Rubyland

I agree that monkey patching should be the last approach and used carefully. One of the most critical issues is that the code you create depends on the structure of the code you are monkey patching, thus voluntarily violating the contract that the gem's author offered.

I see monkey patching as a breach of contract with the…

Good news, chat! We now have a Hanami Discord, where you can join us to chat all things Hanami, dry-rb and ROM. We’d love to see you there!

Discord isn’t the only place you can join our community. Our venerable forum remains our crown jewel, a growing treasure trove of learnings and experiences. We’d love to see you there too.

In both our chat and forum, we care about building a friendly, inclusive and helpful community. We welcome people of all backgrounds, genders and experience levels, and respect you all equally. We do not tolerate nazis, transphobes, racists, or any kind of bigotry. See our code of conduct for more.

You can also catch us on social media via Mastodon and Bluesky.…

February 17, 2025 How to Combine Ruby’s Simplicity with AI’s Power As developers, we’re always looking for ways to build smarter, more efficient systems. Today, I want to share how you can create a Ruby-based API and supercharge it with AI capabilities using platforms like DeepSeek (hypothetical example) or similar services. Let’s dive in! Need … Continue reading Building Intelligent APIs with Ruby and DeepSeek: A Step-by-Step Guide →

Hey, nice, my blog has a navbar now! In addition to the (previously hidden) pages for Conference Talks and Personal Projects, there is a completely new page for my Professional Resumé, which I have updated for the first time in uh… probably 12 years. So that’s good.

My personal about and splash page at arko.net is also readable on phone-sized screens now. That only took 15 years or so.

If you’re seeing this, that also means I have successfully migrated from my legacy Netlify setup to my new setup on Micro.blog. Now that I’m done moving all the existing posts, I can write new posts here without having to check out my git repo and create new markdown files and commit and push them. Hooray.

Co…

Please pardon a blog post that is a bit different from the standard RubyGems release announcement.

Today, I’m going to spin you a tale about the impact malicious software packages have on application developers.

I want you to close your eyes, take a deep breath, and imagine the following (completely hypothetical, with absolutely no resemblance to real life) scenario.

Your company ships a web application written in your favorite language, Sham. Doing your best to stay productive and avoid re-implementing wheels of various shapes and sizes, you use packages for Sham, which, of course, are called Swindles. Your company is responsible, and uses all the fancy tooling to manage your…

RubyGems 3.6.5 includes enhancements and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

• Installs bundler 2.6.5 as a default gem.

## Documentation:

• Removed gem server from gem help. Pull request #8507 by hsbt

SHA256 Checksums:

• rubygems-3.6.5.tgz
  c20034de6a49479337edb6c543b0c7390544f6287d15b25750efa910ac2bf7c8
• rubygems-3.6.5.zip
  6f055dccfd810316139bf8a83c5738d75965f083e17c740fa231f2a2669048c9
• rubygems-update-3.6.5.gem
  1d6764fee1618a71a89932621ace8132e0cbb1374c1dd02337d15407108a9af4

I wrote about how Cursor’s AI agent helped me build a high quality new feature in Rails, without much “prompt engineering” getting in the way.

You can find it in my employer’s blog: “How I use AI agents to code new features”.

By reading this article you will gain a basic understanding of the Haskell programming language and the functional programming paradigm.

First of all… Why Haskell?

Haskell is THE language when it comes to functional programming because it embraces this programming paradigm fully while still being somewhat usable for real-world production applications.

Yes, it does have a reputation for being academic & very hard to learn but this is only because most people are not used to thinking about pure functions, recursion, immutability & the famous Monads.

The truth is that it does take effort to learn, but that’s the same for pretty much everything worth knowing so I encourage you to…

When you build advanced UI’s for your Saas there will be a point you need to store certain preferences or appearance settings for a user or workspace, like:

• synced light- and dark-theme;
• expand/collapsed state for navigation items;
• time zone.

And so on. I’ve come across this use cases in every app I built. For a long time I used a set up like described in this article. But ever since I published it, and even including a template to get the required code in your app, I got questions if it wasn’t better as a gem.

So after about 10 months, here is: Rails Vault.

Rails Vault is a simple gem to add settings and preferences to any ActiveRecord model. The goal is to keep it simple and…

DNSimple, a long-time Ruby Central sponsor, helps businesses simplify domain management, including registration and DNS hosting across multiple providers. Their roots trace back to RubyConf 2010, where CEO Anthony Eden introduced the company to the Ruby community—and the world. Earlier this month, he sat down with us to discuss the growth of DNSimple and how Ruby and Rails and the community have played a key role. 

“When I started DNSimple, I was working as a full-time Ruby developer,” Eden explained. “I knew the Ruby community well, having attended and presented at many events. I knew that I could present a demo during a lightning talk that would resonate with Rubyists, showing a simple…

I hate to spoil the end of this wonderful post for you, but:

In short, if your priority is developer experience, you won’t find a better option than Heroku.

Heroku's greatest sin wasn't in selling out (in fact, its Salesforce acquisition was one of the least disruptive in the history of SaaS), it was in well and truly solving the problem it set out to address. Then, after that, …they didn't have much new and shiny to talk about. Everything Just Worked™.

There are a handful of rough edges that they're still sanding down—HTTP 2 support was the big one, but they've recently covered that. I take the fact that I reacted to their banner about a next generation paltform with worry it might make…

Realized I managed to shit out a decent definition of the word "refactoring" in 30 seconds when I was editing this longer video on career advice, so may as well clip it for posterity. Both were pulled from v31 of Breaking Change.

