Antipattern: JSON.load on untrusted data

This is part of our antipatterns and cloud security series.

Per an official Ruby CVE in 2013:

JSON.load should never be given input from unknown sources. If you are processing JSON from an unknown source, always use JSON.parse.

I feel like that should be shouted from the rooftops.

Written by Seamus Abshere

Want curated content delivered straight to your inbox? Join our email list! You can unsubscribe at any time.

Finding public S3 objects

There's lot of concern over public objects in S3 buckets. Now Amazon gives you a way to lock down entire buckets - but what if you legitimately have a mix of public and private objects? Ruby script to find public S3 objects First get 2 gems: source 'https://rubygems.org'

Engineering hacks Aug 18, 2019 | Seamus Abshere

Open source at Faraday

Here are Faraday's contributions to open source that we use every day in production. (beta release) 3rd gen batch processing on k8s: falconeri falconeri is a distributed batch job runner for kubernetes (k8s). It is compatible with Pachyderm pipeline definitions, but is simpler and handles autoscaling, etc. properly. (beta release)

Engineering hacks May 28, 2019 | Seamus Abshere

Deleting /var/lib/docker with devicemapper

If you're running docker with devicemapper as the storage driver, there are a few steps to recover after deleting /var/lib/docker: $ sudo service docker stop $ sudo rm -rf /var/lib/docker $ sudo lvremove docker $ docker-storage-setup $ sudo service docker start This will help you recover from errors like Error starting

Engineering hacks Feb 19, 2018 | Seamus Abshere

Mountains of Census geodata for all

The big picture: exportable maps

Solutions

Customer Insights Understand your customers
Customer Acquisition Acquire the right customers
Customer Engagement Expand your customer LTV
Personalization at Scale Personalize every experience
Location Intelligence Uncover lucrative locations

Customers

Direct-to-consumer Brand innovators
Financial services Banks, CUs, fintechs
Home services Energy, security, & more
Mobility Automotive & future tech

Platform

Overview End-to-end AI
Reach Predictive targeting
Inform Real-time scoring
Monitor Customer scoring
Optimize Automated AI pipeline
Integrations & API 260+ connected services
Privacy policy

Company

Overview Who we are
Resources Case studies and more
Partners Become a partner
Privacy What we believe in
Our focus Committed to B2C
Careers Join the team
Contact How to get in touch
Do Not Sell My Info