I put them in my password manager

LLMs couldn't've written that!

Those guys migrated to Rust and are too busy pleasing the borrow checker now

Until they there's a post about Zig/C/C++ and they come out of the woods asking why it wasn't written in Rust.

Nothing, you either want to talk about a problem or not. Throwing vague, empty claims is just a cheap attack on other's company public image

Why wouldn't it be allowed? They're essentially renting their batteries and grids generally lack storage

Yeah not sure really. I thought these time of use tariffs were intended for charging EVs and using heat pumps, not charging batteries and selling the energy straight back to them later on in the day. But when you put it like that (decentralised grid storage) I guess it makes sense.

And so boring

Linux in PDF was impressive in a different way

Would they? A gaming PC from 2015 is still a decent machine today, just don't use laggy ahh win11

Rule #2 sounds dumb. If there can't be a single source of truth, for let's say permission checking, that multiple other services relay on, how would you solve that? Replicate it everywhere? Or do you allow for a new business requirement to cause massive refactors to just create a new root in your fancy graph?

Services handle the permissions of their own features. Authentication is handled at the gateway.

Not sure if I agree its really the best way to do things but it can be done.

That implies that every service has a `user -> permissions` table, no? That seems to contradict the idea brought up elsewhere in the thread that microservices should all be the size of one table.

Well, depends on the permission model.

For RBAC or capability-based permissions, the gateway can enrich the request or the it can be in (eg) a JWT. Then each service only has to know how to map roles/capabilities to permissions.

For ABAC it depends on lots of things, but you often evaluate access based on user attributes and context (which once again can be added to the request or go into the JWT) plus resource attributes (which is already in the microservice anyway).

For ACL you would need a list of users indeed...

Something like Google Zanzibar can theoretically live on the gateway and apply rules to different routes. Dunno how it would deal with lists, though.

After writing it down: sounds like an awful lot of work for a lot of cases.

Btw: the rule for microservices that I know of, is that they must have their own database, not their own table.

Good points about RBAC and ABAC, although my concern is now the gateway must know what capabilities are possible within the service. It seems like a lot of work, indeed.

> the rule for microservices that I know of, is that they must have their own database, not their own table.

That's the rule for microservices that I'm familiar with too, which is why I found the assertion elsewhere that microservices should just be "one table" pretty odd.

The simplest path is often auth offloaded onto STS or something like that with more complicated permissions needs handled by the services internally, if necessary (often it's not needed).

Dealing with lists is complicated with ReBAC, but possible. See my other comment on this: https://news.ycombinator.com/item?id=45662850

This is exactly the example I thought of and came here to post.

The rule is obviously wrong.

I think just having no cycles is good enough as a rule.

You have forgotten Cortana

So did Microsoft

Cortana... ah yes, that thing that I immediately disabled. I had forgotten its name.