|
TacoHavoc posted:I need help with SSL and certificates. I have googled the poo poo out of this and I still feel so lost. Are you communicating with the device through a browser, or through an app? Self signing should be fine if you have a dedicated app since you can simply trust yourself and don't have to make the end user figure out how to make their browser (a separate app you don't own) trust the cert.
|
# ? Oct 21, 2015 18:15 |
|
|
# ? Jun 8, 2024 06:48 |
|
Thanks for the help guys.Jabor posted:Some questions to think about : It's a bullet point on a spec sheet, plus customer paranoia. Jabor posted:- Is it okay if someone who has physical access to the product can intercept and read all the connections being made to it? If the device can be physically accessed I consider it fully compromised. This is not on my list of stuff I'm concerned about. Jabor posted:- Is this a product that will be set up by sysadmins, or by random consumers? Not just random consumers...poorly trained technicians with a very low computer literacy level. Jabor posted:- How are people connecting to these things to set them up in the first place? Straight HTTP. HTTPS is an option for customers that would like to use it. Jabor posted:- Do people need to be able to connect through web browsers, or is it just going through your app? ExcessBLarg! posted:Self-signed CA certificates are fine, you just have to manually add them to the client browsers and applications. The point of purchasing certificates is that the corresponding CA cert is already included in browsers, so you don't have to do any manual setup on the client. So the followup stupid question is how do I handle this, with a device that's likely placed on an internal network where the hostname of the owning network will never be the same? Again, I really appreciate the help even if it's only a nudge in the right direction.
|
# ? Oct 21, 2015 21:11 |
|
TacoHavoc posted:how do I handle this, with a device that's likely placed on an internal network where the hostname of the owning network will never be the same?[ How does your app currently "discover" the devices once they're installed?
|
# ? Oct 21, 2015 23:18 |
|
If you're only doing it in order to check a metaphorical box (rather than trying to achieve a well-defined security goal), you probably want to pay a security person to check that box for you rather than doing it yourself. Importantly, they'll be able to justify their ticking of that box, instead of saying something like "some randos on an internet message board said this was secure".
|
# ? Oct 22, 2015 00:10 |
|
TacoHavoc, you say that people are going to be connecting through an app, but is the app going to be accessing the device only from within the local network or remotely? If remotely, is there a centralized service that the app is going to use to access the device? In other words, does the user actually need authenticate the device directly, or does the user just need to access a central single server that can then authenticate the device? (This is the standard solution in consumer-oriented networked appliances, but you probably don't want to use this approach if you don't have to.) Otherwise, how does the app find the device? By manually entering an IP? By some sort of discovery protocol? mystes fucked around with this message at 13:36 on Oct 25, 2015 |
# ? Oct 25, 2015 13:30 |
|
A recruiter suggested doing some exercises on topcoder.com to prepare for their technical interview. I just spent about an hour and a half on a single exercise and still couldn't quite get it, so now I feel like I can't code my way out of a paper bag. Is that somewhat expected? If not, is there something similar that's nicer?
|
# ? Oct 25, 2015 20:30 |
|
hooah posted:A recruiter suggested doing some exercises on topcoder.com to prepare for their technical interview. I just spent about an hour and a half on a single exercise and still couldn't quite get it, so now I feel like I can't code my way out of a paper bag. Is that somewhat expected? If not, is there something similar that's nicer? What was the question, and what was your approach.
|
# ? Oct 25, 2015 20:33 |
|
fritz posted:What was the question, and what was your approach. The question was to decode binary strings. The strings were originally encoded by adding adjacent values to the index value, so "10110" would encode to "22221". In the examples, they explained that you had to either assume the decoded string started with a 0 and work from there or a 1; you had to return both possibilities in a tuple (for Python anyway). Here's my Python code: Python code:
|
# ? Oct 25, 2015 20:55 |
|
hooah posted:The question was to decode binary strings. The strings were originally encoded by adding adjacent values to the index value, so "10110" would encode to "22221". In the examples, they explained that you had to either assume the decoded string started with a 0 and work from there or a 1; you had to return both possibilities in a tuple (for Python anyway). Shouldn't that example be 12221?
