Hacker News: sytringy05

New comment by sytringy05 in "XSLT removal will break multiple government and regulatory sites"

sytringy05 — Sun, 24 Aug 2025 23:10:17 +0000

Java applets were terrible in all possible ways that something can be terrible and it took no less than Steve Jobs to kill off Flash.

This stuff was foundational to the modern web and it's clear the maintainers, who probably are not Steve Jobs, have no idea what will break as a result. If it's removed, it will just get added back in after the outrage

New comment by sytringy05 in "Why some DVLA digital services don't work at night"

sytringy05 — Fri, 17 Jan 2025 04:27:24 +0000

I worked for an aircraft parts manufacturer, they closed an entire factory / production site rather than try and upgrade the manufacturing system or move the part production onto the new one they had implemented.

500 people out of work. Tell me again how simple everything is to fix.

New comment by sytringy05 in "Australia's 3G Shutdown – Why your 4G/5G Phone is now Blocked"

sytringy05 — Mon, 11 Nov 2024 05:30:08 +0000

The issue with myki wasn't the card technology, it was the fact they wanted to have standardised ticketing across the entire state.

eg Tap on a bus, tram and train in Melbourne, get off in Wangaratta and tap on to a bus there.

There was going to be something like 29 zones, and all the requirements / edge cases / mucking around sent the cost through the roof.

New comment by sytringy05 in "Weaveworks is shutting down"

sytringy05 — Mon, 05 Feb 2024 19:46:07 +0000

<7000 lines of cut / paste YAML later> “it’s that easy!”

New comment by sytringy05 in "Is this Duplo train track under too much tension?"

sytringy05 — Thu, 07 Sep 2023 11:38:39 +0000

It’s from the original borne / korn shell in Unix. Ctrl H was backspace, but the pc keyboards would send a different control character. you often had to map the backspace on the pc keyboard to make it work properly. Set -o or something like that.

New comment by sytringy05 in "New localstorage JWT exfil just dropped"

sytringy05 — Mon, 26 Jun 2023 05:54:14 +0000

Pretty interesting way to run what's in effect a XSS attack.

New localstorage JWT exfil just dropped

sytringy05 — Mon, 26 Jun 2023 05:32:09 +0000

Article URL: https://twitter.com/zackderose/status/1672971219035906050

Comments URL: https://news.ycombinator.com/item?id=36476050

Points: 2

# Comments: 1

New comment by sytringy05 in "Why is OAuth still hard in 2023?"

sytringy05 — Thu, 27 Apr 2023 04:26:10 +0000

It's interesting to hear that because IHMO one of the reasons OAuth and JWT took over the world is that you can base64 decode the tokens and see whats inside them, compared to Kerb or NTLM which you eventually learn to spot based on their binary headers or whatever (eg NTLM tokens in HTTP Headers always start with "TRIM" for some reason)

I get the problem though, many of the libraries are not great or simply difficult to use

New comment by sytringy05 in "Why is OAuth still hard in 2023?"

sytringy05 — Thu, 27 Apr 2023 00:55:06 +0000

Well hopefully someone has taken the time to, or there will be nasty surprises

I certainly don't want people building security sensitive parts of an app to be slinging the features out.

New comment by sytringy05 in "Why is OAuth still hard in 2023?"

sytringy05 — Thu, 27 Apr 2023 00:49:52 +0000

The whole point of access tokens is to not do expensive checks on every request. Signature checks out and isn't expired - you are free to go. This is a core design thing of OAuth, once access tokens are out the door they are very hard to stop, so only let them last for 5 or 10 mins and use refresh tokens to get new access tokens.

Refresh tokens are your chance to do all the expensive checks - maybe you are IP restricted or want to step up with MFA etc etc. Check revocation etc

New comment by sytringy05 in "Why is OAuth still hard in 2023?"

sytringy05 — Thu, 27 Apr 2023 00:38:43 +0000

Yes, single log out is an ongoing nightmare. As many here have said the size and range of use cases that OAuth and OIDC support is off its head. And that's with the big boys who have millions of users, throw in ${EveryCorp} that implements its own token server and bespoke implementation of the auth, well.. good luck to the AI trying to take over our jobs.

