• 0 Posts
  • 13 Comments
Joined 2 years ago
cake
Cake day: June 18th, 2023

help-circle

  • Well that might explain some things.

    Not to throw shade at your company but that process is so backwards that it’s no wonder the engineers are sparse on the details. I saw another comment likening software development to a crossword puzzle, which is a pretty good analogy. To further it, changing software once it’s done is like trying to swap out a clue/ word once the rest of the puzzle is built. It’s theoretically possible, but depending on how the puzzle is designed, it can range from an absurd amount of work to nearly impossible. Given the way you’ve described the state of things, your engineers are probably low on goodwill to boot.

    I’ve worked on cobbled-together crunch-time hell-projects and the last thing I’d want after getting free would be a random BA coming to me about details that more than likely packed with the project PTSD and would very much like to forget. Doubly so if it’s issues that I bought up early in the design/ development process (when they would have been comparatively easy to fix) and was dismissed by the powers that be. I can only speak for myself, but I can only take so much “that’s not a priority”, “we don’t have time for that”/ “we’ll see if that becomes a problem in the future and deal with it then” before I throw in the towel, stop keeping track of everything that’s wrong, and just bin the entire project as dumper fire run by people who would rather check boxes than make things better.


  • This is excellent advice! I want to underscore that Engineers are very often much driven by the how’s and the why’s of things. I’ll admit to judging people based on how they answer those sorts of questions. From a project perspective, I’m far less interested in doing something if the why of it can’t be adequately explained to me. Similarly, I’m far more willing to take a “you know, I’m not actually sure”, than a “we do it this way, because that’s the way we’ve always done it” (the latter is probably the fastest way to tank any respect I might have had).


  • Was trying to compose a similar statement on that lack of details. Like, my background is scrum/ agile software development and if a random BA called me up out of the blue for project details, my first response is going to be “I’m busy, talk to my scrum master and/or manager” and failing that it’s likely going to be the minimum amount of information required to get said BA to leave me alone so that I can get back to work. Plus, unless I know that my audience has the technical capacity for low level details, I tend to leave them out (I don’t mind answering questions, but I also don’t have time in my life to spout information that’s going to go in one ear and out the other).






  • Just to key in on the overlap between FOSS and privacy, because the source code for the software is open, it means that anyone can take a peek at how everything is running under the hood (among other things). It becomes possible to verify that software is storing data locally and properly encrypting when applicable (as opposed to blindly trusting the software’s author and or lawyers).

    It may also be a fun fact that best practice in encryption is to open source your algorithms. The helps safeguard against backdoors and mistakes/ errors that could compromise the security of the algorithm. Much for similar reasons as above, as it allows the security community to check your math (in a field where it is incredibly easy to get your math wrong).




  • I don’t know about a min length; setting a lenient lower bound means that any passwords in that space are going to be absolutely brute force-able (and because humans are lazy, there are almost certainly be passwords clustered around the minimum).

    I very much agree with the rest though, it’s unnerving when sites have a low max length. It almost feels like advertising that passwords aren’t being hashed, and if that’s the case there’s a snowball’s chance in hell that they’re also salted. Really restrictive character sets also tell me that said site / company either has super old infra or doesn’t know how to sanitize strings (or entirely likely both)…