Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "code signing"
-
Any code I make for clients is under a strict license unless specified otherwise. It's a straight forward license pretty much stating that they can't sell it or claim it as their own. I've had a few clients break that license but one stood out. I had made a piece of software that cost her over $2,500 due to the amount of hours that went into it. The transaction went along smoothly so there was nothing to be alarmed about. She came back for more work about 6 months later and I decided to do some checking up on her to see how her business was going. Immediately smack bang on the home page was my software being sold for $30/month. Needless to say I was outraged. She said there was no talk of a license which I responded with pulling out the contract that she signed where it explained that signing the contract meant she was in agreement with the specified license. 2 months after this started, I'm being awarded any profits made from said software along with her closing down the website. As much of a bitch as she was, it wasn't worth my time trying to get more out of her.5
-
When you get so excited you burst out signing "🎶MY CODE IS ON FIRE🎶"(Alicia keys "this girl is on fire" reference) forgetting your in a room with your fellow developers.....
5 minutes later there still laughing3 -
The gym I go to has an app for user's to scan a QR code when they arrive and it has multiple HUGE issues.
This app shows the credit card info used for the direct debit without anything being redacted.
When the gym is signing up someone they give them a password so they can login, not too bad except the password is always the person's first name with the first letter capitalised.
This gets worse when you figure out that their is no way to change the password given to you AT ALL.
And just to top it all off, when you click the "Forgot Password" link on the login screen, the app just sends you an email with your password (your first name) in plain text.
The app also doesn't log you out or notify you if your login is used on a different device.
So I have tested this with 2 of my friends that go to the same gym and, with only knowing their email and first name (which I could have gotten from their email if I didn't know them), I can get into their app and see their credit card info without them being any the wiser.9 -
I just tried to sign up to Instagram. I made a big mistake.
First up with Facebook related stuff is data. Data, data and more data. Initially when you sign up (with a new account, not login with Facebook) you're asked your real name, email address and phone number. And finally the username you'd like to have on the service. I gave them a phone number that I actually own, that is in my iPhone, my daily driver right now (and yes I have 3 Androids which all run custom ROMs, hold your keyboards). The email address is a usual for me, instagram at my domain. I am a postmaster after all, and my mail server is a catch-all one. For a setup like that, this is perfectly reasonable. And here it's no different, devrant at my domain. On Facebook even, I use fb at my domain. I'm sure you're starting to see a pattern here. And on Facebook the username, real name and email domain are actually the same.
So I signed up, with - as far as I'm aware - perfectly valid data. I submitted the data and was told that someone at Instagram will review the data within 24 hours. That's already pretty dystopian to me. It is now how you block bots. It is not how Facebook does it either, at least since last time I checked. But whatever. You'd imagine that regardless of the result, they'd let you know. Cool, you're in, or sorry, you're rejected and here's why. Nope.
Fast-forward to today when I recalled that I wanted to sign up to Instagram to see my girlfriend's pictures. So I opened Chromium again that I already use only for the rancid Facebook shit.. and it was rejected. Apparently the mere act of signing up is a Terms of Service violation. I have read them. I do not know which section I have violated with the heinous act of signing up. But I do have a hunch.
Many times now have I been told by ignorant organizations that I would be "stealing" their intellectual property, or business assets or whatever, just because I sent them an email from their name on my domain. It is fucking retarded. That is MY domain, not yours. Learn how email works before you go educate a postmaster. Always funny to tell them how that works. But I think that in this case, that is what happened.
So I appealed it, using a random link to something on Instagram's help section from a third-party blog. You know it's good when the third-party random blog is better. But I found the form and filled it in. Same shit all over again for info, prefilling be damned I guess. Minor convenience though, whatever.
I get sent an email in German, because apparently browsing through a VPS in Germany acting as a VPN means you're German. Whatever... After translating it, I found that it asks me to upload a picture of myself, holding a paper in my hands, on which I would have a confirmation code, my username, and my email address.. all hand-written. It must not be too dark, it must be clear, it must be in JPEG.. look, I just wanted to fucking sign up.
I sent them an email back asking them to fix all of this. While I was writing it and this rant, I thought to myself that they can shove that piece of paper up their ass. In fact I would gladly do it for them.
