Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005. If you enjoy this, you may also want to subscribe to our Web Application Topics Newsletter.

Get the Current Year in the Ruby Programming Language


When learning Ruby on Rails, sometimes you just need to get the current year as a number. I posted one example on why this is a useful way on a real-life website in the 2011 post on how to automatically update copyright notices.

In this article, I will show you some methods for getting the current year, such as the number 2015. I will then show you how to benchmark the methods to determine which is the fastest method for you, given your machine and Ruby version.

Okay, just how do I get the Current Year in Ruby?

It’s easy. Just use any of the Date/Time objects and call the year method, like this:

   # Using the Time class
   current_year = Time.new.year  # or Time.now.year

   # Using the Date class
   current_year = Date.today.year

   # Using the DateTime class
   current_year = DateTime.now.year

New Video! Understanding & Defending Against Data Breaches


Nash.rb Understanding & Defending Against Data Breaches starts with a proper understanding of Professional Ethics

A few weeks ago, I spoke with the Ruby users’ group in Nashville, TN, about the importance of understanding the root cause of data breach security incidents and countermeasures that developers can put in place to help prevent them. It’s up on YouTube for your enjoyment at Understanding & Defending Against Data Breaches, as a Practicing Software Developer – Nash.rb.

Two New Videos! How a Ruby on Rails Developer Can Help Prevent a Data Breach


Two new videos of the data breach talk and class that I lead in August and December are now up on YouTube! I hope that it helps you level up on your security knowledge because good software security needs to be a moral stance.

Next public talk

I am scheduled to give a presentation to this topic for the Nash.rb Users’ Group on Thursday, February 5, 2015 at the Emma office in Nashville, TN. If you are in town and can make it out, I would love to meet you.

How to Protect Against the POODLE SSLv3 Vulnerability


The POODLE SSL vulnerability marks the third major security flaw discovered this year that impacts the security of millions of websites.

The attack works by forcing the connection to downgrade from the newer TLS protocol to the 18 year old SSL 3 protocol, which is obsolete and insecure, and then utilizing a weakness to calculate small strings of data from the encrypted communication, such as session cookies.

Commercial Information Security Classification System


When you read books on security, at some point the importance of classified information systems is covered. These typically look at Mandatory Access Control in the context of military classifications, such as top secret, secret, for official use only, and sensitive but unclassified. While the existence of commercial classification systems in use outside of a government context may be mentioned, it’s not as common to see a commercial information classification system presented.

In this article, I shall present to you a commercial information classification system that you can use to help plan your web application’s security standards based upon information sensitivity considerations. It is the system that I have developed for use with my own clients and have presented on publicly as part of my series on how a Ruby developer can help prevent a data breach.

Government vs Security - Schneier Explains


We’ve been hearing a lot recently about law enforcement officials upset over the so-called “going dark” problem, with Apple and Google implementing stronger encryption solutions for their mobile platforms. These government organizations are arguing that by making encryption easy to use and unbreakable, Apple and Google will help criminals escape from justice by impeding investigative work.

“You can’t build a backdoor that only the good guys can walk through.”

As security-focused developers, we discuss these issues quite often at Rietta. Sometimes it is difficult to articulate our opinions on the subject, but luckily Bruce Schneier’s post on the subject does a superb job of laying out the major considerations along with supporting evidence, which is well worth a read.

“… let’s wait for some actual evidence of harm before we acquiesce to police demands for reduced security.”

The essential takeaway is that providing a way for the government to legitimately access the data means there is also a way for the various bad guys of the world to access it as well. At the end of the day, the goal is to protect people from harm. Unbreakable encryption can certainly help with that, but sometimes-breakable encryption usually can’t.

Raspberry Pi Crypto Key Management Project!


A few months ago I bought a Raspberry Pi B to experiment with, but sadly my day job as a Ruby developer keep me busy enough that it just sat on the shelf unused until this last weekend. For those not yet in the know, the Raspberry Pi is an excellent little complete computer system on a small circuit board that uses very low power and looks like this:

My Raspberry Pi booting for the First Time!

Software Security Is a Moral Duty


All too often robust security is put off because the cost of prevention is felt upfront and the cost of breach is to realized at an uncertain future time and mostly by third parties. In the name of saving money, organizations continue to run out of date operating systems, reject appropriate strong encryption systems, fail to deploy sufficient network security, and refuse to employ and empower appropriate security staffs. In the end, security is seen as an expense to be minimized as part of a risk management program. But there is another way.

Learn How Upworthy Scaled a Ruby on Rails Application to Serve Massive Traffic


Luigi Montanez is the founding engineer of the viral content website http://upworthy.com and in this ATLRUG talk from July 9, 2014, he gives a fascinating insight into one approach to managing the growth of a startup’s web app in the face of very high traffic. Their backend is built upon Ruby on Rails with an effective use of the Fastly CDN to deliver very high performance at scale.