|
|
Not as of now, but subject to change.
Bepo Man
|
|
|
|
|
If you are really looking to get out, you could work a deal with the boss to give up some of your salary each year to guarantee raises for “junior” to keep them around.
Start them at 30, with a guaranteed 5k raise each year for the next x years as you stop working Fridays, then Mondays, then…
If you find another job and decide to leave your boss will have added flexibility to retain the new hire.
|
|
|
|
|
I don't like computer jokes – not one bit.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: I don't like computer jokes OK, I'll byte. Why not? (Y!)
|
|
|
|
|
Me neither, they tend to RAM those SCSI jokes down our throats.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Disk kind of joke really bugs me. Get with the program! Your output will be monitored and if you do not comply you will be sent to the back of the bus.
( Oh Mother I’m board)
If you can't laugh at yourself - ask me and I will do it for you.
|
|
|
|
|
Short of a good return; let me float this by you: while() we push our luck, our pop-ularity may remain undefined.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
|
Anyone who tells hardware jokes is ASIC puppy.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
|
Like going to the PROM on the IDEs of March? Yeah I know that one ISA bit of a stretch, but I was getting ANSI.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
I diskn't think it would get this bad. Not sure if I have enough memory to deal with it.
However, I keyboard most of the time, so I'll try.
Repo Man
|
|
|
|
|
This thread is a flop but it int your fault!
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
A good one! Throw it on the stack!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I just got a call "can you help me set up this API?"
"Sure, what do you need?"
"I got an example application in VB.NET and now I want to mimic the call in Postman, it simply gets the customer by an ID."
"Ok, sounds simple enough."
So I open up this VB code expecting to find some HttpClient with a GET and probably some authentication method.
Now, I've seen some horrors (a 41,000+ tables database, or anything with Crystal Reports, anyone?), but nothing could've prepared me for what I was about to witness...
What I found was that this API is not running on HTTPS and instead this company requires their customers to implement their own encryption exactly the way they want it
Steps to connect:
We take our API key and create an MD5 hash.
Then we take the first 16 characters of our API secret and use it together with the hash in some SHA256 algorithm.
We need a JSON like { "id": "1234" } (this is the ID of the customer we want to get) and then encrypt it using a Rijndael object and the SHA256 algorithm (I don't do this daily, can't tell you the specifics).
Take the resulting encrypted key and convert it to base64.
Then trim the ='s at the end and replace slashes and hyphens with underscores and some other character.
Now put our deformed base64 encrypted body in a form field named "data".
Include the key in the URL like so "http://baseaddress.com/getCustomer/apikey=[key]".
Do a POST.
Call an unsecure HTTP endpoint.
On the plus side, they provided a 100+ page document with examples in .NET and PHP on how to call something that should've been a standard REST API (I even think they're calling it that).
The company that created this abomination is named PRO[something].
I can tell you one thing, these people aren't pro's (in fact, I'd go as far to say these people aren't even developers (or at least not worthy of the title))
|
|
|
|
|
Tell me you dont want us using your API without saying 'We dont want you to use our API'
|
|
|
|
|
An attempt at security by obscurity?
|
|
|
|
|
Maybe an attempt at security without having any knowledge whatsoever and Googling "[language of your choice] cryptography".
I think if they really wanted it to be safe they'd use this and HTTPS, but the fact that it's running on HTTP tells me they have not a single clue...
Everything is right there in their docs, so it's not really obscure.
I'd bet these people actually believe they're following best practices
|
|
|
|
|
On the plus side, they can't hack into it if they already killed themselves
|
|
|
|
|
|
Sander Rossel wrote: I can tell you one thing, these people aren't pro's Are they getting paid?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
I guess so, which makes them professionals, but I'd argue professional bunglers or even scammers, because no way in hell someone who is worth his salt would write this giant turd of an API
|
|
|
|
|
Yeah, this is them thinking "obscurity and complexity" equals "security".
The problem is they are dependent on their customers to "roll their own" implementation of the client-side code, then depending on the customer to keep that code and keys secured themselves.
Absolute garbage.
|
|
|
|
|
Dave Kreskowiak wrote: Yeah, this is them thinking "obscurity and complexity" equals "security". I wonder if they thought about it at all
If they really wanted security, why not do this and use HTTPS?
It's not even that obscure because it's right there in their docs.
These people may actually think this is good practice
|
|
|
|