Mailbag day! This one from v31 of the podcast.

Watch on YouTube

Founded in 2011, Valid Eval provides a secure, SaaS-based platform that helps organizations make defensible, data-driven decisions in high-stakes situations involving many applicants, subjects, domain experts, and judges. The Denver, Colorado-based company primarily serves federal government agencies that need to evaluate complex bids before awarding contracts.

Here was our challenge

The nature of Valid Eval’s work demands an exceptionally high degree of system performance. However, the organization was experiencing speed and memory challenges with its Puma web server, a key component of its Ruby on Rails architecture.

“We’re not large enough to justify building an internal team of…

Hello! Welcome to the February newsletter—now known as Ruby Central’s OSS Changelog.

As mentioned in our previous newsletter, we will now be sending out separate updates for the Open Source Program and general Ruby Central organization and community news.

You can expect our general Ruby Central newsletter (the Ruby Central README) in your inbox later this month.

Read on for announcements about our Open Source Program and a report of the OSS work we’ve done from the previous month...

Open Source Program Announcements

Want to support Ruby Central and our Open Source Program?

2024 was a landmark year for project work, as highlighted in our first Annual Open Source Report.

This was largely thanks to a…

When working with associations in Rails, managing referential integrity is quite important. One not-so-common but highly useful option is dependent: :restrict_with_error, which ensures that records with dependent associations cannot be deleted without first handling those dependencies properly.

In this post, we'll explore how dependent: :restrict_with_error works, why it's useful, and when to use it over other dependent options like :destroy, :nullify, and :delete_all. I recently discovered this option while working on a new feature, and wanted to share a summary of my understanding. I hope you find it helpful as well.

Let's consider the following has_many association where a Team model has…

Evil Martians have built a system that finds exceptional engineers while cutting costs and respecting everyone’s time. Read and learn how!

Here's a counterintuitive truth about hiring frontend engineers: starting with a CEO chat or diving straight into technical interviews isn't just inefficient—it might cost you the best candidates. At Evil Martians, we process about 50 frontend candidates weekly (without a dedicated HR team) and still manage to retain the best talent. How? By turning conventional hiring wisdom on its head! In this post: we reveal our process and share explicit steps on…

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Ed Waisanen and Nate Papes of the Gala project, an open source research and education platform out of the University of Michigan. Ed oversees the ongoing development of the Gala platform and advises users on instructional design, multimedia production and use, and the development of interactive data tools. Nate is a developer for Atomic Object, a software agency based in Ann Arbor, and works closely with the Gala team.

Once a Maintainer is written by the team at Infield, a platform for managing open source software upgrades.

Ed, let’s talk a bit about your personal…

Namanyay Goel with a post that appears to be lighting the Internet on fire and is making me feel pretty smart about emphasizing the generational transition at which the software world finds itself:

We're at this weird inflection point in software development. Every junior dev I talk to has Copilot or Claude or GPT running 24/7. They're shipping code faster than ever. But when I dig deeper into their understanding of what they’re shipping? That's where things get concerning.

Sure, the code works, but ask why it works that way instead of another way? Crickets. Ask about edge cases? Blank stares.

Imagine if your doctor had skipped med school, but—don't worry!—the AI tool built into his Epic…

Learn how to run a fully functional Ruby on Rails blog in your browser using WebAssembly—no servers needed; a complete guide to making Rails Wasm-ready.

Imagine a fully functional blog running in your browser—not just the frontend, but the backend, too! No servers or clouds involved—just you, your browser, and… WebAssembly! By allowing server-side frameworks to run locally, WebAssembly is blurring the boundaries of traditional web development and opening up exciting new possibilities. In this post, I'll share the…

Parameters

The data sent with incoming request is known as parameters. The parameters in Rails can be found in the params hash and include:

• Path Parameters: Embedded in the URL, e.g., /posts/:id.
• Query String Parameters: Added to the URL, e.g., /posts?title=rails.
• Form Data: Submitted via forms using POST requests.
• JSON Data: In APIs where the request body contains JSON.

Unlike a plain Ruby hash, the params hash is an ActionController::Parameters object which treats symbols (e.g., :key) and strings (e.g., "key") as equivalent keys.

Strong Parameters

Strong parameters allow us to explicitly permit and require specific attributes in the controller, preventing mass assignment…

I've started working on a new edition of Ruby Under a Microscope that covers Ruby 3.x. I'm working on this in my spare time, so it will take a while. Leave a comment or drop me a line and I'll email you when it's finished.

Ruby’s garbage collection implementation is complex and confusing - yet powerful and beautiful at the same time. Chapter 13 summarizes and explains advanced aspects of Ruby’s garbage collector. I love learning about the difficult bits at a deep enough level to be able to explain them to someone else. In RUM I often show snippets from Ruby's C source code in gray callouts. These sections are for readers who already understand C syntax, or who would like to learn it. …

Today we are happy to announce that Higher Pixels, the team behind the popular podcast platform Buzzsprout, is joining the Rails Foundation as a Contributing member!

Higher Pixels has been building with Rails since 2005, and since then has launched five products - all while adhering to the Rails Doctrine and using as close to 100% vanilla Rails as possible. Buzzsprout is now their largest product, and the most well-known in the Rails community. Today, it serves over 100,000 podcasts on a robust Rails monolith - a great example of how you don’t need much else in your toolbox to scale a large, public-facing Rails platform.

