The REPL: Issue 21 - April 2016
The Optimist’s Guide to Pessimistic Library Versioning
Richard Schneeman, writes a well though out post on library versioning. He previously wrote about Semver and now continues on that vein with how it applies in practice for library authors and users. The key take-away is that adhering to Semver and the widespread use of optimistic locking can alleviate a great deal of the pain of maintaining and upgrading dependencies for projects.
Detecting the use of “curl | bash” server side
Internet security is fascinating. I have read advise that before using curl
to download a file and piping directly to bash
, you must ensure that you know what you are downloading. However, as this post proves, looking at the URL in your browser is not enough. By using a clever trick to detect how data is being pulled from a server, an attacker can present different content when URL is being downloaded and piped to bash
. Security is hard. Really Hard.
Git history is underrated
Author’s thoughts on what a project’s log of commit messages are: A history of why the code in the repository is the way it is. For the reasons outlined, I prefer never to squash commits when merging.
Find me on Mastodon at @ylansegal@mastodon.sdf.org,
or by email at ylan@{this top domain}
.