Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
RubyGems Blog 

March 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems News

This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup…

Some other important accomplishments from the team this month include:

Making gem install respect the umask of the target…:

Posts on Kevin Murphy 

Making a (Sidekiq) Batch Recipe

The Right Number of Cooks in the Kitchen 🔗

Today we’re going to make a stew. The recipe has three steps that can all run independently. But when they’re done, their output needs to come together to finish the stew.

We’ll set each step up as a separate Sidekiq job. The details of each step aren’t important for this demonstration.

class GetRawVeggiesWorker  include Sidekiq::Worker  def perform; endendclass GetBaconWorker  include Sidekiq::Worker  def perform; endendclass GetCupOfSoupWorker  include Sidekiq::Worker  def perform; endend

We can enqueue these to run by themselves no problem. However, we need to know when they’re all done so we can finish our recipe. We can group these together using…

Ruby Central 

3 Day Flash Sale: RailsConf 2024

Because good things come in threes.

Surprise! It’s a 3-Day Flash Sale. RailsConf Detroit is just over three weeks away. We'll be in Detroit for three days from May 7 -9. So for three days only join us at a DISCOUNTED price before we sell out! Sale ends Monday.

Grab your discounted tickets HERE!

Ruby on Rails 

A week of fixes

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Fix union select parentheses
When building UNION or UNION ALL queries involving LIMIT or ORDER BY, Arel generated invalid SQL previously. This pull request changes Arel::Visitors::ToSql so that SELECT statements in Union and UnionAll nodes are enclosed in parentheses to avoid syntax errors.

Fix copying virtual columns when altering a table in SQLite3
When Rails alters a SQLite table, it creates a new table and copies the structure and data from the old one.
The problem is that virtual columns are incorrectly copied (copied as classic columns). This pull request fixes that.

Fix ActiveJob::EnqueueAfterTransactionCommit
perform_later is supposed to return…

RubyGems Blog 

3.5.9 Released

RubyGems 3.5.9 includes enhancements.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Installs bundler 2.5.9 as a default gem.

SHA256 Checksums:

  • rubygems-3.5.9.tgz
    2b203642191e6bb9ece19075f62275a88526319b124684c46667415dca4363f1
  • rubygems-3.5.9.zip
    e84246e89ddd8ac14844fc289e5c863346c67fdaa898c88a55438943397993b6
  • rubygems-update-3.5.9.gem
    4825e486c53db8885978f5892357fd7c2c8bebb39601d66e24e9c2fe1d891cbd
Write Software, Well 

How I Read Rails Source Code

How I Read Rails Source Code

After my previous post, How a Ruby Method Becomes a Rails Action, I got quite a few emails asking about the best way to read the Rails source code. Here's one from Peter, a long-time reader of the blog:

You have mentioned that you enjoy just reading the Rails source code. I am interested in going through the Rails source code but the code base is so large, I'm not quite sure where to start. Would you have a suggestion for someone like me, just learning Rails, to tackle this?

It just seems so overwhelming that I'm not quite sure where to start and how to proceed.

While I don't think there's one best way to read the Rails codebase, I've found a few techniques that are much more effective than…

Remote Ruby 

Irina Nazarova from Evil Martians

In today’s episode, Jason, Chris, and Andrew, along with their guest, Irina Nazarova, CEO of Evil Martians, engage in a candid discussion that covers the intricacies of using Rails and integrating it with technologies like React, and the challenges of marketing developer-facing products. The discussion also touches on open-core business models, the relevance of Docker in current tech companies, and the future of software deployment. Also, Irina touches on a new tool from Thoughtbot called Superglue, a new open source product called Skooma, and she invites listeners to come to RailsConf and some Ruby meetups in San Francisco coming soon. Press download to hear more!

Panelists:
Jason Charnes
Ch…

Giant Robots Smashing Into Other Giant Robots 

Upcoming Talks at Ruby Conferences in Spring and Summer 2024

Upcoming Conference Talks by thoughtbot

The year’s already gone by so fast; Since January 2024, thoughtbotters have already attended and presented talks at events like CCOSS and Sin City Ruby 2024.

Didn’t make it to these events? Don’t worry, we’ve got more amazing talks lined up for the spring and summer of 2024. Mark your calendars for these upcoming talks by thoughtbotters!

Tropical.RB: April 4-5

Tropical.RB brings together Rails developers from Latin America to talk about Rails and share knowledge.

The Fast Lane: Asynchronous Rails

Join Matheus, a senior developer at thoughtbot, at Tropical.RB on April 5, 2024, as we explore how to leverage…

Awesome Ruby Newsletter 

💎 Issue 412 - Let there be docs! A documentation-first approach to Rails API development

RubyGems Blog 

3.5.8 Released

RubyGems 3.5.8 includes security, enhancements and bug fixes.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Security:

  • Respect global umask when writing regular files. Pull request #7518 by deivid-rodriguez

## Enhancements:

  • Allow string keys with gemrc. Pull request #7543 by hsbt
  • [Experimental] Add “gem rebuild” command. Pull request #4913 by duckinator
  • Installs bundler 2.5.8 as a default gem.

## Bug fixes:

  • Fix NoMethodError crash when building errors about corrupt package files. Pull request #7539 by jez
  • Fix resolver to properly intersect Arrays of Gem::Resolver::Activation objects.…

SHA256 Checksums:

  • rubygems-3.5.8.tgz
    6ddd48fc8c53ec303b24b7517a6102477463c9929…
Ruby Weekly 

Crystal in your Ruby

#​698 — April 11, 2024

Read on the Web

Ruby Weekly

CrystalRuby: Embed Crystal Code Directly in RubyCrystal is a Ruby inspired programming language that boasts a lot of great features and is well worth a try IMHO. One benefit is performance, and this gem lets you write Crystal code, inlined in Ruby, giving you a potential performance boost without a huge shift in syntax. New and YMMV!

Wouter Coppieters

🇯🇵  Matz on Static vs Dynamic TypingThis article is in Japanese, so get your browser’s translation feature ready. It’s a transcript of thoughts by Ruby’s creator (in a talk given in 2022) on the pros…

Ruby Rogues 

The Power of Turbo Native with Ayush Newatia - RUBY 632

Ayush Newatia is a Freelance Web Developer. They delve into the world of modern app development, Chuck and Ayush take us on a journey through the intricacies of utilizing Turbo Native and Hotwire in Rails applications. They share their insights on using native elements as the backbone of apps while incorporating web content, simplifying app development, and bridging the gap between web and native code with the help of Strata. With a focus on enhancing user experiences, they explore the benefits and challenges of native and hybrid apps, along with a deep dive into the features and requirements of Turbo Streams. Join them as they unravel the complexities and potential of modern web and app…
avdi.codes 

Goodbye Mastodon. Hello Fediverse.

As of today, this site is also my canonical social media presence!

Notes on making this happen:

I’m using the ActivityPub and Webfinger plugins to make WordPress users into full-fledged Fediverse citizens.

I had a lot of trouble getting Mastodon to recognize this site as a valid target for an account move. Mastodon demands some not-so-standardized stuff to appear on the target site that effectively makes its vaunted “account mobility” only work with other Mastodon instances 🧐

First off I had to disable caching for user profile pages. To be fair this part wasn’t a Mastodon issue. I’m going to come back around later and see if I can re-introduce caching more in content-type-aware…

Julia Evans 

Notes on git's error messages

While writing about Git, I’ve noticed that a lot of folks struggle with Git’s error messages. I’ve had many years to get used to these error messages so it took me a really long time to understand why folks were confused, but having thought about it much more, I’ve realized that:

  1. sometimes I actually am confused by the error messages, I’m just used to being confused
  2. I have a bunch of strategies for getting more information when the error message git gives me isn’t very informative

So in this post, I’m going to go through a bunch of Git’s error messages, list a few things that I think are confusing about them for each one, and talk about what I do when I’m confused by the message.

imp…

The Ruby on Rails Podcast 

Episode 513: Modern Rails Apps Ayush Newatia

Rails 7 and Hotwire have completely revolutionized server side Rails apps. Developers can now get much more reactivity with way less javascript, less tooling, and simpler deployments. You’ve probably heard a lot about Rails 7.1 and Hotwire. Maybe you’re even using it in production? Ayush Newatia joins the show to talk about his new book, The Rails and Howtire Codex.

