04 March 2016
Authentication, encryption and the mathematical side of security are intriguing and incredibly interesting fields. However, they’re systems that you don’t want to implement on your own in a production environment. If you can make something better than the industry, there will be some great signs, like busting curves for every single math test in college and having the NSA offer you scholarships. Those kinds of signs.
Inheriting an app with bad security? Seamlessly upgrade users passwords.
If you want a secured rails app, there’s really only one option, and that’s using Devise. It can be as simple or complex as you need it to be, with a broad range of abilities like password resets, test helpers and controller actions to make your life easier. After all, that’s what brings many of us to Rails in the first place; the ability to quickly create robust applications. Unfortunately, our applications aren’t always sparkling examples of optimal coding practice. On occassions you’ll inherit an application with security flaws that need to be fixed. In this post, I’ll discuss how to take roll your own (or more likely, one that got rolled for you) authentication setup and seamlessly transition it to a Devise secured system.
01 March 2016
Make Your Legacy App More Secure With Reencryptor
For those who have been charged with maintaining an old Ruby on Rails app, there’s an excellent chance that if you’re storing sensititive information in your database, you’re using the attr_encrypted gem. Old versions of this gem have a security flaw which new versions of the gem address. This flaw is that all rows in the database use the same salt and initialization vector. The new version of attr_encrypted will use
mode: :per_attribute_iv by default. One of the applications in my case uses the legacy encryption scheme which makes it much quicker for a compromised app to yield up all its valuable information. Making the internet and internet connected applications more secure makes life better for everyone but thieves. Save yourself future trouble, and read on about the new gem I’ve created called Reencryptor which makes upgrading your legacy attr_encrypted fields to the new, more secure version a breeze.
22 February 2016
The Need: Less Tables, More Functionality
For whatever reason, you find need to keep track of various versions of an object in your database. However, you don’t want the overhead and dependency of adding on a full featured auditing gem such as Paper Trail or Audited. In cases such authentication, authorization or security, rolling your own is not recommended for many reasons. The main one of which is that security is important, and the odds are greatly not in your favor that you’ll make something more secure than the industry has already produced. For something such as versioning though, a lite version such as I’ll instruct you how to make will be much better for a developer who needs a quick, simple solution.
21 February 2016
Why migrate to Jekyll?
I’ve had my website set up on Wordpress for the last month. I spent roughly 13 hours setting the site up, with the break down as follows:
- Install and configure wordpress on Digital Ocean: 30 minutes
- Research what plugins are needed to nicely manage what’s going on, get markdown for posts: 2 hours
- Read up on configuring wordpress settings for optimal SEO: 2 hours
- Finding out that all the plugins I’d researched are currently freemium and you have to install a second set of plugins to add on functionality that used to be free and configuring those plugins to work with the first and not override each others settings: 6 hours
- Work with different Wordpress themes to find something simple and clean that wouldn’t make your eyes bleed after a long post: 3 hours
After I decided to change themes a few days back, it hit me today that it was all a massive waste of time. It didn’t help that I’m new to wordpress, but taking a couple hours every time I wanted to clean up my site or add a little functionality? Forget about it. Especially when most of what I do is in rails, and when you need to complete some banal task in Rails, you can just search for some gems. Daniel spent some time last week praising Jekyll, so it was fresh on mind and I knew going into it that it take care of many of the problems I had with Wordpress. Namely that my goal in life isn’t to become a Wordpress expert, but to simply code away, and then post my experiences with the minimal amount of added effort.
18 February 2016
Regardless of the language you’re writing, dialing in your environment is what makes or breaks your efficiency. The focus of this post will be on my Ruby environment, namely the configuration and tools I use on a daily basis. This isn’t a comprehensive list, but lists the vitals of my day to day operations. Using and doing the following have saved me countless hours and really given me the room to grow. Use them to break the glass ceiling of inefficiency. After a few months as part of the consulting team at I’ve found a few new tools thanks to the other consultants there, and really solidified my opinion on everything below.