... if your company or your job depend are at stake, that's often a risk you have to take
Take all the risks you want. Just be sure that you're the one actually taking the risk, not the people whose data you manage. I get really tired of people and companies who claim that it was a necessary risk when they're not the ones paying for the bad outcomes.
You risk something by standing your ground, not in agreeing to that which puts me at risk.
All excellent points. I never worked at those scales or under those conditions, neither should I have been permitted to. And I had enough self-awareness to keep myself away from anything like that.
I guess when I read about this breach or that, the real damage seems to be a result of not having the basics covered. Whatever "basic" might mean for different scales of operation, encrypted at rest seems to be the the basis of public harm through theft of data, and it strikes me that if that can't be managed at a particular scale, then operating at that scale should not be considered.
Of course, but that just makes the case for security as a foundational principle even stronger.
Mistakes happen. They always will. That's not a reason to just leave security as the afterthought it so often is.
None of the things I mentioned have anything to do with errors and scope creep, but everything to do with building using sound principles and practices always. As in, you know, always. In class, during bootcamps, during design meetings, when writing sample code, when writing reference implementations, during the construction of the prototype that, let's face it, almost always goes into production. Always.
That is something I just don't get. I'm a hobbyist turned pro turned hobbyist. The only people who I ever offered my services to were either after one of my very narrow specialties where I was actually an expert or literally could not afford a "real" programmer.
I never found proper security to have any impact on my productivity. Even going back to my peak years in the first decade of this century, there was so much easily accessible information, so many good tutorials, and so many good products that even my prototypes incorporated the basics:
Edited to add:
It's like safety in the workplace. If it's always an add-on, it will always be of limited effectiveness and reduce productivity. If it's built in to the process from the ground up, it's extremely effective and those doing things unsafely will be the productivity drain.
That sounds ideal. Machines that are mostly maintained by experienced people and a community to help you gain experience.
This may not apply to your situation, but I found that most of my problems like this were related to "general vs specific".
Many people have difficulty generalizing from specific instructions so they need help every time something looks different to them. In an extreme case, found a person unable to choose a font in the header of a word processing document because the only thing they'd ever been shown was how to choose a font in the body of the document. It's not even that they were particularly dense, it's that they'd seen so much unexpected and unexplained variation in other areas that they started assuming that everything is an isolated task with a potentially distinct set of procedures. Now that I've switched from Windows to Linux, I'm getting a better understanding of how that happens, with many applications using different hotkeys, not implementing what I think are sensible "tab ordering", etc.
Many people have difficulty going from the general to the specific without also seeing several specific examples in a variety of scenarios. That kind of thing normally requires more formalized training. If their only exposure to your knowledge is through ad-hoc help desk kinds of interactions, there will be no opportunity to put everything together.
Thanks for your interest!
Apart from here and "self-hosting" and other communities, if you're a glutton for punishment, you can see what's up at https://walloftext.ca. I'm currently in the process of rebuilding everything from the ground up, including an associated mastodon-compatible instance. I've not yet rewritten my project outline to account for all the new stuff I've learned about in the past few months, but it's coming in the next few days.
Just note the most important part of my tagline: "Unstable by nature". Some would argue that applies more to me than the stability of the site and projects. 😛 Either way, chaos is probably the order of the day for at least the rest of this year. (And I mostly take summers off to reenergize by fishing, working in my shop, etc.)
Tension. Always tension. My mom had the same battles. My aunt never had trouble.
I suspect that buying a new mid-grade machine or better from a reputable dealer is the secret. I've bought a couple of $50 used machines because I don't want to spend 10 times that or more if it turns out that I'm not going to actually use it. I already do enough of that. 😀
Go find a sewing club and get their advice. That's what I'm doing the next time the bug bites.
Oops! I guess I wasn't paying close enough attention.
Oops! I guess I wasn't paying close enough attention.
Edit: the bits barely had a chance to dry on my comment when I came across https://rss-parrot.net/
This is a way of integrating RSS feeds into your personal timeline on Mastodon. I don't know how this affects the work I describe at the bottom of this comment, but I bet it has a role to play.
I find it hard to believe that people would like to browse to x different websites to see if an artist has new works, only to find out that they don’t.
RSS FTW!
Every site I've ever created or been involved with in even the tiniest capacity has supported RSS. Sometimes it was enabled just to shut me up.
I'm not sure how to better promote the use of RSS and get people to use feed readers, but I think it is the answer to at least that particular issue.
My personal opinion is that a "platform" should really be just a collection of searchable and categorized feeds with it's own feed. That way there is both discoverability and the ability for individuals to construct their own personal feed on their own personal device (no server required!) while staying abreast of new feeds on the master feed aggregation "platform."
There are innumerable ways for people to get their own content into something that supports RSS and that feed could be easily submitted to the master feed aggregation "platform" to deal with the discoverability issue. For example, Mastodon and most compatible systems support RSS and registration is child's play on any server that allows public registration.
In fact, the "platform" could set up a crawler to automatically discover RSS feeds. If the author has done the metadata right, the results would even be automatically categorized.
Done right, the "platform" might actually run on a pretty small server, because it would be linking to sites, and only pulling summaries from them.
Even comments could be supported with a little creativity. As I said, there are innumerable ways for people to get their own content out there. If there were a standard metadata tag "comment: ", some fancy footwork could produce a threaded discussion associated with a particular article, even if the original author has no internal commenting system. (And my favoured internal comment system would permit nothing but pure HTTPS links to the commenters own content, extracting a short summary for display.)
Side note: I acquired a domain explicitly for the purpose of setting up such a feed aggregation "platform." Now that I'm retired, I'm slowly working on creating it. Everything is highly experimental at this point and, to be honest, shows no visible progress to that end, but that is my ultimate goal.
I've always been very up front with the fact that I could not have made a career out of programming without tools like Delphi and Visual Basic. I'm simply not productive enough to have to also transcribe my mental images into text to get useful and productive UIs.
All of my employers and the vast majority of my clients were small businesses with fewer than 150 employees and most had fewer than a dozen employees. Not a one of them could afford a programmer who had to type everything out.
If that's what happens with AI tooling, then I'm all for it. There are still far too many small businesses, village administrators, and the like being left using general purpose office "productivity" software instead of something tailored to their actual needs.