Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Marshal is Ruby's ultimate sharp knife, able to transform any object into a binary blob and back. This makes it a natural match for the diverse needs of a cache. But Marshal's magic comes with risks. Code changes can break deploys; user input can trigger an RCE. We recently decided these risks were not worth it. Breaking with convention, we migrated the cache on our core monolith to MessagePack, a more compact binary serialization format with stricter typing and less magic. In this talk, I'll pry Marshal open to show how it works, how we replaced it, and why you might want to do the same.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the talk "Caching Without Marshal" presented by Chris Salzberg at RailsConf 2022, the speaker discusses the pitfalls associated with using Ruby's Marshal for caching in Rails applications. While Marshal provides powerful object serialization, it comes with significant risks such as issues arising from code changes and potential remote code execution vulnerabilities due to user-supplied data. To address these challenges, Salzberg describes Shopify's decision to migrate their caching strategy to MessagePack, a more efficient and safer serialization format. The talk outlines: - **The Problem with Marshal**: Many developers rely on Marshal to cache various objects, not realizing that this can lead to incompatibility issues when the code changes, especially if the state of cached data is not aligned with current code definitions. - **Incident Example**: An incident at Shopify highlighted the dangers of caching objects without considering potential changes in code. A name error occurred because cached data referenced now-unknown structures after a refactor. - **Features of MessagePack**: MessagePack serves as a robust alternative, using stricter typing and less 'magic' compared to Marshal. It handles serialization efficiently and disallows unsupported types which helps prevent runtime issues from unaccounted changes. - **Implementation Steps**: The transition required customizing MessagePack by defining extension types to handle specific data structures that the application uses, such as ActiveRecord objects, dates, and custom class instances. The implementation includes creating serializers and managing potential circular references. - **Results**: After migrating to MessagePack, Shopify observed significant reductions in cache size compared to Marshal, achieving better space efficiency and reducing risks associated with serialization. Their final implementation allows developers to refactor freely without worrying about cache-related failures. In conclusion, by adopting MessagePack, Shopify effectively reduced cache-related incidents and improved developer experience, while reinforcing the importance of understanding caching mechanisms in Rails applications. This migration not only enhanced performance but also provided greater safety for production systems.
Suggest modifications
Cancel