Long story short, do not use Instagram. And one final thing I have gripes with every time. You are not being told all the data you'll have to present from the get-go. You're not being told the process. Initially I thought it'd just be email, phone, username, and real name. Once signed up (instantly, not within 24 hours!) I would start setting up my account and adding a profile picture. The right way to ask for a picture of me! And just do it at my own pace, as I please.
And for God's sake, tackle abuse when it actually happens. You'll find out who's a bot and who isn't by their usage patterns soon enough. Do not do any of this at sign-up. Or hell, use a CAPTCHA or whatever, I don't fucking care. There's so many millions of ways to skin this cat.
Facebook and especially Instagram. Both of them are fucking retarded.6 -
Our company maneuvered themselves into a classic technical debt situation with a project of a second team of devs.
They then left, signing a maintenance contract and now barely work on the project for exorbitant amounts of money.
Of course management got the idea to hand off the project to the first team, i.e. our team, even though we are not experts in that field and not familiar with the tech stack.
So after some time they have asked for estimates on when we think we are able to implement new features for the project and whom we need to hire to do so. They estimates returned are in the magnitude of years, even with specialists and reality is currently hitting management hard.
Code is undocumented, there are several databases, several frontends and (sometimes) interfaces between these which are all heavily woven into one another. A build is impossible, because only the previous devs had a working setup on their machines, as over time packages were not updated and they just added local changes to keep going. A lot of shit does not conform to any practices, it's just, "ohh yeah, you have to go into that file and delete that line and then in that other file change that hardcoded credential". A core platform is end of life and can be broken completely by one of the many frameworks it uses. In short, all knowledge is stowed away in the head of those devs and the codebase is a technical-debt-ridden pile of garbage.
Frankly I am not even sure whom I am more mad at. Management has fucked up hard. They let people go until "they reached a critical mass" of crucial employees. Only they were at critical mass when they started making the jobs for team 2 unappealing and did not realize that - because how could they, they are not qualified to judge who is crucial.
However the dev team behaved also like shitbags. They managed the whole project for years now and they a) actively excluded other devs from their project even though it was required by management, b) left the codebase in a catastrophic state and mentioned, "well we were always stuffed with work, there was no time for maintenance and documentation".
Hey assholes. You were the managers on that project. Upper management has no qualification to understand technical debt. They kept asking for features and you kept saying yes and hastily slapped them into the codebase, instead of giving proper time estimates which account for code quality, tests, reviews and documentation.
In the end team #2 was treated badly, so I kinda get their side. But up until the management change, which is relatively recent, they had a fantastic management who absolutely had let them take the time to account for quality when delivering features - and yet the code base looks like a river of diarrhea.
Frankly, fuck those guys.
Our management and our PM remain great and the team is amazing. A couple of days a week we are now looking at this horrible mess of a codebase and try to decide of whom to hire in order to help make it any less broken. At least it seems management accepted this reality, because they now have hired personnel qualified to understand technical details and because we did a technical analysis to provide those details.
Let's see how this whole thing goes.1 -
In the next 40 years devRant will be non-existential because developers wont be there anymore, you know why?
AI takes over the world.. writes its own code and build new products.
Suck it.
Signing off
- Elon Musk
(personally, I love this guy)22 -
So apparently I can't test my apps on my own device without paying my Apple Developer Certificate.
I knew it is needed to pay for it if you want to publish/distribute your app but c'mon... This is ridiculous.
My app was literally a fresh app creation, a fucking white screen one page fucking app and when I tried to run in on my iPhone, then I ended up having this problem:
dyld: Library not loaded: @rpath/libswiftCore.dylib
Referenced from: /var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/HWorld
Reason: no suitable image found. Did find:
/private/var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/Frameworks/libswiftCore.dylib: code signing blocked mmap() of '/private/var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/Frameworks/libswiftCore.dylib'
(lldb)
If any of you guys know how to solve it without paying (even more) PLEASE let me know
THANKS14 -
So about 3 weeks ago I was laid off from my dream job due to corporate bullshit. From the feedback received since then it is clear that the company made a mistake hiring a brand new React dev while they really needed an experienced one. Because the consultants who were supposed to be weren't. And the other in-house front end dev was an elitist asshole. And I never received proper feedback until it was too late. Actually I still don't have proper feedback save for some vague stuff which really sounds like the kind of feedback you'd give someone in the middle of their learning process. They even said eventually given more time I could have made it. But alas they felt they had to make a call in the best interest of the company.
