Logging is tricky. You want logs to include enough detail to be useful, but not so much that you're drowning in noise - or violating regulations like GDPR. In this article, Diogo Souza introduces us to Ruby's logging system and the LogRage gem. He shows us how to create custom logs, output the logs in formats like JSON, and reduce the verbosity of default Rails logs.
Management thinks that letting folks from WidgetCo log into widgetco.ourapp.com will really help make the sale. It seems harmless enough. But using a custom subdomain like this can open WidgetCo up to potential security issues. In this article, Julien Cretel introduces us to Subdomain Takeover attacks and discusses ways we can mitigate them.
Some devs use JavaScript in the browser; some use JavaScript on the server. What if you do both?
For quick, scalable, highly-available web services, few options compare to AWS Lambda. Just provide your code, add a little configuration, and you're done! In this article, Milap Neupane will introduce us to Lambda, show us how to get it working with Ruby and the Serverless Framework, and discuss reasons to use — or to not use! — Lambda in production.
Every Rails app has a breaking point; a level of activity that it simply cannot handle. Your braking point depends on big architectural decisions, yes — and also on the tiniest changes committed by your most junior developer. That's why it's vital to regularly test your application's performance under load. In this article, Milap Neupane gives us a Rails-centric introduction to load testing with a powerful open-source tool called JMeter.
In which we discuss upgrading our quirky billing system.
When you're deciding on a technology to use for your project, it helps to have a broad understanding of your options. You may be tempted to build a web service in Go for performance reasons - but what would that code actually look like? How would it compare to languages like Ruby or JS? In this article, Ayooluwa Isaiah gives us a guided tour through the building blocks of go web services so you'll be well-informed.
Few things are scarier than a database slowly losing integrity over weeks or years. For a while, nobody notices anything. Then users start reporting bugs, yet you can't find any code that's broken. By the time you realize the problem, it may be happening for so long that your backups are unusable. We can avoid problems like these with skillful use of transactions.
Few things are more frustrating than slow, flaky test suites. You're ready to deploy, wait 20 minutes for CI to run, only to find that a test failure in code you've never touched is blocking you. You dig into the source and find the problem: an external API call. It works (slowly) most of the time. But sometimes the network glitches and it fails. What do you do? In this article, José Manuel shows us several techniques for removing external API dependencies from our tests.
Links are so fundamental to web development that they're almost invisible. When we link to a third-party page, we hardly ever consider how it could become an opportunity to exploit our users. In this article, Julien Cretel introduces us to three techniques that bad actors can use to target our users and discusses how to avoid them.
