One of the highlights of last Friday were my two experiences drinking water. Here’s why…

Vapur

I was a Cork Meet – a large networking event – and like most conferences it caters mostly for the engage-brain-with-coffee crowd. Luckily I found a water dispenser in the corner and I could fill up my Vapur Reflex which I’d received at Christmas but had yet to use.

It’s perfect! It folds flat when you’re carrying it, stands up when it’s full, has a good solid nozzle which doesn’t leak, and a caribiner for attaching to a bag. It is now a permanent addition to my laptop bag and I may get a second for my camera bag.

The only downside is that the bag lacks structure and tends to droop down when you’re drinking it. It can also look like you’re drinking from an IV bag.

PUNC

I was so thrilled with my experiences with the Vapur bag in the morning that I was excitedly telling everyone I met… and then I met John, inventor of PUNC bottles who told me I was doing it all wrong.

John was giving a presentation at the Selr8r open day and started by telling us that plastic bottles are bad. He’s probably right, although I’ll be honest and say that I have bigger fish to fry in terms of healthy living. The BPA scandal has made everyone a bit more aware of the health risks of plastics and I have no doubt that there will be more health problems discovered in the future. But I don’t think that’s the main selling point. After all, your drinking water in the office is almost certainly delivered in a large plastic bottle.

The first thing you notice about the PUNC bottle is the packaging. The bottle comes nestled in a bright, bold poster tube and that alone marks it out as something special. This is an object of design. The bottles themselves are made of thin stainless steel and are incredibly light (nothing like the old aluminium bottle I had for hiking). The stainless steel is the same stuff used for food preparation and, since some of my limbs are already held together by this material, I think we can trust it! The bottles are curved in the middle, which really helps with holding them, particularly when you get condensation forming on an ice cold bottle. It gives the bottle a softer look and they come in a range of playful metallic colours.

The bottles have a range of caps too. I have the sports cap which provides the familiar exercise bottle valve. The only downside to this is there’s no air-hole which limits the amount of water you can take in (and you can’t squeeze the bottle either). There’s also an easy flip-up straw lid and regular screw on lids. I tend to leave the lid off at my desk and just drink from the wide mouth (big enough to put ice cubes in). PUNC bottles come in various sizes (0.5L, 0.75L and 1L) and there is also a selection insulated bottles (stays cold for 24hrs!)

John was gracious enough to give me the Red 1L bottle he’d brought in for the presentation. Or perhaps he took pity on me when I told him that I would buy a 1litre bottle of Volvic and just reuse the plastic bottle for a few months! Yeah, that doesn’t sound too hygenic now that I mention it.

Which bottle should I buy?

Trick question. Buy both!

If you drink water then having a Vapur in your laptop bag or camera bag is just a no-brainer. They’re perfect for travelling light.

The PUNC bottles are my choice for drinking water just about anywhere else. I use mine at my desk and I plan on getting a small one for my daughter’s lunchbox, and maybe another for the car. You can find local stockists on the PUNC site or buy online.

First, let’s get this out of the way: total respect to everyone who pitched last night. It takes guts to get up in front of 300 people and talk about your baby. Not everyone can do it.

But. We have to stop cheering every pitch without even a modicum of criticism. We’re not headless startup cheerleaders, rar-rar’ing each pitch onwards without expressing our own opinions. As a professional consultant, I have more than my fair share of opinions, and I need them: I only want to work with businesses where I know I can help them succeed. I hate seeing people wasting their time on a doomed startup. These people have passed up other opportunities to work on their idea and it’s our duty to ask some searching questions, not for the sake of being mean but because we want them to succeed (though, perhaps not with this idea).

So, here are some of my (rough) notes…

Popdeem

Social media analytics (AGAIN! — sorry, saw too many in this space at Web Summit). Major problems: convincing a company to convince their customers to download your app with the Popdeem branding. And then to get those customers to post to Facebook. And after all that you can’t even tell what the effect was on the business. That’s never going to fly. We need much better proof that this sort of paid-social-media-postings really drives sustainable revenue for the businesses. I would trust a real, enthusiastic Instagram over a rewarded-by-free-burrito Facebook posting.

