My views on the github/MS thingy.

I've had to explain in at least 20+ rants that some people might have legitimate reasons/opinions for disagreeing with this deal. I find it quite bad that I even have to say this but that aside for this rant.

Microsoft is a commercial company which does a lot for open source, that's a fact.

In my case, I mostly look at the part of Microsoft in regard to how they treat users and user privacy as this, in my opinion, shows for a great deal how trustworthy a company is.

It's publicly known that Microsoft joined the prism surveillance program in 2007 which in my opinion also meant selling out all users.
Next to that, through at least windows 10 it has done quite intrusive user tracking which I also see as a betrayal to its users.

I could go on and on about cases but I've made my point on at least microsoft.

As for github selling itself to Microsoft, this most likely means that it'll also be integrated within the prism network. That's my main point of concern as to why I disagree of this deal and have lost my trust in github for selling to a company which, imo, has absolutely no respect for its users' privacy and has ethics I entirely disagree with.

I still haven't formed an opinion on the rest of arguments out there as, due to a medical thing, I'm hardly able to focus right now.

You might agree or disagree, that's your very right and that's perfectly fine. Just don't say that I haven't come with an actual argument/opinion as for why I disagree with this deal.

Customer complains about an issue after a software update. The head of department himself tested the update and got an error message.

Me looking at the logs. Ok, that's an issue, but based on hardware failure, customer should fix his hardware, no relation to the new software.
But surprisingly close to the software update, which piques my curiosity.

Me looking at older logs ... same issue. EVERY FUCKING DAY. For months. The corresponding error message only appears if a user is logged on, so quite a few people have seen it. Obviously nobody cared. Maybe we just ditch error messages, it'll save lots of work.

The dangers of PHP eval()

Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.

I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.

I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.

Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?

The reason I store code on the database is because I create/edit modules on the web editor itself.

I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!

Unless malicious code is found on the code stored prior to its evaluation.

But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.

I will need therapy after this. I swear.

If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.

Okta emailed me trying to sell their SSO gubbins.

I actually quite like the idea of being able to abstract away all the providers people might want to log in with, and making it someone else's job to check whether those providers are trustworthy.

But the email is copied to every permutation of my name/surname/initials etc @mydomain.com.

They had no legitimate way to obtain my email address for marketing purposes, so they just guessed it.

And I'm supposed to believe no corners will be cut and no bodges applied in making sure the user is who he claims to be?