Emily (she/her)

I am several hundred opossums in a trench coat

  • 153 Posts
  • 365 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle
  • Emily (she/her)toTransfemhappiness is possible
    link
    fedilink
    English
    arrow-up
    12
    ·
    5 days ago

    Same here. I have my down days where everything just feels like to much but, for the first time in my life, I feel happy with who I am. I love the shape and feel of my body, I love my friends, and I’m not crushed by the chronic depression and anxiety that they told me might never improve.




  • Emily (she/her)to196PNG rule
    link
    fedilink
    English
    arrow-up
    9
    ·
    16 days ago

    My absolute last resort is to disable breakpoints and watch network traffic for the image or video. I’m pretty sure there are still ways they can detect the developer console is open but it usually does the trick


  • I agree that this is ultimately a problem with developers lacking security knowledge and general understanding, but my issue with Firestore specifically is that it is a powerful tool that, while it can be adopted as part of a carefully considered tech stack, lends itself most naturally towards being a blunt force instrument used by these kinds of developers.

    My main criticism of Firestore is that it offers a powerful feature set that is both extremely attractive to amateur or constrained developers while simultaneously doing a poor job of guiding said amateurs towards creating a secure and well designed backend. In particular, the seemingly expected use case of the technology as something directly interfaced with by apps and other clients, as evidenced by the substantial support and feature set for this use case, is the main issue. This no-code no-management client driven interaction model makes it especially attractive to these developers.

    This lack of indirection through an API Gateway or service, however, imposes additional design considerations largely delegated to the security rules which can easily be missed by a beginner. For example:

    1. Many examples of amateurs take an open-by-default approach, only applying access and write restrictions where necessary and miss data that should be restricted
    2. Some amateurs deploy databases with no access or write restrictions at all
    3. There is no way to only allow a “view” of a document to a request, instead a separate document and security rules containing the private fields needs to be created. This can be fairly simple to design around but seems to be a bit of a “gotcha”, plus if you have similar but non identical sets of data that needs to be accessible by different groups it must be duplicated and manually synchronized.
    4. Since there is no way to version data models, incompatible changes require complicated workarounds or an increasingly complicated deserialization process on the client side (especially as existing clients continue to write outdated models).
    5. Schema validation of data written by clients to the database is handled by security rules, which is seemingly unintuitive or missed by many developers because I’ve seen plenty of projects miss it
    6. If clients are writing data directly, it can become fairly complex to handle and subsequently maintain their contributions, especially if the aforementioned private data documents are required or the data model changes.

    All of these pitfalls can be worked around (although I would still argue for some layer of indirection at least for writes), but at this point I’ve been contracted to 2 or 3 projects worked on by “professionals” (derogatory) that failed to account for any of these issues and I absolutely sick to death of it. I think a measure of a tools quality is whether it guides a developer towards good practices by design and I have found Firestore to completely fail in that regard. I think it can be used well, and it is perfectly appropriate for small inconsequential (as in data leaks would be inconsequential) single developer projects, but it almost never is.


  • I absolutely despise Firebase Firestore (the database technology that was “hacked”). It’s like a clarion call for amateur developers, especially low rate/skill contractors who clearly picked it not as part of a considered tech stack, but merely as the simplest and most lax hammer out there. Clearly even DynamoDB with an API gateway is too scary for some professionals. It almost always interfaces directly with clients/the internet without sufficient security rules preventing access to private information (or entire database deletion), and no real forethought as to ongoing maintenance and technical debt.

    A Firestore database facing the client directly on any serious project is a code smell in my opinion.















  • I don’t really think I can come up with a more concise way of summarizing the idea than anthropologist Audrey Smedley did on the first result of the Google search “race social construct”

    Race is a culturally structured systematic definition of a way of looking at perceiving and interpreting reality.

    I would recommend you read something like “Feminism and ‘Race’” from Oxford Readings in Feminism or some of bell hooks’ work to understand the idea better.