|
Thread Rules
1. This is not a "do my homework for me" thread. If you have specific questions, ask, but don't post an assignment or homework problem and expect an exact solution.
2. No recruiting for your cockamamie projects (you won't replace facebook with 3 dudes you found on the internet and $20)
3. If you can't articulate why a language is bad, don't start slinging shit about it. Just remember that nothing is worse than making CSS IE6 compatible.
4. Use [code] tags to format code blocks. |
On January 05 2018 06:48 sc-darkness wrote:
Well, you can always get someone better. What's the problem to train someone and offer them slightly lower salary at the beginning? You can't always employ fully experienced people (well, you can but at some point you'll run out of people). In my opinion, that's pretty much profit only and not much investment (full capitalism).
Remember that people need to grow their career after all. They're not born fully educated, fully experienced, etc.
IT industry always complains there aren't enough software developers. How can there be enough if they're not willing to train people when needed? If you enjoy a company but they expect too much, can't you be told to learn a bit while on a lower salary?
Some companies do do that. My place has (or at least had?) a program where people who barely didn't make the cut and are very junior can go through like a 6-12 mo not-quite-internship dealy. Not an internship cus they get health insurance and shit, but no guarantee of a job at the end if you don't improve a lot.
But that takes a lot of overhead for the company, so smaller shops might not be able to do that. Also then there's a lot more people who don't make the cut for either...
|
My app relies on people entering their ethereum address and private key, currently by text field. This is obviously prone to typing errors, particularly since the private key is a password text field(asterisks to replace characters). On mobile it is especially bad. Does anyone know of a better way to get users to input their private key? I can use MetaMask QR code for their address, but that doesn't include their private key.
|
On January 07 2018 03:18 phar wrote:Show nested quote +On January 05 2018 06:48 sc-darkness wrote:
Well, you can always get someone better. What's the problem to train someone and offer them slightly lower salary at the beginning? You can't always employ fully experienced people (well, you can but at some point you'll run out of people). In my opinion, that's pretty much profit only and not much investment (full capitalism).
Remember that people need to grow their career after all. They're not born fully educated, fully experienced, etc.
IT industry always complains there aren't enough software developers. How can there be enough if they're not willing to train people when needed? If you enjoy a company but they expect too much, can't you be told to learn a bit while on a lower salary? Some companies do do that. My place has (or at least had?) a program where people who barely didn't make the cut and are very junior can go through like a 6-12 mo not-quite-internship dealy. Not an internship cus they get health insurance and shit, but no guarantee of a job at the end if you don't improve a lot. But that takes a lot of overhead for the company, so smaller shops might not be able to do that. Also then there's a lot more people who don't make the cut for either...
Well, I'm not a junior software engineer exactly (slightly over 3 years of experience), but my current job doesn't involve much use of algorithms. Now I'm applying for new jobs and they ask for algorithms which is my weakness in comparison to knowledge about C++, OOP, design patterns, software principles and things like that. I've begun reading about algorithms and I want to learn more about them outside what I've studied so far, and I want to improve my maths even more, but the problem is companies out there are so quick to reject you if you just fail one component like algorithms. Yes, it's an important one, but my previous post suggested they could offer lower salary in favour of some training. Not exactly a junior role but should be ok for both parties if there is time.
Also, the above suggestion solves or helps solve the problem of IT industry which always complain about lack of candidates. They should stop going full capitalism and start investing in some training/education if they want more people.
|
On January 07 2018 08:46 sc-darkness wrote:
Also, the above suggestion solves or helps solve the problem of IT industry which always complain about lack of candidates. They should stop going full capitalism and start investing in some training/education if they want more people.
That's still capitalism as long as training people overall produces more value than waiting until the perfect candidate comes around and decides to work there.
|
On January 07 2018 17:25 spinesheath wrote:Show nested quote +On January 07 2018 08:46 sc-darkness wrote:
Also, the above suggestion solves or helps solve the problem of IT industry which always complain about lack of candidates. They should stop going full capitalism and start investing in some training/education if they want more people. That's still capitalism as long as training people overall produces more value than waiting until the perfect candidate comes around and decides to work there.
