The other responses answer your direct question, but I was confused about similar flows when learning about SAML so I'll comment in case this is helpful.
SAML is just an authentication protocol, it doesn't really handle user provisioning. Which was confusing to me, because any time you'd use it you typically also need some kind of provisioning mechanism.
SAML does have a concept of "just in time" provisioning, which is what I've seen small SAAS companies typically support when they say they have SAML support. But basically all it can handle is creating accounts in the SP the first time a new person logs in (with valid credentials signed by the IDP). For user provisioning though what you really need is full programmatic CRUD access for accounts in the SP, which is outside the scope of SAML. I don't really understand why the SAML protocol bothers having such half-baked support at all, because you immediately run into issues. For example, giving some users different permissions than others in the SP, or updating accounts in the SP that already exist.
For user provisioning, for SPs that support it you can use the SCIM protocol alongside SAML, which gives you full control over provisioning accounts the way you need to. Then for instance instead of just logging someone out of the SP when they were removed from the IDP, it can fully deprovision the account in all your SPs as well so you're not left with orphaned accounts sitting around.
This was my gut reaction when I first learned about graphql, but in practice when I used it it didn’t end up being an issue (although we didn’t have to run at particularly large scale).
If your data models are pretty well structured, then basically every graphql object is a single table that you get by an indexed field, and traversing relationships can each do a where in query on the indexed id field. The parameters you expose on queries should be for indexed fields. So in practice, you’re not really autogenerating any particularly expensive queries, and if you assume the client isn’t asking for tons of data they don’t need, it’s not much different in query patterns than rest. Except that in some cases, the client can omit fields or related objects instead of re-using the rest route that’s a superset of what they need, so you can save resources sometimes too.
Then on top of all that, you have the option to not auto-map certain queries to the orm in special cases that are more complex, so you always can still write the code yourself to be more strict about what you allow. For writes, you typically would always do this to control exactly which fields you write.
> This makes the piracy route become more and more attractive again - and I don't like that this is the case. I want to pay people for their content.
People like to say this, but, no offense, it just doesn't seem true. It sounds like a justification. (And I'm not judging, I'm just not convinced by this reasoning).
Signing up for 3-4 streaming services is pretty easy. If you use something like an apple tv or fire tv you can even use a global search that links you into the app where the content you searched for lives. If you're willing to pay per episode or movie to rent or buy everything you watch on itunes or amazon, it's even easier and you can get almost anything instantly.
I do agree that in general, the more different streaming services are released the more that people's incentives are starting to tip back towards pirating. But I don't think there's much other reason beyond just cost.
To be clear, I don't pirate and haven't except for niche stuff that I can't get my hands on otherwise.
If money was tight and I didn't have other hobbies I might consider it. But at the moment selling me 3-4 streaming services for $80 a month when I can just watch youtube instead, or pick up a good 4 year old game for $10 is a tough sell to me.
There's excellent Plex servers for <$10/month, which give access to tens of thousands of shows and movies, with the guarantee that anything remotely popular is part of that offering. Versus the more legal option of paying hundreds of dollars a month to access content spread between 5-10 different apps, with stupid limitations such as "no offline viewing" or "check in home every n days", not to mention the incompatibilities due to DRM etc.
I mean I can subscribe to 5 different streaming services and pay $50-60/mo, and how far away are we from having a service that provides a collection of streaming services (i.e. cable TV).
The problem that's happening lately is that streaming services were a way to get away from the expensiveness of cable, but now we're returning the the exact same problem we had then.
Would you normally recommend running tekton in its own k8s cluster, or within the same cluster that runs production workloads? (Particularly if running in something like gke or eks)
It's a joke to say anything else. If a scooter can get hit by a car and mess up the car, we've gotta do something about this nuissance! If a scooter takes up 2 sq ft of space on a curb in between rides, they're ruining our streets! Capitalism run amok! But the entire row of cars parked for free a couple feet away? That's great. Not to mention, tens of thousands of lives lost every year? All good, nothing wrong with that.
It's also got absolutely nothing to do with people vs corporations, using that dichotomy here is absurd. Car makers spend hundreds of millions of dollars a year advertising to people to get them to buy more, bigger, more expensive cars. Not to mention, cars are even often leased or rented. I don't see why the business model of rental vs one-time purchase matters, but even if it does matter to you for some reason, cars and scooters are both rented!
IIRC the latest revisions of sb50 in California would have rezoned the whole state to allow fourplexes (while still upcoming even higher to 5 stories along transit corridors).
But it was blackholed for at least a year by the supreme chancellor of the senate (or whatever her official title is) even though it likely has enough votes to pass if it would have gone to the floor.
Even if the cost premium wasn’t an issue, who has the geometry in their living room to be able to take advantage of an 8k resolution? Even 4K is hard to take advantage of in a living room setting, you need a huge tv with your seating set up very close to it.
Biggest annoyance with the iMac though is you can’t, say, work from home with your work laptop and plug it into the screen.
