I'm fixing a security exploit, and it's a goddamn mountain of fuckups.

First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.

Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!

Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!

Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.

Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.

So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.

Hey!
I won a competition called “Google Code-In” and I’ll be in San Francisco this June. We’ll be visiting Google’s office is San Francisco & Mountain View. I would also like to visit other offices. Are there any which are open for public visit ?

Sitting in a mountain cabin with a maverlous view over the surrounding area. A mountain lake is near the cabin and the mountains are raising around it. A blend of a lot of colors. Coding on some interesting project with some nice people. Just enjoying life. Being able to take a hike or run in the nature to be inspired to do some more coding.

Facebook owner Meta Platforms, 2,564 job cuts in Menlo Park, San Francisco, Fremont, Sunnyvale and Burlingame
Google, 1,608 layoffs in Mountain View, Moffett Field, San Bruno and Palo Alto
Salesforce, 1,151 staff cutbacks in San Francisco
Twitter, 900 layoffs in San Francisco and San Jose
Cisco Systems, 673 job cuts in San Jose, Milpitas and San Francisco
Grocery Delivery E-Services (HelloFresh), 611 layoffs in Richmond
Amazon, 524 staffing cuts in Sunnyvale and San Francisco
Intel, 490 job cuts in Santa Clara and San Jose
Rivian Automotive, 448 layoffs in Palo Alto
Lam Research, 400 staffing cuts in Fremont and Livermore

They moved my desk again. Still an open floorplan, but the room is much smaller, and in this office I'm sitting by people with whom I actually work.

Also there's WiFi in the can, so I'm all set.