Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Everyday Rails 

Status report: Everyday Rails Testing with RSpec updates for spring 2018

A progress report on the latest round of updates to my Rails testing book.
The way is long but you can make it easy on me 

Why I'm declining funding from Ruby Together

Needless to say: everything herein is my opinion, not the opinion of my employer, the RSpec project, any open source project I am associated with, nor Ruby Central (with whom I am loosely associated).

The published goal of Ruby together is to build "Community funded developer infrastructure", along with the perhaps less clearly stated, but often communicated goal: to increase the diversity of the people participating in Ruby's core open source by providing funding is great. It's hard to disagree with that mission statement and the impact that some of that work has done. I, myself, have evangelised Ruby together to others in the community, both on stage, and off. The platonic ideal of what…

Ruby on Rails and Stuff by Paweł Dąbrowski 

Hawker gem – get the profile information from Github, Twitter or Instagram without the API

Have you ever tried to pull the information from the social profile using given URL? Configuring the API access may be a time-consuming and difficult thing to do. On the other hand, scraping a profile may be not as easy as it seems to be. To solve that kind of […]

The post Hawker gem – get the profile information from Github, Twitter or Instagram without the API appeared first on Ruby on Rails and Stuff by Paweł Dąbrowski.

Awesome Ruby Newsletter 

Issue 101 - LOTS - A Text based Adventure Game in Ruby

Ruby Weekly 

How Ruby 2.6's MJIT came to be

#395 — April 19, 2018

Read on the Web

Ruby Weekly

MJIT: A Method-Based Just-In-Time Compiler for Ruby — A brief history of how MJIT (currently under trial in Ruby 2.6 previews) came to be, followed by an interview with many of the players, including Matz, Tenderlove, and Vlad.

Heroku

Ruby 2.5 Enables Thread.report_on_exception by Default — Now we’ll get more reporting when threads fail instead of silence and frustration. This post does a good job of showing it in action.

Vishal Telangre

Fix Production Bugs in Seconds with Sentry — Relying on users to report errors? Use Sentry to fix production…

Ruby Pigeon 

Testing Code In Markdown In Jekyll

Blocks of code in blog posts and articles often contain errors. I see it frequently, in other people’s writing and my own. The code is usually not tested, or even run through a compiler/interpreter, so errors are not surprising.

There are plugins for text editors that can evaluate code within markdown, but I would prefer to test the code as part of a CI build, like any other Ruby project.

And so, I created a Jekyll plugin to enable that workflow.

jekyll-include_snippet

jekyll-include_snippet is a plugin for Jekyll that allows snippets of text to be included from other files. This allows code to be kept separately from the markdown, which makes it easier to test.

The rest of this…

Drivy Engineering 

Ensuring consistent spacing in your UI

Drivy is growing, and the impact of this is particularly reflected in the evolution of our visual identity, conveyed by Drivy’s UI.

Having more and more people involved in new features (product managers, copywriters, designers, developers, …) means having more UI updates on the website. To make things easier, we’ve recently started working on Cobalt, Drivy’s internal design system.

Design systems are a broad topic. This post will only focus on dealing with whitespace across the website.

The problem

In the past, we didn’t have a process for deciding on what value we should use for a given whitespace. Sometimes, a designer would choose a specific value or the developer might decide to…

RubyGuides 

How To Create A Memory Leak in Ruby

There are a few articles out there about how to find memory leaks. But how about creating one? I think it will be an interesting exercise so you know what a memory leak looks like in Ruby. Let’s see some examples. A Simple Leak We can create a memory leak by simply adding new objects […]

The post How To Create A Memory Leak in Ruby appeared first on RubyGuides. Don't miss your free gift here :)

Search Results for “ruby” – via @codeship 

Refactoring for the Tell Don’t Ask Pattern

Reading Time: 7 minutes

Design patterns provide us with guidelines to help us implement clear and concise maintainable code. When implementing object-oriented design, both duck typing and the Tell Don’t Ask pattern go hand in hand to produce easily composable and maintainable code. Also functional programming and common interface techniques such as Monads by design implement Tell Don’t Ask.

Here we’ll focus on implementing an easy-to-read, easy-to-update code base with object-oriented design, specifically using the Tell Don’t Ask principle.


“Implement an easy-to-read, easy-to-update codebase with the Tell Don’t Ask principle.” via @6ftdan
Click To Tweet


How Code Design Can Go Wrong

Until…

BigBinary Blog 

Ruby 2.5 enables Thread.report_on_exception by default and we get more info when threads die

This blog is part of our Ruby 2.5 series. Ruby 2.5 was recently released.

Let’s see what happens when an exception is raised inside a thread.

division_thread = Thread.new do
  puts "Calculating 4/0 in division_thread"
  puts "Result is: #{4/0}"
  puts "Exiting from division_thread"
end

sleep 1

puts "In the main thread"

Execution of it looks like this.

$ RBENV_VERSION=2.4.0 ruby thread_example_1.rb

Calculating 4/0 in division_thread

In the main thread

Note that the last two lines from the block were not printed. Also notice that after failing in the thread the program continued to run in main thread. That’s why we got the message “In the main thread”.

This is because the…

Greater Than Code 

076: Changing Lanes

Support for the Greater Than Code podcast comes from O’Reilly Fluent and Velocity conferences, happening in San Jose, CA, June 11-14. Don’t miss your chance to get double the exposure to practical knowledge, expert speakers, and networking opportunities that can immediately boost your own skill set, and elevate team performance. Save on your pass using code GTC20. Learn more at http://oreil.ly/2o07Ufw.


Panelists:

Coraline Ada Ehmke | Astrid Countee | Sam Livingston-Gray

Join Our Slack Channel!
Support us via Patreon!

Show Notes:

This episode started out as not really intending to being an episode, but the panelists involved decided that their impromptu discussion regarding staying in your…

All Ruby Podcasts by Devchat.tv 

RR 358: Code Automation

Panel:

  • Charles Max Wood
  • Dave Kimura

In this episode of Ruby Rogues, the panel discusses code automation. They talk about how automating things tends to make them more efficient and speed the time up it takes to complete them. In a world where time is precious, it’s important to automate anything you can so that you can save yourself valuable time and money. They also touch on the importance of having a structure and a consensus among the company in order to have the best productivity and the pros and cons of using “sprints”.

In particular, we dive pretty deep on:

  • The more automated things are, the more efficient they tend to be
  • What can we automate and delegate to make work…
All Ruby Podcasts by Devchat.tv 

MRS 039: Justin Gordon

Panel: Charles Max Wood

Guest: Justin Gordon

This week on My Ruby Story, Charles talks to Justin Gordon. Justin first got introduced to programming when he was a kid playing video games and in Jr. High when he took some Basic programming classes. By the time he was in High School, he was learning Pascal. He has always been interested in pursuing programming except for a small time in college when he thought he wanted to pursue investment banking. He first got into Ruby when he went to a meetup and found a startup who were using Ruby on Rails. They also talk about working remotely as well as ShakaCode.

In particular, we dive pretty deep on:

  • How did you first get into programming?
  • Bas…
Julia Evans 

Talk: Building a Ruby profiler

.container { display: flex; margin-bottom: 5px; } .slide { width: 50%; } .content { width: 50%; align-items: center; padding: 20px; } @media (max-width: 480px) { /*breakpoint*/ .container { display: block; } .slide { width: 100%; } .content { width: 100%; }

Last month I gave a talk at Localhost, the Recurse Center’s monthly talk series. My favourite thing about Localhost’s talk format is that speakers give relatively in depth talks about technical topics, and then people ask lots of questions at the end.

