WingNews logo WingNews GitHub [2]

dnerdy's comments

dnerdy | 11 years ago | on: Blackbox: Safely store secrets in Git

You can specify multiple gpg ids when using "pass init":

  pass init [-p sub-folder] [email protected] [email protected]
This enables you to control access per subfolder. You can keep your personal passwords in one subfolder and then have various shared subfolders. "pass mv" and "pass cp" will reencrypt with the gpg ids for each subfolder as necessary. You can also "pass init" an existing subfolder to add or remove gpg ids for existing files. See the man page for details [1].

[1] http://git.zx2c4.com/password-store/about/

dnerdy | 11 years ago | on: VimR – Refined Vim Experience for OS X

Thanks for the feedback! ⌘1 is what you want to focus the sidebar, and <Esc> will take you back to your buffer. We're working on some improvements to the View menu.

dnerdy | 11 years ago | on: Show HN: GitHub-based DNS Hosting

I have a tool that syncs my DNS records to CloudFlare using flat files that I keep under version control. I just extracted it from my personal tool set:

https://github.com/dnerdy/namesync

This flat file format seems to work well, and the tool could potentially be updated to support other DNS providers.

dnerdy | 12 years ago | on: Ask HN: Who is hiring? (October 2013)

Pac Global Insurance Brokerage, Inc - REMOTE or Los Angeles, CA

Full stack Rails developer.

This is a somewhat unique position for the hiring thread. We're looking for someone to take over the development of our website and related back office tools. You would be a one man show working closely with our Operations Manager and have lots of control with respect to scheduling and the technologies we use. Our existing contractors are HN readers (they're the ones helping us make this post). We're looking to take someone on full time. They've used modern tools/frameworks and kept the code base in good order. The point is this: you'll be taking over a well maintained project... not walking into a nightmare.

We think this is a good opportunity for someone who would like to work solo but also be secure in a full-time position.

https://pacglobalins.com

http://careers.stackoverflow.com/jobs/40899/full-stack-ruby-...

[email protected]

dnerdy | 13 years ago | on: Docker, the Linux container runtime: now open-source

I'm glad to see work in the area of making linux containers more accessible. I recently stumbled upon openruko[1], an open source Heroku clone, and from there discovered linux containers and lxc[2]. It takes a bit of configuration to set up useful containers, though. I think the ideas behind Heroku and The Twelve-Factor App[3] are good, and containers are an important building block. I'm excited to see (and I'd like to see more) tools like Docker that aid in robust and streamlined container-based deployments in-house.

[1] https://github.com/openruko [2] http://lxc.sourceforge.net/ [3] http://www.12factor.net/

dnerdy | 13 years ago | on: Django 1.5 released

I think a common use case that requires a bit of hoop jumping is using an email address in place of a username. Example from the docs: https://docs.djangoproject.com/en/dev/topics/auth/customizin....

I suspect this may be the nastiness that's being referred to; this is the use case that I was hoping would be made dead simple.

With previous versions of Django I generated a random hash for use as a dummy/unguessable username, required an email address in the RegistrationForm, customized the AuthenticationForm, created a custom email authentication backend, and monkey patched User with various helper methods.

In 1.5 it looks like the AuthenticationForm will adapt to the field defined in USERNAME_FIELD[1], but a lot of work is still required. Support for easily using email address as the username (or support for easily specifying the username field in general without requiring all the other boilerplate) would probably go a long way.

[1] https://docs.djangoproject.com/en/dev/topics/auth/customizin...

dnerdy | 13 years ago | on: ActiveRecord Vulnerability - Circumvention of attr_protected

As others have said, Django may or may not have security issues. I wouldn't bet against it.

With regard to this vulnerability, however, the '^' and '$' regex pattern characters in python match the beginning and end (or end + '\n') of the string by default. Multiline mode has to be enabled explicitly:

import re

re.match(r'^test$', 'test\n multiline') == None

re.match(r'^test$', 'test\n multiline', re.MULTILINE) != None

So, I think it's a little less likely that this particular vulnerability would be an issue. It's still possible for someone to leave off the '$', but at least that case is a little more obvious.

Also, the Django codebase doesn't have any param processing code that uses whitelisting/blacklisting like this; you have to explicitly lookup values in request.GET and request.POST or use specific field names in a Form. It's a little less convenient compared to mass assignment, but more secure by default.

page 1