Dan Mayer

OK, I am going to try out ruby.social / Mastodon, feel free to follow me over there. @danmayer/109252345626338486" target="_blank" rel="nofollow noopener">ruby.social/@danmayer/1092…

I might finally be as functional in TailwindCSS as I have been at bootstrap in the past... it really took some time to get there, I had to stop just messing with it and do some focused practice and learning to get over the hump

Thx folks it was fun and had a good run, last tweet for awhile. You can find me at @danmayer" target="_blank" rel="nofollow noopener">ruby.social/@danmayer if you are on #Mastodon

Just cut a binary release of Rubyfmt v0.8.0, which is the first daily drivable build of Rubyfmt! Please give it a go :3 github.com/penelopezone/r…

Review of Gardyn 2.0 (vertical hydroponic garden) after 18 months of use... Loving lots of fresh produce mayerdan.com/fun/2022/11/10…

@rbates Yeah lots of fun ;)

It’s almost eerie how much ruby.social feels like Twitter back when it started.

@vikasreddy exactly

Me traveling alone for work vs traveling for vacation with two kids

Thinking of all the @stripe / @twittereng folks... hope everything is going as well as it can

I downloaded my full twitter data archive, should be interesting to dig around in it.

@evanphx @getajobmike I just signed up this morning and set up my profile.

@getajobmike Account requested!

It’s time to start to considering what happens if whole critical teams within Twitter stop showing up for their jobs in protest.

@bokmann @davetron5000 I definitely see more interesting ruby content and links on Twitter than reddit, but perhaps more threads could move there

@davetron5000 @danmayer 7 Threads in the last day… 3 of them about sidekiq7 release… that’s too much? reddit.com/r/ruby/

So if twitter drastically changes in the next bit, serious question... Where do various Rubyist / Software folks talk shop... Is it only on slack/discords is there something a little less real time chat?

@davetron5000 Agreed I am looking for something I could participate in but not real time... I generally only check in once or twice a day... but I can keep up with twitter discussions which I like.

I still google how to put my Rails active record logs into my dev console like every other month... `ActiveRecord::Base.logger = Logger.new(STDOUT)`

Watching and earthquake begin while on a zoom is pretty surreal

@bryce Agreed... AI feels like it can add enhancement to many professions and enable folks to do even better work and unlock talents that might have been one step away from their skill set... While crypto has still been mostly an odd payment competitor

“I entered this period of obsession predicting that I wouldn’t find much of anything. The last time I did this with crypto’s hype cycle, I was able to accurately diagnose the rot at the heart the industry. I expected similar failings with AI hype. Instead, I found the opposite”

Perhaps the role I have been trying to become for a long time ;)

@simonw @ncweaver We used both moving to same site for our cookies and a custom header. Layering things.

@ncweaver Oh, that makes sense - just the presence of ANY cookie that was set with SameSite=Strict guarantees that a CSRF attack isn't in play (at least for browsers that support it, which should be 95% of global traffic now caniuse.com/same-site-cook…)

Have you ever set a cookie using SameSite=Strict?

Microservices can feel downright hostile to refactoring... Cleaning up some confusing legacy edge cases, entering it's 3rd repo and requiring coordinated rollout of deploys... It is easy to see how it discourages removing no longer used features...

@simonw This and the security team pointing to it is part of what drove our decision

OWASP do seem to be in favour of custom request headers as a way to skip CSRF checks for fetch() calls though #use-of-custom-request-headers" target="_blank" rel="nofollow noopener">cheatsheetseries.owasp.org/cheatsheets/Cr…

Do I still need to check CSRF tokens for POST requests where the client has specified Content-Type: application/json ? Internet search results seem slightly uncertain on this issue (and are mostly dated 5-10 years ago)