|
# ? Oct 25, 2015 21:04 |
|
Jsor posted:Shouldn't that example be 12221? Not according to them:
|
# ? Oct 25, 2015 21:52 |
|
Those aren't the same examples.
|
# ? Oct 25, 2015 21:59 |
|
I have no idea what's even going on there.
|
# ? Oct 25, 2015 22:01 |
|
Jsor posted:Those aren't the same examples. Whoops, you're right.
|
# ? Oct 25, 2015 22:34 |
|
hooah posted:The question was to decode binary strings. The strings were originally encoded by adding adjacent values to the index value, so "10110" would encode to "22221". In the examples, they explained that you had to either assume the decoded string started with a 0 and work from there or a 1; you had to return both possibilities in a tuple (for Python anyway). As a simple example to demonstrate what you're missing, consider the input test case "7". Your program will return ("0", "1") in this case when obviously it should return ("NONE", "NONE"). Can you see why, and what you need to check in order to cover this case? Incidentally I think there's a good chance you should be returning the special value None in those cases, not the string "NONE".
|
# ? Oct 26, 2015 14:52 |
|
Where do I access and change what info is included in the bottom status bar of Sublime Text 3? The one with the column and row info is currently showing a lot of extraneous Git info, because I installed the package, and it only adds clutter. EDIT: I’ll keep it to the package settings for now.
|
# ? Oct 26, 2015 15:49 |
|
This is more of a general UI/UX question: do users have a clue about right-click context menus these days? I know that 10-15 years ago the conventional wisdom was basically Do Not Use if you wanted your program to be remotely accessible because a significant portion of the (non-computer-savvy) user base just didn't understand why their mice had multiple buttons. Has that changed any? I mean, obviously people who have a strong background in computers know about right-click context menus and multi-button mice; that's been a thing since the 80's at least. But I'm trying to design a UI for a fairly complicated program, and I feel like putting things behind context menus would basically end up "hiding" them and make them inaccessible. I mean, there's the secondary issue of figuring out how to notify the user "hey, you can right-click here" (which I also still need to figure out), but that's assuming the user knows how right-clicking works in the first place. How much can I assume of my user base? For reference, said user base is largely composed of biology scientists and other scientific academics. I've learned that doesn't always mean as much tech-savviness as you'd like, though. Or rather, they're plenty savvy with their tech. I'd probably end up turning myself into some kind of lizard man if I tried to use their DNA profilers; they'd accidentally create Skynet if you handed them an IDE.
|
# ? Oct 26, 2015 18:26 |
TooMuchAbstraction posted:right-click menus This isn't based off any research, but I'd say stick to the old wisdom, for new reasons: Context menus are okay, but never as the sole way to access a command. Make them shortcut menus for the most useful interactions on some UI object, but still allow the user to do the same thing in a more roundabout way. Consider whether you might have users on a mostly-touch input system, those won't have a right click. Consider users with laptops with bad touchpads, using right click might not be comfortable there. Consider if some users prefer to use the software with only keyboard, keyboards don't have a RMB. It's (almost) never wrong to put in a context menu, just make sure its content is relevant, not too irrelevant, and the menu itself is not unavoidable. But it's probably still a bit of a power-user thing. The users I talk to daily tend to know what I mean by right-clicking, but don't always seem like it would be something they'd think of themselves.
|
|
# ? Oct 26, 2015 18:56 |
|
I'm getting two different results for the validity of email addresses in Polymer and PHP. Google's Polymer validates email addresses without extensions as true (i.e. email@email). Do email addresses without extensions exist, and I just never realized it? PHP returns false with filter_var("email@email", FILTER_VALIDATE_EMAIL).
