> Meanwhile everything from ubuntu's apt-get to my connection to HN is secured with 2048-bit RSA - an algorithm invented in 1977 and in widespread use since at least 1995.
That’s a bit misleading, considering RSA is only used for certificate verification. Key exchange and symmetric encryption is handled by somewhat more recent algorithms (ECDH / AES-GCM).
As French, our dual-branch judicial system for a long time seemed very weird to me — I didn’t really see the point of it. I must thank the US to provide a clear example why it is in fact so useful.
In France, the law would be typically written as "The water must be safe to drink. The list of banned chemicals and safety thresholds is to be set by the Supreme Court of the Administrative Branch" (Conseil d’Etat). That way you still do have a judicial oversight of agencies, but with a judicial branch which has more adapted procedures to those issues (for example you don’t have to wait for a case to go all the way up to the Supreme Court to adjudicate — it is literally part of the job of the Supreme Court of the Administrative Branch to be proactive in those matters).
"Your issue is coming from a misconfigured SSO. We disabled SSO on your account, you can login with the standard password reset flow. You can reenable SSO once you have fixed the issue."
Presumably you have backups for both the primary database and the message queue (or maybe no backup for the later). If a disaster happens, requiring you to restore backups, how confident are you that your system as a whole is behaving as expected (no events acknowledged but not processed / no events processed twice).
I have made a similar solution in-house. I kinda agree with the YAML nay-sayers. I settled on KDL instead as the description language (https://kdl.dev/) ; maybe give it a try ?
This implicitly defines an "User" entity which has two fields, "id" and "lastDevice". But now we can also generate migrations (in our case, knex migrations). It’s harder and less reliable to go the other way, starting from current database schema + current description to migration.
> Each app should have a clean environment and ideally you'd pick and choose what files/folders you want to give the app access to while it is running, and not let the app builder decide for you. Also, the user should pick and choose where to mount directories if they choose to do so
Which you can see it as the longer form documentation of bubblebox (explaining in excruciating details how to sandbox desktop applications with flatpak).
(not affiliated to the author, written prior to bubblebox — but I’m happy to see that someone took up the job of making a true solution of implementing the ideas I laid out in my blog posts series !)
That’s a bit misleading, considering RSA is only used for certificate verification. Key exchange and symmetric encryption is handled by somewhat more recent algorithms (ECDH / AES-GCM).