Show Notes
Radioactive Toy - https://radioactivetoy.tech
Rails and Hotwire Codex - https://railsandhotwirecodex.com
Folly Ayush on Ruby Social - https://ruby.social/@ayush
Listen to Ayush on The Just A Spec Podcast - https://justaspec.show
Rails and Hotwire Codex Link https://railsandhotwirecodex.com/

Josh Software 

The Journey of an HTTP Request – From Client to the Server

Developers are known for working with HTTP requests. But have you ever wondered what happens in the background – when a button that performs an HTTP request is clicked to get a response from the server?  The journey of an HTTP request from the client’s side to the server comprises multiple stages. POV of the … Continue reading The Journey of an HTTP Request – From Client to the Server
RoRvsWild's blog 

Super Fast Rails – A promise given is a debt

Super Fast Rails List

The SuperFastRails joke

Before reading this one, you should read the previous article to understand fully.

If you don’t have a few extra minutes, here is a summary: I was describing a new revolutionary gem that could automatically optimize any Rails app. It could create missing indexes, remove unused indexes, optimize SQL queries, and handle dangerous migrations. All that without needing you to think about it.

That was of course an April fools’ joke. It worked pretty well, possibly too well:

Not going to consider you for a good long while until I get over the April 1st post. Boomed me good

A promise given is a debt. Now the joke is on you, my friend.

Sorry, that was quite a…

Giant Robots Smashing Into Other Giant Robots 

Introducing form_props: The power of Rails forms now available for React!

Miss the convenience of Rails when working in React? Tired of building React forms ever so slightly different from project to project? Prefer working with HTML over customizing the Rails form builder? Prefer HATEOAS? Boy, do I have the tool for you!

Introducing form_props, a new member of the React ❤️ Rails family, which includes props_template, humid, and superglue. It’s a fork of Rails’s own form_with, made to output HTML attributes instead of HTML so you can wield the power of Rails’s form in React, and even React Native!

How it works:

Within a jbuilder or props_template file: new.json.jbuilder or new.json.props

json.create_form do
  form_props(@post) do |f|
    f.text :title
    f.s…

Would output

{
  "createForm": {
    
Island94.org 

A comment on Second Systems

I recently left this comment on a Pragmatic Engineer review of Fred Brook’s Mythical Man Month in “What Changed in 50 Years of Computing: Part 2”. This was what I reacted to:

Software design and “the second-system effect”

Brooks covers an interesting phenomenon in Chapter 5: “The Second-System Effect.” He states that architects tend to design their first system well, but they over-engineer the second one, and carry this over-engineering habit on to future systems.

“This second system is the most dangerous system a [person] ever designs. When [they] do this and [their] third and later ones, [their] prior experiences will confirm each other as to the general characteristics of…

BigBinary Blog 

Automatically sentence-case i18next translations

We use i18next to handle our localizationrequirement. We have written in great detail how we usei18next and react-i18next librariesin our applications.

As our translations grew, we realized instead of adding every combination of thetexts as separate entries in the translation file, we can reuse most of them byutilizing the i18next interpolation feature.

Interpolation isone of the most used functionalities in i18n. It allows integrating dynamicvalues into our translations.

{  "key": "{{what}} is {{how}}"}
i18next.t("key", { what: "i18next", how: "great" });// -> "i18next is great"

Problem

As we started to use interpolation more and more, we started seeing lot of textwith irregular casing. For…

Test Double 

Work around Rails schema noise with one weird trick

If you’ve ever worked on a Rails project with a team, you’ve probably run into an issue with changes appearing in db/schema.rb. The Rails robots that make up Active Record do their best to be helpful by keeping your db/schema.rb file up to date. But while they’re doing that, they tend to inject a bunch of other unwanted changes.

Here’s an example from a project I’ve been working on:

@@ -102,7 +102,7 @@ ActiveRecord::Schema[7.0].define(version: 2024_02_06_230921) do

   create_table "active_storage_attachments", force: :cascade do |t|
     t.bigint "blob_id", null: false
-    t.datetime "created_at", null: false
+    t.datetime "created_at", precision: nil, null: false

In this…

Evil Martians 

Let there be docs! A documentation-first approach to Rails API development

Authors: Svyatoslav Kryukov, Backend Engineer, and Travis Turner, Tech EditorTopics: Backend, Ruby on Rails, Ruby, Microservices

We examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we'll not only introduce a new Ruby gem, Skooma, that will be a revelation for those who are ready to follow this path, you can also read on for practical tips and advice for jumping in.

In this post, we’ll examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we’ll not only introduce a new Ruby gem that will be a revelation for those who are ready to follow this path, you can also read on…

Nithin Bekal 

Abstract methods and NotImplementedError in Ruby

Ruby’s NotImplementedError exception is often used as a placeholder in abstract classes for methods that should be implemented by subclasses. But did you know that this is not how this exception class was intended to be used?

How is it commonly (mis)used?

Let’s start with an example of a common usage pattern of NotImplementedError. We have a BaseSetting class, and we want to convey that anyone subclassing this should implement a to_html method.

class BaseSetting
  def to_html
    raise NotImplementedError
  end
end

class Text < BaseSetting
  def to_html
    "<input type='text'>"
  end
end

class Number < BaseSetting
  # Forgot to implement to_html
end

TextSetting.new.to_html   #=>…

In the above case, the Text setting class already implements to_html, If we’re introducing a new Number setting…

The Bike Shed 

422: Listener Topics Grab Bag

Joël conducted a thoughtbot mini-workshop on query plans, which Stephanie found highly effective due to its interactive format. They then discuss the broader value of interactive workshops over traditional talks for deeper learning.

Addressing listener questions, Stephanie and Joël explore the strategic use of if and else in programming for clearer code, the importance of thorough documentation in identifying bugs, and the use of Postgres' EXPLAIN ANALYZE, highlighting the need for environment-specific considerations in query optimization.

Notes to self 

How I wrote Kamal Handbook in 5 weeks and sold 300+ copies at the same time

I unexpectedly wrote a second book. And I unexpectedly sold 300 copies while making it.

Idea

The idea of Kamal Handbook came after spending more time deploying with the tool and seeing my Kamal blog post trending.

But the thing was I didn’t want to write another book. And in fact, the main selling point of Deployment from Scratch was that it didn’t focus an any particular deploy tool.

Kamal changed this perspective for two reasons. I genuinely liked the tool and I could be the first author to publish something on Kamal. I wouldn’t do it if such a book existed.

So I conviced myself that if I can do this in ~ 5 weeks, I should.

Writing

The biggest change from my last book was giving…

Honeybadger Developer Blog (Ruby Articles) 

Account-based subdomains in Rails

For many applications, access is usually through a single domain, such as yourapp.com. This way, the application developer is able to offer a unified experience to all users. This works great most of the time, but imagine a situation where you need to give each user a customized experience; how would you achieve this?

One of the ways you can customize the user experience in a single application is by using account-based subdomains. Instead of giving users a single entry point into your app, offer them customized subdomains: user1.exampleapp.com, user2.exampleapp.com, and so forth. With account-based subdomains, you essentially give users an individualized entry point where they can manage…

In…

Gusto Engineering - Medium 

Gusto’s Gradual Modularization Destination

When talking to developers about gradual modularization, one of the questions is, “So… where are we headed?” That is, what is the destination of a modularization journey? These developers all work in a large, monolithic codebase-the large application that backs much of Gusto’s functionality. Based on discussions with our peers at different organizations, we know there are a whole bunch of companies in similar situations. These companies all have one thing in common, we’re using Ruby and Rails as a significant part of their backend systems.

