Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "keys"
-
Storytime!
Manager: Hey fullstackchris, the maps widget on our app stopped working recently...
Dev: (Skeptical, little did he know) Sigh... probably didn't raise quota or something stupid... Logs on to google cloud console to check it out...
Google Dashboard: Your bill.... $5,197 (!!!!!!) Payment method declined (you think?!)
Dev: 😱 WTF!?!?!! (Calls managers) Uh, we have HUGE problem, charges for $5000+ in our google account, did you guys remove the quota limits or not see any limit reached warnings!?
Managers: Uh, we didn't even know that an API could cost money, besides, we never check that email account!
Dev: 🤦♂️ yeah obviously you get charged, especially when there have literally been millions of requests. Anyway, the bigger question is where or how our key got leaked. Somewhat started hammering one of the google APIs with one of our keys (Proceeds to hunt for usages of said API key in the codebase)
Dev: (sweating 😰) did I expose an API key somewhere? Man, I hope it's not my fault...
Terminal: grep results in, CMS codebase!
Dev: ah, what do we have here, app.config, seems fine.... wait, why did they expose it to a PUBLIC endpoint?!
Long story short:
The previous consulting goons put our Angular CMS JSON config on a publicly accessible endpoint.
WITH A GOOGLE MAPS API KEY.
JUST CHILLING IN PLAINTEXT.
Though I'm relieved it wasn't my fault, my faith in humanity is still somewhat diminished. 🤷♂️
Oh, and it's only Monday. 😎
Cheers!10 -
When writing a JavaScript guide, please don't use emojis as keys in objects. Or anywhere else in code. Zoomers will think it's common practice.
Just because you can, doesn't mean you should.
Sincerely,
everyone26 -
I'm fixing a security exploit, and it's a goddamn mountain of fuckups.
First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.
Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!
Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!
Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.
Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.
So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.rant security exploit root swears a lot actually root swears oh my stupid fucking people what the fuck fucking stupid fucking people19 -
Remembering a university lecture
Prof: "What are some other downsides of using polling instead of interrupts?"
Student: "The process has to wait until it gets polled."
Prof: "Exactly. When you click Ctrl+W, you want that tab to be closed immediately. You don't want the system to wait a few seconds for those keys to get polled and risk your mom looking at that tab."8 -
!rant
!!pride
I tried finding a gem that would give me a nice, simple diff between two hashes, and also report any missing keys between them. (In an effort to reduce the ridiculous number of update api calls sent out at work.)
I found a few gems that give way too complicated diffs, and they're all several hundred lines long. One of them even writes the diff out in freaking html with colors and everything. it's crazy. Several of the simpler ones don't even support nesting, and another only diffs strings. I found a few possibly-okay choices, but their output is crazy long, and they are none too short, either.
Also, only a few of them support missing keys (since hashes in Ruby return `nil` by default for non-defined keys), which would lead to false negatives.
So... I wrote my own.
It supports diffing anything with anything else, and recurses into anything enumerable. It also supports missing keys/indexes, mixed n-level nesting, missing branches, nil vs "nil" with obvious output, comparing mixed types, empty objects, etc. Returns a simple [a,b] diff array for simple objects, or for nested objects: a flat hash with full paths (like "[key][subkey][12][sub-subkey]") as top-level keys and the diff arrays as values. Tiny output. Took 36 lines and a little over an hour.
I'm pretty happy with myself. 😁6 -
CODING CODING CODING HAHAHA I LOVE PROGRAMMING BEING A LITTLE CODE SLUT. I LOVE SILICON VALLEY IM SUCH A QUIRKED UP LITTLE CODE SHAWTY LOOKING FOR SOME ALGOASS 🍆💦😩.
“Slams fists on keyboard”
I LOVE BEING A CUTE SCREEN TWINK, IMPRESSING PAPI CEO WITH MY FINGER COMBINATIONS. I LOVE PLEASING EXECUDADDY. 🍑😏🫦
“Takes keyboard in hand and slams it against desk until keyboard keys explode everywhere”
I LOVE WATCHING THE AMERICAN GOVERNMENT AND CORPORATE AMERICA FUCK MY ASS IN RETURN FOR PERSONAL PROFITS. 🤑☔️
*digs fingernails into the wall and claws off paint and then snorts it”
*pees and shits pants*
*cries in corner with extra agony*22 -
Hey. I have some steam keys I don't want, and I don't really have any friends to give them away to, so. Here you go!
