Bruno Bonamin bbonamin

a simple git branching model (written in 2013)

This is a very simple git workflow. It (and variants) is in use by many people. I settled on it after using it very effectively at Athena. GitHub does something similar; Zach Holman mentioned it in this talk.

Update: Woah, thanks for all the attention. Didn't expect this simple rant to get popular.

Web Security

This post outlines three common web security vulnerabilities with specific examples in Rails. For a more complete list, I highly recommend the OWASP Rails security cheatsheet.

Cross-Site Scripting (XSS)

A cross-site scripting attack is when malicious scripts are injected into a web site in order to compromise it.

For example, let's say we want to allow html tags such as <strong> in our blog comments, so we render raw output using the Rails method #html_safe:

How to set up stress-free SSL on an OS X development machine

One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.

Most workflows make the following compromises:

Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.
Use production SSL certificates locally. This is annoying

Using Unicorn with Upstart

This configuration works with Upstart on Ubuntu 12.04 LTS

The reason why it needs to be done this way (i.e. with the pre-start and post-stop stanzas), is because Upstart is unable to track whever Unicorn master process re-execs itself on hot deploys. One can use it without hot-deploys and run Unicorn in foreground also, it then only needs one exec stanza.

This presumes you are not using RVM, so no voodoo dances.

	# config/routes.rb
	resources :documents do
	scope module: 'documents' do
	resources :versions do
	post :restore, on: :member
	end

	resource :lock
	end
	end

	if node[:name] && node[:name].downcase =~ /resque/
	collectd do
	load :warning => 20, :failure => 30
	end
	end

	if node[:name] && node[:name].downcase =~ /cron/
	collectd do
	load :warning => 15, :failure => 20
	end

	class FooController < ApplicationController
	before_filter :user_required!
	before_filter :admin_required!, :only => [:secret]

	def not_secret
	end

	def secret
	end
	end

	@PageSpinner =
	spin: (ms=500)->
	@spinner = setTimeout( (=> @add_spinner()), ms)
	$(document).on 'page:change', =>
	@remove_spinner()
	spinner_html: '
	<div class="modal hide fade" id="page-spinner">
	<div class="modal-head card-title">Please Wait...</div>
	<div class="modal-body card-body">
	<i class="icon-spinner icon-spin icon-2x"></i>

	root_DN = /CN=Esotericsystems Root Authority/C=AT/
	issuing_DN = /CN=Esotericsystems Issuing Authority/C=AT/

	passphrase:
	echo -n changeme > $@

	#
	# Create param files, keys and Self-Signed Certificate for the Root CA
	#
	root-ca-dsa.param: passphrase

	namespace :deploy do
	namespace :sidekiq do
	desc 'Replace upstart config for sidekiq-workers'
	task :upstart_config do
	data = %Q{
	start on runlevel [2345]
	stop on runlevel [!2345]
	respawn

	exec su - #{user} -c 'cd #{release_path}; export RAILS_ENV=#{stage}; bundle exec sidekiq -q default,1 -c 4 -pid #{release_path}/tmp/pids/sidekiq.pid >> #{release_path}/log/sidekiq.log 2>&1'