Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Giant Robots Smashing Into Other Giant Robots 

thoughtbot at Sin City Ruby 2024

Sin City Ruby 2024 was one of this year’s Ruby conferences that we, thoughtbot, were excited about. In this post, I will share why.

Jason Swett, the organizer, invited me to be one of the speakers. It was a great opportunity to talk about JavaScript testing for Ruby devs. Spoiler: an extended version of this topic will be presented at RailsConf 2024. Hoping to see you there :)

I am so grateful for the opportunity and for thoughtbot sponsoring my travel. Here are my takeaways and highlights from Sin City Ruby 2024.

Smaller conference, bigger connection

Attending a single-track conference is great: you don’t have to choose any talks. They have been chosen for you already.…

Awesome Ruby Newsletter 

💎 Issue 410 - Being laid off in 2023-2024 as an early-career developer

Ruby Central 

RailsConf 2024 Speaker Spotlight + Preview: Chris Oliver

RailsConf always boasts an exciting variety of talks that highlight the creativity and interdisciplinary nature of the Ruby community. I thought it would be fun to curate a series highlighting our speakers' stories and their experiences in tech. Read on for today’s speaker spotlight…

Title of Talk

Crafting Rails Plugins

Speaker

Chris Oliver

How Did you get into Ruby?

I started with Rails in college working for a professor and then built my senior project in Rails.

What’s your favorite part about working on Open Source Software?

It's amazing how much you can learn and help other people with open source. Because the code isn't closed, we can achieve so much more.

What’s your least favorite part about…

RichStone Input Output 

ConcreteAPI

ConcreteAPI

ConcreteAPI is a project inspired by AbstractAPI.com.

AbstractAPI offers a set of utility APIs so you as the developer do not have to build a bunch of stuff that someone else already has a solution for. According to AbstractAPI, the most popular APIs are email address and phone validation APIs, Geolocation API and data enrichment API.

The goals of the ConcreteAPI project are:

  • Instead of having those APIs, landing pages and docs scattered all over, have everything in one place using a great doc generation platform.
  • Have SDKs for different languages auto-generated.
  • Explore which parts can be open-sourced.
  • If something has to be paid for, e.g. because ConcreteAPI needs to hit another paid API, have…
Julia Evans 

Some Git poll results

A new thing I’ve been trying while writing this Git zine is doing a bunch of polls on Mastodon to learn about:

  • which git commands/workflows people use (like “do you use merge or rebase more?” or “do you put your current git branch in your shell prompt?”)
  • what kinds of problems people run into with git (like “have you lost work because of a git problem in the last year or two?”)
  • which terminology people find confusing (like “how confident do you feel that you know what HEAD means in git?”)
  • how people think about various git concepts (“how do you think about git branches?”)
  • in what ways my usage of git is “normal” and in what ways it’s “weird”. Where am I pretty similar to the majority of…

It’s been a lot of fun and some of the results have been surprising to me, so here are some of the results. I’m partly just posting these so that I can have them all in one place for myself to refer to, but maybe some of you will find them interesting too.

these polls are highly unscientific

Polls on social media that I thought about for approximately 45 seconds before posting are not the most rigorous way of doing user…

Ruby Weekly 

Recurring tasks come to Solid Queue

#​696 — March 28, 2024

Read on the Web

Ruby Weekly

14 Tools and Gems Every Ruby Developer Would Love — I wouldn’t usually feature a list-driven article but this has been a quiet week and it's a good one! Joé rounds up his favorite tools and gems of the moment, covering areas from email and databases to performance monitoring and analytics. All solid recommendations.

Joé Dupuis

Solid Queue 0.3: The Active Job Backend Gains Recurring JobsFirst introduced just three months ago, Solid Queue is already a great way to run background jobs on modern Rails apps and v0.3 gets even better by adding support for…

Ruby on Rails Project

Need to Upgrade…

Rémi Mercier 

Pick a standard and move on

Let me tell you about what my day looks like in a team with no standards, no conventions, and no processes in place.

Every time I work on a new API endpoint, I wonder about:

  • Which routing syntax should I pick from the four pre-existing syntaxes used in the file?
  • Should I shallow nest my controller action as per SomeController or shouldn’t I shallow nest as per AnotherController?
  • What about resource fetching? In a callback? Memoized perhaps?
  • Am I to authorize the parent resource or the actual resource through Pundit? Why are there custom methods in our policies that do not match the methods from our controller?
  • What about the methods of my controllers? CRUD? Not CRUD?…

Are you getting bored already? I know I am! And I did not even talk about models, service objects, jobs, serializers, or configuration.

These few questions are the thoughts that go through my brain before I can start working on my feature when there are no standards.

Not picking a standard or a convention results in…

Hi, we're Arkency 

Do you tune out Ruby deprecation warnings?

Do you tune out Ruby deprecation warnings?

Looking into deprecation warnings is an essential habit to maintain an up-to-date tech stack. Thanks to the explicit configuration of ActiveSupport::Deprecation in the environment-specific configuration files, it’s quite common to handle deprecation warnings coming from Rails. However, I rarely see projects configured properly to handle deprecation warnings coming from Ruby itself. As we always want to keep both Rails and Ruby up-to-date, it’s crucial to handle both types of deprecation warnings.

How does Rails handle its deprecation warnings?

In the environment configuration files, Rails sets up the ActiveSupport::Deprecation like this:

#…
The Ruby on Rails Podcast 

Episode 512: RailsConf With Ufuk Kayserilioglu

RailsConf is coming up fast! The program committee has released the schedule and keynote speakers. Ufuk Kayserilioglu joins the show to talk about the program and Ruby Central

Show Notes

If you have comments about this episode, send an email to comments@therubyonrailspodcast.com. You can include a text comment or attach a file from Voice Memos or Google Recorder and we’ll respond to some of them on a future show.

Sponsors
Honeybadger

As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime…

RubySec 

CVE-2024-29034 (carrierwave): CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained

### Impact The vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj) wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. ### Patches Upgrade to [3.0.7](https://rubygems.org/gems/carrierwave/versions/3.0.7) or [2.2.6](https://rubygems.org/gems/carrierwave/versions/2.2.6). ### Workarounds Use the following monkey…
Ruby Central 

March 2024 Newsletter

Hello! Welcome to the March newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In February, Ruby Central's open source work was supported by Shopify, AWS, the German Sovereign Tech Fund (STF), as well as Ruby Central memberships from 29 other companies, including  Zendesk and Ruby Shield sponsor and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 174 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

Ruby Central Receives Alpha-Omega Grant

We’re thrilled to announce that we have been awarded a $250,000 grant…

Felipe Vogel 

Being laid off in 2023-2024 as an early-career developer

Recently I wrote an upbeat how-to on job networking. Now comes the part where I pull back the curtain and tell how the job search really went.

Don’t worry, it’s not all depressing. I’ve waited for weeks to publish this post just so that I have some good news to share at the end.

Note: This post’s title specifies “early-career developer” only because I’m speaking from my own experience, not because only early-career developers are having a hard time. It’s a tough job market for…

BigBinary Blog 

Implementation of a universal timer

When developing a web application, there could be numerous instances where wedeal with timers. The timer functions such as setTimeout, and setIntervalare basic browser APIs that all web developers are well acquainted with. Whentrying to implement something like a self-advancing timer, these timer APIs makethe job easy.

