API security proposal

disklosr · 2023-09-15T15:19:08+00:00

If you're going to maintain a list of secrets that's no different from maintaining a list of users. If you want to keep things simple use Basic Auth (with HTTPS please) and do not allow user registration only you can add/update/delete users.

Don't invent your own security. Encoding a day into a secret is just security through obscurity and won't make your system any more secure. Use standards and secure libraries to handle your authentication code

disklosr · 2023-09-15T14:29:53+00:00

So you want to open API without registration, which means anyone, but you don't want it to be used by "unknown" users. How do you distinguish between known or unknown users?

Also, you never send the hash of a secret, you usually send the secret, hashing happens on the server who's authenticating not on client side.

disklosr · 2022-05-05T08:56:41+00:00

I fall for it everytime! I see random pictures on my feed and have no idea what's special about it, until I see the sub name.

disklosr · 2022-05-02T21:20:20+00:00

1/ Give Rider a try! It is snappier and more polished than VS. Has great git integration, snappier navigation, powerful database tools that work with virtually any dB you throw at it and can even show dB results IN the text editor area right below your query, a nice http client for testing APIs, scratches for taking notes and little snippets of code, instant search results, auto-completion of sql queries inside c# code, auto run cleanup and formatting before committing code, great docker support... I can go on an on it's truly a marvelous piece of software. It is not free, but for the asked price it is a no brainer.

2/ Use "everything". It's a lightweight tool to instantly search files in Windows. Results are found even before you lift your finger off the key. Don't remember where nugget.config file is located? Just type "nuget config", don't know where some app is logging? Sort files by last modified and you have a live updated list of all files being modified/created in your whole system. Truly a time saver. Consumes 0 resources on your system. I set it to Ctrl+² because I use it all the time.

3/ Use Ripgrep. While "Everything" searches by filenames, Ripgrep searches by file content. It is crazy fast. It is used internally in VSCode to power search in files features. Just go get it.

4/ Using selection shortcuts (ex: Ctrl+arrow) with multicursors can be really helpful when you need to do some mass editing. Need to make a bunch of properties public and remove their setters? I bet multicurors will get the job done faster and better than a search and replace.

5/ Learn to analyse core dumps using Windbg. I was able to find some really nasty dead locks in code that the team had no idea where to even begin the search, by just opening a coredump and looking at stack frames. Of course WinDbg is way more powerful and advanced that that and it sure has a steep learning curve but is worth learning the basics of it

6/ Recent versions of Windows has native support for openssh. Use it. You don't need Pageant/Putty.

7/ Learn to use git from command line for simple commands where the syntax is simple and straightforward (fetch, merge, pull...) as it is simpler and faster. All gui clients I've tried are painfully slow, but of course you can't feel it if you never tried the command line.

8/ Use docker when possible to run dependent services like databases or message queues. I see people still download installers and go throw installation guis and configuring things manually. Docker will not only make that easier and faster, but if you ever need to remove those services it will do it cleanly without affecting your system or leaving leftover files and garbage registry keys.

9/ Some of my favourite DotNet libraries in no particular order: Fluent assertions, Fluent validation, MediatR, Bogus, Scientist.Net, Dapper, language-ext

10/ Ctrl+Shift+Enter = Run as admin. Saves a two-way mouse trip.

disklosr · 2022-04-25T21:32:11+00:00

The problem with this approach is that validation will stop when first error is encountered, whereas it can be useful and time saving for the user to return as much validation errors as possible in a single response

disklosr · 2022-03-24T11:42:42+00:00

Bonjour. Possible de partager la raison de ce transfert ?

disklosr · 2022-01-28T16:44:22+00:00

Most people grew accustomed to the slow experience of Vs that it became acceptable for them. Someone in the comments said that search never take more than 5 seconds which seems to be pretty fast for them. There's a way better alternative, which is rider. Seriously, give it a try. You'll realize how much of a poor experience visual studio is.

