The Official Status Thread
-
@tsaukpaetra What, and take one of their places?
-
@pie_flavor said in The Official Status Thread:
bolded text****
Wow, 6 downvotes? People really don't like emojis, I guess?
-
STATUS:
Just went through another meeting where the production team complained why they yet again had to stay late and work unpaid overtime to meet the deadline. Boss and I introduced them to concepts such as "paper trail" and "corporate blame game".
-
@rhywden said in The Official Status Thread:
Status: So, tomorrow morning I'll do that supervision thing where I watch another teacher and afterwards talk to him or her about the shown performance.
So, that's over with. I still can't quite say if my performance was adequate or maybe even good but I'll go out on a limb and say that it wasn't bad. No immediate red flags in my mind and I'm actually feeling good, happy even (though that's probably more due to my biggest worry being over).
Thankfully it was not an ideal lesson so we had plenty of stuff to talk about - I hope I set the right priorities because the allotted time wasn't enough to touch it all.
I also didn't get the feeling that the teacher I supervises felt uncomfortable and his opinions on what went wrong were similar to mine, so it actually was a comfortable discussion.Let's see what tomorrow will bring.
-
Installed a pull-up bar in my sons' room's doorway. Smashed my head on it three times so far today :(
At this rate I'll be a Creationist by the end of the week.
-
@jaloopa said in The Official Status Thread:
Status: bolded text
C-section in 6 and a half hours, after which I'll be a father of two.
Scrubs on, almost ready to go into theatre
-
@tsaukpaetra said in The Official Status Thread:
Hey, at least it asked me this time, unlike last night...
It probably did... (ticktockticktock). Welp, no answer yet so let's assume "yes". (reboot)
(hehe, that 1px dialog works wonders!)
-
@heterodox said in The Official Status Thread:
I am going to rip puppies in half with my bare hands.
-
@cartman82 Brainless, trite, and boring.
-
@jaloopa Are you delivering your own baby?
-
@hungrier He's certainly not gonna trust UPS with it
-
STATUS: In a fun twist of events, I both got a major water leak (in a contained system, aka my toilet) and my internet went down fully at about the same time, right before I was going on a vacation and having an extra busy time around that. So, the water leak is now fixed (by fully disconnecting the toilet) but the internet connection is still down. I may need to get out on the roof again to take a look at my ugly monkeypatching and see if that broke fully from the snow starting to melt or something. Yay...
-
@pie_flavor said in The Official Status Thread:
@tsaukpaetra What, and take one of their places?
No, just have her switch over to me. The other two guys don't even know (apparently).
-
@coldandtired said in The Official Status Thread:
Installed a pull-up bar in my sons' room's doorway. Smashed my head on it three times so far today :(
At this rate I'll be a Creationist by the end of the week.
Per @LB_ , maybe you should keep your eyes open...
-
@jaloopa you're quite handsome, I think.
-
Status: a painful blister-like thing on something that should not have a blister. Sitting is not fun...
-
STATUS:
I pushed my team to give my code a review.
It was very useful. I've been missing out.
-
@pie_flavor We once had a user who spammed like you. They told him to stop, but it kept happening. You've at least gone with short, @fbmac -level spam. But it appears people are getting annoyed. Far more annoyed with you than you are with Lorne. Grow up.
-
Status: In a duel to the death with a Raspberry Pi.
Trying to get a fully hardware-accelerated video pipeline up is like pulling teeth.
First I could only get hardware accelerated H.264 decoding working but rendering to the framebuffer was using most of the CPU. An exercise in 'why the bloody hell can't I make any existing video player consume a pipe properly' followed. Then I decided I should use RSTP on a local port. Nothing wanted to consume that properly either. Now I'm discovering the joys of KMS and trying to render to an OpenGL surface.
I had OpenGL working, briefly, then after a reboot it was mysteriously back on the software renderer and I can't work out why
-
@hungrier said in The Official Status Thread:
@jaloopa Are you delivering your own baby?
No, but I was allowed in the operating theatre while qualified people did the delivery
-
@tsaukpaetra said in The Official Status Thread:
@jaloopa you're quite handsome, I think.
My wife apparently agrees, otherwise we wouldn't have had two children together
-
Followup: As I suspected, the melting snow had torn my phoneline apart. Now fixed, and also got my connection speed restored from fixing it. Yay! (Back to ~13/1 Mbit/s rather than 0.7/0.1 Mbit/s.)
