|
Thread Rules
1. This is not a "do my homework for me" thread. If you have specific questions, ask, but don't post an assignment or homework problem and expect an exact solution.
2. No recruiting for your cockamamie projects (you won't replace facebook with 3 dudes you found on the internet and $20)
3. If you can't articulate why a language is bad, don't start slinging shit about it. Just remember that nothing is worse than making CSS IE6 compatible.
4. Use [code] tags to format code blocks. |
On January 09 2018 04:57 dsyxelic wrote:
has anyone here had a situation where they regret rejecting a perfectly decent looking offer because they are in the interview process/final rounds with companies they like better and would be better for their career?
i might have to do that and am not sure what i will regret more, not taking the risk and finishing up with the other companies or not taking a perfectly fine job. cannot delay deadlines anymore and assume no reneging (its a clusterfuck since it's a coop)
The advice I have always seen is to delay as long as possible, while informing the other companies of your situation.
|
On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out.
Well I can understand this if your country of "Afghanistan" is correct..
I have yet to see a CS course which haven't been absolutely brutal wherever I've gone, but I have heard about them. In Japan you're apparently so useless out of school they they barely expect you to be able to print hello world in any language. A friend who lived there told me they instantly bumped him up to a "3 years of experience required" position when he moved there and they realized, coming out of a US university, he actually knew how to program... baffling.
|
On January 09 2018 08:13 Excludos wrote:Show nested quote +On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out. Well I can understand this if your country of "Afghanistan" is correct.. I have yet to see a CS course which haven't been absolutely brutal wherever I've gone, but I have heard about them. In Japan you're apparently so useless out of school they they barely expect you to be able to print hello world in any language. A friend who lived there told me they instantly bumped him up to a "3 years of experience required" position when he moved there and they realized, coming out of a US university, he actually knew how to program... baffling.
I don't think BSc in CS is brutal. It's not trivial but not brutal for sure. 
|
On January 09 2018 04:39 WarSame wrote:Show nested quote +On January 09 2018 01:08 Manit0u wrote:
Not to mention the fact that his authenticity check not only passes around plain password as String but also possible account match is retrieved by using LIKE on email... Also, why would he retrieve encrypted password and salt in two separate queries, when he needs both to check for password match is beyond me. Hey, thanks for giving me the feedback earlier when I asked for it, rather than waiting to shit on me at some random time. EDIT: I will actually change the email thing, though. I forgot to clean that up earlier. How am I supposed to avoid passing the password as plain text? It needs to be put into the text field as plain text, and passed on from there to get encrypted so it needs to get passed around at least a little. I can't check my code right now but I thought I was retrieving the salt and hash together. I'll look into that. Either way, that's a small efficiency quibble(at least at this point).
Dude, when you asked for advice we told you to learn more about security...
Anyway, I wasn't talking about passing password as plain text. I specifically mentioned a String, which is a class, which is bad for anything that needs to be kept secure/hidden away since you don't have any control over the garbage collector (and why you should use char arrays for that purpose).
Once again, you must really improve your knowledge of security when trying to do anything even remotely related to crypto-whatever (be it -graphy, -currency etc.).
The same goes for retrieving data required to check for password correctness in 2 different queries, functions and places. While not being overly dramatic when it comes to performance, it adds yet another potential point of failure and might pose a security risk. Performance should really be the least of your worries, usually the slower it is (hashing algo for example) the more secure it is.
|
On January 09 2018 07:51 travis wrote:Show nested quote +On January 09 2018 04:57 dsyxelic wrote:
has anyone here had a situation where they regret rejecting a perfectly decent looking offer because they are in the interview process/final rounds with companies they like better and would be better for their career?
i might have to do that and am not sure what i will regret more, not taking the risk and finishing up with the other companies or not taking a perfectly fine job. cannot delay deadlines anymore and assume no reneging (its a clusterfuck since it's a coop) The advice I have always seen is to delay as long as possible, while informing the other companies of your situation.
Yeah I've already tried my best but no more delays are available and I can't speed up the other companies any more. I have been in close contact with most of them and they said they would try to match my deadlines, but it hasn't worked out.
