• Get Creative!


    I've got one too: what's the significance of putting Alan Partridge alongside Einstein?
  • Austin: Sense and Sensibilia
    A lame question, but I'm fairly new to the forum: How do I make those arrow+name graphics that mean "view original post"?J

    Reply using the reply button at the bottom of every post, as shown below.

    lxuag2n98w4nf9v3.png

    It only appears when you hover over the post, i.e., when you put your mouse pointer in that area of the page.

    On mobile you have to click the ellipsis to see the reply button. On mobile the ellipsis is at the bottom of every post.

    For quoting, see this guide:

    https://thephilosophyforum.com/discussion/13892/forum-tips-and-tricks-how-to-quote
  • Austin: Sense and Sensibilia
    No worries. I have the book and have read it a couple of times. I like it, but I don't know if I'll be joining in this discussion. I'll be reading along though.
  • Austin: Sense and Sensibilia


    I'm not angry or anything, but I really hate being misquoted. Shown below is how it went: a quotation from Russell followed by my summary of his view with regard to the directness of perception:

    The real table, if there is one, is not immediately known to us at all, but must be an inference from what is immediately known. — Russell

    If there are any directly perceived objects at all for Russell, they are sense data, not tables.Jamal

    Carry on :smile:
  • Austin: Sense and Sensibilia


    Well, I've been composing a reply but now I realize I don't want to get into this topic at the moment.

    My parting shot is just to say that I think the following bit from the Russell quotation is indeed stating what you've implied it is not, namely that we are "not directly perceiving objects":

    The real table, if there is one, is not immediately known to us at all, but must be an inference from what is immediately known.

    If there are any directly perceived objects at all for Russell, they are sense data, not tables.
  • Austin: Sense and Sensibilia
    This talk of “not directly perceiving objects” makes me wonder, not for the first time, who Austin believed he was arguing against.J

    Stuff like this, perhaps:

    We are all in the habit of judging as to the ‘real’ shapes of things, and we do this so unreflectingly that we come to think we actually see the real shapes. But, in fact, as we all have to learn if we try to draw, a given thing looks different in shape from every different point of view. If our table is ‘really’ rectangular, it will look, from almost all points of view, as if it had two acute angles and two obtuse angles. If opposite sides are parallel, they will look as if they converged to a point away from the spectator; if they are of equal length, they will look as if the nearer side were longer. All these things are not commonly noticed in looking at a table, because experience has taught us to construct the ‘real’ shape from the apparent shape, and the ‘real’ shape is what interests us as practical men. But the ‘real’ shape is not what we see; it is something inferred from what we see. And what we see is constantly changing in shape as we move about the room; so that here again the senses seem not to give us the truth about the table itself, but only about the appearance of the table.

    Thus it becomes evident that the real table, if there is one, is not the same as what we immediately experience by sight or touch or hearing. The real table, if there is one, is not immediately known to us at all, but must be an inference from what is immediately known. Hence, two very difficult questions at once arise; namely, (1) Is there a real table at all? (2) If so, what sort of object can it be?
    — Russell, The Problems of Philosophy

    Probably Ayer as well.

    (I agree with you about Kant. I think of him as a direct realist.)
  • Antisemitism. What is the origin?
    They [the "Germans"] worked to try to assimilate everybody into a single identity, but with limited success. One group they had absolutely no success with was Jews. Jews were an obstacle to their goals. In each case where Jews were persecuted, you have to sort through the events to discover why their separateness ended up making them victims this time around.frank

    You're fond of taking the high ground and lecturing people about what they have to do to know the stuff that you know, but your posts show very little evidence of having a clue about anything, to be frank.
  • Web development in 2023
    You did say any thoughts on the state of web applications and websites are welcome.baker

    Yes, it's cool, I just wanted a bit more detail, that's all. No worries :up:

    Perhaps a separate thread is in order.baker

    Could be interesting.
  • Web development in 2023


    When you're attempting to contribute to a discussion it's better to go into more detail than "just read this book". If you're actually interested in this discussion, maybe you'll tell us about it when you've finished.

    Thanks for alerting us all to its existence though.
  • Web development in 2023


    Very good, though on the face of it it just seems like common sense. I suppose a systematic approach would be good though, so I’ll give it a tentative :up:

    I’d be interested to see the details. Interested to a degree somewhere between mildly and rather.
  • Web development in 2023


    Good point. I just had a look. Likes are quite heavily integrated but it is just about possible to remove them, it seems. I mean, it’s easy to hide them with CSS or remove the icon from the post menu, but then it takes some faffing around to remove the various references to likes elsewhere.