In the history of our company, nothing has impacted our ability…

Joël talks with fellow thoughtboter Fritz Meissner about the thinking process behind his latest kata project and the vast world of coding problems.

Fritz explains why he developed the noisy animals kata and how it helped to better understand and streamline his code, the best ways to break down conditionals and how to clean them up efficiently within your workflow, as well as knowing where the limits of improvement are in each project you work on.

—

Refine your conditional logic technique with a copy of 99 Bottles of OOP and then test your skills with Fritz’s Noisy Animals Kata. Compare notes with Joël and Fritz to see how you stack up once you’re done!

Listen to Joël’s…

RubyGems 3.6.4 includes enhancements and performance.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

• Raise a simpler error when RubyGems fails to activate a dependency. Pull request #8449 by deivid-rodriguez
• Installs bundler 2.6.4 as a default gem.

## Performance:

• Allocate strings from Requirement match only once. Pull request #8245 by segiddins

SHA256 Checksums:

• rubygems-3.6.4.tgz
  41b68f4e886e320f94d9d250717355cdb557e6e1aac3110116bdb93d0f21e6b9
• rubygems-3.6.4.zip
  82a2b40513b140d0bd499cf3737e54c13e3a08033288ee18bf05551ba725cd2b
• rubygems-update-3.6.4.gem
  fb7b2c951705784e…

How Token Log-Probabilities Can Predict LLM Reliability

Content:
1. Review of relevant Machine Learning (ML) concepts (precision/recall, LLM intuition)
2. Using sequence log-probability metric as LLM confidence
3. Results from a case study in filtering poor quality LLM outputs

Introduction

To LLM or not to LLM?

Large Language Models (LLMs) like ChatGPT, Claude, LLaMA are incredibly powerful but are still an emerging technology that can pose unique risks. Sometimes LLMs seem to know exactly what is going on and can easily answer complex questions. Yet, other times, they output irrelevant information or even “hallucinate” (make up information).

What if you could build a modern, dynamic UI in Rails without the extra complexity? Enter Hotwire.

Continue Reading

The Rails Foundation has partnered with Doximity, Planet Argon, 37signals, and Tropical on Rails to give away 22 free tickets to Tropical on Rails to Rails developers based in Brazil.

Tropical on Rails takes place April 3 & 4 in São Paulo Brazil and is the largest Rails conference in South America, where the warmth of the Ruby community meets the energy of Brazilian hospitality and culture. They’ve lined up a great list of Brazilian and international speakers.

This event sold out quickly! If you missed out on getting a ticket (or didn’t have the means to get a ticket when they were available), this is your chance to attend! Please fill out this short application by February 28 and…

Since Kamal 2 was released, I've been using it to host a few applications and websites for my clients (yes - Rails is fantastic and perfectly fine for plain old marketing websites) on multiple Linux servers.

Most of them use SQLite as database, and Rails + Hotwire + SQLite combo has been a fantastic alternative against the traditional WordPress + MySQL (or even static) sites one might use for a simple marketing site that needs some lightweight CMS functionality, which I'm always happy to hand-code in Ruby.

Anyway, when deploying Rails applications that use SQLite with Kamal, the SQLite database lives inside a Docker container on my production Linux server (although mapped to a persistent…

February 13, 2025 Seeding a database is an essential step in Rails development, whether you’re setting up a new project, testing features, or ensuring a smooth onboarding experience for new developers. Rails seeds allow you to populate your database with default values quickly and efficiently. In this article, we'll explore best practices, tools, and techniques … Continue reading Seeds on Rails: The Best Way to Create and Feed Your Rails Database →

I was chatting with Adam Stacoviak over at Changelog a couple weeks back, and he mentioned that this year they've taken their podcast "video-first" via their YouTube channel.

I hadn't heard the phrase "video-first" before, but I could imagine he meant, "you record the show for video—which is more complex than recording audio alone—and then the audio is a downstream artifact from that video production." Of course, key to my personal brand is failing to demonstrate curiosity in the moment by simply asking Adam what he does, and instead going on an individual two-week-long spirit quest to invent all the wheels myself based on the possibly incorrect assumption of what he meant in the first…

What if we need to combine multiple sitemaps for a main domain or subdomain? Here’s how to do it by creating sitemap index.

Sitemap index

Let’s say our site has a regular sitemap.xml and a blog/sitemap.xml, but we want Google to crawl and index both. To combine them we need to rename the original to something else like main_sitemap.xml and then create an index of all sitemaps we have:

<?xml version="1.0" encoding="UTF-8"?>

<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
  <sitemap>
     <loc>https://deploymentfromscratch.com/main_sitemap.xml</loc>
     <lastmod>2004-10-01T18:23:17+00:00</lastmod>
   </sitemap>
   <sitemap>
      <loc>https://deploymentfromscratch.com/…

And that’s it, both sitemaps then stay exactly same as before. Optionally we can include <lastmod> tag for…

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨

📚 Articles, Tutorials, and Videos

📚 Articles

Camera Access With Hotwire Native - Leon Vogt provides a guide on integrating inline camera functionality into Hotwire Native applications. He details the process for both web and native platforms, including setting up camera access using Stimulus on the web, configuring WKWebView for iOS with appropriate permissions, and implementing WebView for Android.

