|
Sapozhnik posted:type SomeEnum = ("shid" | "fard") & { something(): string }; fuuuuck.... (files this away for shenanigans later) At least we're in the right thread for this code.
|
# ? Aug 12, 2022 20:38 |
|
|
# ? Apr 27, 2024 18:53 |
|
Most languages don't currently support the idea of shared properties/methods across different options for enum/sum types which is something that you would need for this to make sense in a type safe way. (I think this is something that some functional languages have been adding recently so it will probably take a while to trickle down) Also in typescript you probably should be using a switch statement rather than if for enums. mystes fucked around with this message at 20:46 on Aug 12, 2022 |
# ? Aug 12, 2022 20:42 |
|
mystes posted:Most languages don't currently support the idea of shared properties/whatever across different options for enum/sum types which is something that you would need for this to make sense in a type safe way. If I can have pattern matching on a sum type I'm usually happy enough... It's better if I have row types, though...
|
# ? Aug 12, 2022 20:58 |
|
Corla Plankun posted:imo naming things isn't hard at all if you spend like 20 minutes thinking about stakeholders but in my experience most developers consider this act to be below them communicating with other people? no way, that stinks of liberal arts and the humanities
|
# ? Aug 12, 2022 21:15 |
|
MrQueasy posted:If I can have pattern matching on a sum type I'm usually happy enough... It's better if I have row types, though...
|
# ? Aug 12, 2022 21:43 |
|
Bloody posted:you've hated merging to master, and rebasing on master, so get ready for: squashing pull requests into master. master is one golden commit. get in or get out yea when one of my juniors has a feature pr with 35 commits when it should really be ~3, you bet i'm squashing that poo poo
|
# ? Aug 14, 2022 03:39 |
|
mystes posted:Row types are really cool. I'm not enough of a masochist to seriously try to use purescript, but when I messed around with it before, they were the one thing where I was like "holy poo poo this is amazing; why don't more languages have this?" the ocaml object system uses row types
|
# ? Aug 14, 2022 04:09 |
|
DELETE CASCADE posted:the ocaml object system uses row types I guess I should have said row polymorphism rather than row types but maybe there's also not the right term since I guess ocaml has some more limited form of row polymorphism mystes fucked around with this message at 04:42 on Aug 14, 2022 |
# ? Aug 14, 2022 04:37 |
|
if i dont use an orm what am i gonna do with all these rows? you better not think im going to write a for loop
|
# ? Aug 14, 2022 04:53 |
|
barkbell posted:if i dont use an orm what am i gonna do with all these rows? you better not think im going to write a for loop If you have row types, you probably have tail-optimized recursion and pattern-matching, so why would you even write a for-loop?
|
# ? Aug 14, 2022 05:30 |
|
barkbell posted:if i dont use an orm what am i gonna do with all these rows? you better not think im going to write a for loop you'll use a while reader.read() and you'll like it
|
# ? Aug 14, 2022 06:40 |
|
mystes posted:Most languages don't currently support the idea of shared properties/methods across different options for enum/sum types which is something that you would need for this to make sense in a type safe way. (I think this is something that some functional languages have been adding recently so it will probably take a while to trickle down) wild if functional languages are genuinely starting to explore the bold new frontier of features java had 18 years ago
|
# ? Aug 16, 2022 08:58 |
|
this week's major annoyance so far: we send files to another teams rest endpoint. For long reasons we send an Auth token that is just a base64 encoded fixed username and password. Yes in production. Yes I know. Go call our domain admins and tell them to unfuck the Kerberos implementation they have that means that our windows service account can't be authed by the recipients Unix server. so we send the files like 10x a day, 9x they work, 1x fails, but it's a different 1x every time. The return error is "token expired, couldn't authenticate", but the token is 100% static (and helpfully they returned it in the message so that's logged and I can decode it, lol). I have told them this now 5 times, and each time they go "but the error says token expired". Idk guys maybe look at what you're doing with the Auth token sent then? Like what do you even do with it? Are you binding with it and then caching another ticket? You are returning that error from your code so maybe go look at that? "but the error says the token is expired"
|
# ? Aug 17, 2022 19:30 |
|
in before Bob Dobbs tells me to quit
|
# ? Aug 17, 2022 19:31 |
|
Powerful Two-Hander posted:in before Bob Dobbs tells me to quit you should quite alternatively hit that endpoint 1000x more per day
|
# ? Aug 17, 2022 20:16 |
|
champagne posting posted:you should quite thanx
|
# ? Aug 17, 2022 20:16 |
|
I don't ever bother caching auth tokens unless it actually becomes a bottleneck someone complains about. Also, most REST API endpoints I see will utilize fixed usernames and passwords. It would be nice to use asymmetric crypto (I'm not a kerberos fan) and it's something that Sharepoint actually uses and is not bad as long as it works the first time. If it doesn't work, good luck decoding the error messages. But I wouldn't trust anyone to get that right except Microsoft (barely) and Google (barely better) because that stuff is a nightmare. I imagine that a future implementations of REST APIs would utilize SAML2 or something with delegated credentials or whatever so that the actual authentication is handled by an implementation that everyone trusts to work fine. And it's nice that SAML issues assertions that are actually signed with asymmetric keys. Or maybe OAUTH2 but I don't like the fixed string nature of the lifetime tokens.
