The REPL: Issue 101 - January 2023
CTEs as lookup tables
Short and sweet. The syntax is nicer to read, and in my mind it fits better with the SQL mental model of relations.
Ransacking your password reset tokens
The ransack gem is a popular ruby gem to add searching capabilities to a Rails application. This article describes, compellingly, how ransack by default is open to exploitation and can be used to reveal sensitive information in an application. This process reminds me about how Rails allowed (insecurely) mass-assignment of params, which later was changed to not allow any params, unless specifically permitted. That approach is possible with Ransack, too. For existing applications, it can lead to a lot of allow-listing.
Anti-Pattern: Iteratively Building a Collection
It resonates with me that iteratively building an array feels wrong. But why?
The author states:
What follows are some lengthy method definitions followed by rewrites that are not only more concise but also more clear in their intentions.
So… is clarity the key?
Brevity and clarity are great, but one of the things that motivates me to use functional approaches over iterations is to minimize mutation. Written in a functional style your code handles less mutation of data structures, which means that it handles less state. Handling state is were a lot of complexity hides, and the source of bugs. According to Joe Amstrong, creator of Erlang:
Mutable state is the root of all evil.
Find me on Twitter at @ylansegal and Mastodon at @firstname.lastname@example.org