Get Heroku pgbackup captures every ten minutes for free! (almost)

You might have heard about the recent AWS outage. Needless to say this outage affected many websites and also many services that piggybacks on AWS cheap cloudy goodness. Heroku is one such service. Heroku also happens to be the service of choice for the startup I work for. While I applaud the herculean effort both by Amazon and by Heroku to manage and mitigate the disaster, the whole thing caught us a bit with our pants not properly around our proverbial waists. It turns out Heroku’s database backup feature, pgbackups, is not a one click automatic affair.

Trying to use Rails CSRF protection on cached actions? Rack middleware to the rescue!

With the release of Rails 2.0 came some very nice security enhancements. Among those was CSRF protection (cross site request forgery) which is implemented by putting a server side generated token into a hidden field inside of forms with POST, PUT, or DELETE as the action/method. When Rails is asked to render a page that contains a form with any of these methods it generates an authenticity token. This token is stored in the session object and rendered out to the previously mentioned hidden field. Anytime Rails receives a POST, PUT or DELETE request to one of these actions it will ensure that it was given back the previously generated token or else raise an error and not execute the action.