View
Repeats

Rails Authentication Checklist

Authentication is a special part of web applications. On the one hand, it usually is a crucial security mechanism restrict access to certain people and roles. On the other hand, most users authenticate only once, so it is very unlikely to spot issues by accident.

So, here comes a quick checklist to help you verifying your authentication solution is all set.

  • This should be default: use HTTPS with HSTS. The HSTS part is important.
  • Use a reliable authentication solution, e.g. Clearance or [Devise…
Repeats

Whitelist Carrierwave attributes correctly

Say you have a User with a Carrierwave attribute #avatar:

class User < ActiveRecord::Base
  mount_uploader :avatar, AvatarUploader
end

When whitelisting the avatar field in the controller, you might do this:

  params[:user].permit(:avatar)

But you probably want this:

  params[:user].permit(:avatar, :avatar_cache, :remove_avatar)

In this example:

  • :avatar_cache allows a newly upload image to persist through form roundtrips in the case of validation errors (something that isn't possible with Paper…

How to avoid ActiveRecord::EnvironmentMismatchError on "rails db:drop"

After loading a staging dump into development, you might get an ActiveRecord::EnvironmentMismatchError when trying to replace the database (like rails db:drop, rails db:schema:load).

$ rails db:drop
rails aborted!
ActiveRecord::EnvironmentMismatchError: You are attempting to modify a database that was last run in `staging` environment.
You are running in `development` environment. If you are sure you want to continue, first set the environment using:

        bin/rails db:environment:set RAILS_ENV=development

Starting with R…

Bash: How to use colors in your tail output

Sometimes it's nice to have some coloring in your logs for better readability. You can output your logs via tail and pipe this through sed to add ANSI color annotations (which your console then interprets).

To print a log (e.g. rails log) and color all lines containing "FATAL" in red and all lines with "INFO" in green:

tail -f /path/to/log | sed --unbuffered -e 's/\(.*INFO.*\)/\o033[32m\1\o033[39m/' -e 's/\(.*FATAL.*\)/\o033[31m\1\o033[39m/'

Here are the …

Linked content

How to use the Capistrano 2 shell to execute commands on servers

Capistrano 2 brings the shell command which allows you to run commands on your deployment targets.
There is also invoke to run a command directly from your terminal.

Both commands allow running Capistrano tasks or shell commands, and scope to individual machines or machine roles.

Unfortunately Capistrano 3 does not include these commands any more.

cap shell

Basics

First of all, spawn a Capistrano shell (we're using the multistage extension here):

$ cap staging shell

In your "cap" shell you can now run Capistrano ta…

How to capture a screen-cast on Linux

Recording

I recommend simplescreenrecorder, it produces an adequate output with only a few clicks. The audio recording contained some static noises, but that might be caused by my microphone.

Recording only a single screen or fixed rectangle is supported. The video quality seems quite grained when using the default settings - I found that using the MKV container, H.264 codec, "0" constant rate factor and "veryslow" preset results in the best video quality.

If you don't insist on high …

Howto: Change the keyboard shortcut for the emoji-picker

Im using the terminator terminal with the keyboard shortcut Control+Shift+E for splitting the terminal. I got used to this shortcut.

Yesterday the Ubuntu update seems to have upgraded ibus, which got this emoji picker that also uses Control+Shift+E to open.
You can change this behaviour by opening the ibus setup from the console:

ibus-setup

A window will open and you can delete the shortcut in the emoji tab (Emoji => … => detele). You're no…

Linked contentRepeats

Automated "git bisect" will make your day

So you're hunting down a regression (or just a bug) and want to use git bisect to find out when it was introduced? Smart kid.
If you have a shell command ready to reveal if your current state is good or bad, you can have git do most of the work for you.

Using git bisect run <your command> you can tell git that your command will reveal the issue; git on the other hand will use the return value of that call to decide if the state is good or bad. …

Deprecated

Rbenv: Alias a Ruby version

For newer Ubuntu versions we currently need to install the patch level version 1.8.7-p375, otherwise the dev dependencies from openssl will cause the installation to fail.

For a project that specifies the Ruby version 1.8.7 in the .ruby-version the rbenv autoswitch will not work. You have several options how you can solve this problem:

  • Install rbenv-aliases, which will alias your Ruby 1.8.7-p375 …
Repeats

Icon font vertical alignment in Windows

I had an issue with icons from an icon font aligning differently on Linux, iOS and Windows (seemingly browser-independent). With vertical-align:middle, they aligned properly on Linux, iOS and macOS, whereas with a vertical-align of -18%, it looked good on Windows and iOS, but not Linux.