We believe there is a juncture that all of these companies should strive to move their packages towards. This realization is based on working on…

Saeloun Blog 

Rails 8 adds Rubocop by default to new applications

RuboCop is a static code analyzer also linter and code formatter for the Ruby programming language. It will enforce the guidelines outlined in the community Ruby Style Guide.

It helps developers in ensuring adherence to coding style standards, identifying potential code flaws, and enhancing the overall quality of the codebase. In addition to identifying code problems, RuboCop also automatically corrects those issues.

Developers can adjust rules defined by Rubocop to match project coding standards.

Before Rails 8.0

Before Rails 8 we had to manually integrate Rubocop gem to our project.

We can simply install it like below.

gem install rubocop

or we can add it to the gemfile of the…

Evil Martians 

MVPs, prototypes, results: how to win with a Martian Design Sprint

Authors: Roman Shamin, Head of Design, and Travis Turner, Tech EditorTopics: Design, Martian Design Sprint, Sprints to Solutions, Customer Journey Map, Figma

Our clients have seen big wins from our design sprints: rapid MVPs, design artifacts that set the project course, new investment funds, successful business pivots, and even design awards. This is the ideal way to kickstart the entire development process, bring founder ideas to life, and give Evil Martians a test drive.

Google originally introduced the Design Sprint methodology back in 2010. Since then, Evil Martians have customized that original framework to perfectly suit our clients’ needs. Today, the strength of the Martian Design…

Drifting Ruby Screencasts 

Windows and WSL

In this episode, we'll look at setting up a fresh Windows 11 environment for Ruby on Rails development. We'll be looking at a few different tricks that makes managing a Windows environment much easier.
Fullstack Ruby 

Using Lambdas and Callables for Deferred Evaluation, Control Flow, and New Language Patterns

Ruby blocks are simply amazing, and I’ve written about some of the cool things you can do with them.

But something which confused me early on as I learned Ruby and started using gems and frameworks was when to write a block vs. when to write an explicit proc or lambda.

For example, here’s some example code provided by Faraday, a popular HTTP client for Ruby:

conn = Faraday.new(url: 'http://httpbingo.org') do |builder|
  builder.request :authorization, 'Bearer', -> { MyAuthStorage.get_auth_token }
  # more code here...
end

As you can see, there are two different use of blocks/procs here. The first one is the one passed to Faraday.new — it yields builder so you can configure the request.…

Mike Coutermarsh 

How high scale Rails apps make schema changes

I recently wrote a post over on the PlanetScale blog sharing how we make schema changes for our own Rails app.

In the post I share a couple concepts that might be new to you.

  1. "Online" schema change tools
  2. Separating rails db:migrate from deploys

If your team or app is starting to grow and you're wondering what to look out for next. Give it a read, I hope you find it helpful.

RichStone Input Output 

Helping You to Succeed

Helping You to Succeed

Back in 2014, I was doing quite well. I played poker professionally, essentially living my dream. But my career had to stop abruptly for health and financial reasons.

I looked for a new dream and found coding. It went OK most of the time; I liked the nerdy aspect of it. But it also came with severe dips and challenges that seemed unsurmountable. I was on the brink of switching studies to something like art history because I had considerable trouble passing a course exercise. I also ran away from what seemed like an undoable challenge, e.g., giving a talk in front of a big audience or finishing a coding project that appeared to have lost its purpose.

What if there was a way to see the other…

RichStone Input Output 

Mentoring vs Coaching vs Teaching vs Consulting

Mentoring vs Coaching vs Teaching vs Consulting

Here is my unscientific digest about the differences between these terms so we can have a common basis for talking about them. The digest is based on conversations that I had and heard, as well as the knowledge that I gained from literature, helping others, and being helped. I'm specifically looking at this vocabulary within the scope of tech careers and software projects. In other fields, such as sports, this might not apply similarly.

Relationships between people are complex, nuanced, and might vary strongly. The lines can be blurry. Below are some "stereotypical" blueprints for the terms. Also, in one single relationship, elements of every term can contribute to solving the student's…

Write Software, Well 

How a Ruby Method Becomes a Rails Action: Part One (Metal)

How a Ruby Method Becomes a Rails Action: Part One (Metal)

As a Rails developer, you probably know what the following piece of code does.

# config/routes.rb

get "/about", to: "pages#about"


# controllers/pages_controller.rb

class PagesController < ApplicationController
  def about
    @title = "About Me"
  end
end

# views/pages/about.html.erb

<h1><%= @title %><h1>

As expected, it defines a route that directs a request to /about page to the PagesController#about method, which sets an instance variable @title that's displayed by the about.html.erb view.

Plain and simple.

Have you ever wondered how does an incoming HTTP request reaches the about method in the Rails controller? Like, who actually calls this method, what really happens before this…

Island94.org 

A Ruby Meetup and 3 Podcasts

Me standing on a small stage in front of a slide with 2 adoptable cats and the GitHub logo

Last week I spoke at the SF Bay Area Ruby Meetup, which was hosted at GitHub HQ, which made for an easy commute for me. Here’s the video and the slides. My talk was entitled “An OK compromise: Faster development by designing for the Rails autoloader”

Also, I haven’t shared here the 3 podcasts I did over the past few years. Here they are:




This post, A Ruby Meetup and 3 Podcasts, is published on Island94.org. Tweet me at @bensheldon to discuss it.

Mike Coutermarsh 

Using replicas to scale out your database

High traffic websites often use database replicas to scale out their reads. Most web traffic is a GET request anyway and never modifies data.

But how do you know when you should READ from the primary?

The answer is more complex than you might think. And it's important to understand the details.

Whenever data is updated on the primary, the change needs to be replicated to each of the replicas. The time this takes is known as “replication lag”.

Primary + 2 Replicas

You need to understand this concept to be able to work with replicas effectively.

Healthy replication lag is usually just a few milliseconds. But if you have a busy database, or are maybe running a schema change, it can grow to seconds…

Once a Maintainer 

Once a Maintainer: Jeremy Smith

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Jeremy Smith, co-host of the IndieRails podcast, organizer of the BlueRidge Ruby conference, and enthusiastic member of the Ruby and Rails communities.

Once a Maintainer is written by the team at Infield, a platform that helps companies upgrade their open source software without breaking things.

How did you get into programming?

So I distinctly remember seeing my first website when I was a teenager, probably 1995-96, something like that. I had dial up access to my dad's university Internet service because he was getting his PhD, so he had it as part of his program. I…

Remote Ruby 

Code, Confessions, and Casinos - Sin City Ruby

In today’s episode, Jason, Chris, and Andrew kick things off sharing things from their
personal and professional lives, touching upon various themes such as the peculiarities
of working on Good Friday, the journey from late-night adventures to morning rituals,
and the complexities of parenting. The discussion also dives into programming topics,
such as issues with using Rails, Turbo, and Stimulus for web development, and
experiences with React components. They share personal stories about the Sin City
Ruby conference, including the challenges and highlights of Jason’s live coding during
his presentation, the dynamics of attending without a ticket, networking among
colleagues, and exploring casinos…

Ruby on Rails 

Deferring jobs enqueueing to after the transaction commit, queries count in rendering logs and more

Hi, Wojtek here exploring this week’s changes.

Rails World 2024 edition website is now live
With tickets going on sale in April.

Allow to register transaction callbacks outside of a record
ActiveRecord::Base.transaction now yields an ActiveRecord::Transaction object, which allows to register callbacks on it.

