-
Domains, DNS, and SSL, oh my!
I recently helped a friend navigate the process of untangling himself from his registrar’s expensive SSL offerings, and wrote up the following to help illustrate what the pieces are and how they fit together. He asked that I publish this somewhere that others could benefit from it, so here it is! …
-
Secure DNS-based ad filtering with Pihole and Stubby via Docker
I’ve been running a Pihole DNS server internally for a while. It’s great! It’s like adblock, except for your whole network - all your devices, TVs, phones, tablets, and computers - get ad filtering. …
-
Docker & Default Routes
Docker has some surprising behavior when you have a container attached to multiple networks. If you’re not aware, it can cause some really bizarre network issues. …
-
Upgrading legacy Ruby & Rails installs to support TLS 1.2
I recently had a legacy machine running an ancient Ruby 1.8.7 app which I needed to upgrade to support TLS 1.2. A few bespoke requirements made it infeasible to upgrade the core OS to a more modern version, but fortunately, it was relatively straightforward to get it back to a servicable state. While it would be vastly preferable to rebuild the application for a more modern stack, it wasn’t feasible in this case, so this is the next-best option. …
-
faster_pathname: Making Sprockets faster
Late last year, I was working on replacing the Sprockets pipeline for our internal developers with a Guard-based solution, as a means of improving the speed of change/reload/test cycles we’re all so familiar with. Using Guard to do our asset rebuilds was substantially faster, but I found that when I used Sprockets to do asset lookups, things got a lot slower. This led to me digging around a bit and finding that Pathname is excrutiatingly slow, and Sprockets leans on it really heavily. …
-
No, Rails' CookieStore isn't broken
A post recently hit the Full Disclosure seclist titled “Move away from CookieStore if you care about your users and their security”. The post discusses a property of session cookies - notably, that hitting “logout” doesn’t prevent a cookie from being reused to regain that session later, since if someone manages to jack one of your users’ cookies, they can just replay that cookie again at any time and gain access to the users’ account. …
-
jquery-migrate and XSS
We were recently flagged by a security researcher for an active XSS hole in our site. After bisecting the origin of the hole to the introduction of jquery-migrate, I put together a minimal proof-of-concept for it and spoke to Dave Methvin on the jQuery team about it. He told me that this was not, in fact, a bug, but was working as intended. To that end, I’m publishing this to warn people about the danger of jquery-migrate’s divergent approach to this issue, so that you can be extra sure to sanitize your jQuery selectors. …
-
Instrumenting Rails applications with ruby-prof
I recently read a blog post talking about a performance tuning tool called tracer_bullet. …
-
Seppuqu: Self-terminating Sidekiqs
We’ve been having an issue with Sidekiq occassionally not shutting down properly during a deployment. This ends up causing issues, since it can mean that we get Sidekiq workers that end up running different code than what we expect that they’re running. …
-
Making MongoMapper 9x faster.
I’ve been doing some heavy work on MongoMapper lately. It all started with a StackOverflow question, which led to a Rails developer user asking me what I thought of Mongoid vs MongoMapper. I’ve been using MM for ages, and was happy enough to offer a favorable opinion of it. But, I wanted to back up my assertions. I wrote a benchmark. It…was disappointing. …
-
Now Powered by Jekyll
You might have noticed that my blog has undergone a bit of a change. I’m tired of messing with Wordpress, so I’ve converted it over to Jekyll. So far, it’s exactly what I want, primarily because I get to blog with Markdown rather than HTML now. Markdown seems to have become the defacto language of choice for many developers, since it easily allows for simple markup and inline code. Between Github and StackOverflow, I end up spending a lot of time writing in Markdown, so getting to use it for my blog is a very nice way to reduce mental friction. I’m hoping that it’ll get me blogging more, too. …
-
How to sign your Ruby gems
In light of the recent Rubygems security issues, I’ve been adding signatures to my own gems, and encouraging other gem authors to do the same by opening issues on various Github projects. Gem signing coupled with publication of a pubkey allows people to verify the authenticity of your published gems against your repository, so that they can be certain that the gems they are downloading from Rubygems (or where ever) are authentic and were actually released by you, the gem author (as opposed to, say, backdoored and uploaded to Rubygems by a malicious entity in the event of another security breach). …
-
Profiling RSpec 2 Examples
Tests can be slow. This is how to find out why they’re slow. …
-
Don't use strip_tags.
I ran into a rather surprising little problem earlier this week that I felt bore documenting. It turns out that the “simple” Rails strip_tags helper is massive overkill when you just want to strip markup out of a document. It offers a lot of functionality, but it comes at a pretty ugly performance cost. …
-
Enabling brightness controls on an HP Envy 17 under Fedora 16
I’ve recently set up Fedora 16 on my laptop, and all has been smooth, save for the brightness switches. The on-screen display would show up when I used the fn-F2/fn-F3 key combinations, but the brightness just wouldn’t change. Additionally, the brightness was stuck at the lowest level. …
-
Comps - design vs reality comparisons in Chrome
For a long time, I used the PixelPerfect Firefox add-on to compare rendered comps with my finished web work. This was a fast and effective way to make sure that I got the spacings, font sizes, and other such things done properly. …
-
Rails Cookie Sessions and PHP
I recently found myself needing to share session data from my Rails app with a PHP app on the same domain. We use cookie sessions for a number of reasons, and while they work great, the data stored in them is stored in Ruby’s native Marshal format, which is not trivial to reimplement in PHP. After trying to get the data unmarshaled for a bit, I had another idea - why not just change the storage format? …
-
Restarting Resque workers (or anything, really) with Monit, Passenger-style.
Easy way to trigger off a reload of a service managed by Monit without having to become root. In my case, I’ve got a monit service called resque-worker, and I can restart it by just touching
tmp/resque-restart.txt. …
-
MongoDB, count() and the big O
MongoDB, as I’ve mentioned before, is not without its warts. I’ve run into another, and it’s a nasty one. It turns out that if you perform
count()on a query cursor that includes any conditions, even if those conditions are indexed, the operation takes O(n) time to run. …
-
Resque and Tests
Resque is a bucket of awesome slathered in a delicious candy coating. It makes background job work really, really easy. I recently switched to it, and found that in the process of testing it, I was generating an awful lot of extra unfulfilled jobs in my queue, when the job was a side-effect of some other test (rather than what was being tested explicitly). …