Things moved fast since then, I took a week to recover and then I spent time updating my resume before getting back in touch with the recruiter who got me my last job. Great guy and he was happy to help me again. Applied to some positions, got some replies, first in person interview I go to they are immediately willing to take me on.
So now I'm supposed to start tomorrow but somehow I'm having my doubts. The company isn't an IT company but rather a fashion company. They believe in developing in house tools because past attempts with external companies resulted in them trying to push their vision through. Knowing who they worked with I agree, they tried to oversell all the time. But after talking with their developers I noticed they are behind on their knowledge. But so am I. So there was no tech interview which means I am getting an easy way in. And if they honour their word I'll be signing tomorrow for around my old wages.
So you'd think that sounds good right? And yet I'm worried it's going to be another shit show working on software without proper analysis or best practices. I mean the devs aren't total idiots, they are mediors like me and I think their heart is in the right place. They want to develop a good project but it will be just us 3 making a modern .net wpf application with the same functionality of the old Access based system currently in use. I was urged by the boss to draw on my experience and I think he wants me to help teach them too. But I'm painfully aware for my decade since graduating I'm a less than average .net dev who struggles with theory and never worked a job where I had someone more experienced to teach me. I coasted most of the time in underpaid jobs due to various reasons. But I'd always get mad over shitty code and practices. Which I realize is hypocritical for someone who couldn't explain what a singleton class is or who still fails at separation of concerns.
So yeah my question for the hivemind is what advice would you give a dev like me? I honestly dislike how poor I perform but it often feels like an insurmountable climb, and being over 30 makes it even more depressing. On the other hand I know I should feel blessed to find a workplace who seems to genuinely believe that people grow and develop and wishes to support me in this. Part of me thinks I should just go in, relax, but also learn till I'm there where I want to be and see if these people are open to improving with me. But part of me also feels I'm rushing into this, picking the first best offer, and it sure feels like a step backwards somehow. And that then makes me feel like an ugly ungrateful person who deserves her bad luck because she expects of others what she can't even do herself :(4 -
Next week I'm starting a new job and I kinda wanted to give you guys an insight into my dev career over the last four years. Hopefully it can give some people some insight into how a career can grow unexpectedly.
While I was finishing up my studies (AI) I decided to talk to one of these recruiters and see what kind of jobs I could get as soon as I would be done. The recruiter immediately found this job with a Java consultancy company that also had a training aspect on the side (four hours of training a week).
In this job I learned a lot about many things. I learned about Spring framework, clean code, cloud deployment, build pipelines, Microservices, message brokers and lots more.
As this was a consultancy company, I was placed at different companies. During my time here I worked on two different projects.
The first was a Microservices project about road traffic data. The company was a mess, and I learned a lot about company politics. I think I never saw anything I built really released in my 16 months there.
I also had to drive 200km every day for this job, which just killed me. And after far too long I was finally moved to the second company, which was much closer.
The second company was a fintech startup funded by a bank. Everything was so much better than the traffic company. There was a very structured release schedule, with a pretty okay scrum implementation. Every team had their own development environment on aws which worked amazingly. I had a lot of fun at this job, with many cool colleagues. And all the smart people around me taught me even more about everything related to working in software engineering.
I quit my job at the consultancy company, and with that at the fintech place, because I got an opportunity I couldn't refuse. My brother was working for Jordan Belfort, the Wolf of Wallstreet, and he said they needed a developer to build a learning platform. So I packed my bags and flew to LA.
The office was just a villa on the beach, next to Jordan's house. The company was quite small and there were actually no real developers. There was a guy who claimed to be the cto of the company, but he actually only knew how to do WordPress and no one had named him cto, which was very interesting.
So I sat down with Jordan and we talked about the platform he wanted to build. I explained how the things he wanted would eventually not be able with WordPress and we needed to really start building software and become a software development company. He agreed and I was set to designing a first iteration of the platform.
Before I knew it I was building the platform part by part, adding features everywhere, setting up analytics, setting up payment flows, monitoring, connecting to Salesforce, setting up build pipelines and setting up the whole aws environment. I had to do everything from frontend to the backest of backends. Luckily I could grow my team a tiny bit after a while, until we were with four. But the other three were still very junior, so I also got the task of training them next to developing.
Still I learned a lot and there's so much more to tell about my time at this company, but let's move forward a bit.
Eventually I had to go back to the Netherlands because of reasons. I still worked a bit for them from over here, but the fun of it was gone without my colleagues around me, so I quit last September.
I noticed I was all burned out, had worked far too much, so I decided to take a few months off and figure out what I wanted to do with my life. I even wondered whether I wanted to stay in programming.
Fast forward to last few weeks. I figured out I actually did want to work in software still, but now I would focus on getting the right working circumstances. No more driving 3 hours every day, no more working 12 hours every day. Just work close to home and find a company with the right values.
So I started sending out resumes and I gave one recruiter the chance to arrange some interviews too. I spoke to 7 companies in the span of one week. And they were all very interested. Eventually I narrowed it down to 2 companies and asked them for offers. And the company that actually had my preference offered me significantly more than I asked for, which settled the deal.
So tomorrow I'm officially signing with them, and starting next week I'll be developing in Kotlin, diving into functional programming and running our code in serverless environments. I'm very excited! -
Our team - if ever existed - is falling apart. Pressure raising. Release deadline probably failing. No release ready for Big Sur.
Almost seemed we were getting somewhere: More focus on code quality, unit tests, proper design, smaller classes. But somehow we now ended up in "microservice" hell; a gazillion classes, mostly tested in isolation, but together they just fail to do their job. A cheap and dirty proof of concept from March is still more capable than this pile. I really start to doubt all that "Clean code", TDD, Agility rhetorics. What does it help you, if nobody cares for the end result? It's like a month I try to hammer down that message: we have to have testable artifacts, we have to ensure code signing works, our artifact is packaged and installable, we have to give QA something they can test - but time just passes and this piece of shit software is still being killed or does nothing.
Now my knee is broken and can do no sports and are tied to my chair even more. To top it all my coffee machine broke and my internet connection was abysmal this week. Not the usual small disconnects, after which it would recover, but more annoying and enduring: often being throttled to 1.7 MB/s (ranking my connection in the slowest 7% even in Germany). My RDP sessions had compression artifacts all over the screen and a mouse click would only take effect 5 sec later.
But my Esspresso machine was just repaired. Not all hope is lost.7 -
Finnegan | devRant Clone
Tech stack: Python, aiohttp.
Some of the rants from devRant were taken.
It took her 8 hours.
Finnegan supports: signing up, logging in, ranting, commenting.
Demo: https://2149-2a02-a420-28-a787-9-3da3-b9be-9dba.ngrok-free.app/...
Source code: https://github.com/retoor1337/...
---
🔄 Reposted from https://kbin.melroy.org/m/drbboard/...
🗳️ Vote in the comments!18 -
Things that make you regret you are not a normal grunt in any other fucking job outside of software development...
Few years back we had the biggest customer ever close to signing contact with us (b2b). They had a CRM they wanted to connect to our CRM because their users didn't want to use IE with ActiveX anymore, the old software was a fucking RDP over IE to a server behind a VPN.
Boss brags how we can implement every API on Earth with our team and gets the contract signed. Technically not a lie but we agreed on a company meeting a few month prior to not implement each API for every customer but expose one ourselves because we had enough big customers on that one software to not want 100+ unique API connectors in our code.
So we apparently agreed to not only build our side of the API but also pay 2/3 of the bill of the other company for implement their shitty excuse of an API...
Fast forward a few month, talking to the other companies dev daily to get their API up and running, our part is long done. Finally get things set up and data flows... suddenly shit hits the fan. That shitty excuse of CRM can't expose the created and modified timestamps to the API. Webhooks never got implement and now we have no way of knowing which data changed because their side is completely passive.