Let's consider a simple use case. In React, if we are asked to implement acountdown timer that updates the time on the screen every second, we can use thesetInterval method to get the job done.

const CountDownTimer = () => {  const [time, setTime] = useState(10);  useEffect(() => {    const interval = setInterval(() => {      setTime(time => {        if (time > 0) return time -…
Greg Molnar 

Secure code review checklist

Checklists are really useful to ensure you don’t forget certain things, so why not create one for your code review process? Here are my recommended checks:

Short Ruby Newsletter 

Short Ruby News - Edition #84

A Monday summary of the articles, discussions, and news from the Ruby community
Island94.org 

Low-effort prototyping

From Bunnie Hung’s blog about exploring and designing an infrared chip imaging rig. I thought this is an interesting distinction between “low-effort” and “rapid” prototypes. I think the analogy in software would be a “Walking Skeleton that is production-like in architecture and deployment but does very little, versus building a demo using lightweight scripting and static site generators. (bolded text mine)

Sidebar: Iterate Through Low-Effort Prototypes (and not Rapid Prototypes)

With a rough idea of the problem I’m trying to solve, the next step is build some low-effort prototypes and learn why my ideas are flawed.

I purposely call this “low-effort” instead of “rapid” prototypes.…

Evil Martians 

Beyond bars and lines: 7 cool ways to visualize data in your dev tool

Authors: Yaroslav Lozhkin, Product Designer, and Travis Turner, Tech EditorTopics: Design, User Interface Audit, Accessibility

There are many different ways that developer tools can visualize data, and some may not be so obvious. We examine 7 methods of displaying data, the pros and cons of each, real life cases, and we also share even more scenarios where you might leverage each type of graph.

Ever felt like your developer tools could display data in a more intelligent manner for your users? Fear not! In this post, we are exploring seven underrated data visualizations that fit right into the goldilocks zone: not too basic, not too complex. So, want to upgrade from the traditional bar and…

Test Double 

14 tools and gems every Ruby developer would love

Ruby is my favorite programming language, thanks to the expressiveness, the focus on developer happiness and one of the best language communities out there. As a Ruby developer, I can get into a flow at will.

Another big part of Ruby’s shine: the rich ecosystem of gems and tools surrounding it.

Over the years, I have accumulated quite the toolbox when it comes to working with Ruby. Here are some of my personal favorites tools and gems. (I tried not to focus too much on Rails, but obviously Rails occupies a significant space in the Ruby world, so it’s hard to avoid.)

Feedback Loops

A tight feedback loop is a game changer. Shortening your feedback loop will always pay dividends. Here…

Radan Skorić's personal site 

An interactive intro to ruby debugger, in the debugger

This is an introduction tutorial to Ruby debugging, inside the ruby debugger itself. The instructions are woven through the code so you’re learning to use the debugger as you’re using the debugger. It’s all very meta. All you need is a working installation of Ruby 3.3+. To start the tutorial, first clone my ruby debug tutorial repo: git clone https://github.com/radanskoric/ruby_debug_tutorial...
The Bike Shed 

420: Test Database Woes

Joël shares his recent project challenge with Tailwind CSS, where classes weren't generating as expected due to the dynamic nature of Tailwind's CSS generation and pruning. Stephanie introduces a personal productivity tool, a "thinking cap," to signal her thought process during meetings, which also serves as a physical boundary to separate work from personal life.

The conversation shifts to testing methodologies within Rails applications, leading to an exploration of testing philosophies, including developers' assumptions about database cleanliness and their impact on writing tests.

Transcript:

 STEPHANIE: Hello and welcome to…

Nithin Bekal 

Copilot and Neovim

Although I’ve occasionally used Github Copilot on VS Code, I never really got into using it inside neovim, which is my main editor. I had tried setting it up using Github’s copilot.vim plugin, but I never got it working with my setup.

Today I came across copilot-cmp, which allows loading Copilot suggestions as snippets in the completion menu provided by the nvim-cmp completion engine. This plugin depends on copilot.lua, a Lua rewrite of copilot.vim that plays well with neovim.

Setup

Add it to lazy.nvim config:

local plugins = {
  -- other plugins

  {
    "zbirenbaum/copilot-cmp",
    event = "InsertEnter",
    config = function () require("copilot_cmp").setup() end,
    dependencies = {
Ryan Bigg's Blog 

Tailwind has won

Over the last couple of months, I’ve been working across multiple applications that use various CSS frameworks. Specifically: Bulma, Bootstrap and Tailwind. There are (at least) three distinct CSS frameworks within these applications because each of these apps have been developed over almost a decade and a half, and the flavour-of-the-month has changed a lot over that time. As people have worked on the systems, they have left the “fingerprints” of personal choices.

Three years ago, I became the Platform Tech Lead at Fat Zebra, which meant I was in charge of the technical side of things when it comes to our frontend. Part of this job meant standardising our frontend tech stack. At this…

Gusto Engineering - Medium 

Exploring Early Career- Part 1: Introduction to Your Role and Establishing Expectations

Co-authored by Varsha Balasubramaniam

Stepping into a new career, whether you’re a recent graduate or shifting your professional focus, can feel overwhelming. Effectively navigating your new environment while expanding your knowledge and network presents a challenge that, if approached with care, can foster professional growth in many rewarding ways. In the early stages of your career, the choices you make and the resources you leverage can significantly shape the way in which you impact your community and contribute as a developer!

This series will outline tips and strategies that will make this daunting endeavor a bit more digestible and help you leverage the resources you’re given to…

Test Double 

Why you need fewer developers than you think you do

tldr:

  • The common belief that more developers mean faster delivery is wrong. Overstaffing creates communication complexity and can lead to the development of unnecessary or redundant features, introducing complexity that adds little value to the end product.
  • Smaller teams have streamlined processes, clearer communication channels and reduced cross-team dependencies.
  • Without effective product management oversight, it’s common to find teams mired in inefficient processes that hinder productivity and innovation.

Struggling to meet deadlines and ship quality products fast enough?

The knee-jerk reaction might be to throw more people at the problem — but more than a decade of experience…

RubySec 

CVE-2024-27280 (stringio): Buffer overread vulnerability in StringIO

An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value. This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later. We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `stringio` 3.0.1.1 * For Ruby 3.1 users: Update to `stringio` 3.0.1.2 You can use `gem update stringio` to update it. If you are…
RubySec 

CVE-2024-27281 (rdoc): RCE vulnerability with .rdoc_options in RDoc

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `rdoc` 6.3.4.1 * For Ruby 3.1 users:…
Write Software, Well 

Growing Object-Oriented Software, Guided by Tests

Growing Object-Oriented Software, Guided by Tests

Although I've never been a big fan of test-first approach of software development, on my current client project I decided to follow it for a change, and really enjoying it so far. To learn more about testing, I started reading this book last week. It's been a solid read, despite my initial scepticism of yet another testing book, and I wanted to share my learnings so far.

What follows is not my thoughts, interpretations, and opinions but a collection of my notes and highlights from the book. Although I don't agree with all the aspects of TDD, I think it's a useful technique that provides the discipline and pushes you to write tests proactively, instead of leaving them for later and never…

Greg Molnar 

Brute-forcing 2FA with Ruby

I was doing a challenge on Hack The Box(since it is still active, I don’t want to point out which one it was) and I solved it with a little Ruby script. The challenge was to bypass 2FA protection. At the login proccess, a SQL injection enabled to bypass the password verification, but there was a second factor. Based on the available source code, the second factor was a 4 digit code and it was valid for 5 minutes, so I tried to brute-force it with Burp Intruder, but after the 20th attempt, my IP got blocked. I looked at the codebase again, and noticed that the application accepts an X-Forwarded-For header. I thought this might enable me to brute-force the 2FA code. Unfortunately Intruder…

Ruby on Rails 

Rails guides facelift, two new official gems and more!

