Configuring MySQL for Production

The other day someone posted in Reddit's r/sysadmin asking for the best way to configure MySQL before running it in production. I've seen this question asked several times before, so I thought it might be useful to write a blog post talking about it.

»
Author's profile picture Eric Rafaloff on devops

Clickjacking Still a Threat

Back in 2010, a paper was published entitled "Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites". If you're even remotely interested in web security, I highly recommend reading it if you haven't already. It rips apart a number of myths behind clickjacking mitigation and includes PoCs for each.

»
Author's profile picture Eric Rafaloff on security

What Makes a Good Engineer?

What makes a good software engineer these days?

»
Author's profile picture Eric Rafaloff on career

Ruby's OptionParser Is All You Need

This may be the last text on building command line apps with Ruby you'll ever have to read.

»
Author's profile picture Eric Rafaloff on ruby

Breaking Rails Apps With Encoding

Since version 1.9, Ruby has had a powerful encoding system that makes working with a number of different encoding standards very easy. Unless you've had to debug an encoding issue, you've probably never even noticed the existence of this system. This is because Ruby uses Encoding.default_internal and Encoding.default_external, which act as options for what you expect your strings to be encoded as. Ruby will automatically try to re-encode, if necessary, any data it gets externally (i.e. file IO) or internally (i.e. calling #inspect on a string). This makes our lives a lot easier.

»
Author's profile picture Eric Rafaloff on rails and security

Session Nightmares With Rails

For those of you that don't know, I'm a software engineer for a niche social network called FetLife. We run a pretty large operation, serving ~2.8 million users, and last week I may have come across the weirdest session bug I've ever spotted in my career.

»
Author's profile picture Eric Rafaloff on devops, rails, and security

Hello World

I've decided to move my blog to GitHub and power it with Jekyll. It's easier for me to manage this way.

»
Author's profile picture Eric Rafaloff on news

Fixing ValidatorException in Jenkins

This morning I installed a new Jenkins plugin that called back to an external host. Unfortunately it didn’t work properly and builds began to produce the following entry in our logs:

»
Author's profile picture Eric Rafaloff on devops and java

Introducing Load Balanced Rest Client

I recently opensourced a project I was working on for FetLife called LoadBalancedRestclient. Basically it's an alternative to the load balancing solution a lot of engineers employ, where you have a dedicated load balancer daemon running that accepts requests from other services.

»
Author's profile picture Eric Rafaloff on ruby

Dropping Out and Getting In

I’m a college dropout. More specifically, I left college in the beginning of my sophomore year to pursue a full time employment opportunity in software development. Here are some lessons I’ve learned along the way. Most of them apply more broadly to anybody looking to start or develop their career.

»
Author's profile picture Eric Rafaloff on life and career