Fast forward to a few weeks back. Still no solution. Shit is running, barely. Data inconsistency is low because everyone knows they should never change things in the old CRM because the changes might not be synced. (Only one indictor is a custom modified date on the main customer data that only updates if the main data was changed but there are 20+ different possible subsets. Can't get changes in subsets detected, like ever)
One fucking grunt updated 129 customer-profiles in the old CRM. Nothing was synced.
They still use the old shit for billing.
Their it-crowd-guy calls me up:
"Sorry but we need to generate the bills tomorrow and there seems to be some kind of desynchronization between the databases"
No shit? Someone did exactly what we told you not to do and now that one thing we warned you about happened but now it's our fault? Use the fucking force sync button we built for that purpose and that purpose alone. It will only take 7 days because that fucking SOAP API is slow as fuck and you have millions of datasets to sync...
Fml I might just try and jump out the window, sounds like a lot of fun in days like this.
tl;dr never implant against dynamics ax aif soap API if you want to keep some basic level of sanity2 -
New twist on an old favorite.
Background:
- TeamA provides a service internal to the company.
- That service is made accessible to a cloud environment, also has a requirement to be made available to machines on the local network so you can develop against it.
- Company is too cheap/stupid to get a s2s vpn to their cloud provider.
- Company also only hosts production in the cloud, so all other dev is done locally, or on production non-similar infra, local dev is podman.
- They accomplish service connectivity by use of an inordinately complicated edge gateway/router/firewall/message translator/ouija board/julienne fry maker, also controlled by said service team.
Scenario:
Me: "Hey, we're cool with signing requests using an x509 cert. That said, doing so requires different code than connecting to an unsecured endpoint. Please make this service accessible to developer machines and lower environments on the internal network so we can, you know, develop."
TeamA: "The service should be accessible to [cloud ip range]"
Me: "Yes, that's a production range. We need to be able to test the signing code without testing in production"
TeamA: "Can you mock the data?"
Me: "The code we are testing is relating to auth, not business logic"
TeamA: "What are you trying to do?"
Me: "We are trying to test the code that uses the x509 you provide to connect to the service"
TeamA: "Can you deploy to the cloud"
Me: "Again, no, the cloud is only production per policy, all lower environments are in the local data center"
TeamA: "can you try connecting to the gateway?"
Me: "Yes, we have, it's not accessible, it only has public DNS, and only allows [cloud ip range]"
TeamA: "it work when we try it"
Me: "Can you please supply repro steps so we can adjust our process"
TeamA: "Yes, log into the gateway and try issuing the call from there"
Me: (╯°□°)╯︵ ┻━┻
tl;dr: Works on my server -
Spending 2 days trying to figure out why code signing wasn’t working when deployment is started from teamcity. Every time I tried manually it worked, but through teamcity it just kept telling me that no certificate could be found.
I finally twigged what the problem was, my code signing certificate is smart card based and you can’t access it if is requested from a RDP session. I had launched the teamcity build agent from an RDP session a few days back without thinking…
Rebooted and started the buildagent via VirtIO VNC and low and behold it started working again. -
Tarball of source code from a big manufacturer served on their open src page...
They forgot to delete the .git subdir!
Private keys and signing tools for everybody!!!!
P.S It's fixed by now, don't get your hopes up :P1 -
Developing and deploying in Xcode is some Requiem for a Dream level bullshit.
I literally just de selected everything for managing automatic signing, and re-selected the EXACT SAME GODDAMN THING. And it worked. It’s literally some fucking shit you do when you are first learning how to code or learning a language and you keep flipping something but you don’t get exactly how it works.
But this is YOUR FUCKING FLAGSHIP development product. I shouldn’t have to check my goddamn inception totem to see if I’m dreaming or not because this kind of bullshit can’t be real life.
That being fucking said your bullshit forced shutdown also FUCKED MY ANDROID STUDIO INSTALLATION AND FUCKED MY $PATH. Thanks. Now NOTHING WORKS. Fuck you Apple. Between slowing my phone and the cluster or problems your shit is causing that are just random as hell and are plenty common because thank god people smarter than me have fixed them in SO by now, I am SO READY TO LEAVE THE APPLE ECO SYSTEM. If I didn’t have to use one of the boxes to push iPhone app updates I doubt I would touch one again.
