I am working with a client right now on their Web application. While creating an account to do testing, I noticed a glaring security issue that allows people to harvest usernames. This topic has been covered before, I am still surprised that it keeps popping up around the Web, but this time is a bit different. I should note that the client knows about the issue, but what I want to point out in this article is how insidious the issue becomes. ...
One of the things that I dislike seeing in an application’s database architecture is the use of booleans. They do not convey enough information to any party to be meaningful, other than to ask a question that expects a yes/no answer. Often, questions such as those as a follow-up question that the field cannot answer. For example, in many databases I see the following fields on a User model: User ==== id primary key username the user's username credential password_encrypted authenticates the username ... other fields ... enabled true if the user is active, false otherwise When a user has been banned for doing something inappropriate, an application simply sends this query: ...
I finished speaking on the phone with a recruiter and, yet again, I had to spell out exactly what I look for in a job. It’s difficult to explain the same thing and have people understand what I mean, so I decided to be even more opaque and put it in a radar chart. That, and I love radar charts. To read the chart, higher numbers mean things I like doing more. And things I like to do more of, mean jobs that make me happy. And a happy Scott is a very productive Scott. ...
Note: Contrary to what you are about to read, I am still against metaprogramming on the whole, as it adds an unnecessary amount of magic that may confuse other developers. That being said, I would hate working in a language without it. Use sparingly, like junk food. “With great power…” Yadda yadda. Enjoy the article. I am currently writing a gem to wrap the Cleanspeak API and I was using the JSON examples in my test cases that they supply in their API docs. I wrote the test cases like so: ...
I have been looking into Elixir and I am enjoying the language (mainly from both a readability standpoint, I haven’t done enough to form an opinion about its performance benefits). I read the chapter on recursion and then applied it to a quick and dirty Fibonacci implementation (my favourite way to learn recursion in a new language). It is as easy ascreating a new file called fib.ex and adding the following: ...
I was using BitBucket the other day for a new client, but I wasn’t able to use my standard BitBucket account (business reasons). I attempted to add my standard SSH key (id_rsa) to the new BitBucket account but SSH keys must be unique to the entire BitBucket system. I don’t understand the reason for this uniqueness but there is a way around it using a rarely used SSH technique. First you need to generate a new SSH key. You will name it something different than the default (id_rsa) because it will be used exclusively for the new BitBucket account. ...
In honour of our friends down South celebrating their independence, let’s look at installing a local version of ruby onto a POSIX machine without requiring wrappers like rvm or rbenv. We want to be free to install things where we want, when we want, and how we want. Now that’s true freedom. Install GNU Stow Okay, you are going to need to install stow system wide for this step. This requires administrative permissions. I promise it’s the only thing. ...
A new framework crossed my radar on HackerNews today called Lotus. It is based on Ruby and attempts to adhere to proper OO principles. It looks simple to learn so I thought I’d give it a try. I ran into a few issues with the first example in the docs provided in the Github project, so I’ll post some fixes. This is running version 0.1.0 of the lotusrb gem. # config.ru require 'lotus' module OneFile class Application < Lotus::Application configure do routes do get '/', to: 'home#index' end end end module Controllers::Home include OneFile::Controller action 'Index' do def call(params) end end end module Views::Home class Index include OneFile::View def render 'Hello' end end end end run OneFile::Application.new If you paste that into a file called config.ru, you can then run it with rack: ...
Tracking down Ansible bugs becomes difficult when you are playing with issues between local and remote systems. For the last couple days I was racking my brains why my database import script, written in Ansible, was not importing the data into the database. I had 3 separate imports, and only 1 was working. I looked at everything, but it wasn’t until I walked away, came back, and realized that I had mistyped one character in the path to the dump. ...
Everyday I pray to Lord Turing that I never see another Production database password in version control again. Unfortunately, I doubt my prayers will be answered because it seems to be an epidemic in Tech to store an application’s production configuration file in version control without any thought to security or privacy. So if developers cannot stop themselves from storing passwords in version control, does anyone honestly think a sysadmin will think twice about storing passwords for their Ansible provisioning in version control? ...