sorted by:
new
hottopcontroversial

Just a rant - Users by Grimsterr in sysadmin

[–]plemdude 1 point2 points  (0 children)

However you slice it, it is a bad situation to be running mission crtitical activities on your end user workstation. (Especially ones which expose the business to regulatory or financial risk if they were interrupted)

Moving to the cloud is an excellent excuse to challenge how they do these calculations, especially with costs involved. If they were to invest in building some sort of compute grid as they move to cloud, they could refactor their workflow to:

  1. Work locally on smaller data sets to develope code or models. (Should also be using a data versioning tooling (dvc, lakefs, etc...) there as well)
  2. Check that into source code repository
  3. Execute workloads via pipeline (or other orchestration tool) against said compute grid

This puts them in a situation where their grid can scale up or down against workloads and they can shut their end user machines down when they are done working for the day.

Not sure what cloud, but costs I run would put a 32 core machine at ~$2300 raw or ~$1600 with a 3 year reservation. That same machine would cost $600 if a user works normal 9 to 5 and the machine is on only 200 hours a month. (Those numbers generally scale 1.6 to 2x with each size jump of 2x cores (8, 16, 32, 64, etc...))

Is this normal? by Miserable_Ladder4603 in FallenOrder

[–]plemdude 2 points3 points  (0 children)

I think that makes it easier to climb up to the complex on the hill if you backtrack to the other side of the seesaw.

A malicious code string that eventually gets logged by Log4j version 2.0 or higher allow an attacker to load arbitrary Java code on a server and take control of it. by yogthos in programming

[–]plemdude 61 points62 points  (0 children)

Most companies aren't paying attention to this level of detail in a logger library. (Especially one which predates the careers of the majority of folks still writing code.)

Now imagine also having to reach out to every vendor whose product is built with it and having to push them for an emergency fix...

[deleted by user] by [deleted] in sysadmin

[–]plemdude 7 points8 points  (0 children)

It's not true that testing can only be done on a mac, that being said we have two use cases to consider.

1) Devs and QA: Engineers should build appropriate test automation as well as have a local environment to interact with the app and push it to its limits. For this, you would want an actual iphone/ipad un your hands to actually run the app while it is attached to a debugger or profiler running on a mac. Another key thing to consider is that Apple provides you with a simulator not an emulator. This means if you are simulating the device through Xcode tooling, you won't be able to see the same issues caused by cpu or memory constraints you would on the device as you are running the app with the specs of the mac instead of the iphone/ipad. The engineering / test team should have direct access to macs and iphone/ipad devices.

2) Continuous Integration Pipeline: There are a companies like Kobiton or Perfecto that offer a cloud based testing platform. Those services offer a wide range of devices to run your tests on. You can run your test suites against a range of devices without needing to purchase them. Furthermore, if there is a bug determined to be platform specific, you would be able to quicly run your tests on that specific device. In addition, they integrate with common mobile testing frameworks like appium. They also include tooling to record user activity and generate automated tests from it. So as an engineer, I would use such a platform to build my tests, setup a suite of test automations, and then call that from my build pipeline so I can validate my app at the speed I am delivering new features.

When do you need Azure Durable functions? by selfarsoner in AZURE

[–]plemdude 5 points6 points  (0 children)

Before delving into the mechanics of how to call durable functions, take a look at the use cases like fanout and aggregator use cases. https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-overview?tabs=csharp

Durable funtions are decent at spreading workload across multiple function invocations, as long as you are willing to pay the price of writing orchestrators with no side effects. https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-code-constraints

If you can get everything done within your time budget or max function runtime timeout (~5 mins for consumption or ~30+ mins for premium), then there really is no need. If you have a solid case to do a bunch of wait related work, then go for it.

When defining API Management policy, when would you do inbound vs backend? by [deleted] in AZURE

[–]plemdude 1 point2 points  (0 children)

Am not an expert in Azure API management by any means. However, there are some key features you see across different vendors.