This talk is about the core of rbspy – how do we read memory out of the Ruby interpreter to figure out what…

Appfolio Engineering 

Programming in Paradise

 January sunrise over the Pacific Ocean in Santa Barbara, CA (2018)

January sunrise over the Pacific Ocean in Santa Barbara, CA (2018)

Once a month, I wake up very early, put on a warm jacket, make myself a cup of coffee, and sneak out of the house while the rest of my family is still asleep. I drive about ten minutes up highway 101, past hills, a vineyard, lemon orchards, and a couple of ranches, to a turnout on the side of the road where I can park the car. There is a short path I walk along to a cliff with a great view. I stand at the edge drinking coffee while I watch the sunrise over the Pacific Ocean.

Santa Barbara is a unique place…

Julia Evans 

New zine: Profiling & tracing with perf!!

.button2 { background-color: #ff5e00; display: inline-block; color: white; margin-bottom: 6px; font-weight: normal; text-align: center; vertical-align: middle; touch-action: manipulation; cursor: pointer; background-image: none; border: 1px solid transparent; white-space: nowrap; padding: 2px 6px; font-size: 14px; line-height: 1.7; border-radius: 2px; -webkit-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; align-self: flex-end; }

Hello! I’m delighted to announce that today I’m releasing a new zine: Profiling & tracing with perf!!

perf is one of my favorite programs…

Passenger - Phusion Blog 

Phusion Passenger migrated servers, here’s why (and how)

Phusion Passenger migrated servers, here’s why (and how)

A month ago one of our servers ran out of disk space during a long weekend - because this kind of stuff never happens during working hours, am I right? We caught the issue pretty late (thank you for your patience!), freed up a ton of disk space and did a hard reset. We immediately decided that, to omit similar issues in the future, we’d need to migrate www.phusionpassenger.com to its own dedicated server.

For all kinds of legacy reasons some of the services we’re using ran on a single server. Moving the Phusion Passenger website to a dedicated server was part of a bigger effort to better separate out these services, making sure we’re less dependant on ‘all other things being normal’.

Last…

Riding Rails 

Rails 5.2.0, performance optimizations, space-saving compression and more!

And now a Rails 🌩 News Flash 🌩! (Hint: we’ve got some big news this week, if you hadn’t heard). We take you now, live, to our reporter on the scene, Tim, for all the latest and greatest this week.

Rails 5.2.0 is out!

5.2.0 is officially among us, a little bit ahead of RailsConf this year. If you can’t wait until then to find out everything that this new release brings, do go read the original blog post that accompanied the release for all the details!

This Week’s Contributors

48 people contributed to Rails in the last two weeks, including an incredible 11 for the first time! A big thank you to all of you!

If you’d like to see yourself on that board, why not check out the list of open…

Andy Croll 

Stop robots and crawlers causing errors in your Rails application

When a Rails application can’t find a record, it throws a 404 error. This is a standard HTTP code for browsers meaning ‘not found’.

When you have an Internet-facing site various search engines will be crawling it to index your pages. As you change things, certain URLs might change or cease to exist. This means search engines/crawlers can start generating a lot of ‘not found’ errors by trying to load pages that used to exist.

Instead of…

…getting a bunch of unhelpful, distracting noise in your monitoring setup, or errors in your logs, when Google (or another web crawler) hits deleted public pages…

Or…

…naively swallowing all your 404 errors.

class ApplicationController < ActionControll…
Kir Shatrov 

Debugging Ruby processes in Kubernetes

Debugging non-containerized apps in production is dead easy: ssh to a host, rbspy, strace or gdb the process or run rails console to reproduce something in production.

Why Kubernetes makes it harder?

Running a process in a container makes debugging a bit harder: you need to first get into the container with docker exec (and don’t forget to add --interactive --tty) and only inside the container you’ll be able to inspect the running process.

What about using rbspy in Docker? That’s even trickier, because the ptrace (a system call that rbspy relies on) is not allowed by default in a container. You’ll have to run the container with --cap-add=SYS_PTRACE flag, and only then you’ll be able to d…

Ruby on Rails and Stuff by Paweł Dąbrowski 

WordpRSS – a simple Ruby gem to pull any WordPress RSS channel

Have you ever thought about building an RSS aggregator app with Rails? If yes then I have some goods news for you. I created WordpRSS – a simple Ruby gem that will help you to pull the data from any WordPress RSS channel. If you are not sure if a […]

The post WordpRSS – a simple Ruby gem to pull any WordPress RSS channel appeared first on Ruby on Rails and Stuff by Paweł Dąbrowski.

MIKAMAYHEM 

Two days in (F) sharp company

On April 9 and 10 I attended a two-days workshop on machine learning with F# with Mathias Brandewinder.

This may come as a surprise considering that

  1. I can be considered at best a novice in machine learning
  2. My (limited) programming background is exclusively in OO languages
  3. I work on a Mac 🙂

Actually the latter point turned out not to be a problem at all. The F# Ionide extension for Visual Studio Code is installed in a whiff and enables a fully functional IDE for F#, complete with package manager (paket) and interactive terminal. To be honest, some IDE features turned out to be positively sluggish but everything else was -contrary to expectations- absolutely painless.

As for the other two…

The Bike Shed 

150: I Fight For the Users

Derek and Sean discuss ethical concerns in software development and the prospect of licensing software developers.

Awesome Ruby Newsletter 

Issue 100 - Ruby is alive and well and thinking about the next 25 years

Martian Chronicles, Evil Martians’ team blog 

Scroll to the future

Authors: Anna Selezniova, Front-end Developer at Evil Martians and Andy Barnov, Writer at Evil Martians. Teacher at Le Wagon. Former international TV correspondent

Everything you always wanted to know about implementing scrolling but were afraid to ask. We have scrolled to the bottom of modern web specifications to take you on a whirlwind tour of latest CSS and JavaScript features that make navigating around a single page smooth, beautiful and less resource-hungry.

Most of the web pages do not fit on a single screen, so the ability to scroll information is taken for granted by all users. For front-end developers and UX designers, though, implementing scrolling experiences that work…

Test Double | Our Thinking 

Effective React Testing

The video above was recorded at JazzCon 2018 in New Orleans, Louisiana.

Many teams relish building applications with React these days. Composable components and unidirectional data flow with Redux create a solid foundation for modular applications. By this point, you know higher-order components, selectors, and render props like the back of your hand. But what about testing?

If you neglect to write React tests because you don't know what to test, which types of tests provide the most value, or how to start testing, then this talk will guide your path. I explain the difference among unit, isolation, and end-to-end tests, and provide a general framework for how to test your application.

You…

Valentino Gagliardi 

How to Throw Errors From Async Functions in Javascript? (and how to test them)

It is possible to throw errors from async functions in Javascript?

How to Throw Errors From Async Functions in Javascript? (and how to test them)

The topic has been covered hundred of times but let’s see it from a TDD standpoint.

Answer the question without looking at Stackoverflow.

If you know the answer, well I’m impressed.

If not that’s cool too. Keep reading and you’ll find it!

How to Throw Errors From Async Functions in Javascript: what you will learn

In the following post you’ll learn:

  • how to throw errors from async functions in Javascript
  • how to test exception from async functions with Jest

How to Throw Errors From Async Functions in Javascript: requirements

To follow along you should have:

  • a basic understanding of Javascript and ES6
  • a working installation…

How to Throw Errors…

Ruby Weekly 

Rails 5.2, Hanami 1.2, and migrating from Heroku to Dokku

#394 — April 12, 2018

Read on the Web

Ruby Weekly

Rails 5.2 Released — The somewhat impressive list of features includes Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, and Credentials. It works well with Webpacker 3.0 for your webpack JavaScript bundling needs too.

David Heinemeier Hansson

Measuring Branch and Method Coverage in Ruby 2.5Coverage, part of the standard library, can be used to measure line, branch and method coverage of code.

