The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Doesn't matter what you learn: the "employer" will always require at least one more obscure tech skill that you don't have.
Eventually, you will stumble into something you haven't dealt with before and that will require you to learn a completely new skill set in a week (because saying you don't know how to do something is lame).
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
I ran into the same issues that you experienced with ASP.NET MVC. IN 2010 I worked on one of the largest MVC projects in the United States at the time.
Though we accomplished a lot, the project was canceled due to massive management issues between the client's management and my own firm's own management.
However, the decision to use ASP.NET MVC played a major factor in this cancellation due to the fact that there was little way to accommodate large requirement changes to the interface.
As a result, after I left this assignment I gave up working with MVC and stuck with WebForms for the rest of my years in corporate positions and consulting contracts. And now that I am retired and working on my own development projects, I still won't consider relearning MVC for web development.
To begin with, there is nothing new or radical about the MVC paradigm. It was actually designed back in the 1970s.
ASP.NET already had a complete implementation for MVC with the Castle Project's, Monorail Environment. It was Open Source and completely free to implement with full documentation but it didn't seem to register with the larger technical community.
When Microsoft introduced their own version of ASP.NET MVC it was a complete mirror image of the Castle Project's implementation. I always wondered if they had made some type of deal with the people at the Castle Project.
In any event, many developers claim that ASP.NET MVC provides better performance and a superior separation of concerns among other positives. However, this is all complete nonsense since the negative aspects of MVC detract so much from its benefits as to neutralize them completely.
If you design a WebForms application properly and use the recommended hardware and application server recommendations that have been developed over the years, ASP.NET WebForms can be blistering fast. And in some benchmarks has equaled or exceed the capabilities of its MVC sibling. And the bigger the MVC application, the larger the routing requirements, which have always been a large bottleneck for MVC since it has historically relied on Reflection (unless that has been changed in the most recent version upgrade).
The problem with WebForms is the same with most technologies; people make a mess out of their implementations and then blame the environment for the issues. This has been particularly attribute to many developers loading up Code-Behind modules with everything but the kitchen sink when in fact this module was only supposed to act as a dispatcher for other tiers. However, what happened here was that many organizations didn't support actual tiered development and threw everything onto an IIS application server even when the assemblies were supposed to act as separate tiers.
The benefit of having multiple, physical tiers was proven in the 1990s but no one was paying any attention.
ASP.NET MVC then took off because many developers, especially the newer ones to our profession, were under the misguided perception that it would cure the WebForms bloat, much of that being the fault of the developers themselves with quite a bit of help from the hardware people who wouldn't support physical tiers.
To add injury to insult, new paradigms came to the fore (ie: DevOps), which relied on the so called faster developments of MVC under the Agile paradigm. As a result, what you have now is the equivalent of a software version of the US Air Force's F-35 fighter; a development environment that was premised on an existing concept that was never designed for large scale development. In the case of the F-35, the US Marines insisted on the basis of a flawed air-frame design that had already been proven to be unfeasible for multi-role purposes (ie: the Marines Super Harrier, which was designed for immediate ground support and light interceptor work based off of the British Harrier design. This latter design was fought to a standstill by the Argentinian Air Force during the Falklands War in the 1980s.).
I suggest that Microsoft is looking for a compromise between the MVC and WebForms paradigms, considering that a whole new slew of components will have to be designed to take advantage of Blazor. And will this mean an option to return to the use of server-side controls?
And here it comes from Microsoft; a possible return to a very new WebForms...
"Microsoft is also working to implement Razor Components, or server-side Blazor, in version 3.0, which integrates Blazor into ASP.NET Core and allows it to run on the server with .NET Core. This can greatly help the compatibility of web apps, as the same code can run on many of different devices using WebAssembly, without any code changes required. .NET Core 3.0 doesn't have a set release date yet, but it will be available in public preview later this year."
Our large bank recently changed their Android app so you can no longer paste a password.
This is a MAJOR problem if you're using a password manager. I don't type passwords any more.
I contacted them (via their Twitter support) and explained that this is a security fallacy that pasting is dangerous.
Also, you can still paste a password when you login on their web site.
