Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "least privilege"
-
Living in a tiny house and having a remote-only job (and no lappy) means I get the wonderful, lovely privilege of working in my bedroom... with my 18mo (who will not leave me alone), and my girlfriend (who won't fucking leave). It's positively great!
Blasting music is often not enough to drown out the sound, and certainly does nothing for getting hit with toys or screamed at to get picked up, so I get basically nothing done during the day. And that's presupposing I'm not begged to run errands/go to lunch with her, both of which take precious hours. (She won't take the baby out alone, so she's always here unless we find a babysitter)
At least it's quiet after 9pm, so I stay up coding for as long as I can. But 18mo's wake up super early, and the girlfriend prefers to stay in the room until I'm up... so even with earplugs I don't get enough sleep. A monster a day and a bottle of Tito's vodka a month is all that keeps me sane.
Why can't I just be fucking left alone to fucking work? I'm our only goddamn source of income.
It's no wonder we're fucking broke.
And to make matters worse, I'm being downsized... and considering the above, I doubt I'll be able to land a new job. 😡15 -
I saw quite a bit ranting about SO now. So let's get things straight:
If you get _no_ answer, at least one of these is the case most of the time
a) a repost
b) too unspecified
c) needs rewriting to proper english
d) you dumped your whole project
I'm reviewing questions regularly on SO and never saw a good question ignored. There may be no answer but at least people trying to help in the comments. Also think about WHO answers your questions. All devs who help in their free time. Did you ever answered one question or even brothered to look now and then if there is someone you could help? There is no RIGHT to get help it's a PRIVILEGE.
So stop bullshitting and try to get shit done.8 -
I've just noticed an app review that I've given and would fit right into the wk123 (that's the insult one, right?).
"Biggest pile of junk that I've ever seen. You have one job! To register the fucking phone number (which you could get with Phone permission) and verify it (which you can do with the SMS permission) and you should either have the user do that once upon installation or you automate it entirely so that it can run in the background! You can fully automate this, and it's not that complicated that it needs 10 whole seconds of loading time in between! Heck, this pile of crap can't even continue into the main view after entering the verification code! You haven't published the source code (and maybe that's for the best) but if it was, I'd probably immediately get cancer by viewing your crappy spaghetti code. Dear developer, please take a step back and (re)join the PC tech support guys. You have no place in the development world."
To top it all off, that app currently only needs phone permission to verify my number (at least they've done that much). So I figured, I've already gone through that authentication flow so let's remove that permission to abide by the principle of least privilege.
Except that the fucking crapp just goes through the "requires phone permission" shit again whenever that permission removal happens. Fucking piece of garbage!!! That such spaghetti code fuckers even have a job, it boggles my mind.4 -
(long post is long)
This one is for the .net folks. After evaluating the technology top to bottom and even reimplementing several examples I commonly use for smoke testing new technology, I'm just going to call it:
Blazor is the next Silverlight.
It's just beyond the pale in terms of being architecturally flawed, and yet they're rushing it out as hard as possible to coincide with the .Net 5 rebranding silo extravaganza. We are officially entering round 3 of "sacrifice .Net on the altar of enterprise comfort." Get excited.
Since we've arrived here, I can only assume the Asp.net Ajax fiasco is far enough in the past that a new generation of devs doesn't recall its inherent catastrophic weaknesses. The architecture was this:
1. Create a component as a "WebUserControl"
2. Any time a bound DOM operation occurs from user interaction, send a payload back to the server
3. The server runs the code to process the event; it spits back more HTML
Some client-side js then dutifully updates the UI by unceremoniously stuffing the markup into an element's innerHTML property like so much sausage.
If you understand that, you've adequately understood how Blazor works. There's some optimization like signalR WebSockets for update streaming (the first and only time most blazor devs will ever use WebSockets, I even see developers claiming that they're "using SignalR, Idserver4, gRPC, etc." because the template seeds it for them. The hubris.), but that's the gist. The astute viewer will have noticed a few things here, including the disconnect between repaints, inability to blend update operations and transitions, and the potential for absolutely obliterative, connection-volatile, abusive transactional logic flying back and forth to the server. It's the bring out your dead approach to seeing how much of your IT budget is dedicated to paying for bandwidth and CPU time.
Blazor goes a step further in the server-side render scenario and sends every DOM event it binds to the server for processing. These include millisecond-scale events like scroll, which, at least according to GitHub issues, devs are quickly realizing requires debouncing, though they aren't quite sure how to accomplish that. Since this immediately becomes an issue with tickets saying things like, "scroll event crater server, Ugg need help! You said Blazorclub good. Ugg believe, Ugg wants reparations!" the team chooses a great answer to many problems for the wrong reasons:
gRPC
For those who aren't familiar, gRPC has a substantial amount of compression primarily courtesy of a rather excellent binary format developed by Google. Who needs the Quickie Mart, or indeed a sound markup delivery and view strategy when you can compress the shit out of the payload and ignore the problem. (Shhh, I hear you back there, no spoilers. What will happen when even that compression ceases to cut it, indeed). One might look at all this inductive-reasoning-as-development and ask themselves, "butwai?!" The reason is that the server-side story is just a way to buy time to flesh out the even more fundamentally broken browser-side story. To explain that, we need a little perspective.
