** UnhandledExceptionEventHandler :: OFFICIAL LC / CHATTER THREAD ** - Page 1429 - Computer Technical Help

Fair enough, in that case I don't have any guesses - take a look at what's going on with top or whatever command shows cpu usage on your system. With the default output of create-react-app, I have experienced very high cpu usage from the mentioned spinning SVG animation, likely because Firefox default was/is GPU acceleration disabled IIRC.

I think "replaced all the application code with different code that does something else" is a kind of important "step 1.5" to not mention when listing the sequence of events leading up to a problem, tbh.

Yeah good point.

Btw I think the problem is stupid ass SophosScanD - which seems to be going nuts. Of course you can't kill it or anything.

Also new Mac Pro here - this is the first time I've had any issues with the fan. I think it still is somehow related to the react dev server triggering SophosScanD or multiplying its terribleness or something. If I kill the server, the fan slows down. Well this sounds like it: https://github.com/webpack/webpack-d...er/issues/1180

I never use that ribbon thing as it's always on the stand at work. Whenever I have to type on that keyboard I go like half speed as my solar logitec mac keyboard - which is amazing.

Quote

10-12-2018 , 08:02 PM

#35702

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

"Please provide a friendly name for your service"

"FAIL: Your friendly can only contain 1 to 128 alphanumeric characters"

NOT FRIENDLY!

Quote

10-12-2018 , 09:27 PM

#35703

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Has anyone ever tried to manually verify a jwt token? I've got my token and my public key. I put it into jwt.io and it never verifies. Apparently it needs to be in PEM format?

But there is absolutely nothing clear on the interwebs about how to covert this public key to PEM format and jwt.io isn't helpful at all:

Code:

{
  alg: "RS256",
  e: "AQAB",
  kid: "vhcC3RDZ3funzlaA4oeIfeTN27jO89lCATATpceaMVI=",
  kty: "RSA",
  n: "j6aKgmaNbLkvm7BaTgmLNagTxqrWyW7hEr34radGNDsSL5uO_GezFWMNzLwqzRuNSR-ha2Jwk_RI1iMB6teqEJeNEoN3L24XCxKBxNIfnlDEBxGqPmWg7T_J_x4fReQBB8B_BemdwOrWd_DeJWD1D4rakEM_tJXov3G8-iV32moJhP5JHjzC_vQEacBg8k3PCC69tW0gcUD-IHspa4zStA3uJ8mm7G7-z9XwUlS_aGEY7JVYLHYeN9gnMzhBQfXrAW4rUt1Kdqb0sEJKJVD7ACLxW3Pu7P83jVR1DS9tebuIFj8Sx9QeP-64zRGR09QvpBxDasw9Ot7_C2xvMumZJw",
  use: "sig"
}

Quote

10-12-2018 , 09:41 PM

#35704

RustyBrooks

Carpal \'Tunnel

Join Date: Feb 2006 Posts: 24,647

A JWT token in it's native form is like
XXX.YYY.ZZZ
where periods delineate the parts of the message. What you have there is the decoded form.

Here's an example:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkI joxMX0.h6yq_fkDROBkxeQ8kcpsVwFsZPc-kiFokS6Uwwc8l6U

I'm not going to give you the secret, but you can decode it on jwt.io

I have no idea what your tooling is like, but for example in javascript it's like this
https://www.jonathan-petitcolas.com/...avascript.html

Quote

10-12-2018 , 09:59 PM

#35705

PJo336

THRILLHOUSE!

