nibblebit

joined 1 year ago
MODERATOR OF
loud
csharp
sorted by: new top controversial old
1
Everything you need to know about configuration and secret management in .NET (stenbrinke.nl)
What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 2 points 1 year ago

Sorry, I didn't mean to be dismissive. I wholeheartedly agree with you. What I meant was that it's a shame I, as an engineer in the year 2023, would have a hard time pitching a blockchain solution to a non-crypto problem to paying customers no matter how fitting the solution might be. I don't think that's very disputable. Now this attitude is entirely driven by the last decade of unsubstantiated crypto hype and associated bad faith actors. It has nothing to do with the technology as it is.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago

Sorry, it was not my intention to be vague. I admit to not having a complete implementation in mind. My point is that linking each log as a block in a chain with hashes forces an order that is more difficult to tamper with than a timestamp or auto incremented integer id. You have to alter more data to inject or purge records from a chain than you would with a table of timestamped records. I admit I can't make my case better than that.

As for the simplicity factor. I think your suggestion of serving logs to peers from a server like an RSS feed is a fine solution.

But I can setup a MultiChain instance In a few hours and start issuing tokens. I can send the same link out to my peers and auditors for them to connect and propagate the shared state. The community can shrink and grow without the members having to change anything. Now it's mostly a hands off venture that scales relatively well. I'm an okay programmer but to coordinate an effort to build, test and verify a system to do the same with RSS feeds across multiple companies would take me months. Something like MultiChain or HyperLedger is comparatively turnkey.

I'm not here to say this is the best way to do it. I'm just saying there's some merit to leveraging these technologies.

If you ask me, audit logs should just be posted to Twitter, the only true write-only database.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago (2 children)

I mean you would need the hashing and consensus stuff to figure out exactly how the chain diverged. Just pooling the event would in theory be enough to prove that shenanigans were afoot then the ledgers don't align, but that's a bit too brittle to base a bi-annual evaluation on. You could close those up and setup some eventual-consistency across peers, sure but now you're talking about a some complicated proprietary software. It's also not clear how a system like that would scale.

There's plenty of convenient self-hosted blockchain solutions out there already that can be used to accomplish this. And there are a ton of tools to do analysis and tracing on these chains. This makes it not unreasonable when compared to a dedicated solution.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago* (last edited 1 year ago) (4 children)

I'm sure the hardcore variant would have its uses. But the goal isn't necessarily to make fraud impossible, just evident. So probably more towards the latter option. And you are correct that you don't need a blockchain to create a distributed database that enforces consensus. It's just a neat tool you could use that scales pretty well, is relatively low maintenance(SWE hours not GPU hours), can adapt to a lot of cases, and is affordable for small and mid-sized companies. You could do the same by broadcasting your events to all your peers and having each peer save everyone's events to compare notes later. But this would be a hassle to setup and keep consistent.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago* (last edited 1 year ago)

Most auditing and insurance companies don't have a webhook where you can arbitrarily send your logs to. They have humans with eyes and fingers holding risk management and law degrees called auditors. That you need to, with words and arguments,convince of your process integrity. And What happens if you switch insurer or certifier? You probably have to do a ton of IT work to change the format and destination of your logs. And how do you prove that your process was not manipulated during the transition?

What you describe are digital notary services and it's billion-dollar industry. All they do is be a trusted third party that records process integrity. IAM, change logs, RFCs, financial transactions, incident detection, and response are all sent in real time so you are ready for certification or M&A. Most small and mid-sized enterprises can't afford that kind of service and are often locked out of certain certifications or insurances or take a huge price cut when acquired.

Something like pooling together resources to a provable immutable log trail isn't unreasonable.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago* (last edited 1 year ago)

Let's say a country mandates their Telecom sector to audit it's transactions. The idea would be to share the network with several peers, your telecoms. In this case "mining" would be verifying the integrity if the chain and can be done by anyone of the peers. The government or auditing authority could also be a peer in the network and they are all capable of verifying the integrity of the chain through "mining". You are right that it's easier to have a small group of peers conspire to manipulate the chain. But it's a lot harder for several telecoms to conspire than for one rogue CFO to cook the books.

