Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread
 
  • Post
  • Reply
Tempora Mutantur
Feb 22, 2005

 not a programming question per se:

I can no longer find, and failed to bookmark, a site that was I *think* hosted on the .io tld, and it was a site devoted to various career paths, with things like "if you want to work in frontend, learn these things:" "if you want to work in backend, learn these things:" "these are security best practices:" and it was maintained on github with about maybe 6-12 contributors

does anyone know what the hell I'm blabbing about and possibly have the link?

if it helps it used a lot of mermaid.js diagrams (or at least looked like it did because it had lots of flowcharts for the order to learn things in to not overwhelm new people)

Tempora Mutantur fucked around with this message at 00:56 on Oct 21, 2023

* # ¿ Oct 21, 2023 00:53
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 14, 2024 05:32
  • Quote
Tempora Mutantur
Feb 22, 2005

HexiDave posted:

Was it Roadmap.sh? https://roadmap.sh

That's the one, thank you!

* # ¿ Oct 22, 2023 22:43
  • Quote
Tempora Mutantur
Feb 22, 2005

KillHour posted:

Good question. I actually don't have any practical Rust experience and have only a passing familiarity with it. Looking at some examples quickly though, it appears that the focus of Rust is more on memory management in the sense of making sure that reference types are properly handled for memory safety as opposed to setting up a different set of syntax rules for each.

Maybe it will help if I talk a little bit more about why I'm interested in this. I work with databases (which is why SPARQL came to mind), and one of the things that has been coming up a lot in recent years is properties getting reified into objects. So instead of this:

code:
"foo" : {
  "bar": "baz";
}
You end up with this:

code:
"foo" : {
  "hasProperties": [ "foobar" ]
},
"foobar": {
  "isType": "string",
  "hasValue": "baz"
}
I've even heard customers propose things like "Instead of having the value be the number 5, let's make an object called 'int_five' and have every property with a value of 5 reference that same object." Which is... absurd, to say the least (and yet a serious suggestion by people who are seen as thought leaders at a billion dollar company). So I'm interested in learning more about languages that take a stricter approach to the separation of things that are individual tracked objects and things that are fungible concepts.

...so you want first-class support for schemas or something? like the second example reminds me of avro schema except that it's presumably including the schema on EVERY instance which is baffling to me, just have a schema and then reference it as needed in your data model (same concept as e.g. XML schema definitions, except here we're using json or yaml or whatever)

(and if that's an actual example of your patterning, like including both isType and hasValue, please just switch to something like avro because there's absolutely no reason to include the schema on EVERY object, it's a colossal waste and defeats the purpose of schemas)

that all said I'm probably not understanding the use case here (and I cannot see a scenario where I'd ever agree with the int_five poo poo) but I don't understand why you need language-level support for just having schemas defining objects and actual instances of objects that rely on that schema, even when they're both just frozen data

like, I'm not even sure how we're getting to the examples I quoted from you above, from what you clarified below:

quote:

For instance, I would be interested in learning about a language that uses different assignment operators for value/reference types.

the examples above (the foo object and foo/foobar schemas-with-values) can each be manipulated in applications as value OR reference types (depending on the language but you seem to be talking about ones where you can do both) so what is the meaningful difference that you'd want wholly separate operators when the data would behave the same way?

mystes posted:

Can you give an example of something you're trying to ensure or prevent by distinguishing the syntax?

yeah this

* # ¿ Oct 24, 2023 18:45
  • Quote
Tempora Mutantur
Feb 22, 2005

Volguus posted:

Hey, at least you can safely say that their application was written by drunken monkeys. With JSON, odds are that they were sober. They knew what they were doing. And that's even more frightening.

no tech, be it XML or json, can prevent a sufficiently determined/inexperienced dev from making GBS threads all over their API and or building the stupidest poo poo imaginable

and somehow the places filled with these devs have no controls in place to prevent it, funny how that works

(that's all places btw)

* # ¿ Dec 30, 2023 02:05
  • Quote
Tempora Mutantur
Feb 22, 2005

Gucci Loafers posted:

Let me share some backstory - I'm making a basic SPA Web App with HTML, CSS, JavaScript, React, etc. and using Azure SQL DB.

does azure offer some kind of API-service-layer automatically that can handle data sanitization?

asking because if they don't, then in this js-frontend-sql-backend stack, my next question is what is sanitizing incoming data/making sure you're not just eating attack data? especially if you're showing whatever the recorded daily data is to other users

* # ¿ Jan 12, 2024 03:24
  • Quote
Tempora Mutantur
Feb 22, 2005

Gucci Loafers posted:

I have no idea. I am that new of a developer as I can make... or I am making the program but it's stuff like this or things like setting up a business bank account that's connected to the app that are my next challenges with app development.

