-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why? #1
Comments
Maybe use something like like a hash, or nanoId? Or configure the database to generate a non-sequential unique id that is not a uuid when creating the resource? This is also an interesting blog with some insight into making the This might be overkill but you could also, perhaps (I have not tested this), create a base64 decoding/encoding method that uses a salt or an iv to sign and create a AES192 cipher/decipher of your Another solution would be to ditch the uuid completely and create the resource |
@hyprstack great points! NanoID https://github.com/ai/nanoid (initial commit 5 Aug 2017) Under the hood it's using
Nano ID has a good illustration of the Birthday Problem (Probability of ID Collision) to explain ID length:
If we could configure/program PostgreSQL to auto-generate the non-sequential ID it would be good Hashids are good for obfuscating integers to strings and the reversibility is useful for many situations. My reasoning for not wanting to use Hashids is twofold:
I agree that using a cryptographic hash function for creating IDs is a good idea for creating random strings with low chance of collisions. We considered the use of a salt/iv when hashing - and it's a good suggestion in general when hashing to avoid rainbow table attacks - but it would only be useful in the case where we wanted to make ID reversibility (by an attacker) more difficult. Requirements ?I can summarise the requirements I have in mind in the following 3 statements:
I think I need to start writing some code to illustrate my thoughts on this. 💭 |>📝 |
Discovered https://github.com/nocursor/ex-cid/ 🎉 |
Sadly, after a week of waiting for the author of Sadly, I hate it when people rush code and don't make the effort to add reliability guarantees via continuous integration with 100% test coverage and comprehensive examples. e.g:
But I definitely don't "like" doing it! I would much rather someone else write and maintain this! Anyway, GOTO: #11 |
Update on nocursor/ex-cid#1More than a month has passed since I opened the issue nocursor/ex-cid#1 informing the author/creator that the code does not compile nocursor/ex-cid#1 (comment) thus rendering it unusable. @SimonLab created the Pull Request that would fix the failing test: nocursor/ex-cid#2 As much as I would like to avoid duplicating effort, I/we (@dwyl & the wider Elixir community) cannot afford to rely on a package that has an unresponsive author. 😞 I feel that this has left us with little choice but to re-do the work on Again, GOTO: #11 |
At present we are using a UUID in our Append-only Log see: dwyl/alog#15
This is a good "stop gap" to get the
alog
project to "alpha" so it could be used in the Client Project.But I feel that we should carefully consider the use of UUIDs as IDs in the "long term".
If an ID is meant to be "machine readable" and "guaranteed" unique, then UUIDs are perfect.
If there are additional requirements then we need to capture them.
For example: are we going to display the UUID in the URL for a given content type e.g:
Is this the most user-friendly ID we could display? (is it distinctive or memorable ...?)
Could we instantly improve UX by shortening the URL and making it Base64 instead of Base16? e.g:
Where the app would automatically
301
re-direct the request to:Can we "re-think" content/record IDs for both Uniqueness and Usability?
Basic Example: Address Book
The append-only log example: https://github.com/dwyl/phoenix-ecto-append-only-log-example
demonstrated the benefits of using an append-only log for an address book.
But we also explained that any app can benefit from having an immutable log as its' data store!
see: https://github.com/dwyl/phoenix-ecto-append-only-log-example#examples-where-an-append-only-log-is-useful
What the example did not cover is how to mitigate against saving the same data multiple times.
For example, consider the form:
if Bruce clicks/taps to
edit
his address,and we have an auto-save function to prevent loss of changes.
We need a way of checking on the client that the address has not changed
while
he is viewing the edit screen.Yes, this function should only be triggered by the "onChange" DOM event, but for argument's sake, we assume that Bruce clicks the "save" button (which we have discovered through UX-testing people still expect to have despite the "autosave"),
should the server attempt to "re-save" the data that has not changed?
I suggest that by using a hash of the content as the Primary Key, Ecto (or PostgreSQL) would "reject" the insert request as a "duplicate" and we would not waste space in the database/table with dupe data.
If the data has not changed then the ContentID (
cid
) would be the same so no data insert.Use Case: Distributed Learning Platform
Learning systems universally have "vendor" or "platform" Lock-in.
Do a lesson on
Ask a question on StackOverflow? If your account gets banned for any reason, you lose "ownership" of any questions you had asked.
Want to export your data and take it with you? Tough!
In our "product roadmap" we have begun to detail the creation of an Open Source Distributed Collaborative Learning platform:
https://github.com/dwyl/product-roadmap/blob/master/collaborative-learning-community.md
By using a
cid
where each item of learning has a unique "fingerprint",_everyone learning on the platform can clearly see what each of their fellow learners has "covered".
If anyone wants to either import or export their learning, they can do it easily.
This is game-changing for making your "learning log" portable from kindergarten to the grave!
No longer will your new school, university or employer/team have to rely on a "report card" or (incomplete) "transcript", everyone will be able to see that Alex
cid: sha2-256-6e6ff7950a36187a801613426e858dce686cd7d7e3c0fc42ee0330072d245c95
When Alex moves from Middle School to High School, all his teachers and classmates can easily see exactly what he has learned.
The teacher can be far more effective because they know what each student has already covered vs. what they still don't grasp. And instead of teaching more advanced topics that half the class will be confused by, they can attempt to cover the areas that still require work.
This is highly relevant in the workplace too!
As a "hiring manager" or "team lead", I want to know exactly what my (potential) team members already know and what they are still trying to learn. I will delegate tasks to them that stretch their current abilities enough to encourage learning but not too much that would "overwhelm" them!
Closing the Gender/Class/Minority Divide in STEM/Tech
I feel that having a complete "learning log" will help to eliminate the gulf that exists in STEM/Tech because it will always be immediately obvious who has the knowledge/skill and it wont be a matter of which person has the loudest voice and most over-confidence.
The text was updated successfully, but these errors were encountered: