|
January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of. Many startups use Ruby on Rails. Other startups don’t but, like the Rails community, may one day find themselves asking What Do We Do When Apocalyptically Bad Things Happen On Our Framework of Choice? I thought I’d explain that for the general community. Executing arbitrary code: words that should send shivers down any dev's spine.
|
|
|
|
|
Terrence Dorsey wrote: Executing arbitrary code: words that should send shivers down any dev's spine
Oh, I don't know. I see code almost every day that I'd like to summarily execute.
|
|
|
|
|
|
You're doing it wrong.
Really horrible code should be dragged into a filthy, deserted, vermin infested alley; have its legs and jaw broken; and then be shot in the gut. We can then take bets on if bloodloss, sepsis, or the rats finish it off.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|