I'll post them in the comments below.
Only redeem them if you actually want the game, and if you've used one please comment or upvote to let others know! Be kind, don't be greedy, honor system, etc. etc.27 -
There's this junior I've been training. We gave him a bigger task than we usually do
"How do I link an object in table X with the corresponding object in table Y?"
"How are objects in two tables usually linked? How did you link Y with Z in the first place?"
"Em... Foreign Keys?"
"Yup"
"But there's not foreign key from X to Y."
"Well, create one. You've got full creative freedom over this task."
I sometimes feel like Juniors are either completely careless about past code or overly carefuly with not editing any past code. Frustrating but adorable2 -
Thank God the week 233 rants are over - was getting sick of elitist internet losers.
The worst security bug I saw was when I first started work as a dev in Angular almost year ago. Despite the code being a couple of years old, the links to the data on firebase had 0 rules concerning user access, all data basically publicly available, the API keys were uploaded on GitHub, and even the auth guard didn't work. A proper mess that still gives me the night spooks to this day.3 -
Excerpts from "Bastard devops from hell" checklist:
- Insistently pronounce git with a soft "G" and refuse to understand people not using that pronunciation, the same goes for jithub, jitlab, jit lfs, jitkraken etc.
- Reject all pull requests not in haiku format, suggest the author needs to be more culturally open minded when offending.
- increment version numbers ONLY based on percentage code changed: Less than 1% patch increment, less than 5% minor increment, more than that major version increment.
- Cycle ALL access keys, personal tokens, connection strings etc. every month "for security reasons"
- invent and only allow usage of your own CI/CD language, for maximum reuse of course. Resist any changes to it after first draft release23 -
I’m LOLing at the audacity of one of our vendors.
We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.
At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.
That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.
And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.
WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.
So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.2 -
My first contact with an actual computer was the Sinclair ZX80, a monster with 512 bytes of ram (as in 1/2 kbyte)
It had no storage so you had to enter every program every time and it was programmed in basic using key combinations, you could not just write the commands since it did not have memory enough to keep the full text in memory.
So you pressed the cmd key along with one of the letter keys and possibly shift to enter a command, like cmd+p for print and it stored s byte code.8 -
Getting real tired of having to reteach the basics of relational databases to the same 2 people. You were brought in as the expert in databases and SQL Server, I shouldn’t have to teach you about effing primary keys, secondary keys, many-to-many relationships, and how to join the damn tables in a basic query. Your 5 years of experience are obviously a waste if all you did was select * from bullshit. This is the 2nd week and 22nd you’ve asked the same damn questions. Get your crap together and study your ass off if you don’t know. Google the error messages if you don’t remember how to solve it before coming to me with the same question a 23rd and 24th time. I’m not going to get any work done if all you do is ninja up behind me with your laptop in tow and just spout off the question that could be done over IM or a quick duckduckgo/google search. Headphones in = do not disturb ya rude mother duckers 🦆.4
-
I used to do some freelance work for a nonprofit. I’d do some website stuff and gallery sitting.
My friend was the gallery director. When she left, I decided to stop freelancing there and I dropped off the keys with the new director. I told them they could contact me later if they have questions about some things I implemented on the website. The new director thinks I’m a random freelancer and starts to BADMOUTH MY FRIEND, the former director.
Over a year later, the gallery assistant emails me asking about SSL warnings and cc’s the new director. WTF.
1) Those warnings were happening long before I left and long before I even started. 2) I am not your website support. I only invited contact for things I worked on. 3) The assistant already contacted Squarespace and Go Daddy for help and they gave her instructions.
I told her I didn’t set up their website and it sounds like she has the resources to resolve this on her own and she should contact Squarespace and Go Daddy if she needs more help. After all, you pay those companies for their services support and my time isn’t free.rant i didn’t set up your website that was happening before i touched anything my time isn’t free wk291 -
Macbook keyboard is shit
Especially european variant.
I want to see any person in the world that is braindead enough to think that making short left shift if favour of having abolutely useless button there is good.
This is the most stupid decision that could be ever made.
Not only the symbols used by that button are seldom used, they also are duplicated on they other keyboard keys. But shift is used all the time and must be big enough instead of that shit.9 -
I've lived in this apartment for four years.
