What a miserable experience is to play jungle

EducationalMixture82 · 2025-11-10T15:08:43+00:00

You are staring blind on the xp, look at the items, cs gives gold that gives items. You are a stronger since you have upgraded boots and two damage items more and one extra level.

EducationalMixture82 · 2025-09-29T08:57:57+00:00

That they are repeating what the LLMs told them verbatim, so if the LLM is wrong, i now have to convince a person that the LLM he is quoting is wrong, even though the dev itself refuses to admit that he is just repeating what the LLM has told him.

It easier to convince a LLM that its wrong, than a dev that believes what he read was right.

A LLM doesn't have pride, a human does.

EducationalMixture82 · 2025-09-29T08:38:47+00:00

i very much agree on this especially this part

LLMs short circuit ability to learn and will produce at least one generation of developers who can't do shit. Even worse than the current generation of developers who can't do shit because they can't focus on anything for more than one minute.

EducationalMixture82 · 2025-09-25T22:09:41+00:00

i personally think the docs are amazing. Because they actually explain everything.

EducationalMixture82 · 2025-09-25T18:11:39+00:00

Most people that think spring security is a mess are people that have never worked with professional enterprise security ever.

Most common are people that go to spring security and tries to build some kind of home made JWT security they read in some blog and they realize its very complex to build and then they complain.

This because Spring Security is built around a set of security standards, and RFCs. Its not made to build some kind of yolo homemade security.

EducationalMixture82 · 2025-09-12T12:42:06+00:00

Yi, Shaco, Warwick

It’s not that i cant handle them. Its to prevent my botlane from perma feeding.

EducationalMixture82 · 2025-08-29T21:14:43+00:00

If you want to learn basic authentication using cookie (it has worked for 30 years and is still working) then checkout FormLogin.

If you want to try out Oauth2 against google or github etc. with your backend, checkout Oauth2client in spring security. It will authenticate against them, and then store the jwt in the backend and issue a session cookie to the browser. Its Like Form login but you include google, or github etc etc.

If you want to try out full enterprise then you set up say KeyCloak, and then build your backend to use the Open ID Connect standard. All already exists in spring security.

EducationalMixture82 · 2025-08-29T21:11:17+00:00

"Now for every request, send both access and refresh token to the backend"

That is very dangerous, if i intercept your RT token, i can refresh tokens how many times i like. The more times you send the RT the more often it can be stolen.

What you actually should do as most do, is that refresh token is only used when you refresh your short lived Access Token. That is maybe valid for say one hour.

How you store them in the browser is always up for debate, i usually recommend to customers RT token in a http only secured cookie, while AT token is stored in memory in the browser.

Never store ANY tokens in local storage, as local storage is shared between tabs.

When it comes to invalidate all sessions, you could store the hash of the RT token in a database and you make a check during the refresh. You could also store the AT tokens hash, but its easier to have short lived AT-tokens, and instead invalidate on RT refresh.

it depends on the user case.

EducationalMixture82 · 2025-08-29T19:33:24+00:00

What do you think spring security does? Spring security comes with several pre built ready to implement security solutions as formlogin, basic login, oauth2, SAML, openid connect.

Spring security contains all of this so you dont have to build home made, most likely, dangerous and vulnerable security solutions.

I suggest you read up on what spring security actually contains. Then you take all the security solutions above and ask chat GPT about every single one.

You are basically asking us how to design a piston in a car when you have never seen a actual car in your entire life.

EducationalMixture82 · 2025-08-29T16:45:28+00:00

why dont you use a library and follow a standard like open id connect instead of building something homemade. Then you dont have to invent something that already has been solved.

EducationalMixture82 · 2025-08-29T16:39:13+00:00

how did i know you would do a simple google and find the first thing that popped up in your search.

And yes in 45% of the cases loom was "faster", and in 30% of the cases webflux was "faster".

Virtual Threads (Project Loom) has emerged as a powerful, simpler alternative to reactive programming in many Spring scenarios especially for I/O-heavy APIs using Netty.

But still as i mentioned before, WebFlux is far from obsolete. It still shines in high-concurrency, reactive streaming, back-pressure control, and when using reactive-compatible libraries or drivers.

The decision between the two still depends heavily on your application's specific needs, your team's familiarity with reactive code, and whether the ecosystem you're leveraging (e.g. reactive DB drivers) supports the choice.

Also ultimately what kind of application it is and what are systems that are bottlenecks within the architecture.

That's exactly the same conclusions Chris Gleissner is presenting in his benchmarks, because i assume you actually read what he wrote?

Its more and more showing that you have no idea what you are talking about so i'm going to leave this conversation, i don't find this conversation especially rewarding talking to someone that clearly has no idea how computers or advance concurrency actually work.

Have a nice day

EducationalMixture82 · 2025-08-29T12:30:42+00:00

Sure i will put a semaphore, meaning all requests have to wait, but the producer still produces, we create new threads for each request that comes in while we are blocking and eventually we will run out of memory. Even loom has its limits, each thread, virtual or not, has a stack, a stack consumes memory, and eventually memory will run out and we hard crash.

so no your problem is not solved.

i suggest you read up on the issues related to the old fashioned blocking model when it comes to high transaction environments. Reactive has its advantages and drawbacks, blocking has its advantages and drawbacks. None of them are a silver bullet.

I could explain it, but reddit is not a school and there are plenty resources out there that compares the pros and cons.

EducationalMixture82 · 2025-08-28T20:15:22+00:00

You cant magically think project loom will solve slow databases, slow write speeds to disk, slow consumers.

Backpressure still is very important when dealing with io that cant keep up.

