Author Archives: wkj

OpenSSL Heartbeat Vulnerability (aka: Heartbleed)

As most of our users are by now no doubt aware, on April 7th a serious vulnerability was announced in recent versions of OpenSSL.  Dubbed Heartbleed, CVE-2014-0160  allows a remote attacker to read potentially sensitive data on the server. This vulnerability has had a widespread impact on many providers.  We take security and the trust […]

Leave a comment

Per-Repo GitHub Status Configuration

The Solano CI integration with GitHub uses OAuth for authentication.  Today we have rolled out the ability to set the credentials used to post GitHub status on a per-repository basis.  To configure an alternate set of credentials for a repository, go to the GitHub Status menu item on the repo configuration page  (click on the […]

Leave a comment

SimpleCov and Ruby 2.1

Solano CI uses the exit status from commands to determine whether a test passes or fails.  The behavior follows in a venerable Unix tradition whereby the exit status of zero indicates success and a non-zero exit status indicates failure. On occasion we’ve seen bugs in test frameworks that can cause false positives, or worse false […]

Leave a comment

A Look Back at 2012 Software Screw Ups!

The New Year is already off to a great start here at Solano Labs with new features and product upgrades getting ready to roll out.  With the start of the New Year we also decided to take a look back at the year that was and ask as a company “What have we learned?” and […]

1 Comment

Rails SQL Injection

A serious security vulnerability in all released versions of Rails was announced on the Ruby on Rails Security list on January second. You can read more about the details in the original post here and follow the CVE case here. The short version is that all extant versions of the ActiveRecord ORM were vulnerable to […]

Leave a comment

Ruby 1.9.3 and Encoding Trouble

Character encodings are a perennial source of trouble. Simple calculations such as string comparison, collation, and even length are a function of the encoding. Reliably translating string encodings is, as a practical matter, frequently painful. The primary string encoding functions in Ruby 1.9.3 are in the core Encoding class. James Gray has a helpful blog […]

Leave a comment

Order-Dependent Test Suites

The other day I was helping a customer with a persnickety failure in his MiniTest specs when I came across the following gem in MiniTest: [code language=”ruby”] ## # Call this at the top of your tests when you absolutely # positively need to have ordered tests. In doing so, you’re # admitting that you […]

Leave a comment

When Do You Commit?

Git repositories hold a wealth of interesting metadata in addition to the code itself.  The number, frequency, authorship, longevity, etc. of commits  reveals a great deal about software and its development.  Depending on the content of commits and commit messages you may be able to infer the life cycle of software defects: when are bugs […]

Leave a comment

Installing Atexit Handlers On Module Load Considered Harmful

A common idiom in Ruby testing frameworks is the use of at_exit as a way to schedule interesting work. I am not a fan — it is an idiom that is ripe for abuse. The C library’s atexit(3) function that inspired Ruby’s at_exit function was originally intended to allow the registration of handlers to tear […]

Leave a comment

Handling JSON POST bodies in your Ruby/Rack Application

Want to post largish JSON objects to your web service? Merely think that using POST parameters as a transport is a little ugly? If your web service is implemented as a Rack application, take a look at this handy Rack middleware: http://gist.github.com/981176. All it takes to use it with Sinatra is a simple use statement […]

Leave a comment