Tomorrow I'm moving out.
I've never ever lost my keys.
But today, the day before I'm moving out,
I LOOSE MY FUCKING KEYS!?!!?
What the actual fuck is this? If there is a god, which I'm quite sure there is not, fuck you!30 -
Dev: Woah look at this code! I might be a genius!
Also dev a few months later: Woah WTH is this shit? Was I totally dumb or what?2 -
Yet another reason to design my own keyboard..
I get the most expensive keyboard out there, and guess what, it stops working correctly when it collects a bit of dust and hair..
Meanwhile my 35 year old IBM Model M, you could eat on it for 10 years and it would still function just fine !
My new keyboard, the roller wheel starts to act up, no problem, I'll just take it apart and clean it..
Once I find all the hidden screws with odd sized screw heads..
And then find out you can't take it all apart easily to gain access to the parts you want to clean.
And then find out, the parts you do want to clean, don't seem to come apart for cleaning..
Lets drip some cleaning fluid there anyhow and hope for the best !
That worked, for now..
So badly designed !
Oh did I mention how its a split keyboard, and the addon part doesn't have a locking mechanism, so you need to use blutak to hold it together..
Who designs this shit !
And that is before I mention how windows updates screwed with the keyboard settings so I suddenly got bounce issues !
It's supposed to be a bounce free keyboard !
And it doesn't work in my BIOS because its USB.. ( Even though USB is supposed to be supported.. )
So, why doesn't someone design a USB and PS/2 keyboard !
Did I mention how the keyboard font is too small to read without glasses..
Or how the back lit keys bleed light all over the place, and don't just shove iit through the keytops.
And, now my iii is acting up repeating itself..
My IBM model M was never like this !
But it isn't backlit..
Nor does it have a left handed numberpad..
But then, this doesn't have a real left handed numberpad, its just a right handed one on the left side, so my thumb is in the wrong place !
Apart from that, its fine...
Oh, except, don't use the app that comes with it, or rather, don't leave to runnning, or it crashes your PC..
But its fine to set up the keyboard with. :-)25 -
FUCK YOU PHP, FUCK YOU SYMFONY AND DEFINITELY FUCK YOU SHOPWARE.
Don't get me wrong, PHP has evolved a lot, but the stuff people are building with it is just the biggest load of fucking shit I have ever seen: Shopware. Shopware is the most ass-sucking abomination to extend. It's nearly impossible to develop anything beyond "use the standard features and shut the fuck up" that is more sophisticated than a fucking calculator.
The architecture of this pile of crap is the worst bullshit ever. A mix of OOP, randomly making use of non OOP concepts and features together with the unnecessarily HUGE amount of useless interfaces and classes. Sometimes I feel like it's 90% fucking shitty boilerplate shit.
And don't get me started with TWIG. It's a nice thought, but WHY THE BLOODY FUCK WOULD YOU NOT USE VUE IF YOU ARE ALREADY USING IT FOR A DIFFERENT PART OF SHOPWARE. This makes no fucking sense whatsoever and makes development of new features a huge pain in the ass. I can't comprehend how people actually like using this shit.
OH AND THE DATABASE. OH MY FUCKING GOD. This one is bad. Ever tried to figure anything out in a database where random strings (yes MySQL "relational" - you might think) that are stored as text in a JSON format make up some object or relations during runtime?? Why the fuck do you have foreign and primary keys if you don't use them properly??
Seriously you can't even figure out which data belongs to what because the architecture just sucks fucking ass. FUCK YOU Shopware wankers, you suck, your product sucks, your support sucks, your architecture sucks and you keep releasing new versions that regularly break shit even in minor versions.
I used to like PHP, but not in projects like these.6 -
Spent about 3 hours yesterday trying to update ArchLinux (I wanted to update a certain package). Something to do with slow/failed mirrors timing out. Updated the mirrors in a not ideal way (https://gist.github.com/vodik/...). Then got package conflicts, of course. Then something about package cache. Then used `reflector` to update the mirrors. Then got another problem with the PGP keys. And finally, the update completed and now I can open vlc to watch the office...6
-
Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.
But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.
How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.3 -
I like the clicks of mouse, the taps of keys, sound of central cooling, the low tone conversations but if someone near me is in a long meeting and constantly talking, I NEED my headphones with music blasting
-
Oh look I'm posting the same thing again because all logical patheways lead to the same fucking place.