Electronic Signatures with Rails - Jeremy Smith presents a method for integrating electronic signatures into Rails applications using Stimulus, Active Storage, and the Signature Pad library.

Hide…

Direct link to podcast audio file

Update: This is the first version of Breaking Change available in 4K video. Check it out on YouTube.

The one where Justin picks the perfect time to buy his first Tesla vehicle.

Sometimes the things I say and do make people feel things. Share those feelings with me at this e-mail address: podcast@searls.co. Whatever you're feeling, I'll read it and do my best to acknowledge it. I also may read it on air. Unless you ask me not to, in which case I won't.

Okay, so anyway, there are links to be lunked:

• The RuboCop pull request I referenced having talked about in this month's newsletter
• The Space Black Firanto paint I tried to use to heal my M4 MacBook…
• The little travel…

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in January.

Open Source Program Announcements

Our Security Engineer in Residence’s year in review

Samuel Giddins published a review of his 2024 work as Security Engineer in Residence at Ruby Central.  It was a busy year with the sigstore work as the centerpiece.  He finishes with an overview of what he’ll focus on in 2025.

RubyGems News

In January, we released RubyGems 3.6.3 and Bundler 2.6.3. These releases bring a series of enhancements and bug fixes designed to…

You don’t want to miss this heartfelt episode as Jason, Chris, and Andrew discuss the impact of their podcast, the connections they’ve made, and the technical communities they are part of. They discuss their use of AI tools in coding, their favorite TV shows, and reflect on the changes in the Ruby community. They also share memories of past podcast episodes and the influential people they’ve interviewed. A significant part of the discussion centers on Jason's departure, marking this his last episode as a co-host. Chris and Andrew express their thoughts about Jason leaving, recount favorite moments, and they reflect on how the podcast has fostered deep friendships and professional growth…

Ruby 3.4.2 has been released.

This is a routine update that includes bug fixes. Please refer to the release notes on GitHub for further details.

Release Schedule

We intend to release the latest stable Ruby version (currently Ruby 3.4) every 2 months. Ruby 3.4.3 will be released in April, 3.4.4 in June, 3.4.5 in August, 3.4.6 in October, and 3.4.7 in December.

If there’s any change that affects a considerable amount of people, those versions may be released earlier than expected.

Download

• https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.2.tar.gz

  SIZE: 23174066
  SHA1: 1537911b4a47940f11c309898e04187344a43167
  SHA256:…

Hey everyone, Happy Friday!

Vipul here with the latest updates for This Week in Rails.

This week, several improvements were made to Routes lookup. Below are a few notable changes-

Speed up GTG Simulator by reducing slices/matches
This change improves routing performance by 10-20% in simple cases by removing duplication and preventing excess string allocations.

Micro-Optimize Router#find_routes
This PR slightly improves the routes finding process by removing overheads and speeds up the route look up process by 2-2.5x faster compared to Rails 8.0.

Simplify stdparam state to reduce retained hashes
This PR simplifies the data stored in stdparam_state to be a simpler hash mapping and…

Here’s a list of…

If you are publishing videos via the Instagram API (as I do for my feed2gram gem and for Beckygram), one of the first things you notice is that it is a lot less forgiving than their app is.

From their docs that spell this out:

The following are the specifications for Reels:

• Container: MOV or MP4 (MPEG-4 Part 14), no edit lists, moov atom at the front of the file.
• Audio codec: AAC, 48khz sample rate maximum, 1 or 2 channels (mono or stereo).
• Video codec: HEVC or H264, progressive scan, closed GOP, 4:2:0 chroma subsampling.
• Frame rate: 23-60 FPS.
• Picture size:
• Maximum columns (horizontal pixels): 1920
• Required aspect ratio is between 0.01:1 and 10:1 but we recommend 9:16 to avoid cropping…

If you get this wrong, you'll receive a mostly-unhelpful-but-better-than-nothing-error message that looks like this:

{
  "message": "The video file you selected is in a format that we don't support.",
  "type": "OAuthException",
…

I was talking to a friend about how to add a directory to your PATH today. It’s something that feels “obvious” to me since I’ve been using the terminal for a long time, but when I searched for instructions for how to do it, I actually couldn’t find something that explained all of the steps – a lot of them just said “add this to ~/.bashrc”, but what if you’re not using bash? What if your bash config is actually in a different file? And how are you supposed to figure out which directory to add anyway?

So I wanted to try to write down some more complete directions and mention some of the gotchas I’ve run into over the years.

Here’s a table of contents:

• step 1: what shell are you using?
• step…

After 15 years of sugar-coating it, I'm upgrading from kid gloves to… regular gloves, I guess?

The truth is and has always been:

1. That the best way to get better at programming computers is to spend time programming computers
2. That a lot of people don't do this, but expect the same salaries as those that do
3. That one highly-competent developer can often run laps around entire software teams at the typical company

I'm done pretending this isn't true.

Watch on YouTube

Hello again friends! Today I’ll show how you can improve JRuby startup right today, as well as a sneak preview of some exciting new developments in this area!

Application Class Data Store (AppCDS)

I’m still ramping up my blogging efforts, but I wanted to share the results of recent experiments using JRuby with Application Class Data Store and the new AOTCache feature being previewed in JDK 24

Around the times of Java 1.7 or 1.8, teams at Sun (and then Oracle) started shipping a JDK feature called Class Data Sharing (CDS). This was a new, specialized cache file that could be used to “pre-load” much of the runtime metadata from starting a JVM-based application. Initially, this only…

I'm as big a fan of searching for environmental and systemic explanations when expectations are missed, but that doesn't mean that sometimes the blame lies with the skill of the people doing the job. Decided I'm going to stop pretending as if that's never the case.

