Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "public api"
-
Meeting with asshole partner company CEO at restaurant.
Me: "I'm a bit worried about the bugs in your API. There are some ways to retrieve privacy sensitive info from public endpoints"
CEO: "Well, we're a rapidly growing startup!"
Me: "Uh... so?"
CEO: "So... Move Fast and Break Things! Priority is to improve our API further, and we'll fix bugs as they show up"
Me: "Maybe you should stop trying to emulate Zuckerberg in your management style. You know that even Facebook themselves admitted that their slogan was a retarded mistake"
Waiter shows up at table. CEO orders some overly expensive fish salad.
CEO: "Well, they have done something right... they're worth billions"
Waiter asks me: "And you sir, have you made your choice?"
Me: "Do you serve popcorn?"
CEO: "Popcorn for lunch?"
Me: "No, for your congressional hearing"16 -
Hey everyone,
We have a few pieces of news we're very excited to share with everyone today. Apologies for the long post, but there's a lot to cover!
First, as some of you might have already seen, we just launched the "subscribed" tab in the devRant app on iOS and Android. This feature shows you a feed of the most recent rant posts, likes, and comments from all of the people you subscribe to. This activity feed is updated in real-time (although you have to manually refresh it right now), so you can quickly see the latest activity. Additionally, the feed also shows recommended users (based on your tastes) that you might want to subscribe to. We think both of these aspects of the feed will greatly improve the devRant content discovery experience.
This new feature leads directly into this next announcement. Tim (@trogus) and I just launched a public SaaS API service that powers the features above (and can power many more use-cases across recommendations and activity feeds, with more to come). The service is called Pipeless (https://pipeless.io) and it is currently live (beta), and we encourage everyone to check it out. All feedback is greatly appreciated. It is called Pipeless because it removes the need to create complicated pipelines to power features/algorithms, by instead utilizing the flexibility of graph databases.
Pipeless was born out of the years of experience Tim and I have had working on devRant and from the desire we've seen from the community to have more insight into our technology. One of my favorite (and earliest) devRant memories is from around when we launched, and we instantly had many questions from the community about what tech stack we were using. That interest is what encouraged us to create the "about" page in the app that gives an overview of what technologies we use for devRant.
Since launch, the biggest technology powering devRant has always been our graph database. It's been fun discussing that technology with many of you. Now, we're excited to bring this technology to everyone in the form of a very simple REST API that you can use to quickly build projects that include real-time recommendations and activity feeds. Tim and I are really looking forward to hopefully seeing members of the community make really cool and unique things with the API.
Pipeless has a free plan where you get 75,000 API calls/month and 75,000 items stored. We think this is a solid amount of calls/storage to test out and even build cool projects/features with the API. Additionally, as a thanks for continued support, for devRant++ subscribers who were subscribed before this announcement was posted, we will give some bonus calls/data storage. If you'd like that special bonus, you can just let me know in the comments (as long as your devRant email is the same as Pipeless account email) or feel free to email me (david@hexicallabs.com).
Lastly, and also related, we think Pipeless is going to help us fulfill one of the biggest pieces of feedback we’ve heard from the community. Now, it is going to be our goal to open source the various components of devRant. Although there’s been a few reasons stated in the past for why we haven’t done that, one of the biggest reasons was always the highly proprietary and complicated nature of our backend storage systems. But now, with Pipeless, it will allow us to start moving data there, and then everyone has access to the same system/technology that is powering the devRant backend. The first step for this transition was building the new “subscribed” feed completely on top of Pipeless. We will be following up with more details about this open sourcing effort soon, and we’re very excited for it and we think the community will be too.
Anyway, thank you for reading this and we are really looking forward to everyone’s feedback and seeing what members of the community create with the service. If you’re looking for a very simple way to get started, we have a full sample dataset (1 click to import!) with a tutorial that Tim put together (https://docs.pipeless.io/docs/...) and a full dev portal/documentation (https://docs.pipeless.io).
Let us know if you have any questions and thanks everyone!
- David & Tim (@dfox & @trogus)53 -
Dear me,
We have noticed you uploaded files to a public github with your API keys in plaintext.
Please proceed to bang head against desk until you have learned your lesson.
Sincerely me.16 -
"Don't deploy on Friday" is a public admittance that your company either has no CI/CD pipeline, or that all your devs are retarded rhesus monkeys who only wipe their ass if the product manager wrote it as a spec.
If the saying was: "Don't port your whole API to GraphQL on a Friday", or "Don't switch from MySQL to Postgres on a Friday", I would agree.
But you should be able to do simple deploys all the time.
I deployed on Christmas & New Year's eve. I've deployed code while high on LSD, drunk-peeing 2 liters of beer against a tree after a party. I've deployed code from the hospital while my foot was being stitched up. On average, we deploy our main codebase about 194 times a week.
If you can't trust your deploys, maybe instead of posting stupid memes about not deploying on Fridays, you should fix your testing & QA procedures.46 -
//
// devRant unofficial UWP update (v2.0.0-beta)
//
After several concepts, about 11 months of development (keep in mind that I released 20 updates for v1 in the meantime, so it wasn't a continous 11 months long development process) and a short closed beta phase, v2 is now available for everyone (as public beta)! :)
I tried to improve the app in every aspect, from finally responsive and good looking UI on Desktop version to backend performance improvements, which means that I almost coded it from scratch.
There are also of course a few new features (like "go to bottom" in rants), and more to come.
It's a very huge update, and unfortunately to move forward, improve the UI (add Fluent Design) and make it at the same level of new UWP apps, I was forced to drop the supported for these old Windows 10 builds:
- Threshold 1 (10240)
- Threshold 2 (10586)
Too many incompatiblity issues with the new UI, and for 1 person with a lot of other commitments outside this project (made for free, just for passion), it's impossible to work at 3 parallel versions of the same app.
I already done something like that during these 11 months (every single of the 20 updates for v1 needed to be implemented a second time for v2).
During the closed beta tests, thanks to the awesome testers who helped me way too much than I ever wished, I found out that there are already incompatiblity issues with Anniversary Update, which means that I will support two versions:
1) One for Creators Update and newer builds.
2) One for Anniversary Update (same features, but missing Fluent Design since it doesn't work on that OS version, and almost completly rewritten XAML styles).
For this reason v2 public beta is out now for Creators Update (and newer) as regular update, and will be out in a near future (can't say when) also for the Anniversary Update.
The users with older OS versions (problem which on PC could be solved in 1-2 days, just download updates) can download only the v1.5.9 (which probably won't be supported with new updates anymore, except for particular critcal bug fixes).
So if you have Windows 10 on PC and want to use v2 today, just be sure you have Creators Update or Fall Creators Update.
If you have Windows 10 PC with Anniversary Update, update it, or if you don't want to do that, wait a few weeks/months for the update with support for your build.
If you have an older version on PC, update it, or enjoy v1.5.9.
If you have Windows 10 Mobile Anniversary Update, update it (if it's possible for your device), or just wait a few weeks/months for the update with support for your build.
If you have Windows 10 Mobile, and because of Microsoft stupid policy, you can't update to Anniversary Update, enjoy v1.5.9, or try the "unofficial" method (registry hack) to update to a newer build.
I hope it's enough clear why not everyone can receive the update today, or at all. :P
Now I would like to thank a few people who made this possible.
As always, @dfox who is always available for help me with API implementations.
@thmnmlist, who helped me a lot during this period with really great UI suggestions (just check out his twitter, it's a really good person, friend, designer and artist: https://twitter.com/thmnmlist).
And of course everyone of the closed beta testers, that reported bugs and precious suggestions (some of them already implemented, others will arrive soon).
The order is random:
@Raamakrishnan
@Telescuffle
@Qaldim
@thmnmlist
@nikola1402
@aayusharyan
@cozyplanes
@Vivaed
@Byte
@RTRMS
@tylerleonhardt
@Seshpengiun
@MEGADROID
@nottoobright
Changelog of v2.0.0-beta:
- New UI with Fluent Design and huge improvements for Desktop;
- Added native support for Fall Creators Update (Build 16299);
- Changed minimum supported version to Creators Update (Build 15063), support for Anniversary Update (Build 14393) will arrive soon;
- Added mouse support for Pull-To-Refresh;
- Added ability to change your username and email;
- Added ability to filter (by 'Day', 'Week', 'Month' and 'All') the top Rants;
- Added ability to open rant links in-app;
- Added ability to zoom GIFs (just tap on them in the Rant View);
- Added 'go to bottom' button in the Rant View (if more than 3 comments);
- Added new theme ('Total Black');
- ...complete changelog in-app and on my website (can't post it here because of the 5000 characters limit)...
