Ruby: Too Smart for its own Good

A few years ago when I was learning rails, I sounded off that Ruby’s lax policy surrounding parentheses was a problem. Specifically, that it is impossible to tell the difference between a method call and a variable reference. There is now an open bug against Ruby 1.9.1 at that demonstrates the problem.

User-Agent is not a Security Feature

Using a user-agent string to prevent session hijacking is roughly equivalent to a stupidity test. “Hello, I see you’re trying to hijack a session there. Why don’t you prove to me you can supply the target’s UA string?” Session hijacking is particularly useful for hackers because anyone with a familiarity with protocol understands that login […]