    Anyway, I think you have to go to the user’s profile to see how many they’ve accrued, so it’s not like the number appears under their name in discussions. There are badges, which are connected with likes (at least by default), that do show in the user popup in threads, but they can be turned off.

    I’ll have to read the discussions that were had here about it to remind myself of how it works on Plush and what people didn’t like about it.
  • Web development in 2023
    So on NodeBB a lot of the customization comes through themes and plugins, which can be substituted, created, shared, etc. But the access to this customization is somewhat host-dependent (and this is especially true when it comes to hosts that do not allow command line SSH server access). If a similar thing holds with Discourse, then I would suggest double-checking that the hosting company allows that level of deeper customization (and ideally command line access). You could easily leverage the deeper level of customization if you have need in the future, given the many developers among your users.Leontiskos

    I actually don't think we'll need SSH access, and I don't want to need it. I'd prefer to separate off my coding and sysadmin type work away from TPF as much as possible (even though I was briefly toying with the idea of building my own). The host says they'll install any plugin we want, including any we write specifically for TPF. And there's an active community of Discourse coders making new plugins.

    This sounds great. I am of course willing to help as I am able, although I should say that this is precisely the time of the year that gets busy for me.Leontiskos

    Thanks, your guidance will be valuable since you have all this forum configuration experience, but I won't burden you too much. :smile:
  • Web development in 2023
    @Michael @Leontiskos

    As of today I’ve got Discourse running now on a host that does managed Discourse hosting. Some people on meta.discourse.org say they’re very reliable. I think this is the way to go. I don’t want to deal with hosting. These folks take care of backups, software updates, and all the rest, while I have the power and control of the Discourse admin (e.g.,

    Can I download my data?
    Yes. You own your own data. A copy of your files (including uploads and avatars) and databases (full dumps) can be downloaded from the Backups menu of the Discourse admin panel at any time.

    ) and members get most of the features they've been asking for for years.

    I actually set one up there a few years ago and didn’t pursue it just because I wasn’t in the mood or I didn’t want to face the data issue. This time I hope to see it through, some time in the next weeks or months. In the meanwhile I’ll invite testers once I’ve fine-tuned it (this week probably but I don’t know when I’ll get around to it).

    Plush seems like it's working pretty well. I really like the feature where I can click on the title bar and return to the post I just quoted. My concern is that Plush seems near the end of its lifecycle. If you look at the second half of my post <here>, you can see a number of the things Plush hasn't managed, despite requests. Most of that stuff has been standard for years now, along with ignore lists and strong moderation tools. If Plush won't budge on those things, then I have to wonder if they are in maintenance mode, nearing their expiration date. NodeBB and Discourse don't show evidence of this lifecycle issue.Leontiskos

    Yep, and Discourse would take care of most of the feature requests, I’m guessing?

    I think your experience is not normal because your moderation is not normal. I think that's why your forum is so much better than the alternatives: you have superior moderation and your moderators have a good grasp of philosophy.Leontiskos

    Glad you think so :smile:

    P.S. One significant feature that NodeBB hasn't yet managed is composer keyboard shortcuts. For example, Ctrl-i won't give you italics.Leontiskos

    It's kind of a small thing, but I use that all the time, including here. Of course, when using Markdown you don't need it so much because it's so easy to just type the markup.
  • Web development in 2023
    Is this maybe the reason why some sites are quite slow in loading? I guess they must be the ones with a huge content. Do you know any of them --that use this method-- so I can check if this is true?Alkis Piskas

    If you mean SPAs in general: Gmail, Airbnb, Rome2Rio, Netflix.

