Very well done, Stelian! Everything was good, but I especially liked that you covered even the small details. Which is why I think you'd appreciate these suggestions:
You touched on some privacy caveats (i.e. not logging cell tower IDs without consent, not logging session IDs, etc.), but those were just bullet points scattered around different slides. I believe it'd be better if you dedicate a part of the session to talk specifically about privacy.
Bonus tip on that one: People are used to their username being already populated in login forms and some would start immediately typing their passwords, often resulting in a password being submitted as a username, so it may be a good idea to avoid logging usernames too. Automated field-focus via JS makes this problem worse sometimes by artificially moving the focus to an already filled username field.
The part about date/time formats can be polished. If you remember that moment, I was that guy who asked if you meant a UNIX timestamp by saying just "timestamp" ... that was a bit confusing because "2015-09-29 14:15", as well as everything else that marks the time is also a timestamp.
The main thing I took with me after the talk is that while I try to be consistent with the logs I need to think even more about it, collect them and check them regularly and not only when something goes wrong.
Comments
Comments are closed.
Really good talk, with some good advises!
Very informative and well done!
This was spot on, advices, slides, delivery. You really should do this more often
it was really great. nicely presented, entertaining with great advices and extensive information
Interesting talk, nice delivery.
Very informative and great examples and explanations! Good job!
Very well done, Stelian! Everything was good, but I especially liked that you covered even the small details. Which is why I think you'd appreciate these suggestions:
You touched on some privacy caveats (i.e. not logging cell tower IDs without consent, not logging session IDs, etc.), but those were just bullet points scattered around different slides. I believe it'd be better if you dedicate a part of the session to talk specifically about privacy.
Bonus tip on that one: People are used to their username being already populated in login forms and some would start immediately typing their passwords, often resulting in a password being submitted as a username, so it may be a good idea to avoid logging usernames too. Automated field-focus via JS makes this problem worse sometimes by artificially moving the focus to an already filled username field.
The part about date/time formats can be polished. If you remember that moment, I was that guy who asked if you meant a UNIX timestamp by saying just "timestamp" ... that was a bit confusing because "2015-09-29 14:15", as well as everything else that marks the time is also a timestamp.
Interesting talk with good hints for logging data.
The main thing I took with me after the talk is that while I try to be consistent with the logs I need to think even more about it, collect them and check them regularly and not only when something goes wrong.