Join Date: Mar 2007 Posts: 22,158

Quote:

Originally Posted by suzzer99

Code:

{
  alg: "RS256",
  e: "AQAB",
  kid: "vhcC3RDZ3funzlaA4oeIfeTN27jO89lCATATpceaMVI=",
  kty: "RSA",
  n: "j6aKgmaNbLkvm7BaTgmLNagTxqrWyW7hEr34radGNDsSL5uO_GezFWMNzLwqzRuNSR-ha2Jwk_RI1iMB6teqEJeNEoN3L24XCxKBxNIfnlDEBxGqPmWg7T_J_x4fReQBB8B_BemdwOrWd_DeJWD1D4rakEM_tJXov3G8-iV32moJhP5JHjzC_vQEacBg8k3PCC69tW0gcUD-IHspa4zStA3uJ8mm7G7-z9XwUlS_aGEY7JVYLHYeN9gnMzhBQfXrAW4rUt1Kdqb0sEJKJVD7ACLxW3Pu7P83jVR1DS9tebuIFj8Sx9QeP-64zRGR09QvpBxDasw9Ot7_C2xvMumZJw",
  use: "sig"
}

This is a JWK (json web key). This is the format we use as well. Node has a super easy lib to make it a pem, aptly named jwk-to-pem

EX

Code:

import jwkToPem from 'jwk-to-pem';
import JWT from 'jsonwebtoken';

function verifyJwt(jwt) {
  return JWT.verify(jwt, getPem(thatThingYouPosted), {
     algorithm: 'RS256'
  });
}

function getPem(jwk) {
  jwkToPem(jwk)
}

You want to go down a real annoying rabbit hole, try doing it in ruby. Lol

Quote

10-12-2018 , 10:18 PM

#35706

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

We'd like to be able to verify it purely on the client side if possible.

Quote

10-12-2018 , 10:21 PM

#35707

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Quote:

Originally Posted by RustyBrooks

I am aware of how the token is formed. I am pasting the whole token into jwt.io. Here are my AWS public keys: https://cognito-idp.us-west-2.amazon...nown/jwks.json

jwt.io can read the token fine every time. But no combination of pasting some or part of these in the Pubic Key part of the Verify Signature section will ever result in a verified signature. Yes I am matching to the key with the same kid property.

What exactly am I supposed to paste in the box where it asks for a public key? This is what I have.

Code:

{
  alg: "RS256",
  e: "AQAB",
  kid: "vhcC3RDZ3funzlaA4oeIfeTN27jO89lCATATpceaMVI=",
  kty: "RSA",
  n: "j6aKgmaNbLkvm7BaTgmLNagTxqrWyW7hEr34radGNDsSL5uO_GezFWMNzLwqzRuNSR-ha2Jwk_RI1iMB6teqEJeNEoN3L24XCxKBxNIfnlDEBxGqPmWg7T_J_x4fReQBB8B_BemdwOrWd_DeJWD1D4rakEM_tJXov3G8-iV32moJhP5JHjzC_vQEacBg8k3PCC69tW0gcUD-IHspa4zStA3uJ8mm7G7-z9XwUlS_aGEY7JVYLHYeN9gnMzhBQfXrAW4rUt1Kdqb0sEJKJVD7ACLxW3Pu7P83jVR1DS9tebuIFj8Sx9QeP-64zRGR09QvpBxDasw9Ot7_C2xvMumZJw",
  use: "sig"
}

Quote

10-12-2018 , 10:28 PM

#35708

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Hmmm, I'm guessing you could verify jwt token signatures on the client side with this: https://github.com/michaelrhanson/jwt-js

But that's asking the client to add a ton of code just for one little task. I think maybe doing it server side is best.

Quote

10-12-2018 , 10:53 PM

#35709

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Well I think I've gotten somewhere by stripping all the whitespace out of my JSON object and base64urlencoding it (not base64). At least this online tool doesn't complain about the public token not being the right format any more. But it still says my JWT is invalid.

Do you guys actually validate the signatures on these things, or do you just trust them for an hour or whatever?

Quote

10-13-2018 , 12:21 AM

#35710

RustyBrooks

Carpal \'Tunnel

Join Date: Feb 2006 Posts: 24,647

I don't use RSA keys, because although we have "client" and "server" the client is really just another server we control, so we use HMAC which is just a shared secret. You need to verify the keys, or there's no point in using JWT, really.

I've never seen keys in the format you have them in. From googling they look like "java web wey" or "jwk".

