TIL, 2018-05-04, Security Things.
Musings, Security
- Answering some problems on Brilliant re: algorithms.
- Intermediate value theorem:
- Is it more secure to program a client-server system in a language other than English?
- Technically, yes, but it is security by obscurity, which is a bad idea.
- Google Translate.
- It makes things harder.
- All of the built-in functions are in English.
- People can reverse engineer code from machine code!
- TL;DR: produce readable code. For the people that should deal with it. In case of doubt, you should prefer the one most people know about.
- Kerckhoffs’s principle
- A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
- Security through obscurity
- A system or component relying on obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, that will be sufficient to prevent a successful attack. Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism.
Musings, JS
- ECMAScript
- JS was named JS in the hopes of capitalizing on the success of Java.
- ECMAScript is a standard, and JS is the most popular implementation of that standard. Other implementations:
ActionScript
, V8. - Expect an update annually.
- ES8
- String padding:
'es8'.padStart(5, 'w') // 'wwes8'
,'es8.padEnd(6, 'w')'
Object.values
andObject.entries
.Object.getOwnPropertyDescriptors
: defined directly on the object, not inherited from the object’s prototype.- Trailing commas in functional parameter lists and calls.
async function
: declares that it will not block the flow of things.
- String padding:
Musings, Back-end
- Link vs URL: URL is the location of the resource, link is the HTML control.
- Thesauruses (Thesauri?) are good for searching things re: similar words.
- Postgres has array data type.
add_column :users, :emails, :string, array: true, default: '{}'
- JSON in DB:
- Avoid complicated joins, like in Trello.
- Maintain data that comes from an external service in the same structure and format (as JSON) that arrived to you as.
- Avoid transforming data before returning it via JSON API.
- You can index on a key in the JSON hash.
- JSONB vs JSONB: The JSON column will store the JSON string as is, and JSONB will parse it for indexing sake.
- Encoding in Ruby:.
- Encoding: a series of bytes. A string’s encoding defines the mapping between chars and bytes.
- To fix encoding things: figure out what encoding your string is in (
string.encoding
). - Re-encode with
string.encode('UTF-8', 'Windows-1252')
. (THE ARGUMENTS ARE REVERSED.) - Available encodings:
Encoding.name_list.sort
- Rails 5.1 has
delegate_missing_to
?- Subclasses can access private methods, and decorators can only access public methods. This makes it easier for subclasses to break.
- Decorators can be especially useful when you’re breaking apart large classes. With decorators, it’s easier to follow the Single-Responsibility Principle – each decorator can do one thing and do it well, and you can combine decorators to get more complex behavior.
- Able to set up a test with decorators rather than subclassing (you can test the decorators without having to load heavy weight dependencies, like an ORM).