role_id
Role
Active Record Associations
14 Rails - Innovation and Security
class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
class
Client
<
ActiveRecord::Base
has_and_belongs_to_many
:roles
end
client_roles
1 0..* client_id 0..* 1
Client
Proper distribution of functionalities throughout many machines is very hard, especially when we leave those decisions for later. Akka toolkit gives us many tools for scaling out and we can start using them very early in a development process, enhancing our chances of success. In this introductory talk, I want to go through a very simple example and show snippets of single-noded and sharded implementations.
Proper distribution of functionalities throughout many machines is very hard, especially when we leave those decisions for later. Akka toolkit gives us many tools for scaling out and we can start using them very early in a development process, enhancing our chances of success. In this introductory talk, I want to go through a very simple example and show snippets of single-noded and sharded implementations.
Web pages can get very complex and slow. In this talk, I share how we solve some of these problems at LinkedIn by leveraging composition and streaming in the Play Framework. This was my keynote for Ping Conference 2014 ( http://www.ping-conf.com/ ): the video is on ustream ( http://www.ustream.tv/recorded/42801129 ) and the sample code is on github ( https://github.com/brikis98/ping-play ).
Slides from my Lonestar Ruby Conf 2011 presentation.
*** Video of presentation: http://confreaks.com/videos/2531-lsrc2011-testing-javascript-with-jasmine ***
Agenda:
- Briefly cover why you should unit test
- Discuss what Jasmine is and isn't
- Show syntax with comparisons to RSpec
- Jasmine with:
- Vanilla JavaScript
- Jasmine with jQuery
- Jasmine with Ruby (not Rails)
- Jasmine with Rails
- Evergreen
- capybara-webkit
- Where does CoffeeScript, node.js, etc. fit in?
- Other helpful libraries/Wrap-up
Why is My Spark Job Failing? by Sandy Ryza of ClouderaData Con LA
Abstract:
You are not a bad person. But your Apache Spark job is failing. It is running out of memory. It is stalled. It is complaining that no executors have registered or spitting out "Filesystem closed" exceptions with lines upon lines of $anon$1's or being consumed by a swarm of locusts the likes of which have not been seen since Moses crossed the Red Sea. Or it's completing -- 20 times as slow as it should reasonably take. Why? In this talk, you'll learn the internals of Spark jobs, the root causes of such ailments, and tuning strategies for avoiding them.
Bio:
Sandy Ryza is a data scientist at Cloudera, an Apache Hadoop committer, and a Spark contributor. Sandy is also the co-author of Advanced Analytics with Spark.
Software development is riddled with explicit and implicit costs. Every decision you make has a cost attached to it. When you're writing code, you're making an investment, the size of which will for a long time define the costs of your future growth. In this talk you will learn how to see, understand and game some of these forces in your favour.
Akka and the Zen of Reactive System DesignLightbend
In order to be successful with asynchronous programming, when coming from synchronous execution models you need to change your mindset and look at things from a slightly different perspective. In order to use Akka at it's best, you will have to change the way you think about application design (loosen coupling in space and time between components), and re-think what you've maybe learned in the past.
In this talk we uncover a number of rules that serve as a guide in designing concurrent distributed applications, how those apply to Akka, and how they can help you in daily app development.
Aimed at developers through architects, Akka team happy hAkker, Konrad Malawski, bends your parameters with regards to application design and asynchronous execution models.
PHP 5.3 has many new features that allow very different paradigms of software development, that may be unfamiliar to many PHP developers. If you want to learn more about functional or aspect-oriented programming, or how to organize your PHP libraries according to the new de facto PHP namespacing standard, don't miss this talk.
Rich Model And Layered Architecture in SF2 ApplicationKirill Chebunin
Presentation for Symfony Camp UA 2012.
