|
revmoo posted:I think they're just afraid of change tbh. I've trained 7-8 developers over the years on Git and I've never once had someone that struggled to pick Git up. http://stevelosh.com/blog/2013/04/git-koans/
|
#
?
Oct 2, 2015 16:35
|
|
|
|
| # ? May 16, 2024 13:31 |
|
|
revmoo posted:I've written up a pretty nice little cheat sheet that makes it easy. I'd be interested to see this if you're willing to share.
|
|
#
?
Oct 4, 2015 04:33
|
|
|
Actually nevermind.
His Divine Shadow fucked around with this message at 13:25 on Oct 5, 2015 |
|
#
?
Oct 5, 2015 12:54
|
|
|
I'm not sure if this is a good place to ask this, but do all SSL certificate services require you to enter your personal information even if the cert is intended for your employer? A friend pointed me to StartSSL for their free tier 1 certificates. I tried registering with our business address but afterwards I received an e-mail from them that said that I had to enter my personal address and phone number. I'm really uncomfortable with that idea and I think it's silly that that's a requirement when I'm not going to be using the certificate for a personal site. Is this just how it works when getting an SSL certificate, regardless of the provider?
|
|
#
?
Oct 6, 2015 19:03
|
|
|
Karthe posted:I'm not sure if this is a good place to ask this, but do all SSL certificate services require you to enter your personal information even if the cert is intended for your employer? A friend pointed me to StartSSL for their free tier 1 certificates. I tried registering with our business address but afterwards I received an e-mail from them that said that I had to enter my personal address and phone number. I'm really uncomfortable with that idea and I think it's silly that that's a requirement when I'm not going to be using the certificate for a personal site. no, most don't ask for anything at all startssl is not a businessey thing, they are basically meant for personal sites and playing around, do not use it for business
|
|
#
?
Oct 6, 2015 19:13
|
|
|
Biowarfare posted:no, most don't ask for anything at all What do you recommend for businesses? At my work we use thawte but it seems insanely overpriced.
|
|
#
?
Oct 6, 2015 19:35
|
|
|
fletcher posted:What do you recommend for businesses? At my work we use thawte but it seems insanely overpriced. I too am interested in this, as I will be needing to do this soon.
|
|
#
?
Oct 6, 2015 19:40
|
|
|
fletcher posted:What do you recommend for businesses? At my work we use thawte but it seems insanely overpriced. How will the certificate be used?
|
|
#
?
Oct 6, 2015 19:46
|
|
|
DarkLotus posted:How will the certificate be used? B2B application
|
|
#
?
Oct 6, 2015 20:02
|
|
|
DarkLotus posted:How will the certificate be used? In my case an API that internal mobile apps will use, but eventually partner companies will use.
|
|
#
?
Oct 6, 2015 20:28
|
|
|
Lumpy posted:In my case an API that internal mobile apps will use, but eventually partner companies will use. Honestly, I think you'd be fine with a RapidSSL or Comodo Essential SSL certificate for most applications. Some certificates offer better browser and client compatibility but some of that depends on how your server is configured. I have a Extended Validation certificate on my website because some people trust the green bar. I use essential wildcard certs, which are domain validated, on all other servers and services. An API call doesn't care what type of cert you have as long as it's valid unless you tell curl or whatever is making the call to ignore invalid certs. Some certs are just a status symbol. If you have a Symantec (formerly Verisign) cert, you are comfortable paying in excess of $1000 / year on a certificate which means you must really value security... Someone I trust more than others when it comes to security actually uses a RapidSSL certificate on his business site. I know this wasn't due to the cost but the fact that at the end of the day, a $10 / year SSL certificate does the same job as a $1000 / year SSL certificate. I'm not a cryptologist, so don't take my word for it.
|
|
#
?
Oct 6, 2015 20:59
|
|
|
I like the canvas/SVG thing LG have on Ars today,
|
|
#
?