On January 09 2018 08:22 sc-darkness wrote:Show nested quote +On January 09 2018 08:13 Excludos wrote:On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out. Well I can understand this if your country of "Afghanistan" is correct.. I have yet to see a CS course which haven't been absolutely brutal wherever I've gone, but I have heard about them. In Japan you're apparently so useless out of school they they barely expect you to be able to print hello world in any language. A friend who lived there told me they instantly bumped him up to a "3 years of experience required" position when he moved there and they realized, coming out of a US university, he actually knew how to program... baffling. I don't think BSc in CS is brutal. It's not trivial but not brutal for sure.
Depends where. Some curriculums are absolutely brutal and I'm amazed how some students can both excel at the coursework and do extracurriculars.
|
My brother is in his first semester of a CS degree (not pure CS), and their programming workload is so much bigger than what I had to do back then. If they keep up that pace he should do fine in his 3rd year. I'll probably still have to teach him about actual software development since I doubt that they'll learn much about how to design a maintainable piece of software, but at least he'll know how to program.
My CS degree on the other hand... people didn't learn how to program there and they hardly needed to know anything about it. I taught myself on the side. And there certainly was no web programming involved.
|
On January 09 2018 04:39 WarSame wrote:Show nested quote +On January 09 2018 03:29 Excludos wrote:
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet? For the app's author to divert your money into his own wallet :-)
Every crypto wallet app has a private wallet unless they delegate to an external client. If done properly, offline signing is safer than trusting some service to manage your keys.
If it was my app, I would use web3j wallet management https://docs.web3j.io/transactions.html#creating-and-working-with-wallet-files
Your app has a receiving address and you can top it off by transferring from your bigger stash.
I don't see the point of the guys who are bashing the security of your app. It seems fine considering that it aims to protect a wallet held on a phone and what they say seems not applicable in this context. I'd look into the fingerprint api that links with the keystore.
How about
1. generate a long random string as the wallet password
2. generate a keypair in the keystore
3. encrypt (1) with (2)
4. store the result in a db
5. link (2) to finger print auth
|
On January 09 2018 08:22 sc-darkness wrote:Show nested quote +On January 09 2018 08:13 Excludos wrote:On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out. Well I can understand this if your country of "Afghanistan" is correct.. I have yet to see a CS course which haven't been absolutely brutal wherever I've gone, but I have heard about them. In Japan you're apparently so useless out of school they they barely expect you to be able to print hello world in any language. A friend who lived there told me they instantly bumped him up to a "3 years of experience required" position when he moved there and they realized, coming out of a US university, he actually knew how to program... baffling. I don't think BSc in CS is brutal. It's not trivial but not brutal for sure.
I'm by far not the smartest person so me getting through it shows that pretty much anyone can with minimal effort. But in our class of 102 people, around 40% dropped out during the first year and an additional 10-20% during the next 2 years (variable because some came back to finish later, and some got IT jobs without finishing which I'm not sure how to count).
And our school was super easy compared to Australia. I studied there for only half a year, and it's to date the most stressful 6 months I've ever done. 40 hours a week just for the assignments alone was the norm, and at one point towards the end I was up to 80 hours (Tho I did take two weeks off to take an actual vacation as well in the middle there, which in hindsight I could have used to catch up).
|
On January 10 2018 01:55 Excludos wrote:Show nested quote +On January 09 2018 08:22 sc-darkness wrote:On January 09 2018 08:13 Excludos wrote:On January 09 2018 04:35 Nobodyyy wrote:
I need to vent. I am teaching web programming to 3rd year uni students. They had to program a (very basic) web store. It's really really basic, but I swear students are exponentially more stupid than when I was a 3rd year student.
For starters, we didn't learn web programming. There was an introductory course to CS in the first semester of the first year that told you how to do stuff with HTML, JS and CSS (which was still rather new back then) but in the 2nd year there was a software project and the "easy out" was to program a web app. This was back before frameworks were a thing and OOP was definitely not something you did with PHP. In other words, the early 00s and the web apps people had to program for the project were somewhat similar to the assignment in this course. They were considered trivial, and boring, and a surefire way to score a high grade. The complex shit was the AI projects, or there was some supply chain management tool, and some other complex stuff that I don't recall (because it was fucking 15+ years ago).
Skip forward to now. 3rd year students. We can assume they have some fucking idea about how to debug their own code right? Hah. Lol.
Well, exam period has started and we figured the evaluation last year was a farce and we needed to do it a bit different. So we prepared a bunch of really basic programming assignments to do with the web store. Things like:
- Make the login functionality (there are some sample users in the database with password 1234).
