Best practice for button layout in responsive survey?

enter image description hereHi everyone,

I’m designing a survey experience for a healthcare platform in which the user (often on the older side) fills out multiple surveys within a single flow.

To accommodate survey fatigue, I added a “finish later” button to the desktop design, Plus a “changes saved” indicator to mitigate anxiety of exiting a survey prematurely.

But as you can see, all the buttons don’t fit in a single row on the mobile design. To solve for this, I suppose I could go one of three ways:

The first way would involve just eliminating the “finish later” button and “changes saved” indicator from both designs; but of course the downside is that the user doesn’t have any indication that they could exit the survey aside from the “x” button on top – and with upwards of 10 surveys to complete, I am worried this will cause fatigue and drop off.

Second, I suppose I could remove those two elements from only the mobile form, but this would create the problem outlined in the first solution for mobile users, not to mention I don’t even know if this is technically feasible. (We’re building this with react).

Third, I could stack the buttons vertically in the mobile version, although I anticipate that will cause issues around visual hierarchy and limited screen real estate- and again, not sure if that’s even technically feasible.

Im wondering if anyone here has any experience with this dilemma who might share their insight? Or if you just have a good idea, any help is appreciated!

gui design – Is filling the center-area of a GUI with several forms a good practice?

Center-area concept:

For a desktop application, we commonly find a similar structure for the GUI:

  • Top menu / Ribbon
  • Dockables left and right to explore the content and show properties.
  • Center-area with the main content or view. Internal frames are deprecated in favour of file tabs.

I am not sure about the name of this “center-area”, my apologies if there is a more appropriate name. For the purpose of this question, I will keep calling it “center-area”

As an example (E is the center-area):

enter image description here


Multiple center-areas concept:

Let now suppose a use-case where several views of the same “file” or “project” are useful with an equivalent importance: to illustrate this principle, I will take the example of a “3D printer” slicer.

  • The 3D view is required to be big, so details and possible issues are well visible. (It makes sense to have it in the center-area).
  • The user spend 90% of it time on settings and configurations, which would ideally be in the center-area. Note that applying those settings (slicing) take time (usually many seconds), so there is no point in showing the 3D view and settings at the same time.

An other example is a 3D engine editor:

  • The designer spend lot of time editing the 3D view, by placing new models in it (it makes sense to have it in the center-area).
  • The designer spend lot of time configuring shaders managing huge graphs. (it makes sense to have the graph view in the center-area).

Shader editor in Unreal engine
3D view editor in Unreal engine

Note: I want to highlight the difference between having multiple content in the same center-area GUI (e.g. multi-files in your browser), versus having multiple GUIs filling the center-area, for the same project or file.

The question (s):

Is having two(or more) GUI filling the center-area a good practice?
Otherwise, what are the alternatives?
Finally, is there a name for this multi-central-area GUI?

CouchDB backup best practice for a 1Tb database

One of my users got 2 servers running couchdb under docker. A replication is in place between those 2 databases.

On my side I backup those servers using rsnapshot but I don’t think this is the best solution as this database is around 1Tb and my rsnapshot needs to copy that daily.

As I don’t know couchdb at all, I have several questions

  • On couch documentation they talk about replication as a backup solution. But what if there is a massive delete on one side, this will be replicated too isn’t it? then impossible to recover things as they vanished on both sides?
  • Is my daily rsync reliable in the end?
  • what’s the best practice to backup a 1Tb couch db database daily?

Thanks in advance for your help.

oauth2 – API keys or Client Credentials flow? Good practice to control application access to a deployed web component

Company A developed a widget (Web Component) deployed on several clients/partners.

Only clients/partners must be authorized to use the widget.
No need to distinguish between each end users (clients’ users), because only the application itself, the widget itself must be authenticated/authorized.

I thought about using a relevant API KEY per client stored on a reverse proxy (mini-backend), the latter stored on the client’s infrastructure.
This way, the widget could target the reverse proxy, this one providing the hidden API KEY in order to deal with Company A’s backend.

Pros of this solution:
No front developments required on client’s infrastructure.
Cons:
If the API is stolen (in extreme cases), as there is no expiration by default, anyone could benefit of its power at any time except if additional check on domain + IP/DNS are carried out.

Other way, what about the Client Credentials flow of OAuth, that would consist in ensuring a communication between Company A’s backend AND client’s backend to generate a token allowing client/partner to ask for a business token that can expire in a short run.
Thus, the widget would be passed the business token in order to deal with Company A’s backend features at any time, before expiration.

Pros of this solution:
The token can expire and has therefore less potential of damages than a potential stolen API KEY that does not expire.
Cons:
Backend developments required on clients side in order to deal with the client credentials flow (service to service).
Front developments required on client’s infrastructure to provide the business token to the widget.

What would you suggest?

query performance – Best practice for “recycling” rows on PostgreSQL (UPDATE vs INSERT + DELETE)

I searched responses on “UPDATE vs INSERT + DELETE” in general terms and the consensus is UPDATE is faster, as expected.

My question is centered on a somewhat niche use case. Let’s say you have a table of fairly high-frequency ephemeral data. For example, modelling notifications on a social network, those are created very often and you always see the latest N.

Would it make sense to keep the latest N (say 20) and when one comes in, the Nth row is UPDATED into the new one (ID included). Rather than inserting a new one and then trimming old rows (maybe in bulk on an interval)?

Any thoughts?

