Risk management for live partner projects
Find out how our team managed risks in an existing live partner project using various tools and processes.
Enabling textual search of encrypted personally identifiable information (PII)
In recent years, there have been many news reports of security breaches involving personally identifiable information (PII). In this article, we describe our solution to managing encrypted data records whilst enabling searches based on customer PII.
Upgrading Hanami, part 1: migrations
The first little step on our journey to upgrade our Hanami 1.3 services to Hanami 2.0. This article opens a series of posts related to upgrading Hanami projects. This time we'll cover the Migrations upgrade.
Returning from transactions in Rails 6, 7, and 8
ActiveRecord provides a simple, block-based API for working with database transactions. Any exception from within the block will roll back the transaction. This works great for simple cases, but what happens if you return from within the block?
Most applications today involve some type of background processing (such as sending notification to a customer) in the form of jobs. Sidekiq is one of the popular background job processor out in the community and we use it extensively at Ascenda.
Data exfiltration via DNS tunnelling
If you've ever wondered whether your sensitive data is sufficiently protected against various forms of exfiltration, you might want to take into consideration a trending attack known as DNS Tunneling.
Anomaly detection with Z-score
Anomaly detection enables abnormal metric trends in your system to be detected by analysing historical data. It is also an effective tool for detecting frauds and mitigating risks.
Operations in distributed apps, part 2: logging & tracing
In our previous post, we gave an overview of our Ops and the challenges of acquiring information for day to day support of the different teams beginning with metrics.
Operations in distributed apps, part 1: metrics
Observability is a topic that appears in multiple disciplines, typically from the engineering, IT Ops or DevOps point of view. Your organisation might also have an SRE team whose engaged with you on this.
Lessons I’ve learnt as a code reviewer
Code reviewing is one of the most underrated topics in software development. When done correctly, it can be a key element in the development cycle and help teams maintain a cleaner code base.
Stop trying to please RuboCop
RuboCop can be a tremendously useful tool, but despite being created by some very smart people, it itself is not that smart, and treating it as if it were can often lead us astray.
Trim your inheritance tree, one twig at a time
We hear it all the time: prefer composition over inheritance. But when dealing with a legacy code base already riddled with complex inheritance chains, where do we even start?