URYearBook

Yearbooks. I didn’t realise that they were a thing outside of U.S. high schools (or, at least, the TV dramatisation of same). Yearbooks are annual, so what will you live off for the other 11months? Also, your target market are cheap (but as a once-off special thing perhaps they will stump up enough). Who does the curation? Social media volumes would be too great to capture it all in the yearbook. And how do you know what’s relevant to the class? It actually sounds like a nice small business but very very seasonal. Perhaps you could licence directly to online printers? Also, be careful with the digital version. Don’t give this away for free or a lower price point. It will decimate sales of the physical book (unless you can price it to make as much/more profit than the physical version).

LiveDuel

WTF. He wants 100k to go to SF and complete this accelerator program?! It also seems like he’s heading away from his target market (Asia?) and it wasn’t entirely clear who his customers would be. Initially he talked about monitising sports communities/forums but now it seems like it’s a licensable technology for other games companies? I found the pitch confusing.

Click4Classes

Two-sided market problem. Must convince both class providers and students to use the site. Furthermore, it’s not good for businesses to be listed like this. Where’s the opportunity to stand out, for brand recognition or word-of-mouth recommendation? It also introduces an admin headache for class providers if only some of their student paid through the site.

Vconnecta

This is only guy who knew how to pitch. There were strong visuals about carrying around electoral registers, in the rain, with a clipboard and then trying to compile together all the reactions etc. I can see some real pain there. Furthermore, the target market are rich (politicians!), easily found (public information) and reachable (public emails, office hours etc). They’re also desperate to have more information at election time when they feel very vulnerable. Only downside: elections are usually only every 4-5 years but I think there would be enough local/council/city/mayoral/by- elections each year that the service would be well-used. And that’s without considering general activism campaigning. There should also be a natural pricing tier based on area (local councillors canvasing a small town would pay less than a senator canvasing a state who would pay less again that a national political party). I see easy six figure revenues here. The data analytics alone would be worth it to many parties. One word of caution: that Romney app crashed when they most needed it — the infrastructure needs to be reliable and able to cope with large surges in activity.

One other annoyance was that every pitch & question time seemed to overrun, which led the crowd to become noisy, which led to other people shushing the crowd like naughty school-children. To be honest, you’re going to lose the crowd if your pitch is over 4mins to a room full of smart, interested, beer-drinking people — at that stage we’ve heard enough to form an opinion which we want to discuss with our neighbours. Instead of shushing us, perhaps the Pub Summit should have involved the crowd? Give us tokens to “invest” in the best pitch. Or take questions from the floor instead of the panel (trust me: everyone in the audience had an opinion!). I think the Pub Summit format should encourage the informal, rowdy, “pubbish-ness”

I throughly enjoyed the Pub Summit last night. Thanks to Donal Cahalane for doing the heavy lifting in bringing this to Cork. I chatted to friends I hadn’t seen in years, met some new people and generally enjoyed myself.

Addendum: I met the guys behind Click4Classes at a Selr8r event recently and got to put some of my points to them. I still maintain that these are potential problems with the business but it was great to hear that they have considered them and are planning some features to help good businesses stand out (themes, student ratings etc). If anything, it just reinforces that a good pitch event shouldn’t leave these questions unanswered in anyone’s mind.

Then, at the top of your Guardfile, add the following line:

notification :gntp, :sticky => false, :host => '10.0.2.2', :password => 'yourstrongpassword'

The key was discovering that 10.0.2.2 was the correct address to use on a guest operating system to communicate with the host operating system. This might change with your Vagrant configuration but this post explains how to get the correct address

The solution is to write a pre-commit hook for Git. Or, in my case, find someone who has done it and tweak their solution until it actually works (grep -P isn’t supported on a Mac, for example).

So, here’s my pre-commit hook. Simply copy this script into .git/hooks/pre-commit and make sure it’s executable.