Every time I sin, another device appears on my desk.

I recently gave a conference talk at Rails World in Toronto, about the state of security in Rails 8. This article is a written version of the conference talk. If you want to watch the recording of the talk, you can do so here:

When working with the Hotwire stack, most can be done via typical post or get-requests to the server. It then sends a HTML response back to the browser and everybody is happy. But sometimes you need to make a request in your Stimulus controller, either to your own back-end or an third-party API.

Working with a recent client, there was a need to capture events from a video player. Luckily JavaScript has all the tools to make this really easy. Let’s look at a basic example that captures events by your users:

// app/javascript/controllers/video_player.js
import { Controller } from "@hotwired/stimulus"

export default class extends Controller {
  async play() {
    // play logic here

    awa…

Can we have a faster FFI for CRuby? Yes.

Can we have a faster FFI for CRuby?

I love programming in Ruby, and I advocate for people to write as much Ruby as possible. But sometimes you really really must call out to native code. Even in those cases, I encourage people to write as much Ruby as possible, especially because YJIT can optimize Ruby code but not C code.

Taken to its logical extreme, this guidance means that if you want to call a native library, you should write a native extension with a very very limited API where most work is done in Ruby. Any native code would be a very thin wrapper around the function we actually want to call that just converts Ruby types in to the types…

There's a common Prometheus alert called "NodeMemoryMajorPagesFaults". It's part of the Node Exporter's node-mixin project and also included in the kube-prometheus-stack default alert rules.

But what does this alert mean, and what do you do about it? This article helps you form a good mental model and provides practical guidance.

What are major page faults anyway?

"Major page fault" means that an application is using the memory management system to either read data from disk, or to swap in memory.

• Despite the ominous name, it doesn't mean that the system is encountering errors. However, since it indicates heavy disk reads, it could still indicate that something is wrong.
• The…

Today's guest is Joe Masilotti, who wrote Hotwire Native for Hotwire Developers. Joe is known as the Hotwire Native guy - he helps Rails developers build web-powered iOS and Android apps with Hotwire Native. He joins the show to talk about how Hotwire Native can help you build mobile apps out of your Rails apps.

Show Notes
Hotwire Native For Rails Developers
Joe Masilotti’s Website

Sponsors
Hosting for The Ruby on Rails Podcast is provided by Fireside.fm. If you want to start a podcast and are looking for hosting, visit fireside.fm/rails to get started.

Alright, let’s talk about deploying code without having a full-blown panic attack. You ever push something live and immediately…

The JRuby community is pleased to announce the release of JRuby 9.4.12.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 9.4.12.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward!

Critical Fixes

• Added additional locking to the new Class#subclasses implementation to fix a concurrent modification error. #8602, #8603

Standard Library

• jar-dependencies upgraded to 0.5.4 to fix an issue parsing Maven output on Java versions 9 and higher. #8606, #8615

4 Issues and PRs resolved for 9.4.12.0

• #8602 ConcurrentModificationException in subclasses map
• #8603 Ensure subclass set…

I've started working on a new edition of Ruby Under a Microscope that covers Ruby 3.x. I'm working on this in my spare time, so it will take a while. Leave a comment or drop me a line and I'll email you when it's finished.

The Ruby team has done a tremendous amount of work over the past decade on Ruby's garbage collection (GC) implementation. In fact, Ruby's new GC is one of the key reasons Ruby 3 is so much faster than Ruby 2. To bring all of this work to light, I decided to rewrite Chapter 12 from scratch, covering garbage collection in Ruby more accurately and in more depth. But then, after a few months, I realized I had gotten carried away and wrote too much material for one chapter.…

February 11, 2025 Control flow is at the heart of every programming language, dictating how code executes based on conditions, loops, and exceptions. While most Ruby developers are familiar with if, case, while, and until, the language offers several advanced constructs that can make your code more expressive and efficient. Let's dive into some lesser-known … Continue reading Mastering Control Flow in Ruby: Beyond the Basics →

There is a possibility for DoS by in the net-imap gem. This vulnerability has been assigned the CVE identifier CVE-2025-25186. We recommend upgrading the net-imap gem.

Details

A malicious server can send highly compressed uid-set data which is automatically read by the client’s receiver thread. The response parser uses Range#to_a to convert the uid-set data into arrays of integers, with no limitation on the expanded size of the ranges.

Please update net-imap gem to version 0.3.8, 0.4.19, 0.5.6, or later.

Affected versions

• net-imap gem versions 0.3.2 to 0.3.7, 0.4.0 to 0.4.18, and 0.5.0 to 0.5.5 (inclusive).

Credits

Thanks to manun for discovering this issue.

History

• Origi…

Being a lead developer is an interesting time. I’d write a lot more blog posts if I wasn’t so busy, sure, but mostly I’d write them if I was allowed to write them. So many times I think “this’d make an interesting blog post” right before the thought of “imagine how much shit you’d be in if you told a soul”. There’s a lot about being a lead that’s interesting but also highly confidential. I’d love to share those stories one day, perhaps a long way down the track.

But today I want to talk about ghosts.