Article.transaction do |transaction|
  article.update(published: true)
  transaction.after_commit do
    PublishNotificationMailer.with(article: article).deliver_later
  end
end

Added ActiveRecord::Base.current_transaction which also allows to register callbacks on it.

Article.current_transaction.after_commit do
  PublishNotificationMailer.with(article: article).deliver_later
end

Awesome Ruby Newsletter 

💎 Issue 411 - The Ruby on Rails Resurgence

avdi.codes 

Hello, Fediverse

This is mainly a test post to verify that this blog is now on the Fediverse (via the ActivityPub plugin). Hi there, fedi-friends!

The post Hello, Fediverse first appeared on avdi.codes.

Ruby Rogues 

Navigating the Changing Tech Landscape with Fabio Akita - RUBY 631

Dive into an insightful conversation with Fabio Akita, a prominent figure in the tech industry with a successful YouTube channel dedicated to programming techniques and a thriving software development company in Brazil. Join us as we explore Fabio's journey in content creation, his experiences in the tech industry, and his valuable insights on navigating the ever-evolving landscape of programming. From discussing career decisions to the shift in the Ruby community, we uncover practical advice and thought-provoking perspectives that are sure to inspire and inform developers at all levels. Get ready for an engaging and enlightening discussion that delves into the true essence of the tech…
Ruby Weekly 

A profiler and a fuzz tester

#​697 — April 4, 2024

Read on the Web

Ruby Weekly

Vernier: A Next Generation CRuby (3.2+) Profiler — A sampling profiler that can track multiple threads, GVL activity, GC pauses, idle time, and more. If you’ve been enjoying Tenderlove’s recent livestreams, you may have ▶️ seen it on there. Once you’ve captured a profile, you can view it in a few ways (including on the web), but here’s some example output.

John Hawthorn

Need to Upgrade Rails with Zero Downtime? — Ready for Rails 7.2? Top-notch engineering teams (from startups to Fortune 500 companies) trust the FastRuby.io team in mission-critical…

Test Double 

4 lessons for high-quality software from a surprising place

High-risk industries have regulatory compliance for a reason. While regulatory requirements might feel like a painful or tedious process, they build guardrails that save time and money in the long run.

Because no one person should be in a position to cause an aircraft component to fail.

Prior to joining Test Double in 2023, I had spent nearly the entirety of my professional career working in regulated software industries. With a decade of experience in aerospace, I learned how to implement the stories and code that made up a product while always staying within the scope of the regulations.

As I’ve moved away from regulated software industries and into DevOps consulting, I keep…

Hanami 

New leadership for Hanami

After 17 years dedicated to open source Ruby, Luca Guidi has stepped down from the Hanami and dry-rb projects.

In Luca’s place, I will step up as Hanami project lead. I also remain a committed member of the dry-rb core team.

As for Hanami, we’re continuing on the path we’ve followed over the last few years. 2.1 is now out the door, and 2.2 is next. As we plan for this release, you can look forward to seeing updates on our forum.

I’d like to extend a heartfelt thank you to Luca for all his contributions to Hanami and Ruby. Collaborating with Luca has been a true pleasure for me, and I’m very proud of what we’ve been able to create together in Hanami 2. I’m looking forward to extending…

The RubyMine Blog : Intelligent Ruby and Rails IDE | The JetBrains Blog 

RubyMine 2024.1: Full Line Code Completion, New Terminal, Improved AI Assistant and VCS Support

RubyMine 2024.1 is now available!

At the heart of RubyMine 2024.1 lies its full line code completion feature, which is powered by a fully-integrated, advanced deep learning model. RubyMine 2024.1 also introduces support for the mise version manager, further streamlining the management of Ruby versions. This release includes improved AI Assistant and inspection updates tailored to Ruby 3.3.

Additionally, RubyMine 2024.1 enhances the development experience with features such as closing tags in ERB, the ability to run VCS commands with the current project’s SDK, and debase 3.0 support that is optimized for Ruby 3.3, enhancing debugging capabilities and ensuring seamless compatibility…

The RubyMine Blog : Intelligent Ruby and Rails IDE | The JetBrains Blog 

Full Line Code Completion in JetBrains IDEs: All You Need to Know

Programming with AI is still a highly divisive topic, but there’s no denying that more and more developers are starting to incorporate AI into their daily workflows. Whether you’ve already picked your side in the debate or are still undecided, we’ve got a new feature in v2024.1 of JetBrains IDEs that might just pique your interest – full line code completion. It’s AI-powered and runs locally without sending any data over the internet.

In this blog post, we’ll tell you more about what full line code completion is, how it works, what languages are supported, and how you can provide feedback about it to us.

What is full line code completion in JetBrains IDEs?

This new type of code…

AkitaOnRails.com 

Meu "Netflix Pessoal" com Docker Compose

Quem acompanhava meu canal no YouTube ou meu Instagram já acompanhou a saga com meu NAS (meu servidor pessoal), meu Synology DS1821+ com quase 80 TB de espaço.

Todos os videos do meu canal, incluindo os arquivos originais, estão lá. Só isso dá terabytes. Todo minha biblioteca do Steam está lá, são uns 4 terabytes. Todos os meus jogos antigos, retro-games, também, incluindo ISOs de Xbox 360 e PS3. São mais 4 terabytes. Toda minha coleção de discos Ultra HD (BluRay 4K) eu ripei (fiz backup), são mais alguns terabytes. Neste instante já estou usando mais de 50 terabytes.

Meu Plex com UHDs

Antes que venham dar palpite, sim, isso não é pra qualquer um. Estamos falando de 8 HDs de 10.9 TB, mais upgrade de 2…

Stefan’s Blog 

Extracting 2FA codes from the abandoned ‘Authenticator Plus’ (ios)

Recently, I moved iPhones and wanted to open my 2FA keys with the App “Authenticator Plus” - But Apple has removed it from the App Store. Unfortunately, the developer has gone inactive and the app is abandoned, hopefully, they are all right :/

But, I still had the app on my old iPhone and wanted to extract the keys. Here is how I did it:

Retrieve database

The App-Store discussion above outlines most of what I repeat here. Also, this blog post helped a lot: Nigelsim.org: Extracting Authenticator Plus

The app is also released for Android, so it should…

RubyGems Blog 

RubyGems is not vulnerable to the xz/liblzma backdoor

The past few days have seen the security world focused on the revelation of the xz/liblzma backdoor. For more background, see this early writeup of the issue, this GitHub Gist, this detailed timeline, and the official detail page for CVE-2024-3094.

In response to the backdoor becoming public, we have done an internal audit not just of the software used to run RubyGems.org itself, but also every gem that has ever been published.

We are happy to report that RubyGems.org is not vulnerable to this issue. Furthermore, we are happy to confirm that no gem currently published on RubyGems.org contains the vulnerable liblzma library.

I would like to thank the rest of the RubyGems.org security team…

Test Double 

Getting the exercises in Programming Flutter working in 2024

Recently I’ve been trying out Flutter to try to learn if and when I might want to reach for it on future projects. I enjoy learning by reading books, and this time I worked through Programming Flutter by Carmine Zaccagnino, published by The Pragmatic Programmers. It’s a great book that really helped me get some Flutter foundations under my belt. (Note: this isn’t an affiliate link and we aren’t receiving anything for recommending it; it’s just a great book!)

There was just one challenge working through the book: it was written in 2020, and both the Flutter framework and the Dart programming language have undergone some changes since then. Some were fairly easy to get past, and some…

Hi, we're Arkency 

Replace aasm with Rails Enum today

Replace aasm with Rails Enum today

There’s a great chance that your Rails app contains one of the gems providing so called state machine implementation. There’s event a greater chance that it will be aasm formerly known as acts_as_state_machine. Btw. Who remembers acts_as_hasselhoff? — ok, boomer. The aasm does quite a lot when included into your ActiveRecord model — the question is do you really need all those things?

My problem with aasm

I was struck by reckless use of this gem so many times that first thing I do after joining a new project is running cat Gemfile | grep aasm and here comes the meme which I made ~1.5 years ago:

My main concern with use of this gem is that you probably…

Stefan’s Blog 

Rails cronjobs - Moving from Whenever to Sidekiq-cron (With ActiveJob)

Recently, we migrated one app’s cronjobs from using simple whenever Crontab to a more enhanced Sidekiq-Cron.

Whenever - The old way

We used to have a simple whenever setup in our Rails app. It was easy to use and worked well for a long time. You can define your cronjobs in a Ruby DSL and then generate a crontab file with whenever --update-crontab during deployment. The system crond will then execute the jobs very reliably. If you change the crontab at the end of the deployment you have also no downtime in the cronjobs.

Plus:

  • Easy to define cronjobs,
  • reliable execution with system crond on one machine
  • Zero downtime during deployment by default

Minus:

  • No monitoring by default…
Closer to Code 

From Oniguruma to POSIX: The Regex Rift Between Ruby and C

Introduction

In the world of Kafka and its applications, utilizing regular expressions for topic subscriptions is a common strategy. This approach is particularly beneficial for dynamically managing data. For example it can be used to handle information from various zones without necessitating application redeployment for each new topic.

For instance, businesses operating across multiple zones in the USA might manage topics named:

  • us01.operational_events,
  • us02.operational_events,
  • us03.operational_events


and so on.

Karafka (Ruby and Rails Apache Kafka framework) facilitates such operations with its routing patterns feature, which leverages regular expressions for topic detection.

Simplif…

The Bike Shed 

421: The Idealistic vs. Pragmatic Programmer

Stephanie revisits the concept of "spiking"—a phase of exploration to determine the feasibility of a technical implementation or to address unknowns in feature requests—sharing her recent experiences with a legacy Rails application. Joël brings a different perspective by discussing his involvement with a client project that heavily utilizes the dry-rb suite of gems, highlighting the learning curve associated with adapting to new patterns and libraries.

Joël used to be much more idealistic and has moved to be more pragmatic. Stephanie has moved the other way. So together, Stephanie and Joël engage in a philosophical discussion on being an idealistic versus a pragmatic programmer.…

Gusto Engineering - Medium 

The Banana Rule

Bananas totally filling the frame

A whimsical (but useful!) code style guideline

Software engineers have lots of opinions about code style. Pick a number between 50 and 150 and somebody on the internet will adamantly argue that a line of code can have that many characters but no more!

Instead of a rigid numeric limit, consider adopting the delicious fruit-based Banana Rule:

🍌 A line of code should not be longer than a banana

I can already hear the detail oriented readers cringing at the imprecision of this rule.

This fuzziness is intentional, to dissuade excessive discussion. Agreeing on the perfect line length is less important than generally writing readable code. You probably won’t agree, anyway. Under the Banana Rule, if a…

Short Ruby Newsletter 

Short Ruby News - Edition #85

The one where we discuss Ruby maintainability, how to convince C-level people to keep using Ruby, and that 2023 was the year with the most contributions to Ruby
Saeloun Blog 

Rails 8 Adds Rate Limiting to Action Controller via Kredis Limiter Type

Let’s understand what is Rate Limiting

Rate limiting is a technique used to control the rate of incoming requests or traffic to a server, API, or service. It helps in limiting the rate at which requests are processed which ensures system security and performance.

By restricting the rate of requests made by individual clients or IP addresses, helps in preventing abuse, such as denial-of-service attacks or brute-force login attempts.

Now question is how to do this in Rails.

Before Rails 8.0

Before Rails 8 there were different ways to implement rate limiting that depends on specific requirements and constraints. One such way of it is by using rack-attack gem.

To use this gem, we need to…

naildrivin5.com - David Bryant Copeland's Website 

Sustainable Dev Environments with Docker and Bash Available Now

My new book “Sustainable Dev Environments with Docker and Bash” is now available for $19.99. It will teach you Docker and Bash fundamentals you can apply to build a dev environment for any tech stack, that runs on Windows, macOS, and Linux.

This isn’t just recipes to copy and paste (although you will see those for the running example). This explains what the difference is between a container and an image, how to navigate DockerHub to find the right images and use them properly. It also provides a basic strategy for how to install any software in a Docker image.

cover of the book

I have used the techniques and code in this book to maintain many different dev environments for my personal projects, as…

Julia Evans 

Making crochet cacti

I noticed some tech bloggers I follow have been making April Cools Day posts about topics they don’t normally write about (like decaf or microscopes). The goal isn’t to trick anyone, just to write about something different for a day.

I thought those posts were fun so here is a post with some notes on learning to crochet tiny cacti.

first, the cacti

I’ve been trying to do some non-computer hobbies, without putting a lot of pressure on myself to be “good” at them. Here are some cacti I crocheted:

They are a little wonky and I like them.

a couple of other critters

Here are a couple of other things I made: an elephant, an orange guy, a much earlier attempt at a cactus, and an…

Alchemists - Articles 

You Deserve A Tech Union

Cover
You Deserve A Tech Union by Ethan Marcotte

I couldn’t put this book down once I started reading (released on August 15th, 2023). I ended up diving into the multiple references and resources mentioned while reading.

The following are notes from the book. As always, if you like what you see then I highly suggest picking up a copy of this book for yourself. If nothing else, this is a good blueprint and reference to have in your library of knowledge.

I’ve broken these notes down by chapter. They are not exhaustive but hopefully of interest (or at least enough to pique your curiosity).

Introduction

Layoffs wrecked the software industry at the start of 2023 and the trend continues…

Stanko Krtalic Rusendic 

Why does Rails put the type column first in an index for a polymorphic association?

Last week, I had a discussion with a coworker about how Rails indexes columns used in polymorphic associations. He thought that the order of columns in the index should be flipped - instead of indexing by type and ID, it should index by ID and type - as that way the most restrictive column is first, and therefore the index is more efficient. While I argued that the way that Rails indexes polymorphic associations is very pragmatic while also being efficient.

First off, what are we talking about?

We have an Access Log model in our app. It holds a log of who granted access to which device and when. But the thing granting access can be a Person, another Device or a Schedule.

In Rails, an…
RoRvsWild's blog 

Super Fast Rails

Introducing SuperFastRails!

Super Fast Rails

We are releasing a gem to help developers write ultra-optimized code. The goal is to allow developers to write code as fast as possible without caring about performance. Rails scales; it’s just a matter of writing the correct code.

SuperFastRails automatically improves the requests in your Rails application. Thus, we focus only on the business logic and don’t have to think about indexes, 1+n queries, dangerous migrations, etc.

For the first version, SuperFastRails takes good care of the database layer. We want to keep adding more automatic optimizations in the future. Here is the list of the current automatic optimizations.

Create automatically missing…

Drifting Ruby Screencasts 

Fart

Ever wonder how you could add audio to interactions on a website. In this episode, we'll explore adding sounds whenever someone clicks on a link or button.
Fullstack Ruby 

Ruby, Fully Stacked

This is a comeback story of sorts for Fullstack Ruby, but it’s more than that.

I’ll spare you the intimate details of my serious Ruby-flavored burnout in the back half of 2023—if you really care to you can read up on it here as part of the Bridgetown 2.0 kickoff announcement. (Did I mention I’m hard on work on the next version of Bridgetown? 😁)

TL;DR: I got thoroughly bummed about the state of the Rails & Turbo ecosystems due to a long series of epic fails (in this author’s opinion) on the part of DHH and the cult of personality surrounding him which should have resulted in his ouster but instead seemed to cause Rails/Turbo to slide into yet more sorta-mostly-but-not-really-open-source…

Island94.org 

Rails Active Record: Will it bind?

