Twitter is like trying to watch a football game where all 40,000 members of the audience have a microphone and each think they should be the announcer.
You turn the TV volume off, but members of the media have been perusing the seats for a interesting cherry-picked "announcer". Finding one, they parrot it to the rest of the world and that guy's opinion shows up on your phone anyway.
It's interesting to note that the data Google stored was more alarming, though was taken up at the bottom of the article and with less detail. It also didn't make the headline. This is because bashing Facebook gets more views currently. This is a good example of how media bias can distort opinion, while maintaining that all data stated is accurate.
In other words, it's not enough that media is accurate. Bias is just as important.
I am just wondering what happens when there is a vested interest in attacking or suppressing the company involved.
For example, if a company becomes unpopular on social media and by "public opinion" (such as Facebook right now), a court can feel pressured into a slanted decision. Given that so much is now based on opinion, what defense does the company have?
It seems that if someone had the intention to nail a company on GDPR as a PR attack, regardless of the amount of effort the company put in, they almost certainly could.
Perhaps you could describe how you would pressure a judge successfully?
I often see comments like this, abstract what ifs without any details on what.
So, try to illustrate what might happen. Also, describe what protections the judges might have against this. It’s a useful mental exercise and you might realize that it’s a fair bit harder than posting on 4chan or Twitter.
Well I'm talking about exactly that - social pressure.
Just because popular opinion (aka the vocal social media / news / social media echo chamber) approves of something, it doesn't mean it is correct.
Governments and courts have definite pressure to legalize marijuana, for example. That pressure is based on popular public opinion. Therefore approving it gives that legal body or state acceptance / goodwill. This is an incentive that goes quite far.
I don’t think this deserves to be down voted. It’s a valid perspective I think shared among those that are, perhaps, removed from legal specificities and their make-up.
I also think this point resonates fairly well in smaller courts (read as maybe more rural areas) where the legal system is closely tied with the social system of the area and there are indeed LOTS of incentives to introduce, we’ll calm them, ‘alternative judgements’.
All that said, I think law has to be appropriately ambiguous in order to remain relevant and applicable through change and societal adaptation in norms. Hence, case by case context.
This is why it looks to contain so much flex in the language. Right and wrong is implicitly an ambiguous and ever changing notion, described and defined only by the same body of individuals that mutually agree to uphold it. It’s fluid.
However, I also see the perspective that the fluidity of societal definitions and the increasing ease through technology to greatly influence a vast chunk of that populations opinion, can make these things misalign with ethical appropriateness. See the Nissan.com website case or any other number of court cases that clearly concluded under the coercive pressure of the more powerful/wealthy party.
I've been developing for 10 years. I have never had a team, so I have had to build each stack from scratch, myself, including the research and decision making of each tool to use in the stack.
I've put together about 4 generations of systems in this time, each with entirely fresh stacks. The first was pre-build-tools, so I had to write my own module loaders and bundlers from scratch.
The latest web stack uses containerized deployment in a micro service architecture, sql, nosql, rest, graphql, a jwt-based authentication gateway and a modern front end stack.
You don't need anyone else's signoff to consider yourself for any role. By default, you're the most powerful person in your life, but when you allow other people to tell you what you are, you wind up giving away some of your power. This is particularly true in interviews, where another person who doesn't know you is judging you based on a sliver of who you really are. Your job is to define what you want, then show the sliver that aligns with what the world expects from you.
Author here. There seems to be a lot of discussion over use cases. Here's the use case I built it for:
All traffic for my (large) application hits a load balanced API gateway. Its role is to authenticate and forward requests to one of many services.
The gateway is the only point of exposure to internal services. After something has cleared the gateway on a route with roles approved for that user, there is little worry about security. Certificates between servers and containerized deployments such as Kubernetes help on this as well.
I'm not going to write email-sending logic in my gateway. It just handles AAA and then proxies the request.
By forwarding to microservices instead of a monolith, I can scale workload better and have less risk of a mail bug taking down other services.
> Also, what is ":user" - how do you define the way an account is found in the tree?
That checks sAMAccountName, which is unique. Searches that can return multiple results will do so.
> Why are their dedicated endpoints for password, expiry, enable/disable/unlock. These are all just attributes on the user object.
It wouldn't be very user friendly to require a PATCH so a user can change a password. All of these operations are quite granular. You aren't going to enable an account and change a password at the same time very often.
The overriding drive in building this was ease of use, because that bugs me with AD. I'm definitely open to suggestions, though :)
Only in Microsoft's schema. If you want to work with just AD, thats fine, but you shouldn't claim to be LDAP compatible if you only work with a single vendor's schema.
> It wouldn't be very user friendly to require a PATCH so a user can change a password
Why? It's a REST API, you're talking to it from code, you aren't asking users to write curl requests.
> You aren't going to enable an account and change a password at the same time very often.
I see you've never worked in a support environment before. If the account becomes locked, its usually because the user tried the wrong password too many times. So, they contact support who can unlock it, and invariably will need to reset the password at the same time.
> I'm definitely open to suggestions
Well I think you need to decide if its targeting AD specifically or any LDAP directory server. If it's the latter, it needs to be a lot more configurable .
For what it' worth, I definitely understand the basic premise of your project. I'm a big believer that people end up re-inventing a lot of things that Directory Services has had working since the late 90's simply because it's too different to what they're familiar with.
Well, thanks for that. I've actually had to deal with it for quite a while, believe it or not. And the current design is working out for my use. I do hope it does help others.
