We are remodelling a 100 years old house

July and August of 2013 will be a mark in the Plataformatec history as the time when we moved out from our green house in the Vila Madalena neighbourhood to a brand new office in the region of the Paulista Avenue. Our company has grown a lot in this year (we are about to pass … »

CSRF token fixation attacks in Devise

Devise has been reported to be vulnerable to CSRF token fixation attacks. The attack can only be exploited if the attacker can set the target session, either by subdomain cookies (similar to described here) or by fixation over the same Wi-Fi network. If the user knows the CSRF token, cross-site forgery requests can be made. … »

Using Boxen for automating our development setup

Rafael França shows how Plataformatec manages the development setup using Boxen, a tool created on top of puppet to automate machine setups.

How to properly mirror a git repository

When people talk about mirroring a git repository, usually we have a simple answer in mind: Just git clone the repo and you’re set!! However, what we want with mirroring is to replicate the state of an origin repository (or upstream repository). By state, we mean all the branches (including master) and all the tags … »

Devise and Rails 4

Devise 3.0 rc version with Rails 4 compatibility and new 2.2.4 stable version. Simple Form, Responders, Show For and Mail Form versions with Rails 4 compatibility.

Take a look at Simple Form and Devise brand new logos

We are very glad to announce the logos for two of our favorite Rails open source projects… Simple Form: And Devise: We would like to congratulate our designer, Bruna Kochi, who was able to capture the essence of each project in their logos. We will write about their design process soon! Those projects have been … »