- Load page XXXXXX into a div with Ajax (can use jquery).
- Print the content of the shopping cart on the screen, and make a button to empty it.
The skeleton code was neatly programmed and had been used for all the examples throughout the course (which, btw, students ignored and then complained when their own kludged together mess didn't work). The idea was to pass/fail the students without looking at the quality of the code: if it functions, they pass. If it doesn't, they fail. We probably can't do that, because only 5 of the 40 students today managed to create code that passed the bar. Holy ####. After (supposedly) a full semester course in the 3rd!!! year of university, these students can't figure out in an hour how to add a login functionality to a very simple website. Mind. Blown. And we'll probably have to pass more than 10%.
What does this mean for you (or me). Well... that a university degree in CS is essentially useless (note, I do not know about all universities, just the particular unnamed one I am at. My previous experience has been in teaching MSc. level at a different uni in a different country, which was obviously rather different). Honestly, the only reason to pick uni grads instead of kids straight out of high school is because hopefully they have matured a bit in the 3-4 years they spent getting a useless piece of paper.
/rant out. Well I can understand this if your country of "Afghanistan" is correct.. I have yet to see a CS course which haven't been absolutely brutal wherever I've gone, but I have heard about them. In Japan you're apparently so useless out of school they they barely expect you to be able to print hello world in any language. A friend who lived there told me they instantly bumped him up to a "3 years of experience required" position when he moved there and they realized, coming out of a US university, he actually knew how to program... baffling. I don't think BSc in CS is brutal. It's not trivial but not brutal for sure. I'm by far not the smartest person so me getting through it shows that pretty much anyone can with minimal effort. But in our class of 102 people, around 40% dropped out during the first year and an additional 10-20% during the next 2 years (variable because some came back to finish later, and some got IT jobs without finishing which I'm not sure how to count).
Here in The Netherlands, this is our national average for pretty much all studies, and CS is ~50-60%
|
Do you guys struggle with algorithm questions in interview? Any advice how I can become better? I'm not sure if reading more about algorithms will help. I think I need to improve my thinking on the go instead, but I'm not sure how to achieve that. Would doing non-CS maths help?
|
On January 10 2018 05:05 sc-darkness wrote:
Do you guys struggle with algorithm questions in interview? Any advice how I can become better? I'm not sure if reading more about algorithms will help. I think I need to improve my thinking on the go instead, but I'm not sure how to achieve that. Would doing non-CS maths help?
It depends on what part you're having trouble with, really.
For example, do you find it difficult to identify what the problem is, or what class of algorithms might be applicable? Is it that you can solve the problem quickly, but have trouble with "whiteboard programming"? Knowing where you're having issues would help with providing more applicable advice.
|
On January 10 2018 05:05 sc-darkness wrote:Would doing non-CS maths help?
Depends on what you consider CS maths. I've had a use for almost all of the math's I've learned through school, CS related or not, but my first job was pretty weird as well. In my current job I've used exactly none of it.
On January 10 2018 05:05 sc-darkness wrote:
Do you guys struggle with algorithm questions in interview? Any advice how I can become better? I'm not sure if reading more about algorithms will help. I think I need to improve my thinking on the go instead, but I'm not sure how to achieve that.
This depends on what you're applying for. Most likely it's in some kind of field you can prepare yourself for. If it's just a regular old frontend job then I wouldn't expect algorithm questions on the interview. If the job is in a scientific field then you should look at what they work with and try to figure out what they might need.
edit: Some things you might get a use for in any job tho would be: sorting (tho you'll probably have tools to do this with), graphs, geometry (especially in games or other 3D related projects), parsing if that counts as an algorithm (which tbh it doesn't), and maybe some good old A* or any other types of path finding.
|
Well, I had to implement Reverse Polish Notation in an interview. Because of pressure and not reading all requirements carefully, my algorithm was producing wrong output. I had to do it on a piece of paper, so no debugger and IDE. It really annoys me because it's not a difficult thing to do, but then again, pressure, rushing things and having 30-40 minutes to come up with C++ code got me. It's just solving problems like that quickly and on the spot that I want to become better at.
I don't want to memorise algorithms like the one above. I just want to solve them if I spend some time thinking.
Edit: Just implemented it in an OOP way. It's not difficult as I said.. unfortunately, a bit too late. :D
If you're curious, here's code. Note that code could be made prettier, I just focused on some balance of code quality and time to do.
