Wednesday, February 29, 2012

Working for a Living

StackOverflow has recently been running a bunch of ads for their careers site touting jobs that allow working from home. The ads are all kind of whimsical, none more so than this one:


I'm guessing this isn't going to be the most productive home office. Also, does anyone know where I can find one of these combination desk/half open playpens?

Friday, February 24, 2012

Rails Parameter Filters

Secure programming 101 dictates that you should never write sensitive information to log files, and Rails makes this easy by allowing you to specify a list of sensitive fields in the filter_parameters property of your application configuration object (defined in the config/application.rb file). It's even nice enough to give you a sensible default (:password).

I got tripped up by this a couple days ago when a non-sensitive parameter that I didn't want to get filtered out of my logs was getting caught by the filter. I struggled with this for a while until I found the code responsible for the filtering, which clearly states in its comments that it filters out any parameter whose name matches the regular expression /<filter_param>/i. In other words, any parameter that contains one of your filter parameter strings will get filtered. It doesn't even have to be in the same case. Here's some example code demonstrating what's going on

The other thing I discovered is that other code that you include in your project (i.e. gems) can modify the list of filter parameters. For example, the clearance gem adds :token and :password to the filter parameters. To get the definitive list of all of the filter parameters in your application, launch the rails console and inspect the value of <ProjectName>::Application.config.filter_parameters.

Wednesday, February 22, 2012

Failing to Plan...

Is planning to fail, as the old saying goes. That's the reason for astronomical decline of Detroit, according to this piece. While it would be impossible for one person to read every single book or article detailing Detroit's decline, I've read a lot of them, and this is definitely a good one. The comments on this article are amazing as well, nearly 100 so far and almost every single one is as insightful as the article. While I'm on the topic, here's another interesting article about Detroit. I pulled both of these pieces from Richard Florida's prolific Twitter feed. Finally, I recently learned that Detroit was in the running to host the 1968 Summer Olympics. Think about that one for a second. There are some good clips up on YouTube from the movies put together for the selection committee.