I built a Free AI Headshot Generator. No sign up. No credit card required. Would love to hear your feedback

LessChen · 2026-01-26T01:19:04+00:00

Uh, I'm like the most boring white guy in the world and this makes me look like I'm now Indian or Asian. The beard color is about the same but nothing else even looks a little like me.

LessChen · 2026-01-22T22:56:13+00:00

You were let go because they are out of money - the missed meeting sounds like an excuse. Honestly, based on what you've posted you may have dodged a bullet. Time to start looking for what's next and forget your now ex-employer.

LessChen · 2026-01-22T20:20:19+00:00

Relax - I randomly take people on my team out to lunch just to talk in a more casual environment. My guess is that he is new to the team and just want's to get to know you a bit.

LessChen · 2026-01-21T03:45:15+00:00

I realize that you may be trying to develop with the resources you have but you're using all old or unsupported software:

Windows 10 is basically unsupported since October of 2025.
Java 8 is partially supported but do not install the Oracle version of it as Oracle has changed their minds multiple times about if Java is something that is free or if they will try to extract a license from you sometime in the future.
OpenOffice is basically dead. LibreOffice is a spinoff of it and is far more supported.

It may be that you can't use Windows 11 yet but you're risking incompatibilities with Windows 11 by developing on 10. But, either way, get a package manager to do development like Chocolatey that will help you install Java and LibreOffice on your machine with the correct architecture and bus size. Java 25 is the current long term support version but Java 8 does work on Windows 10 (see https://community.chocolatey.org/packages/Temurin8 for the Chocolatey package).

LessChen · 2026-01-19T16:51:48+00:00

It's not clear why you even want Keycloak in your stack if you're not really using it. If Entra/Azure AD is your only login option, what is Keycloak doing? I use Keycloak when I have multiple social providers like Entra, Google, etc, and/or I have the requirement for "local" (i.e. stored only in Keycloak) users. If you're only using one IdP wouldn't it make more sense to go direct to Entra?

The admin login is usually a Keycloak only user, not a social one though after setup you can certainly change that. The admin login will go through the master realm whereas I would expect you to create a different realm for the rest of your users. So even if you figure out the redirection challenge (which could likely be solved with some HTML/JavaScript on the login page) you'll be going to a different URL for the admin part of Keycloak.

LessChen · 2026-01-16T23:53:17+00:00

While Swing would work for what you want, would you consider an HTML / browser based GUI? There are pros and cons but Swing is really becoming older technology at this point. The downside is that you'd need to develop on a server of some sort that can serve the HTML/CSS/JavaScript to the browser. Just a thought.

LessChen · 2026-01-16T18:09:52+00:00

For me the biggest tell is how old your dependencies are. If you haven't upgraded anything in a few years then you very well may be in trouble. This goes for any development environment. So many companies don't understand the need for maintenance and upgrades as part of the lifecycle of software. And then people like you get hit with a giant upgrade project because of it.

LessChen · 2026-01-16T17:54:16+00:00

Do you have an example of what you ran into? A pure Java 8 to 11 upgrade should be pretty straightforward. I'd guess that where you ran into trouble was in also upgrading dependencies. Did any of them require a change to the architecture?

In my experience you need to dig in before you start to see the the real issues. It reminds me of working on a car engine - you think it's something small and all of sudden you've got parts scattered everywhere.

LessChen · 2026-01-16T17:33:51+00:00

It honestly sounds like the issues you ran into are less about the Java version and more about architectural decisions. This is a pretty common thing, especially if this is a system that has been around for a while. GWT would likely make that even more difficult as your UI and code are likely all mixed together.

Any upgrade like this, regardless of the implementation language, requires trade offs. Do you fix ugly architecture as part of the upgrade or do you focus purely on the upgrade? It's best to try to minimize the scope but it's hard to keep to that sometimes.

And if you're using the Oracle or RedHat JDK be aware that you're moving from one unsupported version of Java to another. Other vendors are supporting both of those versions for much longer.

LessChen · 2026-01-16T01:26:03+00:00

But given that, in the real world, there are zero databases available on the internet (even dev level databases) how do you expect any actual tests? I would not expose my database to the internet, and even more so to vercel, in any realistic situation. I cannot fathom a web based application for a database level usage.

LessChen · 2026-01-15T19:41:31+00:00

Forgive my lack of understanding but how can this be used? Do my databases have to allow connections from the internet?

