- 2,633
- 4,212
You need to put in calls and ask the software vendors if/how to implement RFC8555 support. If no one asks you will be fucked forever.
IT/Software career thread: Invert binary trees for dollars.
- Thread starter Traak
- Start date
-
Guest, it's time once again for the massively important and exciting FoH Asshat Tournament!
Go here and give us your nominations!Who's been the biggest Asshat in the last year? Give us your worst ones!
Mist
REEEEeyore
- 31,218
- 23,426
That would work for some things but it would never work for things like TLS SIP trunks.
Telecom/unified communications/contact centers are just a really weird beast to deal with because you're always dealing with systems that are a hodgepodge of garbage products from 6+ different vendors, plus usually a couple homegrown apps the customer accumulated over time, all with differing levels of lifecycle support and by that I mean some of them were probably practically end of support by the time you finished the install project, and a bunch of is end-of-life shit you got handed. Throw in the underlying network, datacenter, load balancers, etc and you've got a giant mess of bullshit to manage.
There's a reason the margins in the contact center industry are so high; nobody wants to deal with this shit.
- 1
- 1
TJT
Mr. Poopybutthole
- 42,795
- 109,247
Speaking of shit products. We recently vetted and began implementing a product called Contract Pod.
We had a fairly simple need, we need a way to store our contracts with customers in an easily traceable way. Like this contract came from this deal that originated from this call etc. As a small company we apparently just had these all stored in various google drives and not having them organized is causing a lot of pain. So we go get Contract Pod, but of course the product they showed us was something they had implemented internally and wasn't actually the product they were selling.
Which only came to light after we had contracted with them. Secondly, this product not product had no documentation or anything and is full of bugs. Basically its not ready for commercialization at all and the people at Contract Pod don't even have the ability to reliably troubleshoot it with us.
Being sent a bunch of docs they clearly paid some third party to make for them in the dead of night is fucking hilarious though.
But we in too deep to back out now sadly.
We had a fairly simple need, we need a way to store our contracts with customers in an easily traceable way. Like this contract came from this deal that originated from this call etc. As a small company we apparently just had these all stored in various google drives and not having them organized is causing a lot of pain. So we go get Contract Pod, but of course the product they showed us was something they had implemented internally and wasn't actually the product they were selling.
Which only came to light after we had contracted with them. Secondly, this product not product had no documentation or anything and is full of bugs. Basically its not ready for commercialization at all and the people at Contract Pod don't even have the ability to reliably troubleshoot it with us.
Being sent a bunch of docs they clearly paid some third party to make for them in the dead of night is fucking hilarious though.
But we in too deep to back out now sadly.
ToeMissile
Pronouns: zie/zhem/zer
- 3,183
- 2,070
TJT
Mr. Poopybutthole
- 42,795
- 109,247
Phazael
Confirmed Beta Shitlord, Fat Bastard
- 14,688
- 31,604
If you want to feel better about yourself, just listen to my work environment. I was hired as a senior lead for the service desk. I am now the sole member of the T3 response team for our entire company, which is an international company with market presence in LatAm, Europe, and the US. Our principle method of file sharing is Drop Box (LOL) of which I am now the PO (LOLx2). We use Zoom for all internal phone and meeting management, of which I am also now the PO (LOLx3). Our systems team offloaded all printer management to our team, of which I am one of two POs and also led the project to revamp from the top down (LOLx4). This company kept me month to month despite that workload and still beating the shit out of the entire collective rest of the service desk personnel combined for months while doing all that other bullshit (and of course sitting in on lots of worthless fucking meetings) before I literally hit them with "this is what I am being offered by company X Y and Z. Fuck you, put a ring on it and pay me." They caved. Our environment is the wild fucking west, but I love it because its never boring and I have tons of freedom to dictate how we handle things. I am still underpaid for what I actually am doing (basically Sysad work, some Project management, and T3 user issues service desk shit) but I can roll with that and its great to be needed bad enough that a company caves to your initial demand list. The world sucks, but if you are a solid IT worker it is also your oyster.
Mist
REEEEeyore
- 31,218
- 23,426
You should take a T3 position at a major MSP, or service desk manager, if you're used to that level of bullshit.
Also fuck printers lol what I would just quit.
But seriously if you aren't making at least 120k you should just go do something else.
Mist
REEEEeyore
- 31,218
- 23,426
Someone fucked up the preload of trust chains for a lot of certs on a lot of production domains used for SIP phone registration IN THE CLOUD and I am unfucking them by hand before this change goes live in 20 minutes.
vi-ing live config files on production nginx servers is a good idea, right?
Phazael
Confirmed Beta Shitlord, Fat Bastard
- 14,688
- 31,604
You are not wrong and the thought has crossed my mind, but I am full remote, no one fucks with me, and I live in Texas with zero debt at all (wife or me) so even with inflation right now I am making bank.
As for your other post, I put this in our slack channel a lot:
Its astounding how much of our shit never actually gets tested and I get called the asshole for pointing this out when systems blow shit up. Change Management, how does it work?
- 1
- 1
Chris
Potato del Grande
- 19,436
- -10,732
I'm writing javascript to generate math problems on my website. I don't know how to do database stuff so we out sourced that.
I literally can't test any of the database reliant features OR mobile phone compatibility so... yeah I test that stuff in the middle of the night on the live website.