Vishal Telangre

Fix Production Bugs in Seconds with Sentry — You’re relying on users to report bugs? Use Sentry to fix production issues in real…

GoRails Screencasts 

Vue.js Components in Rails Views

Learn how to deeply integrate your Vue.js components with Ruby on Rails views
BigBinary Blog 

Ruby 2.5 supports measuring branch and method coverages

Ruby comes with Coverage, a simple standard library for test coverage measurement for a long time.

Before Ruby 2.5

Before Ruby 2.5, we could measure just the line coverage using Coverage.

Line coverage tells us whether a line is executed or not. If executed, then how many times that line was executed.

We have a file called score.rb.

score = 33

if score >= 40
  p :PASSED
else
  p :FAILED
end

Now create another file score_coverage.rb.

require "coverage"

Coverage.start
load "score.rb"
p Coverage.result

We used Coverage#start method to measure the coverage of score.rb file. Coverage#result returns the coverage result.

Let’s run it with Ruby 2.4.

$ RBENV_VERSION=2.4.0 ruby…
RubyGuides 

Profiling Ruby’s Memory Allocation with TCmalloc

Everytime Ruby needs to request memory from the operating system it has to call the malloc function. This function is part of the operating system itself, but there are alternative implementations you can use. One of those implementations is Google’s tcmalloc. TCmalloc is part of the Google Performance Tools suite. You can use these tools […]

The post Profiling Ruby’s Memory Allocation with TCmalloc appeared first on RubyGuides. Don't miss your free gift here :)

Engine Yard Blog 

5 Commercial Use Cases Continue to Prove the Value of Ruby on Rails


Ruby on Rails continues to gain popularity as an effective platform for developing web and cloud applications. Today, there are at least 865,472 business websites running on Ruby on Rails, and the number is growing. Ruby on Rails continues to gain momentum partly because it is open source, which means the developer community continues to improve the platform, and also because Ruby on Rails was created to promote “programmer happiness,” which means programmers are more productive and more efficient developing in Ruby on Rails than on other platforms such as .NET and Java.

The Miners - Medium 

Build Your Own Criptocurrency with Ethereum

A Gentle Introduction

Ethereum is a programmable blockchain with a decentralized platform to run your smart contracts on. These contracts are executed within the blockchain and run exactly as scheduled without any possibility of speed drop, censorship, fraud or third party interference [ETHEREUM, 2017].

Ethereum has arrived with innovations, introducing smart contract and other ways that we can utilize a blockchain — not only for cryptocurrency — and with it a new world of possibilities opens up. I will show you the basics of creating your own cryptocurrency, so that you can get a sense of all of this.

What is a Smart Contract?

Smart contracts can be described as highly programmable digital…

Hanami 

Announcing Hanami v1.2.0

Hello wonderful community, it's the hanami season! To celebrate, we're thrilled to release v1.2.0.

Features 🍒

So what this fresh spring 💐 has brought to you from the Hanami world?

HTTP/2 Early Hints

I experimented with HTTP/2 Push Promise in the summer of 2015, when Hanami was still called Lotus. I presented the results at the RubyDay of that year and build a demo app.

We didn't ship that feature because Rack and web servers didn't support Push Promise, so I had to write a toy HTTP/2 web server for Rack.

Given the adoption of HTTP/2 is slow, the IETF "backported" this feature to HTTP/1. This feature today is known as Early…

Scout ~ The Blog 

Why put Rust in our Python Monitoring agent?

Prior to adding Python performance monitoring, we'd written monitoring agents for Ruby and Elixir. Our Ruby and Elixir agents had duplicated much of their code between them, and we didn't want to add a third copy of the agent-plumbing code. The overlapping code included things like JSON payload format, SQL statement parsing, temporary data storage and compaction, and a number of internal business logic components.

This plumbing code is about 80% of the agent code! Only 20% is the actual instrumentation of application code.

So, starting with Python, our goal became "how do we prevent more duplication". In order to do that, we decided to split the agent into two components. A language agent

Greater Than Code 

075: Code and Witchcraft with Coraline Ada Ehmke

Support for the Greater Than Code podcast comes from the O’Reilly Velocity Conference. Join over 2000 developers and engineers in San Jose from June 11 to 14 to learn how to make your distributed systems more scalable, resilient and secure. Get the latest on microservices, cloud, DevOps, security, and more. Use discount code GTC20 to save 20% on most passes. Learn more at velocityconf.com.

Cloud City Development is happy to support our coding community and especially Greater than Code. The Cloud City team are expert software programmers and designers with a strong desire to see more diversity in tech, more kindness on teams, and better tools. Please let them know if you’d like their hard…

All Ruby Podcasts by Devchat.tv 

RR 357: Ruby 3 with Takashi Kokubun

Panel:

  • Eric Berry
  • Dave Kimura
  • David Richards

Special Guests: Takashi Kokubun

In this episode of Ruby Rogues, the panel discusses Ruby 3 with Takashi Kokubun. Takashi works for Treasure Data as a layers application engineer and works with template engines such as Haml and Hamlit. They talk about JIT Compilers and the upcoming Ruby 3.0 launch and the efforts that are going in to making this launch run more smoothly. They also touch on the importance of optimizing your code and discuss the 3 by 3 challenge with the upcoming Ruby 3.0 launch.

In particular, we dive pretty deep on:

Scout ~ The Blog 

Your Rails &amp; Elixir performance metrics 📈 inside Chrome Dev Tools

Browser development tools - like Chrome Dev Tools - are vital for debugging client-side performance issues. However, server-side performance metrics have been outside the browser's reach.

That changes with the Server Timing API. Supported by Chrome 65+, Firefox 59+, and more browsers, the Server Timing API defines a spec that enables a server to communicate performance metrics about the request-response cycle to the user agent. When you use our open-source Ruby or Elixir server timing libraries, you'll see a breakdown of server-side database queries, view rendering, and more:

screen

Combined with the already strong client-side browser performance tools, this paints a full picture of web…

Riding Rails 

Rails 5.2.0 FINAL: Active Storage, Redis Cache Store, HTTP/2 Early Hints, CSP, Credentials

Nearly 14 years since the first public version of Rails, it’s our pleasure to release yet another major upgrade to the framework in the form of 5.2.0 final. We’ve been diligently polishing Active Storage and the other big new components for stable release, and it’s great to see so many applications already running the release candidates in production. Basecamp and Shopify have both been running Rails 5.2.0 for quite a while.

This release comes just in time for RailsConf, which features sessions on the new encrypted credentials, a code review of Active Storage, advice on how to upgrade to a new Rails version, and a lot of Webpack talks.

You can read in even more detail about everything…

Appfolio Engineering 

Ruby 2.6 and Ahead-Of-Time Compilation

Ruby 2.6 preview 1 has optional JIT that you can turn on with a command-line switch. It also has a mode where you can tell it to wait for JIT before running your code, which is marked as a "test" option. But can you just turn it on and get Ruby AoT for our Rails Apps?

Let's check!

I maintain Rails Ruby Bench, so that's what I'll be playing with here, but the JIT and AOT advice should apply to most large Ruby apps. Also, keep in mind that JIT has only just happened and it's not recommended for Rails apps yet - you should expect things to change a lot after April 2018, when this article was written.

How Can We Do It?

For current Ruby 2.6, you have to turn on JIT explicitly. I use this:

export…
Olivier Lacan 

The Fear of Pairing

These days, I’m always eager the first time I have a chance to pair program with someone for the first time. Whether they’re more or less experienced than I am, I know that we’ll most likely learn a ton from each other. Maybe they’ll make me explain something I thought I understood, but in fact had incomplete knowledge of; or maybe they’ll take something that used to intimidate me and make it easily relatable. It’s always a learning opportunity for both parties in some way.

A few years into my programming career, it was often an anxiety-inducing experience for me to even think about working with a more senior developer so closely. To see them see me work. Would they think I’m useless?…

Ruby Inside - Medium 

How I Built Timeasure: Part 2 — Collecting Measurements & Supplying Configuration

https://pixabay.com/en/clock-wall-clock-watch-time-old-1274699/
This story continues How I Built Timeasure: Part 1 — Motivation & Method Wrapping.

The previous story described Timeasure (see: Github / RubyGems / Live Demo), a new gem that helps Ruby developers in measuring the runtime of their methods in production and gaining valuable knowledge regarding the proper path to optimization. In the previous story, I explored the main interface Timeasure offers for that purpose and have demonstrated how it was designed and crafted.

In this post I will dive into Timeasure’s profiling manager — the component that is concerned with collecting each measurement that is produced by a call to a tracked…

Paweł U. | Ruby on Rails Web Development Consultant Full Stack Blog 

How to Migrate a Ruby on Rails App from Heroku to Dokku

Containers represent Dokku and Heroku

Dokku is dev ops for dummies and a cheaper alternative to Heroku. Recently I’ve migrated a couple of my projects to it. In this blog post, I will describe how to setup and migrate a Rails app to Dokku with PostgreSQL, Sidekiq, Redis and Let’s Encrypt or Cloudflare for free SSL.

This tutorial is based on Dokku version 0.12.0. For a more in-depth tutorials, you can check out Dokku docs. I will focus on things you need to get up and running quickly. This blog post assumes you already have a Rails app running on Heroku.

Initial setup

You need to start with purchasing a barebones VPS and adding an SSH access to it. I will not elaborate on how to do it in this tutorial.

I use Hetzner VPS,…

RubyGems Blog 

March 2018 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems.org News

This month, RubyGems.org saw ongoing system updates, security patches, and general maintenance. Thank you @dwradcliffe for all your hard work!

RubyGems News

RubyGems saw another 25 pull requests merged in March. We started implementing the plan for RubyGems 3, improved a common and annoying warning, and fixed many, many bugs.

In March, RubyGems gained 73 new commits, contributed by 8 authors. There were 860 additions and 1,092 deletions…

Ruby Together News 

March 2018 Monthly Update

Hello! Welcome to the monthly update. During March, our work was supported by Coinbase, Cloud City Development, DigitalOcean and many others.

This month we were able to pay for 126 hours of developer work on Ruby open source. Thank you to all of the companies and individual developers that continue to support our work.

ruby together news

In March, Ruby Together was supported by 75 different companies. In addition, 2 developers signed up to be members of Ruby Together. We were supported by a total of 90 individual members and 68 friends of Ruby Together.

In very exciting news, the folks at Coinbase contributed $12,750 to Ruby Together as part of their ongoing open source funding efforts.…

zverok with ruby 

The Missing Ruby Reference

Imagine your friend, thinking about learning programming, or switching to new languages, asks you:

OK, I’ll give your beloved Ruby a try, point me to the language reference, I want to taste it. No, please, not “your first steps” schoolbook, and not a link to 5-year-old Amazon book, just the normal language reference.

What would you do?

Let’s see.

What official site suggests? Documentation section is full of helpful resources (though, I find a bit funny that first recommended manual in “Getting Started” section is “Why’s Poignant Guide”, which is the piece of art we all adore, but by no means proper language introduction).

There is, though, one small problem with those links: there…

Ruby on Rails and Stuff by Paweł Dąbrowski 

4 levels of the data validation in a Rails application you should be aware of

If you receive a user input in your application, you need a validation – no doubt about it. When thinking about the validation in a Ruby on Rails application we used to think about a model validation in the first place. But how about other levels of the validation? Is […]

The post 4 levels of the data validation in a Rails application you should be aware of appeared first on Ruby on Rails and Stuff by Paweł Dąbrowski.

Test Double | Our Thinking 

Open Source Spotlight: Dependable

Recently, Michael Schoonmaker, Joshua Starkey, and myself got together to brainstorm some improvements we wanted to make to an open source library called Dependable that we had used on a client project.

Dependable is billed as "A minimalist dependency injection framework for node.js", but I feel like it only took on the "minimalist" moniker after we shipped version 2.0 just a few weeks ago. As we sat down to discuss what we wanted to do there were a number of questions that shook out that I feel need to be asked by any team working on an open source project:

  • How can we make this smaller?
  • What features are core and what can we prune?
  • How can we write the test-suite in a way that…
Hanami 

Announcing Hanami v1.2.0.rc2

Hello people!

Today we're happy to announce v1.2.0.rc2 release 🙌 , with the stable release (v1.2.0) scheduled for April 2018.

Enhancements 🍰

  • Use different colors for each Hanami::Logger level
  • Introduce Hanami::Action::Flash#each and #map
  • Allow submit and button form helpers to accept blocks
  • Let fields_for_collection to iterate thru the given collection and yield current index and value

Bug fixes 🐛

  • Ensure select helper to set the selected attribute properly when an <option> has a nil value
  • Ensure to not reload code under lib/ when shotgun isn't bundled

Released Gems 💎

  • hanami-1.2.0.rc2
  • han…
The Bike Shed 

149: E With an Umlaut

Sean experiences a frustrating Ruby bug while building tooling to enforce module boundaries in Shopfiy's monolith. Derek deprecates Rails functionality instead of preparing his talk.

Awesome Ruby Newsletter 

Issue 99 - Are we abusing at_exit?

Junior Developer 

db:migrate:down and Bash completion

As a busy Rails developer, you are probably inconvenienced at least twice a year when you have to run a migration that's not the last one in the db/migrate directory. You have to ls -lrt the contents of that directory, copy the version number, and then paste it into your terminal so you can do that down migration:

ber db:migrate:down VERSION=20180319191352

I mean! Those are precious seconds wasted. Well, no more. Just put this snippet in your .bash_profile:

_rake_migrate() {
  COMPREPLY=()
  if [ $3 != "db:migrate:down" ]; then
    return 0
  fi
  local cur="${COMP_WORDS[COMP_CWORD]}"
  IFS='=' read -r -a array <<< "$cur"
  local version_number_part=${array[1]}
  if [ "$COMP_CWORD"
Ruby Weekly 

10 points on the development of Ruby from a recent interview with Matz

Ruby Weekly Issue 393 — April 5, 2018
Benoit Larroque
Specifically CVE-2018-8778, a buffer under-read vulnerability in String#unpack. This post goes deep on what it all means, how it can be exploited, and how it’s resolved.


SideCI Team
10 points on the development of Ruby from a recent interview with Matz at the Ruby25 event. Ruby 3 will be backward compatible, and Matz plans to ‘never retire from developing Ruby’.


Semaphore  Sponsored
Tired of fragile code? This hands-on book will teach you how to build better Rails apps with confidence. Learn…
Scout ~ The Blog 

Scout's top-secret 4-point observability plan

Observability: the degree to which you can ask new questions of your system without having to ship new code or gather new data.

Above is my slightly modified definition of observability, mostly stolen from Charity Majors in Observability: A Manifesto.

Observability is increasingly important. Modern apps and services are more resilient and fail in soft, unpredictable ways. These failures are too far on the edges to appear in charts. For example, an app may perform dramatically worse for one specific user that happens to have a lot of associated database records. This would be hard to identify on a response time chart for apps doing reasonable throughput.

However, understanding…

Janko’s Blog 

ImageProcessing 1.0 Released

The ImageProcessing gem has just reached version 1.0, and I thought this would be a good opportunity to write an article about it. For those who don’t know, ImageProcessing is a wrapper gem that provides common image processing functionality needed when accepting image uploads from users (most notably resizing images).

