Posts in English

Relation between Story Points and Development Time (Lead Time)

Frequently I hear speculations about story points and their relation with the development time. Questions like: “Why a 3 points card took so much time to be developed” “How long it takes to deliver an 8 points card?”, “Why the team took so long to deliver only this amount of points?” and others are frequent. However, when … »

Monte Carlo in Practice: Finding the ideal iteration value

One of the reasons to use any kind of project management methodology is to reduce costs. A delay in a single week of a project creates two different cost types: The first is the cost of the team, since they will need to work another week. The second is the Cost of Delay, which is … »

Kubernetes and the Erlang VM: orchestration on the large and the small

If you look at the features listed by Kubernetes (K8s) and compare it to languages that run on the Erlang VM, such as Erlang and Elixir, the impression is that they share many keywords. This sharing often leads to confusion. Do they provide distinct behaviors? Do they overlap? For instance, is there any purpose to Elixir’s fault tolerance if Kubernetes also provides self-healing?

Incorrect Access Control in Simple Form (CVE-2019-16676)

Simple Form version 5.0 was released today with a fix for a security issue that could allow an attacker to execute methods on form objects. The issue is explained in details below.

Using Broadway at Hexdocs.pm

This is a quick blog post about our experience replacing Hexdocs.pm’s GenStage pipeline with Broadway. To give some background information, Hexdocs.pm started out as basically just static file hosting for documentation. With the introduction of private Hexdocs it became a distinct Elixir application. Over time, we have also moved handling of documentation tarballs there to offload API servers. Instead of API servers doing … »

Improve confirmation token validation in Devise (CVE-2019-16109)

Devise version 4.7.1 was released with a fix for an edge case that could confirm accounts by mistake. We’ll explain now in details what is the issue, how it was fixed and which actions you might want to take in your applications. Description We received a security report saying that it was possible to confirm … »