I wanted to mention that to them but was afraid they'd stop it there too.
May Only Prove That The Bank Devs/ Contractors Are Clueless
To me this only exposes the fact that the developers or security contractors or whatever actually have NO CLUE about WHAT SAFE PRACTICES are.
They could even remove copy functionality separately and I would be ok with that. But how could the paste functionality EVER be an exposure? They are just so clueless.
EDIT 09/24/2018 Look what I found from the National Cyber Security Centre: Let them paste passwords - NCSC Site[^]
And it provides additional links as to why pasting should be allowed.
I tweeted this to the bank site.
But accounts aren't broken into by repetitive copy and pasting. One hacker told WIRED that disabling paste on a webpage does not stop him from using automated tools to speedily gain access to users’ accounts.
A large bank will have a dedicated team of security idiots people who will listen to the latest gossip, read what is shoved under their nose and get the developers to implement the policies they think up. If there is nothing to change they will think up something to do, a team has to justify his existence.
You cannot blame the developers for such idiocy, they may even have protested the change.
Never underestimate the power of human stupidity
security idiots people who will listen to the latest gossip, read what is shoved under their nose and get the developers to implement the policies they think up. If there is nothing to change they will think up something to do, a team has to justify his existence.
That's a great explanation and exactly what I thought.
Mycroft Holmes wrote:
You cannot blame the developers for such idiocy,
Very good point and I guess I was really thinking of the security team...not the devs.
Over all it is just craziness. Making things unusable so the security team can feel like they're doing something important.
Trying to keep in front of the bastards attempting to hack the banks must be a nightmare.
Yeah, I can agree with that. But, it seems like they'd focus on creating the smallest exposed footprint and work on that instead of things like the paste feature.
I can't actually imagine the security people explaining how the paste feature could be dangerous.
Security guy: So, yes, we must remove the user's ability to paste into the pwd field because it is extremely dangerous. It's huge security hole. Bank's IT Manager: Can you give me 2 examples of how pasting into that field would be dangerous? Security guy: Well, they could paste special extended characters, maybe? Bank IT Manager: Shouldn't the back-end handle that? Security guy: well, they could paste um...errrr...well, pasting is just bad that's all. Andy why would any legitimate user want to paste? I think only crackers paste.
I swear they actually WANT their customers to have their accounts ripped off.
It really does feel that way in some of these cases, because the logic they use is so bad.
I also know that many only allow your password to be only 16 chars in length (or shorter) even though password length is the one thing that actually strengthens passwords. It's crazy.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
I completely understand your frustration. I also hate websites (mostly banks) that disable pasting on their websites and just for gigs, they'll need me to type certain things like account numbers, BSB code, etc. twice.
I use Don't F*** With Paste[^] extension on Chrome and tell them straight off. I'll copy, paste, cut, do whatever the hell I want on my computer. I will treat any entity that assumes an intellectual high-ground (while knowing next to nothing about security in reality) with great disdain, and will override their "security rules" with extreme prejudice.
I'd have rambled on a bit more if this was the soapbox, but the kid sister is watching so I'll go play merry-go-round instead.
I will treat any entity that assumes an intellectual high-ground (while knowing next to nothing about security in reality) with great disdain, and will override their "security rules" with extreme prejudice.
I think disabling paste in password boxes are a great idea when it comes to securing customers, their data and money. Please tell me what you think of me now (give your best shot!).
BTW, thanks for that extension.
As far as I'm concerned...considering the number of Android devices out there that have known exploits that'll never be patched, because OEMs can't be bothered...all banks should block Android altogether.
I rarely side with banks, but Android device vendors are downright irresponsible. IMNSHO.
Ok, I can accept that Android devices are vulnerable. That's fine.
But, then, the resolution for the bank is not to disallow pasting...it is to disallow the use of an Android device altogether. In other words, they shouldn't have ever created an Android app in the first place. I would accept that decision more readily than the blocking paste solution.
But then that would mean they needed to block the web site from Android Web browsers too.
It would be interesting and funny if the bank just came out and said, "Sorry, you can only use our e-banking via Apple devices."