I would be interested in seeing if we can use a clipping mask to achieve the same with a transparent background or backdrop-filter on the content element 🤔
Security reasons behind token expiration and rotation are clear, but not their mitigation. If, has an attacker, I have access to both tokens, then I am on equal footing with the legit user who also has both tokens. I could be the one getting the new refresh token / auth token as part of my requests even, UNLESS there's something else that you've neglected to mention, like a tie-in to the user's IP / Mac Address / etc. Also, you keep saying that the token is stateless but don't explain WHAT IT MEANS. Stateless is an incredibly loaded term in IT. I understood what you meant through the given example, but you should definitely pay more attention to such details.
Great insights in your video! It really highlighted the balance between business decisions and developer community needs. Could you recommend any alternatives to PlanetScale that are developer-friendly and offer free tier? something sababa
hm I am unsrure, if you want to load more than just one .env file as this will lead to much trouble as variables will be overwritten in sort of including the envs
If this devin can do 13% of an engineer's work and its now (in 2024) then , after 4 years i.e. after my graduation in 2029 there will be the AIs and robots or robotic humans who will be doing better than a human , maybw 300% work of an engineer, so if this type of AI is being developed in this new era of AI trend then it is truly dangerous and unpredictable about the happenings in future...🤖👾
I hate when content creators start their videos with a post-installation status, and you find yourself struggling for 2 hours (as if time is not the most valuable resource in the universe) in order to apply tailwindcss-4 onto an existing project. Making it to (FINALLY! 🥵) work was really tough and exhausting. Source code could have been helpful as well. Thanks anyway.. p.s. 03:27 - mmm className="group-has-hover-has-active:opacity-0" - doesn't work.
Redis is not going to make a lot of money over this. Essentially Redis is just been renamed as Valkey. only the most incompetent of companies will stick with Redis the majority will move to Valkey fork.
Oh my god I can't believe they're setting the override priority of imported env variables in the wrong order. Everything has to be ass backwards in web development, that's why it's a joke, even things they are doing to improve the state of things in 2024 still done with maximum incompetence.
That's for real Ariel about that first job. I got stuck in my first job and got pigeon holed wasting 4 years. But as you said it was job security. When I decided to leave, I wasn't able to find a role even when I was qualified...0-12 months experience with Ruby on Rails. However, I had to take a significant paycut to get back on track with my career. BTW thanks for your NestJS course back in 2019!!
Exciting news for the community! valkey is here, a new project developed as a fork of Redis, thanks to the dedication of most of Redis’s top contributors.
Feels to me like the environment file loading would be more natural if done in the opposite order (general env properties followed by specialized env subset e.g. for debug).
The problem I see with AI is not the tool. It can be a very useful tool. It's the hype that's poisonous. It's 21st centuries snake oil. The problem is that AI is being marketed as a replacement for software engineering and not as a tool to enhance it. Those with the least amount of technical knowledge in business are buying into the hype, but once it doesn't deliver what is being marketed then the bubble will burst and what could have been great tools will get jettisoned.
in my POV I am for opensource projects especially companies to go with this license . I think it will actually boost opensource and stop big tech companies from just feeding off of open source projects . Dev's that use the software will not be hindered and small opensource companies get paid .
While what you're saying makes sense and it's understandable, it's fine if you do it from the start. But if Redis built its entire name and progression with community contribution and direction, and then took others' work and disallowed others to compete with it... Not cool at all, and deserves criticism.
Thanks for the super clear explanation. I have question related to Refresh Tokens being stolen: 08:13 "The first time legit user uses the refresh token, that refresh token is not valid anymore." But here is a catch, WHAT IF the malicious user uses the refresh token to get a new pair of tokens before the legit user? That means, after some time when legit user tries to use refresh token, he will not be allowed to do so, BUT malicious user will have all the access. What do you think about that?
A refresh token should never be used twice if you are rotating. Knowing this, your system can invalidate all the tokens for the user if a refresh token is used twice. Additionally, it wasn't mentioned, but you should return the JWT's as Secure HttpOnly cookies whenever possible. Secure means it's only sent with HTTPS, and HttpOnly prevents scripts from accessing it. Also SameSite strict/lax can help against CSRF.
What we have is not AI yet. Its more sophisticated statistic algorithm :). AGI will be the real deal, but I wonder how far we are from it or if even we can ever achieve it. Nevertheless, bubble will burst hard, but untill then stay in the loop.
As a digital artist heavily effected by Ai, I am happy to say that AI is great for coding and I made bunch of apps since art dropped off the cliff, with no skills or experience. Suck it programmers.
So let's see your multi cqrs microservice deployed backend with Kafa messaging queue and how you configured stateful sets for your Databases so you can load balance them properly with Kubernetes. What's that? Oh, you built only a static web page and are unable to expand upon it further, and aren't even sure how to deploy it, gotcha..
This is a very sensible analysis. The magic of generative AI makes many people think it is something it is not. AI, generally speaking, is a tool, and a potentially very powerful one. There are big opportunities coming - this is not an extinction event for developers.
Love your content and the way you present it. Also took your NestJS course. Great stuff. Would love to see more on AI, plus recommend resources to further expend our knowlage, both theoretical and practical.
I have bought your nestjs course on udemy a while back. And I am so glad to have received your mail about this video. I would really appreciate some more in depth views and examples on how you see the use of AI enhancing the saas market. Also, to utilize ai fully, would you say that I would need knowledge of machine learning and the other forms of AI?
Thanks a lot! Regarding your question - absolutely not. Understanding how AI models are built at a high level is more than enough. The majority of AI skill that’ll be used in practice will be closer to what we know as Full Stack Developers today. API calls, collecting and cleaning data, prompt engineering, etc.
@@codinglyio Hi, I just bought your NestJS course on Udemy today, after I saw one of your post on reddit, as I was searching for NestJS courses as the official one is way too expensive. So I came here after I saw under announcement tab in Udemy, about this YT Devin AI you linked. I am interested in NestJS because it is used by a opensource photo program called Immich, recently funded by FUTO. I am not a programmer, but I want to create a software for a private purpose. I am very interested in AI, as it could help me progress quickly. I am playing around with Ollama, and also ChatGPT-4o, but I am lacking VSCode integration. I know about Continue plugin and I am already running llama3 model locally with the help of rocm. I would greatly appreciate any help how to setup VSCode with IA to learn coding better. After learning NestJS, I have Svelte, PostgreSQL, and Flutter on my todo list... Yesterday I tried to use Google AI Gemini 1.5 pro, but I completely failed in my mission. I was completely lost, so I gave up. What I would like the most are explanations how to train a local AI LLM to use them with frameworks like Flutter (Dart), NestJS, and Svelte, to improve my coding skills. Thank you.