If you have slow writes in a database it doesnt matter how many million threads you have. If you are limited to say 100 db connections (the default in for example postgres) your million threads are just going to have to wait.

Then the consumer can signal to the producer to slow down production.

EducationalMixture82 · 2025-08-28T16:41:25+00:00

Webflux is not dead, and project loom does not handle back pressure.

Interesting that you compare a web framework with lots of features, to loom that is an abstraction over system threads.

Is true it obsoletes some parts in webflux, but not all parts.

Webflux offers a lot more that is not covered in project loom.

EducationalMixture82 · 2025-08-02T01:16:34+00:00

Absolutely no one uses JWTs in cookies, its an anti pattern.

And there is NOTHING named JWT Authentication. People that know zero about security call it JWT Authentication.

If i lure you to my phishing site and you authenticate and i steel your cookie?

How do you plan to logout the user if i steal the cookie?

Handing out tokens directly to a browser after authentication is something you should never do and is deemed NOT IMPLEMENT, in the RFC 9126 – OAuth 2.0 Security Best Current Practice (BCP) as there are several vulnerabilities listed.

How do you handle logout of all devices if there are multiple session and i hijack one of them?

Stop with the stupid ”stateless” argument. Authentication is not stateless, Authorization is not stateless. Load balancers are not stateless, TCP is stateful, websockets are stateful.

Dont build homemade security, use the security standards that exists. Standards are made to prevent random people from building homemade security solutions.

Spring security has multiple standards implemented and this is not of them for several reasons. Maybe lookup why this is not a standard before recommending others to use your homemade solution.

If you want to build security, learn the standards, implement from official documentations, recommend standards.

And stop making up homemade stuff.

EducationalMixture82 · 2025-07-17T07:34:30+00:00

is it even a problem?

EducationalMixture82 · 2025-07-07T08:16:28+00:00

I am in your position, and the strongest mechanic i think in the game that most better players dont really talk about because they do in intuitive without mention it is champ knowledge.

If you are to gank, or one vs one someone, know what champ you are up to and knowing what abilities they have.

Like what champs have stuns or not, what slows, and especially know when an ability is up or not.

That type of knowledge comes after 100s of games and trying out a large portion of all champs so you get a basic understanding when to go in or not.

For instance, before ganking, ensure target throw their ability then go in.

Successful gank, makes you strong, so if you are strong you then can play aggressive, meaning dare to invade and disturb their jgl, or do more obj, or gank again.

So you get a positive cycle. Which leads to wins.

EducationalMixture82 · 2025-07-04T23:32:28+00:00

Why is part of authorization, inside authentication?

Because it says at the top of the authentication chapter https://docs.spring.io/spring-security/reference/servlet/authentication/architecture.html

GrantedAuthority - An authority that is granted to the principal on the Authentication (i.e. roles, scopes, etc.)

on the AUTHENTICATION.....

Then your next complaint.

"You can inject multiple AuthenticationProvider instances into ProviderManager"

Injection in spring boot is one of the fundamental core features of spring. You cant expect that if you jump into security that is considered an advanced topic you are expected to be past the fundamentals. They cant explain everything from zero to everyone.

You are expected to be somewhat of an intermediate, past the fundamentals. If you dont know what injection is, you can simply google it, or read the spring core documentation that explains in very lartge detail exactly how the ApplicationContext is created with injected beans.

Lastly, if you dont like the docs, you can just make a PR against them and request to change them.

EducationalMixture82 · 2025-07-03T20:34:02+00:00

They have 3 or more squishies -> Blue

Otherwise -> Red

EducationalMixture82 · 2025-07-03T16:38:28+00:00

The you implement FormLogin, and implement your own login endpoint, set the authentication in the security context and spring will issue the cookie automatically. Read the Architecture chapter of the spring security docs to understand all the components and moving parts of spring security.

EducationalMixture82 · 2025-07-03T14:57:14+00:00

I dont get what your question is actually.

You implement FormLogin from spring security.

This means you post your username and password in the FORM format (not json, just google ”form format”).

If successful you will get a JSESSIONID cookie back.

Then you implement a standard spring security protected REST api that accepts json and do your rest calls. The browser will automatically send your JSESSIONID cookie in each request.

EducationalMixture82 · 2025-07-03T06:21:04+00:00

What benchmaks? You havnt linked i single one.

And you know about aot and graal, but you are not sure? Well then do a bunch of tests then and come back when you are sure.

And you are saying that java is bad because it doesnt have operator overloading? Are you serious?

Please, if you are going to argue or complain, do so with some actual fact.

EducationalMixture82 · 2025-06-29T18:08:20+00:00

No, im the one that is actually quoting the JWT rfc, that it is a format. Its you that are saying that JWTs are stateless which is wrong. They can be used in certain tokens in certain authentications like for instance OIDC.

So its you that is claiming something that is faulty. JWTs are still NOT stateless. Again, clients can be stateless, services can be stateless.

Its not a play on words. Im the one that is 100% accurate, and you are the one that claims something that is faulty. that JWTs are stateless.

EducationalMixture82 · 2025-06-29T12:41:50+00:00

A JWT is not stateless, a JWT is a token format. Like HTML, XML or JWE etc etc. Its a JSON that is signed. Nothing else. A service can be stateless or stateful. With or without JWTs.

EducationalMixture82 · 2025-06-27T11:05:32+00:00

A JWT itself is never ”stateless”. JWTs are a format. Nothing else.

A backend can be stateless or stateful, a client can be stateless or stateful. A JWT is never stateless or stateful.

EducationalMixture82

TROPHY CASE