Web apps often produce files such as images, videos or documents. For a long time it was standard to put those files into the filesystem – but as we mentioned in a recent post – today that is considered a bad practice. Instead we recommend using OpenStack Swift, a highly scalable solution that can serve up to hundreds of petabytes. What’s more is that Swift is redundant, allowing the service to survive the outage of one or multiple servers.

In the post I mentioned earlier, we looked at the Paperclip gem, and combined it with Swift to produce files. In this post we’ll look at Carrierwave. The Carrierwave gem provides a simple and extremely flexible way to upload files from Ruby applications. It works well with Rack based web applications, such as Ruby on Rails.

Carrierwave + Swift demo application

We wrote a small application that demonstrates how Rails 3.2.13, Carrierwave, a9s Swift Service and PostgreSQL work together. You can find the example app on GitHub. This application is an adaptation of n0ne’s Rails-Carrierwave-jQuery-File-Upload application. You can use this application to do a test run on anyines.com. read more

Update: Wednesday April 9 at 16:55 CET we created new certificates for a9s.eu and a9sapp.eu, anynines’ gateways.

April 7th the OpenSSL team released a new version of OpenSSL to address a serious security issue that might leak sensitive data to anyone who is able to connect to your SSL services (if you are running OpenSSL version 1.0.1). CVE-2014-0160 is the official reference to this bug. The website heartbleed.com hosts a writeup of the consequences this bug might have.

StackOverflow related forums were literally overflowing with questions the last couple of days and rightly so. This serious vulnerability affects a substantial number of applications running on the internet, including anynines. We advise all anynines users to update their passwords as a precautionary measure.

If you are currently running SSL, you should re-key and reissue your certificate and update it, as it may have been exposed.

OpenSSL upgrade

All our servers, including all host machines of anynines and SSL gateways, are running automatic upgrades, started every 10 minutes by Chef. These upgrades have installed successfully at April 8, 6:36 AM CET and our webservers are now using the most recent OpenSSL dynamic library.

anynines certificates

The issue was fixed in all our systems directly after the new libopenssl version was available. We have checked all our hosts with open ports and SSL for any leaks and we are ‘all green’ on our side.

However, we cannot know for certain if any private SSL key is stolen. Therefor we advise you to re-key and reissue your certificates.

In case you have any questions, please send us an email at support@anynines.com.

contentful.png
This is a guest post by Andreas Tiefenthaler, Software Developer at Contentful. During a hack day at Contentful two weeks ago, he wrote a simple Sinatra blog app, backed by Contentful’s Content Delivery API, and deployed it on anynines (where else?). We asked him to share his experience.

My plan was to create a dead-simple blog application, to demonstrate how to use the contentful.com Ruby Gem. I decided I wanted to deploy the app from the very first commit on to avoid a hassle at the end of the hackathon, as we were supposed to showcase running applications.

Getting started with Contentful

Contentful is a CMS as a Service and allows you to create your own platforms without building the same backend over and over again. Contentful’s Content Delivery API works with JSON data; images, videos and other media is delivered as files. The API is a globally distributed CDN for content: All content, both JSON and binary, is served from the server closest to where a user is requesting content from, minimizing latency. read more