I build backends, apps and sometimes break them, practice martial arts and enjoy video games. I believe I have seen the whole Internet once, maybe twice.
Dealing with yet another API that is unnecessarily complex claiming to be in the “true spirit of HATEOS” (read: the engineers understanding of it) makes me believe this was intentional by Roy.
Not sure what the point of a manager "1:1" is. I'll tell you everything is totally fine, until I hand in my notice. You will do the same, until you fire me.
@webology the inline JS part is a bit of a mess with current CSP implementations and would likely not pass an audit. Especially as most folks seem to prefer unsafe-inline which is a bit no-no instead of a nonce.
I just wrote this proposal that #Django’s third-party package tutorial recommend using a django_ module prefix to prevent name collisions, such as the historical one between django-ratelimit and ratelimit.
I need to find a better way to describe contributing open source software. Approximately zero people from my hometown understand what I'm talking about or why anyone would ever give their work away for free.
@CodenameTim „did you ever play basketball? Did you get paid for it? See, it’s the same for me with code“
Depending on the project even the occasional verbal abuse by the audience (who couldn’t hit a three point shot if their life would depend on it but act like they are Kobe) is the same…
@danjac I know it’s always dangerous to generalize, but at this point it feels like the moment you see medium.com as part of the domain you known its most likely not worth reading
Do you have any advice on how to share a draft article in order to ask for comments? A private doc on Google comes to mind. Do you have other ideas? 😅 #draft#article#comments#sharing
@paulox I usually go for a private / password protected paste on pastebin.com and discuss comments via email.
But I also prefer plain text for everything, so this advice might not be that good :)
I had some ideas for fediverse apps but honestly the protocol is so challenging to implement I realized I would be spending 80% of the time dealing with ActivityPub integration and 20% actually working on the app itself.
"Just make it federated" is never going to be a thing with these specs, even reusable libraries and test suites are too difficult to implement.
@danjac especially point three is IMHO the best and most important advice to give right now.
Everyone wants federated solutions, but nearly none really profit of having Mastodon compatibility.
Not adding unnecessary overhead and complexity is IMHO preferable.
@carlton when integrating external IdPs the username field is pretty handy. I think a compromise and easy transition path is letting users specify the username field they want to use. username_field = „email“
But having your IdP managed username in the model as well is actually pretty neat. Especially when having multiple services and being forced to align on a username across services. Email isn’t always present, for external contractors for example.
@carlton@CodenameTim at some point a custom user model IMHO makes sense. Especially when you reach the point where each additional join is a problem, so having a user profile or additional attributes as part of the model can be handy.
I’m not saying a custom model should be the default 99% of projects reach to, but I think the existence of the option is justified and if there’s a systemic issue leading to the same bugs that should be addressed as well.
@carlton@danjac@CodenameTim what if there wouldn’t be a central auth model but the abstract classes encouraging (read: forcing) you to always bring your own?
Worst case it’s two lines of code (inherit base classes) and a settings option.
It could even be auto generated next to projectName/urls.py
It’d fall short if people import the model directly instead of using get_user_model, but that feels like something we could catch with a system check and deprecation warning?
It’s fascinating how involved people get arguing with corporations that have repeatedly shown they don’t care about users, laws or ethics with any of their products.
An easy solution - and in this case I consider it an easy, viable solution - is not using their software. But no, people choose to argue and get agitated. As if there would be historical evidence that it would change anything.
@danjac MySQL8 being the only database „supported for production“ and their installation process being based on npm are the main major ones.
When they first launched the project felt like a big scam to me. 300k Kickstarter money spend on a weekend project that didn’t even have a responsive admin interface for its two views. There was not a lot to it for the time and money spend. (I read the source and used it)
They obviously turned it into something, so my first impression was not correct.
@danjac I don’t like Node mostly for the language and the broken dev culture around npm. But if someone else wants to deal with it I have no problem running the software if it’s properly packaged.
And with the amount of funding they got I’d expect properly packaged and not „run a supply chain attack waiting to happen“ as official install instructions.