LP0 ON FIRE fucked around with this message at 21:54 on Oct 26, 2015 |
# ? Oct 26, 2015 21:42 |
|
LP0 ON FIRE posted:I'm getting two different results for the validity of email addresses, which makes me feel not up to the times. Google's Polymer validates email addresses without extensions as true (i.e. email@email). Do email addresses without extensions exist, and I have just never realized it? PHP returns false with filter_var("email@email", FILTER_VALIDATE_EMAIL). I think it could be valid, but only for email for a TLD, so it is unlikely to actually be real for a typical user (or maybe at all). For example, email@com could be a valid email to someone working for whoever is in charge of the .com TLD. https://tools.ietf.org/html/rfc7085 seems to show that there are MX records for some of the TLDs. e: I wouldn't trust PHP to be definitive for anything taqueso fucked around with this message at 21:58 on Oct 26, 2015 |
# ? Oct 26, 2015 21:50 |
LP0 ON FIRE posted:I'm getting two different results for the validity of email addresses in Polymer and PHP. Google's Polymer validates email addresses without extensions as true (i.e. email@email). Do email addresses without extensions exist, and I just never realized it? PHP returns false with filter_var("email@email", FILTER_VALIDATE_EMAIL). Consider the difference between formally valid and actually valid. A formally valid internet email address has a recipient and a domain name, separated by an @-sign. A domain name can certainly have just one part, i.e. no dots. And the rules for account/recipient names are rather complex. Google's tool tells you the address is formally valid. It isn't entirely possible to check for actual validity without actually sending a mail and getting a response to the sent mail. But you can try doing a DNS lookup on the domain name part to check if it has any MX records.
|
|
# ? Oct 26, 2015 22:03 |
|
The thing after the @ doesn't have to be a domain name. It can also be an IP address, or a hostname on the local network. SMTP does kinda predate DNS.
|
# ? Oct 26, 2015 22:07 |
|
Thank you for your input. I will see about any alternative PHP email validation. I really like Polymer's auto-validation, but of course I have to check it again before it reaches the database.
|
# ? Oct 26, 2015 22:08 |
|
postmaster@localhost, and many other examples.
|
# ? Oct 26, 2015 22:58 |
|
nielsm posted:This isn't based off any research, but I'd say stick to the old wisdom, for new reasons: Context menus are okay, but never as the sole way to access a command. Make them shortcut menus for the most useful interactions on some UI object, but still allow the user to do the same thing in a more roundabout way. Thanks for the advice. I guess my main worry is that my coworker keeps suggesting we just put things into a context menu that aren't super-vital but are nice to have (like extra customization for controls), and I worry that users are going to think our UI is clunky because they don't know how to make it fit their needs. On the other hand, trying to fit everything in so it's visible without context menus, without also making a horribly cluttered UI, is a very difficult problem.
|
# ? Oct 26, 2015 23:05 |
|
LP0 ON FIRE posted:Thank you for your input. I will see about any alternative PHP email validation. I really like Polymer's auto-validation, but of course I have to check it again before it reaches the database. Have you considered not validating email address, or if you must, doing so by sending email to them? If I had a post in the coding horrors thread for every lovely website that rejects working email addresses because their address validator is garbage, I'd account for most of that thread and probably also be banned for spamming.
|
# ? Oct 27, 2015 16:43 |
This isn't so much of a programming question as one related to programmers looking for jobs, but I can't find a good thread for this and didn't want to start a new thread just for this. I have on a few occasions had to put out job ads looking for entry level developers. For some reason, despite listing the position as entry level and advertising the salary as the bare minimum for hiring new grads or self taught dudes, I always get a ton of extremely overqualified candidates applying to the jobs. I'm talking people who should be applying to positions making 6 figures, sometimes even mentioning salary requirements as such in their cover letters. I typically don't even reply to these applications, as it seems like a waste of time when my boss tells me things like "40k tops, try for less". I kind of assume these guys just plug a couple of their qualifications into indeed and apply to every single job that comes up without reading the ad. They typically have very non-specific cover letters too. Outlining their abilities, but not necessarily related to the job they are apply to. Anyone else have something like this happen to them? Is this normal? Am I wrong to dismiss these candidates right away? It just seems crazy to me that these guys even apply to entry level jobs when I can plug in the same general requirements and get 100+ jobs better fitting their qualifications in the area.
