 |
|
|
Eight Legged Geeks?
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
Don't know the name of the movie but by any chance is it based on a Marvel Comic?
|
|
|
|
|
Arachnophobia for dummies?
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
|
|
Recently there has been a lot of bad press around the security of Ruby on Rails, so I'm not looking for a re-hash of that issue.
What would you think if you found that your bank's Internet Banking was built on Ruby on Rails?
The big question is around how the Ruby community is going to respond to security issues? Will the platform stabilize and be useful for enterprise web applications for the next 10 years?
|
|
|
|
|
I think that in the end the users wouldn't and shouldn't know anyway, especially in such a situation.
|
|
|
|
|
do you mean like when you eat horse instead of beef? 
Seulement, dans certains cas, n'est-ce pas, on n'entend guère que ce qu'on désire entendre et ce qui vous arrange le mieux... [^]
|
|
|
|
|
|
I work in a bank (not on the banking SW) and I have no idea what the banking code is written in, I imagine I could find out but I think it would be a challenge and I'd have security shining a light on my life almost instantly!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
I'd suggest this might be a better topic for a Ruby newsgroup, but then you'd probably get a biased set of answers. Every framework has its security problems, some worse than others the most important things are how quickly and effectively the framework responds, and the awareness and competency of the developers who write the code.
|
|
|
|
|
From experience, I'm getting two biased and contradictory set of answers already. I've come to trust CodeProject to be a bit more balanced.
I like your point about speed of response, the Ruby community did clear up their most recent problem pretty quickly...
|
|
|
|
|
Adrian Akison wrote: From experience, I'm getting two biased and contradictory set of answers already. I've come to trust CodeProject to be a bit more balanced.
That's interesting to me: because, one reason I trust CodeProject is: that I feel certain that if I ask any question, in the Lounge, I will get a range of biased, often contradictory answers, accompanied by various off-topic asides that will range from personal insults, to science-fiction, to sexual fantasies, and references to bodily functions: all of which may be very helpful, or, at least, amusing !
"CP Lounge Balance:" would be an oxymoron.
yrs, Bill
This thing we tell of can never be found by seeking, yet only seekers find it.
Abu Yazid Al-Bistami (Persian, Sufi, 804-872)
|
|
|
|
|
Adrian Akison wrote: The big question is around how the Ruby community is going to respond to security issues?
I thought you weren't looking to re-hash the issue. 
First off, the Rails community responded very quickly, and there was a new Rails gem was released that fixed the issue in short order.
Adrian Akison wrote: Will the platform stabilize and be useful for enterprise web applications for the next 10 years?
"Will..." implies that it is not currently stable, and I think it is. As others have posted, questions about enterprise web applications using Rails probably ought best be addressed on one of their forums.
Lastly, and this is an interesting point, the source for Rails is public. That means that a hacker doesn't have to try to guess, poke and prod at a black box as with possibly "other" (*cough*) systems but can look at the code to figure out security holes. In my opinion, this makes the whole system less vulnerable. Looking at the code, one should be able to discern very quickly whether there are security holes and how to test for them.
As for performance in general, if you're doing any massive server-side computations, it's probably better to relegate those to the database engine (if possible). I've blogged about Ruby performance, and obviously, being interpreted rather than compiled, it's not great, but in my opinion it's totally adequate for lightweight lifting such as page rendering and interacting with a database. The more interesting question is, what's the performance of the actual server software running the Rails app. Even a Rails app rendering a simple "Hello World" page can be brought to its knees if the server executing the code can't handle hundreds, thousands, whatever, of near simultaneous connections.
That my 2c.
Marc
|
|
|
|
|
Marc Clifton wrote: In my opinion, this makes the whole system less vulnerable. Looking at
the code, one should be able to discern very quickly whether there are security
holes and how to test for them.
Presuming of course that one in fact does
1. Have the knowledge/skills to do that
2. Has the time to do it
3. Actually does do it.
Not to mention of course that the very exact same process is what a black hat might also do.
|
|
|
|
|
Adrian Akison wrote: What would you think if you found that your bank's Internet Banking was built on
Ruby on Rails?
I would be scared out of my mind if I found out that the developers at my bank thought that the primary security of their system is based on the language choice.
I would be signficantly scared if I found out that the developers at my bank thought that language choice was even a significant security problem.
