• Don't keep backups on your web server, even if you think they're secret

    It's good to keep backups of website's HTML and other assets. A common way to do backups, if you're not using some sort of version control system like Git, is to make a zip of the entire document tree. Usually it'll just get called "website.zip" or maybe "website-20180810.zip" or whatever the current date is.

    It's a fine way to take a snapshot, but don't leave it on your web server in your website's document tree. The document tree is that folder where you upload the files, like /sites/mysite. If you make a zip or tarball or similar and leave it as /sites/mysite/mysite.zip, you're asking for it to be stolen by bad guys. Maybe you've got PHP files in there that have secrets in them, like connection passwords to your database. Maybe you've got original work files like the .psd files that you created your .jpg files from. If you don't want it seen, don't put it in your document tree.

    "No way, nobody knows it's there", you may think. You don't link to the backup file anywhere, and there's no directory listing on the server. This idea is called "security through obscurity", and it's not security at all. It turns out that the bad guys don't have to know a file is there. They just have to make a lucky guess.

    Read on →

  • How to use templates in vim

    For many kinds of files, when you create a new one from scratch, it would be handy to have part of the file created from a boilerplate template every time. For example, whenever I want to create a Perl file, it should start like this:

    #!/usr/bin/perl
    
    

    Read on →

  • ack 2.24 is released, speeds up common cases

    I’ve just uploaded a new version of ack, version 2.24, to the CPAN and posted it to beyondgrep.com.

    Read on →

  • The best open source project for someone might not be yours, and that's OK

    If you work on an open source project, consider helping your users by pointing them to other “competing” projects that might be better choices for them.

    Read on →

  • Skip the exit interview when you leave your job

    When it’s time to leave your job, someone from Human Resources may want to sit you down and have an “exit interview”. They’ll ask you questions like “Why are you leaving your position?” and “What was it like to work with your manager.” It’s done with this premise that they’re looking to make the company better.

    Read on →