Apple stuff looks good but at this point that’s about it. -
- assignment is to display a paragraph fit within a rectangle
- takes maybe 10 minutes to write
- 1 error preventing Xamarin Forms solution from building
- googles error and seems to be a version issue with a single package
- upgrade that single package
- 43 errors preventing solution from building
- reverts back to previous package version
- 76 errors preventing solution from building
- angrily turns off laptop and packs away things into laptop case
- talks shit about xamarin and all the annoying nuisances ive dealt with for this stupid mobile app class
- takes laptop back out because deadline is tomorrow and i have to make the solution build even though i want nothing to do with it
- laptop takes 2 hours and 14 minutes to load up Windows (no update or anything. Just me signing in like every other normal day)
- code builds first try without errors
- wait what the fuck
- concludes that i need only verbally intimidate electronics into submission from now on7 -
WTF is going on with twitter?!
- Yesterday I've Installed the app and tried to signup
- I've entered my birthday
- Entered phone number
- Wait for SMS...no SMS
- Tap resend...no SMS
- Wait half an hour...no SMS
- Tried few times...Started getting error: This number cannot be registered..
- Today I've tried again
- Phone number accepted
- Wait for SMS...no SMS
- Tried adding my number to a friend's twitter account...Received SMS code..
- Tried again signing up with my phone number, got error: This number cannot be registered..
- Tried from web, getting error: You reached your SMS limit try again in 24h...
How can I reach my f***** limit when I haven't even received a mail!
I've been trying to signup to twitter for 2 f**** days now with no luck, wtf is happening? it's a major social network for f*** sake.
And what's worse there is no way to send support mail, their "Contact US" page only has options for existing users..8 -
So in the last 2 hours I felt both frustrating and happiness, because of Xcode and code signing.
So what I did yesterday was removed all the Xcode certificates on my keychain because I had major issues getting the newest version of the certificates despite have auto signing enabled.
Without much notice until going to send the iOS app today through Fabric I came across an error while uploading the newest build :/
Googling it I found the same issue on stack overflow with only two answers one being fastlane, which just automated the process to the same error LOL
So anyways I found the solution and was quite happy about it :D I had to go to the apple developer website and download the right certificate DESPITE the auto signing ...
Anyways uploaded and done!
Also added a stack overflow answer in regards to it, I hope it helps someone out.
Oh and I emailed fabric to ask for help and 30 mins later emailed them basically saying NVM fixed it! Lol
Fuck you Xcode lol -
My do-over would be going to a different coding bootcamp. I wonder if I could be making more money if I went to a better school.
The one I did go to was a big scam. They were more obsessed with teaching you to pretend rather than teaching how to code. They pulled the wool over everyone’s eyes—the students, the volunteers, the donors, the community. They were very cult-like with mantras like “trust the process.”
I spent 9 months there, but I felt I was a year behind. I am not misspeaking. I would have to relearn basic concepts the right way because they taught them half assed or not at all. I didn’t realize I was behind until I went to interviews and bombed. Seriously, I learned more in a 40 hour free library coding class than I learned in 9 months at the school. Most of the interviews I was getting were for unpaid internships. The school was telling me to go for mid level roles.
I found out recently that they’re breaking the law by operating without a license. In my state code schools do need a license. There are screenshots going around of a letter from the education department. They’re defense is “they’re not a school.” They’re still open. I think ppl should be warned away, but there’s only so much I can do. And I know ppl will give this place the benefit of the doubt before taking any student accusations seriously.
The biggest red flag is they want students to pay up to 70k and bind them to payments for 8 years. I say it’s a red flag because this place is operating as a nonprofit. Shouldn’t a nonprofit not be charging 3-4x more than competitors? They’re definitely not going to give you 70k worth of services.
They really just exploit the poor and POC by signing them up for debt and knowing those ppl would not be able to pay even with a 100k job. They have a very poor understanding about how poverty works.
It had MLM/pyramid scheme vibes when they started making recruiting students a game. They give out tickets to their annual fundraiser or promote you on social media if you refer the most students to them.