I know it wasn't actually what you asked but it popped into my head because you need *something* that's going to safeguard input which is going to affect performance for load/scalability testing, and it's also a point to get easier metadata about actually valid requests/otherwise deal with anything you need to change in the future

to keep with your stack, you can use Node (backend javascript library) with Azure Functions (so you don't have to focus much on actual server/container deployment for a backend and can just write what you need it to do and treat it like any other server in the context of inbound web requests) where the general architecture is:

client browser -> "Service API Layer" (in this case, an azure function, though it could also be a full on server running on a VM/container/whatever) -> DB layer

the reasoning here is:

1) security. your API layer should be the only thing that's publicly accessible, and all data the SPA uses is only sent from/to the API layer. the API layer is the only thing that can speak to the DB. this means your DB can avoid being exposed publicly, which means that as long as you do data sanitization on requests in your API layer (to prevent stuff like sql injection or various malicious attacks you can read about on owasp, you should be protected against most common attacks (aside from the platform itself, which isn't your concern or under your control, or any issues in your actual function scripting which is absolutely your concern and in your control, along with properly configuring security/permissions on your cloud)

2) security, again. just to be clear since you said you're making a SPA: everything in the browser is hostile. you cannot trust the web app to do anything for you because a malicious actor can use the magic of "press F12 in the browser and gently caress around in console" to do things like send data to your endpoints or just otherwise pick apart your code. this way, while you still want to do whatever frontend security you can, you can use your API layer to harden services like noted above. also certain things will require changes on front + back for security needs, but I'm not clear on the level of security you need e.g. do users have to auth or is it just a public portal (with no login/auth) since these are different issues to solve.

3) metadata now and flexibility later. let's say you want to know how many actually valid requests you get, or eventually you want to do something like send email notifications based on specific data you receive. while you could have something polling your DB or use DB triggers, it's (imo) a lot easier to have your input layer automatically handling data gathering like this, whether it's writing stuff to a logging table or using some kind of log aggregator like splunk/kibana or a cloud option or whatever. plus, by doing it in a service layer in a language that you're already working with/familiar with, instead of needing to learn DB-level stuff (which as a generalist ofc I encourage you to, heh) you can focus on javascript and control it at this layer, requiring less cognitive load for maintenance and updating later (plus I'm of the mindset it's a lot easier on your brain to design things where "the database is just a big ol bag of data, devoid of logic, all logic lives in my API service layer so that all application logic is in one general location," since it *sucks massive rear end* when someone who thinks they're smart puts 30% of the logic in the DB, 50% of the logic in the app, and 20% of the logic spread across different libraries buried in dependencies, with no testing or documentation so you just have to Figure It Out.

anyway. good luck man, hopefully that's more helpful than overwhelming, my will to edit much more is waning so uh, hopefully that wall of text is more useful than overwhelming or annoying. technically the #1 priority is to Just Make poo poo Work, so you can actually ignore everything I wrote here, but if you're seriously talking about thousands of users, security should be pretty front of mind since *someone* is going to attack you the more people know about you.

* # ¿ Jan 12, 2024 20:09
  • Quote
Tempora Mutantur
Feb 22, 2005

Gucci Loafers posted:

That's a super informative reply. I haven't been thinking about SQL Injection attacks at all. If this is a whole website wouldn't I just want to host this as an Azure App Service over Azure functions?

to your overall question about Azure App Service, no idea. I don't really know the MS ecosystem, just experience in AWS and google cloud, but at a glance it looks like AAS is like a full pipeline you can pay for? sounds kind of neat maybe, depending on what they lock you into. I can't give you a good answer really because beyond not knowing that product, I'm biased towards having in-house pipelines, so I would recommend setting up and doing stuff yourself instead of using prebuilt stuff (not from scratch but learning how to use the cloud services manually like the fool mentioned) but ymmv/ultimately your goal is a product and if AAS works for you, go for it.

but yes, you'd likely be able to use azure functions if your use case doesn't require some heavier weight backend service that requires an actual server (which to the broad notion of "user uploads data daily" is probably fine for an azure function that feeds the data to a DB)

also when you say "website," you gotta be a little more specific in intent; most generically based on the single use case you've given, you could say you're building a "daily record upload web application" which is comprised of a static frontend website that accepts and passes user data to a backend service (azure function) which sanitizes and persists that data to a db.

