There is a weakness in the code Ruby on Rails uses to verify messagedigests in the cookie store. Because it uses a non-constant time algorithm toverify the signatures an attacker...
There is a vulnerability in the escaping code for the form helpers inRuby on Rails. Attackers who can inject deliberately malformed unicodestrings into the form helpers can defeat the escaping...
Lots of great content coming out of the community in the past month. Below you’ll find some of the most useful tutorials and libraries I’ve found over the past few...
Understand Ruby’s Load Path<p>When you call <code>load</code> or <code>require</code> a new file, Ruby searches through the files in its load path. This allows you to require files relative to the...
A couple weeks ago, I wrote about the newly added ActionController::Responder which summarizes your application behavior for a specified format in just one place. For example, the default html behavior...
Last Friday, Apple released their new OS version: Snow Leopard. Upgrading to SL is very easy and even gives you back quite a lot of HD space.However a few things...
This week’s post will be rather short and sweet. The notable commits of the week seemed to revolve mainly around refactoring and even slightly altering the way some of the...
Another week, another update on Edge Rails. And man, you aren’t making this easy on me, are ya? This weekend, in case you hadn’t already heard, was the first Rails...
As Rubyists migrate from Ruby 1.8 to Ruby 1.9, new Rubyimplementations are gaining in maturity.Recently, IBM's Antonio Cangiano wrote an interesting article comparing the performance between Ruby 1.8, 1.9 and...