00:00:14.889
Hi, my name is Paweł Pokrywka, and I love receiving spam. I love it when the spam gets into my inbox; my heart beats faster. And I will tell you why in a moment. But at first, I would like to ask you something. When I ask you to implement authentication in Rails, for example, how many of you would store a user's password in the database in plain text? Please raise your hands.
00:00:34.690
Okay, nobody? Alright, I can tell you that you're fantastic! You are the best programmers in the world, and I'm honored to meet you. There was a recent study among programmers that involved implementing simple authentication tasks. This study was based on freelancers, and it found that 40% of the participants implemented authentication using plain text passwords in the database. Later, when asked to fix this to make it more secure, many of them encrypted the passwords with base64.
00:01:06.180
Imagine what would happen if a database, which is supposedly well protected, were to leak to an attacker. This data could be used for criminal purposes. Account breaches could occur, and attackers could send spam to people whose data is contained within that database. Now, I have another question for you: How many of you have an online account somewhere? Please raise your hands. Many people are lazy and don’t want to raise their hands, but I’d like to know how many of you have 50 or more online accounts, including newsletters and social media, where you’ve put your email.
00:02:10.320
Thank you, many people! So, I can tell you now that each person who raised their hand has data that belongs to criminals because it has leaked somehow. Why am I telling you this? It is based on my research over the last 12 years. I would register on various websites providing unique, hard-to-guess email addresses that were unique to each site. Later, when I started receiving spam on these unique addresses, I was sure they leaked from those websites. During these 12 years, I have registered with around 800 sites, and 15 of them leaked my information, including LinkedIn and a website that sells secure SSL certificates.
00:02:53.150
If you do the math, you can see that every fifth registration leads to your email address being given to spammers or other criminals. So, be aware of this. Now, let's shift gears a bit. Today, we've talked about many hard topics, so let's discuss something easier. However, before that, let me remind you of two difficult problems in computer science: cache invalidation and naming things. As we know, cache invalidation is really hard. I don’t want to talk about it, so I will focus on naming, or rather, naming people. Sometimes it’s quite easy, and some people say that there's one simple thing to remember in computer science.
00:05:10.320
Have you ever felt like you are titled as a senior developer or senior engineer? Do you think it means anything? What does it mean when someone is labeled a senior developer? Does it imply that they are an exceptional coder? What skills do they possess? What responsibilities do they have? Can anyone name a senior developer from their experience? Most of you didn't raise your hand; I guess you don't care that much. So, what skills should a senior developer have? Is it just about technical expertise, or does it also require domain knowledge and soft skills?
00:07:01.660
What happens if a senior Ruby developer, like I used to be, transfers to a company that requires Python expertise? Or what if a web developer moves to a company focused on game development or control systems? They are senior in their field, but what should they do in a different context? Additionally, what should a senior's responsibilities include? Should they just focus on coding the most crucial part of the systems? Should they refactor the mess that regular or mediocre developers created? Or should they take on client interactions? It's complicated.
00:08:14.120
Another consideration is how one becomes recognized as a senior. Is it their peers who can determine it, or does it require some external acknowledgment? Furthermore, there are people with imposter syndrome—those who never call themselves senior developers, despite their qualifications and experience. What if a department names someone a senior merely based on some strange metrics? Should that even matter? Because a lot of times, it's just about years of experience.
00:09:02.110
It's crucial to recognize that naming things is important, especially in our industry, which lacks clear definitions. Titles can be used to give the impression that an employer cares about professional growth when, in fact, it might just be a way of providing a title instead of a raise. Think about your own goals: what does it mean to you to be a senior? Is it simply about the title, or does it reflect your skills and experiences? This conference is for discussions, not just presentations, so let's talk more about this.
00:10:14.420
Hello, everyone. I am Victor Chappell from Ukraine. I’m a speaker for the conference, and I will have a big presentation on a different topic tomorrow morning, so I'm mostly here to tell you not to oversleep for my session. Now, let's talk about my experience with Ruby. I have been using Ruby for about 15 years, and for the first 12 years of my Ruby career, I managed to avoid Rails completely.
00:10:53.990
I am one of those developers who came to Ruby not because of Rails but due to a passion for programming languages. I started as a simple C++ developer and eventually fell in love with Ruby. Even when I finally switched to Rails, I was still curious about how to explore Ruby's expressiveness. At one point, I attended a presentation by Stephen Wolfram on Wolfram Alpha and Mathematica, and that inspired me to think that Ruby could achieve similar and even greater expressiveness. Since then, I have been involved in open-source projects, trying to combine Ruby's expressiveness with scientific applications.
00:11:55.310
I have been part of the scientific Ruby community for three years, hoping to marry scientific development with Ruby's capabilities. Along the way, we did several Google Summer of Code initiatives where I learned a lot, especially about collaboration with bright minds, like Indian programmers. Unfortunately, despite our efforts, the community faced challenges primarily because of the dominance of Python in the data science field. Consequently, most of the Ruby projects in scientific computing often went unnoticed or were overshadowed.
00:13:22.120
I have always tried to be part of that dialogue, even while pretending to be from the front-end community. However, I identify more as a Ruby back-end developer. Today, I want to share my thoughts on outdated browser detection, a challenge that many developers face. There is a multitude of browsers across various platforms, and each version behaves differently with specific features. Some browsers quickly become outdated while others receive frequent updates.
00:14:35.590
Detecting outdated browsers is often thought to be solely a front-end concern. Despite the statistics showing that most users have modern browsers, one must consider the requirements of businesses that aim to support all users, regardless of their browser version. This can be a challenging task if the resources are available. Front-end teams typically use NPM packages that help manage supported browsers, but these tools can hit limitations when dealing with users who disable JavaScript or have outdated browsers.
00:16:57.220
In these cases, the back-end can take on the responsibility of detecting browser compatibility. We've created a port of an existing NPM package for Ruby that validates user agents and matches them against supported browser lists. This enables us to send HTML alerts to users whose browsers are outdated, allowing these alerts to be effective regardless of the user's browser capabilities.
00:18:55.790
When everything works seamlessly, we can prompt users to update their browsers. However, in cases where front-end tools don't suffice, we can return to a classic approach of providing pure HTML alerts instead. For Rails projects where the front-end and back-end are integrated within the same repository, sharing a common configuration file is easy. Yet, in cases where the front-end and back-end are separated, it might complicate things further since we’ll need additional HTTP requests to keep browser configurations current.
00:20:19.080
It can seem daunting to do this for every request, but responses can be cached to optimize performance. This methodology allows for a robust solution for managing outdated browsers efficiently. If anyone has any thoughts on this, feel free to share. Thank you very much!
00:20:57.350
Hi, sorry for those who were there last year and the year before. I’m just going to play music for five minutes using Ruby. It's an app called Sonic Pal that you can install, and there's a very nice tutorial inside that helps you learn how to play. It’s easy to begin, and like any musical instrument, you need to practice a little bit to become proficient. I’m not very good, but I want to share that it's a lot of fun to play with. Let's go!