Hey everyone, Happy Weekend!
Vipul here with the latest updates for This Week in Rails. Let’s dive in.

Rails guides gets a facelift
Rails guides has a received a big design update!
Check out the Edge Guides to see these changes. If you find a bug or wish to submit a suggestion, you can open a discussion on GitHub.

Two new official gems
Solid Queue, a DB-based queuing backend for Active Job, has graduated to an official Rails gem.

Same for Mission Control — Jobs, which provides a Rails-based frontend to Active Job adapters. It currently supports Resque and Solid Queue.

Don’t enqueue jobs to process a preview image if no variant requires it
This PR fixes the issue where previewable…

Julia Evans 

The "current branch" in git

Hello! I know I just wrote a blog post about HEAD in git, but I’ve been thinking more about what the term “current branch” means in git and it’s a little weirder than I thought.

four possible definitions for “current branch”

  1. It’s what’s in the file .git/HEAD. This is how the git glossary defines it.
  2. It’s what git status says on the first line
  3. It’s what you most recently checked out with git checkout or git switch
  4. It’s what’s in your shell’s git prompt. I use fish_git_prompt so that’s what I’ll be talking about.

I originally thought that these 4 definitions were all more or less the same, but after chatting with some people on Mastodon, I realized that they’re more different from each…

RubyGems Blog 

3.5.7 Released

RubyGems 3.5.7 includes enhancements, bug fixes and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Warn on empty or open required_ruby_version specification attribute. Pull request #5010 by simi
  • Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute. Pull request #7464 by segiddins
  • Update SPDX license list as of 2024-02-08. Pull request #7468 by github-actions[bot]
  • Installs bundler 2.5.7 as a default gem.

## Bug fixes:

  • Allow prerelease activation (even if requirement is not explicit about it) when it’s the only possibility. Pull…
Ruby Rogues 

Building Skills and Connections with Nathan Bellow - RUBY 629

Nathan Bellow is a Ruby software developer at Illuxi. They explore the premium benefits of membership, including exclusive access to Ruby Rogues without ads and personalized assistance with job hunts and deployment issues. They share their experiences in the Ruby community, from learning the language to securing professional opportunities. Join them as they discuss the value of personal connections at conferences and meetups, the impact of mentorship, and the crucial role of networking in career development. This promises to be an enlightening and thought-provoking episode for developers and enthusiasts alike.
Sponsors
Socials
All about coding 

Micro benchmarking value objects in Ruby: Data.define vs Struct vs OpenStruct

As I was working on another email part of my Modern Ruby course via email I wanted to make some micro benchmarks on Data.define vs Struct vs OpenStruct

They are not a production-level benchmark, so take them with a grain of salt.

I added all code and results in a repo at https://github.com/lucianghinda/value-object-in-ruby-benchmarks

Creating new objects

When creating a new object, Struct (with keyword_init: true)and Data.define behave almost the same (the differences are with error margin or so small that they are probably due to my setup), while OpenStruct seems to be the slowest.

Having defines the following keys and values:

keys = 1000.times.map { |i| "key#{i}".to_sym }values = 1000.times.map…
Awesome Ruby Newsletter 

💎 Issue 409 - Episode #90: DHH - Ruby on Rails, 37signals, and the future of web development

Remote Ruby 

RailsConf 2024 with Ufuk Kayserilioglu

Today’s episode features a detailed discussion about the upcoming RailsConf 2024, its
programming, and significant updates in the Ruby community, particularly regarding
Ruby Central&#39;s contributions. Jason, Chris, and Andrew dive into a conversation with
guest, Ufuk Kayserilioglu, Engineering Manager at Shopify&#39;s Ruby Infrastructure Team,
who recently joined the board of Ruby Central and co-chairs RailsConf 2024. Ufuk
shares insights on the planned enhancements for the conference to make it more
practical and focused on Rails. He also highlights the formation of the Ruby Developer
Experience team at Shopify, aimed at improving developer experiences within the Ruby
ecosystem. The conversation…

RubyGems Blog 

February 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in February.

RubyGems News

This month, RubyGems released RubyGems 3.5.6 and Bundler 2.5.6. These updates include enhancements such as improved deep copy requirements in Gem::Specification and Gem::Requirement specifications, and improvements to the gem login scope. These efforts are part of our ongoing commitment to improving the RubyGems development experience.

Another accomplishment from the team this month:

Merging a new gem rebuild command

  • The goal of this feature…
Ruby Weekly 

Chilling out with Ruby strings

#​695 — March 21, 2024

Read on the Web

Ruby Weekly

'Chilled Strings': Working Toward Frozen Strings by Default? — A language proposal that would introduce “chilled strings” that masquerade as frozen strings but issue a FrozenError warning when first modified (while allowing the modification). The goal here is to get closer to freezing all strings by default without immediate breakage.

Étienne Barrié and Jean Boussier

The Rails Guides Get a Facelift — Back in 2021, Rails 7.0 landed along with a major spring clean for the Rails brand and site design, but the ever useful Rails Guides didn't benefit from…

Test Double 

Why legacy code rewrites are the hardest job in software

Thinking about a big rewrite? Don’t do it.

We get it. Legacy codebases are often like tangled mazes, with convoluted logic, outdated practices, and patches upon patches. Navigating through such complexity can be akin to searching for a needle in a haystack, making even simple changes a Herculean task.

Years of band-aid fixes, quick hacks, and expedient solutions accumulate as technical debt in legacy systems. This debt accrues interest over time, slowing down development, increasing the risk of bugs, and impeding innovation.

A rewrite sounds like a clean slate and a chance to architect the new system from the ground up, incorporating modern design patterns, technologies, and best…

Ruby News 

CVE-2024-27280: Buffer overread vulnerability in StringIO

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.

Details

An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.

Recommended action

We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version…

Ruby News 

CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.

Details

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.

When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.

When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.

Recommended action

We recommend to…

Ruby on Rails 

Rails Guides get a facelift

When Rails 7.0 landed in December 2021, it came with a fresh new homepage and a new boot screen. The design of the guides, however, has remained largely untouched since 2009 - a point which hasn’t gone unnoticed (we heard your feedback).

With all of the work right now going into removing complexity from the Rails framework and making the documentation consistent, clear, and up-to-date, it was time to tackle the design of the guides and make them equally modern, simple, and fresh.

We worked with UX designer John Athayde to take the look and feel of the homepage and transfer that over to the Rails Guide to make it clean, sleek, and up-to-date.

The layout will remain the same, but from…

Ruby Magic by AppSignal 

Good Database Migration Practices for Your Ruby on Rails App using Strong Migrations

One great feature that comes with modern web frameworks is the ability to manage database schema migrations. However, schema migrations are not 100% safe and remain a recurring cause of issues within projects I have encountered over the last 15 years.

This article will review the issues surrounding poorly managed schema migrations and then look into Strong Migrations, a gem that can help you avoid most problems. Finally, we will discuss a few good practices around database management.

Let's get started!

