Shorts


Securing Sensitive Data in Rails

It feels like data breaches are showing up every week in the news. If you haven’t taken a second look at how you’re storing sensitive data, now is...

November 20, 2018


Postgres SSLMODE Explained

When you connect to your database, Postgres uses the sslmode parameter to determine the security of the connection. There are many options, so...

November 18, 2018


Active Storage S3 Client-Side Encryption

Use client-side encryption to encrypt your data before sending it to S3. You can provide an encryption key to use directly or a KMS key for...

November 12, 2018


Scaling the Monolith

Many companies start out with a single web application. As the team and codebase grow, things feel less organized and common tasks like booting the...

November 7, 2018


Rails, Meet Data Science

Organizations today have more data than ever. Predictive modeling is a powerful way to use this data to solve problems and create better...

October 29, 2018


Introducing Archer: Rails Console History for Heroku, Docker, and More

Many companies today run infrastructure where machines or containers can be replaced at any time, so you can’t depend on them for permanent...

October 23, 2018


Strong Encryption Keys for Rails

Encryption is a common way to protect sensitive data. Generating a secure key is an important part of the process. attr_encrypted, the popular...

October 22, 2018


Verify Slack Requests in Rails

Slack signs its requests so you can verify they’re authentic. Here’s a method you can use in your Rails controllers for it. def request_verified?...

September 14, 2018


Vault for PKI

Here’s how to use Vault for public key infrastructure. Update: Vault now has a great article on this Install the latest version of Vault and jq...

July 21, 2018


Backsolving in Ruby

QR decomposition is a stable way to solve linear regression. require "matrix" x = Matrix.columns([[1, 1, 1, 1, 1], [1, 2, 3, 4, 5], [4, 2, 5, 6,...

June 28, 2018


Jupyter + Rails

Jupyter notebooks are a great alternative to the Rails console for building predictive models. Here’s how to get setup: First, install Jupyter...

June 19, 2018


Bulk Upsert in Ruby/Rails

The upsert gem is great for individual upserts, but for performant bulk upserts, use the activerecord-import gem. Add a unique index on the columns...

June 16, 2018


Securing User Emails in Rails

The GDPR goes into effect next Friday. Whether or not you serve European residents, it’s a great reminder that we have the responsibility to build...

May 14, 2018


Anonymizing IPs in Ruby

With the GDPR just around the corner, here are two useful ways to protect your users’ IP addresses. Both support IPv4 and IPv6, and are included in...

May 5, 2018


TPC-H with Postgres

TPC-H is a database benchmark. git clone https://github.com/gregrahn/tpch-kit.git cd tpch-kit/dbgen make -f Makefile.osx Create the database and...

April 29, 2018


TPC-DS with Postgres

TPC-DS is a database benchmark. git clone https://github.com/gregrahn/tpcds-kit.git cd tpcds-kit/tools make OS=MACOS Create the database and load...

April 29, 2018


Package Your JavaScript Libraries With Rollup

Rollup is a great tool for building libraries. “Webpack for apps, and Rollup for libraries” Run: yarn add rollup rollup-plugin-buble...

March 27, 2018


Securing Database Traffic with PgBouncer and Amazon RDS

Securing database traffic inside your network can be a great step for defense in depth. It’s also a necessity for Zero Trust Networks. Both Amazon...

November 27, 2017


A Short Guide to Metrics

Simple rules to follow when creating metrics Over time: You must see how metrics change over time. Ideally you can view them by day, week, and...

November 5, 2017


Trying Out Vault for Postgres Credentials

Install Vault, as well as JQ for JSON parsing brew install vault jq Start the dev server vault server -dev Then open another window. For this demo,...

November 5, 2017


Client-Side Encryption with AWS and Ruby

AWS makes it easy to enable server-side encryption on many of its services, but it also provides ways to do client-side encryption well. Here are a...

September 23, 2017


Introducing Dexter, the Automatic Indexer for Postgres

Your database knows which queries are running. It also has a pretty good idea of which indexes are best for a given query. And since indexes don’t...

June 26, 2017


Bootstrapping Postgres Users

Setting up database users for an app can be challenging if you don’t do it often. Good permissions add a layer of security and can minimize the...

May 23, 2017


New Rails App Checklist

How I personally start new apps Create Project Get the latest version of Rails gem install rails Create a new app rails new <name> -d...