What will arrive in future updates:
- 'Active Discussions' screen so you can easily find rants that have recent comments/discussions;
- Support for 'Collabs';
- Push Notifications (it was postponed and announced too many times...);
- More themes and themes options;
- and more...
If you still didn't download devRant unofficial UWP, do it now: https://microsoft.com/store/apps/...
If you find some bugs or you have feature suggestion, post it on the Issue Tracker on GitHub (thanks in advance for your help!): https://github.com/JakubSteplowski/...
I hope you will enjoy it! ;)52 -
Storytime!
Manager: Hey fullstackchris, the maps widget on our app stopped working recently...
Dev: (Skeptical, little did he know) Sigh... probably didn't raise quota or something stupid... Logs on to google cloud console to check it out...
Google Dashboard: Your bill.... $5,197 (!!!!!!) Payment method declined (you think?!)
Dev: 😱 WTF!?!?!! (Calls managers) Uh, we have HUGE problem, charges for $5000+ in our google account, did you guys remove the quota limits or not see any limit reached warnings!?
Managers: Uh, we didn't even know that an API could cost money, besides, we never check that email account!
Dev: 🤦♂️ yeah obviously you get charged, especially when there have literally been millions of requests. Anyway, the bigger question is where or how our key got leaked. Somewhat started hammering one of the google APIs with one of our keys (Proceeds to hunt for usages of said API key in the codebase)
Dev: (sweating 😰) did I expose an API key somewhere? Man, I hope it's not my fault...
Terminal: grep results in, CMS codebase!
Dev: ah, what do we have here, app.config, seems fine.... wait, why did they expose it to a PUBLIC endpoint?!
Long story short:
The previous consulting goons put our Angular CMS JSON config on a publicly accessible endpoint.
WITH A GOOGLE MAPS API KEY.
JUST CHILLING IN PLAINTEXT.
Though I'm relieved it wasn't my fault, my faith in humanity is still somewhat diminished. 🤷♂️
Oh, and it's only Monday. 😎
Cheers!11 -
tl;dr: spent 12 hours creating an api for a job interview challenge. Got rejected after 4 weeks with no real feedback, and all I can do is rant!
So I was in the interview process with a company that was a great fit for my background.
Got through a couple of phone screens, and was given a coding challenge consisting of writing a web API with a couple of endpoints and a filter function.
I'm like, ok no problem, I happen to have created apis for some mobile apps in the past, and I pick Django rest framework to get the job done.
Implemented it on a Sunday, wrote a medium size Readme.md and some unit tests and submit. Took almost four weeks and a partial resubmission to get a rejection with no specific feedback.
Now I'm shamelessly butthurt and I have nothing else to do but rant! Worse part is I looked back at the code and in my opinion is solid AF, so I put it on my public GitHub cause fuck it!6 -
A programmer once explained Nietzsche like this:
A long time ago, god created the world, but forgot to leave a developer documentation, thus the whole world was like legacy code...
And humans are like the end user of this world, and some among them spent time studying it, using the Moral API, hoping to get a result of "http 200 ok" from our world for the peace of mind. But the true operation of this world is still yet unknown...
As time passes, humans begin to find that in Moral API, good and evil are two base classes, and all the other moral properties (like ethic, justice and stuff) are just other classes based on those two classes through multiple inheritance.
One day, when programmer Nietzsche was observing the world's runtime behavior, he came up with a question:
"Did god really use good and evil as base classes? Could it be that they are actually derived classes?"
Most of the world is currently in the favor of mankind, and god must've wrote individual user cases for it's end users, he thought.
This made Nietzsche thinking: if end users are considered into two cases: the strong and the weak, how would the world be designed base on its user story?
Let's think about the strong, they can bully the weak as they please, and there's nothing the weak can do to stop them. In this case whether the Moral API exists or not doesn't fulfill the need of the strong.
But when it comes to the weak, Nietzsche thinks that because the weak cannot fight the strong, they need to belittle bullying and praise the strong for being nice. When the weak does this, it covers their powerless state to some extent, making them look somehow equal to the strong by being capable of commenting.
God might have coded the Moral API to fit the weak's requirement, also adding some public methods for the weak to comment on the strong. If the strong takes care of the weak, they call him nice and good, if the strong bullies people, they call him bad and evil.
That's when Nietzsche realized, that good and evil are both derived classes from the weak, and the base class should be the strong and the weak.
Then he started a series of studies about the Moral API, and got some thesis that persuaded lots of other end users...7 -
Public service announcement: Do not get married to your language, tools, or way of doing things. If there's an easier solution to something, try it before dismissing it. No language is perfect, and dumping everything on the responsibility of an API or framework can cause more headache then solve it.
Case in point: I love Java for backend programming, but node.js is a better solution to frontend programming then depending on JSP's and HTML within the same Java project. Less things go wrong and it's easier to debug issues.
There is no best programming language. Only best practices and using the right tool for the right job.
#exceptC++fuckthatlanguage
:^)15 -
Working on a funny/new api/service (will be a public one) and I'm only now realizing how important good security is but especially:
The amount of time that goes into securing an api/application is too goddamn high, I'm spending about 90 percent of my time on writing security checks 😅
Very much fun but the damn.31 -
My colleagues broke down our AWS account by hard coding the AWS access API keys and pushing the same code to a public repository. This took down our system for nearly 3 days.2
-
I think I will ship a free open-source messenger with end-to-end encryption soon.
With zero maintenance cost, it’ll be awesome to watch it grow and become popular or remain unknown and become an everlasting portfolio project.
So I created Heroku account with free NodeJS dyno ($0/mo), set up UptimeRobot for it to not fall asleep ($0/mo), plugged in MongoDB (around 700mb for free) and Redis for api rate limiting (30 mb of ram for free, enough if I’m going to purge the whole database each three seconds, and there’ll be only api hit counters), set up GitHub auto deployment.
So, backend will be in nodejs, cryptico will manage private/public keys stuff, express will be responsible for api, I also decided to plug in Helmet and Sqreen, just to be sure.
Actual data will be stored in mongo, rate limit counters – in redis.
Frontend will probably be implemented in React, hosted for free at GitHub pages. I also can attach a custom domain there, let’s see if I can attach it to Freenom garbage.
So, here we go, starting up modern nosql-nodejs-react application completely for free.
If it blasts off, I’m moving to Clojure + Cassandra for backend.
And the last thing. It’ll be end-to-end encrypted. That means if it blasts off, it will probably attract evil russian government. They’ll want me to give him keys. It’ll be impossible, you know. But they doesn’t accept that answer. So if I accidentally stop posting there, please tell my girl that I love her and I’m probably dead or captured28 -
Are you a C# developer, and do you want to contribute to the devRant public api C# variant. This is your chance!
Fork the code and help the community project.
https://github.com/WichardRiezebos/...7 -
Manager: I want the front ends to be more dumb, too much logic is happening on the frontend.
Me: both of the sites are just multi step forms, I’m confused about the complexity part.
Manager: yea but don’t we have a bunch of third party api calls?
Me: we have 4 and they are public facing apis.
Manager: yea, make a new api and move this api calls to the backend and I want both frontend teams to send the same shape payload.
Me: but…
Manager: oh and I don’t like how the business team does the a/b testing and splitting traffic, let’s move that to the backend as well.
Me: but… that a/b testing platform they use in ran by another team and they have a full set of features for business analytics…
Manager: yea let’s just replicate those features and move them to the backend.
Me: but it’s a product!
Manager: look! You are the best backend engineer we got! I know you can do this!
Me: I lead the frontend teams…
Manager: ….
Manger: good news we are giving you a promotion with raise you are now a senior engineer.
Me: I confused but happy… I think..9 -
So… I released v2.0.0 of devRant UWP a few weeks ago.
Then I got a lot of reports of problems on Windows 10 Mobile and older (than 1809) versions of Windows 10 on Desktop.
I decided to resubmit v2.0.0-beta16 to the store, and try to find the issue in the update… I didn't find it.
The code seems the same as the working version (at least the part I try to test is 100% equal).
So it seems I fucked up the vs project.
This means that to find the issue I can spend weeks to search it over and over inside the latest project (using shitty emulators of older Windows 10 builds to debug it), or I could just restore it to the old v2.0.0-beta16 (released in august) and implement again every single new feature and fix (something like 5 new features, dozens of improvements, changes and bug fixes).
In any case, this will require a lot of time (which I don't have at this moment).
I'm really sorry for this inconvenience, I know some of you use my client daily (~3.000 users I guess), I'm really glad someone likes it, and thanks a lot for the awesome reviews and feedback, but stable v2 (v2.1.0 at this point) will be available not earlier than in February.
Probably some of you have already download v2.0.0 while it was available in the store, and maybe it works on your device (please let me know in the comments below if you did, how is it going, and also if you like the new features and improvements).
After this epic fail, and more than 1 year (way too much) of v2 public beta, I want to throw the current project in the trash, and start it from scratch.
Which means I will start to work on v3 as soon as you will see v2.1.0 in the store, making it faster, lighter and with better support for the latest Windows 10 (Fluent Design and not) features, dropping the support for the very old UWP API.
Thanks for your attention.
Have a good day (or night)!5 -
Got pretty peeved with EU and my own bank today.
My bank was loudly advertising how "progressive" they were by having an Open API!
Well, it just so happened I got an inkling to write me a small app that would make statistics of the payments going in and out of my account, without relying on anything third-party. It should be possible, right? Right?
Wrong...
The bank's "Open API" can be used to fetch the locations of all the physical locations of the bank branches and ATMs, so, completely useless for me.
The API I was after was one apparently made obligatory (don't quote me on that) by EU called the PSD2 - Payment Services Directive 2.
It defines three independent APIs - AISP, CISP and PISP, each for a different set of actions one could perform.
I was only after AISP, or the Account Information Service Provider. It provides all the account and transactions information.
There was only one issue. I needed a client SSL certificate signed by a specific local CA to prove my identity to the API.
Okay, I could get that, it would cost like.. $15 - $50, but whatever. Cheap.
First issue - These certificates for the PSD2 are only issued to legal entities.
That was my first source of hate for politicians.
Then... As a cherry on top, I found out I'd also need a certification from the local capital bank which, you guessed it, is also only given to legal entities, while also being incredibly hard to get in and of itself, and so far, only one company in my country got it.
So here I am, reading through the documentation of something, that would completely satisfy all my needs, yet that is locked behind a stupid legal wall because politicians and laws gotta keep the technology back. And I can't help but seethe in anger towards both, the EU that made this regulation, and the fact that the bank even mentions this API anywhere.
Seriously, if 99.9% of programmers would never ever get access to that API, why bother mentioning it on your public main API page?!
It... It made me sad more than anything...6 -
I've been so pissed off so many times, I thought I should divide them into categories.
- Pissed off at a fellow dev: I told him to use a constant instead of a hardcoded number.
He changed this: obj.method(3);
to this:
public static final int three = 3;
obj.method(three);
- Pissed off at management: I once got a $10 yearly raise.
- Pissed off at a client: They rejected our design proposal because the text was in spanish and they didn't speak spanish. It was lorem ipsum text.
- Pissed off at code: I once had to refactor a 500 line legacy jsp script with HTML, CSS, JS and Java completely intertwined.
- Pissed off at Twitter: They changed their API the day of our go-live, breaking all of their widgets, forcing us to move the go-live date and making me work an additional 8 hours after a week with almost no breaks.
- Pissed off at travel and logistics: They sent me to a hotel in Mexico City 2.5 hours away from the client's office.
Fun times...1 -
Why is it that pretty much zero package & framework maintainers understand semantic versioning?
1. If you do a complete rewrite of your package, but the resulting API is identical, you don't need to bump to the next major version. As a user, I'm thankful for your increased performance or cleaner internal code, but it doesn't really affect my update process.
2. If your package required some-framework 6.0.0, and now ALSO supports some-framework 7.0.0 but is still compatible with 6.0.0, you don't need to bump to the next major version. As a user, I can now upgrade the framework, and know that the package will keep working, but otherwise it doesn't really affect me.
3. Following your versioning along with the framework/language version is super annoying, especially if your library really doesn't need to differentiate between framework versions because it's not actually utilizing new framework functionality.
4. On the other hand, if you stop supporting a certain language, framework or shared library version, or change the public methods, exceptions, fields, etc, you MUST bump to a new major version.
Yet everyone gets this wrong.
For example, many of Laravel's underlying subpackages (for collections, filesystem, database, config, http, mail, etc) do not change their code in a breaking way, or do not even change at all between major framework versions.
Yet they follow along with the major framework version.
Now if someone makes a library "laravel-elasticsearch" which uses the support libraries and collections from laravel, they need to update their package to move along with the versions as well, and often they choose to number their library along with the framework in turn.
This means that to update the framework, you also need to update over 9000 dependencies.
FOR NO FUCKING REASON. THE ONLY CHANGE IN THOSE FUCKING DEPENDENCIES IS TO UPDATE COMPOSER.JSON TO BE COMPATIBLE WITH THE FUCKING FRAMEWORK.
Meanwhile, Laravel itself breaks repeatedly on minor/patch version updates, because breaking changes slip through their review process.
Ugh.3 -
[Image:Android Emulator Api 27(google play)]
It is in the public emulator now.Good job google employee😃13 -
It began when I was tasked with creating a better and more engaging experience for our new Facebook page. This was in Facebook's early days, so there were not really any "best practices". We were making it up as we went along. I decided one way would be to game-ify things, since gaming, at the time, was a Big Deal on Facebook and people were starting to use it to build customer funnels.
Grasping for low-hanging fruit, I decided a Tetris variant around our topic would be fun. I had to hire a dev because at the time I was a static HTML web developer just getting into social media management. I knew nothing about game development or how to use Facebook's API for such things.
Long story short, we got about $10,000 (FB app devs came at a premium then) into the project when I came across a very recent article about the history of Tetris games. It said that even though Tetris had once been considered for all intents to be public domain due to it being created by a Russian coder during the Cold War, it had just been acquired by an IP protection entity that was charging royalties for any variant of Tetris created from a specific date onward and paying the original developer. So, even though I thought I had been thorough in my initial permissions checking, it turned out we were gonna be in deep doo-doo with licensing fees and restrictions if we released this game to the public.
I had to call my boss and admit my error. She was FURIOUS and really gave me an ass-chewing over it. I then had to call the marketing person whose budget I'd been slaving away at wasting. She was a bit more forgiving (her budget was in the millions). Then I had to call the corporate legal department and explain what was going on. They told me to immediately pay any outstanding hours, then fire the dev but not before getting him to send me all code and assets, deleting his copy, and then, upon my receipt of those assets, deleting MY copy so that nothing of it ever existed. And I was supposed to say _nothing_ to the dev about why he was being let go, so that there would be no "trail" leading back to this fiasco. (The dev hounded me for weeks asking what he'd done wrong. It killed me that I was bound and gagged by corporate legal and couldn't tell him.)
I was in so much trouble. I was literally in tears over it. I'd never wasted that much money in my life. That incident pretty much sealed my fate as far as any trust my bosses ever put in me again (not much at all). I was a bit of a pariah in a lot of ways for the next 5 years whereas I had come onto the team as a young social media rockstar at first.
After that, and a couple of other bad scenarios that were less my fault and more due to a completely dysfunctional management and reporting structure, they eventually "transferred" me to another team. Which was really just a way of getting rid of me by sending me to a department that was already starting to outsource overseas and lay people off. It was less messy that way. I was in the first set of layoffs.
Since then, I've had a BIG fear of EVER joining a large corporation EVER again. I prefer to work for small businesses now, even if I get paid less. Much less stressful from an office politics and impact of mistakes standpoint.3 -
The Instagram API sucks a Lot.
Why the fuck I've to login with my account using OAuth2 to get posts of a PUBLIC account, it's so hard to make an authentication endpoint that doesn't require the user to enter his credentials in order to access PUBLIC content?
Fucking piece of shit5 -
So after 6 months of asking for production API token we've finally received it. It got physically delivered by a courier, passed as a text file on a CD. We didn't have a CD drive. Now we do. Because security. Only it turned out to be encrypted with our old public key so they had to redo the whole process. With our current public key. That they couldn't just download, because security, and demanded it to be passed in the fucking same way first. Luckily our hardware guy anticipated this and the CD drives he got can burn as well. So another two weeks passed and finally we got a visit from the courier again. But wait! The file was signed by two people and the signatures weren't trusted, both fingerprints I had to verify by phone, because security, and one of them was on vacation... until today when they finally called back and I could overwrite that fucking token and push to staging environment before the final push to prod.