#!/usr/bin/env ruby
spec_hits = []

# Find the names of all the filenames that have been (A)dded (C)opied or (M)odified
filenames = `git diff --cached --name-only --diff-filter=ACM`.split("n")

filenames.each do |filename|
  # Perform special checks for _spec filenames (rspec tests)
  if filename.match /_spec.rb$/
    # Filter all the additions to this file, find if they contain `focus: true` and store these lines without the initial `+` and spaces
    results = `git diff --cached  #{filename} | grep "^+[^+]" | grep "focus:[:space:]*true"`.split("n").map { |r| r.sub(/^+[st]*/, '') }

    if $? == 0
      # Add the relevant change with line number to the spec_hits array
      results.each{ |r| spec_hits.push "#{filename}:" + `grep -n '#{r}' #{filename}`.sub(/:s+/, ' ').chomp }
    end
  end
end

if spec_hits.any?
  puts "e[33m>>> Please remove your `focus: true` from the following tests before committinge[0m"
  puts spec_hits.join("n")
end

exit 1 if spec_hits.any?

You might need to edit the regex if you use the hashrocket syntax

Update: I've modified the script to prevent debugger, binding.pry and make it easily configurable:

#!/usr/bin/env          

ruby spec_hits = []

checks = {
            '_spec.rb$' => ['focus:[:space:]*true'],
            '.rb$' => ['binding.pry', 'debugger']
         }

# Find the names of all the filenames that have been (A)dded (C)opied or (M)odified
filenames = `git diff --cached --name-only --diff-filter=ACM`.split("n")

filenames.each do |filename|
  # Perform special checks for _spec filenames (rspec tests)
  checks.each do |filename_pattern, patterns|
    if filename.match filename_pattern
      patterns.each do |contents_pattern|
        results = `git diff --cached  #{filename} | grep "^+[^+]" | grep "#{contents_pattern}"`.split("n").map { |r| r.sub(/^+[st]*/, '') }
        if $? == 0
          # Add the relevant change with line number to the spec_hits array
          results.each{ |r|
            spec_hits.push "#{filename}:" + `grep -n '#{r}' #{filename}`.sub(/:s+/, ' ').chomp
          }
        end
      end
    end
  end
end

if spec_hits.any?
  puts "e[33m>>> Please remove the following problems from these files before committinge[0m"
  puts spec_hits.join("n")
end

exit 1 if spec_hits.any?

Download the Gist

I asked for suggestions twitter and Conor suggested Duplicity. It looks like a good solution but it did mean I’d have to remember my AWS account details (I think I have three account, with two different email addresses). Then Simon suggested Tarsnap, which I had bookmarked months ago but I wasn’t sure how complicate the “paranoid security” would make it. Actually, Tarsnap is much simpler because it uses Amazon S3 in the backend but it doesn’t require you to manage it.

Tarsnap

Install Tarsnap

I install and use Tarsnap as root so that it has access to all files on the server

wget https://www.tarsnap.com/download/tarsnap-autoconf-1.0.33.tgz
apt-get install libssl-dev zlib1g-dev e2fslibs-dev
tar xzvf tarsnap-autoconf-1.0.33.tgz 
cd tarsnap-autoconf-1.0.33/
./configure 
make all install clean

Configure Tarsnap

tarsnap-keygen --keyfile /root/tarsnap.key --user jamie@ideasasylum.com --machine ovh
mv /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf
vi /usr/local/etc/tarsnap.conf  

You don’t actually need to change any options in tarsnap.conf but double-check it anyway

Create a backup

tarsnap -c -f my_backup_name my_important_directory

List the backups

tarsnap --list-archives

View the files in a backup

tarsnap -t -f my_backup_name

Automating the Backups

Well, that’s Tarsnap setup and working but I really want something automated. Enter this delicious little script which manages the Tarsnap backup process for you. Install the script as root:

Install Tarsnap Generations

wget https://raw.github.com/Gestas/Tarsnap-generations/master/tarsnap-generations.sh
chmod ug+x tarsnap-generations.sh     

Configure it

Create a file with newline-seperated list of the folder you wish to backup (for me, that’s /srv/www and /etc/nginx)

vi /root/tarsnap.folders

Now we need to setup cron

crontab -e

and add the line

30 23 * * * /root/tarsnap-generations.sh -f /root/tarsnap.folders -h 1 -d 10 -w 4 -m 12

This will run the backup process at 2330hrs every day, keep 10 daily backups, 4 weekly backups and 12 monthly backups.