It was originally written to be used with Shrine, because Paperclip, CarrierWave, Dragonfly, and Refile all came with their own image processing implementations that couldn’t be reused for Shrine. The goal was to extract knowledge from existing implementations into a gem that’s generic and reusable. The initial implementation was extracted from refile-mini_magick.

Original…

ruby – Bibliographic Wilderness 

Another round of citation features in a sufia app

I reported before on our implementation of an RIS export feature in our sufia 7.4 app.

Since then, we’ve actually nearly completely changed our implementation. Why? Well, it started with us moving on to our next goal: on-page human-readable citation. This was something our user analysis had determined portions of our audience/users wanted.

Turns out that what seemed “good enough” metadata for an RIS export (meeting or exceeding user expectations; users were used to citation exports not being that great, and having to hand-edit them themselves) seemed not at all good enough when actually placed on the page as a human-readable citation (in Chicago format).

We ended up first converting our…

All Ruby Podcasts by Devchat.tv 

MRS 038: Trae Robrock

Panel: Charles Max Wood

Guest: Trae Robrock

This week on My Ruby Story, Charles talks to Trae Robrock. Trae founded and is currently the CTO of Green Bits which builds POS software for the legal cannabis industry. They have been in business for about 4 years now and are growing as the cannabis industry does. He first got into programming started when he was growing up and was always around computers. He started off writing clients for mIRC where he would write chat bots and code. He got into Ruby when he found that Twitter was written in Rails and noticed that he should probably learn about it so he could get a job after college. Now, he’s focusing on Green Bits and growing his team so…

Passenger - Phusion Blog 

Passenger 5.2.3: macOS compilation fix, full $TMPDIR support

Passenger 5.2.3: macOS compilation fix, full $TMPDIR support

Version 5.2.3 of the Passenger application server for Ruby, Node.js, Meteor and Python has been released. We've fixed a macOS build issue and removed hardcoded references to /tmp. Python 3 support was improved and a few minor issues fixed.

The 5.2 series brings a major internal overhaul of configuration management, which is the first step in deep inspection and on-the-fly reconfiguration of Passenger. The 5.x series of Passenger in general brings a plethora of improvements in uptime maximization, security and efficiency.

Please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

macOS compilation fix

The pa…

RubyMine Blog 

RubyMine 2018.1 Released: Improved Performance, Run Anything, Postfix Completion, and More

Hi everyone,

RubyMine 2018.1 (181.3204.562), the first major release of the year, is now available. Learn about all the new features on our What’s new page, or you can read a brief summary below:


Faster and smarter IDE

  • The redesigned core static analysis engine improves the performance of the IDE. In particular, code autocompletion suggestions, code inspection (Code | Inspect Code), and other features related to code analysis now respond better and complete faster. More.
  • Improved Code Insight for block variables: a block passed as a parameter is…

Run anything

  • The new Run anything action (Double Ctrl) provides a unified way to instantly run rake tasks, rails s, or basically any script or console command. More.
  • Press Shift while using the Run anything action, and it will switch…

Postfix code completion

  • The newly added postfix code completion lets you transform an existing…
Tech Tips and Freebies – Rubyroid Labs Blog 

PDF Tips. How to generate PDF document via ODF report right

Though looking pretty simple, generating a PDF document can lead to a number of issues. Let’s learn how to do it right with Ruby on Rails. Generation of a PDF document is something almost any SaaS faces up with. At one of our projects we faced up with an issue associated with a generation of...
Greater Than Code 

074: Be Your Own Hero with Astrid Countee

Support for the Greater Than Code podcast comes from O’Reilly Fluent and Velocity conferences, happening in San Jose, CA, June 11-14. Don’t miss your chance to get double the exposure to practical knowledge, expert speakers, and networking opportunities that can immediately boost your own skill set, and elevate team performance. Save on your pass using code GTC20. Learn more at http://oreil.ly/2o07Ufw.


Panelists:

Christina Morillo | Sam Livingston-Gray | Jessica Kerr | Astrid Countee

Join Our Slack Channel!
Support us via Patreon!

Show Notes:

01:41 – Astrid’s Superpower: Being Analytical and Logical

04:33 – Social Scientists and Technology

12:47 Professionalization

The Code of Ethics…

All Ruby Podcasts by Devchat.tv 

RR 356: Geospatial Programming in Ruby with Daniel Azuma and Tee Parham

Panel:

  • Charles Max Wood
  • Eric Berry
  • Special Guests: Daniel Azuma and Tee Parham

In this episode of Ruby Rogues, the panel discusses geospatial programming with Daniel Azuma and Tee Parham. Daniel is a developer at Google and has been doing Ruby for about 14 years. Tee is co-founder and CTO of Neighborland, which is built on Ruby on Rails. Before that, he founded, managed and led technical projects for a small startup for about 8 years. They discuss what geospatial programming is, what RGeo Gem is, and other interesting aspects of geospatial programming.

In particular, we dive pretty deep on:

  • Daniel and Tee intros
  • What is the landscape when it comes to geospatial programming?
  • Wh…
Appfolio Engineering 

Rails Ruby Bench: What Is It and Why Should You Care?

Recently the brilliant and accomplished Chris Seaton asked me what the difference was between Rails Ruby Bench and the normal Discourse benchmarks, as seen on ruby-bench.org.

Plus I keep writing about RRB and linking to the code on GitHub. That's not terrible, but it's not exactly friendly. So let's talk: what is Rails Ruby Bench? Why should you care?

(Spoiler: if you mostly care about Ruby on Rails performance on a big server or VM, Rails Ruby Bench is the closest to "your" benchmark for Ruby that you'll find.)

The Very Basics: What Is RRB?

Rails Ruby Bench uses Discourse, a real-world Ruby on Rails app, and a simulated realistic workload to benchmark the speed of Ruby. So: what is…

Ruby Tuesday 

Issue #11

  • start = Time.now
    heavy_operation()
    time_taken = Time.now - start
    

    Have you ever written a code like that? I most certainly did. Turns out it’s all wrong. Why and how to make it better? Read and explanation by Luca Guidi, author of Hanami framework.

  • Integer overflow is sooooo C, right? What if I told you it could affect Ruby and was fixed only recently? Read the whole story here.
  • Rack::Reducer is a new gem to help you write queries with filters from query params applied. Designed for ActiveRecord, it can also be user with Sequel, Hanami, ROM etc. Here’s an introductory blog post about it.
  • If you need to maintain communication between couple of microservices, chances…
Drivy Engineering 

Running Our First Internal Hack Day

Trying out new technologies, exploring new ideas, investigating potential solutions: these are all fundamental parts of the problem-solving element of a developer’s work. As with any form of creative work, it’s important to keep motivated and one step ahead of ever-changing technological advancements. This encourages a fresh approach, and above all, boosts the enjoyment we take from our work.

That’s why we’ve started holding regular hack days here at Drivy. Every few months, the tech, product and data teams can get together and pool their skills, experience and ideas. The brief? To plan and implement an Drivy-related MVP that could improve the product, but which you wouldn’t usually get…

Paweł U. | Ruby on Rails Web Development Consultant Full Stack Blog 

How Getting Featured by Hacker News Affected my Passive Income

Coins represent a passive income

Two weeks ago my blog post made it to the top of Hacker News. Around 30k people read about my side project Slack bot that day. In this blog post, I will describe how it affected the project and my other passive monetization and marketing strategies.

First, let’s take a look some stats:

Stats

I published the post on Monday two weeks ago. Couple hours later it made it to the top of the Hacker News:

Post at the top of Hacker News

At the peak hours blog was being visited by over 200 users simultaneously:

Traffic during Hacker News top position

Around 10% of the traffic bounced to the landing page of Abot the project I wrote about:

Abot landing traffic during Hacker News top position

Overall this blog post was visited by around 30k people that day. It received over 250 upvotes and provoked the…

Riding Rails 

New Rails bug fix releases, closer to multi dbs and more!

Hey there, esteemed readers of Rails’ public repo tea leaves. It’s Kasper bringing you the latest hot cup to steel transcendence from.

This Week’s Contributors

Here goes a hey-o to the 16 contributors this week! You can make the list no doubt, try finding an open issue.

Rails 5.0.7 and 5.1.6 are out

New bug fix releases are out, so you can upgrade your apps today.

Easy Multi databases: basic rake tasks

For applications with multiple databases you always had to create your own rake tasks. No more! One of the stepping stones for Rails 6.0 to have multi db support out of the box is in.

Compare dates with before? and after?

To compare two dates and/or times we’d use the standard < and >…

Drifting Ruby Screencasts 

ActiveRecord Tricks

In this episode, we look at what would seemingly be simple queries, but are more complex once you start looking into them. Using built in ActiveRecord functions, we can make the queries readable and easy to work with.
Julia Evans 

Reverse engineering the Notability file format

I spend a fair amount of time drawing comics about programming. (I have a new zine called “profiling & tracing with perf”! Early access is $10, if you want to read it today!)

So on Thursday, I bought an iPad + Apple Pencil, because the Apple Pencil is a very nice tool for drawing. I started using the Notability app for iPad, which seems pretty nice. But I had a problem: I have dozens of drawings already in the Android app I was using: Squid!

Notability does have a way to import PDFs, but they become read-only – you can draw on top of them, but you can’t edit them. That’s annoying!

Here’s the rough dialog that ensued:

  • Julia: “I want to convert my old drawings to the new app but…
Kir Shatrov 

Asynchronous Active Record migrations

Every time when you deploy code with schema changes, you have to apply new Active Record migrations by running bin/rails db:migrate. This is a common step of deploy scripts (see Capistrano).

While running migrations as a part of the deploy is the default approach used by most of companies, for some reason Rails community never reconsidered alternatives. Does it bring extra complexity to the release process?

  • If a migration fails, should it fail and revert the deploy?
    • If you want to revert, new code would run in production for a limited time before the migration failed. That could cause even more issues when you roll back.
  • If you use more that one database (maybe…
The Bike Shed 

148: Baseball is a Legacy App

Amanda and Sean discuss Flutter, modeling the game of baseball, and the state of persistence and networking in Android.

Hanami 

Announcing Hanami v1.2.0.rc1

Hello people!

Today we're happy to announce v1.2.0.rc1 release 🙌 , with the stable release (v1.2.0) scheduled for April 2018.

Features 🍎

  • Colored logging

Enhancements 🍰

  • Generate non-RESTful actions with /:controller/:action route URL (eg. hanami g web action books#on_sale will correspond to GET /books/on_sale)

Bug fixes 🐛

  • Generate new projects with Gemfile including gem "shotgun", platforms: :ruby in order to not install shotgun on Windows
  • Make Hanami::Logger to properly log hash messages
  • Ensure select helper to set the selected attribute properly when an <option> has a nil value
  • Ensure…

Released Gems 💎

  • hanami-1.2.0.rc1
  • hanami-model-1.2.0.rc1
  • hanami-assets-1.2.0.rc1
  • hanami-cli-0.2.0.rc1
  • hanami-mailer-1.2.0.rc1
  • hana…
Jon McCartie 

How Teams Grow, Thrive, and Fail

As your team or business grows, things change – they have to! A $10 billion business cannot operate the same as a 1-2 person startup. And since no businesses start at that scale, it’s important to understand what helps a team grow without breaking. How can your team continue to innovate, take on new customers, provide quality service, and maintain a healthy work/life balance for your staff?

A key difference between large and small teams is their amount of process and organization. As new problems arise from growth, successful teams adapt. And they do so without losing what made them great to begin with. But as you’ll see, a team can easily cross an imaginary line into bureaucracy. Their…

Awesome Ruby Newsletter 

Issue 98 - More yield_self awesomeness. Also, the new name proposed.

Ruby Conferences 'n' Camps in 2018 - What's Upcoming? 

Gotham Ruby Conference (GoRuCo) @ Manhattan, New York City, New York, United States - Ruby Conferences 'n' Camps Update

Conferences 'n' Camps

What's News? What's Upcoming in 2018?

Gotham Ruby Conference (GoRuCo) ($399/$299 - Regular/Early)
Jun/16 (1d) Sat @ Manhattan, New York City, New York, United States • (Updates)

See all Conferences 'n' Camps in 2018».

Ruby Conferences 'n' Camps in 2018 - What's Upcoming? 

Deccan RubyConf @ Pune, Maharashtra, India - Ruby Conferences 'n' Camps Update

Conferences 'n' Camps

What's News? What's Upcoming in 2018?

Deccan RubyConf
Aug/4 (1d) Sat @ Pune, Maharashtra, India • (Updates)

See all Conferences 'n' Camps in 2018».

Ruby Conferences 'n' Camps in 2018 - What's Upcoming? 

Southeast Ruby @ Nashville, Tennessee, United States - Ruby Conferences 'n' Camps Update

Conferences 'n' Camps

What's News? What's Upcoming in 2018?

Southeast Ruby
Aug/2+3 (2d) Thu+Fri @ Nashville, Tennessee, United States • (Updates)

See all Conferences 'n' Camps in 2018».

Riding Rails 

Rails 5.0.7 and 5.1.6 have been released

Hi everyone,

I am happy to announce that Rails 5.0.7 and 5.1.6 have been released.

CHANGES since 5.0.6

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

CHANGES since 5.1.5

To view the changes for each gem, please read the changelogs on GitHub:

avdi.codes 

Refactoring a tech talk abstract

Something I really enjoy doing is helping developers with their tech talk proposals. I don't claim any special expertise at this, other than:

  1. I've had a pretty good acceptance record with my own talk proposals; and
  2. I've had years of practice writing prose—blog posts, books, screencast scripts, marketing copy—intended to engage a developer audience.

Recently I had the pleasure of looking over a talk proposal by Leena S N and making some notes on it. She has graciously given me permission to share my notes with a larger audience.

Here is a 25 minute screencast of me taking a talk proposal and offering alternative structure and wording. I'm sharing this in the form of a video because I think…

Ruby Weekly 

Ruby 2.5.1, Ruby 3x3 internals, and a new GUI for Passenger

Ruby Weekly Issue 392 — March 29, 2018
Yui Naruse
As well as 2.4.4, 2.3.7 and 2.2.10 (likely the last ever 2.2 release, by the way). Why? Several security vulnerabilities have been fixed.


Vladimir Makarov
A low-level look at what the 3x3 goal will take, so if terms like RTL and JIT mean anything to you, you’ll enjoy this deep dive.


Nate Berkospec
NGINX has added Ruby support to their new multi-language, microservice-enabling application server. Nate Berkopec digs into when and why it’s worth using (or not).


GoCD  Sponsored
Hi, we're Arkency 

Ruby Event Store - use without Rails

Ruby Event Store v0.27 is here with some nice improvements. Let’s have a quick look.

Using RES without Rails

We’ve always built our ecosystem of gems with the intention of not being coupled to Rails. So the majority of features are implemented in ruby_event_store gem and a few other features such as async handlers integrated with ActiveJob are in rails_event_store. Every dependency is taken in a constructor and can be swapped to something different.