Only for some reason I couldn't commit. Because the production token was exactly the same as the fucking test token so there was *nothing to commit!*
BECAUSE FUCKING SECURITY!5 -
Apparently, HERE Maps supports transport via spaceship 😲
I don’t know if this is a joke or not but it’s in the API documentation:
https://developer.here.com/document...5 -
Does Devrant have a public API?
I'm trying to write an extension for my Vscode so I can read posts while working without having to launch the mobile app.4 -
I just want to say,
wow the Cloudflare API is awesome.
In less then an hour (from a blank file - to automation and tested) I was able to setup a DDNS task that basically just pulls my public ip (see https://devrant.com/rants/2050450/... for details) comparing it to the current DNS records for and update them if anything has changed in the past 30 minutes.
So kudos to these guys letting me in next to no time having a simple yet elegant way of dealing with my missing static ip.
Why can’t all APis be this simple?3 -
I've released my unofficial C# wrapper for the devRant public API. Feel free to check it out and contribute if you would like! Feedback is appreciated.
https://github.com/redrails/...1 -
That's it, where do I send the bill, to Microsoft? Orange highlight in image is my own. As in ownly way to see that something wasn't right. Oh but - Wait, I am on Linux, so I guess I will assume that I need to be on internet explorer to use anything on microsoft.com - is that on the site somewhere maybe? Cause it looks like hell when rendered from Chrome on Ubuntu. Yes I use Ubuntu while developing, eat it haters. FUCK.
This is ridiculous - I actually WANT to use Bing Web Search API. I actually TRIED giving up my email address and phone number to MS. If you fail the I'm not a robot, or if you pass it, who knows, it disappears and says something about being human. I'm human. Give me free API Key. Or shit, I'll pay. Client wants to use Bing so I am using BING GODDAMN YOU.
Why am I so mad? BECAUSE THIS. Oauth through github, great alternative since apparently I am not human according to microsoft. Common theme w them, amiright?
So yeah. Let them see all my githubs. Whatever. Just GO so I can RELAX. Rate limit fuck shit workaround dumb client requirements google can eat me. Whats this, I need to show my email publicly? Verification? Sure just go. But really MS, this looks terrible. If I boot up IE will it look any better? I doubt it but who knows I am not looking at MS CSS. I am going into my github, making it public. Then trying again. Then waiting. Then verifying my email is shown. Great it is hello everyone. COME ON MS. Send me an email. Do something.
I am trying to be patient, but after a few minutes, I revoke access. Must have been a glitch. Go through it again, with public email. Same ugly almost invisible message. Approaching a billable hour in which I made 0 progress. So, lets just see, NO EMAIL from MS, Yes it appears in my GitHub, but I have no way to log into MS. Email doesnt work. OAuth isn't picking it up I guess, I don't even care to think this through.
The whole point is, the error message was hard to discover, seems to be inaccurate, and I can't believe the IRONY or the STUPIDITY (me, me stupid. Me stupid thinking I could get working doing same dumb thing over and over like caveman and rock).
Longer rant made shorter, I cant come up with a single fucking way to get a free BING API Key. So forget it MS. Maybe you'll email me tomorrow. Maybe Github was pretending to be Gitlab for a few minutes.
Maybe I will send this image to my client and tell him "If we use Bing, get used to seeing hard to read error messages like this one". I mean that's why this is so frustrating anyhow - I thought the Google CSE worked FINE for us :/ -
Any other Screeps players here?
for the people running into a "Screeps is not defined":
Screeps is a MMO RTS where you code your "army" to do stuff in Javascript (a la NodeJS).
Code how your harvesters should behave, how your soldiers should behave, how your builders should behave etc. etc.
So far, it is quite a fun game, tho my (Intel Nehalem based) laptop has issues handling it (thanks to a awfully slow GPU...) so it's difficult to play for me at the moment (I'm on holiday, my home PC is a LOT faster).
It costs about 15 euro on steam, and if you're into this stuff, it's well worth it.
Just make sure you finish the tutorial first... I didn't and I regretted it when I bought the game (it's a huge pain in the buttocks to get started if you don't understand the API and such).
Currently just playing on my own localhosted private server to discover how the game works and such, but will be setting up a public server later down the road to play with others.
Tho it would be nice if Screeps would allow for "team-based" gameplay as well so it'll be slightly harder for early players to bully the newer ones.2 -
Fuck LinkedIn
Fuck their closed API
Microsoft always steals your PRIVATE info, but is scared of us using their PUBLIC info
Fucking morons
I can just use selenium and still have all the info I need
Then why the fuck would you close API to approved only
Can't you just track the traffic????7 -
Does devrant have a public api? Tempted to write an atom plugin so I can pretend to work, but actually rant.1
-
Ok c++ professionals out there, I need your opinion on this:
I've only written c++ as a hobby and never in a professional capacity. That other day I noticed that we have a new c++ de developer at the office of which my first impression wasn't the greatest. He started off with complaining about having to help people out a lot (which is very odd as he was brought in to support one of our other developers who isn't as well versed in c++). This triggered me slightly and I decided to look into some of the PRs this guy was reviewing (to see what kind of stuff he had to support with and if it warranted his complaints).
It turns out it was the usual beginner mistakes of overusing raw pointers/deletes and things like not using various other STL containers. I noticed a couple of other issues in the PR that I thought should be addressed early in the projects life cycle, such as perhaps introduce a PCH as a lot of system header includes we're sprinkled everywhere to which our new c++ developer replies "what is pch?". I of course reply what it is and it's use, but I still get the impression that he's never heard of this concept. He also had opinions that we should always use shared_ptr as both return and argument types for any public api method that returns or takes a pointer. This is a real-time audio app, so I countered that with "maybe it's not always a good idea as it will introduce overhead due to the number of times certain methods are called and also might introduce ABI compability issues as its a public api.". Essentially my point was "let's be pragmatic and not religiously enforce certain things".
Does this sound alarming to any of you professional c++ developers or am I just being silly here?9 -
Public REST (-inspired) API. Should I skip numeric IDs because it's easy for consumers to snoop around?
Example:
POST api/foo
201 Created api/foo/69
Uh, I'll get 68 just because I can. Hopefully it returns Unauthorized, unless we some kind of bug.
Is it just security by obscurity if I use, like, guids or something instead of sequental IDs?17 -
Just gonna leave this here because I am too lazy to write a proper article for my website:
If anyone is trying to create a Vue.js website with Node.js backend do NOT use express-vue, it is unnecessarily complicated and broken. Instead use this method I found.
You will need:
- IntelliJ IDEA / WebStorm / other IDE supporting multiple modules per project and tasks
- Nodejs and npm
- vue-cli
Step by step:
1. Create new empty project
2. Add your frontend module using vue-cli generator
3. Add your backend module using Express generator
4. Run npm build in your frontend module once
5. Move or remove public folder in your backend module
6. Create a symlink from your backend module root called public pointing to dist folder in your frontend module root
7. Make sure to add "Run npm build" from frontend module to your "bin/www" task (default task for Express module)
8. Enjoy developing your REST API in Node/Express and your frontend in Vue.js with single-file components and it being served by the same server that is providing the backend.
(Since they are separate modules and you are not mixing webpack and Node/Express you can add ts-loader, stylus-loader, pug-loader or any other loaders without screwing anything up)
For deployment you just need to copy the contents of dist into public on the server. (and not upload the symlink)6 -
Why doesn't Twitter have a public API without authentication for simple stuff, such as reading tweets. One can do that without logging in on the website, why shouldn't code be able to do it.5
-
Just wanted to code some better public transportation route calculator (better ux) and found out that the pt company offers an API.
EVERY FUCKING REQUEST HAS TO BE SENT AGAINST THE SAME FUCKING ENDPOINT IN A POST REQUEST WITH THE ORIGINAL REQUEST AS FUCKING XML IN THE FUCKING BODY. At least they offer xsd files... BUT THATS NO FUCKING HELP. At least not that much of a help. AND THE DOCUMENTATION DOES NOT STATE A SINGLE FUCKING EXAMPLE OF HOW TO USE THAT FUCKING ENDPOINT. I FOUND THIS OUT BY SENDING RANDOM REQUESTS TO THE ENDPOINT TRYING TO REVERSE ENGINEER THE EXISTING FUCKING FRONTEND AND NOW I NOTICED THAT 80% OF THE FUCKING DOCUMENTED FEATURES ARE DISABLED BECAUSE: NOT FUCKING SUPPORTED!!!
