Et tu, Signal?

Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business. This is not the way.

Like many others, I was disappointed to hear that Signal is going down the cryptocurrency rabbit-hole.

This blog post from Stephen Diehl covers the problems with this move pretty well.

Hacking my Pedometer++ data

I’ve been using the Pedometer++ app since 2015 to track my daily steps and overall I’m very pleased with how it work and looks but a little while ago I noticed an issue: the number of floors I’ve supposedly climbed is wildly off in the app.

Daily and lifetime floor achievements in Pedometer++


→ Read more…

Have I Been Pwned support for RubyGems.org

Screenshot of PR 2048 on GitHub

Have I Been Pwned is a service that lets you check if your accounts have been included in data breaches. You can enter your email address to subscribe to notifications if (or when) your personal details are compromised.

HIBP also offers an API that lets site operators check their users’ passwords haven’t been previously compromised. It does this using a clever k-Anonymity model which allows this check to happen without revealing the user’s chosen password to HIBP or any other third party. You can read up on the precise method in the HIBP API documentation.

My pull request to add Have I Been Pwned support to RubyGems.org was recently (well, a month ago) merged and deployed to production.


→ Read more…

Air quality dashboard

Our custom air quality dashboard

There’s been some interesting research into the effects of increased levels of CO₂ on human cognition. Namely that elevated levels of carbon dioxide essentially make us dumber. Studies have found that concentrations above 1000ppm can have a significant negative impact.

What’s more, CO₂ tends to build up in conference rooms as a meeting goes on, meaning CO₂ levels will be at their highest near the end of the meeting when decisions are often being made. Poor air quality might actually be making us do stupid things.

To combat this at work, we’ve installed air quality sensors in the meeting rooms at our office. These are relatively affordable, off-the-shelf Netatmo air quality monitors. They monitor temperature, humidity, CO₂, and noise levels.


→ Read more…

The state of package signing in the wild

Recently I started looking into the current state of package signing on RubyGems and considering what it might look like in the future.

To this end, I also ended up looking into how package signing is handled by Rust, Python, and Node.js.

The tl;dr is that nobody does package signing and that it’s a really hard problem to solve.


→ Read more…

Upcoming conferences

I’m excited to announce that I’ll be speaking at two more conferences this year: Brighton Ruby and Ruby Conf Taiwan.

I’ll be giving the same ‘Ruby Like It’s 1995’ talk at both conferences that I gave at RubyFuza earlier this year with some (hopefully) exciting new enhancements.

Brighton Ruby 2019 homepage screenshot

Brighton Ruby 2019

Brighton Ruby has been organised since 2014 by Andy Croll.

I was an attendee at the 2016 conference and really enjoyed it so I’m super excited to have a chance to speak there this year.

More info and tickets: brightonruby.com

Brighton Conf Taiwan 2019 homepage screenshot

Ruby Conf Taiwan 2019

This will be the eighth time that Ruby Conf Taiwan is organised.

The conference will be headlined by Matz which definitely makes it extra thrilling to be giving a talk about the early days of Ruby.

More info and tickets: 2019.rubyconf.tw

Choosing libraries and evaluating code

These slides are from a short talk I gave at work for my coworkers and especially for our junior developers.

Overall, the slides are probably more of a conversation starter than they are useful in themselves.

Choosing code and evaluating libraries

How do you choose between using an existing library and coding it yourself? How do you evaluate whether someone else’s code is good or not?


→ Read more…

Rails Security: above and beyond the defaults

Rails Security: above and beyond the defaults

This is a blog post version of the Rails Security talk that I gave at Rubyfuza 2017 in Cape Town earlier this year.

I’ll also be giving this talk (or an updated version of it) for Ruby Dev Summit, a free online conference, in October this year.


→ Read more…

Middleman on Heroku – 2017 edition

I’ve written about hosting Middleman apps a couple of times before. This article supersedes the advice given in those earlier blog posts.

This new approach uses Heroku’s official Ruby buildpack and uses its asset precompile behaviour to build the Middleman site.

The advantage of this approach is that the site gets built on deploy and doesn’t need to be rebuilt every time that the app reboots. This should result in faster and more reliable app boots.


→ Read more…

Piranhas: Now with Amazon.it support

Piranhas now has full support for Amazon.it in addition to Book Depository, Wordery, and the other five Amazon stores.

Piranhas screenshot

I’ve also checked and updated the shipping rates data for all the supported Amazon stores, so depending on your location you may see more accurate estimates of the shipping costs now.