    If you mean the ones that load everything up-front, rather than those that use code splitting, I’m not sure. It can be hard to tell. I think it was the normal way around 5-10 years ago.
  • Web development in 2023
    I've got a bug related to sessions and it's so hard to find out what's going on there!flannel jesus

    I feel your pain.
  • Web development in 2023
    I like magic most when there's a clear way to demystify what's actually happening underneath the hood. The biggest problem with magic that you can't demystify is that it's hard to predict what other kinds of things you can and can't do with it, you know?flannel jesus

    :up:

    There comes a point sometimes when the magic just gets in the way. But all the tools we use have some level of hidden magic (unless, I don't know, you're doing assembly or machine code), so it's about finding the right level. In my world the framework that's famous for hidden magic is Rails, whose principle is "convention over configuration". On the other side, the Python folks say "explicit is better than implicit." The two are definitely in conflict.
  • Web development in 2023
    Java and Python are general purpose languages that can do anything, and on the other side you have PHP and JavaScript, which are just scripting languages

    I get what you mean, but I wouldn’t classify them this way.Bob Ross

    Maybe I wasn't clear. If you look at the context of that quote, you'll see I did not wholly endorse that classification but offered it as an equally legitimate alternative to yours, in that it is one that is often used. Obviously I'm aware that Java and Python are fundamentally different.

    It is not that I don’t like Python, but, rather, I don’t think it is a good server-side language for web developmentBob Ross

    But that's what Django is, so like I say, there isn't much point.

    Otherwise :cool:
  • Web development in 2023
    So, Svelte is obviously doing a lot more magic than React, and I guess is more opinionated. Opinionated magic in frameworks has its pros and cons.
  • Web development in 2023


    Maybe. Looks interesting...

    svelte-vs-react-1024x533.png
  • Web development in 2023
    Well sure, but what is an email web client but a collection of notes, albeit most sent by others and to and fro. If you do anything but opening a note or adding to it (responding to an e-mail) say, changing account settings it does a full redirect to a different URL.Outlander

    Gmail settings will not load a new page. Google account settings will take you to an entirely different website. Otherwise, I'm not sure what you mean; there's a lot of functionality in Gmail. I suspect the kind of example you're looking for is a traditional website model, but rendered as an SPA. Something like https://nextjs.org/docs is a good example. Not sure how it works over bad internet though.
  • Web development in 2023
    Thanks FJ, so far there is no project but it’s good to know there are people here to help :up:
  • Web development in 2023



    Gmail slack Trello Netflix and grammarlyflannel jesus

    I was just thinking about the sites and applications I use, and thought of some more: Rome2Rio, Google Maps, Airbnb (edit: just to be clear, I mean the browser applications/websites, not the phone apps).
  • Web development in 2023


    https://mail.google.com/

    SPAs still use changing URLs, which in this context are called routes, corresponding to route handlers in the JavaScript. The page itself is not loaded.
  • Web development in 2023
    :up: Yep, I was just describing an aspect of SPAs as commonly conceived. I said "often", probably going for "hitherto".
  • Web development in 2023
    I abhorred these things when they first came out. If your internet is not good or perhaps is throttled due to reaching an allotted usage level, nothing would ever load and worse never told you it didn't. They seemed to have improved it by forcing a manual redirect/better fail-safes in more robust frameworks but there was nothing like clicking a link or performing an action and the browser itself telling you "hey it failed" right when it did so you knew to refresh or try again later. Just my 2 cents.Outlander

    Yep, although as you say, frameworks are dealing with that now, but I think it still partly depends on the willingness of developers to provide for it, as with accessibility more generally.
  • Web development in 2023
    From my experience, I have seen python being used as a server-side language only relatively recently (but perhaps I just haven’t been around the right groups of people who love Python). Originally, people (as far as I know) used Java, C#, and PHP. If someone was running a website, it was most likely PHP or Java (and not Python). If python was used for web servers before PHP/Java (like Django) in a stable fashion, then I am simply unaware of it and will have to read up on that.Bob Ross

    Just to set the record straight...

    There were three things you said or implied that I took objection to: (1) that Python is a new language or at least a new language for web development, (2) that Python and/or Python frameworks have not been properly tested and are unstable or insecure, and (3) that PHP belongs in the same language ballpark as Java.

    What I did not claim is that Python was used in web development before PHP was; as far as I know the Django guys were the first to use it to build websites. But twenty years (since Django was released) is a decent length of time, and its record is very good. And yes, PHP has always been more popular as a way of building websites.

    Regarding (3), you could just as easily classify things like this: Java and Python are general purpose languages that can do anything, and on the other side you have PHP and JavaScript, which are just scripting languages. (But I'm not making value judgements here, just illustrating different ways of looking at it)

    I will have to checkout Django sometime though. Is it minimalistic or bloated?Bob Ross

    It's a difficult question to answer without knowing what you mean, but depending on which way you look at it, it's both. Flask, on the other hand, is certainly minimalist. But Django adheres strongly to conventions and paradigms, such as DRY, and the separation of concerns of MVC (although they use different nomenclature and slightly different structure, namely model-view-template), so it's a good coding experience. Things never got messy for me in Django, as they definitely did when I was building in JavaScript frameworks.