Issues with Schema Migrations in Ruby on Rails

Schema migrations are changes to a table or database schema within an RDBMS: adding, renaming, removing, and updating a table (or a column…

Evil Martians 

Why should developers write? 3 reasons and 3 common blocks

Authors: Nina Torgunakova, Frontend Engineer, and Travis Turner, Tech EditorTopic: Lifestyle

Why should developers write? In this post, we share three reasons why, plus three common roadblocks and how to overcome them.

To keep up to date with new technologies and practices, developers naturally find themselves reading technical articles. But have you thought about writing one? In this post, we’ll explain how to start—and why it’s worth it in the first place.

Ruby Central 

Ruby Central Receives Alpha-Omega Grant

Ruby Central Receives Alpha-Omega Grant

Ruby Central is thrilled to announce that we have been awarded a two part grant from Alpha-Omega. The $250,000 grant will support critical open source projects on RubyGems.org, RubyGems and Bundler. 

Alpha-Omega is an OpenSSF associated project of the OpenSSF, established in February 2022, funded by Microsoft, Google, and Amazon, and with a mission to protect society by catalyzing sustainable security improvements to the most critical open source software projects and ecosystems. 

Ruby Central maintains and operates RubyGems.org and the package tools RubyGems & Bundler. This vital infrastructure supports development across the Ruby ecosystem. RubyGems.org served 2.7 billion gem downloads and…

Test Double 

Finding the right React component in the MUI design system

MUI, the popular React Material Design library, has a lot of components. And that’s great! (As long as your tree shaking is working correctly.) But it can also make it hard to find the component you want. Sometimes words are used differently across design systems. (Quick! What’s the difference between a modal and a dialog?) And sometimes you might just not be aware that MUI already has something built in so you don’t have to build it yourself.

To help with finding the right component in MUI, here’s a quick reference of the components that I most frequently confused for one another or have trouble remembering which is which. Live code examples are included so you can play with them…

All about coding 

History of the endless method syntax

When I learn about a new language feature, I like to read and discuss the proposal. How and why it was accepted. What was the requester trying to accomplish, and what problem did they try to solve?

Here, I will review how the endless method was introduced in the Ruby language.

What is the definition of the endless method?

In a few words, it is an alternative syntax for defining a method that consists of a single expression.

Here is the definition from Ruby documentation:

Definition of endless method in Ruby

Here are two simple examples:

def exists? = User.where(organisation: organisation).exists?

or with parameters:

def format_date(date) = date.strftime(DEFAULT_DATE_FORMAT)

History of trying to remove one or more ends

2011 - the first…

The Bike Shed 

419: What's New in Your World? (Extended Edition)

Stephanie introduces her ideal setup for enjoying coffee on a bike ride. Joël describes his afternoon tea ritual. Exciting news from the hosts: both have been accepted to speak at RailsConf! Stephanie's presentation, titled "So, Writing Tests Feels Painful. What now?" aims to tackle the issues developers encounter with testing while offering actionable advice to ease these pains. Joël's session will focus on utilizing Turbo to create a Dungeons & Dragons character sheet, combining his passion for gaming with technical expertise.

Their conversation shifts to artificial intelligence and its potential in code refactoring and other applications, such as enhancing the code review…

RubySec 

CVE-2024-28862 (rotp): ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.
RubySec 

GHSA-vcc3-rw6f-jv97 (nokogiri): Use-after-free in libxml2 via Nokogiri::XML::Reader

### Summary Nokogiri upgrades its dependency libxml2 as follows: - v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6 - v1.16.2 upgrades libxml2 to 2.12.5 from 2.12.4 libxml2 v2.11.7 and v2.12.5 address the following vulnerability: CVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 - patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970 Please note that this advisory only applies to the CRuby implementation of Nokogiri, and only if the packaged libraries are being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you…
BigBinary Blog 

Building a web based screen recorder

This is part 1 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 2andpart 3.

At neeto, the product team, developers and the UI teamoften communicate using short videos and screen recordings. We relied on popularsolutions like Loom and Bubbles. But they allowed only a small number ofrecordings in their free versions and Soon, they presented us with the upgradedscreens - upgrades were quite expensive for our team due to our team size andthe number of recordings we made daily.

So, we thought of building a solution of our own. We found the browser'sMediaStream Recording API.

MediaStream Recording API

The MediaStream Recording API, sometimes called the MediaRecorder…

BigBinary Blog 

Efficient uploading and persistent storage of neetoRecord videos using AWS S3

This is part 2 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 1andpart 3.

In the previous blog, we learned how to use the Browser APIs to record screenand generate a WEBM file. We now need to upload this file to persistent storageto have a URL to share our recording with our audience.

Uploading a large file all at once is time-consuming and prone to failure due tonetwork errors. The recording is generated in parts, each part pushed to anarray and joined together. So it would be ideal if we could upload these smallerparts as and when they are generated, and then join together in the backend oncethe recording is completed. AWS'sSimple Storage Service (S3) made a…

BigBinary Blog 

Universal playback and streaming support using MP4 and Range request headers

This is part 3 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 1andpart 2.

In the part 1 of our blog, we uploaded the recording from the browser to S3 insmall parts and stitched them together to get the final WEBM video file. Wecould use this WEBM file to share our recording with our audience, but it has afew drawbacks:

  1. WEBM is not universally supported. Though most modern browsers support WEBM,a few browsers, especially devices in the Apple ecosystem, do not play WEBMreliably.

  2. Metadata for timestamps and duration are not present in WEBM videos. So,these videos are not "seekable." It means these videos do not show the videolength, and we cannot move back and…

Hence, we needed to convert the WEBM videos to a…

BigBinary Blog 

Building a web based screen recorder

At neeto, the product team, developers and the UI teamoften communicate using short videos and screen recordings. We relied on popularsolutions like Loom and Bubbles. But they allowed only a small number ofrecordings in their free versions and Soon, they presented us with the upgradedscreens - upgrades were quite expensive for our team due to our team size andthe number of recordings we made daily.

So, we thought of building a solution of our own. We found the browser'sMediaStream Recording API.

MediaStream Recording API

The MediaStream Recording API, sometimes called the MediaRecorder API, isclosely affiliated with theMedia Capture and Streams APIand theWebRTC API. TheMediaStream Recording…

BigBinary Blog 

Efficient uploading and persistent storage of neetoRecord videos using AWS S3

In the previous blog, we learned how to use the Browser APIs to record screenand generate a WEBM file. We now need to upload this file to persistent storageto have a URL to share our recording with our audience.

Uploading a large file all at once is time-consuming and prone to failure due tonetwork errors. The recording is generated in parts, each part pushed to anarray and joined together. So it would be ideal if we could upload these smallerparts as and when they are generated, and then join together in the backend oncethe recording is completed. AWS'sSimple Storage Service (S3) made a perfect fit asit provides cheap persistent storage, along withMultipart Uploadsfeature.

S3 Multipart…

BigBinary Blog 

Universal playback and streaming support using MP4 and Range request headers

This is part 2 of our blog on how we are buildingneetoRecord.

In the part 1 of our blog, we uploaded the recording from the browser to S3 insmall parts and stitched them together to get the final WEBM video file. Wecould use this WEBM file to share our recording with our audience, but it has afew drawbacks:

  1. WEBM is not universally supported. Though most modern browsers support WEBM,a few browsers, especially devices in the Apple ecosystem, do not play WEBMreliably.