|
|
# ? Oct 27, 2015 18:26 |
|
ToxicFrog posted:Have you considered not validating email address, or if you must, doing so by sending email to them? They activate their account by visiting a unique URL and setting a password. When I was talking about validating, I was referring to an administrator creating an account that tells them if the email is valid or not as they type it (JavaScript + PHP), and then again checking that email string on the server (PHP) before it gets inserted into the database.
|
# ? Oct 27, 2015 23:38 |
|
mystes posted:TacoHavoc, you say that people are going to be connecting through an app, but is the app going to be accessing the device only from within the local network or remotely? If remotely, is there a centralized service that the app is going to use to access the device? In other words, does the user actually need authenticate the device directly, or does the user just need to access a central single server that can then authenticate the device? (This is the standard solution in consumer-oriented networked appliances, but you probably don't want to use this approach if you don't have to.) Usually from within the local network. Sometimes remotely. The app finds the device by IP. I realize how stupid this all sounds, but based on the mix of situations this product is expected to work in (potentially unconnected to the internet, absolutely operated by the technically inept, across a variety of platforms), it just seems like there aren't a lot of good answers to a lot of the system architecture questions.
|
# ? Oct 27, 2015 23:45 |
|
wilderthanmild posted:I typically don't even reply to these applications, as it seems like a waste of time when my boss tells me things like "40k tops, try for less". I'm not sure where exactly you live, but I live in Detroit and have less than a 3.0 GPA and have been fielding entry-level offers from $60k-$70k and I haven't even graduated yet, so that's probably what the applicants are expecting
|
# ? Oct 28, 2015 01:23 |
|
Tusen Takk posted:I'm not sure where exactly you live, but I live in Detroit and have less than a 3.0 GPA and have been fielding entry-level offers from $60k-$70k and I haven't even graduated yet, so that's probably what the applicants are expecting Seriously. I'm in Wisconsin and fresh grads start at 90k here. If you want programmers for 40k you might try outsourcing to India or something.
|
# ? Oct 28, 2015 02:01 |
|
wilderthanmild posted:my boss tells me things like "40k tops, try for less". Unless by "programmer" you mean can write an Excel formula, you're not going to get very far for 40k. Other people have posted to this effect, but I think you're way underestimating what an entry level developer makes. wilderthanmild posted:I kind of assume these guys just plug a couple of their qualifications into indeed and apply to every single job that comes up without reading the ad. They typically have very non-specific cover letters too. Outlining their abilities, but not necessarily related to the job they are apply to. Why would you assume this? Are you including "40k tops" in the postings? If you did, I suspect you'd get a lot fewer applicants.
|
# ? Oct 28, 2015 02:23 |
|
40k will net you a creative type that does programming in their spare time and might have an aptitude for learning.
|
# ? Oct 28, 2015 03:05 |
Blinkz0rz posted:40k will net you a creative type that does programming in their spare time and might have an aptitude for learning. See this is generally my reaction to it. For that number we are either going to get someone desperate or severely lacking. I didn't set that number myself, it's my bosses number he got basically from getting what seems to be the average in the area looking at the bigger employers of programmers. He then rounds down of course and expects me to find decent candidates at that price, because a number a few thousand below the lowest number he found will of course bring in tons of qualified applicants. It's not that crazy considering I frequently see ads advertising similar positions for 40 to 50k here and glassdoor seems to confirm that many of the bigger employers in the area are paying mid 40's to low 50's for junior/entry level type programming positions here. Low cost of living goes a long way. That still puts that 40k well below average though, but once again my boss doesn't understand that. Blinkz0rz posted:40k will net you a creative type that does programming in their spare time and might have an aptitude for learning. See, that's the thing we got lucky with one of those before. A guy that managed to do well enough for having no background in it, but a good amount of "hobby" type experience and did it for cheap. LeftistMuslimObama posted:Seriously. I'm in Wisconsin and fresh grads start at 90k here. If you want programmers for 40k you might try outsourcing to India or something. 40k "tops" is very low, yes, but this is either trolling or you're using absolute cream of the crop for your example. Using payscale and other similar websites this would seem to be the tippy top for entry level. KernelSlanders posted:Why would you assume this? Are you including "40k tops" in the postings? If you did, I suspect you'd get a lot fewer applicants. I haven't checked the most recent one yet and didn't post it myself since my boss requires all job postings go out through one person, but last time 40k was explicitly mentioned in the ad and we still got a lot of applications from people who could get way way way better.
