ToeMissile
Pronouns: zie/zhem/zer
- 3,183
- 2,070
IT/Software career thread: Invert binary trees for dollars.
- Thread starter Traak
- Start date
-
Guest, it's time once again for the massively important and exciting FoH Asshat Tournament!
Go here and give us your nominations!Who's been the biggest Asshat in the last year? Give us your worst ones!
Lendarios
Trump's Staff
- 19,360
- -17,424
They will return the unique userid on their system of that user. It is up to you to get any other information in your system.Yes it does, but asalavaz said below. The problem is ultimately need them to have a user in my DB so I can provide proper claims/roles based on my system and then return a corresponding token.
This is exactly what I thought, but wasn't sure on. So basically I have to figure out whatever payload Google/Microsoft return upon a successful login and then be willing to receive that on my backend. I'm sure there is some type of "Google/Microsoft" unique ID that I can add as a property to my user.
Then once I get the login payload, if it is of type MS/Google, check for a user in my system with the matching unique ID(or email perhaps?) and if it exists, log them in basically skipping the password verification check. If it does not exist, create that user and also skip the password verification checks. Instead storing the MS/Google unique payload information and associate it with the account.
Again I thought the process made sense to me, but for the life of me I cannot seem to figure out what payload I would get back from those services and if/what there is anything useful in there I should store...for example to maybe get their little image for display in my page as well.
Basically when someone wants to integrate with facebook, your system still has to create an internal user for that guy and assign it the facebook id.
There are templates you can use that show this behavior under the OATH authentication part.
- 1
ShakyJake
<Donor>
- 7,918
- 19,985
I have a question for any network gurus that might be here.
I started my new remote development job recently. The laptop they sent me has two different VPN softwares installed. One is for connecting to the company network and the other is used to connect to the federal governments (Cisco AnyConnect).
Unfortunately the laptop they have given me in kinda crappy. What I'm wondering is if I could install the Cisco software on my personal system (actually in a VM on my personal system) and connect to the federal system that way when I'm doing development. Is there anyway for them to "know" that I'm not using the company's laptop? I'm struggling to see how since I'm not going through the company's network anyway.
I started my new remote development job recently. The laptop they sent me has two different VPN softwares installed. One is for connecting to the company network and the other is used to connect to the federal governments (Cisco AnyConnect).
Unfortunately the laptop they have given me in kinda crappy. What I'm wondering is if I could install the Cisco software on my personal system (actually in a VM on my personal system) and connect to the federal system that way when I'm doing development. Is there anyway for them to "know" that I'm not using the company's laptop? I'm struggling to see how since I'm not going through the company's network anyway.
Mist
REEEEeyore
- 31,218
- 23,426
Yes, there's plenty of ways for them to know if you just install the software in a new VM, and you probably can't even connect with the VPN clients unless you export any related certificates from the laptop they sent you, which you probably don't have access to do. If you really want to do this, prep a blank laptop and beg their IT department to install AnyConnect, the other VPN client, and whatever endpoint security they would for an outside contractor that brings their own laptop (tons do.) You can also just flatly ask if they have a bring your own device policy in general.
However, if you're really committed to your original plan, what you could do, and they would almost certainly never be able to figure it out out, is clone the HDD of the laptop they sent you to a VHD, then mount that VHD as a VM on your own system and run it that way. Bitlocker might make this slightly harder but you can figure it out with enough Googling. If it's a Dell laptop, and it has Dell Command installed, you can just wait for the next time it does a firmware update, it will turn off Bitlocker to do the firmware update, and then you can clone the HDD while Bitlocker is turned off.
Now, I definitely don't recommend you do this, but the cloned VM is technically just as secure as the laptop was, and actually more, because it's now running in a sandbox abstracted from the hardware, so you're not actually defeating any security measures assuming you re-encrypt the new VHD.
Last edited:
- 1
ShakyJake
<Donor>
- 7,918
- 19,985
The Cisco AnyConnect software was installed after the fact (by me) as part of some separate setup process. Interestingly, I already installed it in a VM that's running on this system and it works fine. So clearly it's not needing any certificates that exist on the host operating system. Which is made me go 'hmmm' this should work on a different computer entirely. I've been hesitant to try just in case they can detect I'm not running on the work laptop. But this would also be true in the case of the VM running on the work system.
