I'm considering myself as quite enthusiastic about integrating "AI" into SWE processes. HOWEVER I'm really tired of reading AI-generated or heavily post-processed blogs.
So I would really appreciate if you can share with me some blogs (mostly about engineering but other topics are fine I guess) where authors declare that they prefer not to use "AI" for writing.
I guess it's fine to use some tools to fix grammar lightly or cherry-pick some suggested improvements.
But I __really__ want to "hear" voices and ideas of real people, not from Internet-averaged generative algorithms.
Been playing around Bluefin recently [1]. Which is based on Fedora Silverblue [2]. These are atomic OSes which seems very nice and innovative indeed.
I'm Debian user for 15+ years. But stable version is too old and testing for some reasons breaking quite often (last year I wasted more time on fixing Debian Testing after updates than my friend which uses Arch -_-). Now I'm looking for good alternatives and I think I will stick with containers rabbit hole. :)
Thanks @jcastro [3] and contributers for fantastic work! <3
Usually on low-risk projects where I don't want to bother myself with handling token pairs (or where it's impossible) I have similar simplified approach but regenerating token:
- Session token has two timepoints: validUntil and renewableUntil.
- If now > validUntil && now < renewableUntil - I'm regenerating session token.
This way user is not logged out periodically but session token is not staying the same for 5 years.
Would be nice to see alternative documents for similar topics (e.g. something like OWASP Cheatsheet but from more practical point of view).
With all the respect, I'm a bit skeptical about this document for such reasons:
- Name is quite pompous. It's a very good marketing trick: calling some document like if it was written by group of researchers from a Copenhagen university. :)
Yes, Lucia is a relatively popular library but it doesn't mean that it is promoting best practices and that its author should be considered an authority in such important field unless opposite is proven.
- I don't like some aspects of Lucia library design: when user token is almost expired - instead of generating new security token Lucia suggesting just to extend life of existing one. I see it as a very insecure behavior: token lives forever and can be abused forever. This violates one of the security best practices of limited token lifetime.
But both Lucia and "Copenhagen Book" encourages this practice [1]:
If you have suggestions how to improve my initial request to make my intentions more clear - I would love to hear them!