MAAAN WHY DO YOU DO THIS.
Alternatively I'd use the GTFS files they provide but THEY ARE FUCKING INCOMPLETE AND DONT STICK TO THE EXISTING STANDARD GOOGLE DEFINED... They also offer a different propietary format... BUT THATS FUCKING UNDOCUMENTED AND FUCKING INCOMPLETE... -
If your site uses angular or react or some other piece of shit framework to load the data after the site has fucking loaded, make a public fucking api because i cant parse your shitass website from source.3
-
Guys, what the fuck.
Today i was doing some consistancy checks accross the board after update made for one of our core systems that manages money. Yeah, real, live money.
I have hidden from public payment processor with simple API etc. So one of my checks, gate has same balances as gate's internal account on core blinked red. Okay well, fuck, thats really really shitty situation to be in. I guess my gate is fucked up some way.
Okay, debug mode on, maintainence mode on, quick look at DB, oh shit, client payed 4 times 15k eur without any txn on core system... SHIT! postman... Fuck, postman ofc wont start, quick google, fixing postman, tention in me grows, becouse its really rough and tough fuckup on my side, and got call. That moment when you know someone already knows is for me apogeum of stress that just skyrocketed from calm morning to mad morning.. Okay, i pick up phone, and I hear that one client payed (using core system app) and got strange message, YES I KNOW, im working on it.. Wait, you say that core system gave them odd message??? I will check it out. Finally fixed postman, 3 requests and I know its bug on core system.
Why, why in the motherfucking blody world anyone would push critically bugged update to system that just sends api callbacks "yes, he payed" when someone didnt pay...
Fuck im stressed and pissed, but at same time reliefed its not my personal fuckup (yeah, I solo wrote that gate, but externally audited code and all they had to say that some cosmetic linting should be done)2 -
How come something works absolutely perfectly in dev but not in prod?
I was making a desktop app in election js and everything is working perfectly. No problem at all. But then I create the installer/distributable and nothing shows on the screen. And out of curiosity, I wanted to see the error log and it shows an unknown error, I didn't even know from what thing the error is being generated. And after I fixed that, another problem came with Asana Api. I mean, if it's a public API, why do you have to block it with cors? I hate cors!
And after all of it, there's more to it. I mean, why can't you just show the errors in dev?4 -
Ok so I have done some work with crypto currency mining pools and recently a client requested for me to make a splash page that showed data from multiple instances of these pools APIs. I went to find some documentation for this open source api and to my surprise there is none. I thought of querying the public API from the clients side and it worked, however it's so slow that the data shows up roughly 20 seconds after the page loads.
Easy fix right? Make a PHP server get the data every 5 seconds, cache it and serve the data with the page and use a websocket for live updates! Until I found out that there is no practical way in this garbage framework to get the damn API data without making an HTTP request or mutilating the original source code. I'm so done with this garbage framework. It literally loads pages based on a page and action parameter on the index.php. I quit.1 -
Here in my country banks doesn't have a public API to access your bank account extract, 3 years later we make some bots to extract these data to an API8
-
Instagram new API app submission models is a piece of crap ..
Mostly developers can not get applications approved ..
Public data should be accessible to developera -
For some reason I keep over engineering stuff to the point I spend 2 hours thinking the best way to do something. I'm making the backend for a project of mine and I wanted somewhat decent error handling and useful error responses. I won't go into detail here but let's say that in any other (oo) language it would be a no-brainer to do this with OOP inheritance, but Rust does OOP by composition (and there's no way to upcast traits and downcasting is hard). I ended up wasting so much time thinking of how to do something generic enough, easily extendable and that doesn't involve any boilerplate or repeated code with no success. What I didn't realize is that my API will not be public (in the sense that the API is not the service I offer), I'm the only one who needs to figure out why I got a 400 or a 403. There's no need to return a response stating exactly which field had a wrong value or exactly what resource had it's access denied to the user. I can just look at the error code, my documentation and the request I made to infer what caused the error. If that does not work I can always take a quick look at the source code of the server to see what went wrong. So In short I ended up thrashing all the refactoring I had done and stayed with my current solution for error-handling. I have found a few places that could use some improvement, but it's nothing compared to the whole revamp I was doing of the whole thing.
This is not the first time I over engineer stuff (and probably won't be the last). I think I do it in order to be future-proof. I make my code generic enough so in case any requirements change in the future I don't have to rewrite everything, but that adds no real value to my stuff since I'm always working solo, the projects aren't super big and a rewrite wouldn't take too long. In the end I just end up wasting time, sanity and keystrokes on stuff that will just slow down my development speed further down the road without generating any benefits.
Why am I like this? Oh well, I'm just glad I figured out this wasn't necessary before putting many hours of work into it. -
Here is a personal project I've been working on lately. It's not public, but just wanted to share. It's a custom chatbot I created using a LAMP stack. Its built on top of a framework called Program-O to handle the knowledgebase storage and processing along with some basic NLP. I added the web speech api functionality myself so it supports recognition as well as speech synthesis. Anyways, pretty proud of this one.7
-
Hello,
I have gone through all the options that your public API has for syncing data, and i can now officially say that stripping an iFrame of a Google Drive page would be better than the piece of shit mutation methods you have come up with.
Most sincerely,
A fucking annoyed dev that just wasted about 4 hrs on your shit. -
I'm trying to convert a legacy .NET Framework web api to .NET Core, the project and its supporting libraries are in awful conditions and to make things worse at a certain point someone has the genius idea of introducing Uncle Bob's "Clean" Architecture into a part of it so stuff which could simply look like this
public string doStuff(string input){
// Do the stuff
return output;
}
becomes a convoluted mess like this
public class StuffDoerRequest {
public string Input{get;set;}
}
public class StuffDoerResponse {
public string Output{get;set;}
}
public interface IStuffDoer {
public StuffDoerResponse Execute(StuffDoerRequest request);
}
public class StuffDoer {
public StuffDoerResponse Execute(StuffDoerRequest request) {
// Do the stuff
return new StuffDoerResponse() {
Output = actualFuckingOutput;
}
}
}
Edit: sorry for the lack of indentation, apparently DevRant trims leading whitespace7 -
Today I wrote a python messenger bot which listens to only one command;
get ip
It then replies with its public IP address. I figured this would be the easiest hotfix until I fix my dynamic DNS client.
Now thinking of it I could also make an "update domain" command for doing the API call, and then link the two with a loop and minute delay. Marvelous.4 -
Is there any documentation on what is public API or not?
@dfox or is reverse engineering the calls allowed?17 -
Yesterday, the Project Manager forwarded an email from a staff member who worked on a donations campaign. Staff member was confused about a Cloudflare challenge that appeared before the user was sent to the donation page. It’s a less than 5 second JavaScript check. He thought it looked fishy.
I had to explain that it’s a security measure that’s been up for almost a month. PM knows this but left it to me to explain because ownership of the site is on me. The donations page and api gets hit by a lot of bots because it’s a public api and there are no security measures like captchas to deter the bots. I’m inheriting this website and I didn’t build it.
Staff member says other staff want to know if the Cloudflare page can be customized so it looks more legit. Um, Cloudflare is a widely known legit service. Google it.
A few thoughts pop into my head:
1. Engineering communicated to stakeholders about the Cloudflare messaging a month ago.
2. Wow, stakeholders don’t share relevant info with their staff who aren’t on these emails.
3. Woooow, stakeholders and staff don’t look at the website that often.2 -
So there is this project of my firm that is comepletly dependant on Facebook api, I've actually told it many times to managers at first but they've just waved their hands over it.
Now what didn't happen. Facebook data leak and the api being taking down ..juust a week before the project going public.
Our app is still not reviewed and not able to access the so vital api and there are actually many similar projects getting published (even Facebook Local greatly rivals to our app, actually killing it because they have native data... And we don't have any. )
I told them again. "Nah we will have this and this feature that makes it soo exceptionall."
And you are sitting here thinking if the salary you have asked for is still good enough to stay or to run away.