The apps I’m working on have the lucky advantage of being around a decade and a half old. They also have the unlucky disadvantage of being a decade and a half old. Ruby and to a larger extent…

SEO isn’t just about keywords—it’s about ensuring your site is structured for search engines and users alike. Here’s how to automate that process with end-to-end testing using Playwright and Lighthouse.

Continue Reading

Mastering Rails Filter Parameters

Introduction

Logs are an invaluable resource for improving your application from tuning performance to debugging errors. However, logs can reveal more than intended or needed such as a user’s password or credit card number. Thankfully, Rails makes securing your logs easy by not only offering a robust mechanism for filtering, but also providing sensible defaults. In this post, we’ll dive into that mechanism, explore its customizable features, and provide actionable tips to tailor it to your application’s needs.

Default Behavior

Rails provides parameter filtering through an initializer located at config/initializers/filter_parameter_logging.rb. This feature has…

Friday, February 14th is my last day at Amazon.

I’ve been at Amazon for over 5½ half years, and it’s been a great run. I came from 8 years of leading technology at Artsy, and wanted to go back to coding. I found a Principal Engineer role to help launch the new AWS Data Exchange service. I was excited to work on a marketplace (Artsy is a marketplace for fine art), and the idea of a service that could connect data providers and data consumers at Amazon scale was big. Plus, I was finally going to learn how Amazon, and especially AWS, was so relentlessly successful, from within.

I half-jokingly talked of this as semi-retirement, because being an individual contributor at a F.A.A.N.G. seemed a…

• Prelude: peripherals
• Shell
• Code and text editor
• Notes
• Web browser
• Password manager
• Window switcher
• Clipboard manager
• Text expander
• Keyboard shortcuts
• Mobile apps
  • Cross-platform
  • iOS
  • Android

Over the past few years I’ve hopped across several devices and operating systems. Along the way, I’ve collected a list of my favorite apps and extensions for each OS. This post is that list.

This post is also a snapshot of how I use my computer and phone regardless of what OS happens to be on them. I still have my preferences, of course, but I’ve reached a point where I care less about which OS I’m using, thanks to this set of UI enhancements.

Here…

…the answer usually depends on everything OTHER than whether you're good at your job.

This clip is from v30 of Breaking Change.

Watch on YouTube

In Rails there is no official way to organize one-off scripts. Unlike recurring tasks, which are automated or scheduled to run at regular intervals (e.g., cron jobs or background workers), these scripts are standalone, ad-hoc scripts that are intended to be run only once or on rare occasions.

Before

Before Rails 8, managing one-off or custom scripts was often chaotic because there was no dedicated folder for scripts that didn’t fit standard Rake tasks or background jobs. This lack of organization made it harder to keep track of these scripts.

As a result, we had to create our own ad-hoc methods for storing and running these scripts. This lead to inconsistent and cluttered solutions.

…

I just underwent a 9+ hyperfocus session, during which I finished reading the last 125 pages of Layered Design for Ruby on Rails Applications. So, I wanted to share some patterns I noticed when going deep into an activity like coding or reading for longer hours and staying there. 

I consider a hyperfocus session anything that lasts more than 1.5-2 hours. In this session, the focus is on one task, and time and space are forgotten. While 3-4 hour sessions occur frequently for me, a 9+ hour session is extremely rare, so I wanted to capture its details while it's still fresh to see whether this is purposefully reproducible in the future.

First of all, I was on a plane without Internet. This helps…

When working on features, I strive to preserve my flow, which means, that after a few hours, I’ll have a bunch of untracked files waiting for me in git. Since I like to make atomic changes, I need to remember which files go hand-in-hand to bundle them up in meaningful separate commits.

git add --patch to the rescue

You probably already use git add to add files to your staging area. Well, git add --patch adds a few fancies to this process:

• Interactively review your additions.
• Select those you want to add to your staging area.
• Control the granularity with which you can do the above.

Let’s take this website repository as an example (#meta)!

First, let’s run git status.

 …

December 11, 2024 In web development, working with arrays efficiently is crucial, and Ruby on Rails enhances Ruby’s already powerful Array class with some incredibly useful methods. These Rails-specific extensions can help streamline your code and make common tasks more intuitive. This article explores some of the key array methods Rails adds to Ruby's standard … Continue reading Ruby on Rails: Unlocking the Power of Arrays →

Rails’ URL helpers allow you to pass in an Active Record object and it will automatically infer the proper URL including the id (e.g. link_to "Profile", @user). How can we get this behavior for custom objects?

Custom objects

Consider a custom Image class. We want URLs to look like /images/cat.gif.

Rails relies on the to_param method to generate identifiers in URLs. If we define it on our custom object it can now be used with link_to just like ActiveRecord objects can.

class Image
  attr_reader :filename

  def to_param
    filename
  end
end

<%= link_to "Details", @image %>
<%# will generate <a href="/images/cat.gif">Details</a> %>

Slugs

Because Rails URL-helpers…

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨

📚 Articles, Tutorials, and Videos

📚 Articles

How to avoid problems with Turbo morphing - Radan Skorić iscusses common pitfalls when using Turbo 8's morphing feature, such as losing initialized DOM elements or resetting UI states. He outlines key strategies to mitigate these issues.

