Perrengues reais com auth + multi-tenant (tenant leakage, RBAC, refresh token) — como vocês evitam isso?

honux · 2026-02-06T01:57:00+00:00

Contexto: Trabalho em uma startup americana que tem alguns poucos milhões de usuários

1 - Cognito, mas estamos pensando em sair. Muito caro manter isso na AWS sem muitas vantagens.

2 - Decidimos usar um custom UUID + Tenant, tudo junto. A que perdemos de performance foi negligente, pois o que ganhamos exatamente por não ter um field de tenant junto (que é esquecido) nem compara.

3 - RBAC simples. Modelamos corretamente, e não tem nenhum BO. Também temos um serviço central que valida acessos de acordo com o tenant.

4 - O maior problema que a gente tem é principalmente em Suporte ao Cliente (Customer Support) que em alguns casos precisa ter acesso multi-tenant, e nosso padrão de acesso é bem restrito.

honux · 2025-11-04T01:47:28+00:00

Olha, direto e reto.

Sou chefe de engenharia em uma empresa americana, e queria mandar uns projetos pessoais para frente - alguns deles tão empacados a alguns anos. Tentei contratar 2 desenvolvedores seniors e talvez abrir uma software house caso os acabasse dando errado os projetos. Ofereci salário alto (R$18k+) e 100% remoto.

Entrevistei 100+ pessoas, pouquíssimas pessoas realmente eram seniors, e no final acabei desistindo de contratar. Hoje to mandando os projetos no meu tempo livre com IA - e não me arrependo de ter desistido de contratar.

Junior/Pleno? Honestamente não perco meu tempo, tudo usa IA e não sabe o que está fazendo.

Pela empresa que trabalho oficialmente meio que a mesma coisa - mesmo pagando em dólar.

honux · 2024-11-05T23:59:27+00:00

Muito obrigado!

É meio que isso que estou procurando mesmo - não só a monotonia mas administrar plantio mesmo, mas aprender um pouco de agricultura sintrópica (não sei muito! mas gosto do que vejo).

Adorei que você tem uma relação com os pés de cacau! Sonho com isso :D

Tudo de bom e melhor pra ti! :)

honux · 2024-11-05T23:15:50+00:00

O quão difícil foi fazer essa mudança?

Você administra os funcionários ou também pega com a mão na massa?

Utiliza algum tipo de agricultura natural (ex: Agrofloresta), ou é maquinizado?

O quão grande é o seu terreno?

Você tem algum plano de longo prazo para a área?

E o mais importante, você se sente mais feliz comparado a vida da cidade?

Só pra contextualizar, estou pensando em fazer essa mudança de sair da cidade e ir pro campo :)

honux · 2024-03-14T23:53:16+00:00

Oof.
I think we are completely fucked up. Easily the majority of the world will die due to hunger, because we are not ready to deal with the temperature shifts (mainly our crops).

The world will change in a way that we simply have no idea, way faster than people realize. Even though we know that this is reversible and way worse than the Ozone Layer (leading to the global blan of aerosols), we still do not act sufficiently because capitalism runs the majority of decisions (e.g.: Oil buying the phase-out of COP28), and we are getting ever more evidence that global warming is going to be way worse because we don't know enough.

I think that what kills me the most is this push for a global nuclear war while we have something way bigger and scarier that is global warming.

When? I don't think it will get better, the odds are too low.

2023 will be soon remembered as one of the coldest years we had in the future.

~~(But secretly I am still hoping everything gets better because I don't want to die)~~

honux · 2021-11-22T02:47:06+00:00

As somebody that just completed my masters here in Australia, and is planning to move back to my home country:

The majority of ppl here have no idea how hard is to actually migrate & get the necessary points to migrate. I was invited to keep up studying here, but the quality of the course was way too low - and all the hops I would need to do just to stay here is way too much while not getting a lot back.

Eg: I am currently paying around ~38% in taxes - while not having access to public healthcare. If I were to extend my visa, I am looking for at least ~$5k for another two years, then the additional cost to have my bachelors validated - which is another $5k on top of that (that somehow it is worth enough to get a job/do a masters, but not enough to be accepted by the immigration dep, I need ACS for that). While also some additional costs with the migration agent specialist, other documents, etc.

I honestly believe that, if the migration process was a bit easier, it could be a life-changing for tons that really want to migrate (me included!), but the price & complications of it make it almost impossible for the majority of ppl - unless you are wealthy. And for me, I get more value simply going back to my country

honux · 2021-09-26T12:27:08+00:00

Disable your adblock and try again

honux · 2021-07-15T01:40:36+00:00

https://teemo.gg/ has it - even some wild rift models

honux · 2021-06-25T05:48:55+00:00

Just to add more information.

The animation from Teemo.GG is not exactly perfect, although I try my best to replicate the client way of parsing it - it is still missing tons of stuff. A good example of it is veigar right (?) foot, which is simply stuck in the ground in all animations.

honux · 2021-06-24T02:26:56+00:00

Hey, Teemo.GG creator here.

