Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Client: "Hey we want you to integrate your product with our system."
Me: "Oh, OK. Where's your API?"
Client: "Here! We even have an outdated .Net SDK, we use XML."
Me: "Ok.. how do we authenticate? What's your OAuth 2.0 endpoint?"
Client: "O auth what?"
Me: " You know, the current standard for REST API authentication and authorisation"
Client: " What's REST?"
*Hungs up*8 -
If the time comes when the traditional signing in with email dies out, I don't know how long I'm gonna last to the Internet anymore. I never liked the idea of having my accounts associated with these giants especially with Facebook.
14 -
I fucking want to skin alive my engineering senior director and VP.
Fucking piece of shit people. Looking at their faces from behind the screen, I can sense them stink doneky balls.
They have made my life hell.
The entire tech architecture is absolute shit in nature and engineers cannot even build a single blue colour button without creating a major fuss about it.
Every single aspect of product is built kept in my only the engineer persona. Everyone else can go and suck a racoon's dick.
And they have no concept of tech debt. They just keep building and building stuff. And then build some more.
Entire engineering org is in rush to ship shit at the end of sprint and if they don't then VP and Director are pissed. So to keep those two half witted donkeys happy, these people ship garbage. And all they comment is "cool, very cool".
And hence, entire fucking product is built because it's cool irrespective of whether it solves a problem or not.
A single user role authorisation or authentication is so fucking complex that it would take an eternity for even a developer to figure what's happening.
Fucking toxic human wastes.
There's a company wide mandate to use a certain tech stack, design guidelines, and a vision that all teams have to align. But these faggots are going in opposite direction to do what they feel like and forcing everyone else to ignore all other engagements or alignments with other teams.
These two people should be skinned alive in town square during noon and then left there until they dehydrate entirely. Fucking baboons.
I am so fucking pissed with such mindset.9 -
Ticket: “feature [x] doesn’t work”
Me: “I’ll need more details: how do I reach feature [x]? In which of the three projects you assigned me is that?”
Manager: “the design is in the ticket”
Me, in my head: “can you effin listen to what I told you before giving air to your mouth?”
Me, in person: “yeah I just need to know which project this refers to and how to reach it”
Manager: “but you have to open the ticket as a separate page!”
Me: “sure!” *waits 15 min, opens a ticket for more details, assigns it to manager, flags as blocking, flags the other one as blocked*
5 mins later: details are given and I can proudly fox it by remembering the manager they have to login in order to see feature [x]
Later in the workweek:
Manager at 8:00 URGENT FEATURE! MUST BE DELIVERED BY EOD
Me, 10:00 “can jump on it, need authorisation for [a procedure]
Me, 11,12,13,15,16,17:30: pings for an answer
Manager, 17:58 “ah sorry didn’t see, we can do it tomorrow”
Is this the matrix? Am I being stopped from developing cause I am randomly accessing matrix’s code without knowing it? Is this the Truman show? And most importantly: can I please take part to a manager hiring session? I am curious to see how tf you hire such peculiar people.10 -
OMG! !rant!!!!
I already ranted about the elevator at home being stoooopid for opening doors on way up when you wanna go down..
But our work elevator is awesome!
I figured today that I can play with the authorisation light with the chip for the home elevator.. so from orange to green (work card) to red (home chip) to green to red... OMG!!! Awesome!!
Also the look of horror on coworker's face was priceless (work elevators have a tendency to malfunction as it is, without me playing with them)!!! xD xD xD16 -
I've just noticed something when reading the EU copyright reform. It actually all sounds pretty reasonable. Now, hear me out, I swear that this will make sense in the end.
Article 17p4 states the following:
If no authorisation [by rightholders] is granted, online content-sharing service providers shall be liable for unauthorised acts of communication to the public, including making available to the public, of copyright-protected works and other subject matter, unless the service providers demonstrate that they have:
(a) made best efforts to obtain an authorisation, and
(b) made, in accordance with high industry standards of professional diligence, best efforts to ensure the unavailability of specific works and other subject matter for which the rightholders have provided the service providers with the relevant and necessary information; and in any event
(c) acted expeditiously, upon receiving a sufficiently substantiated notice from the rightholders, to disable access to, or to remove from, their websites the
notified works or other subject matter, and made best efforts to prevent their future uploads in accordance with point (b).
