When I started on this codebase, we needed to implement some custom exchange logic that maps very neatly to fanout exchanges and non-durable queues in RabbitMQ and weren't built out on our PostgreSQL layer yet. This was a bootstrapping problem. Like I mentioned in the comment, we'd like to switch to pub/sub pattern that lets us distribute our engine over multiple geographies. Listen/notify could be the answer once we migrate to PG 16, though there are some concerns around connection poolers like pg_bouncer having limited support for listen/notify. There's a Github discussion on this if you're curious: https://github.com/hatchet-dev/hatchet/discussions/224.
I use haproxy with go listen notify of one of the libs. It works as long as the connection is up. I.e.i have a timeout of 30 min configured in haproxy. Then you have to assume you lost sync and recheck. That is not that bad every 30min... at least for me. You can configure to never close...
I am using keycloak for quite a while. The main problem I have with it is that you can't get a link to reset a password, you have to issue an api that does it for you. In fact that is how most of the product goes. It is very opinionated.
Making it a cluster is also not easy, though I did it and it works ok.
Another issue is that the realms has a limit. Though you can spin up an instance every 200 realms but it is not for me... Instead, I just use it for login and do the roles internally in my app for every tenant<>user<>Role but then I get back to thinking, this was an overkill... but a login system that is secured is difficult and I don't want to deal with that...
I am complaining but what is the alternative? Do it all yourself? It is either too risky or too difficult...
> Forgot Password: If you enable it, users are able to reset their credentials if they forget their password or lose their OTP generator. Go to the Realm Settings left menu item, and click on the Login tab. Switch on the Forgot Password switch.
As I said, very opinionated. Meaning you have to use their way. So, for example, if I want to add turnstile bot protection to the reset password screen so your aws smtp won't be abused, I have to write a plugin instead of just getting the url to send myself.
Not specifically the topic, but I looked for a library for golang and it is not that common, there is a library in <20 stars, too experimental for me.
Also, not sure the postgresql extension is in the main distribution, couldn't find it if it does. For example, GCP only supports this one IIUC https://www.postgresql.org/docs/current/uuid-ossp.html
Java has something, but again not really clear how tested.
So using this is a bit iffy...
c) UUID7 internal (which also includes time badly), UUID4 external/whatever short ID.
How exactly this helps if you need external ids (which you usually do today)? It doesn't even make it a short ID.
Even if there is a corner case, are we just saving a few bytes while adding more complication?
Clustered Index is a myth in PostgreSQL, not practical since you have to run a special program to reorder. So, a regular index might suffer but not really. Why? Because I am not ordering by the ID most of the time, I am ordering by "Created Date/Updated Date" or Name or whatever. Who cares about ordering IDs?
WAIT!!! But what about Next Tokens? ok, these are painful, but easily solved: Next can be (>=Created Date,>ID). Same result. Pagination, stays the same since it is sorted by Created Date.
I understood it as c) only UUID7, no secondary external UUID.
The external Id is used instead of Bigint because you don't want your external users to query 1, then 2, then 3 (IDOR)... But the random part of the Uuid7 makes this impossible.
Uuid7 isn't a substitute for Created/Updated, but a substitute for the dual field Uuid4/Bigint.
I build a port check way back to determine if services are up. It crashed half the company by simply opening a few tcp ports to the machines.
Ridiculous days :)
I also remember SMB vulnerabilities that stayed unpatched for years on some machines. That was already when Metasploit existed, so you could inject VNC into most Windows hosts on local network with just a few commands. These days at least the patching is super fast.
Even into the late 90s early 2000, modems (including ADSL) didn't come with a router, you had to establish a PPPoE connection from your computer, which also means your home machine was directly on the WAN with no firewall protection.
I can't remember which version of windows but it must have been 98 or ME, you had to rush to download and install a patch when you connected it first to the internet before one of these exploits would make it crash.
I never encountered any of this, except that one roommate liked to brag about his expensive win 9x box, and me and another roommate would take turns using our junky linux and nt desktops to “pause” his machine with “ping -f”, usually in the middle of a lecture about how amazingly fast it was.
Later, we had an openbsd router running on an old 386 that we jammed a few old 10MBit 3com cards into (later, Linux, plus $20 ne2000’s).
Those things had 100% uptime other than power outages, ne2000 swaps, and the time I unplugged it after 50 gallons of water ran through it (stayed up, worked fine after I made a new copy of the soggy boot floppy).
Later we ended up with some shitty belkin router, etc. “Unplug it and plug it back in? Really?”
Eventually, I got a WRT54GL (emphasis on the L) which worked for a few years.
