* Progressively introduce Rust instead of replacing entire applications (Rust really shines in this area)
* Leverage node's strong HTTP and routing story while waiting for this to stabilize in Rust
* Leverage existing tooling for APM, config management, etc.
For example, one middleware verifies the request body with a signature from a header. Another one parses the body from a `Buffer` to JSON, transforms, and serializes as protobuf.
The `miscreant` library also does this: https://github.com/miscreant/miscreant. It's really effective. For example, any method that requires a one time pad takes ownership. This allows the borrow checker to validate that you don't accidentally use an OTP more than once.
Interestingly, I was able to get an amazing speed improvement without going completely to Rust.
I didn't want to port APM code as well, so I kept node.js/express for routing. Very simple middleware that immediately passed the request and body buffer to Rust for handling. Rust returned a buffer back to express for sending the response.
It's easily able to hit 100k RPM on a single instance before hitting a CPU bottleneck in the Rust code (validating an RSA signature). It only needs to handle 90k RPM total.
In my opinion, one of the most important and most difficult parts of the job. Architecture and design shouldn't be limited to senior engineers--it won't be in practice, anyway. Doing so is a sure fire way to stilt the growth of your team.
But, reviewing designs is hard. It requires recapturing much of the context that the engineer gathered in a very short period of time. I also find it sometimes difficult to separate, "this is a fatal design flaw" from "this isn't how I would do it." I really like the suggestion of providing feedback via additional information.
Mistakes are a very important part of learning. I try to make sure everyone has the opportunity to make their own instead of making mine.
what ive found works is to /always/ pair a jr with a sr engineer to write any ddoc. 2nd, always assign a specific sr reviewer. only after that review, release the hounds. others that have interest or particular insight can reflect on deficiencies (or, rarely, strengths) without the dread feeling of having to deeply understand the context or underlying dependencies.
same reason you don’t just throw a code review out to “everyone”. everyone = no one
I like the use of "unsafe" for something that you don't want to reach for first. Those who are new get a very clear warning and those who aren't have had the opportunity to understand the nuances.
React uses the term "danger" to express a similar concept. You are trusting this value to already have been sanitized / escaped.
I think "unsafe" was a good name. Rails ERB templates use the `html_safe` name for something that the author knows to be HTML-safe, which is confusingly-named, implying that using `html_safe` makes something HTML-safe.
Unfortunately, PCI does not put very many restrictions on the parent website. If credit card elements are in an iFrame, the parent site is excluded from most requirements because the iFrame is "secure."
Of course, if you own the parent site you can replace the iFrame with anything you want.
I'm still confused as to how they could insert code here.
Are we talking about a server intrustion where they modified the actual cart code, or something between Newegg and the payment servers? (Sorry this isn't my domain, I'm just curious)
It looks to me like a server intrusion where they modified static files kept on a webserver (like apache or nginx). But it also seems like we don't have enough evidence to know for sure. (Edit: or they might have been static files kept on a CMS.)
* Progressively introduce Rust instead of replacing entire applications (Rust really shines in this area)
* Leverage node's strong HTTP and routing story while waiting for this to stabilize in Rust
* Leverage existing tooling for APM, config management, etc.
For example, one middleware verifies the request body with a signature from a header. Another one parses the body from a `Buffer` to JSON, transforms, and serializes as protobuf.