Further investigation showed that not only icons, but also normal capital letters aligned differently. No setting of vertical-align could fix this, neither top, bottom, middle, nor additional paddings or margins. It seems like browsers take the…

Linked content

Linux Performance Analysis in 60,000 Milliseconds

You login to a Linux server with a performance issue: what do you check in the first minute?

uptime
dmesg | tail
vmstat 1
mpstat -P ALL 1
pidstat 1
iostat -xz 1
free -m
sar -n DEV 1
sar -n TCP,ETCP 1
top

Bundler: Releasing a gem with enabled 2FA

Rubygems supports a 2FA for your account. Once enabled you need to provide your personal OTP code for every release. Despite the CLI of the rake release task does not work well with the command promt for your OTP code with Bundler versions < 2.0.2. It just looks like the task is frozen:

Image

  • Workaround 1: Just type your OTP code and hit enter, your gem is released afterwards.
  • Workaround 2: Upgrade to Bundler >= 2.0.2.. Your supported Ruby versions for this gem must be all >= 2.3.

Wh…

Linux, Arial and Helvetica: Different font rendering in Firefox and Chrome

When text renders differently in Firefox and Chrome, it may be caused by a font alias that both browsers handle differently.

Situation

A machine running Linux, and a website with the Bootstrap 3 default font-family: "Helvetica Neue", Helvetica, Arial, sans-serif.

Issue

Anti-aliasing and kerning of text looks bad in Firefox. Worse, it is rendered 1px lower than in Chrome (shifted down).

Reason

Firefox resolves "Helvetica" to an installed ["TeX Gyre Heros", which is its Ghostscript clone](https://www.fontsquirrel.com/fonts/…

Repeats

Capistrano: How to find out which version of your application is currently live

When deploying, Capistrano puts a REVISION file into your application's release directory. It contains the hash of the commit which was deployed.

If you want to know the currently deployed release, simply SSH to a server and view that file.

$ cat /var/www/my-project/current/REVISION
cf8734ece3938fc67262ad5e0d4336f820689307

Capistrano task

When your application is deployed to multiple servers, you probably want to see a result for all of them.
Here is a Capistrano task that checks all servers with the :app role.

```rub…

Deprecated

Linux: Shell script to easily update chromedriver

Updating Chromedriver is often a hassle: If you use chromium-chromedriver from the Ubuntu sources, it usually won't be updated when a new Chrome version is released. Manually downloading it from the official page is a very manual process. And I don't really want to use remote code like the "webdrives" gem because of paranoia.

Cry no more, for here is a tiny bash script that will download the latest chromedriver version and place it inside ~/bin. (If you use a different location, adjust accordingly).

```
#!/bin/bash

VERSION_URL="https:…

Bash script to list commits by Pivotal Tracker ID

The main benefit of our convention to prefix commits by their corresponding Pivotal Tracker ID is that we can easily detect commits that belong to the same story. You can either do that manually or use the bash script below by copying it somewhere to your .bashrc.

```bash
# Usage: ptcommits '#123456'
function ptcommits {
if test "$1"
then
git log –oneline | grep "$1" | grep "^[a-z0-9]*" -o | xargs –no-run-i…

Joining PDFs with Linux command line

There are several ways to merge two (or more) PDF files to a single file using the Linux command line.

If you're looking for graphical tools to edit or annotate a PDF, we have a separate card for that.

pdfjam

The pdfjoin binary from pdfjam is probably already installed on your system. Usage:

pdfjoin one.pdf two.pdf --outfile out.pdf

Pages from joined documents might be rotated. To avoid this, call it like this:

pdfjoin one.pdf two.pdf --outfile out.pdf --paper a4paper --rotateoversize false

Fo…

Fix for "Rails assets manifest file not found" in Capistrano deploy

If you use webpacker in your Rails application, and you have completely disabled Sprockets, you might get the following error when trying to deploy: Rails assets manifest file not found. This happens inside the deploy:assets:backup_manifest task.

This task is build for Sprockets and does not work with webpacker. Simply skip it, by adding the following line to your config/deploy.rb:

Rake::Task["deploy:assets:backup_manifest"].clear_actions
This website uses cookies to improve usability and analyze traffic.
Accept or learn more