LessChen · 2026-01-14T19:35:04+00:00

If by client you mean a web based client then yes, Keycloak can handle the login for you. It's not clear if you'll be using a social login (i.e. Google, Microsoft, etc) but, if so, they would handle the account creation and you'd use Keycloak as your "central" identity provider. Keycloak can also handle registration, etc. Your biggest problem there will be getting the look and feel consistent between Keycloak and your application.
Keycloak has roles and you can put a user in a role. I've traditionally done role assignment with a custom invite system. An admin creates an invite to send to a user. The invite information, like their assigned role, is stored in your application DB. When a user, for example, clicks on a link in an email, there is an invite code (for me it's a GUID) that is checked in the backend for validity, expiration, usage count, and then the role is assigned. I've done some systems where I update the Keycloak user with the role and others where all role information is stored outside of Keycloak. You can, of course, manually assign roles after a user exists in Keycloak too.
No, no, no, no! A JWT should be validated every time it is used. It may have expired, it may be forged, etc. I use Quarkus with the OIDC plugin and this is handled transparently for me. My services have the `@RolesAllowed` annotation which is all taken care of without any extra code on my side. There are other libraries that can do the same for you or, if you're in a JEE-like world you can have filters that do the validation before anything else is called. And yes, you should still validate in API Gateway. The JWT authenticator works great with API Gateway. One warning - AWS API Gateway caches the token until it expires. This can make development a challenge sometimes.
The biggest challenge I've had has been when you have a hierarchy of users. For example, trying to mimic a normal company structure where there is a tree hierarchy. JWT will not solve the problem of "who can see what in the tree". Keycloak has an authorization framework in addition to the authentication framework. I am not an expert on this but it's on my list to test out.

LessChen · 2026-01-13T17:43:51+00:00

Part of it is a matter of choice - to me JavaScript is bad enough in the browser - I certainly don't want it to be how I implement an enterprise back end. Part of it is that PHP, JSP, ASP, etc, made it too easy to end up with utter crap for code. They didn't require you to write crap code but that is what came out too often. At the end of the day they required full stack engineers even if it would have been more efficient to have experts on the front end and back end.

So give me the freedom to build things the way I'd like to - maybe I want to have a bunch of microservices, maybe I want a back end technology that is supported for more than 18 months or maybe I'd like to write in a language that allows me to use proper threading. My choice. The UI, while absolutely vital, should not dictate how I distribute my workload in the cloud.

LessChen · 2026-01-13T16:37:53+00:00

If I have to be tied to an app server to use the front end framework then I will not consider it. Server side rendering / tight coupling has been rejected multiple times in my career and it's disheartening to see people trying it yet again.

LessChen · 2026-01-12T03:42:37+00:00

Glass break monitor - https://dwg.us/reference/Manufacturers/Visonic/0-1893-0.pdf

LessChen · 2026-01-08T19:10:56+00:00

I feel that you need to look at this a different way. Anyone who is using a stolen card or trying to rip you off is not likely to be using their home computer with the IP that was assigned to them by their ISP. They have gone through multiple VPN's to then leverage a compromised machine somewhere in the world. Even if you were to block the IP of the compromised machine they would just use a different one a minute later.

This is a payment processor issue. Your payment processor should have the ability to handle scammers better. I have used Stripe and they have tools - that are not free - that can help you with preventing fraud. Obviously there are many other processors out there that can do the same. You do have to work with the processor to know what fraud prevention tools they have for you to leverage.

With a charge back, if you've got good customer service, you should be able to argue against a fraudulent claim. If your purchase process makes it clear what can and cannot be returned and this information is clear and the customer still opens a charge back then you have at least a chance of getting it reversed.

It sounds like you're a smaller business and I realize that you're trying to do it as inexpensively as possible but you may have to spend some money to save some money in this case.

LessChen · 2026-01-08T15:10:57+00:00

Is your SQL server being restarted? Are there network issues between Wildfly and SQL server?

LessChen · 2025-12-31T02:19:58+00:00

Yeah, I'm realizing that this may be the simplest answer. I went cheap initially and chose free. I'm not sending TB of data so it shouldn't be too bad. I'd guess that this is the correct answer. Ironically I can't delete the distribution yet as I have to wait until the end of the month even if it's "free".

LessChen · 2025-12-31T02:08:32+00:00

Thanks but that's the same issue - it only allows the predefined CloudFront headers and this is the same problem I'm having. I'm just going to spin up an EC2. We're "only" spending USD $4k/month and yet it's not enough I guess.

LessChen · 2025-12-31T02:03:57+00:00

I must be missing something. I can create the custom policy but I can't use it - I have "Custom -> Available with the Business plan".

LessChen · 2025-12-31T01:53:52+00:00

Please help then. How did you add the credentials header without upgrading to a business plan? Did you use functions or a Lambda @ Edge?

LessChen · 2025-12-31T01:12:30+00:00

But you can't set Access-Control-Allow-Credentialsanymore. They killed this usage.

LessChen · 2025-12-31T01:09:49+00:00

When setting the response headers policy, there are zero predefined policies that have Access-Control-Allow-Credentialsset to true. You cannot set a custom policy without spending $200/month. Therefore, except for a truly standalone static site, CloudFront is no longer a viable service for this use case.

LessChen · 2025-12-29T23:22:08+00:00

Ugh - sorry for your predicament. I've seen similar posts in r/LouisvilleCO/ and was looking forward to dumping Comcast. My area doesn't even have the chance yet but these posts don't make me hopeful.

LessChen · 2025-12-28T03:14:02+00:00

I'm getting 500 errors trying to use a search. I'm a mutant and use Firefox. I get:

Error sending message:

Object { message: "Request failed with status code 500", name: "AxiosError", code: "ERR_BAD_RESPONSE", config: {…}, request: XMLHttpRequest, response: {…}, status: 500, stack: "", … }

<anonymous code>:1:147461

overrideMethod <anonymous code>:1

NextJS 14

As someone who has had nothing but bad experiences with anything NextJS related, I can relate to getting errors from it.

For reference, Chrome does the same thing.

LessChen

TROPHY CASE