I’m one of the lucky ones who was studying coding before I started at the school. Also, job searching is mostly luck, so I was lucky at that too. But I still had to take a job that paid below market. I still wonder what would happen if I went someplace else.
I don’t even put this place on my resume or LinkedIn. Even without these problems, it’s not like anyone would have heard of the place anyway.
No this place isn’t Lambda or Holberton school.5 -
API provider: include a signature based on these fields in this order. DO NOT ENCODE IT!
Implementation works a while, then..
*a wild apostrophe appears*
Signature no longer works.
API Provider: "oh, yeah we escape those."
Arrghhghghghhhghvhxmchsoxnsoxnwl
Not only is it a poor design for signing payloads, the documentation is shockingly poor in it.
Even the implementation example (which is supposedly from their code) doesn't account for any type of escaping or encoding.
Before anyone asks, I can't into details about the implementation.3 -
happy new year! what do yall have planned for this year? I'm thinking about writing me up a miniature jarvis to automate my Web Development business, nothing really special just automated invoices, website installs, calendar, contract signing, etc. where all I have to do is type up a requirement list and code2
-
Got the GitHub student developer pack in 10th grade (highschool)
I recently made an application for GitHub student developer pack which got accepted .
If you don't know what this pack is all about , let me tell you this pack gives you free access to various tools that world-class developers use. The pack currently contains 23 tools ranging from Data Science, Gaming, Virtual Reality, Augmented Reality, APIs, Integrated Development Environments, Version Control Systems, Cloud Hosting Platforms, Code tutorials, Bootcamps, integration platforms, payment platforms and lots more.
I thought my application wouldn't qualify because after reading the documentation , I thought that It was oriented more towards college and university students but nonetheless I applied and my application got accepted . Turns out all you need is a school -issued verifiable email address or proof of you current academic status (marksheets etc.)
After few minutes of the application I got the "pro" tag on my GitHub profile although I didn't receive any emails .
I tested it out and claimed the Canva Pro subscription for free after signing up with my GitHub account.
I definitely recommend , if you are currently enrolled in a degree or diploma granting course of study such as a high school, secondary school, college, university, homeschool, or similar educational institution
and have a verifiable school-issued email address or documents that prove your current student status, have a GitHub user account
and are at least 13 years old , PLEASE APPLY FOR THE PROGRAM .
Checkout the GitHub docs for more info..
Thanks !
My GitHub GitHub Username :
satvikDesktop
PS. I would have posted links to some sites and documentations for further reading but I can't post url's in a rant yet :(5 -
So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...
We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...
Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "
Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"
Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."
Me (disappointed) - "so, mostly DB, stuff?"
Him (smug and proud) - "yeup"
Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)
Never did I think I'd be happy to not get a job offer...1 -
To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.
If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.
I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑
The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?
I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.
I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.
I really needed to let it out.
I feel much better now.
Time to take out the stress ball :)1 -
What a delight to have to work on macOS. Not.
Took me two days to notarize our app bundle. The ultimate issue was a dead symlink inside the bundle which would make the codesign verify (with strict option!) fail, while verification of signing operation itself passed.
Notarization would just give generic error: not properly signes. -
We have been waiting for Apple to drop a new beta for 2 weeks! They better get us a new seed on Monday or I am going to lose my shit.
-
I am just student looking for job, and got this pre interview test:
Develop an Android or iOS app with login and password input field, download button, place for image we prvided.
... reading further:
What we are looking for in the code ?
internal quality:
-consistent formatting of the source code
-clean, robust code without smells
-consistent abstractions and logical overall structure
-no cyclic dependencies
-code organized in meaningful layers
-low coupling and high cohesion
-descriptive and intention-revealing names of packages, classes, methods etc.
