xdite

Security is Hard

Massive Assignment

• watch for ActiveRecord Relation, like has_many, has_many :through
• watch for user_roles, `group_users
• UPDATE action

Admin

kristm

#!/bin/bash
if [ $# -lt 3 ]; then
  echo -e "hhhh v0.2\nUsage: hhhh <author> <from date> <to date>"
  exit
fi
pretty="--pretty=%C(blue)%ad%Creset %C(yellow)%h%C(green)%d%Creset %C(blue)%s %C(magenta) [%an]%Creset"
fl=`git log "$pretty" --author "$1" --since "$2" --until "$3"|awk ' ORS="\n" { $4=$5=$6=$7=""; print $0}'`
echo "$fl"|awk 'FS="   " { gsub(/(\[[A-Za-z0-9&#\ ]+\] ?|Merge.*)/,"");\
                           if (a != $1){ print sep$1sep$2 } else {  print $2 } }\
                         { a=$1; sep="\n==========\n" }'

ryanb

Expectations

I took the ideas presented here and built a gem called Mustard. Check it out!

There are several expectation/assertion interfaces available for writing tests/specs. Here are some issues I have with them.

Test::Unit/MiniTest

• The order of assert_equals feels backwards
• Oh wait, that should be assert_equal (that too)

jnicklas

Capybara.add_selector :record do
  xpath { |record| XPath.css("#" + ActionController::RecordIdentifier.dom_id(record)) }
  match { |record| record.is_a?(ActiveRecord::Base) }
end

ramontayag

From what I understood this morning, the concern Steve had was to be able to use the acceptance specs as a communication tool with the clients, whether directly (the clients read it) or indirectly (the clients do not read it).

The concern from me (at least) is the maintainability of the Cucumber steps. Here are some example:

• Projects where there were so many cucumber steps that it became hard to figure out what each step did
• Projects that tried to be too DRY with the steps the regexps became difficult to handle
• Projects where a lot of set up was required, and the steps to create the users like became long and too descriptive (Given an active user exists that last logged in 2 years ago)
• Projects whose Cuke steps shared World-wide variables (@project) that were used across steps

For me, using Capybara directly solves this. But, I must agree that only developers can read them. Why not have the best of both worlds?

jaseg

Prelude

Since password managers are big and complicated and I currently am pretty bored since I am sitting in a car for a few hours, here is a simple algorithm to generate resource-specific, unique passwords using a master password and no password database.

WARNING

As pointed out here: http://news.ycombinator.com/item?id=4374888 this method is broken.

Usage

cjolly

newpg=9.6.1 # set to new PG version number
oldpg=`pg_config --version | cut -d' ' -f2`

# PG 96. upgrades the readline to v7, which breaks anything linked against readline v6, like ruby via ruby-build. 
# I *think* this should prevent it from installing v7. But if weird shit happens with various rubies, 
# you'll have to reinstall them.
brew pin readline

# Stop current Postgres server
brew services stop postgresql

n0ts

require 'optparse'

ENV['RAILS_ENV'] = ENV['RAILS_ENV'] || 'development'
require File.expand_path(File.dirname(__FILE__) + "/../config/environment")


opts = {}
ARGV.options {|opt|
  opt.on('-s', '--save', 'save') {|v| opts[:save] = v }
  opt.parse!