Posts by José Valim

Writing assertive code with Elixir

Functional languages are typically great languages for writing assertive code and Elixir is no exception. In this blog post, I would like to discuss some anti-patterns I have seen in Elixir code and how to rewrite them in a way to make the best of Elixir. Pattern matching Imagine you have a string with format … »

Thank you, Carlos Antonio!

Carlos Antônio, our first employee, is moving forward after 5 years at Plataformatec. In this blog post, we share a bit about our story, open source projects, and what Carlos is leaving as legacy to us.

Comparing protocols and extensions in Swift and Elixir

Swift has been recently announced by Apple and I have been reading the docs and playing with the language out of curiority. I was pleasantly surprised with many features in the language, like the handling of optional values (and types) and with immutability being promoted throughout the language. The language also feels extensible. For extensibility, … »

Tips for keeping your Open Source Software issues tracker tidy

Charlie Somerville recently tweeted he wished there was a good guide about maintaining open source software: I wish there was a good guide on maintaining OSS projects. I'm a maintainer of a reasonably popular project and I have NFI what I'm doing. — Charlie Somerville (@charliesome) April 26, 2014 In between consultancy jobs and building … »

E-mail enumeration in Devise in paranoid mode

It has been reported that malicious users can do e-mail enumeration on sign in via timing attacks despite paranoid mode being enabled. Whenever you try to reset your password or confirm your account, Devise gives you precise information on how to proceed, if the e-mail given is valid, if the token has not expired and … »

Devise 3.1: Now with more secure defaults

We are glad to announce that Devise 3.1.0.rc is out. On this version, we have focused on some security enhancements regarding our defaults and the deprecation of TokenAuthenticatable. This blog post explains the rationale behind those changes and how to upgrade. Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. There is a TL;DR … »