cognito – Pros vs Cons of Secure Remote Password

We are setting up an authentication system using Cognito and Amplify. We noticed that Amplify suggests Secure Remote Password as the default.

I can understand the benefits of SRP for protecting against man-in-the-middle and such attacks. But it seems there is a downside too: for example, the server is unable to perform strength checks or to call Have I Been Pwned to check if the password has been compromised. By choosing SRP, it seems like we are opening ourselves to more of our users choosing “Password123!” as their password.

I haven’t been able to find much discussion on whether SRP is really a good choice or not. Does anyone know of standards or best practices I can refer to?

bitcoind – Pros & Cons of Self Hosting Bitcoin Node vs using a 3rd Party Service?

We are a medium size company building a blockchain application that requires us to interAct with the Bitcoin blockchain (+ several other cryptocurrencies). One option is for us to use a 3rd party service that provides us with a uniform API to interact with the blockchain (some examples are BitPay, BlockCypher, BitGo & CoinPayments). The other option is to self host the blockchain node on our servers and natively interact with the blockchain (no middleman involved).

If we go with 3rd party services there’s usually a monthly fee and/or a small percentage charged for each withdrawal (between 0.25% – 1%). So this would be one big downside of going with a 3rd party service. On the other hand, if we host the blockchain ourselves we would be required to perform ongoing maintenance, server upgrades, implement extra security protocols and so on.

A colleague warned me that for every coin we wish to support, we will be required to hire a dedicated expert developer to maintain each node at a cost of $40,000 per year per node

To be clear, we are not concerned about the initial setup of the nodes as we have expert developers who will assist us with that. Our primary concern is related to the ongoing costs to maintain, upgrade, debug and deal with ongoing security concerns of running a large number of nodes on our own server.

It is cheaper for us to hire a developer who will setup all the nodes on our server vs. paying a monthly fee and/or withdrawal fee. Our only concern is related to the long term maintenance costs associated with self hosting nodes.

Are the concerns of my colleague valid or unfounded? Are there valid reasons to believe we will regret self hosting in the long term due to ongoing maintenance costs? If so, what are some issues that we are overlooking with self hosting?

Thank you


I did see this SE answer that partially addressees this issue. However, a big part of the answer is focused on the initial setup costs of self hosting:

Using RPC calls to your local bitcoin node requires then some
developer knowledge, or a dev-team. That can add to costs in setting
up your environment

As I stated in my question, this is NOT really a concern for us. Our only concern is related to the ongoing costs of self hosting vs. using 3rd party service.

Illusion vs Hologram, what are the pros and cons

My DM is creating a new 1e campaign and wants to include starfinder elements such as items and classes to it. I’m planning on creating an spellcaster and am wondering if I should work towards the holographic eyes implants or whether to stick with traditional illusions. Is there any real advantages or disadvantages between the two? Can holograms trick robots and cameras? Are illusions more versatile? Should I just learn the holographic image spell if the dm allows it?

The Pros and Cons of AMP Pages

The pros and cons of creating and maintaining AMP pages.

lambda calculus – Show that term cons works by showing all beta reductions

I’m new to functional programming.

So the terms cons appends an element to the front of the list. Where cons ≜ λx:λl:λc:λn: c x (l c n).

How should I go about proving that cons works correctly using beta reduction for a sample function. For example reducing cons 3(2,1) to (3,2,1)? Is there a formula like for the artihmetic operations in lambda? I’m a bit confused on how to approach this comapred to a arithmetic operation (i.e. addtion or multiplication).


c++ – What are the pros and cons of having update sources as member references?

I have a class whose instance relies completely on updates from an instance of a separate class.
Simplified example:

#include "Source.h"

class ObjectThatNeedsUpdates
    void update(const Source& source)
        //Update member data with data from source
    //Some member data that needs updating

As you can see, every time I call the update function I pass a const reference of the Source class. But recently I thought that maybe it would be more logical to pass the reference to the Source object only once when a ObjectThatNeedsUpdates is constructed and let the class store the reference as a member, to avoid having to pass the source every time I want to update the object.

As such:

#include "Source.h"

class ObjectThatNeedsUpdates
    ObjectThatNeedsUpdates(const Source& source)
      : source_(source)
    void update()
        //Update member data with data from source_
    const Source& Source_;
    //Some member data that needs updating

What are the pros and cons of this approach?

reactjs – Cons of using state management alternatives to redux

It’s easy to argue that the un-opinionated nature of redux can make it verbose and hard to use, so I’ve been looking into alternatives. There are plenty opinionated state management alternatives. But as a consequence, you lose flexibility to suit your team’s exact needs.

For those that use or have used other state management libraries in production/enterprise-levels applications: What challenges have you faced because you did not use redux and used a more straightforward alternative? Was there a resolution?

navigation – What are the pros and cons with an overflowing horizontal scrollable nav bar?

On the team with designers and coders at my office, we’re currently having a discussion about horizontal navigation bars when they overflow on mobile. This is not a discussion about using cards that are scrollable, like in the Netflix app, but rather in a menu/sub menu.

We took a look at what Google is doing and they fade out other options that are not visible.

Google horizontal nav bar 1

But what happens when the screen size is smaller than that?

Google horizontal nav bar 2

Suddenly, there’s no indication whatsoever that there are more options.

That’s my biggest concern with these types of solutions. Other things I’m worried about are accidental edge swipes and back navigation. Wouldn’t a “More” menu be a better solution?

What are your thoughts? Are people used to this type of navigation? Do they actually use it? What are the options?

Pros and cons of registration on a website with phone number instead of email address

I’m developing a small website for a local sports club. Currently I’ve set it up with a standard email registration system – i.e. user enters username + email adress + confirmed password; server returns an email with registration link; user clicks on link to complete registration.
But since nearly all members of the club already communicate via WhatsApp, would using phone numbers be better? Passwords would still be required, since the site will be accessed via browsers rather than a phone app like WhatsApp. An advantage of using phone numbers is that the server could be asked to send out texts to users if an event is cancelled at the last minute – more likely to be seen than an email. Of course , registration could involve both email and phone but users may be aware of identity theft and not like that.
There’s clearly a small cost implication, since a text message costs a bit when sent from a server, whereas an email does not. But are there any other issues to take into account?

Pros and Cons of Sorting by Number of Reviews

If we say the goal of the user is to quickly find the best product when browsing the product listing page. What are the pros and cons of providing users the option to sort by Number of Reviews? Does sort by Number of Reviews support the goal?