The REPL: Issue 21 - April 2016
The Optimist’s Guide to Pessimistic Library Versioning
Richard Schneeman, writes a well though out post on library versioning. He previously wrote about Semver and now continues on that vein with how it applies in practice for library authors and users. The key take-away is that adhering to Semver and the widespread use of optimistic locking can alleviate a great deal of the pain of maintaining and upgrading dependencies for projects.
Detecting the use of “curl | bash” server side
Internet security is fascinating. I have read advise that before using
curl to download a file and piping directly to
bash, you must ensure that you know what you are downloading. However, as this post proves, looking at the URL in your browser is not enough. By using a clever trick to detect how data is being pulled from a server, an attacker can present different content when URL is being downloaded and piped to
bash. Security is hard. Really Hard.
Git history is underrated
Author’s thoughts on what a project’s log of commit messages are: A history of why the code in the repository is the way it is. For the reasons outlined, I prefer never to squash commits when merging.
Find me on Twitter at @ylansegal and Mastodon at @email@example.com