Marksmith - a GitHub-style markdown editor for Ruby on Rails - Adrian Marin introduces Marksmith, a lightweight Markdown editor designed specifically for Rails applications. Marksmith provides an intuitive WYSIWYG editing experience while maintaining the flexibility of Markdown. It supports Active Storage out of the box and…

Build…

Vertical monitors for folks working on documents have been a thing for decades — now that Apple Vision Pro supports an 8K-ish ultra wide screen orientation for Mac Virtual Display, I’d love to see custom aspect ratios that allow you to create only as big of a Mac window as you need.

I want to write a post about Pitchfork, explaining where it comes from, why it is like it is, and how I see its future. But before I can get to that, I think I need to share my mental model on a few things, in this case, resiliency.

A few years ago, I read a tweet calling out unicorn-worker-killer as a major code smell. I don’t quite remember who or when it was, it doesn’t matter anyway, but I think it is an interesting topic because, depending on how that gem is used, I can either strongly agree with or vehemently oppose this tweet.

What Does It Do?

unicorn-worker-killer provides two optional features for Unicorn.

The first one allows to set a number of requests after which a Unicorn…

This is the first of what I hope will become a habit of long-form video excerpts from the podcast. This one comes from a section in v30 about DeepSeek and the ramifications it may have for OpenAI and the extent to which it condemns Sam Altman's ideology on how to run a startup.

Watch on YouTube

Why freak out about tariffs and the economy when random signs on the side of the highways in Florida are able to offer such amazing investment returns?

The observer design pattern (also called pub-sub) allows one or more subscribers to register with and receive notifications from a publisher. It's great for scenarios that need push-based notifications, instead of continuous polling. A real-world example is this blog. Whenever a new post is published, it sends an email to all the subscribers of the blog. As a result, the readers don't have to constantly refresh the blog to see if a new post was published.

The pattern defines a publisher (also known as a provider or an observable) and zero or more subscribers (also known as observers or listeners). Subscribers register with the publisher, and whenever a predefined condition, event, or state…

Why I didn't have kids, despite the fact a lot of men seem weirdly OK with pretending they have zero regrets.

This clip is from v30 of Breaking Change.

Frequently Played 🔗

I tend to listen to the same songs or albums on repeat that are evocative of how I’m feeling or what’s going on with me. Here is what I’m currently listening to over, and over, and over, and over, again.

Valentine’s Day 🔗

‘Tis the season. I listen to the Tunnel of Love album throughout February everyyear.

Full Lyrics

So hold me close, honey, say you’re forever mine
And tell me you’ll be my lonely valentine

I Don’t Mind (If I’m with You) 🔗

It’s interesting what people say they can endure for others. Even the wind.

Full Lyrics

Never had a good friend, no one like you
But I spent a lotta time on my own
And they set me on fire and I did a lot of burning
They told me I didn’t know things…

In this episode, Chris and Andrew welcome guest Stephen Margheim to discuss his specialization in Ruby and SQLite. Stephen shares his journey of improving the
developer experience with SQLite by addressing various pain points and adapting it for production in the Rails ecosystem. He talks about his contributions to Rails 8, making it the first fully production ready SQLite compatible web application framework. The conversation also covers the importance of leveraging these tools to build high-quality applications quickly and efficiently. Also, Stephen announces his upcoming course "High Leverage Rails" which focuses on maximizing the potential of Rails and SQLite for rapid, reliable…

Hi, Wojtek here presenting you this week’s changes in the Rails codebase.

Clio joins the Rails Foundation
We’re excited to welcome Clio as the newest Contributing Member of the Rails Foundation.

Support joins in update_all for Postgresql and SQlite
Previously when generating update queries with one or more JOIN clauses, Active Record would use a sub query which would prevent to reference the joined tables in the SET clause, for instance:

Comment.joins(:post).update_all("title = posts.title")

This is now supported as long as the relation doesn’t also use a LIMIT, ORDER or GROUP BY clause. This was supported by the MySQL adapter for a long time.

Rate limit password resets in auth…

Improve your user experience with Turbo Frames

I’ve spent a good chunk of my career optimizing performance in web apps — mostly from the frontend perspective. Recently, I stumbled upon a simple trick with Turbo Frames that can improve the user experience when a particular part of the page is painfully slow to load.

When Slow Pages Hurt UX

Imagine you have a view that shows a giant, complex list of data. Maybe it involves heavy database queries, advanced filtering, or complicated logic that can take a couple of seconds to finish. Traditionally, the user is stuck watching a blank or previous page until everything completes.

That’s obviously subpar for UX. The user might think the page is…

It sure seems like the Hanami web framework has been in the news lately, most notably the announcement that Mike Perham of Sidekiq fame has provided a $10,000 grant to Hanami to keep building off the success of version 2.2. I also deeply appreciate Hanami’s commitment to fostering a welcoming and inclusive community.

Thus I figured it was high time I took Hanami for a spin, so after running gem install hanami, along with a few setup commands and a few files to edit, I had a working Ruby-powered website running with Hanami! Yay!! 🎉

But then I started to miss the familiar comforts of Serbea, a Ruby template language based on ERB but with a few extra tricks up its sleeve to make it feel more…

Notion had for a long-time a neat block-based editor. It allows you to type away with a paragraph-element by default, but allows you to choose other block elements, like h1, ul and so on. This allows you to style the elements inline as well, keeping things super clear.

This article shows you the basic data modeling and logic to set up. Enhancing it with JavaScript (Stimulus) and making things pretty will happen in a following article. Exactly how I would do it in real apps too.