+ Show Spoiler +Keep in mind there are very few comments. Code was written for myself only. Operators.h + Show Spoiler +
#pragma once
#include <inttypes.h>
enum class Operators : int32_t
{
PLUS,
MINUS,
MULTIPLICATION,
DIVISION,
UNKNOWN
};
ReversePolishCalculator.h + Show Spoiler +
#pragma once
#include <inttypes.h>
#include <string>
#include <vector>
enum class Operators : int32_t;
class ReversePolishCalculator
{
public:
ReversePolishCalculator();
double calculate(const std::string& input) const;
private:
std::vector<std::string> parseTokens(const std::string& input) const;
bool parseOperator(const std::string& input, Operators& op) const;
bool parseNumber(const std::string& input, int32_t& number) const;
int32_t applyOperator(int32_t first, int32_t second, Operators op) const;
};
ReversePolishCalculator.cpp + Show Spoiler +
#include <sstream>
#include <algorithm>
#include <iterator>
#include <vector>
#include <stack>
#include <exception>
#include <cassert>
#include "ReversePolishCalculator.h"
#include "Operators.h"
ReversePolishCalculator::ReversePolishCalculator()
{
}
double ReversePolishCalculator::calculate(const std::string& input) const
{
std::vector<std::string> tokens(parseTokens(input));
std::stack<double> final_result;
for (const std::string& token : tokens)
{
int32_t temp_number = 0;
Operators temp_op = Operators::UNKNOWN;
if (parseNumber(token, temp_number))
{
final_result.push(temp_number);
}
else if (parseOperator(token, temp_op))
{
if (final_result.size() <= 1)
throw std::logic_error("Stack of numbers is either empty or it has only one number. Can't apply operator.");
int32_t second = final_result.top();
final_result.pop();
int32_t first = final_result.top();
final_result.pop();
int32_t result = applyOperator(first, second, temp_op);
final_result.push(result);
}
}
bool has_one_result = final_result.size() == 1;
if (!has_one_result)
throw std::logic_error("Expected to have only one result");
double the_result = static_cast<double>(final_result.top());
final_result.pop();
return the_result;
}
std::vector<std::string> ReversePolishCalculator::parseTokens(const std::string& input) const
{
std::istringstream iss(input);
std::vector<std::string> tokens{ std::istream_iterator<std::string>{iss},
std::istream_iterator<std::string>{} };
return tokens;
}
bool ReversePolishCalculator::parseOperator(const std::string& input, Operators& op) const
{
bool success = false;
if (input == "+")
{
op = Operators::PLUS;
success = true;
}
else if (input == "-")
{
op = Operators::MINUS;
success = true;
}
else if (input == "*" || input == "x")
{
op = Operators::MULTIPLICATION;
success = true;
}
else if (input == "/")
{
op = Operators::DIVISION;
success = true;
}
else
{
op = Operators::UNKNOWN;
success = false;
}
return success;
}
bool ReversePolishCalculator::parseNumber(const std::string& input, int32_t& number) const
{
int32_t converted_number = 0;
try
{
converted_number = std::stoi(input);
// if we're at this line, no exception has occurred
number = converted_number;
return true;
}
catch (const std::exception&)
{
return false;
}
}
int32_t ReversePolishCalculator::applyOperator(int32_t first, int32_t second, Operators op) const
{
switch (op)
{
case Operators::PLUS:
return first + second;
case Operators::MINUS:
return first - second;
case Operators::MULTIPLICATION:
return first * second;
case Operators::DIVISION:
return first / second;
case Operators::UNKNOWN:
default:
{
throw std::logic_error("Unknown operators");
}
}
}
Example: ReversePolishCalculator calculator; double result = calculator.calculate("5 1 2 + 4 * + 3 -");
|
On January 09 2018 05:46 Excludos wrote:Show nested quote +On January 09 2018 05:13 _fool wrote:On January 09 2018 04:39 WarSame wrote:
Yeah, it seems sketchy which is part of the reason why I have no intention of ever releasing it. However, Android Pay et. al need your CC# and VIN, and this is conceptually similar. Do other wallets have some better way of doing it? Legit question. I believe online wallets generate a keypair for you, and then you use the web application to tell a 3rd party what you want them to do with your account. Move money to/from the account, etc. In that case, yes, the online party has your private key (and in fact you don't!) so it's all a matter of trust. This is a simple way to get and hold crypto's, but not very safe. However, users that generate their own public/private keypair usually do so because they do not trust any 3rd party with their keypair, and they want to be safe. It makes no sense for them to generate their own pair, then supply it to you so you can use it to do transactions on their behalf. Long story short: I think the technical solution will work, but I think the user base for such an app would be small. You nailed it. If you want to do any kind of trading, there are tons of exchanges online with their own wallets, which lets you access their API with generated keys to let you build third party aps for (In fact, I'm doing that very same thing right now). People who make private wallets are those who, and rightly so, are afraid of getting hacked and/or having their coins/tokens stolen. These people are not going to make a lot of trades both because it's against their interest (they just want to sit on the coins and collect interest over a long period of time), and because trading through network transactions instead of in an exchange is expensive. They have no use for a third party app to do it with.