-
@tsaukpaetra said in The Official Status Thread:
Hey, at least it asked me this time,
Alright, rebooted, cool. Log in, greeted by:
Yes, Edge opened up automatically with no URL. Also the page is apparently scrollable, but you can't tell unless you try (though I think the disappearing scrollbars is a default thing with Metro apps, natch).
Also my cursor turns into "busy.ani" when over any part of the toolbar, like the address bar, tab, or close buttons.
Oh weird, it just decided to close itself. Well, whatever I guess...
-
@tsaukpaetra said in The Official Status Thread:
it just decided to close itself
Edge knows the best way to use Edge
-
@lorne-kates said in The Official Status Thread:
.... fuck you you fucking stupid motherfucking asshole shitfuckers. You goddamn idiots take away all textual cues and move everything around, because "lol easier grumpy cat!", and then you take the icon that means "here be your account settings", and hide the fucking Log Out option there?
"Log out" is an account-level thing. It has nothing to do with the computer's power.
I'd argue "Disconnect" is also account-level thing, but I can see arguments for putting it under the power icon too.
@lorne-kates said in The Official Status Thread:
Not under the "power" settings where every other goddamn version of Windows has had it?
But why would you expect it to be there? Simply because "it's always been that way"?
@lorne-kates said in The Official Status Thread:
And to top it off, you put a motherfucking "DISCONNECT" option there, which sounds like it SHOULD be logoff
Disconnect is not log off. It's disconnect. It's the RDP version of "fast user switching", you stop using the computer but you also stay logged in to it.
That's always been true for as long as the "disconnect" option has existed.
@magus said in The Official Status Thread:
Is this a Windows 8 thing?
It's like a Windows Server 2016 thing.
And a "Lorne Kates has a completely ossified brain and apparently can't handle change of any sort without sputtering with rage" thing.
-
@heterodox said in The Official Status Thread:
@dcon said in The Official Status Thread:
@heterodox said in The Official Status Thread:
This is not a good season for a lack of hot water. Can't even fill a quarter of the tub before it goes lukewarm.
I love my tankless heater. Never runs out of hot water!
Compiled some anecdotal data and it seems to me that I only get any significant volume of hot water when the HVAC is off.
I know nothing about home... stuff... at all, so I really don't understand how those two systems are connected, but that seems to suck.
So, I procrastinated on entering a service request about the shitty lack of hot water for a year or so.
Then my complex announced they were replacing our hot water heaters with tankless ones. I've heard mixed reviews of tankless water heaters, but didn't really have a choice.
Just had a looong hot bath yesterday, and it only took running the tub once to fill it. The lesson I take from this of course is that procrastination pays off. Ahhh.
-
@jaloopa said in The Official Status Thread:
Scrubs on, almost ready to go into theatre
Your cellphone's not going to survive the autoclave.
-
@magus spoilsport.
-
@tsaukpaetra said in The Official Status Thread:
Well, whatever I guess...
Goddammit, Windows, get the fuck out of my way!
-
Status: Trying to talk myself out of having to write really annoying code.
Users can use our app, and have their own hierarchy of usage per client. Admins can, of course, revoke user access. When everything is working correctly, the user will immediately see a window saying they're about to be logged out.
Sometimes they don't see that window, and there's nothing preventing them from using their token to access our REST API. Until the token expires. In 5-30 minutes.
My thoughts? "Whatever, it's not like they get warning."
Others want to proactively invalidate their token.
-
@magus said in The Official Status Thread:
nothing preventing them from using their token to access our REST API.
Ah, yes, see this is what eventually caused me to have to write a session validation token thingy and decorate basically all the api controllers. Code available on request, but it does assume you store sessions with partial tokens somewhere...
-
@tsaukpaetra We have something that kind of does that, but I don't see it as a problem anyway. Sure, they may have a session open, but if so, there's no indication they will be locked out, so I don't know how realistic them doing as much damage as they can is.
-
Status: Found this wonderful option called "Precompile during publishing" that's been instrumental to helping me find all the shitty views that have brokenness in them that don't get caught during a normal compile.
I've been deleting forgotten stuff left and right all morning...
-
@magus said in The Official Status Thread:
Others want to proactively invalidate their token.
You need to do this if access is restricted due to admin action.
-
@blakeyrat That is the scenario we're talking about, but I still don't fully buy the idea that it absolutely, 100%, needs to happen as soon as possible. It won't be able to be refreshed, and I would think that would be plenty, given the timespan we're talking about.