Data model

I am keeping this set up basic, with just a page model to hold the blocks, but in a real application a page might belong to something like a Collection. I am also not adding all possible blocks, but fee…

Recently I took part in a discussion about where to put validations. What jarred me was how some people inadvertently try to get all the validation in a one fell swoop, even though the things they validate are clearly not one family of problems. This led me to think about different kinds of validation and how does that relate to the nature of a command.

When talking about commands, I don’t mean any particular pattern in code. Throughout this article a command means an intent for some change to happen. In fact, let’s eject ourselves from the web app world for a little while and talk about commands in the situation when one person tells another to do something.

Say, Alice is telling Bob:…

A few weeks ago I ran a terminal survey (you can read the results here) and at the end I asked:

What’s the most frustrating thing about using the terminal for you?

1600 people answered, and I decided to spend a few days categorizing all the responses. Along the way I learned that classifying qualitative data is not easy but I gave it my best shot. I ended up building a custom tool to make it faster to categorize everything.

As with all of my surveys the methodology isn’t particularly scientific. I just posted the survey to Mastodon and Twitter, ran it for a couple of days, and got answers from whoever happened to see it and felt like responding.

Here are the top categories of frustrations!

When developing Rails applications, you often need to present numbers in a more human-readable format. For instance, you might want to display “1st” and “42nd” instead of just “1” or “42”. Rails provides a neat solution for this through Active Support’s Core extensions.

Instead of…

…avoiding ordinals altogether or using basic string interpolation:

position = 1
"You finished in position #{position}"
# => "You finished in position 1"
position = 32
"You finished in position #{position}"
# => "You finished in position 1"

Use…

…Rails’s built-in ordinal and ordinalize methods:

position = 1
"You finished in #{position.ordinalize} place"
# => "You finished in 1st place"
position = 11
"You…

Aysan recently wrote about accessibility testing in Rails applications using your test suite to ensure that your application is accessible to all users.

However, you may not have a test suite in place or you may not have a Rails application, but you still want to test the accessibility of your web application, right? So, we discovered the WAVE Web Accessibility Evaluation Tools that can help you test the accessibility of your web application, regardless of the technology stack you are using.

Does this sound interesting to you? Let’s dive in!

What is WAVE?

WAVE is a suite of…

I've started working on a new edition of Ruby Under a Microscope that covers Ruby 3.x. I'm working on this in my spare time, so it will take a while. Leave a comment or drop me a line and I'll email you when it's finished.

RUM includes a series of “experiments:” simple code snippets that show evidence the book’s explanations are accurate. One of the first experiments I wrote back in 2013, Experiment 7-2 is a fun way to see exactly when Ruby increases the number of bins in a hash table. The experiments in RUM are a great way to see for yourself how Ruby works. They also keep me honest; in fact, I ran this code again recently using Ruby 3.4.1 and saw different results than what I expected!

Ch…

Recently, we have seen the rise of Redis alternatives. Some of them claimedsubstantial performance gains. We did this benchmarking to see how muchperformance gain one would get by switching from Redis to one of thealternatives.

We explored several new contenders like Valkey,DragonflyDB, and DiceDB,which serve as drop-in Redis replacements. We also looked at Rails' ownSolidCache, which challenges in-memorystorage by favoring database-based approach. For this comparison, we included atuned SolidCache for PostgreSQL,as suggested by Andrew Atkinson. We also includedSolidCache with sqlite3,inspired by Stephen Margheim, who claims to offer significant performance gains.Finally, we added litecache…

Although SolidCache brings various advantages to…

A fantastic feature of Turbo Rails is the ability to broadcast changes to a page. Each connected client can receive changes in real-time. However, it's a common problem to update content that is shown to many users, but the rendering of items is affected by user context. A recommendation to get around this is to only broadcast things that don't require that user context. Because we have Turbo, we can serve user-specific content in other ways.

Let's examine our setup, and I'll explain how we can accomplish our goal.

We have a scheduling dashboard with appointments, and all users of this system can view it. If one of the appointments is updated by another user, we want to…

Ruby 3.2.7 has been released.

Please see the GitHub releases for further details.

Download

• https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.7.tar.gz

  SIZE: 20548416
  SHA1: c45aa881a7ea1175212d385fe5c8b6e9ff14b2e5
  SHA256: 8488fa620ff0333c16d437f2b890bba3b67f8745fdecb1472568a6114aad9741
  SHA512: 174e70ac20a21ea77e2c5055a9123a6812109fd7b54c0f7b948312b8159eedbfb11c06120390c158430ca8543e36893da6c809883c82757082d22e08004c5055
  

• https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.7.tar.xz

  SIZE: 15128228
  SHA1: 54e07b3adf1e948f5a35fc4ef9b24dd5976f1740
  SHA256: fc159b0d4a8ce412948fb69e61493839a0b3e1d5c919180f27036f1c948cfbe2
  SHA512:…

Joël is joined by fellow thoughtboter Aji Slater as they discuss their previous experiences in designing content for workshops.

Learn how to best structure your workshop for an audience, the benefits of a workshop over a talk and vice versa, as well as how to tackle the different hurdles your audience might face when working through your presentation.

—

Try your hand at Joël’s recommendation of visualising your Git Branching.

You can watch Ali’s Enigma Machine workshop here, Or connect with him via LinkedIn

Your host for this episode has been Joël Quenneville.

If you would like to support the show, head over to our GitHub page, or check out our website.

Got a question or…

Learn how to confidently handle end-of-day client emergencies using a real-life example from one of our team members.

Continue Reading