-single small functions that do one thing
-truly object-oriented design with proper encapsulation, sticking to DRY and SOLID principles, without procedural anti-patterns
-lots of bonus points for advanced techniques like design patterns, dependency injection, design by contract and especially unit (or even functional or integration) tests
external quality:
-the app should be fully functional, with every state, user input, boundary condition etc. taken care of (although this app is indeed very small, treat it as a part of big production-ready project)
-the app should correctly handle screen orientation changes, device resources and permissions, incoming calls, network connection issues, being pushed to the background, signing deal with the devil :D and other platform intricacies and should recover from these events gracefully
-lowest API level is not defined - use what you think is reasonable in these days
-bonus points if the app interacts with the user in an informative and helpful way
-bonus points for nice looks - use a clean, simple yet effective layout and design
... I mean really ? and they give me like 2 days ?4 -
I'm in need of advice. I reckon this is no stack overflow but that's probably for the best as I wouldn't feel as comfortable posting there as I am doing it here. So, back to the question: I'm currently working with legacy code, written in .NET 2.0. This code is responsible for calling upon PEC services in order to finally create personal smart cards. I was tasked with the job of creating a repository system that would allow the program to call on the old legacy services or the new ones without any distinction. We are talking about SOAP services in both cases. The issues is: the new service definition is comprised of soap policies. This wouldn't be a problem per se, with more modern version of the framework, but with .NET 2.0? Yes, it is. It doesn't support policies and signing the body with a certificate right out of the box. How can I manage this? I feel like the only way would be letting the proxy class do its thing up until the very last moment: intercept the SOAP request before its sent and modify it according to the specifications. But I reckon this is very bad practice. Is there any other way out of this?
Thanks for anyone that would like to help. 🙂6 -
Finally some real vacation. Heavily needed. Can't stand that type of remote work any more. Our dailies and pull requests have become mere dick-measuring contests. Morally puffed statements about THE RIGHT way to do agile and clean code, and architecture. Endless vacuous, monologues, which they only endure so they can start our own - but shit just does not get done.
And then they don't want to invest only a day or some hours to get some integration tests running on more machines, which could save the one overworked tester we have a lot of work. But whatever. I've lost all motivation and hope. Shall they deal with their own shit. Maybe I just need more sleep or some antidepressants, because I'm really fed up with it.
Makes we wonder why I even fought this battle of the last two weeks, when thanks to Apple's changes in macOS's codesigning our new binary wouldn't run on any "real" machine. But according to them packaging and signing is only a trivial issue, nothing to do with code. Yeah, well, then they should do that shit themselves next time.1 -
!rant
Saw a few guys having some issues picking up on angular 2. There's currently a really good course on angular 2 that's about a week and a half old, so pretty up to date, on pluralsight. Just search for angular 2 and order by date.
For those who don't wanna/can't pay, you can get 3 months for free on it by signing up on Microsoft devtools. If anyone wants direct link just say it(not sure if allowed).
Btw, I'm not affiliated what so ever with pluralsight, although I really like it. Just passing some information specially regarding angular 2 which is a pain to learn due to legacy code.3 -
For all the iOS developers in here, Xcode 8.2.1 has a bug, when trying to sign an archive for store deployment, you will get an unexplained error saying "code signing fail", after for hours of frustration, tears and trial and error, I ended up signing it with xcode 7. I hope this helps2
-
When signing and completing the contract for a freelance gig requires much more effort then the actual work/code involved. Sorry I mean “independent contractor agreement”. 🙈
-
macOS - just nothing makes sense.
You try to go away from the deprecated stuff, use the new shinier API to stop and start services with launchctl (bootstrap/bootout vs. load/unload). And how does this stellar OS thank you for that? By crashing your service. Thanks for nothing.
From developer perspective this whole OS is just such a nightmarish clusterfuck. If you want to set up code signing with some special entitlements and you try to use the provisioning profiles as advertised, it's like pulling the one-armed bandit. It will plunder your coins and sanity. You try to compile it, it fails or the executable will be killed - you enable and disable the automatic codesigning in Xcode, or delete and download you old code signing cert and suddenly it works. It's just random - and you have to perform random walks on the Xcode project settings to make it run. So Apple turned us into Xcode clicking monkeys... -
There's a game to get some earning if someone wants to check it out this is the link:
https://goo.gl/QojLgQ
Also if you want to be in my team use this code when signing in:
dbrqrj5
Let's see how it goes, some friends had been paid this week, I'll see if I can get some screenshot of them, meanwhile get into the game LOL2