Oct 7, 2015 02:39
|
|
|
I've been playing with it for the past 10 minutes while I should've been working. EDIT: To save anyone else having to rip it out of the code: How to make it: http://codepen.io/nikrowell/pen/BNdaKV Where it was used originally: http://labs.nikrowell.com/lightsandmotion/ultraviolet/ I really gotta figure out how to use Canvas drawing more. Mezzanine fucked around with this message at 03:55 on Oct 7, 2015 |
|
#
?
Oct 7, 2015 03:30
|
|
|
Willing to be corrected here (done a bunch of research and deployment on SSL lately but I wouldn't consider myself an expert) The quality of an SSL certificate authority has little to do with the encryption (which is mainly based upon your server configuration), but more the quality of their verification and internal security. Ideally the more expensive certificates justify their cost by: - having a more extensive validation procedure that verifies that the certificate signing request (the public counterpart to your private key) does indeed come from the controller of the domain. - having a good track record for not loving up with their root keys (which if revoked by browsers, will render your certificates worthless). - have a good interface for managing/approving/renewing your certificates. - brand recognition (which to be honest feels completely worthless, what average user clicks and checks who signed the SSL cert) Once you've made your choice, the next step is just to have correct configuration, which is pretty straightforward provided you use https://www.ssllabs.com to test your certificates. There are lots of common mistakes that will cap your grade, supporting vulnerable protocols, missing intermediate certs (some browsers will fetch them, but notably Android won't, which leaves you looking broken for them), so you should be able to work your way through any issues using that tester. Edit: as an aside, supposedly letsencrypt.org will be live in November, which will be free. Maluco Marinero fucked around with this message at 04:05 on Oct 7, 2015 |
|
#
?
Oct 7, 2015 03:33
|
|
|
The perfect-world Right Answer for an API is a self-signed CA cert that you pin in the app and use to sign your own certificates for the API. The point of the CA system is to verify that the owner of a cert legitimately represents the company/domain name/whatever that the cert specifies. But if you're writing an app targeting a particular API, you already know who the right owner is - you should really be asking them if a particular certificate is accurate, not some CA that basically just adds another attack vector. Of course, this falls apart a bit when you're writing an API for random third-party developers to use, since half of them are likely to just turn off certificate validation entirely if it doesn't Just Work. It's probably a good idea to get your intermediate CA cert signed by someone just to make it a bit more idiot-proof.
|
|
#
?
Oct 7, 2015 07:38
|
|
|
What are people's thoughts on switching to https just for the SEO boost? Overkill for a small benefit? I guess a self-signed cert would work for that?
|
|
#
?
Oct 7, 2015 14:46
|
|
|
fuf posted:What are people's thoughts on switching to https just for the SEO boost? Overkill for a small benefit? I guess a self-signed cert would work for that? I don't think you can use a self-signed cert for that. Plus, if you do everyone will see a warning whenever they try to view your site. We switched Lawyerist.com to https in November of last year. Our organic Google traffic did increase afterward, although a few months ago it dropped back basically to where it was before we switched. However, it's quite possible the more recent drop is due to something else entirely.
|
|
#
?
Oct 7, 2015 15:35
|
|
|
samglover posted:I don't think you can use a self-signed cert for that. Plus, if you do everyone will see a warning whenever they try to view your site. Thanks. I have vague plans to start offering HTTPS to hosting clients and marketing it as an SEO thing. More SEO chat: is there a better website than woorank.com for scanning a site and flagging up all the relevant SEO stuff?
|
|
#
?