RSA key usually look like what you'll find in your .ssh/id_rsa.key and .ssh/id_rsa.pub. Googling around again I see lots of tools that are intended to convert jwk to pem. AWS cognito docs themselves have some information about this
https://aws.amazon.com/blogs/mobile/...h-api-gateway/

Quote

10-13-2018 , 12:26 AM

#35711

RustyBrooks

Carpal \'Tunnel

Join Date: Feb 2006 Posts: 24,647

AWS's advice, btw, to is grab the jwk once, convert it to PEM and then upload the PEM with your lambda, instead of converting in the lambda, which seems like good advice, although one wonders why they don't just give you the damn PEM?

Maybe some verification tools prefer the jwk and some the pem, fiik.

FWIW the "e" key in your jwk is the exponent and the "n" key is the modulus, there are algorithms for converting that to the full key I think. I believe they're both base64 encoded.

Something like this might work
https://superdry.apphb.com/tools/onl...-key-converter
just paste you exponent and module in the XML input.

Quote

10-13-2018 , 12:59 AM

#35712

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

I got it working on the client end with this: https://github.com/kjur/jsrsasign/wi...T-verification

And as a lambda with this: https://github.com/awslabs/aws-suppo...ode-verify-jwt

I looked at the client side and it's converting the key modulus into a BigInteger - console.log displays it as pure 64-bit binary. Crazy.

Client-side is a pain imo because some of the apps will use our IDM but will have their own front and back ends. So they'll have to scan the public keys until they find a matching kid property and then use the client library above to verify the key.

So if they have to go to a server anyway I'm going to push for them to just send the token to our lambda and we'll verify it for them. Then they can trust it for an hour or whatever.

Quote

10-13-2018 , 03:11 PM

#35713

goofyballer

Carpal \'Tunnel

Join Date: Jun 2005 Posts: 70,719

Interesting article: Canada trying to snap up Silicon Valley immigrant talent

They're offering a much more flexible and promising alternative to H-1Bs:

Quote:

Two weeks: That’s how quickly a foreign technology worker in Silicon Valley can get an employment permit from Canada. In the U.S., that process takes months.

Quote:

Rather than simply get a work permit, Khandelwal opted to obtain permanent residence in Canada — the equivalent of a U.S. green card. It took about six months. In the U.S., Indian H-1B workers like him wait years, if not decades, for a green card. Later this month, Khandelwal plans to launch his startup’s artificial-intelligence-based parking-technology product.

Quote:

Two years ago, software engineer Vikram Rangnekar, an Indian citizen, emigrated from the Bay Area to Canada with his wife and two small children. He left behind a region, and a job, he loved.

“We would go to Santa Cruz all the time,” recalled Rangnekar, 36, who lived in Saratoga. “I used to love to drive Highway 17. It was like a racetrack. We were one of the few families who would drive up to San Francisco every weekend.” Working at LinkedIn, he said, was “the best thing ever.”

But even though he had spent six years on an H-1B visa, a green card seemed no closer. And the H-1B locks employees to the company that obtained the visa. Rangnekar wanted both a sense of permanence in his life and flexibility in his career. The family moved to Toronto, where he now works for a tech startup and in his spare time runs the Mov North web forum for people interested in relocating to Canada.

Quote

10-14-2018 , 09:22 PM

#35714

microbet

Solar Powered

Join Date: Jan 2005 Posts: 56,477

I have a repository on github and a laptop and my day goes like this - at least in regards to one file in particular.

1. git pull origin master // now my laptop is in sync with what's on github
2. I do a bunch of ugly stupid stuff that I just want to throw out
3. git pull origin master // I feel like this should return my file to being the same as
// what's on github, but it doesn't and git says:
// "Already up to date."

I have saved the file and turned the computer on and off (can't just undo changes), but I haven't committed. I don't want to roll back to the last commit on this computer - I had worked on a different computer and committed and pushed and then pulled onto the laptop. I want to rollback to the last pull.

It would not be hard to copy and paste the file, but I'm trying to git it right.

