Hacker News new | past | comments | ask | show | jobs | submit login

I couldn't bring myself to read past this line:

    if user && user.password == password



Why? That's how BCrypt, for one, works--you create a User#password method which returns a Password object (initialized from the contents of the User's actual #password_hash field or somesuch.) That Password class has an overridden equality comparison method, which hashes the RHS String to test against itself.


Except - if you look at the linked repo, there is no mention of bcrypt at all - https://github.com/jasonroelofs/raidit/blob/master/Gemfile.l...

Infact, the whole persistence mechanism is rather mystifying - an in memory store? What if I accidentally the power?


It's super early stages, I'm only building the functionality I need, no persistence, no nothing special.

Isn't this a bit immaterial to the post at hand anyway?


No, because you're giving opinionated advice with weak supporting evidence. So the reader is left with 2 things to decide whether it is good advice.

1) your reputation in the community. I for one have never heard of you, so that leaves

2) code quality of the examples that you posted. a reader could infer that this may be good advice based on the fact that you appear to generate good code.

In this case your code is clearly not very well thought out, so why would the reader put trust in your unsubstantiated opinions?


I'm sorry, at what point did I tell people to blindly do something? I'm offering ideas, suggestions, help to those who are and who've been in the same situations I keep finding myself in (utterly painful Rails code). It's unfortunate that you feel no-one should even attempt to contribute to the community unless they've already contributed to the community, and that you feel that every bit of code should immediately be complete and perfect.

In case you weren't aware, samples that don't require a ton of context are a particularly hard problem for informational posts like this. If you have feedback on the ideas I presented I'd be glad to hear them but I still fail to see how nit-picking an obviously early in-progress application proves anything.


At what point did I accuse you of telling people to blindly do something? I accused you of not having good support for the opinions in your article. That is all.

I, too, keep finding myself in utterly painful Rails code. Now, if I may use your metaphor: Most of it is due to the blind leading the blind, per se. Programming novices discover some new rails thing, ruby thing ("method_missing" is the worst offender), or even a new programming pattern such as Command, and think it's the most incredible thing they've ever experienced, so they write a blog post about it. Other programming novices read the blog post and then go off on a rampage, overusing that concept and writing all the shitty rails code that I am currently maintaining.

There you have the ruby community in a nutshell.


I thought you had me for a second, but upon looking at the code again:

    action.run(params[:login], params[:password])
it is clear that the password is stored in plain text.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: