|
Just-In-Timeberlake posted:I have literally have had to deal with this bullshit because some of our customers need to be electronically invoiced using this loving graybeard poo poo that they've got running on some ancient loving system and all I can say about that is anybody still using this poo poo can solidly go.gently caress.themselves. I just wanna say gently caress all these companies that demand to be invoiced a certain way. You owe me money. If I didn't pay my power bill and then told them "oh you didn't send me the bill in the very special way that I like" they'd laugh at me and then turn my lights off.
|
#
?
Mar 8, 2022 06:51
|
|
|
|
| # ? May 20, 2024 10:40 |
|
|
Data Graham posted:That could be a representation of literally any data. It's a CTF thing at work. The name of the task is "double encryption". VVV: Yup. We figured it out, somehow. uncle blog fucked around with this message at 20:29 on Mar 8, 2022 |
|
#
?
Mar 8, 2022 09:16
|
|
|
uncle blog posted:It's a CTF thing at work. The name of the task is "double encryption". So that string is the entirety of the data? Do you get any other clues about what it might be? Because without any such information there is no way to know what the hell it is or how to decode it other than "try every algorithm known to man"
|
|
#
?
Mar 8, 2022 12:39
|
|
|
prom candy posted:I just wanna say gently caress all these companies that demand to be invoiced a certain way. You owe me money. If I didn't pay my power bill and then told them "oh you didn't send me the bill in the very special way that I like" they'd laugh at me and then turn my lights off. Unfortunately management does not share my "the customer is always an rear end in a top hat" belief.
|
|
#
?
Mar 8, 2022 13:25
|
|
|
Just-In-Timeberlake posted:Unfortunately management does not share my "the customer is always an rear end in a top hat" belief. Same 
|
|
#
?
Mar 8, 2022 15:02
|
|
|
I asked some advice a few pages back on how to create a website with a calculator of sorts and got some good answers. Although it is still a work in progress here is the current result: https://www.csgo-odds-calculator.com/ Any and all feedback is welcome. I used Webflow to get the looks. It worked okay but seemed a bit limited overall. No tables for example. Still better than just writing html to a notepad. Is there anything similar out there? I have a couple of questions though. When can I except the site to be able to be found on google? Is there something I can do to make it happen faster? I've read some articles on search engine optimization but its hard to judge if I should still change something. Also I tried to put adsense ads on the site just to test them out but it says they don't display ads on sites with no content or content of low value which I find deeply offending. What does that mean exactly?
|
|
#
?
Mar 10, 2022 21:15
|
|
|
Mursupitsku posted:I asked some advice a few pages back on how to create a website with a calculator of sorts and got some good answers. Although it is still a work in progress here is the current result: https://www.csgo-odds-calculator.com/ You should do some more reading about SEO as I can't easily tell what keywords that site is optimized for from the content. I am guessing its the phrase "CSGO odds calculator" from the URL and H! but theres very little SEO work done on that page. You need to build something people want to and easily can link to. After you read more about SEO, google SEO outreach campaign to get an idea about how to reach out to bloggers and what not to hopefully get your site linked to by them.
|
|
#
?
Mar 12, 2022 00:34
|
|
|
Has anyone used Plaid? I'd like to connect to my own accounts and dump my transactions into a custom budget program (yes I am aware of Mint and do not like it), and this looks like the only option. Is that right? It seems very company focused, though, and I don't wanna work with the sandbox if they're just gonna deny my upgrade to a live account cause I'm an individual...
|
|
#
?
Mar 12, 2022 16:34
|
|
|
Plaid is not very forthcoming with their pricing. I've considered doing something similar but with a web-scraper like Scrapy. Please report back with your findings.
Comatoast fucked around with this message at 19:54 on Mar 22, 2022 |
|
#
?
Mar 22, 2022 19:48
|
|
|
Comatoast posted:Plaid is not very forthcoming with their pricing. I've considered doing something similar but with a web-scraper like Scrapy. Please report back with your findings. They make it seem like it's free if you've got less that 100 accounts (users accounts or bank accounts? unclear), BUT like I said they're very oriented towards businesses so I dunno if I'm gonna be able to convert from the test sandbox account to the live data account. I should just email them or something but I've been busy with another project (and also trying to move)
|
|
#
?