But then they still have to trust the exchanges. There's still trusting a third party at some point. I'm planning on looking into if you can do something similar with Light Clients on Android so you don't need to use any non-Ethereum Foundation software to safely do this.
On January 09 2018 10:56 Manit0u wrote:Show nested quote +On January 09 2018 04:39 WarSame wrote:On January 09 2018 01:08 Manit0u wrote:
Not to mention the fact that his authenticity check not only passes around plain password as String but also possible account match is retrieved by using LIKE on email... Also, why would he retrieve encrypted password and salt in two separate queries, when he needs both to check for password match is beyond me. Hey, thanks for giving me the feedback earlier when I asked for it, rather than waiting to shit on me at some random time. EDIT: I will actually change the email thing, though. I forgot to clean that up earlier. How am I supposed to avoid passing the password as plain text? It needs to be put into the text field as plain text, and passed on from there to get encrypted so it needs to get passed around at least a little. I can't check my code right now but I thought I was retrieving the salt and hash together. I'll look into that. Either way, that's a small efficiency quibble(at least at this point). Dude, when you asked for advice we told you to learn more about security... Anyway, I wasn't talking about passing password as plain text. I specifically mentioned a String, which is a class, which is bad for anything that needs to be kept secure/hidden away since you don't have any control over the garbage collector (and why you should use char arrays for that purpose). Once again, you must really improve your knowledge of security when trying to do anything even remotely related to crypto-whatever (be it -graphy, -currency etc.). The same goes for retrieving data required to check for password correctness in 2 different queries, functions and places. While not being overly dramatic when it comes to performance, it adds yet another potential point of failure and might pose a security risk. Performance should really be the least of your worries, usually the slower it is (hashing algo for example) the more secure it is.
Do you honestly think "go learn security" is even advice at all? It's a recommendation at most. Further, one of the best ways to learn is by doing and making mistakes. I posted my code and asked for feedback. I got none. So thanks for that.
Literally never heard of that char array/garbage collection concern before but I'll look into it.
And this is the road to improvement.
On January 10 2018 01:00 Hanh wrote:Show nested quote +On January 09 2018 04:39 WarSame wrote:On January 09 2018 03:29 Excludos wrote:
I'm more confused to what he's actually trying to do. Why would an app ever require access to a private wallet? For the app's author to divert your money into his own wallet :-) Every crypto wallet app has a private wallet unless they delegate to an external client. If done properly, offline signing is safer than trusting some service to manage your keys. If it was my app, I would use web3j wallet management https://docs.web3j.io/transactions.html#creating-and-working-with-wallet-filesYour app has a receiving address and you can top it off by transferring from your bigger stash. I don't see the point of the guys who are bashing the security of your app. It seems fine considering that it aims to protect a wallet held on a phone and what they say seems not applicable in this context. I'd look into the fingerprint api that links with the keystore. How about 1. generate a long random string as the wallet password 2. generate a keypair in the keystore 3. encrypt (1) with (2) 4. store the result in a db 5. link (2) to finger print auth
I actually was using their wallet for a bit, but was having trouble with it and decided to strip it out and put a simpler version in. I'll look into what you mentioned. Thank you for the information and leads.
|
|
|
That's really quite cool man, congrats to be working in that industry. Mind if I ask the pathway you took to getting there?
|
I was referred by friend of mine already working for a company and passed an interview for a tester. Intially i didnt know much about programming and CS (but had knowledge of testing just in different area). I learned a lot since. Company helped me grew. Right now i am automating tests but started as manual tester. Here (in my company) You can go from manual testing to automation or developing if You want and show skills.
