Gosh, if you’re able to share that I’d love to see that train wreck.

Yes, but usually not actual HTML because then there are a lot of security issues to address. BBCode might even be a better choice, i.e. [b]Bold Text[/b]

If I wanted a WYSIWYG field I’d probably still use markdown. I could add the buttons to properly inject markdown symbol and use a JS markdown renderer for the text field. Tbh I’d be amazed if there weren’t at least a dozen out-of-the-box packages that included a live rendered text area with a widget array.

In this instance I’m not advocating for markdown as a user interface but just using it as a quick and dirty markup language. Be aware that if you turn to HTML, you’d be adopting responsibility for a lot of non-trivial security issues. If the customization went beyond markdown (into, for instance, fonts) you’d need a more complex solution so you’d likely want to investigate other tag or boundary marker based markup languages out there. Markdown is just simple and has ten billion implementations out there.

That is a very unlikely approach.

Rich text in the modern world is almost exclusively solved by using markdown because it’s such a trivial solution.

In previous words it was usually solved either using range tags (similar to HTML, sometimes literally HTML, more often custom stuff) or embedded boundary markers (something that marked a new boundary and then had a full definition of the styles to follow, sometimes omitting styles that didn’t change, often times in some insanely dense binary format for predictable scanning).

Usually, it’s more sane to embed formatting in the string itself rather than having styling separately defined (i.e. CSS, kinda). Because otherwise storage would be a huge pain and reading would require a lot of non-consecutive disk scans.

But then you’d need to add more garlic!

Fucking lies. My mom has a special recipe for garlic and shallot soup that will leave you literally farting garlic vapors and it’s both delicious and could use more garlic.

Ah, likely a fellow futurecanoe enjoyer.

Ditto for Spanish cuisine.

It’s actually really annoying to trim before cooking.

I’d suggest choosing a mature language with a large number of utilities/libraries available - Java, Python, Rust spring to mind but the graphical shit is really what you’d want to lean hard on a library is. I don’t know enough to say for certain but it sounds like most of your work will be defining objects and how they interact… off the shelf solutions can’t really help with that.

It’s usually how you’ll buy the whole fish - some people may eat the cheeks or other bits but it’s fine to just grab the body meat.

It’s much, much easier to debone after cooking.

Is this related to highly sensitive PII (like hippa or whatever covers local health-care record treatment)? If so, I’d strongly suggest not doing anything and seeking a remedy from contractual obligations by the vendor (i.e. seek HIPPA Ready software or a vendor willing to make that promise).

If not, you’ll definitely want to focus on data persistence and transmission.

Make sure there aren’t outgoing network calls to fixed locations (if they’re for error reporting to the vendor you can either ask if they can disable the reporting, black hole the reporting with network configuration or carefully inspect the way data gets to that reporting and ensure user data can’t be captured - a common oversight being logging function parameters).

Make sure the persistence is secure by looking at the main persistence module (i.e. a database or flat file) to make sure unnecessary information isn’t being stored, verification only information is being written to persistence through one way hashes, and data that should be two-way encrypted is. Then double check the same stuff with regards to secondary persistence methods - again a huge issue here is logging.

Those two points are where I’d suggest focusing the majority of your effort but, back to the hippa part, make sure you’re comfortable doing this. It’s pretty easy for auditors to be the fall guys if something goes wrong so if you want to be careful one approach is to carefully document what you’ve checked for and how you checked for them then get someone above you to sign off that your level of auditing was sufficient - if shit ever does hit the fan you’ll be less exposed.

For what purposes are you auditing this software. Auditing is always done to prove something is appropriate for some usage and what that audit should involve depends on that usage and, additionally, factors of trust between you and the author.

Would you be comfortable supplying some additional information about what you (or whoever asked you to run the audit) expects out of the audit.

Find a computer problem that you want to solve and focus on technologies that will help you solve it. Traditionally python is considered an excellent learning language due to the wide library support and adherence to most common programming styles - is there any romanticized pet project you’ve got on your brain?

I’m pretty sure that even if systemd is in place you can still use /etc/init.d

The ways to register programs to run at startup vary wildly from platform to platform but they’re all relatively simple. I might suggest you just look into how to do it manually before looking for a library since it’s extremely trivial (at least on windows/Linux - I’m not familiar with how macs do it but I hope it’s the same approach as linux).

This was something I loathe in SQL and it’s something to rightfully call out in other standards.

Look, I get it, the standard writers want to get paid - host conferences, get speaking fees… but publish your fucking standards for free.

I’d suggest rewording the mongoDb line to emphasize familiarity with NoSQL and call out mongoDb as a specific technology in the family. Also, if you have actual RDBMS experience please don’t omit that, it’s something we weight a lot more than just mongo/redis/memcached.

For backend development, you mean? It’s essentially required for front end development (granted you can use a language that compiles into Javascript… also is activeX still a thing or have we killed it off).

Vanishingly small. In Qt that’d have to be an issue in QStringList IIRC.

C++ has no guarantees built into stdlib but frameworks like Qt provide safe access - the ecosystem has options. C++ itself is quite a simple language, most of the power comes out of toolsets and frameworks built on top of it.