In this application you're not generating 'valuable' tokens in the sense bitcoin does it, but the value is the integrity of the chain. People value the proof that no one has redacted or injected any transactions.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 1 points 1 year ago (6 children)

The security comes from consensus. Everyone needs to agree about what the truth is. The burden of proof is proportional to the number of peers that need to agree. Public chains require a lot of work to create consensus amongst hundreds of thousands of peers. Let's say your chain consists of 12 companies all using the same chain to validate and verify each other's transactions so they are ready for an audit.

Yes, it's easier to have 12 peers conspire to manipulate the chain than to have 200 000 peers. But making 12 businesses conspire to cook the books is already several orders of magnitude more difficult than the checks and balances we have in place now.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 3 points 1 year ago (2 children)

This right here is really the spirit of the post. Yes there's many impractical applications. Much like there are many impractical applications for RDBMSs, but the tech has such a stank on it, it's important to remember it's just a tool that can be useful despite the hype cycle.

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 2 points 1 year ago* (last edited 1 year ago) (2 children)

Not every log needs that kind of security and a chain does not need to be public. You download blocks from peers and do your own accounting.

Nothing is preventing you from only giving access to your chain to a trusted circle of peers.

Something you could do is encrypt your logs and push them to a chain shared by a number of peers who do they same with their own keys. Now you have a pool of accountability buddies, because if someone tries to tamper with the logs, you all hang together.

If you're doing some spooky stuff and need to prove a high degree of integrity is you could push encrypted logs to a chain. The auditor then can appoint several independent parties whose only job it is to continuously prove the integrity of your logs. After that is proven you can release your keys to the auditor who can inspect your logs knowing that they have been complete and untampered during the audit period.

Again I understand it's not the most efficient system, but there are less efficient and less flexible systems out there in enterprise land haha

First-person maze with enemies: I need a start. in c/godot@programming.dev
[–] nibblebit@programming.dev 2 points 1 year ago (1 children)

As others have said so far. If you have zero experience what you are aiming for is pretty complicated.

  • you need path-finding. Godot nav mesh will do great. But you could implement waypoints and A* yourself if you like more control and want to learn.
  • you need some place holder models. Using prisms or Sprite3d is better because you can more easily see which way they are facing
  • you need some agent behaviour. What does move randomly but also towards the player mean? Are you thinking of a pacman like situation?. You might want to think about a state machines
  • If you want the levels to be procedurally generated you open a whole new can of worms.
  • Depending on your use case you might want to spend time getting comfortable with the UI framework and Control nodes to create buttons and widgets to create start and reset levels.
What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 3 points 1 year ago (8 children)

Yeah you're not wrong, that would be more efficient. Again a blockchain is not an efficient way to do it. But it would be effective.

In practice audit logs are used by and for auditors. Non-technicals that need evidence that would hold up to argument. Yes you could send your logs to a third party. Now you have to prove that third parties trustworthiness twice a year to the standards of each legal entity you operate in. And lawyers are more expensive than blockchain devs haha :p

Having a private blockchain that you can share with several changing parties that can subscribe to it. Without having to update anything about your infrastructure is a benefit.

Even though I've lived through several iso 27001 certifications, I'm still walking on thin ice when I say that it would probably easier to explain the blockchain in practice than any other proof of completeness method. Because the public is more aware of it. On the other hand the public is also more skeptical of crypto so it could also backfire :p

What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for? in c/programming@programming.dev
[–] nibblebit@programming.dev 3 points 1 year ago (10 children)

Yeah the problem isn't the veracity of the logs, it's providing a mechanism for third parties of proving that the sequence of events in your log hasn't been tampered with after the fact

11
Branching Dialogue Trees? (programming.dev)
 

Hey I've been wondering what you all use to create and manage dialogue trees for your games. I've come across many tools for the different engines. Most fall in the low-code node-graph category that I find frustrating and finnicky to work with. I never got the hang of the different plugins for Godot, and it's tiring to just spam and duplicate if statements in huge globs.

I made a C# package to let me map out dialogue trees and shoot events all in neat little yaml files that live happily in version control. It was made abstract to work for MUDs and text adventures, but I recently started using it in my Godot games and it works pretty well.