Article 17p5 states the following:
In determining whether the service provider has complied with its obligations under paragraph 4, and in light of the principle of proportionality, the following elements, among others, shall be taken into account:
(a) the type, the audience and the size of the service and the type of works or other subject matter uploaded by the users of the service; and
(b) the availability of suitable and effective means and their cost for service providers.
That actually does leave a lot of room for interpretation, and not on the lawmakers' part.. rather, on the implementer's part. Say for example devRant, there's no way in hell that dfox and trogus are going to want to be tasked with upload filters. But they don't have to.
See, the law takes into account due diligence (i.e. they must give a damn), industry standards (so.. don't half-ass it), and cost considerations (so no need to spend a fortune on it). Additionally, asking for permission doesn't need to be much more than coming to an agreement with the rightsholder when they make a claim to their content. It's pretty common on YouTube mixes already, often in the description there's a disclaimer stating something like "I don't own this content. If you want part of it to be removed, get in touch at $email." Which actually seems to work really well.
So say for example, I've had this issue with someone here on devRant who copypasted a work of mine into the cancer pit called joke/meme. I mentioned it to dfox, didn't get removed. So what this law essentially states is that when I made a notice of "this here is my content, I'd like you to remove this", they're obligated to remove it. And due diligence to keep it unavailable.. maybe make a hash of it or whatever to compare against.
It also mentions that there needs to be a source to compare against, which invalidates e.g. GitHub's iBoot argument (there's no source to compare against!). If there's no source to compare against, there's no issue. That includes my work as freebooted by that devRant user. I can't prove my ownership due to me removing the original I posted on Facebook as part of a yearly cleanup.
But yeah.. content providers are responsible as they should be, it's been a huge issue on the likes of Facebook, and really needs to be fixed. Is this a doomsday scenario? After reading the law paper, honestly I don't think it is.
Have a read, I highly recommend it.
http://europarl.europa.eu/doceo/...13 -
Legacy code that has a really long and convoluted way of integrating Dropbox authorisation to save files etc.
This happened in a meeting discussing where I’m at with the upgrade.
Me: This upgrade is going to take a while because of how outdated the app is. Also for assets uploaded by the user why don’t we just use active storage for this now as we have rails 6 now. Plus it will reduce a lot of code.
Other Dev: why would we do that? It’s a big change and will need testing.
Me: A lot of stuff is broken after the upgrade anyway and if we have a more built in simple way to do it why wouldn’t we? Also simplifying the code base is always good. The PR is already 1000+ files and we’re going to have to retest the app anyways.
Other Dev: *crickets*
I’m trying to make the app more smooth and streamlined and overall a better codebase as currently it’s shocking there and security holes galore, its like they don’t trust me with changing anything big haha honestly I think I’m the only one who wants to actually improve the application.2 -
This rant is tribute to the guy who doesn't allow you to login to site before authorization..
the level of security one can never imagine 😂 -
Another tale of the legacy app, so I'm redoing the user roles using the cancancan gem.
Hop into a meeting to go over why I'm re-doing the authorisation, currently, the app is using the rails-authorization-plugin, yes from Rails 2.0.
me: *explains why this is the way to do it*
other dev: "Can we just fix the custom code we have added in that plugin?"
me: "Well given that it's a massively out of date plugin and we have a ton of deprecations, probably not"
other dev: "so let's try and fix it"
Christ, why are we still clinging onto 10+-year-old plugins if were going to keep getting errors when we upgrade?27 -
Only found this out after the fact, but an almost total lack of authorisation checks in an exposed API has got to be up there.
-
Facebook phasing out old instagram API made my life so much more fun. Now, to get a feed OW MY OWN ACCOUNT'S POSTS that I could filter by tags I need to go through two layers of authorisation - and then still go through ridiculous hops to get those goddamn tag lists. JESUS CHRIST. I hate Zuckerberg and I wish him a rusty guillotine when the time will come.4
-
#Suphle Rant 9: a tsunami on authenticators
I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day
With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)
It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.
BUT!
These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.
Whew
You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie
I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course
2 -
Backend wise
After a year and a half of working with what i love (nodejs microservices and bit of python) I have to update my php skills and refresh my memory with latest Laravel 😕 (I used it as an authentication/authorisation and REST backend for a react native app early 2016 and did not touch it since)
Passive Job hunting sux and yes PHP ain't my thing anymore 😔 i mean i have next to 6-8 years exp in it but given the choice... 😒
I used to love it (so many good memory with cakephp 😌🙄it teached me a lot early in my carrer) before I discover functional programming paradigm and got deep understanding of JS
Top Tags
Weekly Rant
View