The `WithMeta` func will panic if not passed a multiple of 2 varargs.
This is exactly what makes go error handling difficult in the first place. Imagine panicking in production because you passed a key without value to your error wrapper for some reason.
Readit Newsdarthbanane commented on Structured Errors in Go (2022) southcla.ws/structured-er... · Posted by u/todsacerdoti
darthbanane commented on Show HN: Java REST without annotations, DI nor reactive streams github.com/MartinGeisse/g... · Posted by u/moring
> On top of that, annotations make it impossible/very dificcult to know what code is actually executed (and also it not possible to navigate to the code in an IDE)
I have never understood this argument. What is exactly the problem with identifying the executed code?
Some of the aspect oriented stuff like cacheable will add a proxy to the annotated bean which can break reasoning about the code.
If you inject the bean and call the method you will get caching (because you are using the proxy). If you call the method from within the bean itself however you're not using the proxy and you won't get caching.
It's stuff like this on steroids when you start mixing annotations that makes it really difficult to reason about the code.
darthbanane commented on ChatGPT Changed How I Write Software readysetcloud.io/blog/all... · Posted by u/dlb007
The author seems really happy about his "random muscle group into chatgpt into workout plan for the day" automation but having exercised for 12 years it seems incredibly naive to me.
I mean sure, if it keeps things fresh and keeps you moving it's better than nothing but that's not a good structure if you want to progress past a year of training or do anything serious.
Literally just doing a random program like the reddit recommended BWF routine is vastly superior and doesn't require chatgpt or serverless or anything..
darthbanane commented on ChatGPT Changed How I Write Software readysetcloud.io/blog/all... · Posted by u/dlb007
Yeah I'm not convinced. As usual with most pro-ChatGPT posts I see, there is little to no actual useful information on how to use ChatGPT practically.
When I read one of these articles or posts, I usually expect to see concrete prompts, their output, and how they can be used to speed up development. Instead all I see is generic vagueisms; "it helps me write unit tests", "it helps me code faster", or in the case of this article "it’s taken over how I plan, design, and implement software." with little to no real examples of how this works. It almost feels like people want to brag that they've discovered "the secret sauce" rather than help others understand how to use it.
I've tried multiple times now to use ChatGPT. In every case ChatGPT has produced code that has bugs, needs to be double checked, or simply straight up doesn't work. It IS impressive how it's able to create code that seemingly does what you ask, and it's lightyears ahead of other products, but in no way have I found it to be a gamechanger. IMHO, at best it might steer me in the right direction, and at worst it completely wastes my time. Seems pretty overhyped to me.
I'm in the same boat I have yet to find an actual use case for chatgpt beyond a google/stackoverflow search that uses the same variable names as my code.
In several occasions it has produced code that took me longer to fix than just reading the documentation and in almost all of those cases it couldn't help me find the issue and I actually had to read the documentation anyway (it took just seconds to pinpoint the missing clue).
Something it seems really good at is unix commands (regexes, awk expressions, pipes and bash intricacies) so I do use it a fair bit for that.
darthbanane commented on GitHub push protection is free for all public repositories github.blog/2023-05-09-pu... · Posted by u/manojr13
I think that the main benefit here is that the credentials aren't published for all and sundry to see.
The scanner has seen the credentials, yes, and it's then up to the individual to decide if that credential should be considered "compromised" or not (seeing as the Github scanner has seen that credential)
It's a step up from - oh sh*t everyone can see it and the user isn't even aware that they did the dumb
I agree but according to their goal of empowering developers with security awareness they should make it more clear that this is a server-side check and that the credentials were exposed in plain text, just not to the general public.
The screenshot says just amend the commit and all's good
darthbanane commented on GitHub push protection is free for all public repositories github.blog/2023-05-09-pu... · Posted by u/manojr13
What's worse: them being scanned and prevented or being committed into the public repository without anyone's knowledge?
Yeah I'm not saying this is not a net positive. I just don't understand why the recommendation reads like all is good as long as one amends the commit and nothing just happened.
darthbanane commented on GitHub push protection is free for all public repositories github.blog/2023-05-09-pu... · Posted by u/manojr13
A Github PAT being exposed to Github is not the problem. That is, in fact, intended behaviour. A Github PAT being exposed to the internet is something else entirely, and likely to be an accident in most cases. That's what thd protection's for.
For PAT ok but surely this also scans for aws credentials etc, or is it really just about PATs?
darthbanane commented on GitHub push protection is free for all public repositories github.blog/2023-05-09-pu... · Posted by u/manojr13
Better than it being exposed to the entire world
Also I feel fairly confident Github/MS aren't about to change their business model to become a blackhat hacking collective
Yeah definitely better than allowing the push. But I feel they should also at least recommend rotating the secret
darthbanane commented on GitHub push protection is free for all public repositories github.blog/2023-05-09-pu... · Posted by u/manojr13
I don't get it. If github declines the push then the blob must have already crossed the internet?
The message says to remove the secret from the commit but the actual action to take would be to rotate the secret since it's been exposed to github, no?
darthbanane commented on EBay to Ditch PayPal for Dutch Payment Processor Adyen bloomberg.com/news/articl... · Posted by u/watchdogtimer
Here's what puzzles me. I have looked into Stripe, and just browsed the Adyen webpage. Both of those services seem to require you to maintain your own "active" server that can run server side code.
PayPal seems to be unique in being able to take payments from a passive web page, because the customer conducts their transaction at PP's website.
This is why I continue to use PP for my tiny little business (without eBay). Even though I consider myself reasonably tech savvy, I don't trust myself to maintain a website that is compatible with everybody's browser, phone, etc., and that guarantees the security of their personal data. Moving to another payment processor requires a quantum leap in technology that I'd rather not keep up with. I'd rather design another gizmo.
From time to time I look around for an alternative to PP, and haven't found one yet. I suspect that many small-time eBay sellers may be in the same boat.
Adyen actually provides this too, it's called Hosted Payment Pages (HPP)[1] and it's difficult to find because the documentation structure is abysmal.
There's a shared secret you can use to verify the payment when they callback to you after payment, and their HPP is skinnable.
[1] https://docs.adyen.com/developers/api-reference/hosted-payme...