    But since you don't like Python, there's little point in wasting your time on it. And PHP these days seems to be significantly faster than Python (that's what they say at least, though whether this results in faster websites and web applications is another matter). So I say, enjoy your PHP :cool:
  • Web development in 2023
    NodeBB was originally built with MongoDB, but it runs on Postgres just fine. That's what I deployed it on. I think that compatibility was added sometime in v2.Leontiskos

    Great, I didn't realize.

    The simple answer is that I wanted pagination, even prescinding from its SEO favorability. Infinite scroll on a long-form philosophy forum didn't seem right to me. NodeBB offers both, and individual users can even change the setting on the client side. So I'm not a great person to ask about Discourse, as I never installed it. I have it on good authority that it is a bit harder to install and consumes more resources, but those aren't deal breakers. Both platforms are robust, with more to offer than Plush. Granted, I have come to appreciate the simplicity and distraction-less nature of Plush.Leontiskos

    Aside from wanting to control the data and code, I'd actually be perfectly satisfied with the way Plush works with just a few changes, like better tools for moderation, "zen mode" post composing, Markdown support, dark mode, and ignore lists. (I know that for dark mode I could just use Stylebot as you suggest, but this is about built-in functionality; as admin I need to see what most people see).

    I had that idea until I installed Misago and started digging into the Github history. There are many more features than I had anticipated, especially when it comes to security, moderation, IP tracking, etc.—but I think ChatGPT has already given you a good sense of what is involved.Leontiskos

    I know what you mean. At first when you think of how to build a forum it seems easy, but there's a lot more to it.

    Also, after I joined I realized more concretely that TPF has one thing no other philosophy forum has, and that no forum software can create: a healthy community of users. Without that, it's all just window dressing.Leontiskos

    This is what makes a decision to move to another platform a big and difficult one. Incidentally, it always sounds odd to me when I see people saying that discussion forums are dead (because Reddit, social media, and Discord). I guess my experience is not normal.

    Whatever you decide, I think a forum software would benefit from having a philosophical client. The things you guys have suggested and requested from Plush seem spot-on, and are much more thoughtful than the short-sighted requests I have seen from the business world.Leontiskos

    :up:

    Although the Plush folks assure me that PlushForums will be maintained for the foreseeable future, they don't seem very interested in adding new features, perhaps because they've been putting most of their efforts into their new platform https://insta.forum/ (totally moving away from long-form, so not suitable for us).
  • Web development in 2023


    :up:

    Will respond tomorrow.
  • Web development in 2023
    I know there are some things that don't have associated text box button icons, like sup for superscript.
  • Web development in 2023
    Would I be correct in saying that Plush only supports a sub-set of BBCode, i.e. not all the tags are implemented (e.g. tables)?Wayfarer

    I don't know. Last I checked, Plush documentation was virtually non-existent. You must be right though.
  • Web development in 2023
    Firstly, there is no "the best" framework or languages for programming: it depends entirely on what the project is that one is developing.Bob Ross

    I agree. In my original post I was examining what I see as two competing paradigms of web development today, but it's no doubt true that solutions lie in between.

    newer languages (like Python with python flask)Bob Ross

    they are slower and tend to have been been pentestedBob Ross

    are the fadBob Ross

    Flask is older than Laravel, and Python is older than PHP. Python's most popular framework, Django, was released in 2003, before all the PHP frameworks that are still going (I think, pretty much). Django and Python have a very strong reputation for security; PHP does not (an unfortunate legacy of wilder times, no doubt, which the language has put behind it). Generally, your Python/Javascript vs. PHP/Java dualism doesn't reflect history or reality very well.

    If you love PHP, cool, I have nothing against it (except bad experiences and personal taste). I'm not interested in cheerleading for anything or in anyone else's cheerleading–but let's get the facts straight.

