Hacker News new | past | comments | ask | show | jobs | submit | slooonz's comments login

> Meanwhile everything from ubuntu's apt-get to my connection to HN is secured with 2048-bit RSA - an algorithm invented in 1977 and in widespread use since at least 1995.

That’s a bit misleading, considering RSA is only used for certificate verification. Key exchange and symmetric encryption is handled by somewhat more recent algorithms (ECDH / AES-GCM).


As French, our dual-branch judicial system for a long time seemed very weird to me — I didn’t really see the point of it. I must thank the US to provide a clear example why it is in fact so useful.

In France, the law would be typically written as "The water must be safe to drink. The list of banned chemicals and safety thresholds is to be set by the Supreme Court of the Administrative Branch" (Conseil d’Etat). That way you still do have a judicial oversight of agencies, but with a judicial branch which has more adapted procedures to those issues (for example you don’t have to wait for a case to go all the way up to the Supreme Court to adjudicate — it is literally part of the job of the Supreme Court of the Administrative Branch to be proactive in those matters).


Aren’t they the same thing ?


"Your issue is coming from a misconfigured SSO. We disabled SSO on your account, you can login with the standard password reset flow. You can reenable SSO once you have fixed the issue."


And when you have to unlock it for the fifth time? This is looking like a shit product and shit customer support.


The customer misconfigured their SSO 5 separate times? Sounds like you don’t want that kind of customer in the first place to be honest.


What the data consistency story around crashes ? Backup/recovery ?


Sorry, I'm not sure I understand your question. Can you rephrase?


Presumably you have backups for both the primary database and the message queue (or maybe no backup for the later). If a disaster happens, requiring you to restore backups, how confident are you that your system as a whole is behaving as expected (no events acknowledged but not processed / no events processed twice).


I have made a similar solution in-house. I kinda agree with the YAML nay-sayers. I settled on KDL instead as the description language (https://kdl.dev/) ; maybe give it a try ?


Also, you should consider migrations to be the first-class citizen and entities to be derived on it. On our system, we have

migration "create-users-table" { create-table "users" { column "id" "number" dbtype="increments" } }

migration "add-user-last-device" { alter-table "users" { column "last_device" "string" } }

This implicitly defines an "User" entity which has two fields, "id" and "lastDevice". But now we can also generate migrations (in our case, knex migrations). It’s harder and less reliable to go the other way, starting from current database schema + current description to migration.


Migrations are a tricky point I agree. In your system, do you keep your original model files as they were at the beginning or do you change them too ?


> Each app should have a clean environment and ideally you'd pick and choose what files/folders you want to give the app access to while it is running, and not let the app builder decide for you. Also, the user should pick and choose where to mount directories if they choose to do so

That’s… what bubblebox is ?


Shameless self-plug : https://sloonz.github.io/posts/sandboxing-1/

Which you can see it as the longer form documentation of bubblebox (explaining in excruciating details how to sandbox desktop applications with flatpak).

(not affiliated to the author, written prior to bubblebox — but I’m happy to see that someone took up the job of making a true solution of implementing the ideas I laid out in my blog posts series !)


What do you mean ?


> Imagine a car manufacturer (say Tesla, who has an edge over others much like Apple) could decide where you can go and who your passengers could be?

That’s called public transit.


It would be if you couldn't buy a bus.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: