 | Lars Fosdal on Security alarm provider Woonve… |
 | Thomas Mueller on Question got closed in May 202… |
 | Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
Posted by jpluimers on 2016/08/31
Cool! No more copy-paste, just upload examples directory from the console through the Ruby gist gem:
The gist gem provides a gist command that you can use from your terminal to upload content to https://gist.github.com/.
Yes, you need Ruby and RubyGems. Deal with it (:
Of course there are more of these, see A list of Gist clients..
–jeroen
via: defunkt/gist.
Posted in Development, Ruby, Software Development | Leave a Comment »
Posted by jpluimers on 2015/06/30
A long while ago, someone (it was too long ago, so I sincerely forgot who, it probably was in the JBuilder era) told me that I should try out Ruby and Scala.
I did take a short look at Ruby back then, but since Ruby was so focussed on Web Development, and my heart really wasn’t there, postponed it to the times that the Web would be hot for me.
Then I should have taken a look at Scala (which compiles to Java bytecode), but since I abandoned Java (JBuilder wasn’t nice, Java programming was slow and modern IDEs like IntelliJ IDEA and Eclipse weren’t there yet).
Now that I’ve done truckloads of work in the .NET and Delphi world (including domain specific languages and Pascal based products), I bumped into these Scala videos by Venkat Subramaniam:
Boy, I should have taken a look earlier: like Delphi and C# it is a statically typed compiled language, but it is on steroids.
Yes, I know it leans on the Java bytecode as a run-time platform, but so does the Android SDK as one of the Java Platforms. Contrary Ruby, which with IronRuby runs on .NET and RubyMotion runs Mac and iOS, Scala does not run on the .NET platform any more.
Given the witty way of presenting I’m surely going to follow Venkat Subramaniam and watch some of his other videos too.
Shortly after watching the above I bumped into this video by Steve Yegge (Google): Dynamic Languages Strike Back – YouTube.
–jeroen
Posted in .NET, C#, Delphi, Development, Java, Java Platform, Ruby, Scala, Software Development | 3 Comments »
Posted by jpluimers on 2015/04/22
A long and shorter while ago, I wrote about practicing your coding and test driven development skills:
Here are some Coding Kata videos of the Bowling Game Kata in various languages and environments. Some of them are dumb (no audio) just like good practice usually is. Note: it helps to know a bit about 10 Pin Bowling Scoring rules.
And since I want to learn Haskell and have done a lot of Tic-Tac-Toe demos inthe past:
For more background information:
–jeroen
Posted in .NET, C#, C# 1.0, C# 2.0, C# 3.0, C# 4.0, C# 5.0, C# 6 (Roslyn), Development, Java, Python, RemObjects C#, Ruby, Software Development | Leave a Comment »
Posted by jpluimers on 2014/05/05
Fun project with potential: pickhardt/betty that was pointed to me by Ilya Grigorik – Google+.
Betty is a natural language (for now: English based) front end for tools like curl, find, wc, whoami, find, etc.
It requires ruby, and runs on *nix or Mac OS X (where it uses osascript for iTunes).
–jeroen
via: Ilya Grigorik – Google+ – Betty is an english-like interface for your command line:….
Posted in *nix, Apple, Development, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, OS X 10.8 Mountain Lion, OS X 10.9 Mavericks, Power User, Ruby, Software Development | Leave a Comment »
Posted by jpluimers on 2014/03/07
Funny charts at andrewvos.com – Amount of profanity in git commit messages per programming language.
The source is online too: AndrewVos/github-statistics.
And it led me to this really nice way of choosing your chart type.
Click to enlarge… Read the rest of this entry »
Posted in .NET, C#, C++, Development, Java, JavaScript/ECMAScript, Perl, PHP, Ruby, Scripting, Software Development, Web Development | 2 Comments »
Posted by jpluimers on 2014/03/05
Thanks John Kaster for pointing me to Wat — Destroy All Software Talks | VK by garybernhardt (Gary Bernhardt) / @garybernhardt.
I did a bit more browsing, and found these links too: recommended watching/reading!
–jeroen
Posted in Development, JavaScript/ECMAScript, Ruby, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2012/09/11
A few on-line code fragment conversion tools that I have come across in the past:
–jeroen
Posted in .NET, C#, Development, Python, Ruby, Scripting, Software Development, VB.NET | Leave a Comment »
Posted by jpluimers on 2011/12/29
When writing my Patch your ASP.NET servers ASAP early this morning, I didn’t have time to research the full extend of the vulnerabilities published at 28C3 (slides, mp4), though a small bell was ringing a message that I had seen something like it before earlier this century.
I was right, this posting on perlmonks direct me to a /. posting in 2003 pointing me to the research paper on low-bandwidth attacks based on hash collisions (pdf version) that I had seen before. Perl 5.8.1 fixed it September 2003 (search for “hash” in that link).
The attack can be used for DoS because a normal distributed hash table insert of n elements will be running O(n), but a carefully crafted insert of those elements will run O(n^2).
Carefully crafting a worst case scenario depends on how well you can predict collisions in the underlying hash table implementation, which – apparently – is not too difficult, and requires little bandwidth.
Many platforms and languages are vulnerable (already archived at the WayBack machine), including those based on Java, Tomcat, .NET, Ruby, PHP and more in greater or lesser extent. I have the impression that the list only includes big names, but presume platforms based on smaller names (ASP, Delphi, Objective C) are equally vulnerable.
Just read the articles on CERT 903934, oCERT 2011-003, Arstechnica, Cryptanalysis.eu, Heise (German), Hackillusion and the research paper published at 28C3.
a few quotes:
“This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work,” the team wrote, noting that such attacks would force Web application servers “to use 99% of CPU for several minutes to hours for a single HTTP request.”
“Prior to going public, Klink and Wälde contacted vendors and developer groups such as PHP, Oracle, Python, Ruby, Google, and Microsoft. The researchers noted that the Ruby security team and Tomcat have already released fixes, and that “Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (critical patch update).”
“The algorithmic complexity of inserting n elements into the
table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request”“We show that PHP 5, Java, ASP.NET as well as v8 are fully vulnerable to this issue and PHP 4,
Python and Ruby are partially vulnerable, depending on version or whether the server
running the code is a 32 bit or 64 bit machine.”
Microsoft seems to have been notified pretty late in the cycle, I presume because the researchers started with a some platforms and finally realized the breath of platforms involved.
The ultimate solution is to patch/fix the platforms using for instance a randomized hash function a.k.a. universal hashing.
Microsoft will provide a patch for ASP.NET later today, Ruby already patched and other vendors will soon or have already (please comment if you know of other platforms and patches).
The links this morning indicated there were no known attacks. That is (maybe was) true for ASP.NET, but for PHP a public proof of concept of such a DoS is has been published by Krzysztof Kotowicz (blog) with sources at github and a demo html page.
Temporary workarounds (based on the some of the links in this and the prior blog post, and the workarounds mentioned here and here):
Some platforms already have applied temporary workarounds (I know of Tomcat (default max 10000 parameters), and PHP (default max_input_vars = 1000) did, and looks like the ASP.NET fix will do too).
Other platforms (like JRuby 1.6.5.1, CRuby 1.8.7 (comments) and Perl 5.8.1 in September 2003 ) fixed it the proper way.
Note: workarounds are temporary measures that will also deny legitimate requests. The only solution is to apply a fix or patch.
A major lesson learned today for a few people around me: when vendors start publishing “out of band” updates, do not trust a single 3rd party assessment with state “initial investigation”, but be diligent and do some further research.
–jeroen
PS: Just found out that most Azure users won’t need to manually apply a fix: just make sure your Hosted Service OS servicing policy is set to “Auto”.
Posted in .NET, ASP.NET, C#, Cloud Development, Delphi, Development, Java, PHP, Ruby, Scripting, Software Development, Web Development, Windows Azure | 6 Comments »
Posted by jpluimers on 2010/05/25
Having done quite a bit of C and C++ work in the past, I often still use “Yoda Conditions”, especially in environments where you have both = and == as an operator.
So, in a boolean expression, I often put the constant to test in front of the test.
I recently learned at stackoverflow that quite a few people call these “Yoda Conditions”:
“Yoda Conditions”— the act of using if(constant == variable) instead of if(variable == constant), like if(4 == foo). Because it’s like saying “if blue is the sky” or “if tall is the man”.
Thanks to dreamlax for helping me find that.
This is a problem in languages that have both the = and == operators, and the result of an assignment itself is also a value (i.e. allowing a = b = true). Read the rest of this entry »
Posted in .NET, C#, Delphi, Development, Java, Ruby, Software Development, Web Development | 22 Comments »
The Wiert Corner - irregular stream of stuff 