  2. Metadata for timestamps and duration are not present in WEBM videos. So,these videos are not "seekable." It means these videos do not show the videolength, and we cannot move back and forth using the seek bar. The videostarts…

Hence, we needed to convert the WEBM videos to a universally supported format tosolve the…

Short Ruby Newsletter 

Short Ruby News - Edition #83

A Monday summary of the articles, discussions, and news from the Ruby community
Saeloun Blog 

Rails 8 adds allow_browser to set minimum browser version

Browser compatibility is critical for ensuring that a website displays and performs properly across several web browsers. Every browser renders code differently, thus compatibility testing is critical for reaching a larger audience. It involves evaluating how a website appears in several browsers such as Chrome, Firefox, Safari, and Internet Explorer.

As the number of mobile users grows, interoperability with mobile platforms becomes increasingly important.

Before

Before Rails 8, browser compatibility was detected using the browser gem

gem "browser"

To detect whether a browser can be considered as modern or not, we create a method that abstracts our versioning constraints.

def modern_…
RubySec 

CVE-2024-28121 (stimulus_reflex): StimulusReflex arbitrary method call

### Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. ### Details To invoke a reflex a websocket message of the following shape is sent: ```json { "target": "[class_name]#[method_name]", "args": [] } ``` The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments [ref]: [ref]: https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83 ```ruby method = reflex.method…
Dhaval Singh's Blog 

Tech Tradeoffs #1: Django or Rails? MySQL or MongoDB?

Context:

I started working at Seezo, where we are building a product for security design reviews. At this point, we are on the 0 to 1 journey and all the technical decisions we make might have a large impact on the future of our company.

Personally, I have always been curious about why did someone pick X framework over Y or should you build a feature in this way or that...

Now that I am in a place where I get to be close to this decision-making process, I'll try to document it here. Some of the tradeoffs might actually come through a mix of research, previous experience, and discussions while some are just made in the moment(relying on our gut feeling).

Which framework?

Okay, this is the most…

RubySec 

CVE-2024-28181 (turbo_boost-commands): TurboBoost Commands vulnerable to arbitrary method invocation

### Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. #### Details Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more…
Aha! Engineering Blog 

Building a dynamic Canvas rendering engine using JSX

img { max-height: 400px; margin-right: auto; margin-left: auto; } table, th, td { font-family: Red Hat Display, "Helvetica Neue", Arial, "Noto Sans", sans-serif; border: 1px solid var(--aha-gray-400); } th { background-color: var(--aha-gray-100); color: var(--aha-gray-900); text-align: left; } td img { margin: 0.5em auto !important; }
by Percy Hanna

Our product team is busy adding many great new features to Aha! Whiteboards and Aha! Knowledge — including wireframes, voting, and improvements to viewing Aha! Roadmaps data within a whiteboard. We added all of this functionality in just the last few months, and we are busy building…

RubyGems Blog 

Password Reset Vulnerabilities, Hacker One and Humility

Have you ever thrown actual spaghetti at a wall? It’s funny, sticky and barely induces any panic. HackerOne reports, on the other hand, have the opposite effect. Unlike wet spaghetti, the clean-up job is far more work for our security team.

Running a bug bounty program means a stream of incoming reports, not all of them correct, that must be reviewed. After receiving enough dire-sounding reports that ultimately lead nowhere, it can look like thrown spaghetti (a see-what-sticks approach). Though we try to give each report a thorough, unbiased evaluation, it’s difficult to keep an open mind about any given report.

Dead-end reports cost the RubyGems security team time, and slow down our…

Posts on Kevin Murphy 

Tracks Not At RailsConf 2024

RailsConf 2024 🔗

I’m on the RailsConf 2024 Program Committee. We just released the program for this year’s event, and I hope you’ll join us!

One thing we don’t have are formally-themed tracks. In past years, our CFP might have included prompts for different topics. Or we’d group some talks in publicly-shared and advertised ways.

We aren’t doing that this year. That lets us focus on the overall conference theme: building with Rails. However, that didn’t stop me from brainstorming a list of possible tracks, in case we did want to add them in.

The following is a list of what could have been, but will not be: tracks that are not part of the RailsConf 2024 program.

Lend an Enginear 🔗

Story Time!…

http://blog.segiddins.me/ 

Residency Update

Welcome to my sixth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

Fixing a common source of ONCALL pages

As I mentioned last week, I had found that by far our most expensive query was for reverse dependencies of a gem. I shipped my fix last weekend, and it sure made a difference.

alt text

Fixing N+1 Queries

Unfortunately, most of my week was spent on RubyGems.org operational issues. I had noticed that many of our slowest endpoints had a very large number of queries being executed, and I spent a bunch of time digging into…

Hi, we're Arkency 

How to get burned by 16 years old hack in 2024

There’s a project I’m consulting on where programmers develop predominantly in cloud environment. This setup simplifies a lot of moving parts and has the benefit of providing everyone homogenous containers to run code. If it runs on my box — it will run on everyone’s box. In that case, that box is Linux-based. It has the drawback of having greater latency and being more resource-constrained than a beefy local machine a developer is equipped with, i.e. MacBook Pro running on Apple Silicon.

Recently we’ve upgraded this development environment from Ruby 3.2.2 to Ruby 3.3.0. The process was smooth and predictable in the cloud environment. It worked on my box and by definition on everyone’s…

Once a Maintainer 

Once a Maintainer: Ralf Gommers

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Ralf Gommers, Co-Director of Quansight Labs and leading contributor to NumPy, the fundamental package for scientific computing in Python, as well as SciPy, meson-python, and the Array API Standard. NumPy published the first pre-release version of their upcoming 2.0 release in public beta this week. This is the first new major version of NumPy in 16 years.

Once a Maintainer is written by the team at Infield, a platform for managing open source dependency upgrades. Ralf spoke to us from Norway.

How did you get into software engineering?

To begin, I trained as an experimental…

Ruby on Rails 

Active Record Basics Guide Refresh, Encrypted Attributes Re-Optimization, and more…

Hi, it’s zzak. Let’s explore this week’s changes in the Rails codebase.

The Rails World CFP will close in just one week on March 21.
Submit your talk in time!

Active Record Basics Guide
This PR refreshes the guide covering the basics of Active Record.

Do not try to alias on key update when raw SQL is supplied
A bug was found when updating duplicates with raw SQL.

Memoize “key_provider” from “key” or deterministic “key_provider” if any
Previously, this memoization was removed which lead to a performance hit for encrypted attributes.

Updating Astana with a Western Kazakhstan timezone
On March 1, 2024, Kazakhstan (all parts) switched to a single time zone UTC+5.
Using the latest tzinfo-da…

Remote Ruby 

Struggles and Strategies-Dev Dilemmas

Join Chris and Andrew in this episode as they discuss their recent experiences and
challenges with software development projects. They cover a range of topics including
the impact of ADHD on productivity, troubleshooting coding issues, the intricacies of
working with React, caching problems, and the dilemmas faced when debugging and
deploying. They also dive into the variations of using Docker, optimizing CI/CD
pipelines, the potential of Rust for CLI applications, and reflect on their journey with
various programming tools and environments. Additionally, they touch upon the
development of Rails applications, the utilization of Docker containers for development
without installing Ruby or Rails, and…

Giant Robots Smashing Into Other Giant Robots 

Numeric data types in Ruby and when to use them

In programming, we usually deal with numbers daily, sometimes without even noticing it. There is a nice offer of numeric types in Ruby, each serving a purpose, supporting features and having different behaviours.

Let’s have a look at what these types are, what performance and precision they provide and how to use them properly in our programs.

