5:46 Play Subscribe with or Intro song by Falseta

Episode #413 - October 22nd, 2013

9c5541e591a62dd93a2fd2d45b5732dd.jpg?s=18&r=pg&d=http%3a%2f%2fwww.gravatar.com%2favatar%2f8ebf4339f7c8cd73b53d1d1d3eba7c35 Olivier Lacan 30d011dd1b103a523f5bc75cf4b31833.jpg?s=18&r=pg&d=http%3a%2f%2fwww.gravatar.com%2favatar%2f8ebf4339f7c8cd73b53d1d1d3eba7c35 Aimee Simone

This week: new Rails releases, upgrading to Rails 4 open-sourced, migrant attributes, a look at evolution of the distributed Travis architecture, and how GitHub models their app's user sessions.

Subscribe to our mailing list!

This episode is sponsored by Top Ruby Jobs. Everyone deserves to love their job (and it's probably in Ruby).

  • Top Ruby Jobs
  • Rails 3.2.15 & 4.0.1 RC1
  • Upgrading to Rails 4
  • Migrant
  • The Smallest Distributed System
  • Modeling User Sessions
  • Ruby 5

Modeling Your App’s User Session Jump to Story

In a brief blog post, Josh Peek from GitHub discusses a recent decision to persist user sessions in the database instead of storing them in cookies entirely. Josh mentions that stateless session stores are vulnerable to replay attack which allow attackers to impersonate other users. Storing the session inside of cookies also makes it impossible to revoke a session, which can be a serious issue. They created their own UserSession model which allowed them to easily customize the behavior of the UserSession, for instance with a sudo mode that requires the user’s password to be entered at least once every hour when accessing sensitive settings. They still create a user_session cookie which references a unique ID generated by the UserSession model, but the only things stored inside of that cookie pertains to non-­sensitive data like flashes and form state.

April 18th, 2014

URL parsing with Rippersnapper, awesome APIs with Pliny, thread-safe utilities from Charles Nutter, a revival of the invoicing gem, info about recursion and memoization, querying git with gitql, and refactoring bad controllers all in this episode of the Ruby5 podcast!

April 15th, 2014

In this episode we cover the results of the Cloudflare Heartbleed challenge, tracking trends in the Ruby community with the Ruby Survey, Rails 4.1 ActiveRecord enums, iStats for CPU temperature on OS X and some Insanely Useful ActiveAdmin Customizations.

April 8th, 2014

The internet is heartbleeding plus exciting rails 4.1 features. With special guest Nathan Hessler.

April 8th, 2014

On today's episode: Rails 4 PostgreSQL integration, tips for hiring great software engineers, Ruby Love, what your conference proposal is missing, crafting a conference talk, an introduction to JSON schemas, Build a Ruby Gem, and Surviving APIs with Rails