Sort of binary tree with a few keys added visualized.7 -
Keyboard just got an update..
Now I can't tell when my number lock key is on, since all the keys are the same brightness level !
Grrrr.7 -
This is a test rant. 2 keys stopped working without warning, so I'm trying 2 get used 2 using the new, remapped layout.
I mapped W to rightmost of the top row and 2 to the 2nd rightmost, both of which were previously diacritic versions of existing letters.7 -
I must have offended Satan or something, but I'm pulling my hairs out over this client data that feels like a fractal of bad validation invented to torment me. Misspelled field names, improperly combined fields, entries in the wrong column, impossible addresses, non-matching staging and production data / keys, invisible freaking characters that ruin automated matching - every dam thing you fix and the next one hits you in the face like a clown stepping on a rake. Jesus.1
-
When I found out that the server I use weirdly implements SSH login.
For some very odd reason (probably a historical one,) you have to access the web-app console and press a button TO GRANT SSH ACCESS TO THE F*<KING IP ADDRESS FROM WHICH I PRESSED THE BUTTON. The server blocks the wrong IP addresses outright. And only one active allowed IP at a time. This totally obliterates my plan to perform CD on this server. Why can't I just register public keys?
Then I learned several months later that they introduced a new server plan that *does* support the public-key registration. :facepalm:
I'm divided on whether to change my plan in exchange for a rather significant increase in the monthly cost.3 -
So i have been thinking..
SQL is a lang that runs on a specific software on the server, and helps creating data stores(databases and tables) that can be queried & manipulated.
is there a way to run sql like queries on the client side with no interaction from backend at all?
Say i have 5 inter related data models. in a backend world, they will form nice little tables of a db with all their joins and composite keys. from the server, i shall be querying them like "SELECT name from x where y=z & ..."
but what if i could store them like tables in browser memory and run the same query filters via a query language... is this possible?
i know this poses a certain security risk, but we already use cookies, local storage and a lot of json based shitty client side storages. surely it might be possible to have a lesser optimised sql tables on the frontend with extremely good querying capabilities?
or am i talking something far fetched here?8 -
My phone was stolen so that's why I wasn't getting here to rant about this, but today I had to make a back up and remembered.
adminer's export function doesn't export the tables in the correct order for import. Doesn't take foreign keys into account.
Dude, that's the whole point of a relational database, relations between tables; if you don't take that into account then what's the point?
Is this the same for the rest of database managers or is it just adminer? Please tell me this isn't normal.4 -
At the very start when I learned my first language. Didn't know where to find the "{" and "}" keys on the keyboard. Thought I would never be a dev, since I couldn't write a program without those keys.
Or when I didn't understand the notation of accessing values inside an array. Thought things like array[0] would do some magic to the array and didn't know how to access other parts of an array. I was following a book back then. -
In most businesses, self-proclaimed full-stack teams are usually more back-end leaning as historically the need to use JS more extensively has imposed itself on back-end-only teams (that used to handle some basic HTML/CSS/JS/bootstrap on the side). This is something I witnessed over the years in 4 projects.
Back-end developers looking for a good JS framework will inevitably land on the triad of Vue, React and Angular, elegant solutions for SPA's. These frameworks are way more permissive than traditional back-end MVC frameworks (Dotnet core, Symfony, Spring boot), meaning it is easy to get something that looks like it's working even when it is not "right" (=idiomatic, unit-testable, maintainable).
They then use components as if they were simple HTML elements injecting the initial state via attributes (props), skip event handling and immediately add state store libraries (Vuex, Redux). They aren't aware that updating a single prop in an object with 1000 keys passed as prop will be nefarious for rendering performance. They also read something about SSR and immediately add Next.js or Nuxt.js, a custom Node express.js proxy and npm install a ton of "ecosystem" modules like webpack loaders that will become abandonware in a year.
After 6 months you get: 3 basic forms with a few fields, regressions, 2MB of JS, missing basic a11y, unmaintainable translation files & business logic scattered across components, an "outdated" stack that logs 20 deprecation notices on npm install, a component library that is hard to unit-test, validate and update, completely vendor-& version locked in and hundreds of thousands of wasted dollars.
