Resolving The Store Api Dependency
· 3 min read
Lars
High-priest to the browser godsIn frontend projects with a redux store, all requests need to be authenticated. But how do you put the token into the store, but still have it in the API module?
Software development insights compiled for you by the people of bitcrowd
Decoding Phoenix Session Cookies
· 8 min read
Philipp Tessenow
Tech-nerd & Intranet-gangsterWhen debugging (or during security audits) it may be handy to know which data exactly is encoded in a session cookie. This is especially important because authentication frameworks like guardian store authentication secrets in sessions and we need to know they are stored securely. For the Phoenix web framework session cookies are encoded in a special format. In this post we follow Phoenix’ cookie storage implementation to find out how sessions are encoded.
Arbitrary Code Execution Vulnerability in Simple Form CVE-2019-16676
· 6 min read
Philipp Tessenow
Tech-nerd & Intranet-gangsterSummary
On 2019-08-02 we at bitcrowd discovered a security vulnerability in simple_form. simple_form is one of the go-to ways to easily handle HTML forms in Ruby on Rails. The security issue allows arbitrary code execution in the worst case, but at least has potential for data corruption or DOS attacks. This security issue was responsibly disclosed by bitcrowd. Find details about the timeline of the events and a more detailed description below.
TIL: How to squeeze out every last drop of time-to-first render performance
· One min read
Christoph Beck
Head of Intergalactic MischiefIf you’re really trying to squeeze out every last drop of “time-to-first render” performance, keep the script and other page resources below ~14KB so they can be sent within the first TCP roundtrip. 🤓
TIL: Can I Email
· One min read
Christoph Beck
Head of Intergalactic MischiefWe sometimes have to create HTML emails and there’s usually some aspects of them behaving differently depending on the email client people use.
This project, inspired by “caniuse.com” might be useful: https://www.caniemail.com/
TIL: Show Intent to add a File in git
· One min read
Christoph Beck
Head of Intergalactic MischiefIf you add a new file to your code which you want to add to git later, you can show that intent early with git add --intent-to-add. This is quite useful when want to add new files to the index (so you don’t forget about them later), but you’re still working on them and don’t want to add the content just yet 🥳
TIL: Force with lease
· One min read
Darren Cadwallader
Frontend FairyGit is a useful tool for collaboration. However, we often experience conflicts when multiple people are working on the same branch.
Streams Are My Reality
· 5 min read
Philipp Tessenow
Tech-nerd & Intranet-gangsterAt some point in life of a Ruby on Rails app comes the point where a user or admin needs to download data. This is often done in the form of CSV or JSON downloads.
CSS Variables and SASS
· One min read
Philipp Tessenow
Tech-nerd & Intranet-gangsterBoth, SASS and CSS support variables, and of course they are not the same:
- SASS variables get compiled into actual values into final CSS files.
- CSS variables can be used as variables in the browser.
jRubyConf.eu and eurucamp 2015
· 3 min read
Bodo Tasche
The first time I found out about eurucamp was during the euruko 2011. Some people talked about this “unconference” close to the venue that a few people had organized. The tickets for the euruko had been sold out too quickly and everyone who could not buy one was invited to meet there instead. At that euruko I gave my first real talk and because of that I was way too nervous to take the U8 to visit them. I should have done it.