Oct 9, 2015 11:10
|
|
|
I might be getting an interview this week!  Last Monday I drove to Austin for an interview with an agency that's going to represent me in the city. It went very smoothly; the lady told me that I was much better equipped than most of the 'millenial' candidates out there, and we decided to market myself as a Web Designer or UI designer. Even though I had been studying Web Development for the better part of this year, it was just too much for me to take in once I got to things like AJAX and working with API. However, on Wednesday around 5-ish I get a call from a guy at an agency stationed in Houston who found my resume on Linked-In. He found a Web Developer entry-level position where I fit the criteria, wanted to know if I had any interest in it. Like stated above, I was kinda burned out on Web Development and needed to step back from it, but the requirements for this gig were real simple; only HTML/CSS/JavaScript needed, and for the most part i'm simply slicing up PSDs and implementing them into WordPress site files. So I gave it a bit of thought, called him up on Friday morning and told him I wanted to pursue it. This literally fell out of nowhere, especially since the only place I had applied to was in Dallas and Austin. So things can go two ways here; I could get an interview this week for a Front-End Developer to start working part-time at 30 hours a week making between $25/30, or something could come up for a Web Designer/UI position in either Austin or Dallas since the hiring window is in full swing this month. I mean the worst-case scenario is nothing happens this month, but i'm optimistic! I really hope something comes my way soon, i've been waiting forever to get my foot in the door 
White Light fucked around with this message at 23:35 on Oct 11, 2015 |
|
#
?
Oct 11, 2015 23:33
|
|
|
UK goons, what are the Data Protection implications, if any, of attaching uploaded CV files to emails and sending them? Clicking on a link in an email is to hard for my client and they want the files directly, I'm wondering if there are any DPA problems with that at all.
|
|
#
?
Oct 13, 2015 17:45
|
|
|
nexus6 posted:UK goons, what are the Data Protection implications, if any, of attaching uploaded CV files to emails and sending them? Clicking on a link in an email is to hard for my client and they want the files directly, I'm wondering if there are any DPA problems with that at all. DPA just says that data has to be "reasonably secure". When I looked into this about a year ago there was some debate about whether this meant encrypted or not. I think the general consensus was that it doesn't need to be encrypted in the DB / on the server, but that it should be in transit. Can you encrypt the attachments? Then you'd definitely be safe. Although in all honesty it's very unlikely you'd ever be called out for just sending them in the clear. I was working at a company recently and found a directory containing about 50 applicant CVs that was visible from the web and had been for ages. They were like "what's the big deal?" haha
|
|
#
?
Oct 13, 2015 18:13
|
|
|
So after being tasked with building lots of tiny sites at work for the past year, I just used flexbox on loving everything, and it turns out nobody noticed due to the sites being generally unimportant to the company as a whole + I assume my CSS PRs were not really being read. And I they all definitely work, users v happy etc. Then I rewrote the junior developer's horrible horrible CSS today, and they loving nixed a series of PRs because flexbox was used, which is quote too complicated. So I have to lay out about 10 admin views all with different complex forms, how the gently caress are you supposed do it without flex? I think all my skills related to stupid layout hacks have atrophied, at the minute I've just given up and used table layouts for every one, which I feel is somehow maybe a bad thing</rant>
|
|
#
?
Oct 13, 2015 22:19
|
|
|
RobertKerans posted:So I have to lay out about 10 admin views all with different complex forms, how the gently caress are you supposed do it without flex? I think all my skills related to stupid layout hacks have atrophied, at the minute I've just given up and used table layouts for every one, which I feel is somehow maybe a bad thing</rant> Um, with floats or positioning? I don't know if I'd really call those "hacks" they're just "how we coded things before flexbox happened." What is so complex about these forms that you just had to use flexbox? Got a wireframe or something you could share?
|
|
#
?
Oct 13, 2015 23:14
|
|
|
kedo posted:Um, with floats or positioning? I don't know if I'd really call those "hacks" they're just "how we coded things before flexbox happened." What is so complex about these forms that you just had to use flexbox? Got a wireframe or something you could share? Ach, I think I'm just sick of writing 10× the amount of markup to do the same thing: each view is different, with on average 10-15 mixed, often nested fields that need to be fully responsive, and what took me half an hour with very minimal markup is now taking me well into the night with various wrappers and a mix of floats, media queries, table display and inline block. I think I'm just a bit flabbergasted that it took me this much effort to do stuff a year ago. Ugh, and the vertical positioning, always the sodding vertical positioning
|
|
#
?
