General practice for JWTs is to keep a list of “revoked but not yet expired” tokens, and check against that. That list will generally be tiny, since each item only stays on the list for as long as the normal lifetime of a token is, so it’s not really burdensome to maintain and replicate.

Thank god, we STILL use TFS at work, and its core version control model is reeeeeally fucking awful.

I’ve seen forms of this joke quite a lot in the last few years, and it never fails to make me laugh.

What DOES the new scanner do with its scan output, then?

Second.

A country putting tariffs on imports doesn’t necessarily mean it’s being anti-competitive, or anything nefarious.

In this example, the argument generally goes that China’s EV market is so cheap, compared to the US’s, because the Chinese government subsidizes it, I.E. gives EV makers free money so they can lower costs or expand infrastructure, which in turn leads to lower prices. Thus, a US tarrif is just attempting to re-level the playing field. How much truth there is to this, I don’t really know.

And this, in TURN, doesn’t necessarily mean that China is being anti-competitive either. There’s nothing wrong with them saying “Having a robust EV infrastructure is good for our country, and we think it’s going to be very important for our future, so we’re going to invest heavily into that.”

It’s the capability of a program to “reflect” upon itself, I.E. to inspect and understand its own code.

As an example, In C# you can write a class…

public class MyClass
{
    public void MyMethod()
    {
        ...
    }
}

…and you can create an instance of it, and use it, like this…

var myClass = new MyClass();
myClass.MyMethod();

Simple enough, nothing we haven’t all seen before.

But you can do the same thing with reflection, as such…

var type = System.Reflection.Assembly.GetExecutingAssembly()
    .GetType("MyClass");

var constructor = type.GetConstructor(Array.Empty<Type>());

var instance = constructor.Invoke(Array.Empty<Object>());

var method = type.GetMethod("MyMethod");

var delegate = method.CreateDelegate(typeof(Action), instance);

delegate.DynamicInvoke(Array.Empty<object>());

Obnoxious and verbose and tossing basically all type safety out the window, but it does enable some pretty crazy interesting things. Like self-discovery and dynamic loading of plugins, or self-configuration of apps. Also often useful when messing with generics. I could dig up some practical use-cases, if you’re curious.

I mean, I’m paraphrasing, too.

Even better quote, I love using this one.

“So, with AI writing code for us, all we need is an unambiguous way to define, what all our business requirements are for the software, what all the edge cases are, and how it should handle them.”

“We in the industry call that ‘code.’”

Slight distinction, though maybe not so much a practical one: it was more “Don’t do that with our weapons, Russia will get mad at us, instead of just you.”

KeePass on my phone and desktop, with the master file sync’d automatically to the server in my basement.

The XZ exploit was found because some dude was investigating performance issues in a system, and noticed an unusual amount of time being spent in SSH processing, IIRC.

I’ll take this over the more “classic” styles, when people seed to believe they were paying the compiler by the character.

Generally speaking, fault protection schemes need only account for one fault at a time, unless you’re a really large business, or some other entity with extra-stringent data protection requirements.

RAID protects against drive failure faults. Backups protect against drive failure faults as well, but also things like accidental deletions or overwrites of data.

In order for RAID on backups to make sense, when you already have RAID on your main storage, you’d have to consider drive failures and other data loss to be likely to occur simultaneously. I.E. RAID on your backups only protects you from drive failure occurring WHILE you’re trying to restore a backup. Or maybe more generally, WHILE that backup is in use, say, if you have a legal requirement that you must keep a history of all your data for X years or something (I would argue data like this shouldn’t be classified as backups, though).

Can I get an Oracle version?

Why the hell is a professional tech business not relying almost-exclusively in ethernet, anyway?

Discord gained popularity and maintains it, in spite of the many reasons to avoid it, because of usability and feature richness. Slack, Teams, Matrix, Telegram, they are miles ahead of everyone else in the live-chat space, when it comes to user experience.

This was an interesting article about some tech I’ve never heard of before, but it has little to nothing to do with Discord’s overall success.

I would be wary of using STIGs as a reference point for good security practices. They are notorious for being poorly-enforced in the real world, and it stems from the fact that they are written too ambiguously. Getting STIG reviewed can have wildly different results just depending on the reviewer’s interpretation of the written text. I’ve seen this first-hand in my job, where we’ve gotten dinged on specific STIGS for code that hasn’t changed in a decade, just because a reviewer decided to interpret a STIG differently than others from the past. And trying to be pro-active about complying with STIG requirements ahead of time always boils down to arguments about “well, what does the STIG MEAN here?”

If you’re unsure about GUMBIES, you should take a look at this video.

Sees link

It’s retro-encabulators, isn’t it?

clicks

Ooooo, new programmer meme lore.