Until now we had one coupling which prevented you from using ruby_event_store easily. The rails_event_store_active_record gem (which provides an implementation for a repository to save events) depended on rails because it provided a migration…

Search Results for “ruby” – via @codeship 

VueJS Components with CoffeeScript for Rails

Reading Time: 7 minutes

The components aspect of VueJS is one of the most attractive features VueJS brings to your frontend development. It allows for composable, reusable, and protected scope code, styles, and HTML. Working with protected scopes is the smart way for implementing coherent systems. And with the added benefit of VueJS protecting your style’s scope to only affect your specific component, you’ll have far fewer headaches with styling your site.

With Webpack support being added to Rails as of Rails 5.1, the ecosystem for documentation on getting started is fairly young and missing many scenarios. So I’m proud to be able to introduce one of the first posts on implementing VueJS…

Passenger - Phusion Blog 

New: Fuse Panel for Phusion Passenger

The smarter and simpler command center for your applications

New: Fuse Panel for Phusion Passenger

Over the past 10 years we at Phusion have made amazing strides with Passenger development and saw hundreds of thousands of you build amazing applications, websites and companies. In recent years we’ve heard you say “It just works” which is great to hear - but it also means it’s time to put more focus on something that doesn’t work. We took all your feedback to heart and have developed a new solution to work alongside Passenger.

New: Fuse Panel for Phusion Passenger

Today we’re introducing a graphical user interface for the Passenger app server. Whether you’re running Passenger open source or you’re one of our enterprise customers, the Fuse Panel’s aim is to provide…

EquiValent 

Explicit contracts for Rails - HTTP API usecase

In this article we will have a look on how to write Explicit Contract tests for Ruby on Rails application with RSpec that consume external 3rd party HTTP JSON API.

In October 2015 Platformatec released an article “Mocks and explicit contracts” related to testing Phoenix (Elixir lang.) framework. I’m pretty much covering the same thing from perspective of Ruby on Rails framework. If you already read that article you will not find anything new here.

Gateway objects and Gateway mocks

Imagine we need to consume 3rd party API in order to import students to our system. So we need to build a controller that will pull the students and save them to our DB.

Let say this 3rd party API…

Ruby News 

CVE-2018-8778: Buffer under-read in String#unpack

There is a buffer under-read vulnerability in String#unpack method. This vulnerability has been assigned the CVE identifier CVE-2018-8778.

Details

String#unpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the argument of String#unpack, the attacker can read data on heaps.

All users running an affected release should upgrade immediately.

Affected Versions

  • Ruby 2.2 series: 2.2.9 and earlier
  • Ruby 2.3 series: 2.3.6 and earlier
  • Ruby 2.4 series: 2.4.3…
Ruby News 

CVE-2017-17742: HTTP response splitting in WEBrick

There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.

Details

If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake HTTP responses after the newline characters to show malicious contents to the clients.

All users running an affected release should upgrade immediately.

Affected Versions

  • Ruby 2.2 series: 2.2.9 and earlier
  • Ruby 2.3 series: 2.3.6 and earlier
  • Ruby 2.4 series: 2.4.3 and earlier
  • Ruby 2.5…

Credit

Tha…

Ruby News 

CVE-2018-8777: DoS by large request in WEBrick

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.

Details

If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack.

All users running an affected release should upgrade immediately.

Affected Versions

  • Ruby 2.2 series: 2.2.9 and earlier
  • Ruby 2.3 series: 2.3.6 and earlier
  • Ruby 2.4 series: 2.4.3 and earlier
  • Ruby 2.5 series: 2.5.0 and earlier
  • Ruby 2.6 series: 2.6.0-preview1
  • prior to trunk revision r62965

Credit

Thanks to Eric Wong e@80x24.org for reporting the…

His…

Ruby News 

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

There is an unintentional directory traversal in some methods in Dir. This vulnerability has been assigned the CVE identifier CVE-2018-8780.

Details

Dir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL (\0) bytes, these methods recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of these methods, the attacker can make the unintentional directory traversal.

All users running an affected release should upgrade immediately.

Affected Versions

  • Ruby 2.2 series: 2.2.9 and earlier
  • Ruby 2.3 series: 2.3.6 and earlier
  • Ruby 2.4 series: 2.4.3 and…
Ruby News 

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket

There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. This vulnerability has been assigned the CVE identifier CVE-2018-8779.

Details

UNIXServer.open accepts the path of the socket to be created at the first parameter. If the path contains NUL (\0) bytes, this method recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of this method, the attacker can make the socket file in the unintentional path. And, UNIXSocket.open also accepts the path of the socket to be created at the…

Ruby News 

CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.

Details

Dir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contain relative directory specifiers "../", so this method can be used to target any directory. So, if a script accepts an external input as the prefix, and the targeted directory has inappropriate permissions or the ruby…

Ruby News 

Ruby 2.2.10 Released

Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.

Ruby 2.2 is under the state of the security maintenance phase, until the end of the March of…

Ruby News 

Ruby 2.3.7 Released

Ruby 2.3.7 has been released.

This release includes about 70 bug fixes after the previous release, and also includes several security fixes. Please check the topics below for details.

See the ChangeLog for details.

Af…

Ruby News 

Ruby 2.4.4 Released

Ruby 2.4.4 has been released.

This release includes some bug fixes and some security fixes.

There are also some bug fixes. See commit logs for more details.

Download

Ruby News 

Ruby 2.5.1 Released

Ruby 2.5.1 has been released.

This release includes some bug fixes and some security fixes.

There are also some bug fixes. See commit logs for more details.

Download

Julia Evans 

Open source sabbatical = awesome

Hello! This is my last week working on rbspy. I’m planning to write more about the profiler and how it works soon, but I wanted to take a minute to talk (again) about how I ended up working on the project and how it’s funded. I want to talk about funding because it’s an important part of how a lot of open source software gets created and maintained!

Just about a year ago today (March 23, 2017) Segment announced their Open Fellowship – funding for 3 months to work on an open source project.

The blog post said:

The primary goal of the fellowship is to enable participants to fully dedicate themselves to a project for a few months. We’re hoping to give them a chance to speed the adoption…

Martian Chronicles, Evil Martians’ team blog 

Optimizing React: Virtual DOM explained

Authors: Alexey Ivanov, Front-end Developer at Evil Martians and Andy Barnov, Writer at Evil Martians. Teacher at Le Wagon. Former international TV correspondent

Learn about React’s Virtual DOM and use this knowledge to speed up your applications. In this thorough beginner-friendly introduction to framework’s internals, we will demystify JSX, show you how React makes rendering decisions, explain how to find bottlenecks, and share some tips to avoid common mistakes.

One of the reasons React keeps rocking the front-end world and shows no sign of decline is its approachable learning curve: after wrapping your head around JSX and the whole “State vs. Props” concept, you are good to go.

B…

Passenger - Phusion Blog 

Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler

Passenger 5.2.2: passenger_base_uri fixed, new Phusion product spoiler

Version 5.2.2 of the Passenger application server for Ruby, Node.js, Meteor and Python has been released. We've fixed a regression and added some internal improvements. Something new and exciting also lurks on the horizon..!

The 5.2 series brings a major internal overhaul of configuration management, which is the first step in deep inspection and on-the-fly reconfiguration of Passenger. The 5.x series of Passenger in general brings a plethora of improvements in uptime maximization, security and efficiency.

Please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

Multiple passenger_base_uri's fixed

Users…

Semaphore CI Community Tutorials on Ruby 

How to Deploy Rails Applications With Ansible, Capistrano and Semaphore

This article is brought with ❤ to you by Semaphore.

Introduction

In this tutorial, we'll cover how to create a server with Amazon Web Services, do configuration management with Ansible, deploy Rails applications with Capistrano, and how to do continuous integration with Semaphore.