Now I’m back on OpenBSD. The only software downtime is due to PG&E power cycling it 100 times, and fsck expecting me to send a “y” over the serial port one of those times. Now it is double battery backed.
It works, but I’m living in fear of the day my PC Engines APU board finally gives up the ghost.
Also, sometimes our starlink’s linux cpu hangs. You’d think they could get that right. It’s not like it’s as hard as building a car, launching rockets, or operating a network that’s used for public safety announcements.
> Even into the late 90s early 2000, modems (including ADSL) didn't come with a router, you had to establish a PPPoE connection from your computer, which also means your home machine was directly on the WAN with no firewall protection.
Even today modems don't always come with a routers. In fact, I like them that way :).
IIRC, the problem in the late 90s/early 2000s was routers were thought of as only necessary to get multiple computers online, and it was pretty common for people households to only own a single desktop. There wasn't enough security consciousness earned through repeated failure, so it "made sense" to direct connect consumer machines to the internet.
We actually had a LAN years before we had broadband, and I setup a PC running Linux as a router to share our 33.6 modem to the household. But before that? The PC direct dials into the ISP, and got a publicly-routable IP.
IIRC Windows XP up to SP2 was vulnerable to this. Basically if you ran the install with the DSL modem attached, your PC was compromised even before the end of setup.
When W32/Blaster[0] came out I worked at a small ISP doing tech support and computer repair. A tech and I imaged an old box we had in the corner with a clean XP, assigned it a static IP in our /24, plugged it in and started a stopwatch. It didn’t even make it two minutes before it was infected.
I was working for a small ISP in that time frame and that's when we started blocking incoming windows ports. And yea, it was annoying for the few techie types that tried to run SMB and could actually protect their stuff.
For the other 99.9% percent of the users it protected them and us.
Yeah Blaster is one of the few worms I've ever (knowingly) been infected with. As you say, it was literally less than a minute or two between connecting an unpatched box and getting it.
that is really unpleasant.. engineers worked, companies worked and volunteers also worked to make the modern Internet, then selfish-clever, thieving, control-oriented militaristic jerks from WINDOWS filled the content with WINDOWS virus activity to play cheap stealing tricks on unsuspecting people. And you call it "the Internet" .. it has nothing to do with "the Internet" as much as the cheap and aggressive culture of BS from WINDOWS at that time
It would be more fair to criticize the corporate culture at Microsoft in the 90s that led to this situation.
They simply didn't really care. If another OS was dominant, it is easy to argue that fundamental security issues could have been addressed in a better fashion, if management wanted it to be so.
To wit, this is the same era of computing that spawned OpenBSD. You can't say with a straight face that OpenBSD would have been brought down by oversized ping packets or be allowed to accept traffic out of the box like Windows was.
> I can't remember which version of windows but it must have been 98 or ME, you had to rush to download and install a patch when you connected it first to the internet before one of these exploits would make it crash.
Much more than that. With Windows 95, you could send an illegal ICMP with a simple "ping.exe -l 65510 victim.host.ip.address". Your Windows 95 might crash/misbehave after that, but not always.
The receiving end, the destination IP, on the other hand... These would panic, crash, dump, hang or reboot: Windows, MacOS, Netware, AIX, Linux, DEC Unix, Nextstep, OpenVMS, SCO Unix, HP-UX, Convex OS, Solaris.
It was very funny in the very first hours, the little toy Win95 machines obliterating all those big, expensive Unix servers on the network.
That was the precise moment when we started filtering ICMP echo on the routers. Hardly anyone did this before.
Earlier versions of Windows (98? 95?) also used to share things like drives (C$, D$) and printers with the dial-up connection by default.
I remember connecting to a printer of a classmate over the internet and printing a page, to his surprise. All you needed was the IP, which was trivial to get from ICQ, back in the days.
There was a time when you could SMB mount shares from servers at MS over the public internet (and e.g. do things like download alphas and betas that were not visible on the ftp server).
I remember early Bitcoin exchanges that had everything stolen because they left all of their unencrypted private keys on SMB shares that were left visible to the Internet. IIRC this is what finally took down MtGox, almost 20 years after the release of Windows 95. Some people never learn.
What was more fun when the spammers figured out 'net send'. I showed that to one guy I worked with and that thing had a nasty bug. If you got one of the parameters wrong it would send a message to every computer on the domain. He had to explain to the top guys why they had funny messages on their screen.
When I was at the university and without a fully developed frontal lobe I thought it was a great idea to test this in the lab.
Ended up creating a "battleship"-like game. Two people, each trying to crash the other's machine. Since the IPs were randomly assigned by DHCP and for some inexplicable reason changed frequently (every day or so), we would be trying to guess what the other machine's IP was.