After lots of great advice from my twitter friends, I tried two things: Berocca and an SAD light.

Berocca

Berocca is basically Vitamin B, Vitamin C, magnesium, calcium, and zinc wrapped up in a little effervescent tablet which makes a passable orange drink. I think that without a doubt the Berocca has a huge effect on my mood and energy levels. I’ve been giggling for no apparent reason in the mornings and I’m much happier despite suffering through a cold this week. Highly recommended!

Lumie Brightspark

I bought a reconditioned Lumie Brightspark which has a fairly large light area but doesn’t take up much space on the desk because it stands vertically. First thing: this thing is bright!. It’s bright enough to scare little children

It’s bright enough that when you turn it on, it drowns out all other light sources including the main room light, an uplighter and the ambient window light… and that’s a problem. Although it is giving me the daylight I need for my brain to say “Morning! Time to wake up and hunt something!” it is highly reminiscent of coding at 2am by the singular glow of a desklamp.

Initially I had the lamp positioned in front of me at a 45° angle but this cast really strong shadows across the desk & laptop. Then I moved it to be at a 90° angle to the laptop and just within my peripheral vision. This was much better although I noticed I’d subconsciously try to shield my eyes from it after a hour or so. One other thing: it’s worth turning up the brightness of your monitor to match to brightness of the lamp otherwise it’s like peering inside on a sunny day.

My next idea was to try to balance the light in the room (perhaps it’s because I’m a photographer but having the single light source and shadows began to annoy me). So I switched my office space around so the desk was facing the window. It’s not the brightest window (North-facing, in Ireland) but having the window at 45° left and the lamp at 45° right really helps to balance everything. The lamp is also now 6″ above the desk so it throws more light down on the desk.

It might sound like I’m a little disappointed by the lamp. I’m not. If I’ve been using it for a short while, I’m really reluctant to switch it off; and if I leave the room I feel like the landing is the deepest darkest cave in comparison (it has a skylight!). I feel an instant lift when I walk back into the office to the bright white light. It sounds daft and hippyish but I definitely feel happier with the light on. I’m not sure if the effects carry on through the rest of the day but I’ll definitely continue using it.

I used rack-ssl-enforcer to redirect all insecure connections over to the secure HTTPS versions, and it worked well. If you’re a Vagrant user, it has the advantage over the built-in Rails support because you can configure the secure and insecure ports.

And I’ve now stated writing all my blog posts in Markdown formatting. The WP-Markdown plugin for WordPress lets you write plain Markdown in the Compose editor, renders this to HTML as a preview below (like Stackoverflow), and—most importantly—it saves both the markdown text and the rendered HTML. This means that you can disable the plugin and the rendered blog post will remain the same. It also has really good syntax highlighting support that makes writing technical posts a more pleasant experience.

Lastly, there’s Marked. If you find the WordPress editor a little restrictive for editing and prefer writing in your favourite text editor / writing tool (e.g. iAWriter / Byword, then Marked if the perfect companion application. It monitors a markdown file and renders a preview (using a variety of styles) and lets you export the results as HTML, PDF etc. It’s a small thing but I found it useful

Here I’ll show you how to secure your Rails 3 application, running on Nginx, with a NameCheap SSL certificate. The requirements of this application are:

• Must use HTTPS with a valid SSL certificate
• All insecure HTTP links must redirect to their HTTPS versions
• It must work across multiple subdomains (e.g. mycompany.yourdomain.com)
• The marketing site running at www.yourdomain.com and yourdomain.com will not use HTTPS

We’ll be using Nginx on Ubuntu 12.04, Vagrant, Rails 3.2.11, rack-ssl-enforcer and NameCheap

In Development

Configuring Vagrant

The first step is to make things work locally in our development environment. I’m using Vagrant here which has made my choices slightly different but if you’re developing locally on Mac OS X, then this Railscast will be very useful to you. In my Vagrantfile I have

config.vm.forward_port 80, 8080                   # http

So, if I go to mycompany.lvh.me:8080 on my browser, I’ll be hitting the nginx instance running inside Vagrant (lvh.me is just a short wildcard domain name which points to 127.0.0.1 — essential for testing subdomains locally). We need to update Vagrant to forward the HTTPS traffic too.

config.vm.forward_port 80, 8080                   # http
config.vm.forward_port 443, 8081                  # https

Now, restart our Vagrant instance and the local 8081 port will forward to the 443 port on the virtual machine. Easy.