|
# ? Aug 17, 2022 20:28 |
|
sb hermit posted:I don't ever bother caching auth tokens unless it actually becomes a bottleneck someone complains about. I think what's happening is that they're using the credentials to bind to AD but then caching the Kerberos ticket and reusing it with no timeout, because that's the only way I can see that they'd give a "token expired at" error that's 10 hours in the past from the call. I think other endpoint users are doing that bind locally and sending the ticket to them so the 'refresh' sits with them not the endpoint. We can't do that though because they can't do this for the type of account we use for some idiot reason. tbh I think the real problem is that they're using some hosed up Kerberos token implementation some guy home rolled as a way to cheap out on doing something properly and that then infested the company, and I'm tempted to tell them to go gently caress themselves about it. And probably will if they continue to bullshit me.
|
# ? Aug 17, 2022 20:46 |
|
sb hermit posted:I don't ever bother caching auth tokens unless it actually becomes a bottleneck someone complains about. for OAUTH2 you have JWT which is SAML but beshitted by json and javascript. You get the same signed assertions, but its json instead of XML. Most REST APIs from real companies use JWT bearer tokens for auth instead of actual username/pw basic auth. you do an auth against the IDP to get the token, and then use the token to access the API Powerful Two-Hander posted:I think what's happening is that they're using the credentials to bind to AD but then caching the Kerberos ticket and reusing it with no timeout, because that's the only way I can see that they'd give a "token expired at" error that's 10 hours in the past from the call. I think other endpoint users are doing that bind locally and sending the ticket to them so the 'refresh' sits with them not the endpoint. We can't do that though because they can't do this for the type of account we use for some idiot reason. this is what happens when you let linux into your environment. poo poo just goes totally fucko
|
# ? Aug 17, 2022 21:16 |
|
sb hermit posted:I don't ever bother caching auth tokens unless it actually becomes a bottleneck someone complains about. no, it will be basic auth and storing keys in the cookie forever
|
# ? Aug 17, 2022 22:15 |
|
isn’t saml for user-interactive logins? i’ve never seen it used for APIs
|
# ? Aug 17, 2022 23:05 |
|
cool av posted:isn’t saml for user-interactive logins? i’ve never seen it used for APIs what is a user? A miserable pile of API requests
|
# ? Aug 17, 2022 23:25 |
|
Powerful Two-Hander posted:that's the only way I can see that they'd give a "token expired at" error that's 10 hours in the past from the call. don't neglect the possibility of some time zone/datetime serialisation gently caress up!
|
# ? Aug 17, 2022 23:40 |
|
cool av posted:isn’t saml for user-interactive logins? i’ve never seen it used for APIs it was designed to be used for auth in SOAP and theres nothing that prevents you from using it as a bearer token for REST auth beyond convention that you use JWT instead. JWT is basically a trick to get web "developers" to use what is effectively SAML but in json instead. once JWT gained acceptance it was judged good enough and SAML is kind of relegated to web SSO stuff
|
# ? Aug 17, 2022 23:50 |
|
distortion park posted:don't neglect the possibility of some time zone/datetime serialisation gently caress up! could be! Certainly caught me out today when files got deployed by Jenkins with a timestamp 8 hours in the future because the job ran from a server in Asia somehow!
|
# ? Aug 17, 2022 23:55 |
|
99.9% of real world saml implementations are heavily browser dependent. ECP was introduced to try to bring saml beyond the browser. i started to add an exception for amazon, saying that awscli supported ecp, but that doesn't seem to be the case anymore if it ever was, as they suggest a 3rd party tool that implements saml ecp to get an sts token, so it's a 3rd class citizen there too.
