Modern Encryption for Mongoid

I’m happy to announce that Lockbox now supports Mongoid. This makes it easy to add application-level encryption to your MongoDB documents. Blind...

August 16, 2019

Gem Patterns

I’ve created a few Ruby gems over the years, and there are a number of patterns I’ve found myself repeating that I wanted to share. I didn’t invent...

August 2, 2019

Introducing Searchkick Pro

Searchkick makes it easy to add intelligent search to Rails applications. It was launched in 2013 back when Elasticsearch 0.90 was all the rage. To...

August 1, 2019

Lockbox: Now with Types

A new version of Lockbox was just released with support for types, making it easier to encrypt non-string fields. Previously, you’d need to perform...

July 22, 2019

Ruby with OpenSSL 1.1

Some Ruby features like and require OpenSSL 1.1. Here’s how to make it work on Mac: Install rbenv and OpenSSL 1.1 Install Ruby Open an interactive...

July 11, 2019

Securing User Emails in Rails with Lockbox

This is an update to Securing User Emails in Rails with a number of improvements: Works with Devise’s email changed notifications Stores encrypted...

July 10, 2019

Blind Index 1.0

Blind indexing is an approach to securely search encrypted data with minimal information leakage. I’m happy to announce that Blind Index 1.0 was...

July 9, 2019

Modern Encryption for Rails

Encrypting sensitive data at the application-level is crucial for data security. Since writing Securing Sensitive Data in Rails, I haven’t been...

July 8, 2019

Why and How to Keep Your Decryption Keys Off Web Servers

Suppose a worst-case scenario happens: an attacker finds a remote code execution vulnerability and creates a reverse shell on one of your web...

March 28, 2019

Argon2 with Devise

bcrypt has been a great choice for safely storing passwords. However, as time has passed, a better alternative has emerged: Argon2. OWASP now...

March 23, 2019

Hybrid Cryptography on Rails

Hybrid cryptography allows certain servers to encrypt data without the ability to decrypt it. This can greatly limit damage in the event of a...

February 28, 2019

Introducing pdscan: Scan Your Data Stores for Unencrypted Personal Data

It's important to understand where personal data is stored in your applications. Personal data that’s not encrypted at the application level is...

February 25, 2019

Securing Sensitive Data in Rails

It feels like data breaches are showing up every week in the news. If you haven’t taken a second look at how you’re storing sensitive data, now is...

November 20, 2018

Postgres SSLMODE Explained

When you connect to your database, Postgres uses the parameter to determine the security of the connection. There are many options, so here’s an...

November 18, 2018

Active Storage S3 Client-Side Encryption

Use client-side encryption to encrypt your data before sending it to S3. You can provide an encryption key to use directly or a KMS key for...

November 12, 2018

Scaling the Monolith

Many companies start out with a single web application. As the team and codebase grow, things feel less organized and common tasks like booting the...

November 7, 2018

Rails, Meet Data Science

Organizations today have more data than ever. Predictive modeling is a powerful way to use this data to solve problems and create better...

October 29, 2018

Introducing Archer: Rails Console History for Heroku, Docker, and More

Many companies today run infrastructure where machines or containers can be replaced at any time, so you can’t depend on them for permanent...

October 23, 2018

Strong Encryption Keys for Rails

Encryption is a common way to protect sensitive data. Generating a secure key is an important part of the process. attr_encrypted, the popular...

October 22, 2018

Verify Slack Requests in Rails

Slack signs its requests so you can verify they’re authentic. Here’s a method you can use in your Rails controllers for it. lock

September 14, 2018

Vault for PKI

Here’s how to use Vault for public key infrastructure. Update: Vault now has a great article on this Install the latest version of Vault and jq...

July 21, 2018

Backsolving in Ruby

QR decomposition is a stable way to solve linear regression. You can use the extendmatrix gem to do decomposition in pure Ruby. Givens rotations...

June 28, 2018

Jupyter + Rails

Jupyter notebooks are a great alternative to the Rails console for building predictive models. Here’s how to get setup: First, install Jupyter...

June 19, 2018

Bulk Upsert in Ruby/Rails

The upsert gem is great for individual upserts, but for performant bulk upserts, use the activerecord-import gem. Add a unique index on the columns...

June 16, 2018

Securing User Emails in Rails

There is an updated version of this post. The GDPR goes into effect next Friday. Whether or not you serve European residents, it’s a great reminder...

May 14, 2018

Anonymizing IPs in Ruby

With the GDPR just around the corner, here are two useful ways to protect your users’ IP addresses. Both support IPv4 and IPv6, and are included in...

May 5, 2018

TPC-H with Postgres

TPC-H is a database benchmark. Create the database and load the schema Generate data Load the data Generate queries Run queries Bonus: Add Indexes...

April 29, 2018

TPC-DS with Postgres

TPC-DS is a database benchmark. Create the database and load the schema Generate data Load the data Generate queries Run queries Bonus: Add Indexes...

April 29, 2018

Package Your JavaScript Libraries With Rollup

Rollup is a great tool for building libraries. “Webpack for apps, and Rollup for libraries” Run: Add to : Add to your . Create with: And run: fire

March 27, 2018

Securing Database Traffic with PgBouncer and Amazon RDS

Securing database traffic inside your network can be a great step for defense in depth. It’s also a necessity for Zero Trust Networks. Both Amazon...

November 27, 2017

Trying Out Vault for Postgres Credentials

Install Vault, as well as JQ for JSON parsing Start the dev server Then open another window. For this demo, we’ll create a new Postgres database....

November 5, 2017

A Short Guide to Metrics

Simple rules to follow when creating metrics Over time: You must see how metrics change over time. Ideally you can view them by day, week, and...

November 5, 2017

Client-Side Encryption with AWS and Ruby

AWS makes it easy to enable server-side encryption on many of its services, but it also provides ways to do client-side encryption well. Here are a...

September 23, 2017

Introducing Dexter, the Automatic Indexer for Postgres

Your database knows which queries are running. It also has a pretty good idea of which indexes are best for a given query. And since indexes don’t...

June 26, 2017

Bootstrapping Postgres Users

Setting up database users for an app can be challenging if you don’t do it often. Good permissions add a layer of security and can minimize the...

May 23, 2017

New Rails App Checklist

How I personally start new apps Create Project Get the latest version of Rails Create a new app Don’t fret too much over the name - you can easily...

March 30, 2017

Just Table It

When it comes to data, you can mistakenly optimize by trying to choose the “right” technology for the job. Often, the best choice is right in front...

January 13, 2017

The Safely Pattern

The Safely Pattern is a simple one. It allows you to tag non-critical code by wrapping it in a function. It’s built on top of exception handling...

December 6, 2016

Large Text Indexes in Postgres

Note: This article was written for Postgres 9.6 and below. For Postgres 10+, use hash indexes instead. An index on a sufficiently large column can...

October 7, 2016

navigator.sendBeacon and Rails

navigator.sendBeacon is a neat new API. It allows you to send an asynchronous request without delaying the page unload. To prevent with Rails, use...

September 1, 2016

Installing Presto for Mac

Presto is a “Distributed SQL Query Engine for Big Data” that gives you the ability to join across data stores! tada Server The easiest way to...

August 4, 2016

Google OAuth with Devise

Here’s a quick guide to setting up Google OAuth as your app’s exclusive authentication method Add to your Gemfile And run Create a model In the...

July 18, 2016

Hardening Devise

A few basic steps to make your Devise setup more secure lock Send notifications for important events Like a user changing his or her email or...

July 7, 2016

Error Reporting in R

R supports global error handling, making it easy to report all errors without individual statements. Create a file to source at the start of all...

May 11, 2016

Startup Security

A few simple steps to keep you secure. Require 2-factor authentication for important accounts, like Gmail and GitHub. Require hard drives to be...

April 4, 2016

Learn Data Science

R and Python are two popular languages for data science. We use both at Instacart. This is a short guide for R. It’s quick and everything is...

January 12, 2016

Adding CSP to Rails

Content Security Policy can be an effective way to prevent XSS attacks. If you aren’t familiar, here’s a great intro. To get started with Rails,...

November 29, 2015

Security Checks

You should see for each certificate in the chain. Host header injection Read about it here. Your site is vulnerable if appears in the results. SPF...

October 26, 2015

Data Science SQL

Root mean squared error Mean absolute error Mean error Median - get it here

September 10, 2015

Rails on Heroku

The official guide is a great place to start, but there’s more you can do to make life easier. tangerine Based on lessons learned in the early...

August 12, 2015

R and Database URLs

Note: This approach is now built into the dbx package To use a with R, do: Postgres MySQL cake

August 10, 2015

The Origin of SQL Queries

Do you know what part of your application is generating that time-consuming database query? There’s a much simpler way than . Add comments to your...

July 15, 2015


My simple

June 29, 2015

Dokku on DigitalOcean

droplet Your very own PaaS Create Droplet Create new droplet with Ubuntu 16.04. Be sure to use an SSH key. Install Dokku And visit your server’s...

May 31, 2015

Rails on Dokku

To open a Rails console, run: Migrations

May 31, 2015

Host Your Own Postgres

elephant Get running with the last version of Postgres in minutes Set Up Server Spin up a new server with Ubuntu 16.04. Firewall Automatic...

May 31, 2015

The Two Metrics You Need

When interviewing candidates for Instacart’s first site reliability engineer, I volunteered to cover monitoring as one of my topics. I’d start by...

April 30, 2015

attr_accessible to Strong Parameters

Running Rails 4 with ? Upgrade in three safe and easy steps 1 First, log all instances of forbidden attributes. Add to : And create an initializer...

March 31, 2015

Scaling Reads

Note: This approach is now packaged into a gem gem One of the easier ways to scale your database is to distribute reads to replicas. Desire...

March 31, 2015

PgBouncer Setup

In under 5 minutes Get Started Here’s the flow: You can install PgBouncer on the same server as Postgres or a separate server. For Amazon RDS, you...

March 31, 2015