I say that because a website is just some HTML hosted somewhere that's maybe or maybe not running scripts that connect to external services/databases. imo if you can serve your frontend out of AWS S3 buckets/Azure blob storage/equivalents like that (I've only used S3 buckets, google says blob is the equivalent) that's preferable because it's very cheap and you can route https://www.whatever.tld to the bucket and still use HTTPS*.

* on AWS at least, HTTPSing to a bucket involves three separate services, but I imagine that MS cloud also has quick tutorials similar to this AWS one: https://www.freecodecamp.org/news/simple-site-hosting-with-amazon-s3-and-https-5e78017f482a/ so if you found an MS cloud equivalent of the services you could do that (and maybe MS doesn't require the CDN like AWS, I dunno, or maybe AAS supports this, no idea)

that all said, some googling shows this article from march 2023 about setting up what you're talking about (static website that connects to a db via azure function): https://learn.microsoft.com/en-us/azure/static-web-apps/database-azure-sql?tabs=bash&pivots=static-web-apps-rest but I barely glanced through it. what level of security they offer/tell you to configure, no idea. I have lazy enterprise dev brain and just do what I know until I have to google something new.

* # ¿ Jan 13, 2024 06:30
  • Quote
Tempora Mutantur
Feb 22, 2005

The Fool posted:

outside of forcing certain design choices, like separation of concerns, I wouldn't consider azure functions to be inherently more secure than any other deployment method, and functions are definitely harder to move to other services of that is a concern

this is all true

to be clear when I say "you need a layer to sanitize data blah blah blah" those words are obfuscating the amount of thought and work necessary to go into safeguarding anything you build and expose to the public, though reading through owasp practices is an excellent way to get the basics of what you need to do to safeguard a system against the most common stuff/the programming equivalent of not leaving your car doors unlocked when you walk away

The Fool posted:

oh yeah, local development for functions is trickier because you either need to just deploy to test or run an emulator

this is also true. I recommend lambdas/functions/serverless a lot but really hate working on them, it's kind of funny. I always prefer to stand up an actual server for my services, containerized or just a plain ol VM, both for this reason as well as because it's more portable (or at least as portable as I make it, which is also why I use java since I can shuffle things around at various points, whether it's the servlet itself or the nix distro of the image or whatever else).

gucci if you're definitely sticking with MS stack, C# is a wonderful language and I like working with it a lot on personal stuff (you'd use C# to make your api service layer/backend), though I don't know anything about the actual .net ecosystem (like proper package management and stuff; all my C# stuff has been school, unity, and specific-game-mods so I never had to learn about its equivalents of maven/gradle/npm/yarn, or what their major frameworks are like spring/react/vue, etc)

* # ¿ Jan 13, 2024 18:36
  • Quote
Tempora Mutantur
Feb 22, 2005

 hail CMOS

* # ¿ Feb 29, 2024 04:06
  • Quote
Tempora Mutantur
Feb 22, 2005

Polio Vax Scene posted:

Which programming language is most closely associated with satan?

https://en.wikipedia.org/wiki/Brainfuck

* # ¿ Feb 29, 2024 08:39
  • Quote
Tempora Mutantur
Feb 22, 2005

 leebRARie

* # ¿ Apr 4, 2024 14:55
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 14, 2024 05:32
  • Quote
Tempora Mutantur
Feb 22, 2005

moosferatu posted:

They're probably trying to get you to write it using recursion. For example, have a function that takes as input the current player and scores, and then execute your turn logic. If a player has won return the results, otherwise call the same function again with the updated values.

that's the right interpretation

or be an rear end in a top hat and write it as an event-driven score system using a single for loop which has its value change to the current highest score after each iteration; each iteration emits a currentPlayerRoll event handled by a currentPlayerRollHandler which does all the score/turn keeping and has a handy function that also updates the variable tracking the for loop and current player so the game ends when a single unbroken for loop runs to completion to 100 and it's completely over-engineered in response to "no while loops"

* # ¿ May 4, 2024 04:02
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread