willow.camp Updates - October 7, 2025

I’ve spent most of my willow.camp work on finding a new backend language. But I’ve still updated the Rails app! Here’s what’s changed since my last update.

• Moved HTML storage out of the post table and into ActionText. It was this deep dive that made me question using Rails. I went down a long rabbit hole, finding a good text editor and then realized this work felt more like building Ikea furniture than I wanted. I’m more interested in having access to the application end-to-end than plugging parts together. Anyway, in the meantime, your posts are now stored in an ActionText table.
• Prevented email enumeration attacks by returning an ambiguous error on sign-up. This is my pet peeve with Devise, and I am a bit embarrassed I let this live in production for so long. Previously, the sign-up form would indicate if an email address had already been taken. Since I can’t guarantee people use unique passwords, this means an attacker could use a leaked email/password list to access accounts that use poor password hygiene. No more! I’ve done my best to give ambiguous, helpful messages when something is wrong on the signup page.
• Updated dependencies! A whole bunch of Ruby Gems and npm packages got minor version bumps.
• Fixed CI errors with vips. This is minor but tests were failing in CI because vips wasn’t installed on the machine.
• Cleaned up the Hanami directory. There was a day when I was convinced Hanami was the next framework for willow.camp, and I started a migration in its own directory.
• Cleaned up image things I was trying out with images and media handling.