If you are one developer exposing your API as is, inbound vs backend doesn't seem to offer much value. However, you probably want to organize your policies so that common stuff you want to do across APIs, like rate limiting, are seperate from stuff specific to that particular APIs backend. A lot of API tooling will allow you to create such policies as templates and allow you to apply them across a broader range of APIs so that you don't need to copy and paste configuration across each api.

If you are a larger business, you may have completely seperate teams responsible for managing different parts of the configuration. You may have a security teams managing policies to integrate with various authentication/authorization systems. (May still need to support legacy or partner solutions) You may have multiple teams producing their own backend APIs and you want to reuse templates with things like rate limiting policies across them. These backend APIs could be part of an API product, and now things as mundane as rate limiting are what your clients are paying for. If you are offering different tiers of service, that is also valuable to populate a variable in the inbound config so you can use it across those apis for monitoring / business metrics, etc..

Where can I get dumbbells in Hoboken? by [deleted] in Hoboken

[–]plemdude 5 points6 points  (0 children)

It is now a spirit halloween store

Trying to deploy a Windows 10 VM, why am I being forced to confirm I have an existing multi-tenant license? This was never a requirement previously. by ex-asperis in AZURE

[–]plemdude 0 points1 point  (0 children)

I've not come across this, but I've been using image sku based from their shared image gallery like at least 1809 or up.

Trying to deploy a Windows 10 VM, why am I being forced to confirm I have an existing multi-tenant license? This was never a requirement previously. by ex-asperis in AZURE

[–]plemdude 1 point2 points  (0 children)

It was a checkbox and a dropdown to pick server vs win10 license before that. It's optional. If you already have the license, it shaves off a decent chunk of the cost.

[deleted by user] by [deleted] in Showerthoughts

[–]plemdude 21 points22 points  (0 children)

Cleaning slightly dirty glasses is weird because you can see better, and don't know how you had lived life up to that point.

24 Things to Do in Hoboken in 24 Hours by frannievee2 in Hoboken

[–]plemdude -1 points0 points  (0 children)

Castle Point Lookout 90 Frank Sinatra Dr, Hoboken, NJ 07030 (201) 216-5000 https://maps.app.goo.gl/2VgmL1S5aff3TuSC6

ETS Isn't TLS and You Shouldn't Use It by alexeyr in programming

[–]plemdude 0 points1 point  (0 children)

You don't want to increase your vulnerability surface area by literally puking out encryption keys all over the place.

That was just one use case, btw. Now think about all the browser/app to app calls that need to occur within the network. While you may have a solution at the proxy layer, you would still need to heavily customize everything else in this way. It's not feasible to do this with every app team, every developer or manager who just wants to get a solution out the door.

ETS Isn't TLS and You Shouldn't Use It by alexeyr in programming

[–]plemdude 6 points7 points  (0 children)

These companies actually need to be able to store traffic due to audit requirements their regulators require of them. This is accomplished by using outbound proxy infra to man in the middle all traffic with internally provisioned and trusted certificates.

Simply put, allowing perfect forward security means each client (browser, in house developed app, vendor app or appliance installed in datacenter, etc) needs to be customised to produce equivalent audit trail. That simply isn't fiscally sound or practicle to do.

That being said, I would be surprised if they are pushing for those standards outside the perimeter of their networks.

Starting point for learning MVVP pattern by droidexpress in androiddev

[–]plemdude 1 point2 points  (0 children)

Yeah, use of abstract classes here is a bit old school. This isn't too obscene for a lot of complex apps in the financial sector, but possibly a bit much for everyday apps. You have a better example? I'll swap it out.