Configuring Nginx

Now we need to configure our Nginx server to listen for HTTPS traffic on port 443. My simplified nginx.conf file looks like this (I’ve remove the basic http server instance for clarity but it’s basically the same as the https server)

gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/html text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml;

# this can be any application server, not just Unicorn/Rainbows!
upstream app_server {
  # for UNIX domain socket setups:
  server unix:/tmp/unicorn.cognito.sock fail_timeout=0;
}
server {
  listen 443 default deferred ssl; # for Linux

  client_max_body_size 4G;
  server_name _;

  keepalive_timeout 5;

  root /vagrant/public;
  try_files $uri/index.html $uri.html $uri @app;

  ssl                  on;
  ssl_certificate      /vagrant/server.crt;
  ssl_certificate_key  /vagrant/server.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app_server;
  }

  # Rails error pages
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /vagrant/public;
  }
}

}

The most important lines to consider here are:

ssl                  on;
ssl_certificate      /vagrant/server.crt;
ssl_certificate_key  /vagrant/server.key;

ssl_session_timeout  5m;

ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

which turns SSL on, points Nginx to the certificate and key files (more about that next) and configures the ssl options. We also need to set this line:

proxy_set_header X-Forwarded-Proto $scheme;

so that http->https redirects will work correctly.

Finally, test that your configuration is valid and restart your nginx server

sudo nginx -t
sudo service nginx restart

Creating a Self-Signed Certificate

You’ll have noticed the server.key and server.crt in nginx.conf. We need to create those

First, create a Certificate Signing Request:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Answer the questions with anything you like.

Next, use the .csr to generate a self-signed certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

That should give you your server.key and server.crt file. Copy them to an appropriate location as specified in your nginx.conf

Configuring Rails

In the simplest case, you can configure Rails to redirect all links to https using this option:

config.force_ssl = true

This works fine in most cases but remember that our local http and https ports are 8080 and 8081 respectively. Rails doesn’t have the ability to specify custom HTTPS ports so I’ve used rack-ssl-enforcer to do the same job. Place this in development.rb:

# Redirect all HTTP links to use HTTPS
config.middleware.use Rack::SslEnforcer, :http_port => 8080,
                                         :https_port => 8081,
                                         :hsts => true

That hsts option refers to HTTP Strict Transport Security which is a method of using HTTP header to force the client to use a secure connection. hsts is enabled by default with Rails’ force_ssl option but not with rack-ssl-enforcer.

Just a word about HSTS: It instructs the browser to always use a secure connection when visiting URLs at your domain. I was initially worried that using HSTS on a subdomain like mycompany.yourdomain.com would also force HTTPS on the naked domain which is just running the marketing site. Thankfully it does not. It operates on the level of the full domain name

Now, restart your Rails application and visiting an insecure URL like http://mycompany.lvh.me:8080 should redirect you to https://mycompany.lvh.me:8081. The browser will display a scary warning about not trusting the certificate but that’s only because it’s self-signed.

In Production

Hopefully your development and production environments are similar enough that you can reuse the nginx.conf etc. In production.rb, there’s no need to specify the port for rack-ssl-enforcer though:

# Redirect all HTTP links to use HTTPS
config.middleware.use Rack::SslEnforcer, :hsts => true

Obtaining your SSL Certificate

I used NameCheap because they sell a good (bewildering) selection of certificates, at a decent price, and I was quite impressed with their support staff (prompt, friendly, efficient and knowledgable).

I bought the Comodo Essential SSL Wildcard for $99 which is a pretty good deal compared to other suppliers. Your own requirements may vary but this worked for me.

