Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "is it any wonder i'm always angry?"
-
Root gets ignored.
I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.
For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`
Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.
I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.
He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).
I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨
Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.
Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.
ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.
jfc i'm getting pissy again.9 -
israel population = ~10 mil
uk population ~70 mil
popular vote uk = 0
popular vote israel = 325
huh?????? i finally believe the conspiracy theory... there is total bullshit moving through the undercurrents of international society. actually the entire media and everything on the planet is shifted by angry retards with an IQ of approximately 27 who read something on twitter and therefore they must of course conform and do it
rich hands of influence reach far across this modern world....
my twitter dies on wednesday, I think i'm quitting this platform too... i'm just so sick of wasting time 'discussing' with people who literally have informed their entire lives by sources of media that all have an agenda, and yet said reader can't recognize that. go to bot school you fucking 🤡
also inb4 eurovision is a clown event, i know it is, but the fact that 'israel' as a country was for a good 10 minutes at 1st place of the vote is simply mind boggling to me (and to be fair, switzerland, france, israel, portugal, and croatia acts in terms of art and musical talent were all shit IMO) but what do i know? apparently the 700 mio people who live in europe don't agree - but even then, who knows anything about anything as to the actual 'numbers' that are posted on these 'votes' - could all be fake, or, even worse, the entire WORLD could be fake and i'm just typing to a fucking reflection of my own conciousness on this box
ach i'm very close to just turning it all off, its just rubes on top of rubes, derivatives on top of derivatives all more retarded than the next, and each night
then i get people like kiki who rage at me for getting drunk, then 'brag' they ran 5k. i ran more and drank more than you today, get over it.
i didn't need pills to do any of it either.
or i get sid the it kid, who gives non ironic lessons in fucking PHP 😂😂😂😂 in 2024 on youtube, and yet acts like he's a badass because he pointed out a 'redundant' 'const' in my code 😂😂😂😂 actually i don't know why in the first place i listened to any of it... going my own way has ALWAYS been the best way
by 2030 i will sell my saas(es) for 500k(+) and wonder why i even gave clowns on this platform the time of day
you know what? fuck it, it's been fun devrant, as of today i become a hermit, sick of this planet, and these apes
read books, go running, learn math (or any skill at that matter) and stay calm.
i can't describe in words to all of you how much a fucking abysmal waste it all is... just build useful stuff that helps people. the enormous (and trust me, it is absolutely eclipsingly enormous) discussion about everything around everything else is truly and utterly mind numbing and time wasting to the absolute core
farewell14