There's complicated authentication schemes around hmac that tries to do this, but if you're putting that much effort into it you might as well give up and use https.
Some of these include a nonce and/or are deployed over TLS to prevent replay attacks and avoid sending bearer tokens over the wire. AWS sig v4 and RFC7616 come to mind.
Even if the copy the header, they can only perform a replay attack, which is an improvement over leaking an API key. Also, you could include a timestamp in the signature to limit the amount of time it could be replayed.
It’s preventing the theft of the API key. The attack can, at most, replay that specific request (which you could also mitigate with a nonce and expiration).
Are these real jobs? Where are they operating and has anyone verified their effectiveness? In the last decade, I haven’t seen the poop problem get any better in the Mission, SoMA, and the Tenderloin…
> Are these real jobs? Where are they operating and has anyone verified their effectiveness? In the last decade, I haven’t seen the poop problem get any better in the Mission, SoMA, and the Tenderloin…
It's interesting to note which jobs get this treatment ("is X doing its job? The problem X supposedly solves isn't getting any better) and which jobs get the opposite treatment ("X is clearly necessary, because without them the problem X solves would be even worse).
The main things that come to mind for me are:
1. Sometimes Spotify will refuse to play certain songs & won't give any indication of why. Closing and reopening the app seem to fix it. Or sometimes switching to a different device fixes it.
2. My listening history isn't carried across devices for some reason.
3. The contents of "daily mixes" and other generated playlists seem to change depending on the device being used.
It's not quite enough to make me use a different service, but it's annoying not being able to just pick up my phone and continue where I was on my computer
No necessarily. It depends on what has lead to the need for a rebuild. Sometimes there weren't previously the resources to "do things properly", Sometimes a feature might only added for a specific client, etc.
You need that previous knowledge to know the "why" of things & if that why is still valid.
IMHO it's more dangerous if you're working with experts who don't want to improve the system.
it would be great to be able to choose a series of events (e.g. d-day or the Beatles tour in 1967) and see the progression of events across a map in the order they happened.
or to get a cross section of all the events that happened on a given date around the world or in a chosen area.
edit: after exploring further I realise some of this is already possible. again, a great idea!
Thanks - as you say, if you search for a thing you will see the events with lines between them showing the progression of events in chronological order.
You can use the time bar on the top to alter the date range, and there are "favourite" era's selectable at the drop down down the bottom.
I totally agree with this.
There is no bigger disservice to your team or company than being the guy in charge whose knowledge is 10 years out of date.
That doesn't just apply to technical things either. It's an easy example to talk about the project manager who cut his teeth writing procedural code in QBASIC and has an unrealistic grounding. It also applies to the store manager in a fast food restaurant who hasn't made a cheeseburger.
I think those are two different jobs. On one hand you have the Product Leader, whose job it is to stay on top of the technology that drives the product, and to be aware of the codebase. On the other hand, you have the Team Leader, whose job it is to facilitate communication between team members. To make sure team members are productive and happy.
