Pinned toot

I'm a ruby developer that typically works with data, queues, schemas, csv and json.

Recently I got involved on projects related to SAML/SSO, encryption, security, certificates and all that jazz, that was a big leap on my career.

Been rubyist the last 4 years. Same time I've been also an US immigrant, so if you ever need it, then se habla español.

Currently based on San Francisco Bay Area, USA.

Browsing secure is a complicated and not trivial stuff, Mozilla is trying to make it easy when you are using free open WiFi's.

I'm publishing my opinions after a week using Firefox Private Network:

esparta.co/posts/0002/

@mperham checking the Contribsys page:

contribsys.com/faktory/

On the bottom left there's a link to the source (of the webpage?) but it 404-me: github.com/contribsys/contribs

Safari 13 is GA and now supports FIDO2-complaint USB security keys with the Web Authentication.

It's a great step towards a secure we everywhere! And closer to password-less services.

You can read more about FIDO2 here: fidoalliance.org/fido2/ cc. @fidoalliance

I'm on a journey testing @Firefox
Private Network, and I'll be publishing the results and opinions after one week using this new service (at home & work).

private-network.firefox.com

-- Ridiculous excuses I've heard (about securing systems) 3/2

Writing Secure Code is magnificent book (highly recommended) written by Michael Howard and David circa 2001/2003.

It's almost 2020 and I still hearing all of them on a frequently basis.

amazon.com/Writing-Secure-Seco

-- Ridiculous excuses I've heard (about securing systems) 2/2

- We know it's the default, but the administrator can turn it off.
- If we don't run as administrator, stuff breaks.
- But we'll slip the schedule
- It's not exploitable
- But that's the way we've always done it
- If only we had better tools

by Michael Howard and David LeBlanc (c. 2001-2003)

-- Ridiculous excuses I've heard (about securing systems) 1/2

- No one will do that.
- Why would anyone do that?
- We've never been attacked.
- We're secure - we use cryptography.
- We're secure - we use ACLs.
- We've reviewed the code, and there are no security bugs.

by Michael Howard and David LeBlanc (c. 2001-2003)

New Code Challenge

Implement a Symmetric Difference where...

{ 1, 2, 5 } △ { 2, 3, 5} △ { 3, 4, 5 } = { 4, 5, 1 }

The result should have no duplicates.

My solution using Enumerable#reduce & a nice twist at the end.

in
→ How to do a constant really 'private'

transcript: gist.github.com/esparta/cbe628

stack:

As usual, your feedback will be appreciated

P.S. The inspiration for this screencasrt came from this toot by @james: ruby.social/@james/10241167346

looks like uploaded images are not being processed . It's some restriction/issue with the instance, @james ?

AMA: One week updating multiple Rails 5.x to Rails 5.2.1 (current as I write this 20180911).

We experienced some issues, the most problematic so far has been 5.0.2 -> 5.2.1 where a super tiny change broke a fairly new and untested* feature related to http headers. ActiveRecord changes was also hard, but IMO needed.

Takeaway for us? Unless you have a very good reason: Update your gems frequently.

* Untested because we assume we should not be testing what was probably tested by the framework.

Politics and OSS + EU Article 13 

Politics and OSS + EU Article 13 

Once upon a time I did the first public gem of the company I'm working for:

- Four-O-Four -

"A super simple Rack middleware to capture 404 responses and change the response for any other logic.

With FourOFour you will be able to handle your 404 responses and change how your application behave dynamically and with the 'right' way: using a class for a delegation, separating all the concerns. Routes and logic should have their own space."

github.com/SparkHub/four_o_fou

My life as a developer changed when I met dry-rb, it's not an 'easy life', is a more excited workdays with a mix of the 'right abstraction' using the 'right tool' that dry-rb already provides (for sure!).

If you are interested take a look here:
dry-rb.org/

I'm a ruby developer that typically works with data, queues, schemas, csv and json.

Recently I got involved on projects related to SAML/SSO, encryption, security, certificates and all that jazz, that was a big leap on my career.

Been rubyist the last 4 years. Same time I've been also an US immigrant, so if you ever need it, then se habla español.

Currently based on San Francisco Bay Area, USA.

Ruby.social

A Mastodon instance for Rubyists & friends