Rietta.com Security logo
You are reading The Rietta Blog, a publication about the web since 2005. If you enjoy this, you may also want to subscribe via RSS.

How to Hide .gitignored Files From fzf.vim

Messy Phoenix Fuzzy Finder

Fuzzy finders find files that almost no developer would intentionally find via a fuzzy finder from paths such as node_modules/, deps/, and dist/. These tend to get in the way of the true power of fuzzy file searching and ignoring these individually can be a pain. There are also files like .circleci/config.yml, .gitignore, and .rubocop.yml that are opened often enough to be included in the result set.

Luckily when working in a git repository, developers typically only care about the files they commit. When using fzf.vim, this technique returns files based on the git tree leaving out irrelevant files, including the hidden files that were shown before.

Herding Cats: The Todo List

Managing many Clients with several projects where multiple team members are working them, across an Agency that has a different product offerings can be a challenge. Finding tools and processes to sort it out and ensure everything gets done, is on time, and on budget can be really hard, especially for a small Agency whose trying to keep costs down. The productivity tool market is flooded with options, and finding a good one is tough – but when you do, you want to share. Here’s a quick story on what we’re currently trying to tame the todo list. I hope you find it useful!

How to Use Slack to Maintain a Team Reading List

At Rietta, we understand the importance of continuing our education outside of the classroom. We use a reading channel in our company Slack to keep a pulse on industry and keep each other informed on the latest vulnerabilities. It’s been working great. Here’s how we do it.

Git Protection From Repository Attacks in 15 Minutes

An anonymous attacker has been compromising Git repositories and demanding ransom. This attacker stole the contents and used a force push to wipe the remote repository causing many to lose access to their critical source code assets. Use critical security tools available within the Git ecosystem to protect your company from this threat with:

  • Deploy Keys
  • Mandatory Two Factor Authentication
  • Protected Branches and Pull Requests
  • Backups of your Git Repositories

Fixup Your Code Reviews With Git Rebase –autosquash

Here at Rietta, we like to do in-depth code reviews that are sometimes accompanied with feedback that may require changes to be made to the pull request. When making additional commits with changes based on the feedback, we can get into a messy workflow that can lead to complex branch wrangling.

In this article, I will go over a few Git commands to help ease our post code-review revisions: – git commit --fixup commit-SHAgit rebase -i --autosquash source-branch

Are You Accidentally Storing Private Data in Plain Text?

Debug logs that chronicle data about errors and other exceptions on a web application are a vital tool for any web company. It enables engineering teams to troubleshoot problems – sometimes even before a customer reports an issue to support – and thus provide excellent service to customers. But the danger of over-logging is real. When sensitive data is logged, it becomes vulnerable to misuse and abuse. In this article, I’ll show you how to prudently minimize the data collected in logs.

How to Get Fast, Accurate Code Reviews on Your Pull Request

Teams sometimes experience issues with bugs in code or pull requests not being merged in a timely manner. Even after they establish a very clear policy on code review and reviews feel like a chore.

At Rietta, we resolve code reviews quickly by making the reviews as painless as possible. We do so by making our pull requests small, single purpose, and informative.

The Soft and Cuddly Parts of Git Reset

git reset is a powerful command Rietta staff use on a daily basis. However powerful, git reset has 2 distinct features:

  • Hard resets, in which will modify the working tree
  • Soft resets, in which will modify the index

Often you’ll hear that the reset command is basically the opposite of the add command. While this is true for the default reset, there are other options to reset the index without unstaging the files as well. This blog article summarizes the subtle difference between the two different soft resets as well as provides a nice trick to view.

New Interview on Drifting Ruby

Recently, our very own Frank Rietta (yes that Rietta) had a chance to sit down (virtually of course) with Dave Kimura (@kobaltz on Twitter) of the Drifting Ruby screencast. For those who don’t know, Drifting Ruby is an educational site, blog, and screencast with all things Ruby. Drifting Ruby offers premium training with example-based content to up your dev game to the next level.