Ruby: Too Smart for its own Good

A few years ago when I was learning rails, I sounded off that Ruby’s lax policy surrounding parentheses was a problem. Specifically, that it is impossible to tell the difference between a method call and a variable reference. There is now an open bug against Ruby 1.9.1 at that demonstrates the problem.

User-Agent is not a Security Feature

Using a user-agent string to prevent session hijacking is roughly equivalent to a stupidity test. “Hello, I see you’re trying to hijack a session there. Why don’t you prove to me you can supply the target’s UA string?” Session hijacking is particularly useful for hackers because anyone with a familiarity with protocol understands that login […]

Databases: Null is not a value

Many programming languages contain the concept of a null “value,” which can mean “nothing,” or may be precisely equal to integer zero. When encountering this in a database, it would be natural to assume it means roughly “nothing.” This is a naive, although workable definition of null. As we’ve seen, simplified and even incorrect definitions […]

You're Doing Agile Wrong

Agile is the hip new software development methodology. Everyone from Fortune 100 firms to doughnut shops are trying to implement it these days. When even a US Department of Defense contractor is trying to become agile, a serious paradigm shift away from the traditional waterfall approach to a better methodology must be happening because agile […]