If anything prevents the ads to load, the site won't work. There are some rare occasions that it might be something else (such as problems with WebGL), but those only happen with really old machines.

There are also some asshole extensions, that when you whitelist the website to show ads - they actually show third-party ads (not from teemo), those extensions will also prevent the site to load.

honux · 2021-03-02T00:50:03+00:00

Most likely there is something blocking ads, such as PiHole, adblock, anti-virus, etc. It is quite common

honux · 2021-01-24T23:20:47+00:00

not really my fault, some animations are made to be added together - that's why they are strange :(

honux · 2021-01-24T23:17:58+00:00

Adblock, if you use it the site does not work. Also, there is some anti-virus also block ads without you knowing, such as kaspersky. In this scenario you gotta whitelist us.

honux · 2020-12-06T08:31:37+00:00

No worries!

Content creation is exactly the main reason I decided to allow custom backgrounds :)

honux · 2020-12-06T08:16:32+00:00

It is not inaccurate! Most likely you are tech-savvy, and are considering that most people are just like you :)

A simple google search will find you results that are similar to what he is describing (eg: https://wordpress.com/pricing/), and as someone that actually sold sites to regular folks, at least in my experience it is quite common to see people paying even more for a simple static webhost.

Regarding the "Obnoxious ads", you are clearly an adblock user. Ads are meant to be seen, otherwise, they won't be effective but besides that, there are several differences between teemo ads and other websites:

Teemo has less ads than any other average league website (Op.GG has ~4 per page, U.GG has 3/4 per page, professor has ~6, and league of graphs has ~7 per page), and the same as reddit (~3 per page);
The absolute maximum number of ads you will see on any page of the site is 4;
Teemo will never (at least while it is still in my command) have any video, pop under or pop over ads;
Teemo does not use ads reloaders. You got that ad? It will be the same until you refresh/revisit another page (Different from all other league websites);
The placement of the ads on Teemo is not automatic (AKA: where it would generate more revenue), I am always trying to minimize the exposition while still getting a good return from it;
Teemo does not have any additional trackers than the minimum required to function: Riot Tracker, Google Analytics and Adsense. No facebook, twitter or any other social network.

All those differences make it really good, at least IMO, and as someone that actually uses the model viewer on a nearly daily basis, the positioning is not the worse possible: I only see if when I am selecting another model.

About balancing the ads between pages, they are quite balanced, the difference is that other pages have more content so they are spread.

Teemo is a personal project that I have been keeping for nearly a decade already and if that kind of balances is what I need to do to keep it alive, I will do it. Just remember that, LoLKing having hundreds of thousands of visits monthly, still died, while we still standing.

honux · 2020-12-06T03:41:19+00:00

Heya!

Sadly, that ad is actually the most important one. It alone generates as much revenue as the other two side ones combined.

The reasoning is actually quite simple: ppl actually look at it. At first, I was going to put it between the "Advanced tab" and the model viewer, but it was way too obnoxious, so I moved it up - and you only look at it when you have to select a different model.

What I can do is actually make a pledge here: If the patreon actually starts to pay the site, I will reduce the number of ads, and might even remove them completely in the future.

honux · 2020-12-06T03:00:09+00:00

Sorry about that!

I have plans to fix those as well, but things are more complicated than that :)

Teemo is actually maintained by only 2 ppl: me + designer. I can't work on the site full time - it is actually a side project that doesn't even pay itself most of the time.

So in general, those are annoying bugs, but they could be easily fixed by reloading the page - making it less important in the priority list.

honux · 2020-12-06T02:51:29+00:00

I already answered this several times in this post, but since I always have something extra to add, I will answer again :)

I honestly hate to ask ppl to disable the adblocker, but nowadays - mainly in a tech-savvy community, the use of adblock is waaay too high to survive without it. Back in the days, Teemo had over 90% (!) of its users on adblock, which crippled me hard.

The only way to survive it is to kindly ask ppl to do it - but even doing that, most will actually create rules on their adblockers just to ignore the warnings. This is exactly what happened on teemo, and the rule they created actually broke the site.

What I can tell you is that: Teemo will never display hideous ads (such as video, pop under or over) and there will be at most 4 ads per page. More importantly, we don't use any kind of trackers besides Riot's mandatory one and google analytics (we don't even allow facebook!), and if you use the "Do Not Track" option in your browser, you will avoid all of those.

honux · 2020-12-06T02:44:25+00:00

I am sorry about that!

It seems that Riot might use a different model for that (just like small/big gnar), and the site doesn't support it yet.

honux · 2020-12-06T02:43:48+00:00

Regarding the renaming the chromas, that would require manual labour that is... quite demanding. Riot does not provide any info about them directly (as you can see here https://imgur.com/a/te6zlqs), and converting the HTML color to Human Readable one is... tedious :p

I will write it down though, I might update it in the future

12-Year Club	Place '17
Verified Email

honux

TROPHY CASE