Mar 22, 2022 20:00
|
|
|
How does JWT handle revocation? As a dumb example, let’s say my bank puts the balance into a token, I make a call to send money to my mom (which gives me a new token with the new balance) but then send the old token again with the old balance. Bank accounts are perhaps a dumb example but more generally the problem can be expressed as the ability to arbitrarily rewind to any previous JWT session state desired, so long as the token is still valid, which seems problematic. You could have a “revocation list” but if you’re hitting it with every request that’s just a session state server with extra steps.
|
|
#
?
Mar 22, 2022 20:02
|
|
|
Paul MaudDib posted:How does JWT handle revocation? As a dumb example, let’s say my bank puts the balance into a token, I make a call to send money to my mom (which gives me a new token with the new balance) but then send the old token again with the old balance. https://devops.com/how-to-revoke-json-web-tokens-jwts/
|
|
#
?
Mar 22, 2022 20:09
|
|
|
The problem I had with the whole refresh token thing is that you pretty much have to be using an SPA to manage token refresh, and it doesn't really solve the problem, just issues tokens with smaller lifetimes and constantly refreshes them. Another alternative is to use reference (opaque) tokens instead of JWT (e.g. https://leastprivilege.com/2015/11/25/reference-tokens-and-introspection/). This gives you full control over invalidating tokens and is less work for the client. However, this doesn't work in a federated auth context, and there may be performance implications in having to hit the db to get/validate the claims.
|
|
#
?
Mar 25, 2022 19:32
|
|
|
Paul MaudDib posted:How does JWT handle revocation? As a dumb example, let’s say my bank puts the balance into a token, I make a call to send money to my mom (which gives me a new token with the new balance) but then send the old token again with the old balance. Are you talking about a standard OAuth2/OpenID Connect workflow, or are you using JWTs in some other context? I think in general putting something important like account balance that could change at any point inside the JWT isn't really best practice. Typically you'd use the JWT just for auth state and some basic user data (for UI display purposes, like name, email, username etc). You'd get account balances via an API request (which would have the JWT attached so the API server can know which user is making the request and whether they are authed) as needed, which can ensure you're always working with an up-to-date balance. If the request fails due to the access token expiring, you use the refresh token to get a new access token and then just re-try the request (rather than being left with stale data to work with). Essentially you shouldn't put any business logic important data in the token, as that data could be stale before the token expires and therefore shouldn't be relied on (as you've pointed out). In terms of expiring refresh tokens (if that's what you're talking about in terms of revocation), that is something that hopefully your auth can be configured to handle (whether it be cloud based or some self hosted option like Keycloak). If you're rolling your own expiration, there are a few different common approaches, but I'm still rather new in terms of deep diving into auth/JWT details, so I'm not sure I should be making any recommendations. But long answer short in terms of "how does JWT handle revocation" is "it depends".
|
|
#
?
Mar 25, 2022 20:51
|
|
|
JWT has sometimes been presented to me as being a good idea for micro service approaches because it offloads the session store to something that isn’t stored in a single server instance. Obviously if you’re just getting the data from the DB every time that’s not a problem, but it also removes the advantage that JWT provided there. This is not something I have to worry about right now personally, and we are fully stateless at work anyway,I was just trying to think through the implications fully.
|
|
#
?
Mar 28, 2022 09:00
|
|
|
So I have two websites i've setup with static site generators (one with Jekyll and one with Hugo) both in concert with NetlifyCMS. I really like NetlifyCMS in that I can develop locally without too much setup, add content, then push to Github and it all gets deployed within a few minutes. That being said i'm a little worried about NetlifyCMS's long term prospects, it doesn't really seem like Netlify cares about it anymore. Is there an open source alternative that's comparable? The closest i've found is Strapi but it doesn't seem to have tons of support yet. There's a bunch of commercial options, but i'd really like to be able to self host if possible. Edit: Looks like sanity.io offers an open source version too. frogbs fucked around with this message at 05:44 on Mar 30, 2022 |
|
#
?
Mar 30, 2022 05:41
|
|
|
I want to implement a data store with the following properties: 1) All data in the store is public information and will have public read access 2) I want other people to be able to contribute data but I also want to check their work first 3) Each data object is around 1Kb and consists of 10 records 4) There will be less than 10,000 total objects, typically on the order of 1000 stored at any given time 4) I want to write a javascript frontend that displays different dissections of the data. Based on this I came up with the idea of using json and then having each object be a flat file in a github repository and then using git protocol to just have the browser download that poo poo and have the client do whatever operations. But the problem I'm running into is that I don't want to reimplement all of the features of SQL Is there a solution that provides joins, merges, or other operations? I have to imagine there are some range of plugins for json that try to do this, but I need some advice because I feel like there must be some very excellent way of doing this smartly. This is a hobby project nobody is ever going to use it so it doesn't have to be a GREAT solution, just passable.
|
|
#
?