(Well, I am still getting some coding experience from this so that's why I stay, and oh yeah I have the backend repo only for myslef because except the frontend dev no managers knows what git is. This is how freedom feels. )2 -
I love Mikrotik. Just fucking love them. I also love my residential fiber service. Small company. Synchronous 125M service. No caps. Bandwidth is always there.
BUT... They use PPPOE (seriously guys?), and the IP changes on *every single re-connect*. Also: no IPv6 support. I know. I don't need it. But I want it.
Enter DNSMadeEasy's DDNS, Hurricane Electric's 6to4 tunnel service, and my Routerboard AH100x4. I wrote a script that runs on the router whenever my IP changes. It updates my DDNS record, updates my 6to4 tunnel IP using HE's API, and updates my local 6to4 interface's IP.
It just works. My public IPv4 may change, but the /48 IPv6 networks on my LAN side stay fully routeable.4 -
Oh the joys of working with an Enterprise customer.
Background:
Discussion about service architecture with me, development architect (ArchDev) and integration architect (ArchInt). The topic arises of needing to access int. segment systems for a public facing cloud application.
Me: so we'll just need a s2s vpn and then we can just create a route and call the services normally.
ArchDev: sounds good to me, it will take a few months to get that set up
ArchInt: we done need that, we can just use the gateway and then route all the requests through the ESB.
Me: 😕 do you mean the service gateway?
ArchInt: (drops bomb) no, we decide that all API should be implement in ESB, so ESB will handle traffic
Me: *pauses, steps up to the whiteboard, does latency math* setting aside the fact that isn't how ESB's work, that will add at least 700ms latency to each request.
ArchInt: well that is fine for enterprise, things not usually as fast in enterprise you must expect slowdown to be safe
ArchDev: *starts updating resume on the ladders
Me: 💀🔫 -
TLDR;
Side project update.
Made simple nlp library in python and published it’s first version to open source.
Now I can feed it with parsed pdf text.
See rant https://devrant.com/rants/2192388/...
Why ?
Cause during reading book about nltk I couldn’t find simple extendible way to provide support for polish language and I wanted to abstract stemming, word normalization, tokenizer etc. so I can provide ex. different conditions for separate text files and don’t write much code what is an asset when you work solo.
It’s about 12GB of pdf public accessible law data I am trying to handle ( at first ) which is about 35000 files from last 90 years.
So far I automated downloading web pages and pdf documents from them. Extracting data from web pages and saving it to database. Extracting text from pdf files. I have about 5-6 projects to do all of it above maybe at the end I will put it to some workflow manager like Luigi or just run it by cronjob.
First thing for website version 1.0 part is find correlation between all documents inside law text using nlp library by building custom conditions. Then just generate directory structure and html files with links between documents.
Website version 2.0 is already in my mind but it will be creepy to make it and will take at least 1-2 months and I want to publish fast.
I have some pdfs with only images instead of text and tesseract worked quite good with them so maybe I will try to process them when everything go live.
Learned a lot about pdf as now I know that font in pdf is not always providing unicode characters ( stupid form of obfuscation) so when you extract text you need to build glyph vector to text map for every font.
Pdf is full vector representation - just like svg - what is logic if you think a bit and know that some printers are running using postscript.
Let’s hope next update will be about flutter mobile app which started all of shit above. It’s almost ready ( except getting data from api I am trying to do and logo for release version ). It’s last piece of puzzle.3 -
I think the following is all in my head, or I am heading towards an office rivalry situation between my tech lead and me.
characters :
me : a no nonsense android guy who is sometimes very blunt when requested for unwarranted demands. i am also realising that i have been a bit too arrogant, as i come up with a lot of counter questions too fast (not related to story tho)
tech lead : an android guy who has been android dev for a total of 4 years (same as me), 3 of them in current company and somehow got promoted to TL
story: I find this guy to be too much political, delegating a lazy bum, and i kinda called him out in public , once during a discussion where other folks were also kinda calling him out and another time when we were having a small meeting of 3 people. he in turn has taken some actions (like giving me a lower kpi, not giving me appropriate data for doing some work and then asking about it in public, casually ignoring my leave requests) which looks he is taking out a revenge.
at first time i called him out in a discussion where everyone was getting against his havit of giving buttery responses to his boss (who occasionally joins our standups) . he says "we are on track" while we are already dependent on him to provide data/decisions.
he then says to us to do it faster , and when the work does not get completed ( because how it could be, without him doing his job), he blames it on devs.
i called him out on a similar but different topic of him making last moment task additions when we are already on brim with our planned tasks.
on second time i called him out on him not looking into the current task enough as he was expecting me to take decisions on my own.
the decision was about how a screens ui will be populated and there was no api payload available that would match the ui . i created 2 mock api jsons which would appropriately load that screen but was not sure if the 2 apis would be enough for the screen and wondered whete some missing data will come from?
this task is a long one, nd i did took a decision, but he should had validated them to make sure we are on track. the issue came when i took some questions to him and instead of answering them , he blamed on me not being mature enough to work without the data!
All things aside, I am on my weary ends with thins guy. He is my boss and holds incredible powers over me, but he is incredibly incompetent and his habits of delay, delegation and blaming is making my work life worse. I don't wanna leave this job too, because as much as i hate it, its currently one of the major names in industries and giving a solid power to my resume -
Some people wanted to download their rants / comments. I'm working on it.
Three lines of native python code (no dependencies) to see what @Lensflare said:
from pprint import pp
from xmlrpc.client import ServerProxy
pp(ServerProxy("https://victoria.molodetz.nl/rpc").get_comments({'id':{'gt':42},'_limit':1337,'username':'Lensflare'}))
I think this gives example of possibilities enough. Use your fantasy on how to retrieve rants.
Limitations:
- Not whole dR is available yet, but way more than retrievable using the public dR API. This system uses the user website as source.
- It doesn't show rant_id or comment_id and it won't to prevent abuse. Later today, there will be away to attach rants comments.
- maximum 2500 record limit. But soon you can get comments for every rant per user. You won't reach this limit in normal usage
Have fun with it! Don't worry about the abusing the API. Everything is allowed. It's fast as F. If it doesn't respond - it wasn't you. I work on it and often reboot services and it takes some time to recover to state.
If you're not familiar with python, that's ok. Check if you're a decent dev and have python or python3 on your computer. Just execute it and paste the lines. Other way is to save these three limes to a file ending with .py and execute python3 [your-file].
Another example for people not used to python:
from pprint import pprint as pp # nice printing of values
client = ServerProxy("https://victoria.molodetz.nl/rpc")
comments = client.get_comments({'_limit':1337})
for comment in comments:
if comment.get('username','default username') == 'kiki':
print(comment.get('body'))
pp(comment)
Happy hacking!7 -
The positive side of EnvVars...
So a couple of weeks ago I moved all api keys and db passwords to environmental variables on the server so that I didn't have to keep worrying if I'm live in my test environment.
Earlier I shat myself after an apt-get upgrade broke php and apache somehow decided it's a great idea to serve all .php files as plain text. I was super relieved to find no confidential information (apart from logic) was made public. -
Worked from 09:00-00.00+ every day for 6 days straight, then for about 4 hours that Sunday (including over public holidays which were that week).
Clients agreed release date based on some interviews with publications, which meant the previous target date was moved up 2 weeks as they were pushing marketing for this new date.
Aside from having to implement a new 3rd party API which touched ~35% of the system there was a lot more that needed to be finished before release (including an entire user flow that was at the mercy of a 3rd party).
Safe to say I took a day or two off the week after. -
Hey where can I get access to the devrant API? GitHub readme said it isn't officially public yet but people are still using it. Just had a few for projects I wanted to try.2
-
Dear Instagram api, why do you need to review my app/client for displaying public posts by people? I mean people public-ed them.3
-
Create a nice documentation website for a library we have at work.
Complete with examples, public api, and search engine.
Then I can die happily. -
Hey devs, I'm working on a API for public because I'm bored, it's handy thing like an IP endpoint that says your IP, I'm looking for some more ideas so if you have things that are handy tell me and I implement them6
-
Today we picked an old (6 months old) iOS project back to add some features. We clone repo and run `pod install` to pull the dependencies.
There seems to be a bug with FBSDKCoreKit (facebook SDK) and the only solution is to delete the Podfile.lock
if we do this, it will pull the new version of every dependency, and the public API of each dependency is broken. Meaning we have to spend about 18 hours+ just to make this shit compile.