Oct 13, 2015 23:40
|
|
|
RobertKerans posted:Ach, I think I'm just sick of writing 10× the amount of markup to do the same thing: each view is different, with on average 10-15 mixed, often nested fields that need to be fully responsive, and what took me half an hour with very minimal markup is now taking me well into the night with various wrappers and a mix of floats, media queries, table display and inline block. I think I'm just a bit flabbergasted that it took me this much effort to do stuff a year ago. Ugh, and the vertical positioning, always the sodding vertical positioning The sooner all this goes away for Flexbox and Grid, the better. Also, just use Susy next time or something.
|
|
#
?
Oct 14, 2015 03:45
|
|
|
Are the auto-scaling capabilities of AWS Elastic Beanstalk a good argument for not separating out long-running processes from web server threads?
|
|
#
?
Oct 14, 2015 05:14
|
|
|
Anyone else affected by this? http://www.telegraph.co.uk/technology/internet/11922237/How-America-lost-the-right-to-hold-your-data.html It's now technically illegal to store European user data ("personally identifiable information") on servers in America? Seems implausible.
|
|
#
?
Oct 14, 2015 18:54
|
|
|
Regarding the above: how can I figure out which London datacentre OneProvider (http://oneprovider.com/ , part of https://gobsn.net) is using for their servers? I want to provide a postal address for a server I have with them but I can't find any info beyond references to "our location in London". Do companies intentionally try and keep that kind of info obscure or something?
|
|
#
?
Oct 14, 2015 19:36
|
|
|
fuf posted:Regarding the above: how can I figure out which London datacentre OneProvider (http://oneprovider.com/ , part of https://gobsn.net) is using for their servers? I'm pretty sure the location of the server is only part of the issue. Where a company does business is the address that matters. Also, for service providers, the customer chooses to store their information with you in exchange for the services being paid for. It's a bit different than facebook's personal information data warehouses all over the US.
|
|
#
?
Oct 14, 2015 19:40
|
|
|
DarkLotus posted:I'm pretty sure the location of the server is only part of the issue. Where a company does business is the address that matters. I dunno I'm probably misunderstanding something but it literally sounds like if you're a company that has European customers then you can't store any PII about those customers outside of Europe. I mean I'm sure none of this is a big deal but some people are claiming it is: https://www.wordfence.com/blog/2015/10/european-data-on-usa-servers-safe-harbor/
|
|
#
?
Oct 14, 2015 20:34
|
|
|
fuf posted:I dunno I'm probably misunderstanding something but it literally sounds like if you're a company that has European customers then you can't store any PII about those customers outside of Europe. That would mean that no EU person could do any kind of business with any company outside of Europe which is just retarded. I'm still looking into this change and haven't determined the impact on Lithium yet.
|
|
#
?
Oct 14, 2015 20:46
|
|
|
fuf posted:Regarding the above: how can I figure out which London datacentre OneProvider (http://oneprovider.com/ , part of https://gobsn.net) is using for their servers? oneprovider is basically just a reseller + markup, which might be why they don't like to out all of the dc info
|
|
#
?
Oct 15, 2015 02:35
|
|
|
One of our clients, with whom we have been working for the better part of a year, has a Drupal 6 site. From the start I've been suggesting moving to Drupal 7 especially since D6 is no longer supported but they've been quite resistant to upgrading, preferring instead to get us to implement quick fixes but all the while saying this would eventually lead up to a full upgrade/redesign. As time went by I became more and more skeptical of them going for an upgrade. We just got an email that they've decided to go with another CMS instead and, since we're not a .net shop, will be seeking new developers. I kinda glad I don't have to work on that awful site anymore but also annoyed that they really have been stringing us along.
|
|
#
?
Oct 15, 2015 16:17
|
|
|
nexus6 posted:One of our clients, with whom we have been working for the better part of a year, has a Drupal 6 site. From the start I've been suggesting moving to Drupal 7 especially since D6 is no longer supported but they've been quite resistant to upgrading, preferring instead to get us to implement quick fixes but all the while saying this would eventually lead up to a full upgrade/redesign. As time went by I became more and more skeptical of them going for an upgrade. Don't worry, they'll be back when they realize the .NET shop is stringing them along.
|
|
#
?
Oct 15, 2015 16:26
|
|
|
Does anyone have any experience with Fine Uploader (http://fineuploader.com/) for fairly large file uploads (gigabyte+)?
|
|
#
?