I empathize with the back-end devs: JS frameworks should not brand themselves as "simple" or "one-size-fits-all" solutions. They should not treat their audience as if it were fully aware and able to use concepts of composition, immutability, and custom "hooks" paired with the quirks of JS, and especially WHEN they are a good fit. -
I had the funniest thing today... So our company has some servers off somewhere in a VPN, as well as one server in our own office.
So, for simplicity, S1 is my own laptop, S2 is our office server, S3 is one VPN server, and S4 another.
I want to get a file from S2 to S4. S1 can SSH into S2 and S3, S2 can't ssh into any server, S3 can ssh into S2 and S3, and S4 can't ssh into any server.
So to get a file from S2 to S4, I took the path
S1 pull from S2 -> S1 push to S3 -> S3 push to S4
Part of it was preexisting keys meaning it was easier to send S1 to S4 via S3 than get my pubkey from S1 onto S4, but also S2 not being on the VPN meant I couldn't go straight from S2 to S3 or S4, so I had to route through S1, which I could add to the VPN (I'd sshed into S2 from home and thus couldn't put it on the VPN not to mention permissions, whereas I could put S1 easily onto it)
Twas certainly a fun time :P
Plus, port forwarding from a Docker container on S2 to S2's port to S1's port via ssh was fun to get set up.
Time to document this process :)2 -
JS has
dynamic object literal keys
String object literal keys
Why aren't template literal keys allowed, and _why_ isn't there a proper error message for them?7 -
Hi there, my 2 cents to rant on WWDC :)
- Check time? My big head is in the way.
- Work tabs... Why is my Wordle in the list?
- Edit message ... Good bye iMessage memes :(
- Dictation. Hello Jarvis. Hi CIA. Sup 0-day devs
- Live Text. Indian tutorials are now just a copy paste away
- Wallet keys sharing through messages 🤌
- Family. Send more screen time through messages (goodness this messaging app is becoming less green)
- Shared libraries in photos, lovely, now your aunt knows you love visit and taking photos of the neighbor (if you forget to turn it off)
- CarPlay, this will need screen time soon, ui so beautiful you gonna plan a journey by tinkering with the dials
- Check time (part 2) on the iwatch, My big head is still in the way
- Fitness app, Sleep app, Health app, Medication app, mmm lovely but still cant put my confidence in AI
- M2, saw it coming. Spec: scaringly powerful.
- isnt the midnight MacBook air elite?! But the notch tho. Magsafe is back, more thin, this thing looks fragile.
- Did they show a game running lower than the videos fps on purpose? Hmmm
- Ventura's stage manager, xbmc vibes
- Is that Facetime attachment free? Is there a subscription to continuity camera?
- Tab Group Collaboration, hehe, "they can see which tabs you're looking at" hehehe
- Free Form: bloatware
Meh, I cant rant more, honestly the new features look good.1 -
I recently came across this article with some basic security advices, like use 2fa security key, encrypt your USB keys, don't use untrusted USB chargers / cables / ports (or use a data blocker cable if you need to charge your device). It made me think, how relevant are the USB-related threats and risks today? Do people really still use and carry so many wired USB devices, and just drop or plug them wherever?
The last time I used an USB device to transfer some important data was probably over 10 years ago, and for the love of god I don't know anyone who still carries an USB key with sensitive data with them on a daily basis, much less actively uses it. Besides, whoever still does that probably puts their USB key on the same keychain as their ID / access tag and a bunch of other keys (including a 2fa device if they use one) - they're not going to lose just some sensitive data, they're going to lose authentication and physical access devices as well, and that could turn a small data leak into a full-scale incident, with or without an encrypted USB device.
I'm also not sure about untrusted USB cables and ports, from what I've seen the USB outlets and cables are pretty much non-existent in public places, most places offer wireless charging pads instead (usually built into a hand rest or table surface).3 -
I am busting moves rn. I'm in the bathroom but the surge of energy is making me pump my arms like the time Leo Messi scored a clutch winner against Valencia in 2019
Remember the plugin I referred to in this rant? https://devrant.com/rants/6019851/...