All the code from this tutorial is available in a repository on GitHub. If you get stuck, you can always compare it against the code in there which is known to work.

Before we jump into creating our server, let's introduce all of these concepts so we understand what we're getting into.

Configuration Management

The first thing we'll do is set up a server using configuration management. We'll be using a tool…

Speedshop - Ruby on Rails performance consulting 

A New Ruby Application Server: NGINX Unit

There’s a new application server on the block for Rubyists - NGINX Unit. As you could probably guess by the name, it’s a project of NGINX Inc., the for-profit open-source company that owns the NGINX web server. In fall of 2017, they announced the NGINX Unit project. It’s essentially an application server designed to replace all of the various application servers used with NGINX. In Ruby’s case, that’s Puma, Unicorn, and Passenger.1(For a far more in-depth comparison of these application servers, read my article about configuring Puma, Passenger and Unicorn)1 For a far more in-depth comparison of these application servers, read my article about configuring Puma, Passenger and Unicorn NGINX…

The overarching idea seems to be to make microservice administration a lot easier. One NGINX Unit process can run any number of applications running any number of languages - for example, one NGINX Unit server can manage a half-dozen…

All Ruby Podcasts by Devchat.tv 

MRS 037: Derek Prior

Panel: Charles Max Wood

Guest: Derek Prior

This week on My Ruby Story, Charles talks to Derek Prior. Derek speaks at conferences more often and is now a development director at Thought Bot. He first got into programming when was 7 or 8 when he got an Apple IIGS for Christmas and he started messing around with writing basic code. This really got him interested in how video games and systems worked behind the scenes and led to his interest in programming. In high school, he took programming classes and found he was actually good at it and decided to pursue programming in college. Once he was hired at Thought Bot, his developing skills really took off and he has been there for almost five…

I…

Ruby – Sihui Huang 

How to Contribute to Ruby

Do you want to become a Ruby committer? Are you interested in learning from language designers? Do you want to get in the loop on conversations in the Ruby open-sourced development community? If so, this post is for you.

Last week, I attended the Cookpad Ruby Hack Challenge. It was a one-day event where Matz (the creator of Ruby), Koichi and Mame (full-time Ruby committers at Cookpad) taught Ruby developers “how to extend Ruby features, fix bugs, and to improve the performance of Ruby.”

Before the event, contributing to Ruby didn’t seem doable to me — I simply didn’t know where to start or how to get involved. After getting my hands dirty during the event and learning how the development…

RubyGuides 

The Definitive Guide To Time Complexity For Ruby Developers

Time complexity is one of the most interesting concepts you can learn from computer science, and you don’t need a degree to understand it! It’s interesting because it helps you see why a particular algorithm or program may be slow & what can you do to make it faster. You can apply this to your […]

The post The Definitive Guide To Time Complexity For Ruby Developers appeared first on RubyGuides. Don't miss your free gift here :)

Hi, we're Arkency 

What I've learned at Arkency and why I am leaving

The story I’d like to tell you starts at the beginning of 2012. At that time I’ve run my side project Konfeo – event registration and management system. After three years of working on that, first partially and then full time, I’ve decided that I need to split my time to enhance and diverse income sources. I joined Arkency in 2015.

It was a very good decision. I’ve joined to quite large legacy Rails project with a complex domain. I’ve started to cooperate with more developers working on the project and with the client directly. I’ve learned how to use new tools like Heroku, MongoDB, Sidekiq with its pros and cons.

Arkency is known for its Domain-Driven design approach to work with Rails…

BigBinary Blog 

Gpg decryption without pin entry pop up using GPGME

In one of our projects, we implemented GPG decryption.

What is GPG ?

GPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).

We used GPGME gem for this purpose. It provides three levels of API. In our case, we used Crypto which has the high level convenience methods to encrypt, decrypt, sign and verify signatures.

We needed to import private key for decrypting a file that was encrypted using paired public key. First let’s import the required private key.

GPGME::Key.import File.open('certs/pgp.key')

Let’s decrypt the file.

crypto = GPGME::Crypto.new
options = { output: File.open('file.csv', 'wb') }

crypto.decrypt…
Greater Than Code 

073: Driven By Need, Guided By Example with Dan North

Support for the Greater Than Code podcast comes from O’Reilly Fluent and Velocity conferences, coming to San Jose, California, June 11-14. From ops to apps, Velocity + Fluent tears down silos, enabling and fostering the kind of cross-department collaboration essential to driving innovation and speeding product delivery. Best Price ends this Friday, March 30–save up to $839 using code GTC20. Learn more at http://oreil.ly/2o07Ufw.


Panelists:

Jamey Hampton | Jessica Kerr

Guest Starring:

Dan North: dannorth.net

Join Our Slack Channel!
Support us via Patreon!

Show Notes:

01:41 – Dan’s Superpower: Optimization

03:26 – Are “Improve” and “Optimize” the same thing?

Kaizen

Kaikaku

Cost Accounting

1…

Karol Galanciak - Ruby on Rails and Ember.js consultant 

Exotic Ruby: Module.class_exec, custom JSON And Liquid Drops In Action

Ruby has quite a lot of “exotic” features that are not used that often, but when you need to utilize some metaprogramming magic, you can easily take advantage of them. One of such features is Object.instance_exec which you might be familiar with if you’ve ever built some more advanced DSL.

The great thing about Object#instance_exec is that it allows to execute code within the context of a given object but it also gives possibility to pass arguments from the current context. Thanks to that, we can build some nice DSLs and other features like this:

1
2
3
role_filter = ->(role) { where(role: role) }
role = "admin"
User.all.instance_exec(role, &role_filter) # same as User.all.where(role:…

An interesting thing is that there is a class equivalent of Object#instance_execModule.class_exec

All Ruby Podcasts by Devchat.tv 

RR 355: Code Reviews with Jacob Stoebel

Panel:

  • Charles Max Wood
  • Dave Kimura
  • Eric Berry
  • David Richards

Special Guests: Jacob Stoebel

In this episode of Ruby Rogues, the panel discusses code reviews with Jacob Stoebel. Jacob is a Rails and JavaScript developer and works for ePublishing where he does mostly front-end programming. He talks about how he believes that code reviews can be both honest and nice, and that they should inspire the programmer to want to go back and make his/her code better, not tear him/her down. He also gives fours steps to the response process for giving positive and helpful code reviews.

In particular, we dive pretty deep on:

All Ruby Podcasts by Devchat.tv 

MRS 036: Ben Orenstein

Panel: Charles Max Wood

Guest: Ben Orenstein

This week on My Ruby Story, Charles talks to Ben Orenstein. Ben recently just got a new job refactoring Rails apps, runs a podcast, called The Art of Product, and just finished up The Code Quality Challenge. He first got into programming when he was a Senior in high school and took a computing class at the local college where they taught him C, and he really fell in love with programming. He is really proud of his contribution to the education side of the programming world and enjoys being able to teach really complicated concepts.

In particular, we dive pretty deep on:

GoRails Screencasts 

How to Create an Active Storage Previewer

Learn how to create a file previewer with Active Storage in Rails 5.2+ to generate preview images of application files. In this example, we'll be converting Powerpoint presentations to png image previews.
Ruby on Rails and Stuff by Paweł Dąbrowski 

4 cool less known Rails features – part 1: ActiveJob, ActiveModel, command line

I never read the whole Rails guides and now when I’m translating them to my native language I discovered some cool features that I didn’t know about before. I hope this will be also useful for you! Let me know if you use other useful but less known features from […]

The post 4 cool less known Rails features – part 1: ActiveJob, ActiveModel, command line appeared first on Ruby on Rails and Stuff by Paweł Dąbrowski.