Fuck this shit!! -
Progress on my blog (incocast) goes smoothly, even implemented a basic rss feed. Currently the blog is Service Layer only (because I still have to create a front-end)
It might even be interesting to open some api calls to the public... I don't know yet.. Maybe..
Either way the next thing to implement is a commenting system! :) -
Welp. I think I witnessed a new job application hack. Someone listed my team’s general engineering email address for their Employee Referral.
That email address is listed publicly, but I’m pretty sure no one on my team told the applicant to list it as a referral contact. I suspect someone got the email from a Slack workspace. I had posted a job listing, in a threaded comment someone had complimented my employer’s public API, and I shared our engineering email and said we’d love to see what he builds.
It looks like someone else from that Slack saw this and decided to list the engineering email as an employee referral. I get that employee referral can mean different things to different people and it might be someone who’s new to job searching and doesn’t know better.
For my employer’s online application, an employee referral requires a name and email address for the employee. I’m curious what the applicant listed for the employee referrer’s name. Wonder if it was my name. If it is, guess I have to give my manager a heads up and tell him that I do not know this applicant.
This occurrence is a new one for me and I don’t think it’s happened to us before. And it’s not really a good tactic to get a resume read at my workplace. Where I work, my manger reviews the resumes and tells HR who he wants to set up calls with. It’s not HR or an ATS that screens resumes and sends them to my manager. -
My friend said I should make some of my old dead projects public (after removing passwords or api keys) even if they were badly done at least to show growth and development to recruiters.
I don't know though, I had a ton of random projects most I didn't bother with good practices assuming I'd be the only person to see the code, or telling myself I'd fix it later though eventually letting the project die for various reasons
should I really make bad projects public or should I keep them private waiting for a slim possibility of me reviving them.4 -
So I've been fiddling around a bit with Minecraft mod packs lately, and I've noticed two things. A. there seems to be no good mod pack launcher/manager and B. Curse Forge sucks and has no public API. Corporate bullshit with FTB and Overwolf... So I've been thinking about building a modding platform and making it open source and accessible for everyone. So a few questions for the ones of you who have done modding, or are just interested:
- Is there already a good platform?
- Would it be feasible with mod pack licences and what not
- Would the modding community welcome another platform?
- Is there a good launcher to integrate with?9 -
Still as a scholar who has had his intership I decided that I was finally confident enough in my ability to apply for a small part-time programming job. I had an internship at a cool exhausting place with tons of expertise and I've proven myselve over there. So now I wanted a job on the side. Nothing special, just something that would make a little money with programming instead of washing dishes at the restaurant.
So I started at this small internet based startup (2 or 3 progammers) as a backend-oriented programmer. The working hours were amazingly compatible with my school schedule.
The lead dev also sounded like a smart guy. He had worked as a backend guy for years and had code running on verry critical public infrastructure that if it were to fail we'd be evacuated from our homes.
As a first asignment I got an isolated task to make an importer for some kind of file format that needed integration. So I asked for access to the code. I didn't get it since they were going to re-do the entire backend based on the code I wrote. I just needed to parse the file in a usable object structure. So I found out that the file format was horrible and made a quite nice set of objects that were nice. At the end of the first week or so I asked if I could get access to the code again, so I could integrate it. Answer was no. The lead dev would do that. I could however get access to my private repository.
Next week a new intern was taken to build a multiplatform responsive app. Only downside was that all the stuff he had ever done was php based websites. It wasn't going anywhere anytime soon, but I figured that that was where internships were for. So I ended up helping him a lot and taught him some concepts of OOP and S.O.L.I.D. and the occasional 30 minute rants of IndexOutOfRangeException, ArgumentException and such.
So one day he asked me how to parse a json string and retrieve a specific field out of it.
I gave him something like the following to start with:
"
JObject json;
if(!JObject.TryParse(jsonString, out json))
{
//handle error
}
string value;
if(!json.tryget("foo", out value).../// code continues
"
but then the main dev stepped in and proposed the following since it wouldn't crash on an API change:
"
dynamic json = new JObject(jsonString);
string value = json.myJsonValue;
"
After me trying to explain to him that this was a bad choise for about 15 minutes because of all kinds of reasons I just gave up. I was verry mad that this young boy was forced to use bad programming pracises while he was clearly still learning. I know I shouldn't pick up certain practises. But that boy didn't.
Almost everytime the main dev was at the office I had such a mindboggling experience.
After that I got a new assignment.
I had to write another xml file format parser.
Of course I couldn't have any access to our current code because... it was unnecesary. We were going to use my code as a total replacement for the backend again.
And for some reason classes generated from XSD weren't clear enough so after carefull research I literally wrapped xsd generated code in equivalent classes.
At that moment, I realized I made some code that was totally useless since it wasn't compatible with any form of their API or any of the other backend code. (I haven't seen their API. I didn't have access to the source.) And since I could've just pushed them generated XSD's that would've produced thesame datastructure I felt like I was a cheat. I also didn't like that I wasn't allowed to install even the most basic tooling. (git client or, Ide refactoring plugins, spelling checker etc...)
Now I was also told that I couldn't discuss issues with the new guy anymore since it was a waste of my valuable time, and they were afraid that I taught him wrong concepts.
This was the time that my first paycheck came in so I quitted my job.
I haven't seen any of the features that I've worked on. :) -
Public reset API for every online food service?
That would be a great idea, if you consider running a cronjob every day witch randomly selects items form your FavoriteFoodArray.1 -
Just discovered a public API that support perpage parameter.
Immediately try 99999
And……… it works!
Getting everything in one go!
Good dev on the other side -
So this week should be interesting. I am working on a (potentially) very large project for my current client and need to build a service that somewhat replicates the functionality of heroku (in that it needs to be able to load an app built in one of several languages, and spin it up in a docker container).
Unlike Heroku, however, each application also needs to be able to have a list of public and private (internal only) API routes listed and be able to dynamically route requests to the correct routes on in those containers. (Sorry if this is confusing)
Does this sound challenging and amazing? Absolutely! Do I think I may be in over my head? Yes, yes I do.
Has anyone ever built or worked with something similar?1 -
I've been working for so long with API integrations and one part of that is security. We perform ssl key exchanges for 2-way verification and a large percent of those partners provides me with their own pkcs12 file which contains their private and public keys! What's the sense of the exchange!? I think they just implement it just to boast that they "know" how ssl works,
-
Recently, Apple rolled out Push Notifications for PWA websites as a beta feature on iOS 16.4 devices. And let me tell you, it's a game-changer! But, when a client asked me to implement push notifications for their iOS users via web and service worker, I knew it wouldn't be a walk in the park.
Why, you ask? Well, their backend code base was written in Plain F*cking Vanilla PHP, which felt like I had time-traveled back to the 1980s! Plus, since the ios web push feature is still in its early stages, there were hardly any resources to guide me through the process of sending push notifications to Apple WebPush API using plain php.
Despite the obstacles, I managed to successfully send notifications to Mozilla and Google Chrome users. But Safari? Not so much. The client needed the task done within 24 hours, but due to delays, it ended up taking me three days to figure out the kinks. In the end, I had to refund the client, but I'm not one to give up easily.
