I'm fixing a security exploit, and it's a goddamn mountain of fuckups.

First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.

Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!

Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!

Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.

Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.

So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.

Hey!
I won a competition called “Google Code-In” and I’ll be in San Francisco this June. We’ll be visiting Google’s office is San Francisco & Mountain View. I would also like to visit other offices. Are there any which are open for public visit ?

Sitting in a mountain cabin with a maverlous view over the surrounding area. A mountain lake is near the cabin and the mountains are raising around it. A blend of a lot of colors. Coding on some interesting project with some nice people. Just enjoying life. Being able to take a hike or run in the nature to be inspired to do some more coding.

Facebook owner Meta Platforms, 2,564 job cuts in Menlo Park, San Francisco, Fremont, Sunnyvale and Burlingame
Google, 1,608 layoffs in Mountain View, Moffett Field, San Bruno and Palo Alto
Salesforce, 1,151 staff cutbacks in San Francisco
Twitter, 900 layoffs in San Francisco and San Jose
Cisco Systems, 673 job cuts in San Jose, Milpitas and San Francisco
Grocery Delivery E-Services (HelloFresh), 611 layoffs in Richmond
Amazon, 524 staffing cuts in Sunnyvale and San Francisco
Intel, 490 job cuts in Santa Clara and San Jose
Rivian Automotive, 448 layoffs in Palo Alto
Lam Research, 400 staffing cuts in Fremont and Livermore

They moved my desk again. Still an open floorplan, but the room is much smaller, and in this office I'm sitting by people with whom I actually work.

Also there's WiFi in the can, so I'm all set.

HOW TO GET A PROFESSIONAL BITCOIN RECOVERY EXPERT HIRE SPARTAN TECH GROUP RETRIEVAL

Website: h t t p s : / / spartan tech group retrieval . o r g

WhatsApp: + 1 ( 9 7 1 ) 4 8 7 - 3 5 3 8

Telegram: + 1 ( 5 8 1 ) 2 8 6 - 8 0 9 2

Flying over mountain tops and cruising above crystal blue oceans, I capture the world from a drone's-eye view. Precision is my business, both in cinematography and in safeguarding my finances. That is, until the day both crashed, literally. I had securely saved $480,000 in Bitcoin on a hardware wallet stored safely inside my drone case. My plan was foolproof. Or so I thought. It was a standard flight over a picturesque Icelandic lake. The sun was setting impeccably over the rolling water, that Holy Grail of cinematic gold. I was midway through the flight, controlling the drone with the finesse of a virtuoso, when a savage North Atlantic gust of wind turned my concerto into a catastrophe movie. My drone dropped from the sky with a dramatic splash that would have won an award for best special effect if it was not my wallet sinking along with it.Cue panic. I was on the lakeshore, staring into the void, balancing the odds of swimming into hypothermia with the prospect of recovering my digital fortune. Spoiler alert: I opted for hypothermia. Three freezing dives later, I surfaced empty-handed and 100% convinced I had just donated my Bitcoin to Poseidon. Defeated, trembling, and contemplating a career change, I recalled another pilot at a tech conference raving about SPARTAN TECH GROUP RETRIEVAL. Desperation led me to call, still wrapped in a towel like a damp burrito. From that first call, their crew reacted to my situation as though it was a search-and-rescue mission. Not only were they tech-savvy, they knew my universe, my language, my horror. With a blend of satellite positioning, sonar mapping, and some technological Spartan that I still don't fully understand, they helped pinpoint the approximate location of my underwater drone. More incredibly, they remotely pulled the wallet details from my water-logged device, defying the laws of nature and logic. Two weeks later, they sent my Bitcoin back to me, like returning a set of lost car keys. I nearly cried. No, wait, I actually cried. Tears of happiness. My drone is in the air again today, my wallet is securely backed up (on land), and my faith in humanity (and technology) is soaring. SPARTAN TECH GROUP RETRIEVAL, not only did you retrieve my Bitcoin, you restored my sanity. Count me as your forever flying ambassador.