Authentication
Lighting Talks Day 2
MR
WR
See all speakers
See all 6 speakers

Summarized using AI

Lighting Talks Day 2

Paweł Pokrywka, Maciek Rzasa, Wojtek Rząsa, Victor Shepelev, Dmitry Salahutdinov, and Nicolas Dermine • March 22, 2019 • Wrocław, Poland

The video titled "Lighting Talks Day 2" from the wroc_love.rb 2019 conference features several speakers, including Paweł Pokrywka and Victor Shepelev. The talks present a mix of topics centered around programming practices and developer experiences in the Ruby community.

Main Topics and Key Points:

  • The Impact of Data Leaks: Paweł Pokrywka opens with the alarming statistic that 40% of programmers store passwords in plaintext. He discusses the repercussions of data leaks, highlighting his personal experience over 12 years registering on various sites, where 15 leaked his data leading to spam. This illustrates the importance of secure coding practices and awareness of data security risks.
  • The Definition of Senior Developer: He transitions to discussions on what defines a senior developer, questioning the implication of the title and the skills required. Key points include:
    • The potential lack of clear definitions in the industry.
    • The notion of imposter syndrome among developers.
    • The disparity between experience and actual responsibilities within senior roles.
  • Ruby’s Expressiveness: Victor Shepelev shares his extensive experience with Ruby, emphasizing his journey from C++ to Ruby for its expressiveness. He speaks about:
    • His interest in marrying Ruby with scientific applications through open-source projects.
    • Challenges faced by the Ruby community in data science due to Python’s dominance.
  • Outdated Browser Detection: Victor continues with insights on outdated browser detection, challenging the premise that it's merely a front-end issue. He details:
    • The implementation of a ported NPM package in Ruby to validate user agents.
    • Strategies for prompting users to update their browsers regardless of front-end constraints, which includes caching responses to enhance performance.
  • Musical Demonstration with Ruby: The session concludes with a lighthearted segment where an app called Sonic Pal is presented, highlighting its enjoyable, beginner-friendly interface that allows users to learn and play music using Ruby.

Conclusions and Takeaways:

  • The presentation emphasizes the importance of secure coding, clear definitions of roles in the industry, and Ruby’s flexibility in various domains, particularly in scientific computing. The speakers encourage interaction and discussions among attendees, pushing for a robust community dialogue beyond mere presentations.

Lighting Talks Day 2
Paweł Pokrywka, Maciek Rzasa, Wojtek Rząsa, Victor Shepelev, Dmitry Salahutdinov, and Nicolas Dermine • March 22, 2019 • Wrocław, Poland

