Sign Up Now!

Sign up and get personalized intelligence briefing delivered daily.

Sign Up

Articles related to "rails"

Git Branching, Step-by-Step

  • Now I am in my branch, not the master, so it is safe to make changes.
  • No more green, you will now get an alert that is purple, telling you the merge is complete.
  • It will ask you to delete the branch.
  • Go ahead and do that.
  • I refresh my master branch using git pull origin master, to make sure I am up to date with my changes and also with any other changes that people made.
  • Rinse.
  • Repeat.
  • Nice post Funda.
  • For STEP 4, I'd also suggest git add -p as a means of deciding which files to include.
  • It lets you step through all your changes and give a y or n to decide what to stage.
  • We’re a place for programmers to stay up-to-date, learn new skills, and share ideas.
  • We’ll never post without your permission.

save | comments | report | share on

Time To End The vi/Emacs Debate

  • Programmers continue to argue over the best text editor: vi or Emacs.
  • I still remember my classmates arbitrarily picking vi or Emacs.
  • I tried emacs back then and did not like it.
  • Vim, the improved version of vi, scored 25.8% in popularity, while Emacs scored a paltry 4.1%.
  • To further gauge popularity, I counted 22,582 questions tagged with vim and 15,667 questions tagged with Emacs on Stack Overflow.
  • To delete a character, type ‘x’.
  • To insert a character, type ‘i’.
  • The GNU Emacs reference card is twice as long.
  • Invoking the emacs editor requires three additional letters; those extra keystrokes add up over time.
  • If you still use Emacs, I feel for you.
  • You can try to convince me to use Emacs, but you will have an easier time convincing me to go back to Visual Basic.

save | comments | report | share on

How I Became A Web Developer in 4 Months

  • Just like the title says, I was able to land my first web developer position in only 4 months of studying.
  • This class was just going over the basics of web development, we never built anything “amazing” just some plain simple websites with a little of styling.
  • I didn’t see myself retiring as a warehouse worker anyway, so I let my managers know that I wouldn’t be relocating with them.
  • It was actually awkward because when I left my job, I just randomly seen an ad for Front-End Web Development, so I signed up for the free 7-day trial.
  • After completing my 7-day trial, I was hooked on web development again.
  • So from November 2016 to February 2017, I was able to complete Team Treehouse Front-End Developer Stack.
  • Once I completed it, I felt confident enough to start working on some projects and my portfolio.

save | comments | report | share on

Elixir Pipeline Operators

  • Yesterday I was answering this SO question, roughly asking for how to use an uncommon syntax in pipe operator.
  • I was unable to duckduckgo anything related to what are permitted pipe operators in Elixir, and I even am not sure this behaviour is an implementation detail or is it guaranteed to remain the same, but I wrote some checks and all those are working pretty fine as pipe operators in all the modern versions of Elixir I have on hand.
  • If you don’t like this particular pipe operator, feel free to pick another from the list this post starts with.
  • Elixir, Erlang, Ruby, R, C, COBOL.
  • I am more functional, than object oriented.
  • We’re a place for programmers to stay up-to-date, learn new skills, and share ideas.
  • We’ll never post without your permission.

save | comments | report | share on

🧘‍♂️🧘‍♀️ for 👩‍💻👨‍💻

  • That's for <insert some other group here>!" I used to think that too, but I recently started doing 30 minutes of yoga every day during my lunch break, and it has me feeling great, so I wanted to share my experience.
  • My body, and my brain need a break, and yoga has turned out to be the perfect refresher for both.
  • I think the difference with yoga is that it has this meditation / relaxation piece that goes along with the physical exercise that leave both my mind and body feeling great and wanting to come back for more.
  • Once you feel good with this routine, sometimes this simple workout is exactly what you need, and sometimes you'll want to try add something a bit more complex.

save | comments | report | share on

Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby’s native resolver.