Mist
REEEEeyore
- 31,218
- 23,426
My real suggestion is to just use the work laptop, but install MouseWithoutBorders on both your main system and your work laptop. Endpoint security on the work laptop won't give a shit because MouseWithoutBorders is available from the Microsoft website and signed with the Microsoft cert.
Do your webbrowsing, webmail, and other non-VPN, non-secure crap on your main machine and just do your actual coding and connecting to shit on your work laptop. This will free up resources on your work laptop as most of your chrome tabs and other bullshit will be running on your main machine.
alavaz
Trakanon Raider
- 2,003
- 714
It should be fine. Usually when they want to force you into using a device you'll get a client cert that's tied to the hostname of the laptop. Doesn't sound like that's the case.
- 1
ShakyJake
<Donor>
- 7,918
- 19,985
/rant
Some of you may recall I had applied for a senior UI developer position at a company that does federal contract work. I accepted the offer and just this past week was able to begin dev work.
And wow, what a mess. It is truly amateur hour. Granted, visually the application looks pretty good. Albeit, it's using Bootstrap CSS so that's not hard to accomplish. And this isn't some old legacy application either -- it is green field development starting a couple years ago using one of the newer UI frameworks. But it's super clear whoever architected this had no idea what they were doing. It's not necessarily spaghetti code, but you do have code files that are hundreds of lines long, components and methods have no documentation, and no unit tests written that I've seen. Application structure doesn't follow the recommended best practices. Right off the bat I've spotted truly egregious mistakes like not unsubscribing to events so you know this thing has memory leaks and side effects all over the place.
The thing is, I've seen this repeatedly in my 10+ years of software development. I don't think I've ever come across an enterprise application that I thought, "holy shit this is elegant". Maybe this it's a myth?
Anyway, I'm debating if I should raise these concerns at the next dev meeting. But I know I'll come off as a know-it-all asshole, especially being the new guy.
Some of you may recall I had applied for a senior UI developer position at a company that does federal contract work. I accepted the offer and just this past week was able to begin dev work.
And wow, what a mess. It is truly amateur hour. Granted, visually the application looks pretty good. Albeit, it's using Bootstrap CSS so that's not hard to accomplish. And this isn't some old legacy application either -- it is green field development starting a couple years ago using one of the newer UI frameworks. But it's super clear whoever architected this had no idea what they were doing. It's not necessarily spaghetti code, but you do have code files that are hundreds of lines long, components and methods have no documentation, and no unit tests written that I've seen. Application structure doesn't follow the recommended best practices. Right off the bat I've spotted truly egregious mistakes like not unsubscribing to events so you know this thing has memory leaks and side effects all over the place.
The thing is, I've seen this repeatedly in my 10+ years of software development. I don't think I've ever come across an enterprise application that I thought, "holy shit this is elegant". Maybe this it's a myth?
Anyway, I'm debating if I should raise these concerns at the next dev meeting. But I know I'll come off as a know-it-all asshole, especially being the new guy.
- 16,763
- 7,784
Get a feel for the workflow first.
I was very critical of my current employers codebase. Still am. I'm responsible for some of the shitty code. Like python files bordering on 10k lines. But after participating in planning and design, or lack thereof, and implementation, I understand how things got to how they are. Essentially, understaffed and or poorly managed.
Thus, by being critical while still basically an outsider, your helpful comments might be interpreted as insults.
I was very critical of my current employers codebase. Still am. I'm responsible for some of the shitty code. Like python files bordering on 10k lines. But after participating in planning and design, or lack thereof, and implementation, I understand how things got to how they are. Essentially, understaffed and or poorly managed.
Thus, by being critical while still basically an outsider, your helpful comments might be interpreted as insults.
- 4
Mist
REEEEeyore
- 31,218
- 23,426
Practically every "tech" company that isn't at the top tier is a shitshow internally. My employer, my previous employer, and every F500 client of mine is a shitshow internally. Even at the very top tier you have companies like Oracle that are just complete flaming dumpster fires.