|
|
# ? Oct 28, 2015 04:02 |
|
Websites like that generally have deflated numbers and that's before taking into account that they're necessarily out of date.
|
# ? Oct 28, 2015 04:19 |
|
wilderthanmild posted:See this is generally my reaction to it. For that number we are either going to get someone desperate or severely lacking. I didn't set that number myself, it's my bosses number he got basically from getting what seems to be the average in the area looking at the bigger employers of programmers. He then rounds down of course and expects me to find decent candidates at that price, because a number a few thousand below the lowest number he found will of course bring in tons of qualified applicants. I'm not trolling. Fresh graduate programmers at my company get 90k. We have nearly 3000 programmers in a 10k person company, and I guarantee you the cost of living here is as good as wherever you are. Unless you're hiring for some ancient skills et where desperate out of work rails developers are willing to take whatever they can get, you're not going to get a proper developer at that price. You could maybe get a math major who learned Matlab or something and is eager to learn, but people with cs degrees have better options generally. Edit: these applicants probably think your ad is just lowballing and they're trying to negotiate you up.
|
# ? Oct 28, 2015 04:23 |
|
My offers were from GM, Ford, and a few software companies Like, obviously you can disregard the $130k starter salaries from SV but bleeding Christ I think even web developer make more than $40k/yr
|
# ? Oct 28, 2015 04:29 |
|
Tusen Takk posted:My offers were from GM, Ford, and a few software companies My buddy went to a "programming bootcamp" in nashville and came out with a 65k job doing rails poo poo out there.
|
# ? Oct 28, 2015 05:26 |
|
wilderthanmild posted:This isn't so much of a programming question as one related to programmers looking for jobs, but I can't find a good thread for this and didn't want to start a new thread just for this. I have on a few occasions had to put out job ads looking for entry level developers. For some reason, despite listing the position as entry level and advertising the salary as the bare minimum for hiring new grads or self taught dudes, I always get a ton of extremely overqualified candidates applying to the jobs. I'm talking people who should be applying to positions making 6 figures, sometimes even mentioning salary requirements as such in their cover letters. I typically don't even reply to these applications, as it seems like a waste of time when my boss tells me things like "40k tops, try for less". You can probably discard the candidates who provide cover letters with the wrong salary out of hand. You might end up with some candidates who, while not terrible, are also not that great and thus might be applying to literally anything because they're not getting hired. For 40k, caveat employer, but you might get lucky with someone who is just desperate enough to take it and is also not awful. Look for candidates with a gap in their resume between now and their last job, you might get lucky enough to get someone trying to get back on their feet.
|
# ? Oct 28, 2015 06:09 |
|
Blinkz0rz posted:40k will net you a creative type that does programming in their spare time and might have an aptitude for learning. Thanks! Senior Devs where i work earn around £35K ($48k) Graduates get about £20k ($30k) and this is a much sought after dev position (working in the space and Defence industry)
|
# ? Oct 28, 2015 08:11 |
|
|
# ? Jun 8, 2024 06:48 |
|
TheresaJayne posted:Thanks! The UK economy is not directly comparable to the US economy.
|
# ? Oct 28, 2015 13:44 |