Oh, security!


We’re using Slack at work, extensively. Package builds, pipeline failures, merge requests, triggered package upgrades and migrations etc all creates a message in Slack. And in these remote-work times, its importance is only increased.

But I don’t like it.

People generally hate it because it uses Electron and thus it’s relatively heavy on resources & battery. I don’t care about that too much, since getting the new laptop. But every day items we “have to” do in communication apps making me sick. For example, I eat lunch every day. That means I need to leave my laptop every day. What should I need to do?

  • Open Slack
  • Notify people on my team’s channel
  • Click on my profile image
  • Click “Update status”
  • Click the template “Lunch”
  • Change the timeout from 1 hour to 4 (that’s the fastest option to choose and I have a baby)
  • Click “Save”
  • Click on my profile image again
  • Click “Set yourself away”

Since this is an action that I do every workday, I wanted to automatize1 it. So I went to Slack documentation to check what should I do to utilize the API and do these actions.

It was possible, but now it isn’t. They phased out personal tokens and introduced a new way which requires to have an “application” to do anything. Personal tokens were allowing a user to do stuff which a user can normally do; send messages, change state etc. What a fundamentally broken idea, right? Now I have to convince my company to allow my “Gürkan’s lunch application” to be added in our Slack workspace. Way better.

Reminds me a Torvalds quote (after realizing adding a printer needs admin account on Opensuse):

Whoever moron thought that its “good security” to require the root password for everyday things like this is mentally diseased.

  1. I guess that’s a habit which comes from my job. ↩︎