Is it advisable for software developers to focus on frameworks like React or Vue?

As a front end developer just 2 years into my career, I am starting to be confused by the job industry nowadays where the job recruiters are looking for people who had experience with React or Angular for X amount of years. I have read what people wrote online saying that do not focus too much on frameworks as they come and go, rather focus on picking up OOP languages like Java or Python.

For front end developers, this is a very difficult situation because if frameworks come and go, that means our ROI learning and working on those frameworks will be disappointing. So would that mean back end developers will have an edge in the industry because what they learn (database, backend OOP languages)would still be practical 10 years down the line?

Should I switch my job to become a backend developer then? Or rather instead of focusing on learning frameworks, I should just focus on learning a backend programming language then (either Python, Java, Golang)? Really need advise as a newbie programmer here.

Is using something other than XML advisable for my configuration file?

I have a small tool I’m designing which would require a configuration file of some sort. The configuration file in my case is really more of a database, but it needs to be lightweight, and if needed the end-user should find it easily editable. However, it also will contain a lot of things in it. (depending on certain factors, could be 1Mb or more)

I’ve decided I’d rather use plain ol’ text, rather than trying to use SQLite or some such. However, with using text, I also have to deal with the variety of formats. So far, my options are

  • XML
  • JSON
  • Custom format

The data in my file is quite simple consisting for the most part of key-value type things. So, a custom format wouldn’t be that difficult… but I’d rather not have to worry about writing the support for it. I’ve never seen JSON used for configuration files. And XML would bloat the file size substantially I think. (I also just has a dislike of XML in general).

What should I do in this case?

Factors to consider:

  • This configuration file can be uploaded to a web service(so size matters)
  • Users must be able to edit it by hand if necessary(ease of editing and reading matters)
  • Must be able to generate and process automatically (speed doesn’t matter a lot, but not excessively slow)
  • The “keys” and “values” are plain strings, but must be escaped because they can contain anything. (unicode and escaping has to work easily)
  • Multiple configuration files. Basically, each config file is tied to one “project”

Is it still not advisable to use recent versions of EncFS >1.7 to encrypt Dropbox?

I’d like to use EncFS to encrypt files synced with Dropbox. Unfortunately, its Wikipedia page mentions security concerns from an audit of version 1.7:

EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times.

Someone with access to my Dropbox account will have exactly that: Dropbox stores multiple previous versions of a file after it’s been modified which is exactly “two or more snapshots of the ciphertext at different times”.

In 2015, this has been confirmed in this question for example: Is ENCFS secure for encrypting Dropbox?

Regarding version 1.8, Wikipedia states:

The announcement of EncFS 1.8 included several underlying design changes, acknowledging the security concerns raised in the previous audit. However, certain concerns still remain regarding those vulnerabilities.

Which concerns do remain? Is the issue regarding Dropbox fixed?

Also, according to the most recent version is 1.9.5, now.

Is it still not advisable to use those recent versions of EncFS to encrypt Dropbox? Does the issue with “two or more snapshots of the ciphertext at different times” still exist?

Is it advisable to create a system that stores passwords?

Please bear with me, I’m a total newbie about security.

I work in a company whose main goal is to maximize profits and use free stuff as much as possible. It’s effect is that we use tons of freeware web apps that helps us the production with the efficiency.

Also with regards to reports, we mostly use excel to pass around information or dashboards.

Couple of months ago, the company needed to adhere to data privacy act which required everything to be password protected which scopes the excel files.

Now, everyone keeps forgetting their passwords. So a solution was raised, to create a system that centralizes all the passwords of a certain group. Basically it’s a notepad containing all the passwords of a team for their reports.

Is this even a good idea?

From a developer POV, there should be systems that helps people do their stuff not using excels and SSO must be implemented but since the company won’t provide budget for technology we are in this situation.