Active Record, Ruby on Rail’s ORM, has support for Prepared Statements that work if you structure your query for it. Because of my work on GoodJob, which can make a lot of nearly identical database queries every second to pop its job queue, I’ve invested a lot of time trying to make those queries as efficient as possible.

Prepared Statements are a database feature that allow the database to reuse query parsing and planning when queries are structurally the same. Prepared statements, at least in Postgres, are linked to the database connection/session and stored in memory in the database. This implies some things:

  • There can be a performance benefit to making queries “preparable” for…
Ruby on Rails 

Retry known idempotent SELECT queries, New Active Record configuration option, and more!

Greetings! I’m Emmanuel Hayford, here to bring you your weekly instalment of “This Week In Rails”. Let’s dive straight into it.   Two new guides are now open for community review. If you are well versed in Action View, partials, and helpers, please review and submit your feedback here:

Add config.active_record.permanent_connection_checkout setting This setting determines the action taken when ActiveRecord::Base.connection is accessed: whether it raises an error, emits a deprecation warning, or does nothing.

ActiveRecord::Base.connection acquires a database connection from the pool and maintains it until the request or job concludes.…

Test Double 

A quick guide to TypeScript conditional types

On a recent client engagement fellow agent Josh and I discovered a useful TypeScript feature that I hadn’t encountered before.

The team we were working with had a utility function that had not yet been given type expectations due to its complex return type. This function could return a different type based on its input type. TypeScript provides a feature for solving this kind of complex return type called conditional types. Learning how to define a conditional return type allowed us to inform TypeScript about the condition, resulting in better type awareness in all code that called the function.

A function with two return types

Our client’s TypeScript codebase had a utility function…

Ruby Rogues 

Leveraging SQLite in Web Development - RUBY 630

Stephen Margheim is the Head of Engineering at Test IO. They explore the world of web development with a focus on the use of SQLite, a powerful and often underestimated database tool. They dive deep into the capabilities and potential of SQLite for web applications. The episode covers a range of topics, from the evolving feasibility and challenges of handling concurrent web requests to the misconceptions surrounding SQLite's performance limitations. They discuss the potential limitations of SQLite in handling massive write throughput and its suitability for various application scales, highlighting the considerations related to expected growth and performance requirements.

Join them as they…
Giant Robots Smashing Into Other Giant Robots 

thoughtbot at Sin City Ruby 2024

Sin City Ruby 2024 was one of this year’s Ruby conferences that we, thoughtbot, were excited about. In this post, I will share why.

Jason Swett, the organizer, invited me to be one of the speakers. It was a great opportunity to talk about JavaScript testing for Ruby devs. Spoiler: an extended version of this topic will be presented at RailsConf 2024. Hoping to see you there :)

I am so grateful for the opportunity and for thoughtbot sponsoring my travel. Here are my takeaways and highlights from Sin City Ruby 2024.

Smaller conference, bigger connection

Attending a single-track conference is great: you don’t have to choose any talks. They have been chosen for you already.…

Awesome Ruby Newsletter 

💎 Issue 410 - Being laid off in 2023-2024 as an early-career developer

Ruby Central 

RailsConf 2024 Speaker Spotlight + Preview: Chris Oliver

RailsConf always boasts an exciting variety of talks that highlight the creativity and interdisciplinary nature of the Ruby community. I thought it would be fun to curate a series highlighting our speakers' stories and their experiences in tech. Read on for today’s speaker spotlight…

Title of Talk

Crafting Rails Plugins

Speaker

Chris Oliver

How Did you get into Ruby?

I started with Rails in college working for a professor and then built my senior project in Rails.

What’s your favorite part about working on Open Source Software?

It's amazing how much you can learn and help other people with open source. Because the code isn't closed, we can achieve so much more.

What’s your least favorite part about…

RichStone Input Output 

ConcreteAPI

ConcreteAPI

ConcreteAPI is a project inspired by AbstractAPI.com.

AbstractAPI offers a set of utility APIs so you as the developer do not have to build a bunch of stuff that someone else already has a solution for. According to AbstractAPI, the most popular APIs are email address and phone validation APIs, Geolocation API and data enrichment API.

The goals of the ConcreteAPI project are:

  • Instead of having those APIs, landing pages and docs scattered all over, have everything in one place using a great doc generation platform.
  • Have SDKs for different languages auto-generated.
  • Explore which parts can be open-sourced.
  • If something has to be paid for, e.g. because ConcreteAPI needs to hit another paid API, have…
Julia Evans 

Some Git poll results

A new thing I’ve been trying while writing this Git zine is doing a bunch of polls on Mastodon to learn about:

  • which git commands/workflows people use (like “do you use merge or rebase more?” or “do you put your current git branch in your shell prompt?”)
  • what kinds of problems people run into with git (like “have you lost work because of a git problem in the last year or two?”)
  • which terminology people find confusing (like “how confident do you feel that you know what HEAD means in git?”)
  • how people think about various git concepts (“how do you think about git branches?”)
  • in what ways my usage of git is “normal” and in what ways it’s “weird”. Where am I pretty similar to the majority of…

It’s been a lot of fun and some of the results have been surprising to me, so here are some of the results. I’m partly just posting these so that I can have them all in one place for myself to refer to, but maybe some of you will find them interesting too.

these polls are highly unscientific

Polls on social media that I thought about for approximately 45 seconds before posting are not the most rigorous way of doing user…

Ruby Weekly 

Recurring tasks come to Solid Queue

#​696 — March 28, 2024

Read on the Web

Ruby Weekly

14 Tools and Gems Every Ruby Developer Would Love — I wouldn’t usually feature a list-driven article but this has been a quiet week and it's a good one! Joé rounds up his favorite tools and gems of the moment, covering areas from email and databases to performance monitoring and analytics. All solid recommendations.

Joé Dupuis

Solid Queue 0.3: The Active Job Backend Gains Recurring JobsFirst introduced just three months ago, Solid Queue is already a great way to run background jobs on modern Rails apps and v0.3 gets even better by adding support for…

Ruby on Rails Project

Need to Upgrade…

Rémi Mercier 

Pick a standard and move on

Let me tell you about what my day looks like in a codebase with no standards, no conventions, and no processes in place.

Every time I work on a new API endpoint, I wonder about:

  • Which routing syntax should I pick from the four pre-existing syntaxes used in the file?
  • Should I shallow nest my controller action as per SomeController or shouldn’t I shallow nest as per AnotherController?
  • What about resource fetching? In a callback? Memoized perhaps?
  • Am I to authorize the parent resource or the actual resource through Pundit? Why are there custom methods in our policies that do not match the methods from our controller?
  • What about the methods of my controllers? CRUD? Not CRUD?…

Are you getting bored already? I know I am! And I did not even talk about models, service objects, jobs, serializers, or configuration.

These few questions are the thoughts that go through my brain before I can start working on my feature when there are no standards.

Not picking a standard or a convention…

Hi, we're Arkency 

Do you tune out Ruby deprecation warnings?

Do you tune out Ruby deprecation warnings?

Looking into deprecation warnings is an essential habit to maintain an up-to-date tech stack. Thanks to the explicit configuration of ActiveSupport::Deprecation in the environment-specific configuration files, it’s quite common to handle deprecation warnings coming from Rails. However, I rarely see projects configured properly to handle deprecation warnings coming from Ruby itself. As we always want to keep both Rails and Ruby up-to-date, it’s crucial to handle both types of deprecation warnings.

How does Rails handle its deprecation warnings?

In the environment configuration files, Rails sets up the ActiveSupport::Deprecation like this:

#…
The Ruby on Rails Podcast 

Episode 512: RailsConf With Ufuk Kayserilioglu

RailsConf is coming up fast! The program committee has released the schedule and keynote speakers. Ufuk Kayserilioglu joins the show to talk about the program and Ruby Central

Show Notes

If you have comments about this episode, send an email to comments@therubyonrailspodcast.com. You can include a text comment or attach a file from Voice Memos or Google Recorder and we’ll respond to some of them on a future show.

Sponsors
Honeybadger

As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime…

RubySec 

CVE-2024-29034 (carrierwave): CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained

### Impact The vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj) wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. ### Patches Upgrade to [3.0.7](https://rubygems.org/gems/carrierwave/versions/3.0.7) or [2.2.6](https://rubygems.org/gems/carrierwave/versions/2.2.6). ### Workarounds Use the following monkey…
Ruby Central 

March 2024 Newsletter

Hello! Welcome to the March newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In February, Ruby Central's open source work was supported by Shopify, AWS, the German Sovereign Tech Fund (STF), as well as Ruby Central memberships from 29 other companies, including  Zendesk and Ruby Shield sponsor and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 174 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

Ruby Central Receives Alpha-Omega Grant

We’re thrilled to announce that we have been awarded a $250,000 grant…

Felipe Vogel 

Being laid off in 2023-2024 as an early-career developer

Recently I wrote an upbeat how-to on job networking. Now comes the part where I pull back the curtain and tell how the job search really went.

Don’t worry, it’s not all depressing. I’ve waited for weeks to publish this post just so that I have some good news to share at the end.

Note: This post’s title specifies “early-career developer” only because I’m speaking from my own experience, not because only early-career developers are having a hard time. It’s a tough job market for…

BigBinary Blog 

Implementation of a universal timer

When developing a web application, there could be numerous instances where wedeal with timers. The timer functions such as setTimeout, and setIntervalare basic browser APIs that all web developers are well acquainted with. Whentrying to implement something like a self-advancing timer, these timer APIs makethe job easy.

Let's consider a simple use case. In React, if we are asked to implement acountdown timer that updates the time on the screen every second, we can use thesetInterval method to get the job done.

const CountDownTimer = () => {  const [time, setTime] = useState(10);  useEffect(() => {    const interval = setInterval(() => {      setTime(time => {        if (time > 0) return time -…
Greg Molnar 

Secure code review checklist

Checklists are really useful to ensure you don’t forget certain things, so why not create one for your code review process? Here are my recommended checks:

Short Ruby Newsletter 

Short Ruby News - Edition #84

A Monday summary of the articles, discussions, and news from the Ruby community
Island94.org 

Low-effort prototyping

From Bunnie Hung’s blog about exploring and designing an infrared chip imaging rig. I thought this is an interesting distinction between “low-effort” and “rapid” prototypes. I think the analogy in software would be a “Walking Skeleton that is production-like in architecture and deployment but does very little, versus building a demo using lightweight scripting and static site generators. (bolded text mine)

Sidebar: Iterate Through Low-Effort Prototypes (and not Rapid Prototypes)

With a rough idea of the problem I’m trying to solve, the next step is build some low-effort prototypes and learn why my ideas are flawed.

I purposely call this “low-effort” instead of “rapid” prototypes.…

Evil Martians 

Beyond bars and lines: 7 cool ways to visualize data in your dev tool

Authors: Yaroslav Lozhkin, Product Designer, and Travis Turner, Tech EditorTopics: Design, User Interface Audit, Accessibility

There are many different ways that developer tools can visualize data, and some may not be so obvious. We examine 7 methods of displaying data, the pros and cons of each, real life cases, and we also share even more scenarios where you might leverage each type of graph.

Ever felt like your developer tools could display data in a more intelligent manner for your users? Fear not! In this post, we are exploring seven underrated data visualizations that fit right into the goldilocks zone: not too basic, not too complex. So, want to upgrade from the traditional bar and…

Test Double 

14 tools and gems every Ruby developer would love

Ruby is my favorite programming language, thanks to the expressiveness, the focus on developer happiness and one of the best language communities out there. As a Ruby developer, I can get into a flow at will.

Another big part of Ruby’s shine: the rich ecosystem of gems and tools surrounding it.

Over the years, I have accumulated quite the toolbox when it comes to working with Ruby. Here are some of my personal favorites tools and gems. (I tried not to focus too much on Rails, but obviously Rails occupies a significant space in the Ruby world, so it’s hard to avoid.)

Feedback Loops

A tight feedback loop is a game changer. Shortening your feedback loop will always pay dividends. Here…

Radan Skorić's personal site 

An interactive intro to ruby debugger, in the debugger

Update 2024-04-09: Added a second tutorial on using breakpoints. This is an introduction tutorial to Ruby debugging, inside the ruby debugger itself. The instructions are woven through the code so you’re learning to use the debugger as you’re using the debugger. It’s all very meta. All you need is a working installation of Ruby 3.3+. To start the tutorial, first clone my ruby debug tutorial ...
The Bike Shed 

420: Test Database Woes

Joël shares his recent project challenge with Tailwind CSS, where classes weren't generating as expected due to the dynamic nature of Tailwind's CSS generation and pruning. Stephanie introduces a personal productivity tool, a "thinking cap," to signal her thought process during meetings, which also serves as a physical boundary to separate work from personal life.

The conversation shifts to testing methodologies within Rails applications, leading to an exploration of testing philosophies, including developers' assumptions about database cleanliness and their impact on writing tests.

Transcript:

 STEPHANIE: Hello and welcome to…

Nithin Bekal 

Copilot and Neovim

Although I’ve occasionally used Github Copilot on VS Code, I never really got into using it inside neovim, which is my main editor. I had tried setting it up using Github’s copilot.vim plugin, but I never got it working with my setup.

Today I came across copilot-cmp, which allows loading Copilot suggestions as snippets in the completion menu provided by the nvim-cmp completion engine. This plugin depends on copilot.lua, a Lua rewrite of copilot.vim that plays well with neovim.

Setup

Add it to lazy.nvim config:

local plugins = {
  -- other plugins

  {
    "zbirenbaum/copilot-cmp",
    event = "InsertEnter",
    config = function () require("copilot_cmp").setup() end,
    dependencies = {
Ryan Bigg's Blog 

Tailwind has won

Over the last couple of months, I’ve been working across multiple applications that use various CSS frameworks. Specifically: Bulma, Bootstrap and Tailwind. There are (at least) three distinct CSS frameworks within these applications because each of these apps have been developed over almost a decade and a half, and the flavour-of-the-month has changed a lot over that time. As people have worked on the systems, they have left the “fingerprints” of personal choices.

Three years ago, I became the Platform Tech Lead at Fat Zebra, which meant I was in charge of the technical side of things when it comes to our frontend. Part of this job meant standardising our frontend tech stack. At this…

Gusto Engineering - Medium 

Exploring Early Career- Part 1: Introduction to Your Role and Establishing Expectations

Co-authored by Varsha Balasubramaniam

Stepping into a new career, whether you’re a recent graduate or shifting your professional focus, can feel overwhelming. Effectively navigating your new environment while expanding your knowledge and network presents a challenge that, if approached with care, can foster professional growth in many rewarding ways. In the early stages of your career, the choices you make and the resources you leverage can significantly shape the way in which you impact your community and contribute as a developer!

This series will outline tips and strategies that will make this daunting endeavor a bit more digestible and help you leverage the resources you’re given to…

Test Double 

Why you need fewer developers than you think you do

tldr:

  • The common belief that more developers mean faster delivery is wrong. Overstaffing creates communication complexity and can lead to the development of unnecessary or redundant features, introducing complexity that adds little value to the end product.
  • Smaller teams have streamlined processes, clearer communication channels and reduced cross-team dependencies.
  • Without effective product management oversight, it’s common to find teams mired in inefficient processes that hinder productivity and innovation.

Struggling to meet deadlines and ship quality products fast enough?

