I hate it when my computer asks me if I am “sure”. Install a Firefox add-on? Send a file to the Trash? Connect to the network? Are you sure?

Some of these actions could cause lasting damage, and perhaps deserve special consideration. A Firefox add-on has full access to your machine and could do nasty, irreversible things, like committing credit card fraud from your own IP. For this reason Firefox requires a mousing pole-vault: Click the provided “Edit Settings” button, click Allow in the new popup, close the pop-up, click install again. Even when you’ve previously granted permission for this site, FF still makes you wait 3 interminable seconds before allowing you to go ahead and click the Install button. A little cooling-off period…

So I am working my way through my first Rails app. I’m trying to start out on the right foot and practice Behavior Driven Development. There are tons of great examples of what to do in the model, and if you dig a little you can check out some controller

We’ve been storing passwords in plaintext for a while. Like the good folks at Reddit, we find it makes it easy to restore user account access. More importantly, it makes it easy to log into a client install without any infrastructure beyond the mysql command line. It is problematic because it means a database breach is a whole-system breach. An attacker armed with an administrative login can upload files, run arbitrary scripts, and generally make mischief…