Yup! I managed to subdue that fossilised codebase. Effected all changes required. To have a rough idea about how ancient the code is, its classes use constructors predating PHP 5. It throws away the ~15 years of autoloading, view templates, routing engines, DI, ORMs (NO PDO!!), lower-cased multi word variable names, etc. I'm looking at SCRIPTS with raw functions north of 4-600 lines. The client insisted I zip the folder across
BUT! The good news is, we surmounted it. In fairness to them, it's commendable for one man to have pulled this off. The codebase is massive and appears to have been predominantly written by some Gideon dude. Who knows where he is now
There is one pattern I appreciate –something I wish Transphporm does–some segments of the rendered view are composed using class methods ie instead of having the HTML file mixed with templating syntax, you have class methods that receive the raw data. Then you can extend this class as you wish, overriding just the method that composes the segment you intend to modify. That was elegant to work with. But it can become dreadful if the class expects a specific structure of data (an array with weird keys) that you have no access to sourcing
So, I finally get to enjoy one good evening in 2/3 weeks. I called 2 friends to express an emotion that's not gloomy, but they were unavailable. Will probably get some sleep4 -
This is a repost of an original rant posted on a request for "Community Feedback" from Atlassian. You know, Atlassian? Those beloved people behind such products as :
• Thing I Love™
• Other Thing You Used One Time™
• Platform Often Mentioned in Suicide Notes, Probably™*
Now this rant was written in early 2022 while I was working in an Azure Cloud Engineer role that transformed into me being the company's main Sysadmin/Project Manager/Hiring Manager/Network Admin/Graphic Designer.
While trying to simultaneously put out over 9000 fires with one hand, and jangling keys in the face of the Owner/Arsonist with the other, I was also desperately implementing Jira Service Desk. Normally this wouldn't have been as much of a priority as it was, but the software our support team was using had gone past 15 years old, then past extended support, then the lone developer died, then it didn't work on Windows 10, then only functioned thanks to a dev cohort long past creating a keygen....which was now broken. So we needed a solution *now*.
The previous solution was shit of a different tier. The sight of it would make a walking talking anthropomorphised sentient puddle of dogshit (who both eats and produces further dookie derivatives) blush with embarrassment. The CD-ROM/Cereal Box this software came in probably listed features like "Stores Your Customer's First AND (or) Last Name!" or "Windows ME Downgrade Disk Included!" and "NEW: Less(-ish) Genocide(s)"!
Despite this, our brain/fearless leader decided this would be a great time to have me test, implement, deploy, and train everyone up on a new solution that would suck your toes, sound your shaft, and that he hadn't reminded me that I was a lazy sack enough lately.
One day, during preliminary user testing I received an email letting me know that the support team was having issues with a Customer's profile on our new support desk. Thanks to our Owner/Firestarter/Real World Micheal Scott being deep in his latest project (fixing our "All 5 devs quit in the last 12 months and I can't seem to hire any new ones" issue (by buying a ping pong table)), I had a bit of fortuitous time on my hands to investigate this issue. I had spent many hours of overtime working on this project, writing custom integrations and automations, so what I found out was crushing.
Below is the (digitally) physical manifestation of my rage after realising I would have to create / find / deal with a whole new method for support to manage customer contacts.
I'm linking to the original forum thread because you kind of need to have the pictures embedded in said reply to get really inhale the "Jira-Rant" ambiance. The part where I use several consecutive words as anchor links to tickets with other people screaming into the void gets a bit sweet n' savoury too - having those hyperlinks does improve the je ne say what of it all.
bit.ly/JIRANT (Case Sensitive)
--------------------------
There is some good news at the end of this brown n' squirty rainbow though!
Nice try silly little Jira button, you can't ruin *my* 2022!
• I was able to forget all about Jira a month later when I received a surprise vacation home! (To be there while my Mom passed away).
• Eventually work stress did catch up to me - but my boss thoughtfully gave me a nice long vacation! (By assaulting *while* firing me (for emailing in a vacation request while he was a having a bad (see:normal) day))4 -
question to my male homies (or ladies too, if you are equally violent) hey what are your thoughts about someone fucking with your priced possession? you might not have a generic answer, so here are some specific scenarios:
1. some random drunk guy intentionally keys your car/breaks a headlight and you see it.
2. some guy teases /touches your girl/wife/SO/kid inappropriately.
