> "Although the chance of a collision is extremely low because the random value has at least 150 bits of entropy, there is still a chance."
I am... speechless. I mean... Um.
The last time I checked, no one was able to break 128 bits of security for anything, let alone 150 bits, or for a domain validation of some domain name no one cares about.
This is the same attitude that has everyone deploying in-kernel code and arbitrary updates written by companies who can't get the basic QA right. The auditors and lawyers get to decide what "security" looks like.
I really like NATS, but it's worth noting that it's only really "the SQLite of queues" in the context of their Go client, which can embed a NATS server into an application.
Otherwise I would really say it is more like the Postgres of queues (still great, but potentially not what OP is looking for)
Sounds like you're in the UK? Any chance you could send me the details of your doctor(s) to ivan.ristic@gmail.com? I've been struggling to find a doctor willing to diagnose me properly. Much appreciated.
Not in the UK - the UK is weird in that they have some of the worst gaslighting but also that's where Dr. Jessica Eccles is based and they have a decent Low Dose Naltrexone (LDN) medical community https://ldnresearchtrust.org/. While that is starting from a treatment and working backwards doctors who know about LDN and how and why to use it are most likely to know the other things they need to know. I'll send you an email and can probably put you in touch with other UK people in a similar boat.
Yes. ModSecurity is best used as a tool for virtual patching, meaning something you can use to create a temporary defence for a problem you know you have. That buys you some time until the problem is fixed.
When you're writing a virtual patch you know exactly what data you're dealing with and you can allow through only what's known to be good. Any other approaches (e.g., generic rules) deal with text in bulk and are prone to false positives.
Oh yeah I can see the place for it, thanks for filling in that context, and only on HN would the original author of ModSecurity see my comment about it haha!
For my context, I’m coming from a place of adding it to very new deployments, where the needs are constantly changing, which is why it feels a bit square-peg-round-hole I think.
If you're struggling to the extent that you're questioning your sanity, you're trying to do too much. There's a limit to what a single person can do.
If you want to stay a one-person company and keep your sanity, do less. Otherwise, figure out how to hire employees. But in this case, it's going to be a long journey still.
Yes, that's very radical. How will the person who asked the top question know that they're supposed to validate their ideas before they build, for example? And how do you validate your ideas? And how do you figure out what to build and position yourself against competition, etc?
These are complicated things. People who succeed without learning from others do so mostly via timing and luck.
To those with knowledge, it's nothing special. To the rest, it's a daunting black box of pain and frustration.
April Dunford has two great books. Positioning comes first, then sales.
As a small outfit, you probably don't want to actually sell. The approach that worked for me was to focus on inbound marketing and let customers self-select and come to you. Have a great pitch, ideally right there on your web site. Then get them onto a trial, treat them as customer from day one and get them into your customer success programme.
In essence: build a great product, talk about it, find the right customers and couple with fanatical customer success.
There is also the third option, when you start off as a partner of a larger business, and it goes well, and they eventually decide that they want to buy you.
It's one of those things... what works for you may not work for other people. For someone who's made-up differently, the right chair can make all the difference in the world.
I do what you do (and more) _and_ I have the best chair _and_ I am still in constant pain.
I am... speechless. I mean... Um.
The last time I checked, no one was able to break 128 bits of security for anything, let alone 150 bits, or for a domain validation of some domain name no one cares about.
This is the same attitude that has everyone deploying in-kernel code and arbitrary updates written by companies who can't get the basic QA right. The auditors and lawyers get to decide what "security" looks like.
It's "best to be safe".