Also regarding referals thats prefered method of recruitment (that and headhunters) in that particular location of my company. Dont know about other locations. Also as SW company we work in many areas not only for automotive (soundspeakers, maps, updates, cameras etc.)
Getting here as a developer is actualy pretty easy You just need to know C or C++ (for hardware) or Java (for servers, maps, OTA updates) and be willing to work in Poland. We are recruiting like crazy. Of course there are also jobs in US,Germany, India but i dont know details there.
|
On January 10 2018 13:41 WarSame wrote:
Do you honestly think "go learn security" is even advice at all? It's a recommendation at most. Further, one of the best ways to learn is by doing and making mistakes. I posted my code and asked for feedback. I got none. So thanks for that.
Let's call it a strong recommendation. Making mistakes in security is not a good way to learn. Either:
1. your project doesn't require much security. You mess up and there is no consequence. You didn't learn anything because no one cared enough to attack your system and it seemed to work.
2. your project requires strong security. You mess up and it's a shit storm. Lots of people are angry.
See, ... you can't get it right. It's just too hard. They tell you to learn about security because you should have an idea of how difficult it is. If you are not, then let's hope that what you do does not need to be secure.
Coursera has a course Cryptography I which is quite good. And there are plenty of books too.
|
On January 10 2018 20:45 Hanh wrote:Show nested quote +On January 10 2018 13:41 WarSame wrote:
Do you honestly think "go learn security" is even advice at all? It's a recommendation at most. Further, one of the best ways to learn is by doing and making mistakes. I posted my code and asked for feedback. I got none. So thanks for that.
Let's call it a strong recommendation. Making mistakes in security is not a good way to learn. Either: 1. your project doesn't require much security. You mess up and there is no consequence. You didn't learn anything because no one cared enough to attack your system and it seemed to work. 2. your project requires strong security. You mess up and it's a shit storm. Lots of people are angry. See, ... you can't get it right. It's just too hard. They tell you to learn about security because you should have an idea of how difficult it is. If you are not, then let's hope that what you do does not need to be secure. Coursera has a course Cryptography I which is quite good. And there are plenty of books too.
I should point out that pretty much every company on earth has at one point taken security too lightly, messed up, and gotten into a huge shitstorm because of it. Difference is if it happens after you've gotten big you can usually take the hit and hire a bunch of cryptography experts to make sure it never happens again. That's what google did to turn themselves from a vulnerable company to what's probably the most it-secure company on earth.
That said it would make your life and conscience a lot better if you just took it seriously to begin with. It's a very difficult subject to learn tho, and constantly evolving too. It can be difficult for an amateur to just "go an learn it". In the prototype stage it might be just as easy to forgo it completely, and rather hire someone to do it once you've secured fundings. Unless you plan on releasing it yourself, In which case: Don't. It's entirely possible to be personally accountable for losing other people's money if you purposely made and released an app you knew wasn't secure enough.
|
On January 10 2018 20:45 Hanh wrote:Show nested quote +On January 10 2018 13:41 WarSame wrote:
Do you honestly think "go learn security" is even advice at all? It's a recommendation at most. Further, one of the best ways to learn is by doing and making mistakes. I posted my code and asked for feedback. I got none. So thanks for that.
Let's call it a strong recommendation. Making mistakes in security is not a good way to learn. Either: 1. your project doesn't require much security. You mess up and there is no consequence. You didn't learn anything because no one cared enough to attack your system and it seemed to work. 2. your project requires strong security. You mess up and it's a shit storm. Lots of people are angry. See, ... you can't get it right. It's just too hard. They tell you to learn about security because you should have an idea of how difficult it is. If you are not, then let's hope that what you do does not need to be secure. Coursera has a course Cryptography I which is quite good. And there are plenty of books too.
Sure, but I'm making mistakes in an unreleased app and asking for feedback. That seems like an ideal security learning, right? The problem is I didn't get specific feedback on security when I originally asked for it. I got scorched for having improper security rather than getting feedback. Then you and a few others gave me good, specific, actionable feedback, which helped quite a bit.
I understand security is difficult. I understand why you need professionals. If this were an enterprise app I would obviously hire professionals, but this is just for learning.
Taking a course is a good recommendation, but I think the time invested to reward of that would be minimal for me.
|
|
|
|
|
|
EPT