3. some guy drops your phone and breaks screen.
my personal angry reaction for above things could go from either slapping/punching a guy to possibly do him a permanent damage (break arm,leg,nose,hand etc). i am not a violent guy , but some things matter more than a crime i guess (although, does it really count as a crime tho?)
i feel we can give a very these violent reaction for 2 reasons : these possessiona are so damn expensive that we genuinely get hurt and want an instant revenge and secondly we don't trust the judiciary to give a worthy punishment
i asked a friend of mine a simialar question and his violence meter is even lesser. he (20 at that time) once slapped his 50 year old neighbour coz they entered his home and started shouting at his dad, another time caused a big scene on a T-point as an auto driver accidentally dented his car while turning (the car was 2 days old)13 -
I have the following scenario with a proposed solution, can anyone please confirm it is a secure choice:
- We have critical API keys that we do not want to ship with the app because de-compiling will give access to those keys, and the request is done before the user logs in, we are dealing with guests
Solution:
- Add a Lambda function which accepts requests from the app and returns the API keys
- Lambda will accept the following:
1. Android app signing key sha1
2. iOS signing certificate sha1
- If lambda was able to validate them API keys are sent back.
My concerns:
- Can an attacker read the request from the original (non-tampered) apk and see what the actual sha1 value is on his local network?
- If the answer to the question above is yes, what is the recommended way to validate that the request received is actually from the app that we shipped and not from curl/postman/script/modified version of the app11 -
Question about cache (Redis or other distribuated cache).
So I would like to find a solution with “Partioning”. But without code it my self (ofc)
Ok, example :
In the application you have clients, each client has users, each user has role.
So right now it’s in the cache with the keu “User:<userId>” = role
Sometimes, when you change client settings, all entries should be removed.
So what I would love to have :
Client_Id/UsersRoles/UserId as a key
And I would love to be able tp delete “all keys after /” :
Basiclly delete client_id/ would delete everything in cache for this client
Delete client_id/UserRoles will clean up all saved roles.
I’m pretty new working with redis, but it doesn’t seem possible out of the box.
Any reading material I could read ?4 -
Editor [neovim](I know, I'm a degenerate) suddenly stopped responding to all mapped keys and after a while of closing and opening it, commenting out plugins,... it started working again. No idea what happened there!4
-
#Suphle Rant 7: transphporm failure
In this issue, I'll be sharing observations about 3 topics.
First and most significant is that the brilliant SSR templating library I've eyed for so many years, even integrated as Suphle's presentation layer adapter, is virtually not functional. It only works for the trivial use case of outputting the value of a property in the dataset. For instance, when validation fails, preventing execution from reaching the controller, parsing fails without signifying what ordinance was being violated. I trim the stylesheet and it only works when outputting one of the values added by the validation handler. Meaning the missing keys it can't find from controller result is the culprit.
Even when I trimmed everything else for it to pass, the closing `</li>` tag seems to have been abducted.
I mail project owner explaining what I need his library for, no response. Chat one of the maintainers on Twitter, nothing. Since they have no forum, I find their Gitter chatroom, tag them and post my questions. Nothing. The only semblance of a documentation they have is the Github wiki. So, support is practically dead. Project last commit: 2020. It's disappointing that this is how my journey with them ends. There isn't even an alternative that shares the same philosophy. It's so sad to see how everybody is comfortable with PHP templating syntax and back end logic entagled within their markup.
Among all other templating libraries, Blade (which influenced my strong distaste for interspersing markup and PHP), seems to be the most popular. First admission: We're headed back to the Blade trenches, sadly.
2nd Topic: While writing tests yesterday, I had this weird feeling about something being off. I guess that's what code smell is. I was uncomfortable with the excessive amount of mocking wrappers I had to layer upon SUT before I can observe whether the HTML adapter receives expected markup file, when I can simply put a `var_dump` there. There's a black-box test for verifying the output but since the Transphporm headaches were causing it to fail, I tried going white-box. The mocking fixture was such a monstrosity, I imagined Sebastian Bergmann's ghost looking down in abhorrence over how much this Degenerate is perverting and butchering his creation.
I ultimately deleted the test travesty but it gave rise to the question of how properly designed system really is. Or, are certain things beyond testing white box? Are there still gaps in the testing knowledge of a supposed testing connoisseur? 2nd admission.
Lastly, randomly wanted to tweet an idea at Tomas Votruba. Visited his profile, only to see this https://twitter.com/PovilasKorop/.... Apparently, Laravel have implemented yet another feature previously only existing in Suphle (or at the libraries Arkitekt and Deptrac). I laughed mirthlessly as I watch them gain feature-parity under my nose, when Suphle is yet to be launched. I refuse to believe they're actually stalking Suphle3