Mar 31, 2022 05:31
|
|
|
Salt Fish posted:I don't want to reimplement all of the features of SQL Is there a solution that provides joins, merges, or other operations?
|
|
#
?
Mar 31, 2022 06:06
|
|
|
minato posted:Use SQLite in the browser: https://sql.js.org/#/ This is a great solution, the only problem is that it would complicate git based collaboration on the dataset. I would basically have to add a build step to take submissions and then build it into a database. Something like a cron that clones the repo, uses a csv or json objects to build the binary .sql file, and then commits that back to the repo? Is that a common practice or am I getting into the weeds with that approach?
|
|
#
?
Mar 31, 2022 16:14
|
|
|
Why not just use MongoDB
|
|
#
?
Mar 31, 2022 16:19
|
|
|
Salt Fish posted:This is a great solution, the only problem is that it would complicate git based collaboration on the dataset. I would basically have to add a build step to take submissions and then build it into a database. Something like a cron that clones the repo, uses a csv or json objects to build the binary .sql file, and then commits that back to the repo? Is that a common practice or am I getting into the weeds with that approach? No, none of this is common practice; but you have an unusual requirement that you want users to be able to submit modifications with your approval. The "normal" way of doing that would probably to write an app backed by a "proper" database, and your app would manage the access control for the users and let you visualize the queries. Another approach might be to use something like SmartSheets or Google Sheets. You'd have to have another mechanism for users to submit change requests, and it's kinda crude... but it also solves a bunch of problems. (You can do SQL-like queries from within Google Sheets, dunno about SmartSheets).
|
|
#
?
Mar 31, 2022 18:51
|
|
|
I am making an extremely simple html page that will contain links to a few PDF and XML files, and then also some links to external webpages. I am struggling to figure out a way to download the xml file when the link is clicked instead of opening it in a web browser. I tried used the download attribute, likecode:Thanks for any help, I haven't made a webpage in 15 years lol.
|
|
#
?
Apr 5, 2022 19:40
|
|
|
ascii genitals posted:I am making an extremely simple html page that will contain links to a few PDF and XML files, and then also some links to external webpages. I am struggling to figure out a way to download the xml file when the link is clicked instead of opening it in a web browser. I tried used the download attribute, like add a dummy parameter code:
|
|
#
?
Apr 5, 2022 19:48
|
|
|
Just-In-Timeberlake posted:add a dummy parameter Hmm that still seems to have the same issue. I used code:
|
|
#
?
Apr 5, 2022 20:20
|
|
|
ascii genitals posted:I am making an extremely simple html page that will contain links to a few PDF and XML files, and then also some links to external webpages. I am struggling to figure out a way to download the xml file when the link is clicked instead of opening it in a web browser. I tried used the download attribute, like You should be able to do it using blobs. I know this might sound cryptic, but you get a blob of the data and then using window.URL.createObjectURL you can send it off to an element and force it to click. You should be able to google some examples from this. You can do it inside a script tag depending on how simple we’re talking here. Is it just an HTML page?
|
|
#
?
Apr 6, 2022 03:12
|
|
|
ascii genitals posted:I am making an extremely simple html page that will contain links to a few PDF and XML files, and then also some links to external webpages. I am struggling to figure out a way to download the xml file when the link is clicked instead of opening it in a web browser. I tried used the download attribute, like It's just <a href="xyz" download>click me!</a>, but the download attribute will only work for same-origin links. So I could make a download-enabled link for forums.somethingawful.com/hello.jpg, but not example.com/hello.jpg or even www.somethingawful.com/hello.jpg If you control the external server, you can add the Content-Disposition: attachment header to the response and it will be treated as a download. There is no way to force downloads for external links you don't control. e: The same-origin check doesn't apply to blobs, so yes if you could make some script that fetches the file, blobbifies it and edits the link when it is clicked, that could work. fisting by many fucked around with this message at 03:25 on Apr 6, 2022 |
|
#
?