  • This is a security advisory for a bug that I discovered in Resolv::getaddresses that enabled me to bypass multiple Server-Side Request Forgery filters.
  • Now the following code snippets demonstrate why Resolv::getaddresses is OS-dependent.
  • This demonstrates that Resolv::getaddresses is OS-dependent and that getaddresses returns an empty ret array when supplied with an IP address that fails during a reverse DNS lookup.
  • I suggest staying away from Resolv::getaddresses altogether and using the Socket library.
  • Consequently, HackerOne was affected by this bypass, because they use the private_address_check gem to prevent SSRF on the “Integrations” panel:{BBP}/integrations.
  • HackerOne still encouraged me to report it, because they take any potential security issue into consideration and this bypass demonstrated a potential risk.
  • This gem uses Addrinfo.getaddrinfo as recommended by the Ruby Code dev team.
  • John Downey was able to immediately provide a patch, and Arkadiy Tetelman helped me figure out why their gem was not affected by the issue.

save | comments | report | share on

Operation FGTNY 🗽 - Solving the H1-212 CTF.

  • Due to legal reasons, I shall not list my technique for figuring out what that status code means, but let’s just say I used a highly advanced Google Dork ( 406 Not Acceptable) in order to find this report, which indicated that the request had to be in JSON (Content-Type: application/json).
  • Submitting the POST request from the previous section returned a domain missing error, which indicated that the request body had to contain some JSON with a domain attribute and value ({"domain":""}).
  • In order, to request the flag one had to exploit a CRLF issue that would force the server to ignore everything after the valid filename.
  • This did still require a little bit of trial and error (understatement of the year), but in the end, I had a cURL request that would return a valid read.php ID and requested the flag filename.

save | comments | report | share on

REST vs GraphQL APIs, the Good, the Bad, the Ugly

  • Both would probably need CRUD operations on that resource and prefer to cache queries (i.e. both GET andGET would be cached).
  • 3rd party developers to a new API need to only reason about the data model and leave the rest to HTTP convention rather than digging deep into thousands of operations.
  • The tools that do support GraphQL APIs can provide much more insights into queries than RESTful APIs. GraphQL doesn’t follow the HTTP spec for caching and instead uses a single endpoint.
  • For GraphQL APIs, you may not be able to leverage such tools unless you support placing the query as a URL parameter as most ping tools don’t support HTTP and request bodies.
  • There are certain applications where it makes sense to model complex entities in a SQL Db. Whereas other apps that only have “messages” as in high volume chat apps or analytics APIs where the only entity is an “event” may be more suited using something like Cassandra.

save | comments | report | share on

11 Tips on how to Survive any Convention as an Indie Game Developer

  • I’m presenting my own game – Super Snow Fight.
  • It was a little bit hard to find a hotel close to the fair one month before Gamescom, so next time I will definitely do this earlier.
  • Maybe that’s not the best idea if you want to stay awake the next day, but if you don’t have a hotel room, you can’t do any of these things.
  • When presenting my own game I got the chance to design my own business cards and have them printed.
  • Lots of people wanted to see the games and, if they have to wait too long, they will leave eventually.
  • It would be a shame if someone really likes your game and wants to write about it, but then you forget to send them a beta-key.

save | comments | report | share on

Why Code Comments Still Matter

  • However, there is a recent viewpoint that commenting code is bad, and that you should avoid all comments in your programs.
  • Not all programmers can/will write really obvious code.
  • Programs are unique like fingerprints, so judging whether code is obvious is a subjective call.
  • It can be overwhelming and tedious to comment too much, but some comments are like titles and subtitles in articles.
  • It may be possible to write this program in a more obvious way, but a simple comment at the top of the program would convey its meaning quickly and easily.
  • Google has programming style guides that specify how to write comments.
  • Specialized comments allow tools like javadoc, JSDoc, and apiDoc to automatically generate professional, thorough, and consistent documentation for programs.
  • I always liked to start a program with comments as pseudo code or to do the same in a unit test.

save | comments | report | share on