I'm familiar with that process. I was trying to illustrate a picture of how a poor developer might stumble their way into this situation. It's technically possible to store the userid in the cookie rather than using JWTs, but obviously it's not secure in the slightest.
I'm hesitant to agree with you because it happens so frequently. I'll admit that I've had my share of receiving newbie bashing.
More often than not, I feel like talking with those folks and explaining to them that they should just ask and not ask if they can ask it seems like they just don't recognize what they're doing. Thus, it's usually good to tell them they don't need to ask and to just ask now and in the future.
Have you considered making the question the first line?
I think I understand your reasoning. If you lead with the question, then write a bunch of stuff. When they finish reading and get to the end, they may have forgotten the initial question. I guess I have found in my professional experience that leading the with question is often more effective when talking to management. They're often quite busy and may skim the email to judge the importance.
I find that when they skim they are very likely to miss the question and I usually have to bug them a couple times. If I lead with the question and make it concise and direct, it is often answered very quickly. ;) Yes, this is filler text to share my opinion.
In my experience, many tables don't have a userid on the table that would be associated with the user. It would be a table join or two or three away.
So the developer may think it is safe to say select value from stock positions left join account on account.id = stock position.id left join user_accounts on user_accounts.accountid == account.id left join users on user_accounts.userid == user.id where user.id == session.userid.
Safe right? We checked userid. But then clicking on the position to drill in on the position data, they just select * from stock_position where stock_position.id = params.stock_id... there's no "and stock_position.userid" on that table, and the developer might be too lazy to spin up the entire join again especially if you don't need account data for this view. Whoops, suddenly a vulnerable page query.
I imagine there are other ways to screw up. Like insecure cookies, and just checking cookie.userid, ah yes, you're the right user. Whoops, didn't realize cookies could be spoofed.
I'm in CA, single earner family, we don't pay even half of my salary in (property/income/sales) taxes. I'm not sure I agree with your sentiment.
I suppose if you decided to buy a property that was more than you could afford, and you're using credit card debt to buy more than you can afford, then you may have a large tax burden. Those are reckless decisions though.
I prefer to use `ls -lah` which always shows the dot files. It sure would be nice if these were placed in a different folder. Maybe ~/.../ to put all the things. Sure, cat ~/.bash_history would need to be cat ~/.../.bash_history which isn't as convenient.
But, I sure do agree with the frustration. My work machine has nearly a hundred hidden things. My Chrome usually downloads things to ~/Downloads/ but Firefox often likes to store the file in ~ which then is often hard to find when I jump over to a console.
I've made an effort to clean things up. Trying to set firefox to download to the Downloads folder, deleting everything personal out of the home folder. But, of course, then that just goes to prove that I do not have control of my ~ folder. I'm doing everything I can to keep my own stuff out of it. Which is sad.
My brother-in-law lives in LA, and parks there every day. He honestly tries not to get parking tickets, but he's been towed once or twice because the street wasn't clear. I know he isn't intentionally trying to break the law. I also got a parking ticket when visiting once. I very carefully looked at the signs, there were 2 other cars on that side of the street. I parked there, and went into visit thinking I was fine. I got back to a parking ticket, and looked at the sign again, and had Monday/Tuesday mixed up. I didn't intend to break the law. It is accidental.
Sounds like advertising. I don't want any ads in my imgur feed. I don't want any ads in the magazines I _BUY_ I don't want any ads in the movies I PAY to go to watch (trailers and "buy candy and popcorn clips").
If an email is an email about a thing or service which is related to my interests, but I don't recognize the company, I suppose that falls under spam, but that's better than random emails for prescriptions or scams.
I had already bookmarked this post because I love the idea. But your response is incredibly thought provoking.
I love the idea of moving to Alaska or Canada in the wilderness, and figuring out how to survive and stay connected.
I'm thinking on the fly, but I think I would be contributing to society. My specialty is web programming and software architecture. I'd even go so far as to call it an art form.
I encounter a problem. Sleep on it for a few days, then bam, things settle into place and I spend a couple days solid programming. Those days that I'm "sleeping on it" if I'm at work, I'm often distracted by day-to-day tasks that usually could have been handled by someone else.
I'm not sold on the concept one way or the other. I do like the idea of a middle-ground solution.
I really appreciate your counter-argument. Good to think about at least.