Spring Security: basic auth custom message passing
I don't like Spring Security. Nevertheless, it's what I'm using for an application, so I had to learn more about it than I cared for. Let me describe my scenario, and my wishes.Using basic authentication means sending some sort of authentication token up to the server with each request. This has some downsides, notably sending the password in the clear (it doesn't matter if it's base-64 encoded) every request. While yes sending a session cookie or some other identifier has the same risk of being sniffed in the network, at least when someone hijacks your session they don't also know your password that you might use for other services. This is why sites should ask for the old password before letting you change to a new one.
I wanted to bypass sending the password, and instead pass a UUID. I'm also sending a hashed version of the password (just for the first login request) and its salt, by first hashing it in the same way the server hashes new passwords and letting the server hash the stored database hash with the sent salt and compare with the double-hashed password. I need the UUID because I want unique, persistent database connections for each session rather than each user. The application I'm working on allows for a user to be logged in from multiple places, indeed possibly from multiple users, and I want a separate, distinct DB connection for each of them even if they are using the same database username.
See Full Post and Comments
Poor Japanese
I included the second image because, hey, explosions and floods look awesome, but it's important to remember that they unfortunately are often accompanied by death and suffering. Now, looking at the poor Japanese, I still think: yet 1.8 people die every second. People will forget in a week. This is why I think it's important to remember the simple statistic of 1.8 people dying every second, because it's something easy to remember, and it will keep you fighting for humanity in general rather than splurging a couple bucks of donation to the Japanese (that will probably just end up in the pockets of Japanese corporations) and feeling good about yourself for the year.
If you're planning on donating to the Japanese, whose loss and suffering is no doubt great, and some poor people could definitely use some money, consider donating to the Singularity Institute instead. You can wave it off as sci-fi all you like, just remember how much of our current technology was sci-fi not too long ago. The SIAI exists for the purpose of building a Friendly Artificial General Intelligence, one that can improve itself and become smarter. If it is capable, but does not stop these tsunamis from harming anything, it is not Friendly. If it is incapable, it is not intelligent. We could stop these things from happening, if we were a little bit smarter, or if we had more time with the problem. The SIAI aims to build an AI that would stop such disasters from harming anyone, pointing out a potential bad AI points out a failure mode for them, it does not argue against any of the possible benefits of a Friendly AI.
See Full Post and Comments
Simple abstraction
Abstraction is good. Say you're given the following task: write a script to take in five integers as input, add them together, and print the result. A naive implementation would look like this:
n1 = raw_input('Enter number: ')
n1 = int(n1)
n2 = raw_input('Enter number: ')
n2 = int(n2)
n3 = raw_input('Enter number: ')
n3 = int(n3)
n4 = raw_input('Enter number: ')
n4 = int(n4)
n5 = raw_input('Enter number: ')
n5 = int(n5)
total = n1 + n2 + n3 + n4 + n5
print total
Now, this certainly gets the job done, and if you're new enough that you can't conceive of better abstractions to make the work load a lot less, this will suffice for a first shot allowing you to continue work on launching your product... If you're writing software for a company that's not giant, the first job should be making something that works, the second job is making it work efficiently/elegantly/maintainable. While I'm working I have to stop myself from premature abstraction that I didn't see until I was done with a naive approach. I'll get the obvious things, sure, but a few times I've seen abstractions for the entire code base that I was only allowing myself to do later, not at the moment I saw them.
See Full Post and Comments
Mesh Current Method
Suppose you are given this circuit topology:
What is the power dissipated by the 1 k-ohm resistor in the center?
See Full Post and Comments
You are being hit by a bat
I'll begin with a quote from Douglas Adams:Imagine a puddle waking up one morning and thinking, "This is an interesting world I find myself in, an interesting hole I find myself in, fits me rather neatly, doesn't it? In fact it fits me staggeringly well, must have been made to have me in it!" This is such a powerful idea that as the sun rises in the sky and the air heats up and as, gradually, the puddle gets smaller and smaller, it's still frantically hanging on to the notion that everything's going to be alright, because this world was meant to have him in it, was built to have him in it; so the moment he disappears catches him rather by surprise. I think this may be something we need to be on the watch out for.
I encourage you to read the quote again and think on it.
See Full Post and Comments
Why you'll never see real government-mandated safety or public automation for cars
I've got an idea that I'll share that I'd like to try and bring to the market sometime in the next few months. Basically, it's a series of IR sensors you attach to the exterior of your car (via magnetism or something sticky) and they wirelessly send a signal to a controller inside that will make a buzzer go off if a sensor detects something too close. I hate backing out of parking stalls and not being sure how much room I have left behind me, and I don't want to wait until I hit someone's car before I find out, so I often find myself doing a few reverse-forward-reverse-forward cycles before being on my way. Rear-view cameras solve this problem too but are expensive.Anyway, I was thinking "The government already mandates basic safety and pollution requirements for cars, why don't they mandate real safety like forcing a max speed through the radio?" Almost every car has an antenna, it seems like through the use of cell blocks or radio waves or something the government could easily send out a signal to cars in a certain area that they cannot exceed speed X and force manufacturers to install the limiting device. After a few years of improvements that can even lead to fully automated cars. For older cars, do the same they did with the recent digital shift in television: give out free vouchers for the mechanism to limit your car's speed.
What about people that disable the mechanism? If you catch them speeding, you criminalize them with some high punishment (more than current speeding tickets do). Problem solved. This also helps the police by enabling them with tools to override a radio signal and stop a car they're after, since most runners aren't hardened criminals that would have previously disabled the device.
See Full Post and Comments
My rule for getting help
Fairly often I'll run across a problem that doesn't stump me, per se, but is challenging enough that I can't solve it very quickly and my usual approaches to solving problems are failing me. When even descending into the dreaded shotgun testing method (the last resort of a desperate man...) fails, I know it's time to get help. But I have a rule for getting help before then: did I think it would take me less than thirty minutes, and has it taken me longer than 45 minutes? If so, I implement a two-step process: post a help message somewhere (Stack Overflow, a mailing list, an email, a bug case), but then the most important step: keep working on the problem. When others are helping you with the problem too, that doesn't mean you sit on your hands and wait for them. (I've seen this happen a lot.) At the very least pretend the problem is solved and move on to the next step.The second step is so important because very frequently I find myself solving the problem quite soon after posting my help message.
I have a simple theory for why this is so: writing out the help message lets you focus your mind on what you already know about the problem, plus when writing the message (if you've done it more than once anyway) you know it's good etiquette and you're more likely to get an answer if you generalize the problem to a less-specific case. A potential helper doesn't need to know your login checking query if your problem is handling a failed login on the client side, so you leave that out of your summary. In addition, you're taking a break from actively attempting to solve the problem, but not letting the problem escape your brain's local cache like it might if you go take a walk.
See Full Post and Comments
Recent Posts
2025-03-15
2025-03-03
2025-02-13
2025-01-14
2025-01-10