Oct 15, 2015 16:41
|
|
|
nexus6 posted:We just got an email that they've decided to go with another CMS instead and, since we're not a .net shop, will be seeking new developers. Also you can say you want to do your due-diligence in your support, so if they need any consultation for the migration, hand-over to the new company or anything like that. As you're the authority on their site, they can get in touch and you'd be happy to run over the details. I mean it'd still be fixed-rate stuff, but if the new company need it then you've no problem making their lives easier so they can get up and running as fast as possible. Depending on how savvy they are, you can also drop in some free advice. "Oh, XYCMS? I haven't heard of that one. From Joe's .NET Sweatshop? Yeah, I don't know them either. Well, just make sure you get a demo of the CMS before you pay them anything and make sure it can do all the things and has the features you want it to. You know, get a proposal in writing and all that, just so you've got something that explicitly details what they should be giving you. Nothing major, just a bit of a safety blanket when you're getting something built for you, otherwise who knows what you'll end up with! You guys have been good to me, so I just want to make sure you end up alright. and yeah, if you need anything - old site, new site, new project - you can feel free to call." Oddly, the dickiest-bags of clients are the ones who tend to get screwed over by rogue companies the most. They're the ones you can get back by just being the last courteous non-rear end in a top hat who knew what you were talking about.
|
|
#
?
Oct 15, 2015 23:19
|
|
|
v1nce posted:Oddly, the dickiest-bags of clients are the ones who tend to get screwed over by rogue companies the most. They're the ones you can get back by just being the last courteous non-rear end in a top hat who knew what you were talking about. Assuming you want dicky clients! I agree about offering some free advice as it's always better to leave people with a good taste in their mouth, but really it sounds like you dodged a bullet, nexus6.
|
|
#
?
Oct 15, 2015 23:38
|
|
|
Yeah, they've decided to move to Umbraco but we've no idea why. I can't even think of any sites that use it. We're going to get in touch and say obviously we're disappointed in their decision and we'd encourage them to make sure Umbraco meets all their requirements. Since we don't know what led to this decision we'll include a laundry list of reasons we recommend D7 over other solutions. I think they've been charmed my some Microsoft vendor because I really don't think they know what they are talking about, 'issues we've been having with php' for example. All the issues they 've had with their POS site have been the rear end-backwards way it was implemented by whoever's nephew they hired to build it. A quick example, there is a sidebar search from with multiple filters but all it really does is throw every form value into a keyword search.
|
|
#
?
Oct 16, 2015 13:02
|
|
|
nexus6 posted:Yeah, they've decided to move to Umbraco but we've no idea why. I can't even think of any sites that use it. A friend did some pro-bono work over the course of a few years for a non-profit including purchasing domains/hosting, setting up a blog/CMS, & training them how to use the blog/CMS. He emailed them a few months back saying that he cannot perform any work for them anymore, due to work obligations/etc but he's happy to help them find a replacement if need be. He didn't hear back from them and assumed they were happy with finding a replacement themselves, and he's only just found out that they've been badmouthing him (to other non-profits, industry, etc) because some other vendor swooped in and told them that this friend was ripping them off, snooping through their email because he has access to everything and a whole bunch of other bullshit. It's crazy what people will do for a buck.
|
|
#
?
Oct 16, 2015 22:03
|
|
|
|
| # ? May 16, 2024 13:31 |
|
|
Odette posted:He didn't hear back from them and assumed they were happy with finding a replacement themselves, and he's only just found out that they've been badmouthing him (to other non-profits, industry, etc) because some other vendor swooped in and told them that this friend was ripping them off, snooping through their email because he has access to everything and a whole bunch of other bullshit. That sucks, why would you badmouth somebody who worked for free? If they do decide to go with Umbraco I eagerly await the day they come back asking us to replace that instead. Given the state of some of the CMS's I've seen I think it would blow some people's minds when they see something like this. Hell, some are still using IE8.
|
|
#
?
Oct 16, 2015 22:16
|
|