I don't believe I'm the only one that prefers to work this way. I am curious about what you all use for branching dialogue mechanics, reacting to events during dialogue, SFX etc.

Do you like the plugins? Do you have bottomless branches of flow control? Let me know!

2
Starting out with robotics without hardware (programming.dev)
 

Hi! I'm a software guy and would like to start out doing some robotics. Before I go out and get a bunch of hardware. I'd like to practice the fundamentals.

I'm most comfortable with C++ and C# and dotnet and am pretty comfortable with game engines like Unity Unreal and Godot.

I've started out modeling a three-joint articulated robot arm that i can control through signals to the individual joints, like controlling a stepper motor.

My goal is to figure out a system where I can declare the shape of a robot like this (armature size, number of joints, offsets etc) to create a virtual model of the robot. I want to be able to send target coordinates and a basis rotation to that model and receive a series of signals back that will move the head of the robot to that 3d coordinate and rotation.

Now, I'm sure there are systems and packages that do all the math for this already, so what tools/libraries do you guys use to do modeling like this?

I want to see if I can simulate it in a game engine, and if that works out maybe ill try it on a toy :D

Thanks!

1
New name for Azure Active Directory - Microsoft Entra (learn.microsoft.com)
2
Dragon Ball Z: The Legacy of Goku II Developer Documentary : Internet Archive (archive.org)
 

The guys from NoClip dug up a bunch of old videogame archival footage and are slowly uploading them to archive.org.

One of them is this documentary for an GBA game that I found to be so heartwarming.

Hope you like!

1
Lemmy on native Azure? (raw.githubusercontent.com)
submitted 1 year ago* (last edited 1 year ago) by nibblebit@programming.dev to c/loud@programming.dev
0 comments fedilink
 

Hey! Last week I tried off and on to get Lemmy running on an Azure subscription, it's been tricky.

I still haven't gotten it working correctly. So far, I've tried to run the docker-compose on an ACI and Container app, but I've had the most success on a Web App for Containers of all things with the configs uploaded directly on the app service through FTP (yeah...).

I'm running the Postgres as a separate Flexible server instance (set it to v15, default is v13). And I'm running the pict-rs container as a separate ACI with a mounted storage account.

Right now the backend doesn't want to run db migrations fully, but I'm not sure why, otherwise the rest seems to work as intended and can scale independently. Running up to a projected $52/month with everything on the lowest possible SKU

I will publish a bicep once I get the whole thing to run reproducibly.

Have you guys tried it out? What other approaches have you tried or would you try?

1
State of the C/loud Survey 2023 (docs.google.com)
 

Hey Guys. I thought it would be fun to setup a public anonymous survey about our users. Just to see what kind of different cloud adopters we have around. Results are public and entry is anonymous. It's only to be used for the community.

For now it's as simple as taking a look at what you guys are using and what you are curious about, but in the future we can expand it to answer some interesting questions :)

1
/c/loud Reading List (programming.dev)
 

Hey everyone,

I thought it would be good to set up a repository of learning materials beneficial for both newcomers and seasoned professionals.

The aim is to curate content that ranges from beginner to advanced levels, either focused on specific cloud platforms like AWS, Google Cloud, Azure, IBM Cloud, etc., or general insights applicable across multiple platforms.

The three main categories for suggestions are:

  1. Books: What are some introductory and advanced-level books that have deepened your understanding of cloud computing? This could include architecture, best practices, security, scalability, serverless computing, cookbooks and others.

  2. Blogs: We'd love to know which blogs you trust and follow for the latest news, trends, and innovations in cloud computing. Technical blogs offering how-to guides, problem-solving techniques, project logs and tutorials, or sharing personal experiences in the field would also be great.

  3. Videos: Are there YouTube channels, online course platforms, or websites that have provided you with insightful video tutorials, webinars, or talks on cloud technology?

Cloud computing is a big field, so here are some suggestions for interesting topics:

  • IaaS, PaaS and SaaS offerings of different providers
  • comparisons and cross-platform mappings (eg. Azure for AWS engineers)
  • IAC solutions
  • Authentication, Security and Access control
  • Architecture
  • Big(ish) Data management
  • Governance, compliance and Monitoring
  • Fun personal projects

Thank you so much!

