James A Rosen jamesarosen

I recently tried to access https://climateaistage.wpenginepowered.com/careers/?id=4854550007 and received a page that looked like a Cloudflare "we're having trouble verifying this request" page. It asked me to copy some text and run it in Terminal.

The text used base64 to obfuscate this URL: https://gamma.plainfenassociates.com/strix/index.php

The attack is hosted on a Russian-registered domain:

whois plainfenassociates.com
Registrar: Registrar of Domain Names REG.RU LLC

Not every web project needs a web framework, but when I pick a framework for a project, the main thing I want from it is to do the things that are hard to get right and that nearly every application needs. For me, the gold standard is Ruby on Rails. Out of the box, you get

database connections for development, test, and production
database migrations, expressible in either Ruby or SQL, and with up and down support
sessions that are secure by default, load automatically on first read, and write automatically on change
the Rack API and the full power of community middleware
asset compilation, minification, and caching

And that was all in 2012.

I have a function that generates image URLs. This function combines some relatively static global configuration with some dynamic data that changes on every invocation. I say "relatively static" because the configuration is loaded asynchronously during the application boot, but remains fixed after that.

Option One

export default async function imageUrl(imageId, { size = 'normal' }) {
  if (imageId == null) return null
  
  const constantsResponse = await fetch('/api/constants')
 const imagesRoot = constantsResponse.json().imagesRoot

A friend asked me whether Cloudflare's 1.1.1.1 service was having trouble resolving .org domains. Here are some findings.

From SF:

dig zendesk.com
;; ANSWER SECTION:
zendesk.com.		3432	IN	A	54.172.126.223
zendesk.com.		3432	IN	A	34.206.241.1
zendesk.com.		3432	IN	A	34.225.199.37

A Brief History of Quality: How the Concept of Quality has Evolved
14 Steps of Philip Crosby
1. ensure management buy-in
2. create the quality-improvement team
3. measure quality in current processes
4. determine or estimate cost of quality
5. raise employee awareness
6. take corrective action
7. establish a zero-defect policy

practice quality training for supervisors

The following code will let an ember addon provide an addon-test-support/ folder whose contents get merged into app/mirage/. It excludes addon-test-support/ from the build if mirage is disabled.

See Better Addon Support on the Ember CLI Mirage feature-request board.

	/**
	* @example
	* const users = addServerTiming(responseHeaders, 'LU', () => db.fetch('users'))
	* @see https://web.dev/custom-metrics/?utm_source=devtools#server-timing-api
	*/
	export default function addServerTiming<T>(headers: Headers, label: string, callback: () => T): T {
	const start = Date.now();
	const maybePromise = callback();

	if (maybePromise instanceof Promise) {

	# Braintree publish a list of their CIDR blocks and IP addresses at
	# https://assets.braintreegateway.com/json/ips.json
	# The body looks like
	# {
	# "production": {
	# "cidrs": [
	# "1.2.3.4/5"
	# ]
	# "ips": [
	# "6.7.8.9"

	function isCacheable(response) {
	const vary = response.headers.get('Vary')

	return (
	response.status >= 200 &&
	response.status < 400 &&
	response.status !== 206 &&
	response.headers.get('Cache-Control') != null &&
	vary !== '_' &&
	vary !== '*'

	const STATUSES = {
	initial: {},
	fetching: { showLoadingIndicator: true },
	fetched: { showResults: true },
	error: { showError: true },
	}

	function Foo() {
	const [status, setStatus] = useState(STATUSES.initial)
	const [results, setResults] = useState(null)