Yup, unless those data['body'] and data['stream_sec'] are properly escaped, it is a textbook SQL injection vulnerability.

@nitwhiz that's not a python issue, you can totally have the same sort of issue in PHP, or any other language for that matter. Every language and every DB as ways to deal with that securely. Apparently the dev in question didn't bother to find out what he should use.

I spotted one in Paris, near Montmartre. I was very surprised too.

I hope those stores will stick around for a while.

Everything seems feasible, EXCEPT using Word documents as text file source. Word documents are not text files. They are proprietary blobs that are hard to use with tools meant for actual text files.

Either you keep the Word documents and are stuck with Microsoft tools or have to handle all Word subtelties. Or you switch to actual text files.

The old Microsoft motto used to be:

1. Embrace

2. Extend

3. Extinguish

So far, this could only be the first of the 3 steps. I'll wait a few years to see if Microsoft start "extending" Linux before declaring anything a victory.

Meh this is cultural. The usual when I see a good friend (both male and female) is a kiss on each cheek.

This already happened in the past to ZTE, which was nearly bankrupt as a result.

It's a heavy blow to Huawei, though it is not automatically a death sentence since their Chinese phones don't rely on Google Play Services.

@cursee add at least maintainable and probably evolutive to the list :)

Code that store serialized data in DB is evil.

CMS have too many plugins doing just that. I die a bit inside every time I see that.

I use Github client for 95% of the mundane work.

Big pros against CLI are it's super easy to commit only specific chunks or lines, and it's streamlined, so you just click a button to fetch/pull/push. Also, commit visualisation is nice.

Then, the 5% Github doesn't handle is done via CLI. This includes pushing to another remote or on a different branch, stashing, rebasing, or any tricky operation I have to Google.

If you are using only CLI or only a Client, sorry but you are probably limiting yourself or not as efficient as you could be.

Beliefs are not part of recruiting questions.

Unless the guy is an unsufferable asshole about that, if he pass the interview, I don't care if he believes about the world being flat, vaccination cause autism, chemtrails, or any other conspiracy, I will hire him.

py for python3

It's too long to type, and being on a system with default Python 2.7, if I try to type it, I forget the 3 and wonder why things don't work.

It's also very logical because python files end with .py

@billgates the render is the function returning the object HTML template.

Objects should be small enough so that their render function isn't huge (if it is, you might need to split the objects).

Splitting the render function makes things less readable in my opinion, because now I need to hunt down what other functions render to have a sense of what the object is.

As always with that sort of things, it's a matter of opinion.

It's not that bad.

Could probably use a linter for formatting consistency, and you might want to extract the lambda in locations.map, but otherwise I find it readable enough.

Don't do unpaid overtime, as others said.

Your job is to work during the hours on your contract, and you have an obligation to do your best effort DURING THOSE hours to meet the deadlines.

You don't, however, have an obligation of results. Managers have an obligation of results. Developers don't. It's your manager problem if his deadlines are not met.

Don't let him make it your problem.

Nope. The best place to learn new stuff is to build something people use.

Unless it was a repurposed laptop, Mac Minis do the job very well, plus they don't look like much, since you can just not connect a monitor.

I may have mis-interpreted your question.

What do you call "environment"? And could you give a few specific issues you are encountering?

You are taking separation too far.

A folder and its CVS repository per project.

A "project" in your time management system (Trello?) per project.

Install dependencies locally instead of globally (your package manager, whichever it is, should be able to do that).

Unless your threat model include state adversaries, any reputable cloud offering (Dropbox, Google Drive etc...) is good enough.

You can always encrypt your files before uploading them for added security if you are extra paranoid.

Just don't use any cloud offering as your only backup. Too many people do that mistake. Follow the 3-2-1 backup strategy.

@Noob the 2 first are really believable, the only thing I wonder is why they weren't fired earlier. But knowing big companies, it can take time and paperwork to fire awful people, unfortunately.

The company retreat ones seem far-fetched, but I'd know better than call you a liar, crazy things happen during company retreat.

I'm going to go with an ancient curse making your life a sitcom.

The Flying Spaghetti Monster is the one true God.

(agnostic atheist, show me the proof, science is the way to go)

@hamido-san you can do the same with code and FTP.

But yeah, both are a terrible idea anyway.

Using stored procedure for everything is bullshit, but there are things you cannot do with an ORM (or not efficiently/easily).

A few examples I had to implement in stored procedures:

- recursive query

- having a trigger that can be bypassed by a procedure (for an exceptional case)

- getting the type of a row in a base table that have several inherited tables

I suggest reading https://blog.codinghorror.com/what-...

Money quote: "Stack Overflow is a wiki first". Yup, you read that write, not a forum, not a Q&A site, a wiki. Wikis don't like duplication, they are meant to be easily searchable.

Other quote to drive the point home: "I wish more people understood that the goal of Stack Overflow is not "answer my question" but "let's collaboratively build an artifact that will benefit future coders". Perhaps SO could be doing more to educate people about this."

@Glinkis not quite. Found it, it was Arx Fatalis. And it was from 2002, not as old as I thought.

@AlmondSauce look for "Office Depot" stores. They sell office supplies, and conveniently have international adapters (both ways).

A bit pricy, but I guess you won't mind to be able to use your laptop.

@linuxxx you can replace Google by Facebook, Apple or Microsoft in this context ;) Or any big company for that matter.

@CoffeeNcode

11 of those 15 projects are apps, that all share the same framework and libs. Some of them have not been updated for quite a while now (right now, only 3 are actively worked on).

And then you have the public website (not actively worked on apart from Christmas promo), an obsolete back-end on life support, and the decoupled back-end and front-end (2 separate project). We hired a freelancer for the front-end (though he is gone, that's my responsibility now).

Short answer: we cannot give all of those projects enough love, and we switch often. Business determines what's the most important to work on right now. Generally, only 3 to 6 projects are worked on during a given month.

Very subjective and dated opinion ahead.

Tried it a few years ago on a hackathon. I instantly hated it, because of angular and the dependency injection crap everywhere.

Would not try it again.

@rantsauce It's my company codebase. I am the technical co-founder, meaning I wrote it alone the first few years.

The quality is ever improving. The recent part are quite good, though not perfect. The oldest part are not that great, but not quite awful.

That's code I wrote when I was fresh out of education, and under lots of pressure to deliver, so I'm overall quite pleased with the current state of affair.