ssh -o ServerAliveInterval=30 user@host

@fruitfcker core 🙅

I like nginx

@JsonBoa aye, I indeed mixed them 😬

I feel your pain, they always want cheap resources (as in people) to produce a fast, good quality and reliable output with minimal resources. I worked in a company that would outsource recaptcha's resolution to Indians paying (to the companies, God knows how much each person would get on their end) as little as 2-3 USD per 1000 successful resolutions (each resolution used to take 40 seconds on average). The CEO would go mad every time the service started to fail...

@hardCoding I don't get how would they use these terms for anything other than some kind of, perhaps unintended, discrimination. These terms were coined to distinguish between Allies (1st world - USA, EU and their allies), Axis (2nd world - Soviet Union, China and their friends) and neutral (3rd world) countries during the World War 2.

I'm on holidays for two weeks now and my soccer team just won a championship, the last thing I'm thinking atm is IT stuff 😂

Contractors are just people like you and me that our companies need as they themselves can't fill their open positions. So, I wouldn't be bothered 😁

I've been developing my own authentication system, following the best security practices and most, if not all, of them blame the unique session approach...

My authentication system, in a simplified explanation, have the following concepts:

Activity - object that represents user actions (login for example), containing a random id, a description, IP address and some other metadata.

Authenticator - object that represents the user session, containing a random id, a user and an activity)

Given a USER, then I'm able to find his last login ACTIVITIES and when either the user or me (as the system) wants to logout any or all sessions (AUTHENTICATORS), then we just need to specify which one we want.

The authenticator is cached (encrypted at rest) on Redis for the expiration time which is very short and every so often the user needs to renew it's session. The JWT token holds the authenticator id, activity id and user id.

Stateful sessions may be and are good if done properly.

@NoMad cool! I'm thinking of going there soon, but I don't know if it's worth being surrounded by Germans tho 😂

@NoMad which country are you in btw? I got mine last week and took about 3 weeks or so to be delivered (Portugal)

Never happens, but if you do play on the safer side, they would be like "bruh 👁️👄👁️"

@nomad have you got your residence permit card already?

I see no big problem as it's still git, you can just mirror your code to as many git servers as you want, therefore it's still decentralised by definition, it's just a matter of you taking action or not.

You should've recorded the demo one day before so you could've presented it as a backup in cases like described. We always do this, despite live demoing.

That's reasonably too as the user might be saying the file is a picture but it's a malicious PHP shell instead (just an example). Ensuring the uploaded file type is correct is important to prevent undesired garbage/threats in...

Edit: also, they don't need to open your files, there are many ways (standard ones) in which they can just read some bytes and guess the file type...

Too specific. Do you wanna me to be your friend?

Getting my hands dirty with every task from the rest of the team for a couple of sprints as the other guys were too overwhelmed and afraid of the size of the company and the amount of microservices. I was as well, but getting frozen with fear is not my cup of tea and I think this might have helped them being a little less insecure

Note: I'm the least experienced of the entire team

Implicitly saying you've been banned forever

I made and gave rights to my employer in exchange of turning it open source, so I could work on it during work time instead of waiting all day long to play with it. Now I'm planning into turning it into a full SaaS with the company I work for as co-owner, but I need to talk to them first.

When will we start getting money?

Let's get together on THE plan!

I was going to say Terminator (it does everything you want) until you've said "Windows".

Good luck!

@Oktokolo it's worse than that, I'm talking about a SaaS provider well known in its market niche and the unprotected services only require you to know the exact HTTP headers to let you in (not that hard to guess), so security by obscurity is a core principle for them. Also users can see each others data if they know the exact ID of any task (date + 5! possible combination of alphanumeric characters) and so on... 🤧😵

This shit is so common, I won't name the company I know that all services are unprotected because they think all requests will be coming only from their API Gateway and think that if the users don't know their API ports and endpoints, then a leak ain't gonna happen 🧐🤐

It annoys me everyday at my company, everything for they is urgent, so must be prioritized and they get angry when the time estimation fails because of context switch.

I like to say whenever I can that when everything is urgent, nothing is really urgent. 🤷‍♂️

@FinlayDaG33k I mean the keymap. There's even a VSCode keymap available.

You can always change it to be like your favourite IDE. It's a built-in feature and the first thing I do when installing (I love Eclipse's shortcuts)

I really like YouTube music. Maybe you're just... too biased.

Why not search in books instead of Google?