Given how they were physically arranged, we were able to see the machines blue screening (but not always fully crashing).
Of course, there was a lot of collateral damage as some machines were in used by people that weren't part of the 'game'. Thankfully, most of the time they didn't fully crash. Most of the time.
Ah, the good ole days of "hey what's your IP address?" followed by typing those four magical numbers into Winnuke and then watching a person just drop off ICQ. Still makes me chuckle. That worked for years.
Oh I remember those times. There was a guy in high-school 2 years younger that one day shown me that he wrote a C implementation of WinNuke on the school Unix server and he was then crashing Windows PCs in the lab for fun.
He was a really smart guy and AFAIK he's been working at Google for a few years now (maybe he's on HN even?)
I remember when CdC released Back Orifice to remote control Windows machines, like ejecting CDROM and such [1]. We really did come a long way, where 0-days go for 20 million dollars. [2].
I was managing a few labs full of machines used for training on NT4 which meant I was frequently re-imaging and could use effective remote control capability. Back Orifice was, at the time, the absolute best remote admin solution available for free. I could deploy it in the image and then use it to kick off reimage process, reboot, log out a student, or monitor their screen from the teacher's desk to share on the attached TV. It really was a handy tool for remote admin tasks.
Could also disable certain keys on victims keyboard. Did that in the office a bunch was hilarious watching co workers who had no idea what was going on. Perfect for a Monday morning.
I may or may not have known someone who wrote a shell script with the linux BO client to reset Windows machines' home pages to a porn site that paid a dollar for every unique clickthrough in IP ranges that were in specific foreign countries.
This person might have earned several hundred dollars each month for several months afterward. But opening their cdrom tray could have been fun too. He probably wishes he had thought of that.
My favorite 'thing' for historical windows was that accessing "C:\con\con" was an instant BSOD (Even over file sharing, or even over an image URL pointing to "file://C:/con/con")
I had my Mac exposed on the public Internet around 2021/22, and I expected to be hacked instantly, but nothing actually happened. Times really have changed.
The feeling of being able to chat with friends over nc was pretty powerful, though.
Here in Israel, healthcare is free. There is nothing like the comfort of knowing that no matter what, you will be taken care of. You can't buy that for 29$...
Yes. I am not an expert but from what I understand, the reason is because governments are inefficient and cough (sometimes get corrupt). Therefor the government funds the healthcare insurance companies to take care of the citizens. They do profit from other aspects so that always clashes with the non-profit side. As usual, everything in Israel is a mishmash of interests but it works for the most part. For example, they provide additional insurance (like the premiums I mentioned in the previous post) and pseudo care like acupuncture, horse riding etc... That is also subsidized if a doctor prescribe it. For example, horse riding for autisim or ADHD etc...
Not to mention the they document everything digitally and I mean everything. That gave Israel the advantage to be the first to get the immunization in COVID since Israel made a deal to provide that health digital histories for the pharmaceutical companies for further research. That was a calculated risk, but seems like it payed off...
Times are depending on priority and payments. I.e. If you don't pay anything then you are seen in either FIFO or depending how serious it is. Your family doctor also has a say on priorities. If you pay about 15$ a month then you can have 3 appointments a year with every private doctor you want. Also, you have priorities in private surgeries. If you don't have premium insurance and you want a private doctor then it can cost about 150$ for 1 appointment. So everyone practically pays the 15$.
Plus, children up to 18 don't have to pay the premium they automatically insured in premium. Children have full dental free care up to 18 years. No problems with appointments if you have priority (like immediate pain or something).
The specialized doctors (heart brain etc...) are all encouraged to do a post doctoral for a year in Canada or US so they are pretty good.
The 2022 survey indicates that it now takes an average of 26 days to schedule a new patient physician appointment in 15 of the largest cities in the United States, up from 24.1 days in 2017 and up from 21 days in 2004.
Major cities, like those included in the survey, have some of the highest ratios of physicians per capita in the country, yet the survey indicates physician appointment wait times are increasing.
Family medicine is the only specialty in which average appointment wait times were down relative to 2017, according to the survey. The average wait time for a family medicine appointme
You can typically get an appointment with your GP within a day or two; their role is basically triage for the rest of the health system. Access to specialists is tiered; a referral from a GP gets you access to earlier appointments, without a referral you could wait for months. So people with chronic conditions who know that they need to set up appointments on a regular basis set up those appointments months ahead of time (instead of setting a personal reminder on their phones then trying to get an appointment in the next day or two), while slots are kept open for people who get referrals for more acute cases. An appointment for a specialist after securing a referral can be anywhere from same-day to a couple weeks or so. Some people pay for private insurance because the thought of waiting a couple weeks to see a specialist is unthinkable for them.
