Any alternative for FAB suitable for this situation?

I’m actually a developer so I don’t know a lot about design. this is the first web-app I’m developing and designing. it’s for writing topic-journals and each item in the list is a text file.
I tried to make the web-app look simple using only black, white and grey. it’s almost like twitter but without the blue.

enter image description here

the list is the most important thing, so I made the top bar to be narrow. this way it doesn’t get the attention more than necessary. in this page the user most often scrolls the list but not so often creates a new one. so the button for creating a new file, which is a FAB with a ‘+’ icon, shouldn’t stand out that much. but the shadow is making it bold, to stand out and taking the attention of the user.

If I remove the shadow from the button, it looks somehow confusing and ugly. if I change the color of the circle to black(or grey) and the plus to white, aka switching the colors, it’s no longer confusing and ugly, but it becomes even bolder.

enter image description here

Is there any other way to have an action button other than a floating action button? I thought about putting it in the top bar, but that makes it hard to use since the top bar is narrow and since the user is not used to using action buttons being in the top.

another way could be to put the button in the list, and hide it unless the user scrolls from the top(showing it once when the user opens the page then hiding it with an animation so the user knows it’s there) but I’m not sure if I’m implementing incorrectly or if it’s just a bad idea:

enter image description here

The app will have a grid view of the list too. in the grid, the FAB will cover one file’s name.

I’m sorry for the low quality pictures.
Thanks for any help you are able to provide.

certificates – Is this nginx config suitable to enforce proper authorization?

Scenario

I have a website secret.example.com, which contains information which must not be disclosed to third parties. In order to protect the information, TLS client authentication was chosen. Whether or not a client is authorized depends on them possessing a client certificate which is signed by the internal CA.

The Configuration

The following snippets of the configuration file provide the client authentication:

ssl_client_certificate  /etc/ssl/nginx/secret.example.com/cert/ca.pem;
ssl_verify_client       on;

The file ca.pem contains a self-signed certificate authority, created via the following openssl command:

 openssl req -new -x509 -nodes -days 1460 -key ca.key.pem > ca.pem

Client certificates would then be signed by this root CA.

What I have tried so far

  1. Send a certificate signed by the CA – This results, as expected, in the website being displayed correctly.
  2. Send no certificate – This results in an error returned by the server, claiming no client certificate was sent.
  3. Send a self-signed certificate by a CA with the same details as the real CA – This results in the error message “The SSL certificate error”, which is not very descriptive, but still does not allow an attacker to see the confidential information.

My question

Is this configuration sufficient to enforce proper authorization? Or does an attacker have any possibility to still access the confidential information?


In order to scope the question further, the following scenarios are explicitly not in the scope of the question:

  • Vulnerabilities in nginx (however, “gotchas” in the configuration are in scope)
  • Disclosure of information through other sites (e.g. debug.example.com allowing LFI)
  • Direct attacks on the physical server
  • Attacks on the machine of a user, causing disclosure of a client certificate and private key

Is Universal Scene Description (USD) suitable for games?

I’ve been reading about Pixar’s Universal Scene Description (USD) system after seeing it in the package list inside Unity. All the material that I’ve read is within the context of the Film/Vfx industry with lots of focus on different teams working in the same larger scene.

From what I’ve seen the USD system has all the information that is commonly used in games but with the focus on film the frame budgets that these are designed to work with are huge when compared to games (minutes, hours and days vs milliseconds) which means that there are a lot of files and bits that make up a scene rather than the singular files that popular engines use (thinking of Unity and Unreal).

Ultimately I’m wondering if there is any reference material for how well this system works for games (with game industry practices and workflows) or if there are any engines which have support for USD as a primary means of representing a scene?

taxes – Cathie Wood “Bitcoin not suitable for ETFs” – why?

Wood was a believer in Bitcoin, too, and it powered some of the early gains in her funds. But after discovering an adverse tax rule, Ark decided it wasn’t appropriate for ETFs. Bitcoin, which hit $20,000 this week for the first time, is a 7% position in certain Ark separate accounts. Wood said she remains “extremely bullish.”

