It seems like the database libraries they recommend for security, ksql and sqlbox, mitigate the risk with process separation and RBAC, so the CGI process doesn't have full access to the database.

It's definitely contrary to modern assumptions about web app security, but it's interesting to see web apps that are secure because they use OS security features as they were designed to be used, rather than web apps that do things that are insecure from an OS-perspective, like handling requests from multiple users in the same process, but are secure because they do it with safe programming languages.

I also got an M1 Max. The chip is amazing. Compile times are a lot faster than on the 6 core Intel Mac mini I had before.

But at this point it's really held back by Apple's software.

Anything related to Apple ID and iCloud regularly hangs 30-60 seconds, showing a spinner with no progress indicator whatsoever.

Apps randomly take 20 seconds to launch, maybe because of [1]?

The Open/Save dialog taking 30 seconds to show.

ControlCenter using 8GB of RAM to show a few sliders (I hope they fix that bug soon).

The scanning feature in Preview is so unreliable that I started using my Windows machine for scanning something on my HP all-in-one.

Some of those problems may be issues with 3rd party software (drivers), and others are just things that slipped through QA, and will hopefully be fixed in an update.

But some of the issues are structural issues, where Apple has made questionable decisions that means issues can never be fixed.

Eg. designing a security architecture that requires synchronously checking a binary signature during app startup with a web service is bound to cause performance issues.

Or the design of the XPC system, which uses asynchronous message passing between services that are implicitly launched on demand sounds nice in theory, but it has been the source of so many bugs, causing temporary or permanent app hangs that are impossible to debug. The system was introduced in macOS 10.7 (!) and it still doesn't work reliably! At this point I've lost hope it will ever work properly.

[1]: https://sigpipe.macromates.com/2020/macos-catalina-slow-by-d...

That one was #514 for me: https://projecteuler.net/problem=514

1) Massive respect to Allan McDonald, for piping up in the hearing when he could have very easily kept quiet.

2) Massive respect to NPR, for continuing to publish news in HTML with minimal markup, quick loading for anyone to view.