Rant of the day: Chrome and HTTP Authentication

by Viktor Hansson on 17 August 2015, 19:25

Tags: rotd, http auth

I'm developing a REST API right now and am at the stage where I need to implement user authentication to restrict endpoints that mutate data. Anyway this is the exact same thing one of my main tasks at work are, however in that product we have OAuth and some fancy other stuff which I don't plan on implementing.

Anyways, for the api I though at first I would use Digest auth, but never having used it I had no idea of how it worked. A few minutes later I had a hello world api using Digest auth using the library flask-httpauth. What was extremely weird however was that sometimes it worked, but most of the time it just returned 401 regardless of how correct the login data was. I tried it first using postman. No luck. Then using curl. No luck. Then using chrome. Some luck. It worked one time. Then I opened the api in an incognito tab and it completely stopped working.

So I thought, hey fuck that shit, just use basic auth over HTTPS, almost or completely as secure. And then I ran into the same problem I've had at work. Despite HTTP auth being completely stateless, i.e the Authorization header must be provided for every request, Chrome thinks its a good idea to store this information and send it automatically. Which I can surely see the merit in, since you don't have to provide it for every page load. The problem however is that its impossible to clear this information. Clear the cookis. No luck. Clear the history. No luck. The only way (unreliable) is to exit chrome, and to even suggest this as a solution is definitive proof that you're a complete idiot. There is one other way which is somewhat more convenient, to use an incognito window. The problem however is that this is information that should be erasable upon demand, without jumping through hoops. And as usual the devs just flip everyone the finger and says "low priority". Since 2011 to present day. 
Rant of the day:Microsoft

by Viktor Hansson on 01 June 2015, 20:01

Tags: rotd

Time for a new rotd.This one is directed to the company that makes me want to go live in the woods without electricity. M$. How I dispise every single thing this evil company stands for (with one exception).

It feels like everything they ever do is just to ruin everything and make it as bad as it could possible be. A few examples I though of while waiting for VS 2013 to uninstall:
  1. Windows can't display PDFs
  2. Windows image viewer disregards any rotation flags in images
  3. Windows can't mount ISOs
  4. Windows can't have multiple taskbars
  5. Windows can't select audio sink per application
  6. Windows *very* often crashes/locks up when cancelling any action.
  7. VS 2013 took over 30 minutes to uninstall.
Now I know that some of these problems can be fixed with third party, virus ridden applications, but the point is that for a modern operating system, this should not be neccessary.

And don't get me started on Skype... Skype... If I tried my hardest, I am not positive that I could have ruined a once great application such as skype more than what m$ has done to it.

I litteraly can't even.
Rant of the Day: Update

by Viktor Hansson on 10 October 2014, 13:45

Tags: rotd rant

My friend from #thebasement on freenode pointed out to me that I hadn't ranted since september 24:th and wondered why that was. And the only answer that I can give is that I have not really ventured into any new areas lately. While I do have annoyances with some things still, like hard to use frameworks or products like thethingsystem, to VMWare web console. Ok I haven't really thought of writing anything about these things :P

Well I have no idea what this post is even about but I thought that it is just nice to have some more posts on ones blog, as well as somewhat more interesting for any potential readers.

So thats it for this week probably, tomorrow I'm going to the Retro game convention here in Malmö.
Rant of the Day: Couchbase caching

by Viktor Hansson on 24 September 2014, 14:45

Tags: rotd rant

So here comes my second rant of the day(a few days late).

For the project I'm working on now we are using something called couchbase to store stuff. It works sort of like a database, but not really. Before I get into the rant let me just explain a little bit about couchbase.

There are three fundamental parts to couchbase: buckets, documents and views. Buckets can be compared to tables in a MySQL database (functionality-wise). Except that you don't/can't specify columns. A bucket is just a collection of docuements. Documents are where data is actually stored. And from my understanding a document is in fact just a key-value entry. The name of the document is the key and the value is the data itself. I think the data can be any form of data, but mostly it's a json object or a blob. And then finally there are views. I haven't really figured out how these views work but I have only used them as sort of an API for documents in a given bucket. You can create a view in which some javascript is run to fetch the correct data.

But the problem is that to improve performance (because all the features of couchbase instinctively seem very bad in that regard) it utilizes caching and indexing. And you as a user have no say in this caching whatsoever. You can't force it the flush the cache. You can't force it to reindex the views(because they're not executed when the request comes in, rather they're executed once and then it just fetches the result based on the parameters, I think). So even if you restart the webserver and the couchbase server, you still see very old data be returned. This can of course be good in a production environment where the data doesn't change often. But it's real tedious having to jump through hoops for every iteration during development.

Don't use couchbase.
Rant of the day: Java debugging

by Aidenir on 19 September 2014, 13:50

Tags: rotd rant

Hi all!
Time for a short rant concerning my current problem with debugging Java code.

You see, I come from a background of almost exclusively C++ development and have recently been thrown into a rather large scale Java project. Since my previous experience of Java consists of two quite simple Android apps, I have never had to debug much Java code. 

As I understand the way Java is debugged, the debugger is just connected to the virtual environment the code is run in, pretty much whenever, wherever. This part I love, its really simple to get up and running. However then comes the next part: actually debugging the code in your project.

And the philosophy of Java (in my opinion at least) is that nothing, NOTHING, should ever be done twice. Whatever you wish to implement, you can find in some library or framework. And to keep the number of lines of code down you get all these smart things like annotations (and Apache Camel routes), which means that you never actually call your own functions. Everything is done through some framework, rendering the callstack in the debugger completely useless. So when you're thrown into a project where you have no idea what anything does, it's almost impossible to get a good understanding of the flow of the code. This of course means bugs. Unsolvable bugs...

Thats it for this first installment of my Rant Of The Day series.
See you (probably tomorrow).
1 2

Older

About Me

This is my personal blog where I might write some interesting stuff. I have some examples of 3D javascript/webgl things in the works which should be done in the comming months, so be sure to return somewhat regularely.

Featured

Internet Cryptography Series

See also...

Blankycan
Terali
Andréas Söderberg