Quote

10-14-2018 , 09:28 PM

#35715

jmakin

banned

Join Date: Jan 2008 Posts: 30,120

a pull, by design, will not overwrite local uncommitted changes. If you try, it will fail, unless you stash it first. A git pull is essentially a git fetch followed by a merge. Since you already have the most up to date version of master on your local machine, it will tell you up to date. If by some chance there were committed changes to master in the meantime, and those changes clash with your local changes, it will fail.

There are a few things you can do - just go up a directory and clone a new directory from master (probably what I do because I'm lazy).

Or, before you want to do these nasty local changes, checkout your own branch with $ git checkout -b <branch name>. When you want to go back to whatever's in master, do a git stash or commit your local changes or whatever you want to do, and go back to master with a git checkout.

Quote

10-14-2018 , 09:32 PM

#35716

jmakin

banned

Join Date: Jan 2008 Posts: 30,120

disclaimer: I am very bad at git commands but I am getting much better in the last 2 months.

Quote

10-14-2018 , 09:37 PM

#35717

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Quote:

Originally Posted by microbet

Like jmakin said - pull just keeps you up to date with remote, it doesn't wipe our your work.

If you want to throw stuff out either stash it, or you can stop being a hipster and use SourceTree - discard file:

You can also discard individual hunks or lines.

Last edited by suzzer99; 10-14-2018 at 09:51 PM.

Quote

10-14-2018 , 09:41 PM

#35718

jmakin

banned

Join Date: Jan 2008 Posts: 30,120

Haha we’re not really allowed to use anything with a UI at my work for anything meaningful. It’s amazing to me that just ~8 months ago I’d basically never used the command line (just ask barrin lol) and now the thought of using some other application gives me hives. I have to do some stuff through UI on jenkins and github (tagging and pushing releases is way easier for me through github website).

A big part of my major refactor to our automation was getting away from everyone developing scripts inside the jenkins UI, which is an absolute nightmare. I can develop scripts so much faster now that we got away from that.

Quote

10-14-2018 , 09:50 PM

#35719

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

My boss literally told a dev he had to use a gui git client and not the command line. I can't imagine if that had happened to a ton of posters itt.

To be fair this guy is pretty raw - not some command line rock star like everyone here

Quote

10-14-2018 , 09:51 PM

#35720

jmakin

banned

Join Date: Jan 2008 Posts: 30,120

That would probably break my boss’s brain

Quote

10-14-2018 , 09:54 PM

#35721

microbet

Solar Powered

Join Date: Jan 2005 Posts: 56,477

Thanks. Hmm, copy paste sounds easier than cloning into a new directory. I'm going to do it after walking the dog though, so any other comments or "no don't copy paste" will be appreciated.

Seems like I should probably be doing something like checking out before starting to work and stashing or something. A lot of meta-work, but it must be necessary since everyone does it. :shrug: I have a lot to learn, but a deep dive into git and github will have to wait at least a week or so.

Quote

10-14-2018 , 09:55 PM

#35722

microbet

Solar Powered

Join Date: Jan 2005 Posts: 56,477

Quote:

Originally Posted by suzzer99

You can also discard individual hunks or lines.

I browsed 2p2 on lynx for the first couple years I was on here. The gui will have to do a lot to win me over.

Quote

10-14-2018 , 09:55 PM

#35723

jmakin

banned

Join Date: Jan 2008 Posts: 30,120

A git clone is just one command and way less clicking, but i am a big believer in doing whatever’s easiest for you

Quote

10-14-2018 , 09:58 PM

#35724

suzzer99

Save the Cheerleader, Save the World

Join Date: Nov 2005 Posts: 99,984

Quote:

Originally Posted by microbet

I browsed 2p2 on lynx for the first couple years I was on here. The gui will have to do a lot to win me over.

It does exactly what you are trying to do - make a bunch of crazy changes, or debugging stuff, then walk through them and decide which to keep and which to throw away. There is no command line equivalent that's anywhere near as easy. Except stash - but that stashes everything. You can't pick and choose.

When you're talking about creating a whole new repo as an alternative that should tell you you're doing something too hard.