Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Root gets ignored.
I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.
For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`
Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.
I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.
He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).
I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨
Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.
Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.
ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.
jfc i'm getting pissy again.9 -
Looks like /dev/body got tainted.. nasal memory leaks all over the place 😷
$ kill -9 $(pidof cold)
... Nothing.
$ sudo !!
I said kill the fucking cold!!! Y u no listen to your admin?! 😠
> User condor is not in the sudoers file. This incident will be reported.
RRRRRRRRREEEEEEEEE!!!! 😣😣😣
I just want to finish my goddamn power supply project, instead of getting bed-ridden by a cold, and running through paper towels like there's no tomorrow 😭4 -
Oh don't worry I just wasted a whole day, it's not like I had homework to do, projects to finish and VM's to install and I busted my sick ass trying to make it all work on my Linux machine which is now tainted with software I didn't even want to install and useless docs while having a 105 fever. It's all fucking worth it because at the end, of the next day, oh wait...you didn't even install the updates properly, fuck you windows! I swear the first thing I'll do after graduation will be getting rid of you!!
5 -
"The Phoenix project" alternative ending:
Bill Palmer manages to avert disaster with heroic efforts, working 18 hours per day for weeks.
His wife files for divorce. He starts to sleep at office, next to the servers room.
At the last moment a huge hacker attack almost destroys everything, but he finally manages to announce that Phoenix is ready on time, security auditing passed and any kind of great improvements.
Steve, the CEO, calls him and says: "are you crazy? we put you on an impossible project with short notice to make you fail! All our investors have been secretly short selling our stocks, so now they are waiting a big failure to cash in. We also paid korean hackers to bring you on your knees. But you are really stubborn! "
All Phoenix Project is rolled back, huge shit happens, stocks fall, investors ripe great benefits. All IT is outsourced to an external company (owned by members of the board)
Bill is fired. His reputation tainted by the failure, he can't find job anymore. his technical skills and knowledge are out of date.
As he didn't have time to take care of divorce he has lost also all his personal wealth.
He writes a book about his experience, well, actually a rant, but the company sues him forcing him to pay more money.
In the final scene, police arrests him, drunk while trying to burn a server farm with matches. -
On a business trip. I brought my work laptop and my personal laptop with me. Because I am smart. But a lot of my coworkers only bring their work laptops. So I guess I am basically wondering how much porn has tainted the work laptops. Especially since they will auction them off around once a year. To be clear I am not wondering about the software taint.2
-
What is the more common word?
abs
Ava
ABC
ABC's
and's <- this one is real
and
iOS seems to think the word "and" ranks last in priority when compared to the other words in the list.
I have had this hyperexpensive irritant for almost a year now, and I still cycle through this list in 90% of anything I type. I love posting to forums and this brick-in-three-years has tainted that. I even bought a mini bluetooth keyboard but it's awkward to use while relaxing.
Don't even get me started on how autocomplete deletes existing parts of the sentence if I don't choose whatever nonsense iOS has decided upon this time. -
RECOVER SCAMMED CRYPTOCURRENCY FROM ONLINE SCAM WITH DIGITAL HACK RECOVERY EXPERTS
The world of cryptocurrency, finding a beacon of trust amidst the shadows of deceit is akin to discovering a hidden treasure. My journey through the highs and lows of digital investing led me down a dark path of deception, where promises of prosperity turned into a nightmare of loss and despair. Yet, amid the chaos, a guiding light emerged in the form of Digital Hack Recovery. It all began with a bitter realization that I had fallen victim to a cunning scheme orchestrated by a fraudulent cryptocurrency platform. With promises of exponential growth and financial freedom, I eagerly invested a significant sum, only to discover that accessing my funds was not as straightforward as advertised. The realization hit hard when I tallied my losses: a staggering 20.0043 BTC, a sum that not only devastated me financially but also shook the foundation of my trust in the digital investment landscape. Weeks passed in a blur of anguish and uncertainty until a glimmer of hope appeared in the form of a relative's testimony. Their journey of redemption through the services of Digital Hack Recovery sparked a flicker of optimism within me. Despite my initial skepticism towards recovery services, I was desperate for a lifeline amidst the wreckage of my investments. With cautious optimism, I reached out to Digital Hack Recovery, placing my faith in his expertise and reputation. From the moment I made contact with Digital Hack Recovery, I was met with professionalism and empathy .Digital Hack Recovery listened attentively as I recounted my ordeal, providing reassurance and guidance every step of the way. Armed with all the necessary information and requirements, he embarked on the arduous task of reclaiming my stolen funds, instilling a sense of hope and determination within me. The road to recovery was fraught with obstacles and challenges, yet Digital Hack Recovery navigated each hurdle with precision and determination. His expertise in the intricacies of cryptocurrency proved invaluable as he meticulously traced the digital breadcrumbs left by the perpetrators. With each breakthrough, I felt a renewed sense of optimism, knowing that justice was within reach. Finally, after weeks of anticipation, the moment of redemption arrived. Digital Hack Recovery informed me that a total of 15.0188 BTC had been successfully recovered from my stolen wallet. The sheer relief and gratitude that washed over me cannot be expressed in words. Not only had I reclaimed a significant portion of my lost funds, but I had also regained a sense of control and empowerment in the face of adversity. The impact of Digital Hack Recovery extends far beyond mere financial restitution. Through their unwavering commitment to integrity and justice, they have restored my faith in humanity amidst a landscape tainted by deception and greed. Their services are not just satisfactory; they are a beacon of hope in a world plagued by uncertainty. To anyone who finds themselves ensnared in the web of cryptocurrency scams and fraudulent schemes, I wholeheartedly recommend Digital Hack Recovery. They are not just reclaiming lost funds; they are restoring trust, dignity, and hope in an industry fraught with peril. My journey with Digital Hack Recovery has been nothing short of transformative, and for that, I am eternally grateful. Contact Digital Hack Recovery via ⁚
WhatsApp +19152151930
Email; digital hack recovery @ techie . com
Top Tags
Weekly Rant
View