New comment by sytringy05 in "Postman Flows: the next generation of software development"

sytringy05 — Mon, 03 Apr 2023 23:52:29 +0000

lol, here's my visual flow which consists of "start" -> "script node" -> "end"

Still, people buy Dell Boomi and Mulesoft, so it's not like there's no market for this rubbish

Atlassian lay off 500 staff

sytringy05 — Tue, 07 Mar 2023 11:45:54 +0000

Article URL: https://www.theguardian.com/technology/2023/mar/07/atlassian-to-axe-500-jobs-with-the-heaviest-of-hearts

Comments URL: https://news.ycombinator.com/item?id=35054278

Points: 11

# Comments: 1

New comment by sytringy05 in "Architecture diagrams should be code"

sytringy05 — Fri, 13 Jan 2023 04:31:49 +0000

It wasn't a draft, it was reviewed, approved agreed upon etc, but the initial reason to do it was supporting a review of how things were integrated. Basically because it was useful and there wasn't anything else like it, they turned into the "how everything works" view.

New comment by sytringy05 in "Architecture diagrams should be code"

sytringy05 — Fri, 13 Jan 2023 04:28:47 +0000

because that's just how it was there... wasn't the best place in the world to work.

New comment by sytringy05 in "Architecture diagrams should be code"

sytringy05 — Thu, 12 Jan 2023 04:33:58 +0000

I once made the mistake of doing a set of rather detailed integration diagrams for an airline I was consulting at.

This diagram, which was intended to be a rough snapshot of how the systems interacted, instead became the single point of reference for how everything in the company worked. It was used to justify investment, knock back projects, one PM even tried to use it to dragoon AD into a PCI Compliance project due to a couple of lines on the aforementioned diagram (like this system has cards, line goes to Exchange as it alerts via email and AD is connected to Exchange. AD is now on the PCI hook).

It was the first thing I did there, leaving 4 years later. They were still in wide use 3 years after I left and hadn't being updated since they were drawn, not to mention they were flat out wrong in a number of significant ways to start with (either simplified for $REASONS or just didn't find out the real story until a year or 2 later).

These diagrams are probably the most impactful thing I've ever done in my career given how long they remained in daily use and the effort to draw them (which was probably a week or two? Took a long time to get the data but the drawing bit was pretty quick).

Would code have made them more accurate or likely to be updated? I doubt it. Would it have made them more useful? I don't think so, the key to them being well understood and useful was mostly in the layout, something that is difficult to control in any generated diagram.

I did actually have a go at using structurizr when I was there but it was too much work when compared to knocking out a quick draw.io.

Personally these days I make great use of PlantUML / WebSequence diagrams and am very interested in the C4 / mermaid stuff, but I would likely take the approach of the Engineering Manager - please produce diagrams and make them: 1 - accurate and 2 - useful for whatever story you are trying to tell.

Do it in code if you can make it work, but as someone in the thread said - this is an old problem and if it was easy it would have being solved in the 90s.

That said I've always thought a dependency system would be a good way to express the relationships between systems - you could almost model systems using something like maven poms - but again, it's always too hard to get the scope and resulting view right.

New comment by sytringy05 in "Apache Apisix: Open-Source API Gateway and API Management Platform"

sytringy05 — Fri, 16 Sep 2022 05:48:56 +0000

the main ones are OIDC plugin, the serverless plugin, advanced req and resp transformer plugins. auth connectors are useful, but most orgs I work with are using OIDC or SAML

New comment by sytringy05 in "Apache Apisix: Open-Source API Gateway and API Management Platform"

sytringy05 — Fri, 16 Sep 2022 00:51:07 +0000

does anyone know the history of the project? I hadn't really heard of this until earlier this year.

New comment by sytringy05 in "Apache Apisix: Open-Source API Gateway and API Management Platform"

sytringy05 — Fri, 16 Sep 2022 00:44:31 +0000

the same benefit you get from most reverse proxies. If you dont need it, then nothing. If you do need it, it's critical.

If you: - have more than 1 upstream service to hide behind your api.bigcorp.com name? - want to enforce standard authn/authz patterns across lots of teams/backend services? - want a standard approach to all the Quality of Service management? - want to have a well defined lifecycle for your APIs? - want to have a portal that describes the APIs, how they work and facilitate users getting access to them?

API Gateways are a thing because web servers that started out being used as reverse proxies were not that easy to configure and just did way too much web server stuff. API gateways made this easier, and added a host of security measures to make it somewhat safer when presenting APIs to the internet.

Then API management came along as a first class concern for orgs who want others to use their APIs.

It's good to see some FOSS innovation in this domain, most of the real open source API gateways are a huge mess. Kong is great, but the really useful stuff is part of the paid enterprise platform.

New comment by sytringy05 in "Ex-Twitter exec blows the whistle, alleging reckless cybersecurity policies"

sytringy05 — Wed, 24 Aug 2022 00:17:27 +0000

I think they were logging them in clear text, so server side, prolly ended up in splunk or elasticsearch.