I have been dating this girl for the past month, she is awesome, and she makes me smile everyday 😁
I have had a relatively bad week, I got rejected by a company I was interviewing with for the past two months, but she has been my rock.
I have been using for the past month. I am not a power user, I mostly use it when I need to access libgen. Previously, I was using nordvpn. I feel proton is faster both when connecting to a server but also the connection is faster/more reliable. For example, if I forget to turn it off, I can watch a yt video without any issues.
He is a bit sleepy after a long walk at the park 🥰 We met a bunch of wonderful friends today. I even had a huge puppy (10 months old but bigger in size than me) climb into my hands for a hug
I have a 4 day work week, at some point I tried a 5 day work week, within a year I was depressed and gladly accepted a 20% paycut to got back to 4 days
I watched The last of us, and caught with the 4th season of The Boys. Highly recommend both of them
It’s so ironically beautiful that accessing the report costs $1.3K…
O mighty pirates of the high seas, I need your help!!!
A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.
Even though, I have a decent background in software security, it’s hard to decide on an encryption schema that’s both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.
Great resource!
Write database migrations in both directions so people can downgrade on failures.
Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.
I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:
Make it possible to configure your system via ENV variables, ENV files and config files.
I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.
Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.
I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?
Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.
Ideally, an instance shouldn’t be big enough to need it. I know, famous last words, but in my case I think it’s a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.
Telemetry
Not even on my radar, thanks for bringing it into my attention 🙏
Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like “the devops are going to figure it out”…
To clarify, would an example be supporting sqlite, so people won’t have to deploy postgres unless they need to?
My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks 🙏
Reminds of a recent Philosophy Tube video: https://youtu.be/2lHNkUjR9nM?si=a9WbUKAV5u1A94kt
The title is pretty self explanatory. Yes, I want to know if it’s AI generated because I don’t trust it.
I agree with the conclusion that it’s important to disclose how the AI was used. AI can be great to reduce the time needed for boilerplate work, so the authors can focus on what’s important like reviewing and verifying the accuracy of the information.
Hi, I am a building a platform with the goal of supporting apps like this, and I would be interested to develop a plugin for your use-case as an experiment (no fee).
I am working alone on this and this is not my first priority, so I cannot make any guarantees about the timeline, or the scope of the plugin. But, if you are interested we can have a chat on matrix.
The project is not open source yet, but I am planning on doing so once (a) I figure out how to properly apply licensing, and (b) remove any potentially critical information (credentials) from the repository.