Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread
 
  • Post
  • Reply
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!
Here's a stupid git question that I just can't wrap my head around. I'm working on a project with one other developer at work, and we're using git. We have a remote master branch set up on a bare repository, and we each have a clone of it on our local machines. We each work in a branch off the master on our local machines as well. Assume these branches were started at the same master point. Now when we want to update the remote master, what is the right order of operations? Do we merge our branches with the local master and then push to the remote main one at a time, with the second guy pulling down the main changes from remote before he does his merge? Do we merge our branches separately and then into a local master then push to remote? I've read a bunch about it and for some reason I can't get the right method to "click" in my head. Anyone have any thoughts?

* # ¿ Jan 17, 2015 20:58
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 21, 2024 01:23
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!

crm posted:

I'm trying to sort out the best way to secure a REST API.

What is the recommended approach?

A couple things to consider:

1) the API is built on top of Java + Spring Boot
2) it will be accessed by multiple platforms (mobile app, web, other APIs, perhaps desktop)
3) a lot of the read options should be public
4) it should have varying levels of authorization - unregistered can't write anything, registered can write something, elevated can write more, etc
5) needs to allow new users to register
So trying to sort out what my best option. Oauth2? Basic HTTP returning a JWT?

I'm relatively new to this, so any advice is appreciated.

I have these exact same questions, except in using hand-rolled isapi extensions implementing a crud-type interface on a windows embedded compact 7 server.

I hate my life please help me.

* # ¿ Jun 2, 2015 15:12
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!
I am having a problem that involves scoping and Javascript and I'm having some issues figuring it out.

code:
onSearchButtonTap: function(button, e, eOpts) {
    WifiWizard.getCurrentSSID(this.ssidHandler, this.ssidFail);
},

processNetwork: function(ssidString) {
    //check the name and whatnot
},

ssidHandler: function(obj) {
    console.log('SSID returned');
    console.log(obj);
    this.processNetwork(obj);  // -> this doesn't work
    //TypeError: undefined is not a function (evaluating 'this.processNetwork(b)')
}
I tap the search button, the WiFiWizard.getCurrentSSID method fires, and the ssidHandler outputs the SSID and the obj variable to the console, but then barfs on trying to call the processNetwork. How should I be calling processNetwork?

* # ¿ Jul 22, 2015 19:00
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!

Suspicious Dish posted:

JavaScript is weird. Use this.ssidHandler.bind(this) when you can the wizard.

Holy crap you're the best. I was playing around with .apply but apparently not doing that right either. I didn't realize .bind was a thing.

* # ¿ Jul 22, 2015 20:33
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!
I need help with SSL and certificates. I have googled the poo poo out of this and I still feel so lost.

So I am working on an embedded product. It has no display or other means of direct user interface. This product is controlled/configured through a phone, tablet, or PC based app that connects directly to the product. It doesn't do the "I talk to the cloud and then the phone talks to the cloud and everything is cool and easy", because some people that use this product don't want it externally accesable. I also don't like saying cloud.

We want to use SSL to encrypt communication between the product and the app. I can't figure out the right way to do this though:
- Self signed certificates appear to be an issue since all modern web browsers/network APIs hate them.
- We can't get a certificate from a global CSA because these products don't have a consistent domain name or IP address.

How do people do this? What am I missing?

TLDR: Certificates are hard because I'm dumb, please help me.

* # ¿ Oct 21, 2015 14:40
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!
Thanks for the help guys.

Jabor posted:

Some questions to think about :
- Why do you want to encrypt this data?

It's a bullet point on a spec sheet, plus customer paranoia.

Jabor posted:

- Is it okay if someone who has physical access to the product can intercept and read all the connections being made to it?
- ... all the connections being made to any other product?

If the device can be physically accessed I consider it fully compromised. This is not on my list of stuff I'm concerned about.

Jabor posted:

- Is this a product that will be set up by sysadmins, or by random consumers?

Not just random consumers...poorly trained technicians with a very low computer literacy level. :eng99:

Jabor posted:

- How are people connecting to these things to set them up in the first place?

Straight HTTP. HTTPS is an option for customers that would like to use it.

Jabor posted:

- Do people need to be able to connect through web browsers, or is it just going through your app?
I build a cross platform app for iOS/Android/Browser using cordova. So all of the above.

ExcessBLarg! posted:

Self-signed CA certificates are fine, you just have to manually add them to the client browsers and applications. The point of purchasing certificates is that the corresponding CA cert is already included in browsers, so you don't have to do any manual setup on the client.

These devices will have to have some stable hostname that points to them in order to use browser-based TLS (SSL) whether you use your own CA or not.

So the followup stupid question is how do I handle this, with a device that's likely placed on an internal network where the hostname of the owning network will never be the same?

Again, I really appreciate the help even if it's only a nudge in the right direction.

* # ¿ Oct 21, 2015 21:11
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!

mystes posted:

TacoHavoc, you say that people are going to be connecting through an app, but is the app going to be accessing the device only from within the local network or remotely? If remotely, is there a centralized service that the app is going to use to access the device? In other words, does the user actually need authenticate the device directly, or does the user just need to access a central single server that can then authenticate the device? (This is the standard solution in consumer-oriented networked appliances, but you probably don't want to use this approach if you don't have to.)

Otherwise, how does the app find the device? By manually entering an IP? By some sort of discovery protocol?


Usually from within the local network. Sometimes remotely.

The app finds the device by IP.

I realize how stupid this all sounds, but based on the mix of situations this product is expected to work in (potentially unconnected to the internet, absolutely operated by the technically inept, across a variety of platforms), it just seems like there aren't a lot of good answers to a lot of the system architecture questions.

* # ¿ Oct 27, 2015 23:45
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!
I'm developing a BLE (bluetooth low energy) device along with corresponding mobile applications. Are there any standard or commonly used methods to keep the BLE services and characteristics in sync between three different code bases (C for the embedded device, Swift for iOS, and Kotlin for Android)? I realize I can keep a completely separate "paper" spec and then manually keep all the codebases in sync, but is there a better way where i can centrally define the device information that can be used programmatically by all three applications? If it was just for the mobile apps I'd probably use some sort of json-ish template that I could even read at runtime, but that seems like a lot of overhead for the mobile application.

Am I tilting at a windmill here? Even an example of how someone else has done it or some key google terms would probably be enough to get me going.

* # ¿ Mar 22, 2022 14:19
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!

pokeyman posted:

I would do what Jabor suggested, e.g. one JSON (with comments and commas) file that describes everything and a lil script to generate some C, Kotlin, and Swift from that .json.

An alternative is writing it once in code that is usable on all three platforms, which probably means C. Swift can use that directly on iOS, and you can use JNI on Android. JNI is sorta gross but it works.

And no you are not tilting at windmills, it will absolutely be worth having a single source of truth.

Appreciate the feedback from you and everyone else. I am an embedded programmer that self-taught mobile stuff, which leaves me feeling like "there's probably a better way to do this" a lot. Thank you!

* # ¿ Mar 23, 2022 14:13
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 21, 2024 01:23
  • Quote
TacoHavoc
Dec 31, 2007
It's taco-y and havoc-y...at the same time!

Dr. Fraiser Chain posted:

Probably not the right place for this question, but I had a data set from possibly the early 90s. Does anyone recognize some of these extensions? How would you recommend opening these?


I have seen .dta used for stata, depending what your data set is that may or may not make sense. .bak is usually a backup of some kind but I've seen it used by many different programs.

* # ¿ Apr 11, 2024 03:02
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread