We love open source and we invest in continuous learning. We give back our knowledge to the community.

When Is Ssh -a Insecure?



What’s the authentication agent forwarding for?

Let’s start showing what man ssh says about it:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.

It tries to solve the following problem:

Laptop -> Server A -> Server B

User wants to connect to Server A and from Server A to Server B forwarding all authentication requests to Laptop.

Technical Thursdays Or: How We Do Continuous Learning


A conclusion I came to after years of watching software projects come and go, is that one of the biggest differences between teams who achieve consistent success and those who suffer through inconsistency is their commitment to continuous learning. Successful athletes continuously practice the fundamentals while learning more advanced strategies. Same should happen with developers.

Here at WyeWorks we strongly believe that curiosity and passion for learning are key to being a good developer. If you have people on your team who are curious and collaborative like we do, continuous learning comes naturally and performance will be high.

Either it is to share a tip, research a new technology, play around with that library that was on top of the head for weeks, or even watch someone’s keynote, people gather the entire morning at what we call Technical Thursdays with the same goal in mind: share and acquire knowledge.

Recently, a developer with no more than 10 days at the company (who was also new to Ruby) was able to get his first contribution to OSS accepted after fixing a bug encountered when playing around with a gem we were discussing. Everything happened that same morning: the learning on how to use the gem, the bug discovery, the teamwork to fix it, and finally the contribution to open source.

Here are a few pics of WyeWorkers at our Technical Thursdays

So technical Thursdays is part of what we do in order to improve and stay up to date. What are you doing as a developer in order to maintain up to date and continue learning? Please share!

How to Build a Rails 5 API Only and Ember Application


A few days ago, following long discussions, Rails API was merged into Rails master branch.

Because of that, in our latest post we discussed how to build an API only application. We’ve also shown how to integrate it with a client-side application implemented using Backbone. If you’ve missed this post, check it out and learn more about how to integrate Rails API with an Backbone application.

In this post, we are going to show how a very similar client-side Ember application can be integrated with the same backend application implemented using Rails API. Like in our previous post, we are going to use the TodoMVC application.

In addition, we are going to comment about some issues that were fixed in Rails and Active Model Serializers in order to make the integration easier. These improvements were the result of testing Rails API with an Ember application, as part of our efforts to make it work properly with some of the most popular JavaScript frameworks.

How to Build a Rails 5 API Only and Backbone Application


A few weeks ago, an announcement was made referring to the imminent inclusion of Rails API into Rails core. Until now, Rails API has been a separated project and people have been using it through the rails-api gem.

Santiago Pastorino and I have been working on bringing Rails API into Rails for a while. After some further discussion, bug fixes and last-minute changes, the corresponding pull request was finally merged. We’re happy to confirm that all Rails API capabilities will be available once Rails 5 is released!

Rails API goal is to facilitate the implementation of API only Rails projects, where only a subset of Rails features are available. A Rails API application counts with lightweight controllers, a reduced middleware stack and customized generators. All these features were conceived looking for a better experience at the moment of building an API only application.

For more detailed information about the Rails API project, you can take a look at this Santiago Pastorino’s article about the project.

Using the Page Object Pattern With Ember CLI


One of the most appealing features in Ember and Ember CLI is the ability to easily create functional or acceptance tests. But, the everyday interaction between UX and development, can hurt how these tests are maintained. Here, I try to describe an approach that helped us overcome this problem.

Rails API to Be Part of Rails 5


A decision was made to incorporate Rails API into Rails core 🎉 🎉 🎉. During the last week I’ve been working on this and, today we opened a pull request to discuss the results.

What is Rails API?

The original idea behind Rails API was to serve as a starting point for a version of Rails better suited for JS-heavy apps. The project consists of: Rails API per se, the Active Model Serializers project plus a bunch of ideas that haven’t been implemented yet. As of today, Rails API provides: trimmed down controllers and middleware stack together with a matching set of generators, all specifically tailored for API type applications.

For more detailed information about the Rails API project, please read my previous article on the subject.

Next steps: What we need to talk about?

We still need to discuss the “Rails way” for API applications, how API apps should be built and, what features we’d like included from our original list of ideas. In particular:

  • Do we want to avoid asset generation in Rails by having a back-end and a front-end apps?
  • Do we prefer to have a single application and keep asset generation in Rails instead?
  • Do we like Active Model Serializers better than Jbuilder?
  • If not, can we make Rails API play nicely with Jbuilder?

Join the conversation

Like every year, I’m attending RailsConf 2015 in Atlanta. This could be a great opportunity to meet and interact. So, please come find me throughout the conference or say hi if we run into each other. I’d love to talk about Rails API or any other topic. Comments, reviews, suggestions and improvements are always welcome.

ActiveModel::Serializers Rewrite (Upcoming 0.9.0.pre Version)


First of all, I want to apologize to all for the long time it has taken me to push this humble new code.

I started to work on ActiveModel::Serializers because I’m interested in the Rails API project in general and ActiveModel::Serializers in particular. Given that ActiveModel::Serializers has few contributors, I thought it could be a good opportunity to understand the code and help the community around the project.

Rails 4 Links Compilation


I’m leaving here a curated compilation of interesting links where you will find information that is not very well known. There are pull requests, issues, commits, examples, posts, videos and more about Rails 4.

Rails 4 in a MindNode


I’ll be talking at RubyConf Argentina, and the first thing I usually do when preparing talks is to think in a high level and then start going down form there. I find MindNode a great tool for that. So I started checking what was being added, removed and deprecated in Rails 4 (my memory isn’t good enough to have all that in the top of my head :P). The result is this MindNode I’m sharing with you …