That's exactly what my company did. We offered a free 2-month course in RoR. After that we picked people who did best and offered them a job.
|
Companies already hire less experienced candidates for training. Companies have pay scales and promotion ladders, and you can hire into one of junior/engineer/senior/principal and move up the ladder. It just happened that you failed the bar they set for the level you were interviewing for, and they weren't looking to hire / didn't see a fit for lower levels.
The poor technical interview process is what you should be annoyed with.
|
On January 08 2018 02:35 Blisse wrote:
Companies already hire less experienced candidates for training. Companies have pay scales and promotion ladders, and you can hire into one of junior/engineer/senior/principal and move up the ladder. It just happened that you failed the bar they set for the level you were interviewing for, and they weren't looking to hire / didn't see a fit for lower levels.
The poor technical interview process is what you should be annoyed with.
I scheduled my interview at the end of November. I met them in January and they said the position isn't available anymore. They offered some other position which was similar but it doesn't seem to be announced on their website. Maybe that's why they didn't bother too much. Still, a bit unprofessional... The reason for delay was because I had to go to a different country.
|
|
|
Very nice article, wasn't aware of the others outside the blog post and the google team. Crazy story!
|
On January 07 2018 03:38 WarSame wrote:
My app relies on people entering their ethereum address and private key, currently by text field. This is obviously prone to typing errors, particularly since the private key is a password text field(asterisks to replace characters). On mobile it is especially bad. Does anyone know of a better way to get users to input their private key? I can use MetaMask QR code for their address, but that doesn't include their private key.
Aren't you supposed to keep your private key... private? Why would users give you their ethereum address and their private key, i.e. access to their money?
|
Hyrule19029 Posts
Because WarSame has absolutely no idea how security works and despite being told multiple times not to do this because he doesn't understand it, still made this app
|
On January 08 2018 22:32 tofucake wrote:
Because WarSame has absolutely no idea how security works and despite being told multiple times not to do this because he doesn't understand it, still made this app
Not to mention the fact that his authenticity check not only passes around plain password as String but also possible account match is retrieved by using LIKE on email... Also, why would he retrieve encrypted password and salt in two separate queries, when he needs both to check for password match is beyond me.
|
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet?
|
On January 09 2018 03:29 Excludos wrote:
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet?
For the app's author to divert your money into his own wallet :-)
|
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out.
|
On January 08 2018 22:19 _fool wrote:Show nested quote +On January 07 2018 03:38 WarSame wrote:
My app relies on people entering their ethereum address and private key, currently by text field. This is obviously prone to typing errors, particularly since the private key is a password text field(asterisks to replace characters). On mobile it is especially bad. Does anyone know of a better way to get users to input their private key? I can use MetaMask QR code for their address, but that doesn't include their private key. Aren't you supposed to keep your private key... private? Why would users give you their ethereum address and their private key, i.e. access to their money?
So that it can send transfers through the Ethereum network. I'm not aware of another way for them to do so. It seems like normal wallets also require it.
On January 08 2018 22:32 tofucake wrote:
Because WarSame has absolutely no idea how security works and despite being told multiple times not to do this because he doesn't understand it, still made this app
Oh no! What liabilities am I going to face? Am I going to get... *GASP* sued? Oh wait, no, cause it's not published, open source, for education, etc. as I've already mentioned a million times, so shut up with the security stuff unless you plan to give specific, actionable feedback.
On January 09 2018 01:08 Manit0u wrote:Show nested quote +On January 08 2018 22:32 tofucake wrote:
Because WarSame has absolutely no idea how security works and despite being told multiple times not to do this because he doesn't understand it, still made this app Not to mention the fact that his authenticity check not only passes around plain password as String but also possible account match is retrieved by using LIKE on email... Also, why would he retrieve encrypted password and salt in two separate queries, when he needs both to check for password match is beyond me.