    My philosophical approach to web projects is minimalism (viz., keep it simple stupid), compartmentalization (viz., always, always, always separate code so that it is modularized: cleaner, more scalable, easier to read, and takes up less storage), documentation (viz., always document what the heck this thing does, and pick languages and frameworks that are well-supported: easier to get people to work on the project, easier to teach them, and easier on you to develop with it), and secure (viz., don't pick the newest language, framework, or library on the block, it takes time for ethical hackers to find vulnerabilities); so I love minimalistic MVC (model-view-controller) frameworks with amazing documentation that utilize very well-known and well-established server-side languages, such as Laravel.Bob Ross

    I won't argue with any of that.

    With regards to libraries and frameworks like React and Angular, it is important to know that it all runs client-side, which adds runtime on the user's browser. Although it is beneficial to run some stuff on the client-side, to save server-side runtime, it is important not to over-bloat the client side; which I worry happens with those kinds of libraries and frameworks for a lot of projects who picked them just because they are in style right now. I would rather keep it simple, and use pre-compiled TypeScript for client-side operations, and keep it absolutely minimal to save client-side runtime.Bob Ross

    Yes, and from a development perspective the front end frameworks can be so bloated, it takes discipline and coordination to keep things under control. But when the aim is a speedy responsive user experience, and given that browsers are powerful enough for the job, SPAs can be a good choice. But I see where you're coming from and as I said in the OP, I believe it's becoming possible now to achieve the superior user experience from within server frameworks like Laravel and Django, but without adding a whole Javascript framework to the mix.

    So despite your odd view of Python, we kind of agree.

    If you are trying to revamp this website, then please do not hesitate to contact me if you need any help; as I would not mind helping out with a site like this that I enjoy using.Bob Ross

    Thanks Bob.

    What are you guys currently using for the client-side, server-side, query, and style-sheet languages?Bob Ross

    As mentioned in the OP and the ensuing discussion, I'm not hosting TPF myself and I don't have any control of the code. It's hosted by PlushForums, built on Vanilla, which you'll be happy to know is written in PHP :grin:
  • Web development in 2023
    Its use of indentation for syntax seems like a monumentally bad idea. What do you have to say for that?SophistiCat

    I think it’s great. Most code is indented anyway, even when what you actually need is curly braces. Python enforces it so it’s all you need, and readability is then assured—and improved, in my opinion. It’s never been an issue. I’ve hardly ever had problems with it when working with other people’s code, for example. Occasionally you get an ‘IndentationError’ but it’s no big deal.

    And are there advantages to Python beyond its use in server scripting?SophistiCat

    I’ve only used it for web development, associated modules, and scripting, but it’s a true general purpose language and designed as such. It’s used to build many kinds of applications, for machine learning, data science, etc. Whether there are advantages beyond the obvious ease of use, flexibility, and readability, I don’t know. I don’t claim it could replace all the Java in the world. I like the way it looks and it’s a lot of fun to use.
  • Web development in 2023
    That would definitely be a meaty project, but rewarding if it could be done. Misago is the Python frontrunner, which is why it was my first choice. Unfortunately it is provided by a single developer who works on it in his spare time, but he is talented and I am sure he would appreciate help (see <this post> regarding the current plans for Misago). NodeBB and Discourse have multiple full-time developers along with the attached commercial interests, and therefore possess more stability. I agree regarding Vanilla and PHP.Leontiskos

    It’s unfortunate that Misago isn’t more active. As things stand, I suppose it would have to be NodeBB or Discourse. I’ll install them both and try them out. I tried Discourse a while ago and quite liked it, but I didn’t pursue it. The big headache in either case will be migrating the data. My familiarity is with relational databases so I’d probably be more at home with Discourse, which uses PostgreSQL. What is certain is that neither has a big button that says “Migrate from PlushForums”.

    A crucial factor in my considerations was long form vs short form discussion formats, as a philosophy forum requires a more long form format. A lot of the newer, asynchronous forum frameworks cater to short form discussion and phones/tablets (Discourse does not even support pagination). They are becoming a blend of forums and instant messaging, running away from phpBB in a way that strikes me as both good and bad. If the architecture is suitable one could restyle them for long form purposes, but I am not great with CSS so I wanted something compatible with long form discussion right out of the box. Plush is good on this score, and Misago looks and feels a lot like Plush.Leontiskos

    I’m curious: what is it about, say, Discourse, that steers things away from long-form discussion? From what I could tell when I tried it, navigating a discussion was easier than on other platforms, and it made composing long posts much more pleasurable than here (same with NodeBB: full-screen distraction-free editing, for example). Maybe I’m missing the obvious, but pagination isn’t a requirement for long-form is it? Although it occurs to me that pagination is better for SEO.