* What are Rich Model, Service Layer & Layered Architecture
* Layered architecture in Sf2 Application
* Integration with 3rd party bundles
Introducing Assetic: Asset Management for PHP 5.3Kris Wallsmith
The performance of your application depends heavily on the number and size of assets on each page. Even your blazingly fastest Symfony2 application can be bogged down by bloated Javascript and CSS files. This session will give you a basic introduction to PHP's new asset management framework, Assetic, and explore how it integrates with Symfony2 for a pleasant, common sense developer experience.
s React.js a library or a framework? In any case, it is a new way of working that represents a revolution in the way of building web projects. It has very particular characteristics that allow us, for instance, to render React code from the server side, or to include React components from Twig tags. During this talk we will present React.js, we will explore how to take advantage of it from PHP projects and we will give answers to practical problems such as universal (isomorphical) rendering and the generation of React.js forms from Symfony forms without duplication of efforts.
Web pages can get very complex and slow. In this talk, I share how we solve some of these problems at LinkedIn by leveraging composition and streaming in the Play Framework. This was my keynote for Ping Conference 2014 ( http://www.ping-conf.com/ ): the video is on ustream ( http://www.ustream.tv/recorded/42801129 ) and the sample code is on github ( https://github.com/brikis98/ping-play ).
Slides from my Lonestar Ruby Conf 2011 presentation.
*** Video of presentation: http://confreaks.com/videos/2531-lsrc2011-testing-javascript-with-jasmine ***
Agenda:
- Briefly cover why you should unit test
- Discuss what Jasmine is and isn't
- Show syntax with comparisons to RSpec
- Jasmine with:
- Vanilla JavaScript
- Jasmine with jQuery
- Jasmine with Ruby (not Rails)
- Jasmine with Rails
- Evergreen
- capybara-webkit
- Where does CoffeeScript, node.js, etc. fit in?
- Other helpful libraries/Wrap-up
Why is My Spark Job Failing? by Sandy Ryza of ClouderaData Con LA
Abstract:
You are not a bad person. But your Apache Spark job is failing. It is running out of memory. It is stalled. It is complaining that no executors have registered or spitting out "Filesystem closed" exceptions with lines upon lines of $anon$1's or being consumed by a swarm of locusts the likes of which have not been seen since Moses crossed the Red Sea. Or it's completing -- 20 times as slow as it should reasonably take. Why? In this talk, you'll learn the internals of Spark jobs, the root causes of such ailments, and tuning strategies for avoiding them.
Bio:
Sandy Ryza is a data scientist at Cloudera, an Apache Hadoop committer, and a Spark contributor. Sandy is also the co-author of Advanced Analytics with Spark.
Software development is riddled with explicit and implicit costs. Every decision you make has a cost attached to it. When you're writing code, you're making an investment, the size of which will for a long time define the costs of your future growth. In this talk you will learn how to see, understand and game some of these forces in your favour.
Akka and the Zen of Reactive System DesignLightbend
In order to be successful with asynchronous programming, when coming from synchronous execution models you need to change your mindset and look at things from a slightly different perspective. In order to use Akka at it's best, you will have to change the way you think about application design (loosen coupling in space and time between components), and re-think what you've maybe learned in the past.
In this talk we uncover a number of rules that serve as a guide in designing concurrent distributed applications, how those apply to Akka, and how they can help you in daily app development.
Aimed at developers through architects, Akka team happy hAkker, Konrad Malawski, bends your parameters with regards to application design and asynchronous execution models.
PHP 5.3 has many new features that allow very different paradigms of software development, that may be unfamiliar to many PHP developers. If you want to learn more about functional or aspect-oriented programming, or how to organize your PHP libraries according to the new de facto PHP namespacing standard, don't miss this talk.
Rich Model And Layered Architecture in SF2 ApplicationKirill Chebunin
Presentation for Symfony Camp UA 2012.
* What are Rich Model, Service Layer & Layered Architecture
* Layered architecture in Sf2 Application
* Integration with 3rd party bundles
Introducing Assetic: Asset Management for PHP 5.3Kris Wallsmith
The performance of your application depends heavily on the number and size of assets on each page. Even your blazingly fastest Symfony2 application can be bogged down by bloated Javascript and CSS files. This session will give you a basic introduction to PHP's new asset management framework, Assetic, and explore how it integrates with Symfony2 for a pleasant, common sense developer experience.
s React.js a library or a framework? In any case, it is a new way of working that represents a revolution in the way of building web projects. It has very particular characteristics that allow us, for instance, to render React code from the server side, or to include React components from Twig tags. During this talk we will present React.js, we will explore how to take advantage of it from PHP projects and we will give answers to practical problems such as universal (isomorphical) rendering and the generation of React.js forms from Symfony forms without duplication of efforts.