Apr 6, 2022 03:23
|
|
|
Thank you all! Much appreciated  . I think I'm actually going to just bypass this entirely by making it a zip. It is just a simple html page and it is going to live on a piece of equipment so that the end user can grab the files instead of making paper copies or some DVD to store like 5 MB of files. I was going to have to make it so the files all have a static filename in order to make the webpage simple -- but if I zip it instead we can keep the filenames unique to each piece of equipment but have the zip file have a static name.I am going to keep playing with it just cause I'm curious now, so thanks for the advice. ascii genitals fucked around with this message at 15:41 on Apr 6, 2022 |
|
#
?
Apr 6, 2022 15:38
|
|
|
If I'm using basic/bearer HTTP authorization headers, do I need to make sure I only do it over https? I feel like I can just look at the request headers and pluck out the info otherwise. That's what the random stuff I'm reading on the internet implies, I just want to make sure. Also, related, anyone have advice for forcing https only connections using sveltekit + heroku? vvv ok cool, thanks Cory Parsnipson fucked around with this message at 15:48 on Apr 7, 2022 |
|
#
?
Apr 7, 2022 09:36
|
|
|
Cory Parsnipson posted:If I'm using basic/bearer HTTP authorization headers, do I need to make sure I only do it over https? I feel like I can just look at the request headers and pluck out the info otherwise. That's what the random stuff I'm reading on the internet implies, I just want to make sure. If you're using anything at all, you need to make sure you only do it over https.
|
|
#
?
Apr 7, 2022 10:37
|
|
|
Im using Flask in Python, and I have a Python package called tabulate that can generate pretty tables from data. Is it worth trying to spin my own CSS grid solution if tabulate can spit out HTML tables that i can make look nice?
|
|
#
?
Apr 9, 2022 15:07
|
|
|
If reinventing the wheel gets you off who am I to criticize your kinks.
|
|
#
?
Apr 9, 2022 15:11
|
|
|
D34THROW posted:Im using Flask in Python, and I have a Python package called tabulate that can generate pretty tables from data. Is it worth trying to spin my own CSS grid solution if tabulate can spit out HTML tables that i can make look nice? If the data’s more easily understood in a table then leave it in a table. Better for semantics etc.
|
|
#
?
Apr 10, 2022 00:41
|
|
|
Wondering if any of you kind goons can take a look at my stack post and help me out with this CSS issue i'm having.  https://stackoverflow.com/questions/71831138/creating-responsive-slide-up-menu Thanks
|
|
#
?
Apr 11, 2022 17:34
|
|
|
I think this might be what you're looking for? https://jsfiddle.net/5xv6zb9a/ Instead of using a 'bottom' value I changed it to 'top' and used calc() to offset it by (roughly) the height of the button. And then on click I'm using translate to move the element.
|
|
#
?
Apr 11, 2022 18:10
|
|
|
Omg yes once again you rock. Only question is if there is anyway to remove that little bit of empty space on the bottom of the container.
|
|
#
?
Apr 11, 2022 18:14
|
|
|
That white space appears to be identical to the px value I'm using for the top calc() offset, so now I'm just using the same value again in a calc() in the translate: https://jsfiddle.net/df6mt5ka/ e: \/ np! 🕺 kedo fucked around with this message at 18:47 on Apr 11, 2022 |
|
#
?
Apr 11, 2022 18:44
|
|
|
You rock, thank you so much!
|
|
#
?
Apr 11, 2022 18:44
|
|
|
FastAPI docs noted about deny-listing the JTIs, some nuts want to go the allow-list route, which rather defeats the entire concept. A simpler approach is just to store the latest IAT of each subject JWT. Recycle the tokens and boom invalidate all existing ones.
|
|
#
?
Apr 14, 2022 13:49
|
|
|
Hey all, I have a question that i'm hoping super smart goons can assist with. I have a css grid container I use to have a image slider and some text on the right. I have everything working except for getting the image to actually stretch across the whole container.  How I have it set up is (trunicated): code:code:
|
|
#
?
Apr 26, 2022 14:56
|
|
|
|
| # ? May 20, 2024 10:40 |
|
|
worms butthole guy posted:Hey all, I have a question that i'm hoping super smart goons can assist with. So the DIV is the right size, but the img isn't? I think you want object-fit
|
|
#
?
Apr 26, 2022 16:20
|
|