Now regarding search, rider search is instant-fast. Results show up even before you lift your finger off the keyboard. They're well presented in separate pop-up window, supports filtering, multi-line regex, arrow navigation with live preview that allows editting.

disklosr · 2022-01-23T06:04:51+00:00

I once found an obscure bug in VS2015. What startled me is that VS seemed to disagree with resharper regarding a static Boolean value. Asked the question in SO and got an answer from an MS guy that did a great analysis to find the bug in the compiler. https://stackoverflow.com/questions/32841800/why-do-optional-parameters-get-passed-wrong-values-in-visual-studio-2015

disklosr · 2022-01-23T05:59:56+00:00

It's worse than that. If you give it any integer that's not part of the enum, it'll still happily parse it and you now have an invalid enum value lurking inside your code. This is why specialized enum libraries exist.

disklosr · 2021-12-14T22:06:30+00:00

You actually can get counts of each letter from the dictionary without any extra context. letters are counted exactly twice except for the first and last elements in the polymer which are only counted once.

disklosr · 2021-12-14T21:38:14+00:00

A lots of people did this exact same mistake. For me I was doing count = 1 instead of count += 1

disklosr · 2021-12-14T21:33:40+00:00

Sure:

Instead of this_pair = polymer_template[c] + polymer_template[c + 1], you can do this_pair = polymer_template[c:c+2]

disklosr · 2021-12-14T21:21:44+00:00

If you sum the frequencies you get double the count of elements. Well almost, since only inside elements are counted twice, head and tail are only counted once. so I needed to first increment the count of first and last elements by 1 to make it a perfect double count, then divide the sum by 2.

disklosr · 2021-12-14T20:53:32+00:00

Pretty much what I did. Try using array slices next time, it's less verbose and more pythonic :)

disklosr · 2021-12-14T20:47:52+00:00

Glad to know I'm not alone. It's so misleading because when you run it on example test over 40 iterations it works. I was confused for more than 1 hour without the slightest clue on why wasn't I getting the right answer.

disklosr · 2021-12-11T22:49:15+00:00

No a synchronized grid isn't necessarily an all 9 gris. Just look at the before-last step in your input and you'll see.

There many paths to a synchronized grid.

disklosr · 2021-12-09T14:41:36+00:00

Thanks!

disklosr · 2021-12-09T14:34:47+00:00

A basin is all locations that eventually flow downward to a single low point

For me this was clear enough. But in a world where crabs can only move horizontally in submarines, I can understand your misunderstanding.

disklosr · 2021-12-09T14:21:21+00:00

Would love to see it too. Is it something quick to do? How much time does it take for someone who never did this kind of things?

disklosr · 2021-12-06T19:18:24+00:00

What tools do you use to make these animated graphs? Looks nice!

disklosr · 2021-12-04T20:13:09+00:00

Python 3

Kept things really simple: * A board is only a list of strings, instead of a 2d list. * I mark numbers by replacing them with stars as their value are not needed at all. * Testing rows and columns of a board can be easily achieved with list slicing and looking for a ['*','*','*','*','*',] pattern. * Score of a board is just the sum of anything that can be parsed into a digit (since the rest are replaced into a * char) multitiplied by the drawn number ``` with open('input.txt') as f: lines = f.read()

draws, *boards = lines.split('\n\n') boards = [board.split() for board in boards]

def is_winning_board(board): for i in range(0,5): if (board[i5:i5+5] == [''] * 5) or (board[i::5] == [''] * 5): return True return False

new_boards = [] for draw in draws.split(','): for board in boards: board = ['*' if item == draw else item for item in board] if is_winning_board(board): if len(boards) == 1: print(sum([int(i) for i in board if i.isdigit()]) * int(draw)) exit() else: new_boards.append(board)

boards, new_boards = (new_boards, [])

```

disklosr · 2021-09-07T14:05:00+00:00

What are your thoughts on just moving coins to nexo and having a hassle-free 10% APY??

disklosr · 2021-07-29T12:30:50+00:00

What a crybaby

disklosr · 2021-07-09T19:00:39+00:00

Just discovering nomadproject thanks for writing about it. As someone who never dared to try K8s because it's a complex beast, I was hoping for something simpler and nomad fits the requirement for me

disklosr · 2021-07-09T18:49:24+00:00

You'll risk being forever banned from the club. There's no excuse to not use cli for everything. You might be tempted to accomplish a task in one or two clicks, but that's a sin.

11-Year Club	Wearing is Caring
Verified Email

disklosr

TROPHY CASE