-
@magus said in The Official Status Thread:
That is the scenario we're talking about, but I still don't fully buy the idea that it absolutely, 100%, needs to happen as soon as possible.
What damage can a rogue user with a valid token do?
Unless their only permission is "view", then generally the answer is a lot of damage. Delete the customer database. Change everybody's address to "123 Fuck You Street", etc. (Even with "view" permissions they can do a lot of damage. For example, call up Competitor Company and say "hey that meeting you have with Company next Wednesday is cancelled, we're not interested in a deal anymore" or something similar.)
In the vast majority of systems, you need to restrict access immediately for that very reason.
-
@blakeyrat Basically, I don't think there's any PII in our system, or any ability to delete things. They could definitely make some numbers come out wrong on some reports, which would be bad. But the only way they can act is if they know they will be locked out and already have a valid token.
I agree that they can do dangerous things, and that it would be better if they couldn't. But I don't really think it's feasible. It would be hard to take advantage of. So there's risk, but I don't think it's urgent.
-
@heterodox said in The Official Status Thread:
I've heard mixed reviews of tankless water heaters
That's what I put in when my old tank decided to spill. In the basement. With no sump pump. I've been very happy with it.
-
@magus said in The Official Status Thread:
But the only way they can act is if they know they will be locked out and already have a valid token.
This doesn't make sense to me. They have a valid token, they start sabotaging results, your administrator quickly restricts permissions but since the token is still valid, they can continue to sabotage reports.
Their knowledge of whether the token is locked-out or not isn't a factor in how much damage they could do to your company... is it? If so I don't get why.
@magus said in The Official Status Thread:
I agree that they can do dangerous things, and that it would be better if they couldn't. But I don't really think it's feasible. It would be hard to take advantage of. So there's risk, but I don't think it's urgent.
All I can say is I disagree wholeheartedly.
Even if, on your particular system, you don't consider the risk to be important enough, it's still a best practice to instantly enforce restricted permissions. If it's worth building, it's worth building right.
(And to chide a bit, this should have been part of the software's design from day one, not something you're patching in now after it's already built.)
-
@blakeyrat said in The Official Status Thread:
Even if, on your particular system, you don't consider the risk to be important enough, it's still a best practice to instantly enforce restricted permissions. If it's worth building, it's worth building right.
(And to chide a bit, this should have been part of the software's design from day one, not something you're patching in now after it's already built.)I'll admit that this is partly reluctance to work with the code for this stuff currently in the application. We inherited this, and the people who built it are all about layers. There are maybe 10 different classes that seem to do similar things with authentication tokens, and none of them are anywhere near any of the authorization code.
I've spent hours trying to learn if there even is any place I can do this properly.
-
@blakeyrat said in The Official Status Thread:
it's still a best practice to instantly enforce restricted permissions. If it's worth building, it's worth building right.
(And to chide a bit, this should have been part of the software's design from day one, not something you're patching in now after it's already built.)
Which is why the default MVC 5.0 or whatever sample project that introduces authorization and roles and etc. do exactly this.
Best practices, taught by Microsoft themselves!
-
@tsaukpaetra This even is MVC, but with way more layers :/
-
@magus said in The Official Status Thread:
but with way more layers
-
@magus said in The Official Status Thread:
@tsaukpaetra This even is MVC, but with way more layers :/
Sorry sorry, wasn't picking up on my sarcasm there...
-
@tsaukpaetra ? There wasn't any, as far as I know, except in your post.
-
Apparently the new Contract "Love Me".
I am just making cash money.
-
@japonicus Get fucked mate.
The only thing Tommy Robinson said is that Muslims can be bad people too and Islam in certain religious sects of it are poisonous.
Considering we have had Rotherham and Telford grooming gangs that made Jimmy Savile look like a fucking amateur sex offender.
I am perfectly fine with sects of Islam such as sufi-Islam ... with Wahhabism (basically ISIS etc) nope.
Tommy Robinson never said anything that was racist. He complained about Radical Islam.
I dare you to find something racist he has said, because he hasn't said anything that was.
Also so fucking what that one person spoke to another. Just because you spoke to someone doesn't mean that you hold all their views and beliefs. My step brother is a proper racist (actually believes it), and I speak with him, I think the guy is a piece of shit for his views, but he is still my brother.
-
@magus said in The Official Status Thread:
@tsaukpaetra ? There wasn't any, as far as I know, except in your post.
Ah... um... Yes?
Anyways.
-
Status: Apparently UE4's ini file parser doesn't like the character sequence
\Ti
and just erases it from the string. Huh.
-