The relationship between Microsoft and it's enterprise customers is your typical mutually abusive co-dependent relationship. Microsoft goes through phases of tacit disinterest, where it virtually ignores them. And rightly so, the enterprise customers tend to be weaksauce, mono-platform, mono-language types who come to work, collect a paycheck, and go home. They want to suckle on the teat of the vendor that enables them to get a plug and play experience for delivering their internal systems.
And that's fine. But it's also dull; it's the spouse that lets themselves go, it's the girlfriend in the distracted boyfriend meme. Those aren't the people who keep your platform relevant and competitive. For Microsoft, that crowd has always been the exploratory end of the developer community: alt.net, and more recently, the dotnet core community (StackOverflow 2020's most loved platform, for the haters). Alt.net seeded every competitive advantage the dotnet ecosystem has, and dotnet core capitalized on. Like DI? You're welcome. Are you enjoying MVC? Your gratitude is understood. Cool serializers, gRPC/protobuff, 1st class APIs, metadata-driven clients, code generation, micro ORMs, etc., etc., et al. Dear enterpriseur, you are fucking welcome.
Anyways, b2blazor. So, the front end (Blazor WebAssembly) story begins with the average enterprise FOMO. When enterprises get FOMO, they start to Karen/Kevin super hard, slinging around money, privilege, premiere support tickets, etc. until Microsoft, the distracted boyfriend, eventually turns back and says, "sorry babe, wut was that?" You know, shit like managers unironically looking at cloud reps and demanding to know if "you can handle our load!" Meanwhile, any actual engineer hides under the table facepalming and trying not to die from embarrassment.36 -
User: If we use Oauth2, can we audit exactly where this data is going and who sends it there, and in addition cam we audit who grabs that data from the Authenticating app and make sure it doesn't violate our requirements?
Me: No
User: Why not?
Me: Because thats like asking us to audit whether or not a user accessed files and then uploaded them to their personal drive instead of corporate. We don't mandate that application owners take responsibility for their data outside of their application, why would we require that in this case???
User: Uhhhhh
FFS the lack of understanding of application accounts here boggles my mind. I understand that the security concerns are real but throwing out all permissible contexts based on a mandate that we dont even apply to extremely permissive accounts (i.e. users compared to apps) is folly1 -
Woot, I've been banned from asking questions on StackOverflow. But hey at least I haven't lost the privilege to judge other people's questions.4
-
Infrastructure took away our read access in S3 to data that we own and our ability to manually delete/upload to S3 in that prefix (which we own). Without waiting for us to confirm that we have alternative means to read and change what is in there. And I had no warning about this, so here I am doing a midnight mod on an existing solution of mine in hopes that I can finish it before tomorrow morning for some legal reporting deadline.
Things would be so much easier if the infrastructure team let the emergency support role have those permissions for emergencies like this, but they didn't. I guess "least privilege" means "most time spent trying to accomplish the most trivial of things, like changing a file".8 -
My last company during the interview said I could do hybrid.
It was about 6 hours of public transport a day. One way was 3 trains and one bus. If everything went well. Which it almost never did. Had days where I had to travel 9 hours.
My whole plan was to move closeby but was going to lean on the hybrid to stay somewhat sane.
They said well we kind of want you to work in office only for a bit. I was like fair.
I went hard responding on home for months.
I asked if I could do hybrid now because it got to the point it really started affecting my productivity.
They said nah we dont do that here.
(They literally had hired an third party dev that was fully remote)
Month later I said wasn't it possible to do at least something.
They offered me 1 day every 2 weeks. Like that was gonna make a fucking dent you fucking crownies. I had to act like it was a god damned privilege.
I made it 9 months in before I was like I really can't do this anymore like this.
The CTO was very quick to move me to HR. They wanted me to mutually unwind the fucking contract.
They were saying well you've got this many vacation days left we'll add 2 days so you'll have pay next month.
Last day was friday where the CEO came to me. Was like here a little something.
A 10 fucking bucks amazon gift card. Are you fucking mental.
I was so fucking done with it.
Work should be a two way relationship you fuckers.
I always did my work. I did it well and it really felt like they just didnt even acknowledge me as a human.7 -
Eternal rest doesn’t help. I had the privilege to experience it once, but it’s only recently that I had a chance to reflect on it. Yes, when I have everything figured out and slip into neet lifestyle, I don’t find happiness.
Sooooo, I decided to establish a solid routine. It was Past Life by Tame Impala that inspired me: “I have a pretty solid routine these days, it just works for me”. I wanna be that person.
Here’s mine so far:
- Mon: ironing clothes
- Tue: revising laptop/phone contents, eliminating infoclutter
- Wed: tidying up online presence
- Thu: writing my book, at least one section at a time
- Fri: coding for personal projects that do/can make me money (I have three now)
- Sat: cleaning up the house, changing bedsheets
- Sun: rest1