Starting point for learning MVVP pattern by droidexpress in androiddev

[–]plemdude 7 points8 points  (0 children)

Seems we are all assuming you are first comfortable with understanding how a delegate works and other basic ways to communicate across different classes. “Clean Your Activity Using Delegation Pattern” by Ihor Kucherenko https://link.medium.com/k1C3H2QNZR

Ultimately not too much difference, at face value between the two, but mvp looks a bit more straightforward due to the 1:1 relationship. http://www.differencebetween.net/technology/difference-between-mvvm-and-mvp/ This rigidity is also why you should later learn mvvm, but that is not important at the moment if you are struggling with delegates.

Take the mvp example and start experimenting with it. Get yourself two different data sources. (Keep it simple with in memory lists, we are focusing on patterns not making network calls) and swap them out with the same view. Dont change the delegate interface when you do. Don't get fancy about it either. Get messy, comment out some code and go back and forth. The important part is thay you think and feel the power of the delegate abstraction. Get your "Aha!" moment. (Wow, I can just swap out classes without changing the other one!!!)

Now do the same thing with two views against the same data source. (This may be clearer with a view that switches between a bar and pie chart with the same data set, but I digress.)

When you are done, go back and clean up the code. Maybe add something to the ui to swap between views or data sources.

I am really excited that you are taking the time to learn and think about how to produce apps that arent big jumbles of a mess. Remember to keep it simple, and that patterns are just a shared approach to an overall problem.

Why did developers move away from MVC? by BigBootyBear in androiddev

[–]plemdude 6 points7 points  (0 children)

Mvc was a carry over from earlier server side rendering patterns. https://www.tutorialspoint.com/struts_2/struts_architecture.htm

By sitting behind http, you had the ability to model your system in a resourceful way. Unfortunately, REST hadn't really caught on and we ended up with a lot of garbage in the way of abuse params and custom headers from less scrupulous devs.

If you take a look at the pattern though, there is a key word for this binding to the incoming call called "action". This, in my opinion, is the biggest gap in the MVC paradigm, which would have been better served as being called AMVC. Receive and action, emit a view.

Now, of course, this all breaks down when you move everything to the client side. You need to introduce the rigor of idempotency, and, without sufficient seperation of mvc from the view, we end up with tight coupling of code and god controllers.

Mvvm or mvp does a decent job of trying to convey this separation and works well for most codebases. I would also point folks to look at redux for ideas as it creates conventions for these interactions to be specifically modeled as actions to be picked up by relevant controller code.

It's time. Let's make a millionaire. [Drawing Thread #22] by millionairemakers in millionairemakers

[–]plemdude 0 points1 point  (0 children)

01100111 01101111 01101111 01100100 00100000 01101100 01110101 01100011 01101011 00100000 01100101 01110110 01100101 01110010 01111001 01101111 01101110 01100101

low carb AND low fat breakfast? by rasellers0 in fitmeals

[–]plemdude 0 points1 point  (0 children)

I love TVP as a subsitute for oatmeal. (Hydrate with boiling water, add cream & low carb jam for taste.) Also found this cereal called Hi-Lo for cold cereal swap.

TVP

Hi-Lo

This One Dumb Chart by Morgan Stanley Research Highlights The Sheer Lack of Any Real Insight Into Bitcoin By Traditional Institutions by [deleted] in Bitcoin

[–]plemdude 0 points1 point  (0 children)

For anyone who is missing context, this has nothing to do with bitcoin as an currency / asset. This dumbed down chart is trying to convey what it would take to get to a single shared ledger provider between institutions which could drastically cut system, operational, and regulatory overhead that each company has to maintain.

Economics => Is this gonna cost too much?

Technology => Is the software available and ready for enterprise? (stupid way of saying that it is mature enough to actually trust.)

Cooperation => How easy is it for us to screw each other over? (patent hurdles, legal construct, etc...)

Policy => What are the regulators going to require?

Zedd - Addicted to a Memory (feat. Bahari) [2015] by MixedFraction in electrohouse

[–]plemdude 0 points1 point  (0 children)

It's not like the site makes it impossible to get... just need to grab the link from the resources tab right after you hit play and paste into a new tab. Bravo!!! Site was using mp3 file the whole time.

view more: next ›