So I have this question in one of my interview practice problem and I’m not that familiar with Java, So how I do make a program like this

A Java program to that performs the following tasks:
(10 Points) Accepts integer input (one integer at a time) from the user.
(50 Points) Inserts the given integer into an integer array of size 10 in ascending order. If the array is full the latest integer input (x) will replace the largest integer in the array that is smaller than x. In order to satisfy this requirement your program must –
Replace any existing value at that index with x
Find the appropriate location (index) to insert x.
(20 Points) Print the current contents of the integer array
(20 Points) Ask if the user wants to continue. If yes go to step 1 else exit the program

Secure Encryption … best practice

I am just working on a project that will store personal information.

Passwords are already hashed, but I would like to encrypt the personal information as well in order to boost confidence.
SEMrush

I have never done this before. I read up on a few articles but I was wondering what people suggest here, their experiences and best practices.

Thanks

 

public key infrastructure – Certificate Pinning Best Practice or Alternative

You have a couple of options on what to pin. Depending on which one you chose offers you different trade-offs. Here are some typical pins:

Pin the certificate itself

Yes, you will need to change it when the certificate expires. Most secure but quickly causes availability issues if users don’t update often enough.

Pin the public key of the certificate

This allows you to keep the pin unchanged as long as your public key stays the same. You use the same public-key with a new certificate. While it is theoretically a bit less secure, I would put it on the same security level as the previous. If you lose the private key, both setups need app updates.

Pin an intermediate certificate

Here you have two choices again, pin the cert itself or the public key. These certificates have more extended validity periods considerably. You expose yourself a bit more, as the CA can create new certificates that your app would trust.

Pin the root certificate

Again, two options: cert or public key pin. This binds you to a CA, which still increases security; an attacker can’t just use any trusted root to fool your app. While this is the least secure of the options, I think it is still a lot better than not pinning at all.

One thing to consider is always to have multiple pins! If you pin your certificate, make sure to have at least two and pin both, so you can immediately jump to the other if you lose one. If you pin something else on the trust chain, be sure to pin all of the CA’s possible certificates.

In general, I would go for pinning the CA’s root certificate’s public key. This balances security and maintenance. Consider your threat model and chose accordingly.

You can find a bit more information about this at OWASP’s Certificate and Public Key Pinning

angular 2+ – Is it a good practice to restrict refresh , reload & back navigation of a browser(In some special cases only) ? If yes how can we implement that?

The user can’t be navigated to the previous page when we click on back navigation. In some cases, we are able to navigate when the page is refreshed/reloaded. need to restrict to a couple of pages, not throughout the app.
Actually, I’m using this

        constructor( private location: LocationStrategy){
history.pushState(null, null, window.location.href);  
this.location.onPopState(() => {
  history.pushState(null, null, window.location.href);
});  
}

Does this ARM assembly code to convert a decimal into binary follow “good practice”?

I’m “playing” with ARM assembly on a Raspberry Pi, reading various tutorials and posts to help – no, it’s not a college assignment, I’m too old for college! I’m pleased with getting the following code to take a decimal value (between 0 and 255) and output the binary string equivalent to the screen using scanf and printf but curious to know though whether those more experienced would consider this a “naive” solution? Are there any “gotchas”? Any better ways of tackling the problem?

I reckon there should be a better way of declaring the string to hold the output and how the string is built from the LSB (using R9)

/* dectobin2.s                                                  */
/* ------------------------------------------------------------ */
/* Converts a decimal number to binary and outputs to screen    */
/* ============================================================ */

.data
.balign 4
value:      .word   0   
binStr:     .asciz  "00000000"
output:     .asciz  "%d in binary is %sn"
title:      .asciz  "DECIMAL TO BINARY CONVERTERnn"
lr_temp:    .word   0
lr_local:   .word   0
prompt:     .asciz  "Enter a positive value (0-255) > "
pattern:    .asciz  "%d"

.text
@ function to convert given value into a binary string
decToBin:
    @ save the link register
    ldr     r2, =lr_local
    str     lr, (r2)
    @ set data values
    mov     r4, r0              @ value in r4 for processing
    mov     r9, #7              @ LSB position in output string
_loop:
    @ repeated division by 2 2
    movs    r4, r4, lsr #1      @ divide by 2, set carry
    bcs     _odd                @ if carry set, remainder is 1
_even:
    mov     r5, #0              @ remainder of 0
    b       _toString
_odd:
    mov     r5, #1              @ remainder of 1
_toString:  
    add     r5, #48             @ convert remainder to ASCII
    ldr     r1, =binStr         @ address of binary string
    strb    r5, (r1, r9)        @ store remainder in string at pos in r9
    sub     r9, r9, #1          @ move to next position in output string
    cmp     r4, #0              @ reached zero?
    ble     _endloop
    b       _loop

_endloop:
    @ restore the link register
    ldr     lr, =lr_local
    ldr     lr, (lr)
    bx      lr

.global main

main:
    @ store the link register
    ldr     r1, =lr_temp
    str     lr, (r1)
    
    @ print a title
    ldr     r0, =title          
    bl      printf
_getValue:
    @ get the value to convert
    ldr     r0, =prompt         @ prep the arguments for scanf
    bl      printf
    ldr     r0, =pattern
    ldr     r1, =value
    bl      scanf

    @ check for valid input (0-255)
    ldr     r0, =value
    ldr     r0, (r0)
    cmp     r0, #255            @ must be <= 255
    bgt     _getValue
    cmp     r0, #0              @ must be >= 0
    blt     _getValue
    
_isValid:
    @ call the function, value is in R0
    bl      decToBin
    
    @ display output
    ldr     r0, =output         @ get address of output string
    ldr     r1, =value          @ get the original value
    ldr     r1, (r1)            @ for first parameter
    ldr     r2, =binStr         @ get the binary string
    bl      printf              @ print the result

    @ restore the link register and exit
    ldr     lr, =lr_temp
    ldr     lr, (lr)
    bx      lr

.global printf      
.global scanf
```