This is another case with macs where the situation 8 years ago was much better since they used to have target display mode. From what I understand, they killed it because they needed to use a custom format to drive the 5k screen initially. Now regular DisplayPort 1.3 and 1.4 have enough bandwidth for it but there’s been no mention of bringing the feature back.
That’s why I said I'm not spending my own money on a development class laptop. I have the same Bluetooth keyboard and mouse at home and at work - in other words, I don’t care about the keyboards on the MacBook Pros. Decent regular monitors are cheap. If/When I do get a 5K iMac for person use, my current two monitors will be attached to it for personal use and attached to my work laptop when I bring it home.
Well, if your work machine is a laptop (and that is the only reason you can take it home) you need to use it, if you want to work at home, hence the need for an screen to attach, which you cannot do, if your screen at home is in fact an iMac. (Work data of course stays on the work machine, everything else is a huge no-go)
On this topic I am always surprised to notice, walking around downtown SF on a weekday that literally every single parking space is taken up by a work truck, like a contractor, repair person, plumbers, etc.
That’s pretty crazy when you stop to think about it. The space isn’t actively being used all day, I’m guessing these folks just know the right time to get there early after street cleaning to get a spot they can sit in all day because it’s cheap. Is there really no better use for this public space on some of the most expensive land in the world? Surely they could unload their equipment and then go park in a garage around the corner.
So to your broader point, yes obviously there needs to be some way to get heavy equipment, furniture, etc into cities. But there’s no reason it needs to be the extreme it is today, with so much priority given to private cars and parking.
It's honestly terrible for newbies. If they try to use it, there's no pip included. So then they easy_install all their libraries which installs things into different places than most python devs will be used to. Or they easy_install pip first. But even still, everything is installing to system paths, so when they try to install things it fails with permission errors. They find a stack overflow post that says just "sudo" everything and they go to town. And there's no way to reset anything when it gets borked either because it's the system install.
Compare that to "brew install python". Now you have the most up to date version, with the right permissions for your user, that you can always brew uninstall and reinstall later if you need a different version or a clean install.
So you're saying Apple should adopt brew as default package manager and install all system tools using brew? I could get behind that, but just dropping everything without replacement makes it harder for first-time programmers.
you can always brew uninstall and reinstall later if you need a different version
That is the wrong way to do it. Just install pyenv/pipenv to manage different Python versions. It's dead simple to maintain system Python, Python 2.7x, and Python3.7.3 that way.
Yes but I’ve never seen someone new to programming that bothered trying to figure out pyenv or similar. Even a lot of moderately experienced devs don’t bother with it. I guess it’s hard to realize the benefits of keeping environments organized until you’ve been burned by it.
Sure you can do that, but why would you want to install and re-install different versions of Python depending on what you needed at the moment? Pyenv manages all that nicely. You can have 2x and 3x side by side without having to reinstall and uninstall anything.
> You can have 2x and 3x side by side without having to reinstall and uninstall anything.
You can do that anyway, `python` is always Python 2 (except on Arch where `python` is Python 3 and the Python 2 executable is `python2`) and the Python 3 executable is called `python3`. `pyenv` is more for keeping multiple minor versions of the same major version (e.g. Python 3.6 and Python 3.7) around at the same time.
`pyenv` is more for keeping multiple minor versions of the same major version (e.g. Python 3.6 and Python 3.7) around at the same time
Actually, it doesn't have to be multiple minor versions, it can be any version–major or minor. It can even be Iron Python or Jython. Anyway, the point is that it's smart not to touch system Python on macOS. So when I run:
`$ pyenv versions`
My output is:
`system
`2.7.16
`* 3.7.3 (set by /Users/wyclif/.pyenv/version)
Dead simple and easy to use. Much better than overwriting and reinstalling when you need a different version for a specific project.
Homebrew is not perfect though - it doesn't handle multi-versions (e.g. 3.7 and 3.8 running in parallel), which were working fine with Apple's Framework mechanism. Pyenv is superior in that respect (although it's fundamentally a hack). But I agree that brew does a better job for newbies than Apple's system python.
SAML is just an authentication protocol, it doesn't really handle user provisioning. Which was confusing to me, because any time you'd use it you typically also need some kind of provisioning mechanism.
SAML does have a concept of "just in time" provisioning, which is what I've seen small SAAS companies typically support when they say they have SAML support. But basically all it can handle is creating accounts in the SP the first time a new person logs in (with valid credentials signed by the IDP). For user provisioning though what you really need is full programmatic CRUD access for accounts in the SP, which is outside the scope of SAML. I don't really understand why the SAML protocol bothers having such half-baked support at all, because you immediately run into issues. For example, giving some users different permissions than others in the SP, or updating accounts in the SP that already exist.
For user provisioning, for SPs that support it you can use the SCIM protocol alongside SAML, which gives you full control over provisioning accounts the way you need to. Then for instance instead of just logging someone out of the SP when they were removed from the IDP, it can fully deprovision the account in all your SPs as well so you're not left with orphaned accounts sitting around.