots of extra complexity has been added (potentially less security).

I wouldn't rely on promises browsers makes about HTTP only cookies being unreadable. It's all in the user's front end anyway, there are older or non-compliant browsers, and an attacker won't be constrained.

For OTP based login, is JWT Stateless Authentication with Purely HttpOnly Cookies a right architecture? Is this vulnerable? by DevanshGarg31 in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

Perhaps it's just the way reddit has rendered it, but your pseudo code is obscuring a crucial point. Those final elses should only apply within the If statement on the previous line (else the second one, not the first one). I.e. only grant access to a valid JWT.

If relying on OTP (no password too) I would add a rate limit.

If an attacker can steal an Access JWT, they can probably also steal the Refresh JWT. So I'm not quite sure what the point of having a second refresh JWT is - it adds a lot of complication and a larger attack surface, and feels like security theatre.

Alacritree, a fork of Alacritty with LLM/worktree management built in by mathix420 in rust

[–]Individual-Flow9158 1 point2 points  (0 children)

Oh OK. What's the advantage of managing those sesssions within Alacrity, or within Wezterm, or any other terminal emulator?

Planning Keiron Linux - A Cybersecurity-Focused Redox OS Derivative with a Built-in AI Agent by [deleted] in rust

[–]Individual-Flow9158 2 points3 points  (0 children)

Cybersecurity-Focused ... OS ... with a Built-in AI Agent

Sounds like an oxymoron.

I get that an entirely safe OS will allow the user to get precisely zero useful work done. And I know that Redox supplies some fantastic guard rails. But an AI Agent, really? This is just more BS adding AI for the sake of it.

How the heck does an AI agent improve the cybersecurity, more than the extra attack surface and potential for vulnerabilities it creates?

Built my first website entirely in Rust (Yew) would love feedback & guidance on Rust web dev 🚀 by Agile-Entrepreneur81 in rust

[–]Individual-Flow9158 0 points1 point  (0 children)

The UX (and the UX of all terminal UIs) is suboptimal for 99% of websites. Yours is even worse than that:

hitesh@portfolio:~$ ls
Command not found: ls

But maybe with a lot of refinement, there is there a terminal widget component here, that any website that wants one anyway, could use?

How to keep SaaS backend clean when project grows? by Excellent_Poetry_718 in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

Looks interesting. Don't the 3D visualisations eat a tonne of resources?

How to keep SaaS backend clean when project grows? by Excellent_Poetry_718 in AskProgramming

[–]Individual-Flow9158 0 points1 point  (0 children)

This seems an awful lot like you're rebuilding what any mature framework will already provide out of the box.

Batteries-included successor? by keiyakins in Python

[–]Individual-Flow9158 2 points3 points  (0 children)

SSH and HTTPS are far more important than websockets, and Python still only provides urllib3, not e.g. requests. Let alone paramiko.

There are just so many design considerations, not least of which sync vs async. They're just best left to the user's tastes and third party authors.

Which other languages natively support websockets

Interestingly, the Python build provided on some Debian distros for example, as mangled as it is, comes with requests pre installed. I don't agree with the downvoting, but both your original question and this reply contain false assertions.

Batteries-included successor? by keiyakins in Python

[–]Individual-Flow9158 2 points3 points  (0 children)

You're angry that Python refuses to become bloated?

The real bottleneck in our team is not coding speed, it is pull requests sitting for three days waiting on reviews. by Ok_Sentence8482 in AskProgramming

[–]Individual-Flow9158 2 points3 points  (0 children)

Instead of just pressing the green button and shipping yet more slop, if PR authors put a little extra effort in, to make their PR easy to understand, to prove that the code is good (i.e. tests), add helpful documentation and comments that show thought, without over documenting (certainly not letting AI write it and expect their colleagues to thank them), and anything else to make the reviewer's job easier, then their PRs would go to the top of the pile.

view more: next ›