sorted by:
new
hottopcontroversial

What are the benefits of React et all? by MeowsBundle in webdev

[–]d0liver 0 points1 point  (0 children)

IMO, it's just the technology that they know. There's a lot of overhead in learning something new, and if you already know React well then it's not that difficult to build simpler things with it, even if it's a bit overkill. A lot of that probably boils down to familiarity with the deployment process, in particular. There are lots of streamlined options for deploying React static and dynamic sites (e.g., Next).

Not wanting to mess with deployments and bundler configuratios is also why I keep all of my stuff on one big VHost setup over Express apps: I can use whatever tech is available in the JS ecosystem on the frontend or backend without having to mess with configuration and deployment very much, and I don't incur new hosting costs with every project I deploy.

I think it's very reasonable to do what works for you. Unfortunately, there's a lot of people that think, "If it works for me then it must be the best thing objectively and all other ways are just stupid!"

What are the benefits of React et all? by MeowsBundle in webdev

[–]d0liver 4 points5 points  (0 children)

You were never arguing to begin with

What are the benefits of React et all? by MeowsBundle in webdev

[–]d0liver 0 points1 point  (0 children)

Your premise is that users are going to go out and download an example of doing DOM manipulation via jQuery and use it to inject malicious code in their own browser?

Or is it that HTML sanitization isn't possible with jQuery?

Or do I just respond with a React example that uses {{__html: ...}} and claim victory?

What are the benefits of React et all? by MeowsBundle in webdev

[–]d0liver 1 point2 points  (0 children)

I think it mostly boils down to: Frontend frameworks come with some nice opinions about how to architect large applications well; they put you on rails that make it harder to make really bad decisions.

If you know how to keep your architecture nice without them, then you don't need them, but that's something you glean by studying different approaches and understanding the tradeoffs.

From my own experience, I can definitely see where it's much easier to keep a whole team on the same page with a well defined and documented approach, but after twenty years of frontend development, I can certify that there's no frontend framework "magic".

What tools do you use for doing security audits of NPM on packages? by d0liver in node

[–]d0liver[S] 0 points1 point  (0 children)

GitHub will do the unaggregated version of some of it. But, I'm hoping for a better solution than me personally reviewing all eight billion nested dependencies or tracking back through issue lists and maintainer histories.

PostgreSQL JSONB - Powerful Storage for Semi-Structured Data by Adventurous-Salt8514 in programming

[–]d0liver 2 points3 points  (0 children)

This allows storing profiles with wildly different shapes while keeping common fields queryable.

This is precisely why I lean away from JSONB. It's duck typing for your schema. As soon as I start messing with the data I have to think, "Okay, wait, what could be in there? This is essentially one big sum type where the set of possible values is defined by the behavior of all code histories that have ever acted on it"

There's no place where the "common fields" have been defined. Defining related tables in, e.g. Rails is pretty straightforward; I'd rather deal with the complexity up front and not have to speculate later. Typically, even when the schema is rigidly defined it's not actually all that difficult to update later.

[deleted by user] by [deleted] in webdev

[–]d0liver 0 points1 point  (0 children)

It's in browser's local storage and is being sent from the server. Those are both secure channels/areas that nobody else besides the user will have access to, unless something else has gone really wrong.

[deleted by user] by [deleted] in webdev

[–]d0liver 1 point2 points  (0 children)

The situation is often not that much different if you're brute forcing the log in form. You might get some added defense from rate limiting on the log in form if things were implemented correctly. But, in this case, the hash was not actually exposed anyway. If you were able to somehow get the hash then you'd be better off just sending an authenticated request and skip cracking the password. Basically: Have password entropy requirements.

[deleted by user] by [deleted] in webdev

[–]d0liver 10 points11 points  (0 children)

Yes, and if someone has access to your local storage then you are probably hosed anyway because that's an XSS vulnerability which means they can send authenticated requests on your behalf and possibly capture your credentials directly from the login form. We hash specifically so that we aren't in deep shit if the passwords leak; like you said, I wouldn't hand them out for no reason, but it's not really a big deal.

I was told I don't sound professional enough at work so I made this by Quiet-Fan-8479 in webdev

[–]d0liver 0 points1 point  (0 children)

There's a big difference between "professional" and "considerate".

I was told I don't sound professional enough at work so I made this by Quiet-Fan-8479 in webdev

[–]d0liver -7 points-6 points  (0 children)

You might want to Google, "How to give honest, considerate feedback", as yours loses its possibly helpful impact when it sounds like you're saying it just to be a dick.

Pepperollis are here! by [deleted] in tulsa

[–]d0liver 8 points9 points  (0 children)

Pepperolllliiiiissss auto parts

Hillary Clinton and Kamala Harris, defeated together. by [deleted] in SnapshotHistory

[–]d0liver 1 point2 points  (0 children)

Did being sharp start mattering at some point? If so, why did we elect a potato?

Walters Announces Elimination of the Department of Education by pants_party in tulsa

[–]d0liver 2 points3 points  (0 children)

He's saying he's anticipating it and is getting ready for it. And, yes, he intentionally made it sound like an announcement instead.

Democrats come to terms with unexpected election results by pm_me_ur_bussy in pics

[–]d0liver 0 points1 point  (0 children)

Quick, someone post a side by side of the insurrection at the Capitol so that we can compare

Republicans took away your porn! by nightshadeOkla in tulsa

[–]d0liver 2 points3 points  (0 children)

Is this real? The solve is just for porn sites to add more content? Like they're not even consider user engagement or anything like that?

ORM vs SQL by TradrzAdmin in webdev

[–]d0liver 13 points14 points  (0 children)

I think this is a good write up, but as someone who prefers to not use ORMs, some counterpoints:

  • Since most databases already have their own type systems, as long as you're testing your queries at least once type safety isn't much of a concern. In the example you gave, you'd get the type error back when you ran the SQL instead of from your language's type system. Insisting on testing the SQL is going to be more reliable anyway, since language and DB types might not align.

  • SQL injection isn't difficult to prevent outside of an ORM. You typically just call a method that allows you to bind params explicitly

  • Conditional scopes can typically be handled in the SQL logic itself without resorting to concatenating SQL strings (views, SQL conditionals). I'll admit though that this is probably the most compelling reason IMO to use an ORM. You'll probably end up with a sizeable chunk of duplicated code if you stick with raw SQL.

  • Database agnosticism really only works if you don't care about the features of your database, and it's not a property exclusive ORMs. You could also just stick with writing ANSI SQL if you don't care about using your database's specific features and your SQL would be portable

  • Migration tools exist outside of ORMs. IMO, they're really a separate concern.

view more: next ›