When debugging (or during security audits) it may be handy to know which data exactly is encoded in a session cookie. This is especially important because authentication frameworks like guardian store authentication secrets in sessions and we need to know they are stored securely. For the Phoenix web framework session cookies are encoded in a special format. In this post we follow Phoenix’ cookie storage implementation to find out how sessions are encoded.
Summary
On 2019-08-02 we at bitcrowd discovered a security vulnerability in simple_form. simple_form is one of the go-to ways to easily handle HTML forms in Ruby on Rails. The security issue allows arbitrary code execution in the worst case, but at least has potential for data corruption or DOS attacks. This security issue was responsibly disclosed by bitcrowd. Find details about the timeline of the events and a more detailed description below.
If you’re really trying to squeeze out every last drop of “time-to-first render” performance, keep the script and other page resources below ~14KB so they can be sent within the first TCP roundtrip. 🤓
We sometimes have to create HTML emails and there’s usually some aspects of them behaving differently depending on the email client people use.
This project, inspired by “caniuse.com” might be useful: https://www.caniemail.com/
If you add a new file to your code which you want to add to git later, you can show that intent early with git add --intent-to-add. This is quite useful when want to add new files to the index (so you don’t forget about them later), but you’re still working on them and don’t want to add the content just yet 🥳
Git is a useful tool for collaboration. However, we often experience conflicts when multiple people are working on the same branch.
At some point in the life of a Ruby on Rails app comes the point where a user or admin needs to download data. This is often done in the form of CSV or JSON downloads.
Both, SASS and CSS support variables, and of course they are not the same:
- SASS variables get compiled into actual values into final CSS files.
- CSS variables can be used as variables in the browser.
The first time I found out about eurucamp was during the euruko 2011. Some people talked about this “unconference” close to the venue that a few people had organized. The tickets for the euruko had been sold out too quickly and everyone who could not buy one was invited to meet there instead. At that euruko I gave my first real talk and because of that I was way too nervous to take the U8 to visit them. I should have done it.
React is currently the hottest JavaScript framework out there. And shockingly it had no usergroup here in Berlin. But luckily this changed last week with the first meeting of React Berlin in our office.