I always keep in mind a large study from a couple of years ago that found that within one year 90% of data theft originated from internal users.
|
|
|
|
|
After I've made changes to an app I often just press F5 to build and run.
If (unusual though it may be) I make a mistake and there's a build error, VS asks me if I want to run the last built version.
I don't think I have ever answered Yes
I wonder if it's about time I checked the "do not show this dialog again" checkbox?
|
|
|
|
|
And I do not see how that can be useful.
Bob Dole The internet is a great way to get on the net.
 2.0.82.7292 SP6a
|
|
|
|
|
Either you build only after a lot of coding, you rarely have build error or you have the patience of a saint. I am not even aware of that dialog, I must have turned it off years ago and the settings migrated from one version to the next, thank god!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Mycroft Holmes wrote: build only after a lot of coding
On the current project, the application is so ponderous and slow I do tend to code a lot then build
Mycroft Holmes wrote: you rarely have build error
I wouldn't say 'rarely'
Mycroft Holmes wrote: you have the patience of a saint.
** glances up at halo ** cue music - badidly bum bum doop dee doop dee doop
|
|
|
|
|
_Maxxx_ wrote: glances up at halo
ZZZzzzztttt
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Tools -> Options -> Projects and Solutions -> Build and Run
Take a look at this dialog.
"Bastards encourage idiots to use Oracle Forms, Web Forms, Access and a number of other dinky web publishing tolls.", Mycroft Holmes[ ^]
|
|
|
|
|
Not what I would call useful. I'm punching Yes to that very same dialog. It usually happens when I'm working on one project, such as a data model, and I'm adding a bunch of unit tests in another project, and there's usually more projects, some of which won't compile, forcing the warning dialog. Just click yes, and the unit tests run. This stems from being a little too clicky and hitting F5 instead of Run All Tests...
|
|
|
|
|
I once checked a "do not show this dialog again" only to find out later that there would be times when I needed the rare alternate from the message box. I have said "yes" on this same VS message and couldn't figure out what happened so I've left the message there until some service pack fixes the message box to tell you what happens when... (and then I woke up) 
|
|
|
|
|
_Maxxx_ wrote: I wonder if it's about time I checked the "do not show this dialog again"
checkbox?
Don't do that!
True story:
At the similar - yet different - Message Box "There were build errors, do you want the executable from the previous build", I dumbfoundedly once in my life chose the vicarious combination of "Yes" and "don't ask again".
Which, sure, results in VS2008 always running the previous executable if there were build errors.
Microsoft "support" suggestion to rectify this situation: Un- and reinstall Visual Studio.
|
|
|
|
|
peterchen wrote: Microsoft "support" suggestion to rectify this situation: Un- and reinstall Visual Studio.
Because it would be stupid to make the setting changeable.
Reality is an illusion caused by a lack of alcohol
|
|
|
|
|
They couldn't even tell me if this will help indeed.
Following the VS DevTeam blog for VS2008 and VS2010, I couldn't shed the feeling that it was outsourced to the cheapest bidder with no Product Manager powerful enough for the entire product. Really scary sometimes.
|
|
|
|
|
And holding the spacebar doesn't cause thermal problems any more!
The idiots!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
What do you do when you get a request on LinkedIn from someone who...
- Is a total stranger
- Is seeking work
- Has 500 connections (as opposed to my 30 or 40)
- Has similar experience and prior employment
At this moment, on LinkedIn, I really only want a few dozen connections, which is what I have now. That seems like the target image I want to project on that site.
With this other guy who has 500+ connections, and is looking for more, I have to wonder; ya'know ?
At the same time, I have been out of work in the past, and could well be out of work tomorrow. I know the value of one more human in the network.
As for my paltry 30 or 40 contacts, the overwhelming majority of them actually know me from work, or school, or community organizations, or similar lifestyles, and I want to keep it that way.
So I don't know how to respond to this guy. It's important to me to never despise those whose current circumstances are worse than my own. It's also important to me to project the right image on the right website.
Opinions welcome
modified 20 Feb '13 - 9:56.
|
|
|
|
|
I get requests from unknown people all the time. I use the Ignore button if I don't know them and can't recommend them for something. I have no real idea how many contacts I actually have, but all of them are people I have done work or business with and am happy to tell the world I know them and have worked or done business with them.
I suspect some people just try to amass contacts because it gives them a feeling of importance or something. Personally I'd rather have a few good friends than an enormous number of contacts I've never actually had any professional or personal contact with.
