tag:www.bawdo.com,2005:/postsbawdo.com2014-02-02T16:40:43+09:00tag:www.bawdo.com,2005:Post/562014-02-02T16:40:43+09:002014-02-02T16:40:43+09:00So long and thank you Amazon<p>
My official last day as an employee of Amazon was January 31st, 2014. After almost seven years it is time to move on. The decision was not an easy one as I really did enjoy most of my time at Amazon and was lucky to work along side some excellent and fun people.</p>
<p>
As of Febuary 1st, 2014 I'm officially an employee of Groupon. My first day in the office will be tomorrow - Monday, Febuary 3rd, 2014.</p>
<p>
I was not looking to leave Amazon. However after a lunch with a couple of recruiters my interest was piqued. Subsequently, every interview I had with Groupon was good. I liked the people and got the feeling that the engineers are smart and engaged and really want to take Groupon forward and make it a stella technology company. I'd like to be part of that.</p>Keith Bawdentag:www.bawdo.com,2005:Post/552013-01-13T00:03:07+09:002013-02-27T21:49:41+09:00Rails Remote Code Execution Vulnerability<p>
For those friends with rails apps. A nasty Remote Code Execution Vulnerability affecting Ruby on Rails was announced on Jan 09, 2013 <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ">https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ</a></p>
<p>
To see if your install is affected try out the following steps:</p>
<pre>curl -i -H "Content-Type: application/xml" -X POST -d '<id type="yaml">--- !ruby/object:ActionController::Base bar: 1</id>' http://127.0.0.1/</pre>
<p>
Then check your logs. If you see an object like this then you need to upgrade or workaround:</p>
<pre>grep 'Parameters.*ActionController' log/production.log
Parameters: {"id"=>#<ActionController::Base:0xb6e0fbbc @bar=1>}</pre>
<p>
If however you have a string instead of an object then you are ok. For example.</p>
<pre>grep 'Parameters.*ActionController' log/production.log
Parameters: {"id"=>"--- !ruby/object:ActionController::Base bar: 1"}</pre>
<p>
BTW - These examples are all taken from my own server, your output may be a little different. Just make sure you have a string in there and not an object.</p>
<p>
<span style="color:#808080;"><span style="font-size: 10px;">By Keith Bawden</span></span></p>
Keith Bawdentag:www.bawdo.com,2005:Post/542012-10-02T23:49:00+09:002012-10-03T00:02:07+09:00Sapporo Ruby Conference 2012<p>
This year, 2012, I attended the Sapporo Ruby Conference for the first time. This was the second ruby conference I had ever been to. The first one was RubyKaigi2011.</p>
<p>
I have to admit the Sapporo one was a lot more fun but lighter weight on the talks. So in some ways much better but in other was just great and not excellent. So <strike>no complaints at all</strike> the only complaint was the crazy heat in the main hall.</p>
<h3>
The Aussie Contingent</h3>
<p>
</p>
<table style="width: auto; ">
<tbody>
<tr>
<td>
<p>
<a href="https://picasaweb.google.com/lh/photo/U-0s-ksbqkka4BHnYLEGzjkA76sYMlw7tmQCpeYbqHo?feat=embedwebsite"><img height="225" src="https://lh5.googleusercontent.com/-2OJdM05dqgY/UGr-Dm3Mo9I/AAAAAAAAAnY/wkwzZrFWc6E/s400/P9152115.JPG" width="400" /></a></p>
<p>
</p>
<h2>
Where to next?</h2>
<p>
The next ruby conference I'm off to this year will be the <a href="http://www.rubyworld-conf.org/en/">RubyWorld Conference 2012</a> here in Tokyo. I've never been to one of these so I'm looking forward to it.</p>
<p>
However, during the Sapporo conference a polish bloke presented and then mentioned several times at dinner about a conference in Poland each year called <a href="http://http://railsberry.com/">railsberry</a>. It looked and sounded excellent and I would love to get to one!</p>
</td>
</tr>
</tbody>
</table>
Keith Bawdentag:www.bawdo.com,2005:Post/532012-10-02T23:07:11+09:002012-10-02T23:30:31+09:00Yapc::Asia 2012<p>
</p>
<table style="width: auto; ">
<tbody>
<tr>
<td>
<p>
<a href="https://picasaweb.google.com/lh/photo/wLrkKrvkjF2Ph6EVepTEEdMTjNZETYmyPJy0liipFm0?feat=embedwebsite"><img height="145" src="https://lh3.googleusercontent.com/-TU8bGGxwAZs/UGr0uJwQtZI/AAAAAAAAAm4/zWOcg-xgOiQ/s400/P9292145.JPG" width="600" /></a></p>
</td>
</tr>
<tr>
<td style="font-family:arial,sans-serif; font-size:11px; text-align:right">
From <a href="https://picasaweb.google.com/106857227817345963550/ScrapbookPhotos?authuser=0&feat=embedwebsite">Scrapbook Photos</a></td>
</tr>
</tbody>
</table>
<h3>
The worlds biggest YAPC</h3>
<p>
I attended my third <a href="http://yapcasia.org/2012/">YAPC::Asia</a> conference in September of 2012. The new venue was swanky and well located. Except of course that earlier this year I moved to within a 15 minute walk of the old venue only to have it move to a 35 minute train ride away.</p>
<p>
This year like every other I had the opportunity to catch up with a few friends that travel from abroad to attend. Hanging out with geek mates is really what conferences are all about for me. Whilst I enjoy most of the talks I really get more out of catching up and geeking out in the foyer with friends - old and new.</p>
<p>
The atmosphere of the conference is noob friendly. So much so that a talentless hack like myself can have a chat with people that are core developers of various projects (including Perl 6, NYTProf and more), and not be mocked at every turn. Thanks boffins, you know who you are.</p>
<p>
Whilst I do not use Perl at work any more I still enjoy these conferences, but I would really like to get to a YAPC in both the EU and the US some time. Next year maybe.</p>
Keith Bawdentag:www.bawdo.com,2005:Post/522011-11-06T02:07:28+09:002011-11-06T02:07:28+09:00Introducing Liam<table style="width:auto;"><tr><td><a href="https://picasaweb.google.com/lh/photo/UyWaUp3WJtBmTI_MpnALtA?feat=embedwebsite"><img src="https://lh6.googleusercontent.com/-kKvR7MDvExQ/TrVs0hh2xhI/AAAAAAAAAKA/YHqZkRjwREg/s400/liam.jpg" height="226" width="400" /></a></td></tr><tr><td style="font-family:arial,sans-serif; font-size:11px; text-align:right">From <a href="https://picasaweb.google.com/106857227817345963550/ScrapbookPhotos?authuser=0&feat=embedwebsite">Scrapbook Photos</a></td></tr></table>Keith Bawden