wroclove.rb 2019

00:00:14.889 Hi, my name is Paweł Pokrywka, and I love receiving spam. I love it when the spam gets into my inbox; my heart beats faster. And I will tell you why in a moment. But at first, I would like to ask you something. When I ask you to implement authentication in Rails, for example, how many of you would store a user's password in the database in plain text? Please raise your hands.
00:00:34.690 Okay, nobody? Alright, I can tell you that you're fantastic! You are the best programmers in the world, and I'm honored to meet you. There was a recent study among programmers that involved implementing simple authentication tasks. This study was based on freelancers, and it found that 40% of the participants implemented authentication using plain text passwords in the database. Later, when asked to fix this to make it more secure, many of them encrypted the passwords with base64.
00:01:06.180 Imagine what would happen if a database, which is supposedly well protected, were to leak to an attacker. This data could be used for criminal purposes. Account breaches could occur, and attackers could send spam to people whose data is contained within that database. Now, I have another question for you: How many of you have an online account somewhere? Please raise your hands. Many people are lazy and don’t want to raise their hands, but I’d like to know how many of you have 50 or more online accounts, including newsletters and social media, where you’ve put your email.
00:02:10.320 Thank you, many people! So, I can tell you now that each person who raised their hand has data that belongs to criminals because it has leaked somehow. Why am I telling you this? It is based on my research over the last 12 years. I would register on various websites providing unique, hard-to-guess email addresses that were unique to each site. Later, when I started receiving spam on these unique addresses, I was sure they leaked from those websites. During these 12 years, I have registered with around 800 sites, and 15 of them leaked my information, including LinkedIn and a website that sells secure SSL certificates.
00:02:53.150 If you do the math, you can see that every fifth registration leads to your email address being given to spammers or other criminals. So, be aware of this. Now, let's shift gears a bit. Today, we've talked about many hard topics, so let's discuss something easier. However, before that, let me remind you of two difficult problems in computer science: cache invalidation and naming things. As we know, cache invalidation is really hard. I don’t want to talk about it, so I will focus on naming, or rather, naming people. Sometimes it’s quite easy, and some people say that there's one simple thing to remember in computer science.
00:05:10.320 Have you ever felt like you are titled as a senior developer or senior engineer? Do you think it means anything? What does it mean when someone is labeled a senior developer? Does it imply that they are an exceptional coder? What skills do they possess? What responsibilities do they have? Can anyone name a senior developer from their experience? Most of you didn't raise your hand; I guess you don't care that much. So, what skills should a senior developer have? Is it just about technical expertise, or does it also require domain knowledge and soft skills?
00:07:01.660 What happens if a senior Ruby developer, like I used to be, transfers to a company that requires Python expertise? Or what if a web developer moves to a company focused on game development or control systems? They are senior in their field, but what should they do in a different context? Additionally, what should a senior's responsibilities include? Should they just focus on coding the most crucial part of the systems? Should they refactor the mess that regular or mediocre developers created? Or should they take on client interactions? It's complicated.
00:08:14.120 Another consideration is how one becomes recognized as a senior. Is it their peers who can determine it, or does it require some external acknowledgment? Furthermore, there are people with imposter syndrome—those who never call themselves senior developers, despite their qualifications and experience. What if a department names someone a senior merely based on some strange metrics? Should that even matter? Because a lot of times, it's just about years of experience.
00:09:02.110 It's crucial to recognize that naming things is important, especially in our industry, which lacks clear definitions. Titles can be used to give the impression that an employer cares about professional growth when, in fact, it might just be a way of providing a title instead of a raise. Think about your own goals: what does it mean to you to be a senior? Is it simply about the title, or does it reflect your skills and experiences? This conference is for discussions, not just presentations, so let's talk more about this.
00:10:14.420 Hello, everyone. I am Victor Chappell from Ukraine. I’m a speaker for the conference, and I will have a big presentation on a different topic tomorrow morning, so I'm mostly here to tell you not to oversleep for my session. Now, let's talk about my experience with Ruby. I have been using Ruby for about 15 years, and for the first 12 years of my Ruby career, I managed to avoid Rails completely.
00:10:53.990 I am one of those developers who came to Ruby not because of Rails but due to a passion for programming languages. I started as a simple C++ developer and eventually fell in love with Ruby. Even when I finally switched to Rails, I was still curious about how to explore Ruby's expressiveness. At one point, I attended a presentation by Stephen Wolfram on Wolfram Alpha and Mathematica, and that inspired me to think that Ruby could achieve similar and even greater expressiveness. Since then, I have been involved in open-source projects, trying to combine Ruby's expressiveness with scientific applications.
00:11:55.310 I have been part of the scientific Ruby community for three years, hoping to marry scientific development with Ruby's capabilities. Along the way, we did several Google Summer of Code initiatives where I learned a lot, especially about collaboration with bright minds, like Indian programmers. Unfortunately, despite our efforts, the community faced challenges primarily because of the dominance of Python in the data science field. Consequently, most of the Ruby projects in scientific computing often went unnoticed or were overshadowed.
00:13:22.120 I have always tried to be part of that dialogue, even while pretending to be from the front-end community. However, I identify more as a Ruby back-end developer. Today, I want to share my thoughts on outdated browser detection, a challenge that many developers face. There is a multitude of browsers across various platforms, and each version behaves differently with specific features. Some browsers quickly become outdated while others receive frequent updates.
00:14:35.590 Detecting outdated browsers is often thought to be solely a front-end concern. Despite the statistics showing that most users have modern browsers, one must consider the requirements of businesses that aim to support all users, regardless of their browser version. This can be a challenging task if the resources are available. Front-end teams typically use NPM packages that help manage supported browsers, but these tools can hit limitations when dealing with users who disable JavaScript or have outdated browsers.
00:16:57.220 In these cases, the back-end can take on the responsibility of detecting browser compatibility. We've created a port of an existing NPM package for Ruby that validates user agents and matches them against supported browser lists. This enables us to send HTML alerts to users whose browsers are outdated, allowing these alerts to be effective regardless of the user's browser capabilities.
00:18:55.790 When everything works seamlessly, we can prompt users to update their browsers. However, in cases where front-end tools don't suffice, we can return to a classic approach of providing pure HTML alerts instead. For Rails projects where the front-end and back-end are integrated within the same repository, sharing a common configuration file is easy. Yet, in cases where the front-end and back-end are separated, it might complicate things further since we’ll need additional HTTP requests to keep browser configurations current.
00:20:19.080 It can seem daunting to do this for every request, but responses can be cached to optimize performance. This methodology allows for a robust solution for managing outdated browsers efficiently. If anyone has any thoughts on this, feel free to share. Thank you very much!
00:20:57.350 Hi, sorry for those who were there last year and the year before. I’m just going to play music for five minutes using Ruby. It's an app called Sonic Pal that you can install, and there's a very nice tutorial inside that helps you learn how to play. It’s easy to begin, and like any musical instrument, you need to practice a little bit to become proficient. I’m not very good, but I want to share that it's a lot of fun to play with. Let's go!
Explore all talks recorded at wroclove.rb 2019
+13