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
HA websites are where the rubber meets the road - at 200km/h. Traditional separation of dev and ops just doesn't cut it.
Everything is related to everything. Code relies on performant and resilient infrastructure, but highly performant infrastructure will only get a poorly written application so far. Worse still, root cause analysis in HA sites will more often than not identify problems that don't clearly belong to either devs or ops.
The two options are collaborate or die.
This talk will introduce 3 core principles for improving collaboration between operations and development teams: consistency, repeatability, and visibility. These principles will be investigated with real world case studies and associated technologies audience members can start using now. In particular, there will be a focus on:
- fast provisioning of test environments with configuration management
- reliable and repeatable automated deployments
- application and infrastructure visibility with statistics collection, logging, and visualisation
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
Symfony: Your Next Microframework (SymfonyCon 2015)Ryan Weaver
Microservices are a huge trend, and microframeworks are perfect for them: put together just a few files, write some code, and your done!
But Symfony is a big framework, right? Wrong! Symfony can be as small as a single file!
In this talk, we'll learn how to use Symfony as a micro-framework for your next project. Your app will stay small and clear, but without needing to give up the features or third-party bundles that you love. And if the project grows, it can evolve naturally into a full Symfony project.
So yes, Symfony can also be a microframework. Tell the world!
Dmitry Chastukhin, Director of security consulting at ERPScan, speaks at Deepsec Conference 2012 on SAP Security.
SAP is the most popular business application. There are more than one hundred eighty thousand installations all over the world. But people spend enormous amounts of money to install it and then forget about security. In ERP systems, all business processes are performed, all critical information is stored.
The presentation describes how SAP Portal works and kinds of attacks it can be exposed to.
Similar to Innovation and Security in Ruby on Rails (20)
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
11. ! at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1001) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.Server.handle(Server.java:360) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:944) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716
! at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:630) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:622) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716]
! at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716]
! at java.lang.Thread.run(Thread.java:680) [na:1.6.0_31]
Caused by: org.springframework.dao.InvalidDataAccessApiUsageException: [Assertion failed] - this argument is required; it must not be null; nested exception is java.lan
failed] - this argument is required; it must not be null
! at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:301) ~[spring-orm-3.1.2.RELEASE.jar:3.1
! at org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:106) ~[spring-orm-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.dao.support.ChainedPersistenceExceptionTranslator.translateExceptionIfPossible(ChainedPersistenceExceptionTranslator.java:58) ~[spring-tx-3.
! at org.springframework.dao.support.DataAccessUtils.translateIfNecessary(DataAccessUtils.java:213) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:163) ~[spring-tx-3.1.2.RELEASE
! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.data.jpa.repository.support.LockModeRepositoryPostProcessor$LockModePopulatingMethodIntercceptor.invoke(LockModeRepositoryPostProcessor.java
jpa-1.2.0.M1.jar:na]
! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at $Proxy44.findByNameStartsWith(Unknown Source) ~[na:na]
! ... 46 common frames omitted
Caused by: java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null
! at org.springframework.util.Assert.notNull(Assert.java:112) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.util.Assert.notNull(Assert.java:123) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.data.jpa.repository.query.ParameterMetadataProvider$ParameterMetadata.prepare(ParameterMetadataProvider.java:156) ~[spring-data-jpa-1.2.0.M1
! at org.springframework.data.jpa.repository.query.CriteriaQueryParameterBinder.bind(CriteriaQueryParameterBinder.java:68) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.ParameterBinder.bind(ParameterBinder.java:108) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$CountQueryPreparer.invokeBinding(PartTreeJpaQuery.java:196) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$QueryPreparer.createQuery(PartTreeJpaQuery.java:121) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery.doCreateCountQuery(PartTreeJpaQuery.java:82) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.createCountQuery(AbstractJpaQuery.java:148) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.JpaQueryExecution$PagedExecution.doExecute(JpaQueryExecution.java:99) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:55) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:95) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:85) ~[spring-data-jpa-1.2.0.M1.jar:na]
! at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:313) ~[spring-data
! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE]
! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:155) ~[spring-tx-3.1.2.RELEASE
Stack Traces
! ... 53 common frames omitted
9 Rails - Innovation and Security
12. $ irb
> a
ruby-1.9.3-p0 :045 > a
NameError: undefined local variable or method `a' for main:Object
ruby-1.9.3-p0 :046 > b
NameError: undefined local variable or method `b' for main:Object
ruby-1.9.3-p0 :047 > a = b
NameError: undefined local variable or method `b' for main:Object
ruby-1.9.3-p0 :048 > a = a
... ?
