Tips for hiring great software engineers

Every once in a while people ask us how we hire and interview software developers at Plataformatec. In this post, we share the key things we do when looking for and interviewing job candidates. We focused the post on actionable hints, from the basic tips up to some specific characteristics to the hiring process at Plataformatec. This is … »

Sharing large repositories with your team

Hey, there! Here at Plataformatec we like to do project rotations. It means that every three months or so, developers can swap projects. It has lots of benefits like working with different people, getting out of the comfort zone, sharing skills and knowledge, and the best one: a new developer can spot problems that people … »

XSS vulnerability on Simple Form

There is a XSS vulnerability on Simple Form’s label, hint and error options. Fixed versions: 3.0.1, 2.1.1

E-mail enumeration in Devise in paranoid mode

It has been reported that malicious users can do e-mail enumeration on sign in via timing attacks despite paranoid mode being enabled. Whenever you try to reset your password or confirm your account, Devise gives you precise information on how to proceed, if the e-mail given is valid, if the token has not expired and … »

RS on Rails 2013: nós estivemos lá

No último dia 19 de outubro de 2013, aconteceu em Porto Alegre, nas dependências da PUC-RS, o RS on Rails. Eu, João Britto e Lucas Mazza participamos do evento que conseguiu abranger palestras que falavam sobre a cultura e os hábitos do programador, importantes para o desenvolvimento pessoal; as de cunho técnico, compostas com bastante … »

Devise 3.1: Now with more secure defaults

We are glad to announce that Devise 3.1.0.rc is out. On this version, we have focused on some security enhancements regarding our defaults and the deprecation of TokenAuthenticatable. This blog post explains the rationale behind those changes and how to upgrade. Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. There is a TL;DR … »