CQ de W5ALT
Walt Fair, Jr., P. E.
Comport Computing
Specializing in Technical Engineering Software
|
|
|
|
|
Walt Fair, Jr. wrote: I have no real idea how many contacts I actually have
97
Reality is an illusion caused by a lack of alcohol
|
|
|
|
|
Like Walt, I ignore the request if I don't know the person. I am not convinced there is much value in having a lot of connections if you have never met or communicated with them.
Soren Madsen
"When you don't know what you're doing it's best to do it quickly" - Jase #DuckDynasty
|
|
|
|
|
I suspect the 500+ is a recruiter, they will generally ask every man and his dog for a connection. Having said that I have met someone who had 500+ and was not a recruiter, he was however a complete pillock.
Use the ignore button, if you don't know them, can't remember them then they should be ignored, unless of course you are terminally bored and need to do something, anything!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
yes most probably a recruiter, they use that to find out who your colleagues are and in turn send out even more requests
dev
|
|
|
|
|
Ignore, ignore, ignore them. With 500 other contacts, do you think he's going to recommend you for a job?? Not likely.
I don't even have a LinkedIn account and I've gotten invites. I've even gotten hand written invites from schmucks around here because I answered one of their questions. Talk about getting a "friend" for life!
|
|
|
|
|
C-P-User-3 wrote: So I don't know how to respond to this guy. It's important to me to never despise those whose current circumstances are worse than my own. It's also important to me to project the right image on the right website.
I think you have a good approach and the right plan; you're just a little to embarrassed to implement it.
I have an outstanding 'friend' request on FaceBook from my mother.
--
Harvey
|
|
|
|
|
[Must resist making a "your mother" joke]
If you don't have your mother as a friend on Facebook, who do you let into that world?
Soren Madsen
"When you don't know what you're doing it's best to do it quickly" - Jase #DuckDynasty
|
|
|
|
|
Thanks Harvey, and everybody else here.
There is a very slight chance that I have encountered this guy in my past, so I "responded" but didn't accept yet, with this message
"...Hi Curtis, have we met before ? I seem to barely remember your name, but I can't remember from where..."
If I don't get a specific response with a specific company from the past, I'll know I'm dealing with an auto-bot.
|
|
|
|
|
By the way, it's difficult/impossible to send a stranger on LinkedIn unless you pay them (i.e., LinkedIn) money.
I took a short look at their fee structure, and it looks like this
$96 / $240 / $480
Cheapo / Regular / Super
Those are annual fees.
Has anyone paid any one of those fees ? What does it buy you ? I mean, maybe a headhunter would like the ability to send mail to strangers. But $480 ? That would pay my webhost for years.
|
|
|
|
|
|
Brings Spongebob's pet snail to mind.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It's one of those youtube videos where the actual war cry of the frog sounds like a lion's roar and some joker has gone and edited the sound to make the frog sound like a squeaky toy, I am not easily fooled...
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
I was browsing teh interwebs for a web server administration panel, and found this[^]. Full support for UNIX, Linux, AND Windows servers, with a bunch of modules and themes. I haven't tried it yet, but it looks promising.
And no, I am NOT affiliated with that project.
Bob Dole The internet is a great way to get on the net.
2.0.82.7292 SP6a
|
|
|
|
|
|
AspDotNetDev wrote: There really ought to be some sort of confirmation sent out before shipping pre-orders that were placed several months to several years ago.
Why on Earth would they want to go to that trouble? They've already got your money.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
like talking to a brick wall. Will not give a straight answer to a straight question.
Want to charge me 2 installation fees for basically dropping off a modem and connecting a phone to the wall.
Elephanting sunshines.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
nils illegitimus carborundum
me, me, me
modified 19 Feb '13 - 14:42.
|
|
|
|
|
we moved into a new house on a new street, back in November. two weeks ago, after three months of pleading with them, they started laying the cable down our street. but then they went away and never came back to finish the job.
we've gone four months without cable or internet service.
FYTWC
|
|
|
|
|
I can live without the cable but the internet??? No way!!! I'd have to get satellite or dish or something or lay the cables myself!
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
nils illegitimus carborundum
me, me, me
|
|
|
|
|
i've learned that you can get a surprising amount of internet junk done on a smart phone.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin 
Submit an article or tip
Post your Blog