    Thanks for your thoughts. I didn't know you were a developer. I don't think I could call myself a developer at this point, although I could get back into it fairly easily.Leontiskos

    I’m really just going by intuition and doing my usual contrarian thing. Sometimes it leads me in good directions. I haven’t really been a developer for years, since I was a bit stuck in maintenance with the last project I was involved with. But yeh, I’m getting back into it nicely.
  • Web development in 2023
    I just realized it might be assuming I had no experience in web development, so I asked for a new estimate to take into account my experience:

    Taking these adjustments into account, the comprehensive project duration might come down to roughly 25-50 weeks (6-12 months) if undertaken full-time.
  • Web development in 2023
    Answers from ChatGPT 4 based on working on it full-time:

    Building a forum with a feature set similar to Discourse from scratch, especially when learning React and Next.js concurrently, is a substantial endeavor. Here's a broad estimation of the time it might take based on various stages of development:

    1. **Learning Basics (React and Next.js)**:
    - **Duration**: 2-4 weeks.
    - This phase includes understanding the fundamental concepts, building small projects, and becoming comfortable with the development environment.

    2. **Design and Architecture Planning**:
    - **Duration**: 1-3 weeks.
    - Outline the features you want to implement. Decide on database structures, authentication mechanisms, state management strategies, and other foundational elements.

    3. **Core Features (MVP - Minimum Viable Product)**:
    - **Threads and Posts**: 2-3 weeks.
    - **User Registration & Authentication**: 2 weeks.
    - **User Profiles**: 1 week.
    - **Basic Admin Tools (user management, basic moderation)**: 2-3 weeks.
    - **Duration**: 7-9 weeks for a basic MVP.

    4. **Advanced Features**:
    - **Advanced Moderation Tools (post edits history, user warnings)**: 2 weeks.
    - **Private Messaging**: 2-3 weeks.
    - **Search Functionality**: 2 weeks.
    - **Categories & Tags**: 2 weeks.
    - **Notifications**: 2 weeks.
    - **Duration**: 8-11 weeks.

    5. **Additional Features (Common in Discourse and Similar Platforms)**:
    - **Badges & User Levels**: 2 weeks.
    - **Bookmarks**: 1 week.
    - **Polls**: 1-2 weeks.
    - **Attachments & Media Handling**: 2 weeks.
    - **Duration**: 6-8 weeks.

    6. **Testing, Bug Fixing, and Refinement**:
    - **Duration**: 4-8 weeks.
    - This is crucial. As you develop, you'll discover edge cases, usability issues, and bugs that need addressing.

    7. **Data Migration and Integration**:
    - **Duration**: 2-4 weeks.
    - Migrating from an existing platform can present challenges, especially if the data structures differ.

    8. **Deployment and Scaling**:
    - **Duration**: 2-4 weeks.
    - This phase includes setting up servers, handling security considerations, ensuring the platform scales with user growth, and other deployment-related tasks.

    Given these broad estimations, you're looking at approximately **32-61 weeks (8-15 months)** to develop a full-fledged forum application with a feature set akin to Discourse. This time frame assumes you're working on it full-time. If it's a side project, the duration will extend accordingly.

    It's crucial to note that these estimates are quite generic and can vary based on individual speed, unforeseen challenges, feature complexities, and other factors. Some developers might move faster, while others might need more time, especially when dealing with the intricacies of a forum application.

    Then I said what about security:

    Absolutely, security is paramount when developing any web application, especially something as user-focused as a discussion forum. Neglecting security can lead to data breaches, unauthorized access, and many other serious issues. Let's break down the key security considerations and their potential time implications:

    1. **Authentication**:
    - Implementing secure login mechanisms is essential. Consider using established libraries or services like OAuth or Auth0.
    - **Duration**: 1-2 weeks (on top of basic user registration & authentication).

    2. **Authorization**:
    - Ensure that users can only perform actions they're permitted to do (e.g., only admins can delete any post).
    - **Duration**: 1-2 weeks.

    3. **Data Validation and Sanitization**:
    - Protect against SQL injections, script injections, etc. by validating and sanitizing user input.
    - **Duration**: 2-3 weeks.