Numbers are Numeric objects

The core parent class of all core numeric types is Numeric, itself inheriting from Object. It includes the Comparable module and provides methods for querying (e.g. #positive?), comparing (e.g. #<=>) or converting (e.g. #floor).

We don’t directly use this class, but those which inherit from it.

Numeric…

Awesome Ruby Newsletter 

💎 Issue 408 - Maps of Ruby Jobs in Linkedin around the world

Write Software, Well 

Understanding Ruby's defined? Keyword

Understanding Ruby's defined? Keyword

Ruby provides a handy defined?(arg) keyword that returns a string describing its argument.

language = 'Ruby'

defined? language               # 'local-variable'
defined? @instance_var          # 'instance-variable'
defined? @@class_var            # 'class variable'

defined? nil                    # 'nil'

defined? 1                      # 'expression'
defined? 'Ruby'                 # 'expression'
defined? String                 # 'constant'

You can use defined? to test if the expression refers to anything recognizable. The expression can be an object, a variable, a method name, etc.

Note that a variable set to nil is still initialized and recognized by ruby as a local-variable.

framework =…
Hi, we're Arkency 

How to add a loading animation to your turbo frame with TailwindCSS

How to add a loading animation to your turbo frame with TailwindCSS

Ever been working on a project and hit a snag? That’s what happened to me recently. I came across a turbo frame that was slow to load and didn’t show any signs of loading. Talk about confusing!

Waiting a few eternities for the historic transactions tab to load.

The busy attribute of the turbo frame

The easiest way to add a loading state to the turbo frame is to insert the loader inside the frame tag. Problem is that it only works on the very first load, after that you’ll see the old content until the new one fully loads.

I did some digging and found out that turbo frames actually have states, which can be useful: one…

Ruby Weekly 

Turbocharging Puma with Thruster

#​694 — March 14, 2024

Read on the Web

Ruby Weekly

37signals Open Sources Thruster — First seen in Campfire, Thruster is a minimal HTTP/2 proxy for production Rails deployments – it runs alongside Puma and offers HTTP/2, Caching, SSL via LetsEncrypt, and static file serving with compression, filling a similar role to Traefik or Caddy (like them, it’s written in Go).

37signals

IRB 1.12.0 Released — One advantage to various parts of Ruby being turned into separate gems is you can upgrade them without upgrading Ruby itself, and IRB is certainly worth upgrading frequently. v1.12 introduces enhancements to…

Test Double 

Product 101: What does a good product manager do?

What is a product? How does a product manager improve software teams and lead to stronger return on investments? How does a product manager reduce risk by focus on learning and validating assumptions?

Over the last decade, schools like Harvard Business School, Cornell University’s Johnson Graduate School of Management and Northwestern University’s Kellogg School of Management all rolled out new courses and programs aimed at teaching Product Management.

And yet, despite the rapidly growing industry of product management, many businesses still don’t fully understand how to leverage product managers to support the bottom line.

“There are probably more misconceptions about product…

RubySec 

CVE-2024-28199 (phlex): Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. ### Impact If you render an `` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. ```ruby h1(**JSON.parse(user_attributes)) ``` ###…
Everyday Rails 

Notes from migrating from Minitest to RSpec, with help from GitHub Copilot

Artificial intelligence hasn't replaced us yet, but how does it handle the boring parts of our jobs?
Ruby Central 

A Technical and Practical Program: RailsConf 2024 Speakers Announced!

A Technical and Practical Program: RailsConf 2024 Speakers Announced!

This year’s line-up celebrates everyday developers that build with Ruby on Rails

PASADENA, C.A. (March. 13, 2024) – RailsConf 2024 is the world's largest gathering of Rails developers, brought together to further discussion and learning about building, managing, and testing Rails applications. Long-time conference organizers, Ruby Central, Inc., have just announced the program for the 19th annual RailsConf. Forty speakers have been chosen to present talks or workshops at the conference, which takes place from Tuesday, May 7 to Thursday, May 9 in Detroit, MI. 

“This year’s speakers have been selected to give attendees real-life, practical, insights into building and running Rails apps and…

Jardo.dev: Blog 

In Defence of Gerrit

The first team I joined in the tech industry was not doing what I understood modern software development to be. There was no CI/CD. There wasn’t a single automated test. They’d only recently adopted Git, but were using it primarily as a big save button. Some project histories were just a long string of arbitrary commits with the message “EOD”.

I was in my early twenties. I’d been programming actively for about ten years, but only as a hobbyist or in school. I had no industry experience. I’d been consuming all the programming material I could find to help me land a job. I was alarmed by the complete absence of “best practices”, but in no position to lobby for changes.

I eventually pushed…

DEV Community: Masataka Pocke Kuwabara 

ActiveRecord::Originator, a RubyGem indicating the origin of the SQL

This article is translated from a Japanese article written by me.

Hello, I'm Pocke.

Today, I created a gem called activerecord-originator, and I'd like to introduce it to you.

ActiveRecord::Originator

Add SQL comments to indicate the origin of the SQL.

This gem adds SQL comments indicating the origin of the part of the query. This is useful for debugging large queries.

Rails tells us where the SQL is executed, but it doesn't tell us where the SQL is constructed This gem lets you know where the SQL is constructed! For example:

Article Load (0.1ms)  SELECT "articles…
Ruby Rogues 

Homebrew Unleashed: Diving into the Fast and Efficient Packaging Process - RUBY 628

Mike McQuaid is the CTO and cofounder at Workbrew. They dive into the world of Homebrew, an open-source package manager for macOS and Linux. They explore the history and development of Homebrew, from its origins in the Ruby community to its evolution into a widely-used tool for installing and managing software.The conversation delves into the intricacies of building and maintaining packages, the introduction of binary packages and a new JSON API, and the creation of Workbrew, a company focused on commercializing features for Homebrew. They also touch on the latest developments in Ruby, the differences between Homebrew Cask and Homebrew Core, and the complexities of handling a large number…
The Ruby on Rails Podcast 

Episode 511: WebAssembly with Benjamin Eckel

You may have heard about WebAssembly. It’s an open standard that aims to help developers create high performance applications on the web. It’s a portable binary execution format traditionally used on the front end, but there are also other ways to use it. I am completely new to WebAssembly, so today we have a guest to talk about it with us.

Show Notes

Sponsors
Honeybadger

As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime issues,…

Ruby Magic by AppSignal 

Turbo Streaming Modals in Ruby on Rails

In part one of this series, we used Hotwire's Stimulus and Turbo Frames to present modals in Rails.

Now, we'll dive into another method we can use to present modals: Turbo Streams.

What Are Turbo Streams in Ruby on Rails?

Turbo Streams is a subset of Turbo. It allows us to make fine-grained, targeted updates to a page. By default, it contains seven CRUD actions, but we're free to add more actions within our applications.

Now, we'll create a show_remote_modal action which renders and presents the <dialog> from our previous post.

Creating a Custom Action

Create a folder to place all custom Stream Actions in:

$ mkdir app/javascript/stream_actions
$ touch app/javascript/stream_actions/index.js
Sam Saffron 

Claude 3 Opus - First impressions

Disclaimers and technical details

If you are looking for comprehensive benchmarks, head over the Anthropic announcement blog post, or to the fantastic LMSYS leaderboard.

My goal with this blog post is to provide anecdote only. Here are a limited number of tests and examples pitting Claude 3 Opus against the current (as of 08-03-2024) flagship model by Open AI, GPT-4 Turbo version 0125-preview.

I hope to provide entertainment and a glimpse into the capabilities of both of these impressive models.