Hey, thanks for giving me the feedback earlier when I asked for it, rather than waiting to shit on me at some random time.
EDIT: I will actually change the email thing, though. I forgot to clean that up earlier.
How am I supposed to avoid passing the password as plain text? It needs to be put into the text field as plain text, and passed on from there to get encrypted so it needs to get passed around at least a little.
I can't check my code right now but I thought I was retrieving the salt and hash together. I'll look into that. Either way, that's a small efficiency quibble(at least at this point).
On January 09 2018 03:29 Excludos wrote:
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet?
The goal was person-to-person Ethereum transfers using NFC. The app does this successfully
On January 09 2018 03:56 Apom wrote:Show nested quote +On January 09 2018 03:29 Excludos wrote:
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet? For the app's author to divert your money into his own wallet :-)
Yeah, it seems sketchy which is part of the reason why I have no intention of ever releasing it. However, Android Pay et. al need your CC# and VIN, and this is conceptually similar. Do other wallets have some better way of doing it?
|
has anyone here had a situation where they regret rejecting a perfectly decent looking offer because they are in the interview process/final rounds with companies they like better and would be better for their career?
i might have to do that and am not sure what i will regret more, not taking the risk and finishing up with the other companies or not taking a perfectly fine job. cannot delay deadlines anymore and assume no reneging (its a clusterfuck since it's a coop)
|
On January 09 2018 04:39 WarSame wrote:
Yeah, it seems sketchy which is part of the reason why I have no intention of ever releasing it. However, Android Pay et. al need your CC# and VIN, and this is conceptually similar. Do other wallets have some better way of doing it?
Legit question. I believe online wallets generate a keypair for you, and then you use the web application to tell a 3rd party what you want them to do with your account. Move money to/from the account, etc. In that case, yes, the online party has your private key (and in fact you don't!) so it's all a matter of trust. This is a simple way to get and hold crypto's, but not very safe.
However, users that generate their own public/private keypair usually do so because they do not trust any 3rd party with their keypair, and they want to be safe. It makes no sense for them to generate their own pair, then supply it to you so you can use it to do transactions on their behalf.
Long story short: I think the technical solution will work, but I think the user base for such an app would be small.
|
On January 09 2018 05:13 _fool wrote:Show nested quote +On January 09 2018 04:39 WarSame wrote:
Yeah, it seems sketchy which is part of the reason why I have no intention of ever releasing it. However, Android Pay et. al need your CC# and VIN, and this is conceptually similar. Do other wallets have some better way of doing it? Legit question. I believe online wallets generate a keypair for you, and then you use the web application to tell a 3rd party what you want them to do with your account. Move money to/from the account, etc. In that case, yes, the online party has your private key (and in fact you don't!) so it's all a matter of trust. This is a simple way to get and hold crypto's, but not very safe. However, users that generate their own public/private keypair usually do so because they do not trust any 3rd party with their keypair, and they want to be safe. It makes no sense for them to generate their own pair, then supply it to you so you can use it to do transactions on their behalf. Long story short: I think the technical solution will work, but I think the user base for such an app would be small.
You nailed it. If you want to do any kind of trading, there are tons of exchanges online with their own wallets, which lets you access their API with generated keys to let you build third party aps for (In fact, I'm doing that very same thing right now). People who make private wallets are those who, and rightly so, are afraid of getting hacked and/or having their coins/tokens stolen. These people are not going to make a lot of trades both because it's against their interest (they just want to sit on the coins and collect interest over a long period of time), and because trading through network transactions instead of in an exchange is expensive. They have no use for a third party app to do it with.
|
On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out.
Don't know where your school is but I can tell you the curriculum at mine is so rigorous and brutal that almost everyone who gets through is competent.
We don't have any required classes that are web-based, but we did have a project centered around securing a website in my last required class. It was a bit difficult for me, because we had little time to prepare and no background training on sql and web security paradigms.
however, most of the students in our class have gotten through the program so far because they can solve problems on their own if they need to, so the class got through it just fine.
|
|
|
|
|
|
EPT