March 30, 2017


Just Table It

When it comes to data, you can mistakenly optimize by trying to choose the “right” technology for the job. Often, the best choice is right in front...

January 13, 2017


The Safely Pattern

The Safely Pattern is a simple one. It allows you to tag non-critical code by wrapping it in a function. It’s built on top of exception handling...

December 6, 2016


Large Text Indexes in Postgres

Note: This article was written for Postgres 9.6 and below. For Postgres 10+, use hash indexes instead. An index on a sufficiently large text column...

October 7, 2016


navigator.sendBeacon and Rails

navigator.sendBeacon is a neat new API. It allows you to send an asynchronous POST request without delaying the page unload. To prevent Can't...

September 1, 2016


Installing Presto for Mac

Presto is a “Distributed SQL Query Engine for Big Data” that gives you the ability to join across data stores! tada Server The easiest way to...

August 4, 2016


Google OAuth with Devise

Here’s a quick guide to setting up Google OAuth as your app’s exclusive authentication method Add to your Gemfile gem 'devise' gem...

July 18, 2016


Hardening Devise

A few basic steps to make your Devise setup more secure lock Send notifications for important events Like a user changing his or her email or...

July 7, 2016


Error Reporting in R

R supports global error handling, making it easy to report all errors without individual tryCatch statements. Create a file to source at the start...

May 11, 2016


Startup Security

A few simple steps to keep you secure. Require 2-factor authentication for important accounts, like Gmail and GitHub. Require hard drives to be...

April 4, 2016


Learn Data Science

R and Python are two popular languages for data science. We use both at Instacart. This is a short guide for R. It’s quick and everything is...

January 12, 2016


Adding CSP to Rails

Content Security Policy can be an effective way to prevent XSS attacks. If you aren’t familiar, here’s a great intro. To get started with Rails,...

November 29, 2015


Security Checks

Verify SSL certificate chain openssl s_client -connect www.yahoo.com:443 -CAfile /usr/local/etc/openssl/cert.pem You should see verify return:1 for...

October 26, 2015


Data Science SQL

Root mean squared error SELECT SQRT(AVG(POWER(y - y_pred, 2))) AS rmse FROM ... Mean absolute error SELECT AVG(ABS(y - y_pred)) AS mae FROM ......

September 10, 2015


Rails on Heroku

The official guide is a great place to start, but there’s more you can do to make life easier. tangerine Based on lessons learned in the early...

August 12, 2015


R and Database URLs

Note: This approach is now built into the dbx package To use a DATABASE_URL with R, do: Postgres library(RPostgreSQL) library(httr)...

August 10, 2015


The Origin of SQL Queries

Do you know what part of your application is generating that time-consuming database query? There’s a much simpler way than grep. Add comments to...

July 15, 2015


irbrc

My simple ~/.irbrc require "irb/completion" require "irb/ext/save-history" IRB.conf[:SAVE_HISTORY] = 10000 require "awesome_print" AwesomePrint.irb!

June 29, 2015


Rails on Dokku

Console To open a Rails console, run: dokku run rails console Migrations dokku run rails db:migrate

May 31, 2015


Dokku on DigitalOcean

droplet Your very own PaaS Create Droplet Create new droplet with Ubuntu 16.04. Be sure to use an SSH key. Install Dokku wget...

May 31, 2015


Host Your Own Postgres

elephant Get running with the last version of Postgres in minutes Set Up Server Spin up a new server with Ubuntu 16.04. Firewall sudo ufw allow...

May 31, 2015


The Two Metrics You Need

When interviewing candidates for Instacart’s first site reliability engineer, I volunteered to cover monitoring as one of my topics. I’d start by...

April 30, 2015


Scaling Reads

Note: This approach is now packaged into a gem gem One of the easier ways to scale your database is to distribute reads to replicas. Desire...

March 31, 2015


PgBouncer Setup

In under 5 minutes Get Started Here’s the flow: Web app -> PgBouncer -> Postgres You can install PgBouncer on the same server as Postgres or...

March 31, 2015


attr_accessible to Strong Parameters

Running Rails 4 with attr_accessible? Upgrade in three safe and easy steps 1 First, log all instances of forbidden attributes. Add to...

March 31, 2015