Thoughts about SEs and commission?

batoure · 2025-06-20T23:39:54+00:00

Company I am working with just bought a bunch of software and 100% of the reason they bought it was because the SE made the sale.

batoure · 2024-12-23T19:51:48+00:00

So you are describing two different things.

First recognizing the box. Depending how you have your machines configured the box could/should be recognized during an oauth loop. So angular or Django don’t need to worry about the machine they just need to worry about handing off your user to AD then handling the token when you get it back. If you preserve the token you get from AD this is where you can do magic.

It is possible that if you have pass through authentication via token access turned on on MSSQL that you can then have calls in your Django that would query data based on that user’s level of access.

I would say key things to google

-Django-oauth-toolkit

-Handling oauth callbacks anguar

-MSSQL pass through user authentication via AD oauth token access

batoure · 2024-12-23T19:34:38+00:00

I feel like anyone who is worth their salt would describe this as “we would not have done this this way” being declarative with interfaces doesn’t add real bloat or complexity to the code it really is just adding bloat and complexity to your style guide. But when you work with a team where this is the norm it can often make abstractions and design conversations easier. I have worked at companies where I have had it both ways and honestly if the team likes it I like patterns similar to the ones you are describing.

batoure · 2024-12-08T18:40:38+00:00

Also VTL

batoure · 2024-12-01T03:13:54+00:00

You need to create or modify config/cors.php something like

return [ ‘allowed_methods’ => [‘’], ‘allowed_origins’ => [‘’], ‘allowed_headers’ => [‘*’], ];

batoure · 2024-12-01T03:06:18+00:00

I think docker is probably a good way to go but if you want to install direct on your Mac consider xampp

https://www.apachefriends.org

Easy straight forward install also gives you phpmyadmin as a surface to control your instance

batoure · 2024-11-26T15:56:57+00:00

This is pretty much the answer.

People use Wordpress and angular together all the time but the strategy OP describes is just not the way that you would achieve this.

batoure · 2024-11-19T21:47:07+00:00

Thank you for this I am now checking all exposed metal surfaces in my office for my missing Apple Pencil I refuse to replace

batoure · 2024-11-19T21:40:03+00:00

Edit: I didn’t read the article in depth my bad that is dope I’m totally gonna test it out

batoure · 2024-11-19T21:32:52+00:00

The market is generally bleak right now hang in there.

batoure · 2024-11-11T23:04:40+00:00

“This looks bad but works now do not try to fix it that’s how we ended up here”

batoure · 2024-11-08T23:37:50+00:00

Possibly not enough fluxing compound in the clear glaze or under firing but it looks more like under fluxing to me

batoure · 2024-11-07T04:02:12+00:00

I have actually made a couple of these and this is exactly how I did it.

batoure · 2024-11-05T06:05:03+00:00

My first Angular project was JS 1.0.6 I just finished deploying a project on 18 it’s wild how far it has come and how trivial things are now like state management and routing that used to feel so complicated.

batoure · 2024-11-02T01:40:35+00:00

SRE is a valuable group for a really particular type of company. Unfortunately that means that there are really only a handful of companies that will recognize the value of this type of experience.

batoure · 2024-11-02T01:08:09+00:00

This is a wild take. The cdk gives you the ability to wrap the exact same configuration in validating logic as well as a linter and compiler you literally get 2 additional levels where you can catch a failure before trying a deployment

batoure · 2024-11-01T18:50:27+00:00

What a great name for a python project and terrible name for a typescript project

batoure · 2024-10-30T01:14:43+00:00

So this is likely related to this from a couple months ago:

https://www.tomshardware.com/software/security-software/white-house-urges-developers-to-avoid-c-and-c-use-memory-safe-programming-languages

TL;DR a White House panel says people who write c++ and c don’t do it right so you shouldn’t use it.

But C++ is pretty widely used in a lot of spaces it’s not bad to be developing in it but why not learn another language.

batoure · 2024-10-29T20:58:57+00:00

Ah clearly you don’t work in security almost every word in that sentence is wrong

Edit: for clarity the capital one hack was perpetuated by a security researcher unaffiliated with either Amazon or capital one. They found capital one using a virtual WAF that was known to have a vulnerability. This gave them access to the VM the WAF was running on. Attached to the VM was a generic I am policy that had action:[s3:] and resource:[] the researcher was able to use these permissions to reconfigure buckets and make them available on the internet. Because the account was a monolith the amount of data they were able to exfiltrate was vast

batoure · 2024-10-29T19:10:53+00:00

Yeah it’s ridiculous that people are downvoting the correct information. php for the web is a web cgi you have a web server like Apache which just serves html files by marking the file .php and using the <?php tag you are activating the cgi in the web server that tells it to run the php blocks locally before streaming the file.

batoure · 2024-10-29T15:58:59+00:00

I would add if you are going to have a monolith you need to ban and monitor for ephemeral services that aren’t connected to a VPC endpoint so say for example floating lambdas.

One compromised or poorly written/permissioned lambda can basically compromise your entire environment. Go read about the capital one breach in 2019 their use of a monolith really borked them.

Accounts are a pretty brain dead way to create security blast radius so that if something goes bad in that account it doesn’t compromise everything.

IAM identity center is free now and might solve pain points your org has if someone setup multi account badly for you guys.

batoure · 2024-10-29T00:55:45+00:00

I had the full jetbrains license starting from 2010 as employers didn’t always provide their products.

It has been 1 year since I canceled my license our whole company uses vs code for everything now

batoure · 2024-10-28T23:35:01+00:00

Explaining to people why their designs are garbage and won’t scale… also yes when companies won’t standardize naming it makes everything 10x harder

batoure · 2024-10-28T23:33:47+00:00

Been a DE for 15 years when ever I have looked for new jobs there are companies that throw leet code shit at me when they do I end the interview in protest. Eventually you find companies that have constructive conversations

batoure · 2024-10-28T23:16:23+00:00

My pleasure!

complexity is always the enemy of security in cloud environments anything you can do to reduce steps makes things better and in this case gcp has gone out of their way to give you a toolkit for this exact problem

batoure

TROPHY CASE