I have a parent who needed cancer treatment in the US (in a major urban center), even with insurance, trying to get an appointment with oncologists, radiologists, etc. could take more than a month, trying to get surgery scheduled was a multi-month affair. Especially for cancer treatment, where time is of the essence (who knows when the tumor will continue to metastisize?), the process was frustratingly slow. The Israeli process is far faster.
As far as quality... look, most doctors in the system aren't going to be Dr. Gregory House. But no complaints. By and large, the ones I have encountered will listen, are attentive, are not immediately dismissive of attempts to self-diagnose, and do a good job. Israeli law also recognizes the right to a second opinion and doctors encourage patients to secure one if they so desire.
There are huge variations between different urban centers in the US. I live in a major center in the US South, I got an oncologist appointment in 2 weeks, a CT scan in 2 days and surgery also scheduled in 2 weeks.
I can't imagine it'd be worse than wait times in the US. For many things it now takes months to get an appointment. Oh and the day of your appointment the doctor's kid will be sick, have fun waiting another 2 months. That's the reality I live in.
I don’t know if you can use an argument about waiting times if most of your country can’t go at all due to the cost. I’m sure anywhere could have no waiting times if you take away the patients.
> I don’t know if you can use an argument about waiting times if most of your country can’t go at all due to the cost.
This is a crazy comment. Man asked 2 simple follow up questions. Did not “use an argument”. Also, what do you presume his/her country to be such that most can’t go due to the cost? I don’t remember them stating a place of origin.
That is a matter of debate, I don't have a good answer for you. I see the US at one extreme of saying: you are responsible for your health in all ways. In Israel it is like, we give you the option to be more healthy but we'll catch you if you fall. There are many many progressive taxation rules. Basically if you earn a lot you pay more. It is one of the most (if not the most) heavily taxed country in the world. Mostly because of arms budgets. In Israel we view the survival of every person as important because we are relatively few. I am guessing when you have 100s of millions of people this is less important for survival as a whole. Good or bad, you decide what works for you.
In American English (not sure about the rest of the world), these programs are literally known as "social safety nets", as in nets that might catch falling aerial performers. Just interesting to see the language used. It'd be nice if they were respected in America.
Where were you a year ago. I had to do ha with patroni etcd and pitr with pgbackrest myself.
What I did not see is what will happen if one node dies. What is the procedure to jump start it back. Etcd is a complicated beast...
As a soloprenuer myself, I can say that the problem is understanding the goal. When your goal is unclear, there are too many paths to the solution. Some paths are too resource intensive or unfeasible.
From reading other successful soloprenuers the first goal should be: For idea X what is the quickest way to validate the idea.
Example: If I have an idea (like a previous article from today indie hacker article) to show a progress bar for followers on twitter (won't work today). Do I need a subscription mechanism? no. Do I need payment management? no. Do I need an admin console? no. So how do I do it?
A form with an email+access key to write to a database or file. a crontab to run a script to update the profile photo. Done. Time to execute: 1 day.
Next task: get feedback to validate. Publish on my twitter account with funny or news related posts. See if people use the script.
If validated: Next goal, take money. Send email to users, that they can continue using for 4$. Send a form from some saas platform to subscribe. Manually remove non-payers.
From what that indie hacker writes he did a few thousand dollars this way. Sounds plausible.
Amazing how easy it is once the goals are completely clear.
The next goal could be, how do I increase my income. Do I need a new feature, new marketing channel, etc...
The name microservice is a fanatical view of how a service should work. That is the problem. If you say you made a service, then it is not a "micro"-service, so you are lacking "experience" with microservices :) Therefor we must build microservices to have jobs.
In reality, you need services that are engineered properly. They can be monolith or not, can share databases or not, can live on the same server or not... depends on the situation. But, as soon as you say the work "micro"service, you are doomed because it won't be a microservice if it does not adhere to millions of articles on the internet saying how to it should behave...
Specifically for OAuth2 the authentication part for flows that requires redirect, is on the shoulders of the authentication platform. There is no specific API that says how to do it. I can use my user/password to do the login. This is why you have to use a browser if that platform require you to enter the credentials in the browser. Up to that login and from that login, everything is governed by oauth2.
An alternative system, might open the authentication phase in a mobile app or a biometric input, etc... The application at the end of the url will be deciding how to do that.
The reason for the whole thing is that we want to separate the area in which needs protection (authorization) and the area which does the authentication and can sit at a trusted site and may supply services to several resource servers.
You can play with such an implementation with an open source keycloak server. It really clearly reveals how the whole thing works.