I performed all my testing using Discourse AI which provides consistent tool (the ability to invoke functions) and persona support across a wide…

RailsNotes, the Ruby on Rails guides you wished you had. 

Using Rails debugger/rdbg with VS Code

A short introduction to the rdbg/debugger extension for VS Code, plus a guide on how to set it up correctly to debug your Ruby on Rails applications, as well as your RSpec specs. The VS Code extension takes 5 minutes to setup and it's great!
Giant Robots Smashing Into Other Giant Robots 

How to approach a reduce problem

Ruby’s reduce (aka inject) can be intimidating. It can be hard to both read and to write. This handy two-step approach has helped me write reduce code without tying my brain in knots.

Two-step process

Here are the two steps:

  1. Figure out how to combine 2 items
  2. Use reduce to scale up to n items

They derive from a helpful mental model I have:

reduce is a tool for scaling a method that combines 2 items into a method that combines n items.

Problem: Aggregating T-shirt inventory

Consider some code that models multiple warehouses that hold inventory of various sized t-shirts. We might want to find the total inventory across all warehouses. Aggregation problems…

Gusto Engineering - Medium 

Gusto Eng Spotlight Series: Hugo Rodriguez

This blog series is dedicated to celebrating our Black, Latino/a/e/x, and Women Engineers who are making an impact in the lives of our Gusties and Gustomers (Gusto customers) every day.

Today, we’re spotlighting Hugo Rodriguez, who works out of Mexico and has been with Gusto for 1.5 years and is now on the Payroll Experiences team. He also has 12 years of experience teaching Computer Science at the UNAM (Universidad Nacional Autonoma de Mexico).

Hugo wearing a concert T-shirt for Helloween & Hammerfall

Abby: Tell us a little about how you got to Gusto.

Hugo: Before Gusto, I was working for an energy company for 5 years building their frontend and backend systems for energy-price forecasting.…

Super Good Blog 

Introducing Dead Code

As software consultants, we bring more than Solidus expertise to the organizations we work with. We’re also specialists in iterative software development, which we believe is necessary for success in the eCommerce industry. We do our best to help shape the organizations we work with to make them better at delivering software.

In a sense, we’re undercover Extreme Programming consultants. We use our unique position as outsiders to the organization to facilitate healthy changes that push them towards iterative planning and incremental delivery. Different organizations are more or less receptive to this, but even when we collaborate with a more rigid organization, we do what we can to help make…

Jardo.dev: Blog 

Introducing Dead Code

It was only a matter of time before the disease that gets everyone in my demographic got me too. I’ve started a podcast. I know, I know, but the software industry needs me. I couldn't help myself.

One team’s best practices are another’s anti-patterns. The TDD debate continues with no end in sight. Agile might be dead, but it might still be alive and well, just divorced from its name. Computer science academia is totally disconnected from software development, and bootcamps have tried to improve on that by, uh, exploiting market conditions or something.

That’s where Dead Code comes in. Through conversations with people across the software world, we’re going hunting for our industry’s best…

BigBinary Blog 

Automating Case Conversion in Axios for Seamless Frontend-Backend Integration

In the world of web development, conventions often differ between backend andfrontend technologies. This becomes evident when comparing variable naming caseconventions used in Ruby on Rails (snake case) and JavaScript (camel case). Atneeto, this difference posed a major hurdle: the requirement for manual caseconversion between requests and responses. As a result, there was a significantamount of repetitive code needed to handle this conversion.

Heres a snippet illustrating the issue faced by our team:

// For requests, we had to manually convert camelCase values to snake_case.const createUser = ({ userName, fullName, dateOfBirth }) =>  axios.post("/api/v1/users", {    user_name: userName,   …
Evil Martians 

Martian Kubernetes Kit: unboxing our toolkit's technical secrets

Authors: Ilya Cherepanov, Site Reliability Engineer, Kirill Kuznetsov, Head of SRE, and Travis Turner, Tech EditorTopics: Ops, Site Reliability Engineering, Full Cycle Software Development, Backend Development, Kubernetes, Prometheus, Docker, Amazon Web Services, Google Cloud Platform, Terraform, Continuous Integration, Grafana, Heroku, Helm

We’ve been shipping Kubernetes to clients since 2015, and over the years, we realized it would be nice to have a setup that referred to some core distribution for our Kubernetes configuration. Read about our efforts creating a toolkit for our clients that make adopting it easy and affordable, transforming it from potential headache into just another…

Hashrocket - Ruby Posts 

Using a hash of data for string replacement in Ruby

Ruby string substitution using the % operator is a way to format strings in Ruby, enabling you to insert variables or expressions within a string. This technique can make it easier to build strings dynamically, particularly when you need to include variable content.

When you pass a hash of values for string substitution in Ruby, you can use named placeholders within the string. This approach is more readable and maintainable, especially with many variables or when the order of variables is only sometimes apparent. Here's how it works:

Syntax with Hash

To use a hash for string substitution, you specify symbols in the format string corresponding to the hash keys. Then, you pass the…

Radan Skorić's personal site 

How to customize Rails console setup without modifying the project

When working on projects with other developers you might (like me) find yourself wanting to customize the project console in a way that’s not useful as a default but it is useful for you. And ideally, I don’t want to modify the project, these are just my configurations. I deserve some privacy. My friend Nikola Topalović shared with me a setup that makes this possible in an elegant way. Set it...
Jardo.dev: Blog 

Goodbye, Pivotal Tracker

I just learned (through this article) that Pivotal Tracker is shutting down for everyone except enterprise customers. I’ve been using Pivotal Tracker for only slightly less time than I’ve been working with Rails. In the beginning I didn’t appreciate it. It was ugly. I didn’t understand the words it used. It was rigid. Eventually that changed.

Bugs didn’t get pointed, which made the team extremely aware of the cost of defects. Chores didn’t either, and that urged our team to break things down into user-oriented functionality, so that it would “count”. The “automatic” sprint planning was imperfect, but it tempered our unrealistic expectations of what we could get done. You could even create…

The Bike Shed 

418: Mental Models For Reduce Functions

Joël talks about his difficulties optimizing queries in ActiveRecord, especially with complex scopes and unions, resulting in slow queries. He emphasizes the importance of optimizing subqueries in unions to boost performance despite challenges such as query duplication and difficulty reusing scopes. Stephanie discusses upgrading a client's app to Rails 7, highlighting the importance of patience, detailed attention, and the benefits of collaborative work with a fellow developer.

The conversation shifts to Ruby's reduce method (inject), exploring its complexity and various mental models to understand it. Joël and Stephanie discuss when it's preferable to use reduce over other…

Honeybadger Developer Blog (Ruby Articles) 

Let's build a Hanami app

Hanami is a full-stack Ruby web framework that's been around for over a decade. The Hanami team recently released version 2.1 which now includes everything you need to build a full stack application including a view layer and frontend asset support. Unlike Rails, which has many default assumptions about how an app should be built, Hanami promises developer freedom by not imposing too many such defaults.

The framework is also blazingly fast due to its low memory footprint and focus on minimalism. Combine that with a focus on strict abstractions, and you get a fully-featured Ruby framework that could rival Rails for building some applications, such as APIs and micro-services.

In this…

The RubyMine Blog : Intelligent Ruby and Rails IDE | The JetBrains Blog 

RubyMine 2024.1 Beta is Out!

Hello everyone!

We’re back with the latest update on the RubyMine 2024.1 Early Access Program.