|
# ? Aug 17, 2022 23:59 |
|
In saml for browser based sso, the token is generated at the idp and consumed at the sp. at no time does the browser need to know or care what is happening. It just passes the parameter as it was asked and the servers figure it all out. When you try to do SAML outside of the browser its almost always a case where the client needs to understand something even if its not the SAML itself. in the case of SOAP, even though you're using the same IDP and SP, the client needs to understand how to ask for the token and where to put it in the SOAP message. It should work fine, but it mostly doesnt because WSS seems to be way beyond most developers.. You also need a mechanism to authenticate the client which is fine if you're on windows and can just use windows auth, but anything else means you need a UI for user auth and you might as well have just done web poo poo instead fun SOAP/SAML story: i had a client a few months ago who wanted to get data from us via a SOAP web service on their end. Thats fine we do that all the time, but they wanted to use SAML auth and they wanted the token as request parameter on the SOAP method, not using WSS. but it was even dumber than that cause they didnt actually need SAML. We werent using an IDP, they just had me sign the token and give them our public key for verification. The assertions were ignored. I tried to explain that we could just use client certificate auth instead to get the same thing, but apparently their security team had already signed off on this fake saml thing and they wouldnt change it. on top of that they had me encrypt the token which was double pointless because there werent any assertions worth protecting and this was only ever going via TLS to their server which was immediately consuming it. And of course the key being used for TLS was the same as the key being used for token encryption. just so dumb, but an actual irl example of SAML being used as an authentication token for a web service.
|
# ? Aug 18, 2022 00:23 |
|
i lost my poo poo at the devs from this consumer endpoint today because their answer was "well maybe your code does something different sometimes?" Ah yes the old "computer decides to do something different at random" problem how could I forget we also had: "but you are not sending the token because the error message says token<null>" despite the Auth header being in the same message they returned ("so maybe you sanitise it?" I said "no no, we don't think so"), and "maybe the base 64 decodes differently sometimes?" which, lol, really?
|
# ? Aug 18, 2022 14:09 |
|
resign
|
# ? Aug 18, 2022 14:22 |
|
whenever someone says “i could not replicate this” it also means “give me something that replicates it” give them a curl statement that replicates the issue
|
# ? Aug 18, 2022 14:28 |
|
Powerful Two-Hander posted:i lost my poo poo at the devs from this consumer endpoint today because their answer was "well maybe your code does something different sometimes?" Ah yes the old "computer decides to do something different at random" problem how could I forget If you're not pulling at least 1M a year it ain't worth it. And if you are, you can find better.
|
# ? Aug 18, 2022 14:44 |
|
Powerful Two-Hander posted:i lost my poo poo at the devs from this consumer endpoint today because their answer was "well maybe your code does something different sometimes?" Ah yes the old "computer decides to do something different at random" problem how could I forget Maybe it's just haunted?
|
# ? Aug 18, 2022 14:45 |
|
Share Bear posted:whenever someone says “i could not replicate this” it also means “give me something that replicates it” A couple months ago we had an issue where it was possible for the client to race a cache, and our contractors couldn't replicate it because they were halfway around the world from our data center.
|
# ? Aug 18, 2022 14:46 |
|
Chalks posted:Maybe it's just haunted? I actually said this in our internal chat "what do they think it's ghosts or something?" leper khan posted:If you're not pulling at least 1M a year it ain't worth it. And if you are, you can find better. honestly this is just infuriating but not like a big massive stress, there's much dumber stuff out there. otoh if someone wants to pay me 1M to bollock people for stupid things I would take it!
|
# ? Aug 18, 2022 15:14 |
|
Powerful Two-Hander posted:I actually said this in our internal chat "what do they think it's ghosts or something?"
|
# ? Aug 18, 2022 15:27 |
|
leper khan posted:If you're not pulling at least 1M a year it ain't worth it. And if you are, you can find better. this but any dollar amount
|
# ? Aug 18, 2022 15:28 |
|
I'm down to be paid 1 megadollars a year
|
# ? Aug 18, 2022 15:29 |
|
I definitely joke about my code/environment being haunted all the time but actually trying to pass that kind of bullshit off takes some brass balls lmao.
|
# ? Aug 18, 2022 15:43 |
|
Sagacity posted:the worst kind of developer. "for some reason" it doesn't work, they say, apparently not realising that the reason is invariably them. you could turn that around though and see it as the poster saying "for some reason" it doesn't work to the people maintaining the server, when it works perfectly well for everyone else and they just need to sort out their credentials before sending it which they apparently can't do, for "reasons" mostly a devils advocate but it goes both ways
|
# ? Aug 18, 2022 15:58 |
|
|
# ? Apr 27, 2024 18:53 |
|
InternetOfTwinks posted:I definitely joke about my code/environment being haunted all the time but actually trying to pass that kind of bullshit off takes some brass balls lmao. on the other hand it is prudent to ask "did you change something?"
|
# ? Aug 18, 2022 16:20 |