    4. **Secure Data Transmission**:
    - Implement HTTPS across your forum to encrypt data in transit.
    - **Duration**: Less than a week (but requires ongoing monitoring).

    5. **Data Encryption**:
    - Passwords and sensitive data should be encrypted before being stored.
    - **Duration**: 1 week.

    6. **Session Management**:
    - Implement secure session handling to prevent session hijacking or fixation.
    - **Duration**: 1-2 weeks.

    7. **Rate Limiting**:
    - Implement rate limiting to prevent abuse (e.g., rapid-fire login attempts or spammy post creation).
    - **Duration**: 1 week.

    8. **Content Security Policy (CSP)**:
    - Define what resources can be loaded to protect against cross-site scripting (XSS) attacks.
    - **Duration**: 1 week.

    9. **Cross-Site Request Forgery (CSRF) Protection**:
    - Protect your forum from CSRF attacks by implementing anti-CSRF tokens.
    - **Duration**: 1 week.

    10. **Regular Security Audits & Updates**:
    - Tools like Dependabot can be used to stay updated with the latest security patches for your dependencies.
    - **Duration**: Ongoing, but setting up monitoring and automated updates might take a day or two.

    11. **Backup and Recovery**:
    - Regularly back up the forum data and have a recovery plan in place for emergencies.
    - **Duration**: 1-2 weeks.

    Adding up these security-specific durations, you're looking at an additional **12-19 weeks** dedicated solely to security. These estimates are, again, very broad. Some tasks may take less time if you're using specific frameworks or libraries that handle them out-of-the-box. However, security is not a one-time task. It requires ongoing attention, regular updates, and occasional audits to ensure that the platform remains secure as threats evolve.

    Incorporating these security considerations into the earlier timeline, you're looking at a more comprehensive project duration of approximately **44-80 weeks (11-20 months)** if undertaken full-time.

    (Come on Plush, give us Markdown support please. EDIT: Plush just confirmed to me that they will only ever support BBCode, not Markdown :angry: )
  • Web development in 2023


    Good article. As I say, I do find the arguments convincing now. But I don’t think it’s essentially about which technologies you’re using, but rather the nature of the thing you’re building. Anyway, it’s not a huge deal for me, although I don’t know if I’ll ever get over my disgust at looking at all those long strings of atomic classes.

    This is a pretty balanced article.
  • Web development in 2023
    Note that the question I asked ChatGPT was how long it would take to build a general purpose platform, not specifically for one group of users, so I think that's significant.
  • Web development in 2023
    I've recently been using Laravel with Inertia, React, and Tailwind for the frontend. Works really well.Michael

    Cool. I used to be dead against non-semantic CSS like Tailwind, but the arguments in its favour are persuasive. I think it depends what you're building. If it's content-focused, semantic makes sense, but if it's highly interactive, things like Tailwind look good.

    I've been building a few things with NextJS for practice. I guess that fits in the stack roughly where Inertia does for you (I'd never heard of Intertia). Although--devil's advocate--don't you think the architecture is questionable when you're using not only two but three frameworks? (I'm not counting Tailwind since most projects use a CSS framework anyway)

    I used to think that. I always thought that HTML should just be done in HTML, not JavaScript. But then I actually tried React and Vue and quite like it.Michael

    Yeh, I've been enjoying the JavaScript frameworks too, but I continue to question them.

    That strikes me as an overestimate. I've built business CRMs used by a FTSE 100 company in a few months.Michael

    Not everyone can be as awesome as you. :wink:
  • Web development in 2023
    Some interesting charts.

    c72msrrf7n1defq4.png
    GitHub pull requests: https://madnight.github.io/githut/#/pull_requests/2023/2

    qt22estq5won3o7h.png
    TIOBE Index: https://www.tiobe.com/tiobe-index/

    l0v3csf11nlkulxt.png
    PYPL Index: https://pypl.github.io/PYPL.html

    lv752xbdmsnnb7s0.png
    Stack Overflow survey: https://survey.stackoverflow.co/2022/#programming-scripting-and-markup-languages

    3imxuzj44zc2nv4f.png
    Web frameworks: https://survey.stackoverflow.co/2022/#web-frameworks-and-technologies

    It's clear that JavaScript dominates in web development, as expected, but Python is so strong in general that it's obviously not going away (the rise of AI has given Python an extra boost too). And among the web frameworks Django is only just behind the front-enders and Microsoft.