Greg Molnar is a Ruby Developer and OSCP Penetration Tester. He joins the Rogues to talk about Server-Side Request Forgery in Rails. He begins by explaining what Server-Side Request Forgery is and its significance. They also discuss the state of security in Rails and provide their views on the best ways to secure your applications.SponsorsChuck's Resume TemplateRaygun - Application Monitoring For Web & Mobile AppsBecome a Top 1% Dev with a Top End Devs MembershipLinksServer-Side Request Forgery in RailsGitLab fixes serious SSRF flaw that exposed orgs’ internal servers | The Daily SwigGitHub - rubysec/bundler-audit: Patch-level verification for BundlerGitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applicationsSpektr Heartbleed - Wikipediaxkcd: DependencyGhost In The Wires by Kevin Mitnick | Mitnick SecurityRails SQL Injection examples Securing Rails Applications — Ruby on Rails Guides Burp Suite - Application Security Testing Software - PortSwiggerDeploying with MRSK | Drifting RubyPromoted LinksThis Week in RailsThe Rails ChangelogBlob and File APIsDocsGPT and adopting OpenAI’s Chat Completions APISocialsGreg MolnarGitHub: gregmolnarTwitter: @GregMolnarPicksCharles - <a href="https://amzn.to/3FRKNfp" target="_blank"...

Server-Side Request Forgery with Greg Molnar - RUBY 591

Our original panel podcast, Ruby Rogues is a weekly discussion around Ruby, Rails, software development, and the community around Ruby.Become a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.

Technology

Tech News

Podcasting

Gadgets

Software How-To

Education

Training

Language Courses

Higher Education

K-12

Educational Technology

Business

Investing

Careers

Management & Marketing

Business News

Shopping

How To

Cameron Dutro is the Staff Software Engineer at GitHub. They dive deep into the world of web development and explore the latest trends, challenges, and innovations. In this episode, they have an enlightening discussion on the state of front-end development with a focus on Ruby and Rails. They delve into the use of web components, the limitations of existing technologies, and the potential for a new Ruby implementation, Garnet, to revolutionize front-end development. From the impact of Hotwire to the challenges of integrating front-end frameworks, this episode offers valuable insights and thought-provoking discussions for developers navigating the ever-evolving landscape of web development. SponsorsChuck's Resume TemplateDeveloper Book ClubBecome a Top 1% Dev with a Top End Devs MembershipLinksKuby CoreSocialsLinkedIn: Cameron Dutro GitHub: camertron Become a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.

Ruby in the Browser: Exploring Web Performance, Reactivity, and Front-End Complexity - RUBY 636

Olivier Lacan joins the panel again. He currently works for Pluralsight. Today they are talking about the spectrum of creating a Rails app, or any app, from the birth of the idea to the death of the project. They stress the importance of planning for updates. Olivier talks about his experience in maintaining Code School, which has now been incorporated into Pluralsight. David also shares his experience with the life and death of a project. They talk about technical debt and the trouble that it can create, and the importance of making your Rails application maintainable. Olivier talks about his experience when Code School was acquired by Pluralsight. The panel discusses the inevitability of the end of an application and different ways of managing company integration. They talk about ways to plan for shutting down a project. One of the best ways to make integration easier is to clean up your code and always be considering what data needs to be kept and what can be truncated. They discuss some of the issues around storing customer data and respecting individual privacy. The panel talks more about sunsetting, or the ending of an app. People often think that shutting down an app doesn’t have any impact, but it is important to give customers time to adjust to change, as Olivier found out with Code School. Dave talks about different reactions that one could have when change happens. The panel talks about some of the emotional implications of having to destroy something that you’ve worked hard on for a long time. Ultimately, your project isn’t where you should put your self-worth, because projects will come to an end. When things do end, it’s important to look back at where you’ve come from and the impact that you’ve had on people. SponsorsChuck's Resume TemplateDeveloper Book ClubBecome a Top 1% Dev with a Top End Devs MembershipLinksLambdaDependabotPeoplecodePluralsightTrackableParanoiaDiscard Rails for ZombiesPicksAndrew  - Wild Sardines from Wild PlanetDavid - 5K screens from LGCharles - PluralsightCharles - New Show: Adventures in DevOpsCharles  - Butcher BoxCharles - Hotels.com Nate  - <a href="https://rework.fm/open-source-beyond-the-market/" target="_blank"...