1
Azure Static Web Apps and Content-Security-Policy (www.yasendinkov.com)
submitted 1 year ago* (last edited 1 year ago) by nibblebit@programming.dev to c/loud@programming.dev
0 comments fedilink
1
Amazon Security Lake is now generally available | Amazon Web Services (aws.amazon.com)
2
Welcome to /c/loud - Your Home for All Things Cloud Computing! (programming.dev)
 

Hello and welcome to /c/loud, the community for everything cloud computing. We are a growing community of IT pros, developers, tech enthusiasts, and novices alike, all with a common interest - exploring and understanding the expansive world of cloud technology.

This community was created to foster meaningful discussions, insights, and knowledge sharing about cloud computing. Here, we delve into everything from the fundamentals of cloud architecture to advanced topics, such as implementing cloud-native applications and mastering different cloud services like AWS, Google Cloud, Azure, and many others.

What Can You Expect From /c/loud?

  1. Discussions: There's always a vibrant conversation happening here. You can ask questions, answer queries, engage in debates, or share your insights about various aspects of cloud computing.

  2. News: Stay up-to-date with the latest developments in the cloud computing world. From new service launches to policy changes, we discuss it all.

  3. Learning Resources: Whether you're just starting with cloud computing or are a seasoned professional looking to expand your skills, we regularly share resources to helThere's something for everyone, fromu. From online courses, tutorials, and webinars, to blog articles ething for everyone.

  4. Career Guidance: Interested in a cloud computing career but unsure where to start? This community can be an excellent resource. Share your career-related questions, get advice from industry veterans, and learn about job opportunities.

Rules

Remember, as with all communities, we have a few rules to ensure the conversations remain respectful and relevant. Before you post, please take a moment to go through our rules.

  1. Respect Each Other: Everyone has a right to their opinion. Please respect that right. Healthy debates are fine but do not resort to personal attacks or hate speech. We value a diverse community with different perspectives.

  2. Stay on Topic: This is a cloud computing community, all discussions and posts should be related to this subject. Please ensure that your posts are relevant.

  3. No Spam or Self-Promotion: This community is a place for discussion, not self-promotion or advertising. Posts that blatantly advertise a product, or service, or are used for self-promotion will be removed.

  4. Avoid Reposting: Before posting, please use the search bar to ensure the topic hasn't been covered recently. Repetitive posts can clutter the feed and might be removed.

  5. Professional Language: Use professional and (hekkin') polite language. Avoid using inappropriate or offensive content. Firefly profanity is allowed.

  6. Fact-Check Your Posts: Misinformation can be damaging and misleading. Please ensure that the information you are sharing is accurate to the best of your knowledge. This includes outdated articles or content regarding deprecated services.

  7. Respect Privacy: Do not share the personal information of others. This includes email addresses, phone numbers, physical addresses, etc.

  8. No Illegal Content: Any posts or comments sharing illegal content, or discussing activities that violate the terms of service of cloud computing platforms, will be removed.

  9. Cite Your Sources: If your post includes data or information sourced from somewhere else, please provide a link or citation to the original source.

Violation of any of these rules can result in post/comment removal. The mod team reserves the right to enforce these rules at their discretion. If you have any questions or concerns, please feel free to reach out to the moderators.

We look forward to a positive and engaging environment here in our community!

Enjoy!

Whether you're exploring cloud computing for the first time, or you're an experienced professional keen on staying abreast of the latest trends, /c/loud is the perfect place for you. Join us today and become a part of our thriving community!

1
How do you setup a software development team? (programming.dev)
 

I think this is a struggle for many of us. Not only to re-organise existing teams but also positioning teams in a larger organisation. What team composition works for your cases? What roles are filled within a software development team, and what roles run across teams? What kind of teams are there?

I've applied teamtopologies and unfix to help communicate about our team structures, but I'm curious about what problems people encounter and what solutions you've discovered.

Some challenges I've been facing:

  • Finding or training security officers
  • Organising IT operators
  • Dealing with access control and compliance
  • 24-7 Coverage
  • Keeping Data Scientists productive
  • Avoiding superheroes
  • front-end and back-end teams
  • dedicated testers
  • The role of QA and Product

I'm curious to see a discussion :)

view more: next ›