|
|
Anyone who tells hardware jokes is ASIC puppy.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
|
Like going to the PROM on the IDEs of March? Yeah I know that one ISA bit of a stretch, but I was getting ANSI.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
I diskn't think it would get this bad. Not sure if I have enough memory to deal with it.
However, I keyboard most of the time, so I'll try.
Repo Man
|
|
|
|
|
This thread is a flop but it int your fault! 
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
A good one! Throw it on the stack!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I just got a call "can you help me set up this API?"
"Sure, what do you need?"
"I got an example application in VB.NET and now I want to mimic the call in Postman, it simply gets the customer by an ID."
"Ok, sounds simple enough."
So I open up this VB code expecting to find some HttpClient with a GET and probably some authentication method.
Now, I've seen some horrors (a 41,000+ tables database, or anything with Crystal Reports, anyone?), but nothing could've prepared me for what I was about to witness...
What I found was that this API is not running on HTTPS and instead this company requires their customers to implement their own encryption exactly the way they want it    
Steps to connect:
We take our API key and create an MD5 hash.
Then we take the first 16 characters of our API secret and use it together with the hash in some SHA256 algorithm.
We need a JSON like { "id": "1234" } (this is the ID of the customer we want to get) and then encrypt it using a Rijndael object and the SHA256 algorithm (I don't do this daily, can't tell you the specifics).
Take the resulting encrypted key and convert it to base64.
Then trim the ='s at the end and replace slashes and hyphens with underscores and some other character.
Now put our deformed base64 encrypted body in a form field named "data".
Include the key in the URL like so "http://baseaddress.com/getCustomer/apikey=[key]".
Do a POST.
Call an unsecure HTTP endpoint.
On the plus side, they provided a 100+ page document with examples in .NET and PHP on how to call something that should've been a standard REST API (I even think they're calling it that).
The company that created this abomination is named PRO[something].
I can tell you one thing, these people aren't pro's (in fact, I'd go as far to say these people aren't even developers (or at least not worthy of the title))
|
|
|
|
|
Tell me you dont want us using your API without saying 'We dont want you to use our API'
|
|
|
|
|
An attempt at security by obscurity?
|
|
|
|
|
Maybe an attempt at security without having any knowledge whatsoever and Googling "[language of your choice] cryptography".
I think if they really wanted it to be safe they'd use this and HTTPS, but the fact that it's running on HTTP tells me they have not a single clue...
Everything is right there in their docs, so it's not really obscure.
I'd bet these people actually believe they're following best practices
|
|
|
|
|
On the plus side, they can't hack into it if they already killed themselves
|
|
|
|
|
|
Sander Rossel wrote: I can tell you one thing, these people aren't pro's
Are they getting paid?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
I guess so, which makes them professionals, but I'd argue professional bunglers or even scammers, because no way in hell someone who is worth his salt would write this giant turd of an API
|
|
|
|
|
Yeah, this is them thinking "obscurity and complexity" equals "security".
The problem is they are dependent on their customers to "roll their own" implementation of the client-side code, then depending on the customer to keep that code and keys secured themselves.
Absolute garbage.
|
|
|
|
|
Dave Kreskowiak wrote: Yeah, this is them thinking "obscurity and complexity" equals "security".
I wonder if they thought about it at all
If they really wanted security, why not do this and use HTTPS?
It's not even that obscure because it's right there in their docs.
These people may actually think this is good practice
|
|
|
|
|
Quote: "Sure, what do you need?"
This is the point where you lost me! 
Get me coffee and no one gets hurt!
|
|
|
|
|
|
Hahaha nice.
Real programmers use butterflies
|
|
|
|
|
This little wanderjahr in the wilderness of mind and imagination, was written twenty years ago, when bill was at his last full-time gig as programmer; his employer, a software company (gaming) which dreamed of (hallucinated ?) glory in "business visualization space"— which shall remain nameless.
i had not been there a full year and, if i quit, would not receive the hiring bonus. When the day came for the inevitable lay-offs, i reacted with joy, at first, since i'd get the bonus, and i'd escape what was, for me, not really interesting work in a culture (gung-ho mass gaming) i didn't care about, and, couldn't relate to 
Then, i felt regret: the man (also laid off) who got me the job was an old friend, a genius i'd worked with at Adobe inventing what became Acrobat; he had a family, he had bought a house in the area. And, there were people at the company i cared about.
i felt guilty for feeling happy as some of the bright young lay-off-ees around me were crying, or raging.
As often, in this life, i turned to writing to— uhhh— try and distill sense from chaos.
Hope you enjoy the story !
published under the CPOPL (CodeProject Open Poetic License) license, © copyright assigned to CodeProjectcoffee on another day of apocalypse
the return of the sun made me feel like i wanted to put on a parade, to welcome an old friend come back wrapped in a flag for heroic deeds in foreign wars.
i would line the streets with children holding the tiny banners of love's small triumphs, waving.
this waking fantasy, i soon enough realized as my first few sips of coffee pulled me up from the depths where my psyche was a temporary master of all realities, was—
but, may i just mention —before proceeding to the inevitable juicy stuff—
there was a nice melodic resonance there at the last rung of the ladder coming out of that turquoise pool of the factory of memories— a hint of Neil Young's immortal chorus "we are stardust, we are golden—"
— yeah, kind of a sixties' thing.
but, there was nothing sixtyish in the strong probability that lay ahead this day: no "band playing in my head"— even though I thought of the image of "living in a burned out basement" so many times, so many ways.
well, if there was a band, it would have been one of those state funeral type brigades of black-hatted shuffling military zombies where one muted trumpet yowls over the slow harmonic swells of tubas and French horns.
because today was the day— now it became all too clear—
— sounds of arctic ice floes breaking up—
that today i would probably be re-assigned, fired, re-orged, turned inside out by an organizational psychodrama that i long had seen coming, and which had very little to do, actually, with this particular bag of dreams and his mid-life cultivated computer chops.
and, as i accepted this, as i dropped the smoking gun of my all too strong ability to spend far too long buying tchotchkes in the visitors' center of the game preserves of endangered metaphors—
i wondered why my coffee tasted so damn good.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
I remember on corporate parting of the ways where in five minutes my thoughts went from
"How dare they?"
"What am I going to do?"
"Hey, my stomach doesn't hurt anymore!"
"Time flies like an arrow. Fruit flies like a banana."
|
|
|
|
|
Exactly.
Leaving a toxic work environment/company has healed my body and mind in profound ways. It still amazes me how detrimental to one's health, negative stress is.
|
|
|
|
|
I was laid off from a major US bank. My reaction surprised my boss and his boss, as I didn't care. The environment was so toxic that all I felt was relief.
Sometimes we have no idea how much stress we are under until that stress is removed.
|
|
|
|
|
Novell used to have layoffs every November (to boost Q4 earnings.) One November morning in the early 1990s, I arrive for work and stopped to chat with someone. I'm not sure why I realized there was a layoff going on, perhaps it was the funereal silence and odd phone calls. So, I decided not to go to my office, for about an hour.
My manager finally ordered me to and I got a call from HR asking me to come down there with my manager. Yup, they insisted that HR make the call, not your manager. The best part; while I was having my exit interview, they were "onboarding" new employees in the next offices/cubicles.
There's more weirdness, but it was one of the few times I got a severance package! (The classic, "say you quit and we'll give you six weeks pay" and, by the way, you were due an 8% raise in October, here's a check for extra pay you didn't get.)
That company was such a mess. Though they had really good engineers and their direct managers (just awful middle management and a nice CEO who didn't realize his top people were back stabbers.)
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