In fact, I've created a public GitHub repo for a Quotes App in Flutter (https://github.com/GiddyNaya/...) that can send PN to iOS users via web. I'm diving down the rabbit hole to figure out how to make it work seamlessly, and I won't stop until I've cracked the code. Wish me luck!15 -
i am feeling angry and frustrated. not sure if it's a person ,or codebase or this bloody job. i have been into the company for 8 months and i feel like someone taking a lot of load while not getting enough team support to do it or any appreciation if i do it right.
i am not a senior by designation, but i do think my manager and my seniors have got their work easy when they see my work . like for eg, if on first release, they told me that i have to update unit tests and documentation, then on every subsequent release i did them by default and mentioning that with a small tick .
but they sure as hell don't make my work easy for me. their codebase is shitty and they don't give me KT, rather expect me to read everything on my own, understand on my own and then do everything on my own, then raise a pr , then merge that pr (once reviewed) , then create a release, then update the docs and finally publish the release and send the notification to the team
well fine, as a beginner dev, i think that's a good exercise, but if not in the coding step, their intervention would be needed in other steps like reviewing merging and releasing. but for those steps they again cause unnecessary delay. my senior is so shitty guy, he will just reply to any of my message after 2-3 hours
and his pr review process is also frustrating. he will keep me on call while reviewing each and every file of my pr and then suggest changes. that's good i guess, but why tf do you need to suggest something every fucking time? if i am doing such a shitty coding that you want me to redo some approach that i thought was correct , why don't you intervene beforehand? when i was messaging you for advice and when you ignored me for 3 hours? another eg : check my comment on root's rant https://devrant.com/rants/5845126/ (am talking about my tl there but he's also similar)
the tasks they give are also very frustrating. i am an android dev by profession, my previous company was a b2c edtech app that used kotlin, java11, a proper hierarchy and other latest Android advancements.
this company's main Android product is a java sdk that other android apps uses. the java code is verbose , repetitive and with a messed up architecture. for one api, the client is able to attach a listener to some service that is 4 layers down the hierarchy , while got other api, the client provides a listener which is kept as a weak reference while internal listeners come back with the values and update this weak reference . neither my team lead nor my seniors have been able to answer about logic for seperation among various files/classes/internal classes and unnecessary division of code makes me puke.
so by now you might have an idea of my situation: ugly codebase, unavailable/ignorant codeowners (my sr and TL) and tight deadlines.
but i haven't told you about the tasks, coz they get even more shittier
- in addition to adding features/ maintaining this horrible codebase , i would sometimes get task to fix queries by client . note that we have tons of customer representatives that would easily get those stupid queries resolced if they did their job correctly
- we also have hybrid and 3rd party sdks like react, flutter etc in total 7 hybrid sdks which uses this Android library as a dependency and have a wrapper written on its public facing apis in an equally horrible code style. that i have to maintain. i did not got much time/kt to learn these techs, but once my sr. half heartedly explained the code and now every thing about those awful sdls is my responsibility. thank god they don't give me the ios and web SDK too
- the worst is the shitty user side docs. I don't know what shit is going there, but we got like 4 people in the docs team and they are supposed to maintain the documentation of sdk, client side. however they have rasied 20 tickets about 20 pages for me to add more stuff there. like what are you guys supposed to do? we create the changelog, release notes , comments in pr , comments in codebase , test cases, test scenarios, fucking working sample apps and their code bases... then why tf are we supposed to do the documentation on an html based website too?? can't you just have a basic knowledge of running the sample, reading the docs and understand what is going around? do i need to be a master of english too in addition to being a frustrated coder?
just.... fml -
So I'm new to NestJS, Node, etc. and I just noticed that the guy working on the API made every request call a different service class, instead of using a single service class. For example.
get() {
return await this.getObj.run()
}
post(myDto){
return await this.storeObj.run()
}
update(myDtoUpdate){
return await this.updateObj.run()
}
And I'm not sure why. He's also injecting the request into those classes, instead of passing the DTO to the method call. I mean, it's still injecting the data into it I guess, but it seems so roundabout. Something like this:
public constructor(
@Inject(REQUEST) private request: Request,
){}
I'm scared, but I'm not sure if it's just my own ignorance or a sixth sense telling me that this is gonna be a mess.
Have you seen APIs implemented this way? I can see the benefit of dividing the code into smaller classes, but it just seems overkill to me, specially when there's a big chance that code will be repeated (getting an entity by ID when updating it, for example).
I'm still in time to kill this with fire before a new monster is born though, so that's something.1 -
How do i show a profile pic from s3 bucket?
One way is to fetch it from backend and send it to frontend as a huge blob string. This is how i made it currently and it works.
.... what if i want to frequently get the profile image? Am i supposed to send a separate API request to the backend every time? What if I need to show the profile picture 100 times then that means I will have to send 100 requests to the backend API?
...... or even worse, what if I need to fetch a list of images from the S3 bucket for example, a list of posts that contain images or a card with the list of profile images of multiple users? If I need to display 100 posts, each post containing one image, That means I would have to separately call 100 API request to fetch 100 images…
That is fucking absurd.
Of course I can make it so that it saves that URL to that image as a public setting but the problem is the URL will be the exact URL to the S3 bucket, including the bucket name, the path and the file name as well as the user information such as the user ID. this feels like it is a huge security risk
What the fuck am I supposed to do and how am I supposed to properly handle display images which are supposed to be viewed publicly?20 -
Do you guys remember a few days ago that I was looking for someone with certain email address because he didn't receive his email because HE had an insecure mail server? I was sad, because I love new members. While my site has everything public, even api urls to api services without any auth, email confirmation off, hardcoded links to internal servers like retoor42 in repositories, still someone managed to think he hacked me: https://retoor.molodetz.nl/hi/.... That guy! Ironically I went even looking for him to give him credentials! Listing all members of my site is even possible because I have literally right under in my site a link to the most advanced api ever where you can list everything the site contains THAT I ALLOW YOU TOO. That hacker says "magic". I have the url to that "magic" literally on every page Einstein.
Don't let that guy found out what you can do with api.molodetz.nl without any protection..
Dear lord. It's probably the most public site with no secrets ever.
Also, the server runs with a small password and it's a pwned password. Ssh is on port 22. No security measurements are taken.
I can assure you, I know security and worked on cloud shit for three years at one of Dutch biggest cloud provides, kinda aws.
You won't be able to do anything I don't want you to with causing big damage.
Dear lord.3 -
Hey guys, I'm looking for some feedback for a new website I launched socialfeedapi.com. It provides quick and easy API access to any Instagram media feed (for any public username or hashtag). Is this something that you guys think will be useful in the dev world? Is it just me, or has anyone here tried to gain access to an Instagram feed and was frustrated in doing so? Thanks in advance!7
-
Hello devrant people.. I have joined today. I am a software QA and I like to create little web applications by self learning. I like to use rest API which are free and public.4
-
in apple's blog they explained why they don't want a `protected` in swift:
https://developer.apple.com/swift/...
> It doesn’t actually offer any real protection, since a subclass can always expose “protected” API through a new public method or property."
Isn't the same thinking applies to `internal` keyword as well? Yet they allow `internal` to be there as default modifier for `class` in a package. Also I don't think `protected` is for the sole purpose of "protection", but for the cleanliness of externally visible interface, some methods are just useless to be exposed and will confuse the consumer if they don't understand internally how the class works. So it doesn't have to be 100% securely `protected` (arguably the term `protected` is a poor choice tho).
but hey, it is apple, being opinionated doesn't surprise me.6 -
Fucking taiga wasting my day.
Client asked to set up a private taiga (taiga.io, some open source Jira alternative).
All goes fine and dandy until you need to link domain user creation to taiga user creation.
Seems I have to choose between having public registration (allows to programmatically create users, but also randoms to sign up) or use their private registry API that asks for a fucking token that is supposed to be returned from their membership/invitation API, that, guess what, doesn't return any bloody token. You can only get the token on the Django admin control panel.
Guess I'll have to end setting up LDAP or integrating with their existing gitlab, but this gig is already starting to smell, and we are close to the weekend 😡1 -
If someone tries using "multipart/form-data" as only content type for their PUBLIC API ENDPOINTS again I am going to find them and choke them to death.
And if your documentation says you are using something else (application/x-www-form-urlencoded) I am doing it twice.
JSON apis should be standard.
EDIT: I had to fire up BurpSuite proxy, after almost an hour I accidentally switched the body type - voilà1 -
Mexico just got for a big earthquake and people is organizing a lots of ways to help.
> Some guys started a webpage and they are adding useful information and data for the people. They create a repo on GitHub to improve information.
> Mexican devs start discussing which technology is better for solving imaginary problems about escalate the servers, concurrency, creating a CMS, creating a public API, tokens for publishing the API... Instead of using something quick like firebase or some Trello to just publish info.1 -
So, need to secure some requests.
I decided on going passwordless on the website but I want to have an API too.
I am reviewing auth0.
I am also not sure if I can secure the same endpoints as private and public differently, so the private is used by the backend with no auth and the public with auth.
Wold you guys help me with some reading material?2 -
Does anyone know a public API to test basic authentication other than github that return a token when the submission is successful1
-
I'm trying out some stuff I read. I have rich domain models with private fields. In order to create EF core entities my domain models create snapshots with public properties.
So 3 models - domain, snapshot, entity.
Now I am thinking about introducing a fourth for the API.
This seems mental and that I have misunderstood something. Automapper might help clean this up.