The Life and Death of a Rails App with Olivier Lacan - RUBY 635

Adrian Marin is the Co-Founder and CTO at SuperStuff.a. He is also the Author of Avo Admin for Ruby on Rails. They delve into the world of Ruby on Rails and explore the latest developments in the tech industry. Adrian shares his journey of building Avo, his approach to differentiation, and the emphasis on customization and user support. They also discuss the challenges and maturity of open-source projects, sustainability, and the importance of offering free and paid versions to cater to diverse user needs. Join them as they uncover the technical aspects of gem distribution and the upcoming Friendly.rb conference in Bucharest, Romania. SponsorsChuck's Resume TemplateDeveloper Book ClubBecome a Top 1% Dev with a Top End Devs MembershipSocialsADRIAN MARINLinkedIn: Adrian MarinPicksAyush - Big Big TrainCharles - DoomlingsBecome a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.

Avo: Building Custom Interfaces, Managing Users, and Creating Authorization Systems - RUBY 634

Today’s guest Kir Shatrov is a production engineer on Shopify based in London, UK. Today, he and the panel are discussing capacity planning. Kir believes that capacity planning becomes a priority when your company starts losing money and your customers are suffering. When someone does get to the point of scaling their app, it’s important to look at the limitations of the hosting service. It is also important to remember that scaling is not a job that is ever completed.Kir talks about his experience and time with Shopify and what types of changes have happened in the four years he’s been with the company. Kir explains that when Shopify was founded about 12 years ago, they were some of the first contributors to Rails, and Rails was just a zip file they shared over an email. This is important to know because the monolith code for Shopify has never been rewritten, so they put a lot of care into keeping it working. He talks about some of the techniques Shopify uses to avoid splitting into microservices when scaling their organization and how the multiple instances of the database are structured and managed from an ops point of view. He talks about what aspects of Shopify are open source and the approach to the architecture of the background jobs system.The panel discusses what should be done if you want to scale your project and move away from background jobs. Kir talks about what criteria his company uses to determine what moves to a background job and when it is too much to background something. The show finishes with Kir sharing some of his favorite tips, tricks, and approaches he’s used at Shopify.SponsorsChuck's Resume TemplateDeveloper Book Club Become a Top 1% Dev with a Top End Devs MembershipLinksHerokuDigital OceanSidekiqShopify job iterationRedisPostgreSQLResqueStrace RB SpyRB TraceNew RelicData DogFat Free CRMPicksNate  - Open sourceNate  - Cats (Maine Coon and Russian Blue)Charles  - 75 Hard challengeKirill  - Ruby Hack ChallengeKirill - Follow <a...

Scaling and Shopify with Kir Shatrov - RUBY 633

Ayush Newatia is a Freelance Web Developer. They delve into the world of modern app development, Chuck and Ayush take us on a journey through the intricacies of utilizing Turbo Native and Hotwire in Rails applications. They share their insights on using native elements as the backbone of apps while incorporating web content, simplifying app development, and bridging the gap between web and native code with the help of Strata. With a focus on enhancing user experiences, they explore the benefits and challenges of native and hybrid apps, along with a deep dive into the features and requirements of Turbo Streams. Join them as they unravel the complexities and potential of modern web and app development in this thought-provoking episode.SponsorsChuck's Resume TemplateDeveloper Book ClubBecome a Top 1% Dev with a Top End Devs MembershipSocialsLinkedIn: Ayush NewatiaBecome a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.

Server-Side Request Forgery with Greg Molnar - RUBY 591

Download our free app to listen on your phone