Markup mine.

java – Suitable way for Validating JPA Entities in Spring Boot

I have been around in Spring Boot eco-system since 2012, I have worked on many little projects. The most important thing in development I experienced id Validation especially JPA Entities. We simply do validation like:

@Entity
public class Input {

  @Id
  @GeneratedValue
  private Long id;

  @Min(1)
  @Max(10)
  private int numberBetweenOneAndTen;

  @Pattern(regexp = "^(0-9){1,3}\.(0-9){1,3}\.(0-9){1,3}\.(0-9){1,3}$")
  private String ipAddress;
  
  // ...
  
}

as mentioned here, but there is a note highlighted which says :

We usually don’t want to do validation as late as in the persistence layer because it means that the business code above has worked with potentially invalid objects which may lead to unforeseen errors…

What is the safe and suitable way of Validating JPA Entities?

I have tried in one of my projects as:

1) Entity class

@Data
@Entity(name = "users")
@NoArgsConstructor
@AllArgsConstructor
@EqualsAndHashCode(callSuper = false)
public class AppUser extends AuditModel{

    private String userFirstName;

    private String userLastName;

    private String userDateOfBirth;

}

2) Dto class

@Data
@AllArgsConstructor
@NoArgsConstructor
@EqualsAndHashCode
public class AppUserDto {

    private Long id;

    @NotNull(message = "First name must not be null")
    @NotBlank(message = "First name must not be blank")
    private String userFirstName;

    @NotNull(message = "Last name must not be null")
    @NotBlank(message = "Last name must not be blank")
    private String userLastName;

    @NotNull(message = "Date of Birth must not be null")
    @NotBlank(message = "Date of Birth must not be blank")
    @Past()
    private String userDateOfBirth;
}

3) Finally Validating Bean to a Spring Service Method

@Service
@Validated
public class AppUserService {

    private final AppUserRepository appUserRepository;

    @Autowired
    public AppUserService(AppUserRepository appUserRepository) {
        this.appUserRepository = appUserRepository;
    }

    public void update(@Valid AppUserDto appUserDto){
        appUserRepository.update(
                appUserDto.getId(),
                appUserDto.getUserFirstName(),
                appUserDto.getUserLastName(),
                appUserDto.getUserDateOfBirth()
        );
    }

}

Is this approach suitable or there is an other better way than that?

Please give your feed back your reviews are precious to me!

YouTube’s “Yes, it’s made for kids” mean it is suitable for kids or it means it is “targeted” towards kids?

I felt the phrase somewhat vague but after months of “feeling it”, it seems it means it is targeted towards kids, or made “specifically” for kids?

Likewise, the “No, it’s not made for kids”… does it mean not suitable for kids, or not specifically for kids (meaning it is for everybody)? So my feeling is that it means “it is not specifically for kids”.

Still, I don’t know how it affects whether the video will get a narrower audience, or what are the resulting effects of choosing it?

Storing timeseries data with dynamic number of columns and rows to a suitable database

I have a timeseries pandas dataframe which dynamically increases the columns every minute as well as adds a new row:

Initial:

timestamp                100     200     300
2020-11-01 12:00:00       4       3       5

Next minute:

timestamp                100     200     300   500
2020-11-01 12:00:00       4       3       5     0
2020-11-01 12:01:00      14       3       5     4

The dataframe has these updated values and so on every minute.

so ideally, I want to design a database solution that supports such a dynamic column structure. The number of columns could grow to over 20-30k+ and since it’s one minute timeseries, it will have 500k+ rows per year.

I’ve read that relational db’s have a limit on the number of columns so that might not work here, but also, since I am setting the data for new columns and assigning a default value(0) to previous timestamps, I lose out on the DEFAULT param that’s there on MySQL.

Eventually, I will be querying data for 1 day, 1 month to get the data for the columns and their values.

Please suggest a suitable database solution for this type of dynamic row and column data.

Where can you find a suitable design for this layout

I want to warn you right away I don’t know English helped me translate. I am developing a web application for learning programming in React, as for design, I am a very perfectionist in this business (although I am not a designer myself), at the moment I create content where the user should read and learn (something like https://ibb.co/CQPdpGW https://ibb.co/0KfhY0r) these screenshots were taken from the site “Sololearn”, I do not want to hard copy the design that you saw in the picture, but I don’t know where I can see suitable examples of designs. search on google? and how to find. In conclusion, I would like to know are there special categories of designs for such purposes? thanks for your time.