> And once you’ve realized this, the diploma starts to resemble Monopoly money. You have to start evaluating people on a case-by-case basis, instead of using the degree as a reliable proxy.
Would someone provide an example on how this tool could be used to test a REST API? I think I'm missing something here. I'm not seeing how a fake response endpoint lets me test my REST API (shouldn't my test code invoke the API and validate that the real response was correct?)
One usecase I can think of is when UI developers are working on a set of expected response from an API while the API is currently being developed by backend developers. Once the API is ready, UI devs can swap the uri.
It seems to me that it isn't for testing a REST API but rather for testing something that depends on one without having to deal with real integration issues.
Your test code should invoke the real API if it's testing the real API. If you're testing a REST client, on the other hand, then it's best to unit test on a controlled set of requests and responses. Testing on the real API comes later, when you're doing integration.
You can basically read anything from controls, and trigger callbacks at will, as if you had actually clicked a button or written some text. This means that you can write "expect-like" software -- just start up the program, and have another program read input from it's text fields and issue commands to it.
I have actually done a lot of this, putting old sourceless win32 and win16 programs run in the background on virtual machines on the server and building new web-based interfaces on top of them.
Actually it ranges from simple event spoofing (user clicked here, user dragged there) to injecting a DLL + spawning a thread under your control.
Event spoofing is pretty limited. While having a thread under your control gives you full power as you have full access to the process' memory and can call any function you want.
That's what I meant to use it for but the API is used at the root of applications to draw windows, handle mouse click events, accept keyboard input, create icons in the system tray and anything else that would involve Windows UI.
In the same way applications use the win API to create their UI, others could use it to manipulate and control the interface of other programs. It's powerful.
Encrypted communication is not very useful if you aren't sure who you are communicating with. Using a self-signed cert greatly increases this uncertainty.
I would agree with you entirely if I had more reasons to transitively trust the root certificates authorities than to trust the people I believe are building the website, because in reality I don't know any of them. Certificate authority getting hacked and issuing trusted certificates to not trust worthy people have happened already. You may say that you still put more confidence in a certificate that is transitively trusted by those your browser and / or OS vendor chose for you, but why? The SSL certificate system as it is now is highly unsatisfactory to me. I would prefer something decentralized like the GPG trust network.