Khane
Got something right about marriage
- 20,366
- 14,040
I've grown tired of waiting on my company to move forward in technology stacks and BizTalk development. We live in the Microsoft ecosystem and were supposed to start migrating to Azure last year but now it looks like it wont happen until 2024. Anyone got any recommendations for Azure development learning resources outside of MS docs? Specifically the integration technologies like Azure Service Bus, Event Hub and Event Grid. Maybe some Logic Apps as well.
ShakyJake
<Donor>
- 7,918
- 19,985
Check out the courses on Udemy. They are often on sale for 10-20 bucks. I'm certain there are many courses on Azure. I bought a couple that were exam focused and learned a lot just from those.
Lendarios
Trump's Staff
- 19,360
- -17,424
This is the best advise I can give you.
For everything, there is a reason.
You may think everything is junk now that you are looking at it, completly removed from the development process, and with the benefit of hindsight. And it may well be trash.
But be cognizant that you were not part of the meetings and thought process that lead to that code. You were not involved in the trade off that took place when it was designed implemented or debugged.
It is easy to look at code that was written months or years ago and see patterns that now completely discarded but at the time were all the rage.
Always keep on the back of your head that the people before you that touched that code were not mumbling idiots, but simply developers that hopefully made decisions with the best information they had at the time, and within the business contrains they had, which are unknown to you now months or even years apart.
Everything is elegant, well design and perfect when you do it in paper, and if you are lucky you can do it in code once..... then the requirements change on you. Things that you did not thought off pop up. Your business side starts requesting thing that do not fit your elegant design.
And you see yourself changing your once elegant design into a Frankenstein version that resembles very little to that thing you design 3 months ago. Business keeps adding features, introducing bugs, giving you conflicting requirements, and make all of them work into your thing, but by then it is no longer the elegant thing it once was. You traded off certain functionality in the name of development speed, you made deals with them, delay features, were forced to add new ones with a time crunch.
Then a new developer comes along looks at everything you did and calls it a piece of shit, badly design and not elegant. And you look at that new developer into his eyes.. into his soul and think.... what a piece of uninformed garbage that guy is.
Before you criticize a piece of code, learn the context of it. Always give the guys who put it there the benefit of the doubt.
- 3
Nirgon
Log Wizard
- 13,815
- 21,786
I can't speak for Azure, but I did AWS developer.
I got the paid A Cloud Guru course which was ok. However, the free YouTube videos were better and I'm not even kidding.
Got a 91% on that exam if my opinion is worth a shit here.
On another note, really sick of the libtard cliques constantly making flailing stabs and causing mischief. You take one look at the HR person and know it ain't even worth bothering... because at one job it wasn't and even if mildly brought up you get the "you're the one making it an issue" label.
3-4 jobbies later, same as.
Mist
REEEEeyore
- 31,218
- 23,426
Nirgon
Log Wizard
- 13,815
- 21,786
I dont have HR problems - I only brought one up when they falsely said they were going to fire me for not taking over the entire third party position (a total lie) . Which they later said was a "miscommunication", yeah ok LOL.
.... and I watch these psychos run off 5+ developers while I'm sitting there holding the line.
Mist
REEEEeyore
- 31,218
- 23,426
I have every single relevant certification for my current role so I need to start branching out.
What certs can you study for easily from just videos and exams, without requiring a letter of course completion?
Specifically looking at AWS, Microsoft, or any other type of cloud/datacenter type certs because I know that VMware certs all require taking the associated courses, but anything else I could be interested in as well, since I can expense any and all certification exams as long as they don't require paying for a full course.
What certs can you study for easily from just videos and exams, without requiring a letter of course completion?
Specifically looking at AWS, Microsoft, or any other type of cloud/datacenter type certs because I know that VMware certs all require taking the associated courses, but anything else I could be interested in as well, since I can expense any and all certification exams as long as they don't require paying for a full course.
Nirgon
Log Wizard
- 13,815
- 21,786
You can definitely do AWS associate/developer off the free youtube learning vids. They're long, but ya.
Personally, I thought the solutions architect one was harder? But I'm not a hardware guy. Thought I'd go for that too but got a relevant job before I finished getting that one and dont need it.
Lots of determining cost effective vs time effective stuff on the solutions architect one.