Interestings

Don’t use delete_all

Let’s say you have a has_many relationship – project has_many stories. You don’t have dependent: destroy on the association.

If you call project.stories.delete_all, it does not delete the stories. Instead, it inserts NULL into the stories’ project_id field.

As a bonus, if the project_id field in the stories table has a not null constraint, then all of the project_ids become 0 – potentially attaching themselves to a completely different project.

delete_all works properly if the association has a dependent: destroy clause, and destroy_all works properly in either case.

Helps

Change Lobot instance type on EC2

We are running on a c1.medium( 1.75GB memory, 5CU) and want to change to something like m1.large or m1.medium with more generous memory allocation. What would be the best way to do it? Change the type from EC2 console or start from scratch?

Interestings

New Severe Rails Vulnerability

All versions of Rails are affected. There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

It is recommended for everyone to upgrade immediately to patched version.

Multiple vulnerabilities in parameter parsing in Action Pack