-
Hahaha very topical
-
I saw this demoed at an OWASP meeting last night and hadn’t heard of it before. It’s a static analysis tool for Rails projects. Just install it, run
brakemanin a rails project directory and it’ll scan through the code and report any warnings.I ran it on the Lobsters code and it showed a few false positives (potential XSS and unprotected redirections) but otherwise a pretty interesting project.
-
We run brakeman as part of our continuous integration suite. I love it.
Regarding false positives, we built our own extensions to permit the “blessing” of certain problems. When brakeman goes red on CI, developers investigate and if its a false positive they “bless” it so that it won’t complain about that error again and the build will be green.
We also run Tarantula on CI, which I recommend as well: http://github.com/relevance/tarantula
-
-
Building products people love using Ruby/Rails/CoffeeScript/Backbone at Appfolio. Our portfolio of products is up to four: SecureDocs, RentApp, PropertyManager, and MyCase.
I’m all over the place: technical work, recruiting, managing, everything. Working with the most talented team I’ve ever worked with in my life.
p.s. We’re hiring. :)
-
I still haven’t wrapped my head around whether its a good idea or not, but it is interesting… Either way I do think it’ll have some trouble getting off the ground the way they approached the dual license – reminiscent of meteor.js when they first launched.
-
-
It’d be interesting to see an opinion on the AGPL and JavaScript, considering you never really do any ‘linking’ and no object code is produced.
Also as long as you’re not doing Node, the AGPL shouldn’t be a problem.
-
-
Agreed. Ruby’s best and worst feature is the standard library…
-
Even without the licence I think I landed on that I think this is a bad idea. Sure it has a lot of feature the native ECMAScript doesn’t but when do we need the method
centre? Why base a feature-set on another language instead of figuring out that is relevant for the problem we’re trying to solve. There is also a lot of libraries out there that solves this in a more clever way IMO (e.g Underscore).My biggest problem is introducing new objects for every thing and the need to convert them to native objects if you need to pass them to 3rd party frameworks or even parts of our application that is not converted to using RubyJS yet, especially when you need to convert them recursively. And just to call the methods from the prototype instead of via a method (e.g. Underscore’s each: _.each(array, function() {}) vs. array.each(function() {}))
-
-
I was a bit disappointed by this one. The buildup seemed great, like they were going to solve the same use cases for bookmarks through something radically different (and better). The only actual result we got to see (“dropzilla”) seemed like a minor and incremental change to bookmarks.
-
Yeah, bizarrely, the author seemed really excited to talk about every other stage of the design process in a complete way, but seemed almost embarrassed by the result of the design process. It felt like dropzilla was an afterthought, even though it was theoretically the deliverable from the process.
-
True, but all the other stages of the process have built up complex structures and understanding in the minds of all involved, which I expect will yield returns in future related features.
-
-
I agree. The tiling support is not particularly novel, and aggregating saved links from services doesn’t seem to solve the problem they stated, either.
I’m trying to wonder what a good way to sort and save things would be. del.icio.us had a good idea (tagging content for fast retrieval) but it was hampered by the difficult to catalogue (I don’t want to have to think about what tags fit my content). I currently use pinboard.in for a similar service, but it’d be nice to get automatically tagging bookmarks (I think this can be inferred by page content, hostname, and other metrics) and then do a general grep of these similar to search found in modern mail clients.
-
-
andrew
5 years ago
|
link
| on:
Open Dev: Making Space for Exploration in the Software Development Schedule
We’ve been using similar techniques for awhile where I’m at with great success. We set aside every other friday for unstructured development work. Recommend this 100%.
From my experience, no software development process (kanban, scrum, whatever) can effectively capture all the things that need to happen to keep a product and a codebase healthy. Whenever I’ve been in an environment where all of the engineers' time is “spoken for”, it leads to bad outcomes.
Leaving some slack in the system that is dominated by individual human judgement is a great way to avoid this.
-
Ruby has quite an ornate grammar, so the first thing I tried broke in opal. I opened an issue.
https://github.com/opal/opal/issues/137
Looking through the issue tracker there are a number of other ruby features which are unimplemented/implemented poorly. Like blocks: https://github.com/opal/opal/issues/130
It’s a nice idea, but they have a long slog ahead of them to implement ruby.
-
If you try to reimplement the Ruby grammar yourself, you’re gonna have a bad time.
This is still a neat project, even though it will probably only be a toy.
-
There are two known good ways to re-implement the ruby grammar
cargo cult what’s in parse.y, EXPR_MID and all. (There seems to be a bunch of unused lexer states that appear in every attempt).
use a generalized parser and disambiguate the parse tree later.
The ruby grammar is somewhat ambiguous, so either you have to disambiguate in the lexer, or the parser. The lexer route is the parse.y technique – using the symbol table, and having the parser change the lexer state to force it to return specific tokens (DO_COND/DO_LAMBDA, etc). The parser route is cleaner, but comes with the cost of GLR parsing.
The ruby grammar is somewhat ambiguous, so either you have to disambiguate in the lexer, or the parser.
-
-
I know there’s at least one MRI bytecode vm written in JS, but I can’t think of the link now
-
coldruby looks like what you’re thinking of. From the readme it seems it runs YARV bytecode in a JavaScript runtime. Although I don’t see it mentioned, there’s an older project hotruby that’s got to be the inspiration for coldruby. It might be fun to flesh out @tenderlove’s Scheme to YARV bytecode compiler to mix ruby, scheme, and js on coldruby (although that’s missing the point/coolest part of his gist (omg RubyVM::InstructionSequence.load with fiddle!))
-
-
-
-
-
I’m surprised this link is as highly voted as it is.
-
I think many people have trouble managing inboxes. Spam is a largely solved problem, but now in addition to human-human correspondence you will get notifications, daily deals, forum summaries, posts from mailing lists…this makes email management difficult.
I just discovered and subsequently enabled gmails “smart labels” thanks to this article. Incidentally, I think that was the only valuable tip out of the three. “batch your email” has been repeated ad nauseum since Tim Ferriss' book, and folders/labels have been around literally for decades.
-
I am Niraj, the writer of this post.
I thought batch your emails is the most important piece of advice I could give on this. While we complain about email overload, it is very important to note that we feel overloaded because we’re going to our inboxes too often. This is the single biggest reason behind our email woes. Our email handling is like a background process running and eating our resources all the time.
We’re in the process of building a product which will help you schedule when new emails hit your inbox. That should be a great way to time when you go to your inbox. This is launching within weeks.
-
-
I don’t understand… This article calls itself a “study”, but no study was done. The author just made up tables 1 and 2? And then most of the subsequent results came from that?
Regardless of whether you like or dislike pair programming, If no data was collected to back up these numbers, this “study” is just opinion.
Wow, good catch. I skimmed right over the part where he said the data in the tables is there because he put it there. Shady.