Comments for Less Post More GET

Comment on Line count and maintenance cost by pret implanturi dentare

pret implanturi dentare — Fri, 04 May 2012 15:50:04 +0000

…Check this out…

[...]Great weblog right here! Additionally your website loads up very fast![...]…

Comment on Google needs to add this Gmail feature. by Corey Grusden

Corey Grusden — Mon, 03 Jan 2011 19:10:06 +0000

That would be a sweet feature. I hate it when people do that shit to me.

Comment on Line count and maintenance cost by Thoughts on Pair Programming « Less Post More GET

Thoughts on Pair Programming « Less Post More GET — Tue, 22 Jun 2010 19:55:46 +0000

[...] that pair programming tends to keep developers near the minimum of the cost curve (written about in Line Count and Maintenance Cost) instead of the arcane and wordy areas of the [...]

Comment on 25 Thoughts on Agile Development by Markus Waletzko

Markus Waletzko — Wed, 26 May 2010 15:44:18 +0000

Web video at its best! Do you have any advice for someone just out of university

Comment on Login forms are broken in ruby on rails by wiscoDude

wiscoDude — Sat, 27 Feb 2010 16:44:28 +0000

Hey Craig, thanks for the comments.

All systems for logging in that I know of do not enforce uniqueness among passwords. It would be a strange constraint on a user’s password and I think there are enough of those already. (passwords gone wild)

So, you could never reliably look up a user by the password entered. The only choice is to first look up by the unique token (email address, user name, whatever) and then make sure the password entered matches the password stored. (I’m simplifying, we shouldn’t store the original password.)

With this said, your example doesn’t actually cause a problem. “def” could be the password for multiple people and it is simply ignored because we can make no claims with the paucity of information it contains.

On the other hand, because user names are forced to be unique, we can very well assume that if a person enters John123, they intended to sign in to that account.

It still comes down to an incomplete or misguided notion of security by the developers of the common rails authentication gems.

Comment on Login forms are broken in ruby on rails by Craig

Craig — Fri, 26 Feb 2010 21:49:06 +0000

The reason for the ambiguous error message may not be just security. Consider two users: John123 (password: “abc”) and John124 (password: “def”). If I enter John123 and “def”, how do I know which is wrong. It is a valid password for somebody, and it is a valid username for somebody else. All I know is that the two do not match, so I tell them that one of them is wrong. It is not about security at all, it is about my inability to distinguish which field is wrong.

Comment on No-Reply Emails? Why would you ignore your customer? by Regina

Regina — Fri, 26 Feb 2010 15:38:58 +0000

OMG, I have been searching for this information. Technology always gets the best of me when I need it most.

Comment on 25 Thoughts on Agile Development by Mark McEahern

Mark McEahern — Sat, 13 Feb 2010 02:38:14 +0000

The ability to prioritize is often missing. A way to measure this is the degree to which people feel comfortable with a list of deferred features. I always felt a sense of accomplishment when I could say we were done with something without hiding the fact that there were features that weren’t done.

You can argue about whether any given non-implemented or not completely implemented feature is important. But stack it up against releasing the features that *are* implemented. Does the cost of its absence or the benefit of its presence outweigh the cost of not delivering what’s already done?

Talking about requirements often leaves unchallenged the notion that there is some System that is the full and complete set of requirements. Feature talk is all about a world of infinite variety and choice.

Comment on + (plus) don’t get no respect by wiscoDude

wiscoDude — Wed, 07 Oct 2009 12:16:47 +0000

Thanks Veez. Getting comments motivates me to finish some posts on my list. I’ll bang out a post this weekend.

Comment on + (plus) don’t get no respect by Veezus Kreist

Veezus Kreist — Tue, 06 Oct 2009 23:47:53 +0000

I use plus notation all the time, and I agree with everything in your post. However, that Tombstone reference is so awesome that I felt compelled to leave a comment. Nicely done!