Posts by José Valim

Ecto 2.0.0-rc is out!

We are really glad to announce the release candidate for Ecto 2.0 has been released. The upcoming Ecto version packs many goodies: We have migrated to DBConnection, which considerably improves the performance of how Ecto manages connections to the database as a whole. Improved pool management, faster encoding/decoding, support for prepared queries and more; The … »

Ecto 2.0.0-beta.0 is out!

Hello everyone, We are really glad to announce that Ecto 2.0.0-beta.0 has been released. The upcoming Ecto version packs many goodies: We have migrated to DBConnection, which considerably improves the performance of how Ecto manages connections to the database as a whole. Improved pool management, faster encoding/decoding, support for prepared queries and more The effective … »

Improve remember me cookie expiration in Devise (CVE-2015-8314)

A security bug (CVE-2015-8314) has been reported in Devise’s remember me system. Devise implements the “Remember me” functionality by using cookies. While this functionality works across multiple devices, Devise ended-up generating the same cookie for all devices. Consequently, if a malicious user was able to steal a remember me cookie, the cookie could be used … »

Comparing Elixir and Erlang variables

Sometimes Erlang programmers are worried “Elixir variables may be the source of hidden bugs”. This article discusses those concerns and shows how variables in Erlang can produce related “hidden bugs”, some of those eliminated by Elixir. Before we start, a short disclaimer: Elixir does not have mutable variables, it has rebinding. Mutability is often associated … »

Ecto v1.1 released and Ecto v2.0 plans

Ecto v1.1 has been released. Ecto v1.1 brings improvements and bug fixes to Ecto but, more importantly, paves the way for the upcoming Ecto v2.0 release by deprecating functionality that has been said to be error prone or confusing by developers. This article will highlight both improvements and what to expect by Ecto 2.0. For … »

Mocks and explicit contracts

Our test tools often make it very easy to abuse mocks. This post provides some guidelines on using them properly by relying on explicit contracts.