Hacker Newsnew | past | comments | ask | show | jobs | submit | jfhufl's commentslogin

Unsure what you mean?

    $ ruby -e 'x = "25" ; if x =~ /^\d+$/ ; puts "yes" ; else ; puts "no" ; end'
    yes
    $ ruby -e 'x = "25\n" ; if x =~ /^\d+$/ ; puts "yes" ; else ; puts "no" ; end' 
    yes
    $ ruby -e 'x = "a25\n" ; if x =~ /^\d+$/ ; puts "yes" ; else ; puts "no" ; end'
    no
Also, you'd want to use something that parameterizes the query with '?' (I use the Sequel gem) instead of just stuffing it into a sql string.


You need to make your regex multi-line (`/^\d+$/m`), but that isn't the problem shown. Your query will be searching for `25\n`, not `25` despite your pre-check that it’s a good value.

The second line should always be no, which if you use `\A\d+\z`, it will be.


Yep, makes sense, thanks!


Well, learned something today after reading a bit further in the thread:

    ruby -e 'x = "a\n25\n" ; if x =~ /^\d+$/ ; puts "yes" ; else ; puts "no" ; end'
    yes
Good to know.


    $ ruby -e 'x = "25\n; delete from people" ; if x =~ /^\d+$/ ; puts "yes" ; else ; puts "no" ; end'
    yes


Dinky Toys!!! I had Eagles, ships from UFO, a Klingon ship...loved them!


Wow, I did something like that for my senior project back in '94 using Inventor on an SGI workstation.


If you still have IMAP access, thunderbird supports OAuth2 for connecting to O365 IMAP. tbsync for calendar access. Seems to work pretty well currently.


That is my setup. Works 100%.


No more IMAP


I think that's the major problem with software engineering in general: when is software "done" ?


When you can no longer remove anything else.


I have Number-Form and Time-Space synesthesia - helps with remembering numbers and dates:

https://en.wikipedia.org/wiki/Number_form

https://www.discovermagazine.com/health/the-rare-humans-who-...


Would Nix benefit from something like the old CMU depot program?

http://www.cs.cmu.edu/afs/.cs.cmu.edu/help/content/unix_linu...

Consolidating everything you want into /usr/local (exclude packages you don't want). I used to use this at my old job before package managers were ubiquitous.


Interesting - I may have hyperphantasia? Most of my thoughts are accompanied by images, and I can rotate and unfold things. It's so vivid I seem to have two types of synesthesia:

    https://en.wikipedia.org/wiki/Number_form
    https://www.discovermagazine.com/health/the-rare-humans-who-see-time-and-have-amazing-memories


Nothing is "secure or not" - technologies/mitigations are secure against particular attacks. HTTPS is generally secure against passive network eavesdropping, but does nothing to stop local file inclusion in a web app.

Just because there are attacks or ways around a particular defense doesn't mean it's worthless, that's why we have defense in depth.


This. That's why they call them 'attack vectors'.

I disagree with the main thesis for why JWT is a problem. JWT isn't necessarily encouraging you not to hit the DB for user lookup. This is the claim the article makes as a problem with revocation.

It reads like a really long thoughtful article based entirely on false assumptions for how to best use it.

It's ok to carry around some encrypted state in your tokens for some uses cases.


This works too:

    % cat /tmp/sh
    var=variables
    x=$(
    cat <<EOT
    This string has 'single' and "double" quotes and can interpolate '$var'
    EOT
    )
    echo $x

    % bash /tmp/sh
    This string has 'single' and "double" quotes and can interpolate 'variables'


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: