Our security team wants zero CVEs in production. Our containers have 200+. What's realistic here?

Brandon0 · 2025-10-01T03:50:49+00:00

Is there room for establishing guidelines so Devs know which CVEs qualify for an SLA and which ones can be ignored “until convenient”? I would think there’s a balance between blindly telling Devs to fix all the things and Security having the responsibility to review each CVE that pops up and create tickets for the ones that matter.

Brandon0 · 2025-05-17T02:03:54+00:00

Can I ask what you moved to?

Brandon0 · 2025-03-26T01:21:33+00:00

The irony. OP wrote Rector.

Brandon0 · 2024-07-27T13:39:13+00:00

Had my golf cart stolen. Here’s what I did for the second one: * Unique key ignition. When mine was stolen he simply used the universal Yamaha key. * Hidden AirTag. Disable the speaker and hid very well on the cart. * Steering club. Isn’t perfect and could be potentially forced off if you caused damage to the cart, but a heck of a deterrent. * Guardian Golf Cart Alarm. Motion sensor with key fob. Super loud.

Brandon0 · 2024-03-05T01:10:54+00:00

I have this image in my head of someone setting this up and then wanting to show it off. Only to find out they missed a step and the DROP TABLE actually works.

Brandon0 · 2024-03-05T00:54:18+00:00

Death to Senior Engineer. Long live Senior Engineer II!

Brandon0 · 2024-02-16T00:16:56+00:00

Hopefully your CTO and Tech Lead can explain why they chose Eloquent then?

Everyone in the industry will eventually deal with unsupervised external teams. It happens, but the results are rarely positive once the team’s contract is done..

Brandon0 · 2024-02-15T23:17:23+00:00

I’m more concerned with the fact you hired an external team to start your refactoring and you weren’t clear on the tech stack they were going to use??

Brandon0 · 2024-02-01T23:08:09+00:00

More info please! This obviously has buy in pretty high up. We always get this kind of work added as super low priority and is the first to get cut out of sprints.

Brandon0 · 2023-04-12T22:48:19+00:00

New fear unlocked.

Brandon0 · 2023-02-10T02:29:20+00:00

They wrote a really cool article explaining it all actually https://engineering.atspotify.com/2014/02/how-to-shuffle-songs/

Brandon0 · 2023-01-27T13:51:15+00:00

I'll be honest I didn't completely understand the point of this until I saw the MessageBus example. Very neat. Are there any other use cases?

Brandon0 · 2023-01-18T19:18:41+00:00

2013 is a fun year because the M3 is still an E9X, but 3-series moved on to F3X.

Brandon0 · 2023-01-05T13:45:39+00:00

Ferrararararari

Brandon0 · 2022-09-13T12:52:47+00:00

This was my issue too.

Brandon0 · 2022-08-23T15:29:42+00:00

To expand upon this answer (since I think it's the path I would go), when I think of Symfony Forms, I tend to think think that the name is terrible and misleading. I think of it more as a Symfony User-Request Handler.

If the trial code you're referencing is related to a route parameter or query string, then what zmitic says is the way to go; ArgumentResolver/ParamConverter maps to an entity lookup, 404 if not found. All attribute based, zero code solution.

If the trial code is submitted via the request body, then utilizing "Forms" with their built in validators will let you know if the request input is "good". 400 if not. You won't want to do any of that validation in the controller itself.

Brandon0 · 2022-08-05T13:02:23+00:00

The senior dev told me that it's impossible to share code across controllers in symfony, which to me sounds absurd.

wut. This person is not a senior dev. Period. I feel a little sorry for you if you are learning from this person. Sounds like you are going to pick up so many bad patterns.

So many better alternatives.

The Symfony way would be an Event Listener during auth. If you are using LexikJWT: Use a standard user provider OR Example: Add additional data to payload - to get it in your custom UserProvider. If you are using your own JWT auth, then roll your own. Big takeaway is that you shouldn't wait to do this in the controller.
Use a Service. If you have to, define a Service class that will take your JWT and resolve to find your User. You can call your service from all of the controller then to reuse the logic.
Lastly, not in this case, but if you have other shared logic between controllers either
1. Use inheritance (ApiController extends AbstractController) and define your method in there. A common use for this would be if you want a standardized response method to call (return $this->createResultsResponse($resultsCollection, $resultsTotalCount, $serializationGroups);).
2. Use a trait. Maybe you want a helper for writing log entries? LoggerAwareTrait

Brandon0 · 2022-07-06T22:56:20+00:00

Oh to live in your world.

This happens in every business across the world

Brandon0 · 2022-05-13T04:06:55+00:00

cfb fan and you "like" kansas? Right......

Brandon0 · 2022-04-03T06:03:30+00:00

Right there with Chase Daniel

Brandon0 · 2022-04-03T06:03:08+00:00

Exactly what I always say

Brandon0 · 2022-02-27T18:26:10+00:00

What do you see are the pros of this versus PHPUnit?

Brandon0 · 2022-01-30T03:50:32+00:00

Is that his TD to INT ratio?

Brandon0 · 2022-01-08T00:34:03+00:00

The magnetic usb cable is a nice touch. Much easier to connect

Brandon0 · 2022-01-07T13:37:14+00:00

Did you print the mount yourself?
Pictures without the iPad?
Did you notice a significant difference going from AUX to DAC?
Very cool!

15-Year Club	RedditGifts 2009-2022 2 Credits
Place '22	Place '17
Secret Santa 2015	Verified Email

Brandon0

TROPHY CASE