[Just1689]

To the authors: Please drop TLS in front of your site. It's near trivial and free.

---

I wonder how to take this? Is it good to use these as a recommended approach? I would bet that there could be good examples and bad? Is any of these the leader in terms of approach used for their domain? (Graph databases for example).

Could it be that these are `just interesting` but not authoritative?

[skyfaller]

I have the HTTPS Everywhere add-on, and it took me seamlessly to the secure version of their page. I think that it would be more secure to redirect http to https, but they do offer https and deserve credit for that.

Some people prefer to allow http as well, so as to not shut out ancient browsers that can't upgrade to modern security standards. I think that's unsafe, but I can understand the argument, our throwaway culture / planned obsolescence is a threat to life on this planet, and supporting antique hardware is one way to fight back.

[sdevonoes]

I think there is no other good alternative to learn about real-world software architecture (besides working experience, of course). Most of the books about the topic focus on theory and "happy" patterns. Once you have read those books one lacks total touch with the real world and how architecture is applied in real software.

[ahartmetz]

I think the biggest mistake that novices make is to use "as much architecture as possible" instead of "as little architecture as possible". Architecture and design patterns should be used once you have a problem to solve where they fit well, not a priori / because they seem cool and interesting. (Of course, many err on the side of no organization as well.)

[niwork]

How relevant is architecture for someone like me - a 5-10 years of experience dev who has worked in non-managerial developer positions in small teams.

When I look at architecture patterns I feel so much of it is aimed at enormous projects, in which case I think you need actual experience of working in an enormous project alongside others from whom you can learn rather than just reading it from a book.

And there's so much difference between them.. which is the "right" one? Is Robert C. Martin's "Clean Architecture" approach right in condition X, or some other approach in condition Y?

[RobertKerans]

> Could it be that these are `just interesting` but not authoritative?

Each chapter is just a breakdown of how a programmer/s structured a given application. It's not really about comparing good/bad approaches, or recommending specific approaches. It pops up repeatedly as a recommendation because it's informative and useful but relatively uncommon (compare game development, where detailed post-mortems are a lot easier to find).

[xanthine]

Off-topic: Do you have any recommendations for books or other resources for such game-dev postmortems? I remember that idTech's Doom and Quake were described in one such book, but I'd really like to read about some other major games.

[RobertKerans]

Gamasutra was best for this w/r/t essays. GDCVault has a good selection of talks if you dig around. Re books, the Boss Fight book series (I think this is possibly what you alluded to) is generally of a very high standard, though the books are not just purely about development.

Edit: takes a bit more digging, but gamedev.net can be good for this. Particularly when there is a long running thread where a developer documents their progress -- the thread documenting the development of the "Return of the Obra Dinn" is the kind of thing I have in mind

Edit: wasn't gemdev.net, it was the Tig forums for Obra Dinn -- here's them collected on Reddit:

https://www.reddit.com/r/themakingofgames/comments/34qogp/_/

[trabant00]

> To the authors: Please drop TLS in front of your site. It's near trivial and free.

Curious why you think it is needed in this case.

[MaxBarraclough]

This topic crops up occasionally. With very few exceptions, all web content sent over the public Internet should be protected with HTTPS. The question isn't Why?, but Why haven't they bothered yet?

There are plenty of reasons to use HTTPS [0] relating to privacy, security, UI, and browser features, and there are virtually no good reasons not to. There are just 2 real exceptions I know of, neither of which apply here:

1. Using unprotected HTTP enables caching. In the context of something like an apt repo, or Steam, this could be a compelling advantage. (apt provides its own checksum-based security, and doesn't really aim for privacy.)

2. Very old smartphones might not support modern TLS. In some parts of the world this can be a real concern. Even here, HTTPS should be offered, just not required.

[0] https://news.ycombinator.com/item?id=22147858

[trabant00]

I know the general case for HTTPS. I am a system administrator. I was asking for this particular case where I for one see no need.

[MaxBarraclough]

> I for one see no need

asdffdsa mentioned plain old MITM. I listed several other applicable reasons in my linked comment:

1. It allows an unscrupulous ISP to more easily track your browsing

2. Modern browsers will rightly warn users not to trust the site. This makes the site look bad.

3. It prevents MITM injection of ads, trackers, and most importantly malware. There will always be browser exploits, so they're worth blocking.

[criddell]

To prevent things like the Great Cannon of China from performing a denial of service attack against a third party.

[asdffdsa]

mitm with an identical page but malicious links

[brownianemotion]

It's a trusted site, without https it's e.g. easier to perform a mitm attack that could expose users to attacks.

Not only encryption is important, authentication too, you want to know to which party you are talking.

[pc86]

What attacks is a malicious agent going to execute on a page of articles?

I think HTTPS is all well and good, but I've yet to hear a compelling reason why pages of text and images need it.

[brownianemotion]

The thing is, once you man in the middle it, without https, you can serve whatever content you want. It is no longer a page of "text and images", but one with malicious scripts, malicious links, ... you name it.

[yjftsjthsd-h]

https://www.cloudflare.com/learning/ssl/why-use-https/