Before your start, make sure that you don’t have any privacy protection on your WHOIS domain information. This certificate is “domain validated” which means that they need to send an email to an address associated with the domain. Check with a WHOIS server or your domain registrar that a valid email address is publicly available and associated with your domain. Not doing this slowed up our purchase by a few days.

NameCheap uses a two-step purchasing process so you can buy the SSL cert with just the basic details and then activate it later using the information below.

On our server, we need to generate a Certificate Signing Request (just like we did with our self-signed key)

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Fill in the details properly this time and use *.yourdomain.com as the Common Name value. It is very important to specify a wildcard domain here if you want it!

Activate your SSL certificate by selecting Apache + OpenSSL and pasting in the contents of your server.csr (not your development one!)

Now select an email address to send the confirmation to. You can choose from either a predefined address (admin/administrator/postmaster/webmaster@yourdomain.com) or the address found in the domain’s WHOIS information. You cannot send this confirmation to any arbitrary address!

Once you receive the email, paste the supplied code into the form at the url they give you and you should receive two emails shortly afterwards. One contains the “site seal” — a useless graphic designed only to promote the certificate authourity — and a zip file containing the certificates. Yes, multiple certificates.

Now, the tricky bit. You need to concatenate the certificate files together in the following order to form the certificate chain:

1. Your certificate (STAR_yourdomain_com.crt)
2. EssentialSSLCA_2.crt
3. ComodoUTNSGCCA.crt
4. UTNAddTrustSGCCA.crt
5. AddTrustExternalCARoot.crt

The easiest way to do this on Linux is

unzip STAR_yourdomain_com.zip

cat STAR_yourdomain_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > yourdomain.com.crt

Now, put the resulting certificate yourdomain.com.crt and the server.key used to generate the CSR into a safe place.

sudo mkdir /etc/nginx/certs
sudo cp server.key /etc/nginx/certs
sudo cp yourdomain.com.crt /etc/nginx/certs

In your production nginx.conf, use the paths /etc/nginx/certs/server.key and /etc/nginx/certs/yourdomain.com.crt for the key and certificate values respectively.

Restart your nginx server and you should be good to go!

Comodo has some basic documentation on installing their certs on Nginx

Bonus Points

Remember to add a reminder to your calendar to renew the certificate in a year! If the certificate expires then your customers will be presented with scary-looking warnings in their browser.

Extra bonus points if your write all this down because I guarantee you will not remember the process next year!

Delayed Job is a popular gem for running background tasks on Rails applications. Apartment is another useful gem for switching Postgresql schemas in response to particular subdomains (it means that visiting ibm.myapp.com will automatically switch to the ‘ibm’ schema and select * from user will only return IBM users).

What’s the problem?

Getting these two gems to play well together can be a little difficult because DelayedJob  has no idea how to handle postgres schemas. In a nutshell, DelayedJob serialises the job and parameters as a YAML string in the database column. However, if one of these parameters (or the job) is an ActiveRecord object it will try to reload this from the database… but it will fall over because those objects are not in the same schema as the delayed_jobs table.

Luckily the Apartment gem has instructions for configuring it to work with DelayedJob. These instructions persist a new database attribute which is then used to switch schemas inside a DelayedJob hook. Unfortunately, it does require using the syck YAML parser and whilst this worked for me in development, I couldn’t get it working in production. Also, the default parser in Ruby 1.9.3 is Psych and I’d really rather keep it that way.

What’s a possible the solution?

You could spend a while trying to patch the Psych parser so that it will switch schema automatically as it is reconstructing the ActiveRecord objects from the database. Unfortunately, I wasn’t able to make this work reliably and it made me feel all icky anyway. But it did make me question why we were even persisting AR object inside a delayed_job…

So, what’s the actual solution?

Don’t use ActiveRecord parameters in DelayedJobs.

Just pass in basic scalar types (integer, strings, etc) and arrays, and  use these to search for the correct ActiveRecord. It all works considerably easier this way and is much simpler to understand. To be honest, this seems like good practice anyway and I’d prefer if DelayedJob didn’t try to serialise AR records at all. I still use the DelayedJob hooks provided by Apartment to automatically switch database schemas before and after job invocation though because they are simple and reliable.