You can download the Beta build from our website or via the free Toolbox App.

Here are the highlights:

Full Line Code Completion

RubyMine 2024.1 comes with the Full Line code completion (FLCC) feature for Ruby code. It is available as part of the Full Line Code Completion plugin, which is bundled with your IDE. 

The plugin enriches your code completion with multi-token proposals, employs a deep learning model, and operates on your local machine, ensuring that no data is transmitted over the internet. As a result, the functionality remains accessible even when you don’t have an…

Short Ruby Newsletter 

Short Ruby News - Edition #82

This edition has new sections for Ruby code: Code Samples, Code Design, and Around Code. This way, you can go quickly to what is of interest to you!
Ruby on Rails 

Illustrator file preview, deprecations and more!

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Feedback for structuring the Active Record Query Guide
The Active Record Querying Guide is getting restructured and the team working on it requests feedback from the community.

Rails World CFP closes in 2 weeks
2 more weeks left to submit your talk to Rails World 2024!

Railties: configure sanitizer vendor in 7.1 defaults more robustly
In apps where rails-html-sanitizer was not eagerly loaded, the sanitizer default could end up being Rails::HTML4::Sanitizer when it should be set to Rails::HTML5::Sanitizer. This change requires rails-html-sanitizer immediately before it’s needed, and avoids the possibly-incorrect…

Illustrator .ai files are previewable as PDFs
This happened…

http://blog.segiddins.me/ 

Residency Update

Welcome to my fifth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

The past two weeks I have been heads-down on a pure-ruby Sigstore implementation, which has a lot of moving parts. I hope to outline some of the interesting challenges I’ve encountered along the way, either in this update or in another venue.

Sigstore Verification

This is my big project for the month. (At least a month, it’s a real big one.)

We have a working implementation of verify and verify-bundle in the sigstore verifier that is passing most of the…

Julia Evans 

How HEAD works in git

Hello! The other day I ran a Mastodon poll asking people how confident they were that they understood how HEAD works in Git. The results (out of 1700 votes) were a little surprising to me:

  • 10% “100%”
  • 36% “pretty confident”
  • 39% “somewhat confident?”
  • 15% “literally no idea”

I was surprised that people were so unconfident about their understanding – I’d been thinking of HEAD as a pretty straightforward topic.

Usually when people say that a topic is confusing when I think it’s not, the reason is that there’s actually some hidden complexity that I wasn’t considering. And after some follow up conversations, it turned out that HEAD actually was a bit more complicated than I’d appreciated!

GoRails Screencasts 

ActionController Modules in Rails

Ever wondered how Rails controllers get their functionality? Let's see how we can add translation support to Rails API controllers by looking at the Rails source
Giant Robots Smashing Into Other Giant Robots 

Introducing props_template: A Jbuilder alternative

I like Jbuilder. It’s been part of every Rails project every time I run rails new and the first thing I reach for when I want to create JSON responses. It’s as synonymous with JSON as ERB is with HTML.

But I wanted a version of Jbuilder that had layouts, didn’t merge hashes, had faster caches, directly used OJ’s StringWriter instead of building a hash, and allowed me to dig into a structure using a key path. Sometimes it makes sense to contribute to an open source project and submit pull requests for the features you want; sometimes we diverge so much that it makes sense to start anew.

Introducing props_template. A JSON builder with a Jbuilder-like DSL that has support for all of the…

Awesome Ruby Newsletter 

💎 Issue 407 - What Does the Frozen String Literal Comment Do in Ruby?

Ruby Weekly 

DHH's Windows odyssey

#​693 — March 7, 2024

Read on the Web

Ruby Weekly

A Cookbook of Ruby One-Liners — Ruby is a fantastic language for one-liners, whether in IRB or from the command line. We’ve linked to this cookbook before but it continues to prove very useful and Sundeep has released a new version of it, along with PDF/EPUB builds, and ▶️ a video explaining the project.

Sundeep Agarwal

Better Know a Ruby Thing: Keyword Arguments — Noel continues a series digging deep into specific Ruby features with a look at keyword arguments, from the basics through to fun stuff like using **nil to prevent keyword arguments being…

Saeloun Blog 

Rails 7.1.2 now ignores implicitly passed locals in templates that use strict local definitions

Templates have always been a powerful way to organize and reuse view elements. Rails 7.1 introduced strict local definitions in templates. This means that templates can now define a strict list of locals that they accept. This is useful for catching typos and other errors.

For example, to render a profile card with strict locals, a template might look like this:

# app/views/_profile.html.erb

<%# locals: (name:, avatar:) -%>

<div>
  <%= image_tag avatar %>
  <%= name %>
</div>

The magic comment locals: (name:, avatar:) defines the locals that this template accepts. If a local that is not defined is passed to this template, an exception will be raised.

#…
Evil Martians 

How to make complex serverless file processing a piece of cake

Authors: Valentin Kiselev, Backend Engineer, and Travis Turner, Tech EditorTopics: Backend, Serverless, Google Cloud Platform, TypeScript, Node.js

Complex file processing can be easy with serverless solutions, but to perform manipulations on the uploaded files, you also need an easy-to-integrate system. Learn file processing tools and techniques with a real case and see an example serverless app for Google Cloud Platform.

Complex file processing can be made easy with serverless solutions, but when it comes to performing various manipulations on the uploaded files, you also need a robust system that’s easy to integrate. Yet, if you want to create a complex service, you'll need to know some…

The Ruby on Rails Podcast 

Episode 510: Burnout with Dr. Katy Cook

Burnout is a common occurrence in the tech industry. And the recent onslaught of layoffs have left many stressed about their job search, or overworked from the increased demands of the smaller teams. I know some of my listeners have experienced burnout. I myself have had a recent experience with burnout that took months to recover from. Dr. Katy Cook joins the show to teach us more about Burnout.

Show Notes
The Psychology of Silicon Valley (2019)

APA Studies on Burnout

Have a comment on this episode? Send an email to comments@therubyonrailspodcast.com

Ruby Magic by AppSignal 

Active Record or Sequel: Which Best Fits The Needs of Your Ruby App?

When it comes to choosing an object-relational mapping (ORM) library for your Ruby application, Active Record is usually the favorite choice. It's an easy-to-use ORM library that allows for lots of data wrangling without resorting to SQL. All the same, you might wonder: "Is Active Record the only Ruby ORM library I can use?"

In this article, we'll compare some Active Record features to its lesser-known but powerful cousin, Sequel. There are too many points of comparison to cover everything (such as how each library handles CRUD operations, table joins, associations, database replication and sharding, etc). Instead, we'll scratch the surface of a few database operations — namely, filtering,…

Shopify Engineering - Shopify Engineering 

Improving Shopify App’s Performance

Write Software, Well 

Honeybadger Now Supports Logging and Event Monitoring

💡
Disclaimer: This is not a sponsored post. Honeybadger has not paid me anything to write it.
Honeybadger Now Supports Logging and Event Monitoring

I've been using Honeybadger for a while now on my Rails applications (both personal, hobby projects and for clientwork). I mainly use it for error and uptime monitoring. Both features work really great, and I really like their simple offerings and intuitive UI.

For a long time, I've been waiting for a simple hosted log management solution from them, and I recently stumbled across it while reading their docs. It's called Insights and you can read the docs here. I really like the following marketing copy, which helped clear some confusion I had about the related jargon.

Honeybadger Now Supports Logging and Event MonitoringLogging Events

The setup is…