sweng @ sweng @programming.dev

Posts

1

Comments

206

Joined

2 yr. ago

What about security updates? What about monitoring? What about the underlying infrastructure? What about even picking what software to use and configuring it?

I haven't heard of docker compose up guess-what-i-want-and-just-do-it yet, but I guess there is some LLM that can hallucinate one for you.

There is a big difference between "is unable to maintain bots due to lack of skills" and "is unable to maintain bots due to lack of time and motivation".

Good question.

The light output would be the same because there is still only one light source. But as you note, some of the "light" would be absorbed by the wall, so the room would be brighter if you had a mirror. Not twice as bright though, because the wall also "reflects" light, otherwise you would not see the wall.

So, would it make sense to have mirror walls to maximize room brightness? Maybe not, because what the walls end up doing is actually scattering the light, meaning light is spread out evenly, wheras with the mirrors you would have some bright areas (corresponding to the lamp) and some darker areas.

Why host it locally in that case, and why host it on a Pi? Seems rather restrictive for that usecase.

You would think so, but int* a, b is actually eqivalent to int* a; int b, so the asterisk actually does go with the name. Writing int* a, *b is inconsistent, so int *a, *b is the way to go.

If you don't have an expert, you should demand one. If I don't have an electrician, I won't ask my plumber to go read a book and come back to do the wiring. I would wait and get an electrician.

Isn't that exactly the role of an architect? The point is exactly that not everyone is a cog, not everyone is exchangable and equivalent to everybody else.

I feel like the expectation that a developer can do it all is quite harmful. There are not many other disciplines where this is expected, and for good reason.

Maybe it's better to just admit you don't know how to properly architect a solution rather than pretend you do and create an unmaintainable mess. Maybe you shouldn't pretend you know how to do front-end development instead of creating some monstrosity that no user actually uses due to bad UX. Maybe you shouldn't pretend you understand security instead of introducing half a dozen sql injection vectors.

Maybe it's time to admit that the days of the solo developer are over. It may have worked when there was no internet, no security concerns, no concurrency requirements, etc. But we expect, and deserve, better nowadays.

Isn't OIDC basically what you want? You just need to convince the forums to use it.

I think the idea is that big-name men will show up to support women and work for equality, not to creep on them.

any website can trivially configure their own firewall in the same way without CF.

How many websites can handle the amount of traffic that CF can handle? It's not just about configuring your firewall, it's about having the bandwidth. Otherwise it's not much of a DDoS protection.

I see CF keys.

As I don't have an account there I can't see which requests containing credentials use which cert.

And also, just because the cert is verified by cloudflare does not mean they have the private key.

AFAICT, CF’s role is mostly useless if the SSL keys are held by the site owner.

It seems like a lot of your points hinges on this being true, but it simply isn't. There is a massive benefit to preventing DDoS attacks, and that does not require keys. There is no indication that banks are handing over client ctedentials to CF.

If you train them to cross the border illegally, what would stop the from turning right back and using those skills to get into Estonia again?

Well, it seems people are prepared to pay quite a bit for cloudflare DDoS protection. Maybe you are right, and they are all wrong. But it does not really matter, because they cmearly have convinced people that it is worth paying for it, even if you disagree.

Without TLS termination Cloudflare is still useful for e.g. DDoS protection, and serving content that do not contain client information.

Caching client data globally using Cloudflare would be pretty pointless and help very little and probably even be harmful to performance, so them having the TLS key for it would absolutely not be worth it.

I'm well aware that Cloudflare holds the TLS keys. I'm also well aware that that does not equal having access to credentials.

Banks certainly can not outsource willy nilly. Or well, I suppose they may in some jurisdictions, but the context here is Europe, where the banks actually are regulated.

Surely you are not suggesting that Cloudflare has access to end user credentials? Why would you say thay? Do uou have any hint of proof that that is the case? It would be a massive no-no, and heads would roll. If you hate electronic banking, here is your chance to take them down.

Be the change you want to see. The API is there. Go build that FOSS phone app.

I don't know much about Belgian banks, but the first one I found is Ing, and here is their documentation: https://developer.ing.com/openbanking/home. I'm sure searching for " bankname PSD2" will give you results for other banks.

Thanks to PSD2 most european banks have APIs, so there isn't actually any requireent to use the bank's apps anymore.