The knee-jerk reaction might be to throw more people at the problem — but more than a decade of experience…

RubySec 

CVE-2024-27280 (stringio): Buffer overread vulnerability in StringIO

An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value. This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later. We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `stringio` 3.0.1.1 * For Ruby 3.1 users: Update to `stringio` 3.0.1.2 You can use `gem update stringio` to update it. If you are…
RubySec 

CVE-2024-27281 (rdoc): RCE vulnerability with .rdoc_options in RDoc

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `rdoc` 6.3.4.1 * For Ruby 3.1 users:…
Write Software, Well 

Growing Object-Oriented Software, Guided by Tests

Growing Object-Oriented Software, Guided by Tests

Although I've never been a big fan of test-first approach of software development, on my current client project I decided to follow it for a change, and really enjoying it so far. To learn more about testing, I started reading this book last week. It's been a solid read, despite my initial scepticism of yet another testing book, and I wanted to share my learnings so far.

What follows is not my thoughts, interpretations, and opinions but a collection of my notes and highlights from the book. Although I don't agree with all the aspects of TDD, I think it's a useful technique that provides the discipline and pushes you to write tests proactively, instead of leaving them for later and never…

Greg Molnar 

Brute-forcing 2FA with Ruby

I was doing a challenge on Hack The Box(since it is still active, I don’t want to point out which one it was) and I solved it with a little Ruby script. The challenge was to bypass 2FA protection. At the login proccess, a SQL injection enabled to bypass the password verification, but there was a second factor. Based on the available source code, the second factor was a 4 digit code and it was valid for 5 minutes, so I tried to brute-force it with Burp Intruder, but after the 20th attempt, my IP got blocked. I looked at the codebase again, and noticed that the application accepts an X-Forwarded-For header. I thought this might enable me to brute-force the 2FA code. Unfortunately Intruder…

Ruby on Rails 

Rails guides facelift, two new official gems and more!

Hey everyone, Happy Weekend!
Vipul here with the latest updates for This Week in Rails. Let’s dive in.

Rails guides gets a facelift
Rails guides has a received a big design update!
Check out the Edge Guides to see these changes. If you find a bug or wish to submit a suggestion, you can open a discussion on GitHub.

Two new official gems
Solid Queue, a DB-based queuing backend for Active Job, has graduated to an official Rails gem.

Same for Mission Control — Jobs, which provides a Rails-based frontend to Active Job adapters. It currently supports Resque and Solid Queue.

Don’t enqueue jobs to process a preview image if no variant requires it
This PR fixes the issue where previewable…

Julia Evans 

The "current branch" in git

Hello! I know I just wrote a blog post about HEAD in git, but I’ve been thinking more about what the term “current branch” means in git and it’s a little weirder than I thought.

four possible definitions for “current branch”

  1. It’s what’s in the file .git/HEAD. This is how the git glossary defines it.
  2. It’s what git status says on the first line
  3. It’s what you most recently checked out with git checkout or git switch
  4. It’s what’s in your shell’s git prompt. I use fish_git_prompt so that’s what I’ll be talking about.

I originally thought that these 4 definitions were all more or less the same, but after chatting with some people on Mastodon, I realized that they’re more different from each…

RubyGems Blog 

3.5.7 Released

RubyGems 3.5.7 includes enhancements, bug fixes and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Warn on empty or open required_ruby_version specification attribute. Pull request #5010 by simi
  • Control whether YAML aliases are enabled in Gem::SafeYAML.safe_load via attribute. Pull request #7464 by segiddins
  • Update SPDX license list as of 2024-02-08. Pull request #7468 by github-actions[bot]
  • Installs bundler 2.5.7 as a default gem.

## Bug fixes:

  • Allow prerelease activation (even if requirement is not explicit about it) when it’s the only possibility. Pull…
Ruby Rogues 

Building Skills and Connections with Nathan Bellow - RUBY 629

Nathan Bellow is a Ruby software developer at Illuxi. They explore the premium benefits of membership, including exclusive access to Ruby Rogues without ads and personalized assistance with job hunts and deployment issues. They share their experiences in the Ruby community, from learning the language to securing professional opportunities. Join them as they discuss the value of personal connections at conferences and meetups, the impact of mentorship, and the crucial role of networking in career development. This promises to be an enlightening and thought-provoking episode for developers and enthusiasts alike.
Sponsors
Socials
All about coding 

Micro benchmarking value objects in Ruby: Data.define vs Struct vs OpenStruct

As I was working on another email part of my Modern Ruby course via email I wanted to make some micro benchmarks on Data.define vs Struct vs OpenStruct

They are not a production-level benchmark, so take them with a grain of salt.

I added all code and results in a repo at https://github.com/lucianghinda/value-object-in-ruby-benchmarks

Creating new objects

When creating a new object, Struct (with keyword_init: true)and Data.define behave almost the same (the differences are with error margin or so small that they are probably due to my setup), while OpenStruct seems to be the slowest.

Having defines the following keys and values:

keys = 1000.times.map { |i| "key#{i}".to_sym }values = 1000.times.map…
Awesome Ruby Newsletter 

💎 Issue 409 - Episode #90: DHH - Ruby on Rails, 37signals, and the future of web development

Remote Ruby 

RailsConf 2024 with Ufuk Kayserilioglu

Today’s episode features a detailed discussion about the upcoming RailsConf 2024, its
programming, and significant updates in the Ruby community, particularly regarding
Ruby Central&#39;s contributions. Jason, Chris, and Andrew dive into a conversation with
guest, Ufuk Kayserilioglu, Engineering Manager at Shopify&#39;s Ruby Infrastructure Team,
who recently joined the board of Ruby Central and co-chairs RailsConf 2024. Ufuk
shares insights on the planned enhancements for the conference to make it more
practical and focused on Rails. He also highlights the formation of the Ruby Developer
Experience team at Shopify, aimed at improving developer experiences within the Ruby
ecosystem. The conversation…

RubyGems Blog 

February 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in February.

RubyGems News

This month, RubyGems released RubyGems 3.5.6 and Bundler 2.5.6. These updates include enhancements such as improved deep copy requirements in Gem::Specification and Gem::Requirement specifications, and improvements to the gem login scope. These efforts are part of our ongoing commitment to improving the RubyGems development experience.

Another accomplishment from the team this month:

Merging a new gem rebuild command

  • The goal of this feature…
Ruby Weekly 

Chilling out with Ruby strings

#​695 — March 21, 2024

Read on the Web

Ruby Weekly

'Chilled Strings': Working Toward Frozen Strings by Default? — A language proposal that would introduce “chilled strings” that masquerade as frozen strings but issue a FrozenError warning when first modified (while allowing the modification). The goal here is to get closer to freezing all strings by default without immediate breakage.

Étienne Barrié and Jean Boussier

The Rails Guides Get a Facelift — Back in 2021, Rails 7.0 landed along with a major spring clean for the Rails brand and site design, but the ever useful Rails Guides didn't benefit from…

Test Double 

Why legacy code rewrites are the hardest job in software

Thinking about a big rewrite? Don’t do it.

We get it. Legacy codebases are often like tangled mazes, with convoluted logic, outdated practices, and patches upon patches. Navigating through such complexity can be akin to searching for a needle in a haystack, making even simple changes a Herculean task.

Years of band-aid fixes, quick hacks, and expedient solutions accumulate as technical debt in legacy systems. This debt accrues interest over time, slowing down development, increasing the risk of bugs, and impeding innovation.

A rewrite sounds like a clean slate and a chance to architect the new system from the ground up, incorporating modern design patterns, technologies, and best…

Ruby News 

CVE-2024-27280: Buffer overread vulnerability in StringIO

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.

Details

An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.

Recommended action

We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version…

Ruby News 

CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.

Details

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.

When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.

When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.

Recommended action

We recommend to…