If I knew what I was doing (programming degree but self taught on web programming), I'd be able to set up a testing environment on my phone lol. Currently having a huge problem with input fields not working with LaTeX and mobile phones at the same time.
- 1
LiquidDeath
Magnus Deadlift the Fucktiger
- 5,049
- 11,930
I'm interviewing for jobs in the $80+/hr range, fully remote as a Change Management/Control expert. I'm honestly floored how many companies have nothing in place.
Kharzette
Watcher of Overs
- 5,351
- 4,097
I've been seeing some strange stuff with struct packing in dotnet 6. Any of you using it?
Alot of what my libs do is take bits of geometry data like positions, normals, bone weights etc and cram them into a structure and feed them to the GPU. My old dotnet 4 stuff just kinda worked, using sharpDX.
With 6 I've noticed little bits of padding gets thrown in seemingly at random, or at least I can't work out whatever alignment rules it is trying to match up with. The [StructLayout] stuff seems broken or ignored except for LayoutKind.Explicit which still works as advertised.
I had to write this horrible abomination that Marshal copies each element of an array one at a time into a byte array, then copies that into a chunk of ram to send up to the GPU.
Alot of what my libs do is take bits of geometry data like positions, normals, bone weights etc and cram them into a structure and feed them to the GPU. My old dotnet 4 stuff just kinda worked, using sharpDX.
With 6 I've noticed little bits of padding gets thrown in seemingly at random, or at least I can't work out whatever alignment rules it is trying to match up with. The [StructLayout] stuff seems broken or ignored except for LayoutKind.Explicit which still works as advertised.
I had to write this horrible abomination that Marshal copies each element of an array one at a time into a byte array, then copies that into a chunk of ram to send up to the GPU.
Rangoth
Blackwing Lair Raider
- 1,735
- 1,864
Wondering if someone can help me understand the piece of the puzzle I am missing here....
I have a custom backend, has existed for years, is written in .NET C#. It has a set of rest API endpoints, one of which of course is the login. Right now it takes name/password(or API Key/Secret) and returns a JWT token with appropriate claims, which can then be used to make whatever other endpoints calls are needed.
For 90% of our use cases, someone else is writing whatever application communicates with us and this works perfectly. However now we are looking to build a React Front End for some small uses cases/pilot and here is where I am getting a bit lost. I found some information, but not anything clear to me.
I found this diagram which makes complete sense to me:
So what I am trying to figure out is:
Forgive the questions, I've been a backend developer/designer of software for years with dozens of product releases, but this is the first time I am working on a more "social" service which has the need for these external logins
I have a custom backend, has existed for years, is written in .NET C#. It has a set of rest API endpoints, one of which of course is the login. Right now it takes name/password(or API Key/Secret) and returns a JWT token with appropriate claims, which can then be used to make whatever other endpoints calls are needed.
For 90% of our use cases, someone else is writing whatever application communicates with us and this works perfectly. However now we are looking to build a React Front End for some small uses cases/pilot and here is where I am getting a bit lost. I found some information, but not anything clear to me.
- If the React Front end has some type of login window which accepts the same input as our login structure, no problem. seems to work fine
- However I want to Add "Login via Google/Microsoft" options and this is where I am a bit confused.
- I understand that the Google/MS login section, front end in react with authenticate the user with those services and return a TOKEN/authentication for *those* services
- How do I convert that token/successful login event to an actual user in *my* backend so they can get *my* API token which is valid for my backend calls?
I found this diagram which makes complete sense to me:
So what I am trying to figure out is:
- Do I need to accept a new payload as an optional component for my login receiver? I would guess so but what exactly does that payload contain? How will I know it is MS vs. Google for instance?
- Does anyone have any samples of this? I have been searching like crazy online and cannot find anything, just a ton of stuff that assumes I want to make my own "App Service" with my own front end or that I want it all front end, other than the one link above I have found nothing on the topic.
- Is what I am doing incorrect? If so what is the proper methodology?
Forgive the questions, I've been a backend developer/designer of software for years with dozens of product releases, but this is the first time I am working on a more "social" service which has the need for these external logins
alavaz
Trakanon Raider
- 2,003
- 714
Google/MS are only providing authentication. Your app has to have some way to know about the google account so that it can authorize it.
Most people would use some sort of 3rd party authz service - Casbin · An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir
But you could make it as simple as like a "users" table with simple read/write type roles.
Most people would use some sort of 3rd party authz service - Casbin · An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir
But you could make it as simple as like a "users" table with simple read/write type roles.
- 1
Rangoth
Blackwing Lair Raider
- 1,735
- 1,864
Yes it does, but as
alavaz
said below. The problem is ultimately need them to have a user in my DB so I can provide proper claims/roles based on my system and then return a corresponding token.This is exactly what I thought, but wasn't sure on. So basically I have to figure out whatever payload Google/Microsoft return upon a successful login and then be willing to receive that on my backend. I'm sure there is some type of "Google/Microsoft" unique ID that I can add as a property to my user.
Then once I get the login payload, if it is of type MS/Google, check for a user in my system with the matching unique ID(or email perhaps?) and if it exists, log them in basically skipping the password verification check. If it does not exist, create that user and also skip the password verification checks. Instead storing the MS/Google unique payload information and associate it with the account.
Again I thought the process made sense to me, but for the life of me I cannot seem to figure out what payload I would get back from those services and if/what there is anything useful in there I should store...for example to maybe get their little image for display in my page as well.
