-
Entry Level Mistake
We (my employer) recently parted ways with a development vendor and yesterday I was combing through various repositories, cleaning up the nightmare that was their branching strategy (or lack thereof) when I stumbled across this little gem:
Bad Code: Hard-coded passwords and a comment acknowledging the problem
Two thought immediately popped into my head:
- Why would you hard-code credentials into your application?
- Why wouldn’t you have stronger credentials right off the bat?
I have to take some of the accountability here; as the Lead at my company, code quality falls within my realm of responsibility. Thankfully, this commit never made it out of the Development branch…but it’s all to easy to imagine this sort of problem making it’s way up the chain, into Production. Honestly, I never thought I’d have to add “do NOT hard-code credentials” into our guidelines for new developers but then, I’ve been wrong about a lot of things in my career… π
On a lark, I took my Mac down the hall to our cyber security expert and asked her to spot the problem. It took her all of ten seconds to start laughing. Once she was able to stop giggling, she offered two bits of advice:
- Stash this sort of issue in your “this is bad code” file to show to junior developers as a teachable moment.
- Look into something called SonarQube to help automate the detection of potential security issues in source code.
It’s an old, tired stereotype that developers hate interacting with security folks but every time I talk with our cyber security expert, I get homework…and that’s an absolutely wonderful thing; when we stop learning, we start to degrade.
Note: This post is from my old site and was ported over into Micro.Blog when I consolidated from two sites into one. All of the migrated posts can be found here.
-
10 Years
It’s rather surreal to think about but tomorrow is officially ten years with my Partner.
Note: This post is from my old site and was ported over into Micro.Blog when I consolidated from two sites into one. All of the migrated posts can be found here.
-
Blogging...Then and Now
Once upon a time, in a land far away, there was a developer who went by the name of Jon. He decided it would be a grand idea to start a blog after college…and decided on WordPress. It was the thing back then, all the rage…and it seemed like a great idea to start learning PHP. Of course, as is the case with most nonprofessional blogs, new posts were written with less frequency as time went on, until the point where the developer let the hosting lapse and that was the end of it.
Screenshot of the old lostinhaste.com blog
Fast-forward a number of years and I decided it would be a jolly good idea (you’ll have to forgive me dear reader, for the British phrase, as I’m currently watching As Time Goes By) to start up writing again; the reasons are unimportant and will likely be covered in a future post but that’s for another time… I thought about going back to WordPress but while I owned a series of domains, I wasn’t all that keen on getting into bed with another hosting provider. However, I’d recently switched to Fastmail and it provides the ability to not only store files but can also be used to host static websites.
After hearing about static site generators over the course of numinous episodes on the Stacktrace podcast, I decided to do a little bit of research. It seemed using a SSG provided the best of both worlds: the speed of statically generated files with the dynamism of a traditional CMS. Given the constraints of Fastmail’s file hosting (static files only), using a SSG seemed to be a perfect fit. I’ve no idea how I settled on Hugo but thus far it seems to be going well.
So there you have it, the backstory for this site and a tiny bit of history.
Note: This post is from my old site and was ported over into Micro.Blog when I consolidated from two sites into one. All of the migrated posts can be found here.
-
Is This Thing On?
Hello World!
Itβs been a crazy long time since I wrote anything online…howβs everyone doing?
Note: This post is from my old site and was ported over into Micro.Blog when I consolidated from two sites into one. All of the migrated posts can be found here.