2004
10 Rails - Innovation and Security
13. $ irb
> a
ruby-1.9.3-p0 :045 > a
NameError: undefined local variable or method `a' for main:Object
ruby-1.9.3-p0 :046 > b
NameError: undefined local variable or method `b' for main:Object
ruby-1.9.3-p0 :047 > a = b
NameError: undefined local variable or method `b' for main:Object
ruby-1.9.3-p0 :048 > a = a
... ?
=> nil
2004
10 Rails - Innovation and Security
16. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
class
Client
<
ActiveRecord::Base
has_and_belongs_to_many
:roles
end
Active Record
13 Rails - Innovation and Security
17. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
class
Client
<
ActiveRecord::Base
has_and_belongs_to_many
:roles
end
client_roles
1 0..* client_id 0..* 1
Client role_id Role
name
Active Record
13 Rails - Innovation and Security
18. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
class
Client
<
ActiveRecord::Base
has_and_belongs_to_many
:roles
end
client_roles
1 0..* client_id 0..* 1
Client role_id Role
Magic!
name
Active Record
13 Rails - Innovation and Security
19. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
Metaprogramming
14 Rails - Innovation and Security
20. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
Role.find_or_create_by_name("admin")
Metaprogramming
14 Rails - Innovation and Security
21. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
Role.find_or_create_by_name("admin")
def
method_missing(m,
*args,
&block)
#
magic
end
Metaprogramming
14 Rails - Innovation and Security
22. class
Role
<
ActiveRecord::Base
attr_accessor
:name
has_and_belongs_to_many
:clients
end
Role.find_or_create_by_name("admin")
def
method_missing(m,
*args,
&block)
#
magic
end
Magic!
Metaprogramming
14 Rails - Innovation and Security
23. 2008 , Kiel
15 Rails - Innovation and Security
37. $
cap
deploy:migrations
v1
-‐>
v2
current
shared
releases
20130128231601
20130129231801
20130129161601 current
Capistrano Deployment
25 Rails - Innovation and Security
38. $
cap
deploy:migrations
v1
-‐>
v2
$
cap
deploy
rollback
current
shared
releases
20130128231601
20130129231801 current
20130129161601 current
Capistrano Deployment
25 Rails - Innovation and Security
39. class
User
<
ActiveRecord::Base
devise
:database_authenticatable,
:registerable,
:recoverable,
:rememberable,
:trackable,
:validatable
end
Devise
26 Rails - Innovation and Security
49. class
Role
<
ActiveRecord::Base
attr_accessor
:name
end
User.find_by_name(
"Robert');
DROP
TABLE
Students;
-‐-‐")
SQL Injection. Solved.
34 Rails - Innovation and Security
50. class
Role
<
ActiveRecord::Base
attr_accessor
:name
end
User.find_by_name(
"Robert');
DROP
TABLE
Students;
-‐-‐")
SQL Injection. Solved.
34 Rails - Innovation and Security
51. <script
language="javascript">
document.write("<script
src='malware.js'></script>");
</script>
Cross Site Scripting
35 Rails - Innovation and Security
57. User.find_by_id(
{:select
=>"*
from
users
limit
1
-‐-‐"})
SELECT
*
from
users
limit
1
-‐-‐
FROM
"users"
WHERE
"users"."id"
IS
NULL
LIMIT
1
=>
#<User
id:
1,
all
other
attributes
Security Leak, Jan 3rd
41 Rails - Innovation and Security
66. • Strong community
• Simple magic
• Eats resources
• Enterprise ready
• Hosting is either hard or expensive
• Open + Innovative + Secure
Asking Developers
48 Rails - Innovation and Security