Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Passenger - Phusion Blog 

Lower latencies during deploys in new releases of Phusion Passenger

Lower latencies during deploys in new releases of Phusion Passenger

Applications hosted by Phusion Passenger now benefit from lower latencies and lower resource usage during deployments and restarts.

Over the last couple of releases, Phusion has worked with one of our wonderful customers to improve the way that Passenger routes incoming requests to your application. These changes come in two parts: in Passenger 6.0.23 the Rolling-Restart feature was updated; and in Passenger 6.0.24 the algorithm Passenger uses to route requests to app processes was updated.

Rolling-Restart Process-Replacement Order

In Passenger 6.0.23 the Rolling-Restart feature of Passenger Enterprise was modified to replace app processes in newest-to-oldest order, to better take advantage…

Fractaled Mind 

Select dropdown for polymorphic associations

When building a CRUD-oriented web application with Ruby on Rails, most things are pretty straightforward. Your tables, models, controllers, and views all naturally align, and you can lean on the Rails scaffolds. One gap, however, is dealing with polymorphic associations in your forms. Let’s explore how global IDs can provide us with a simple solution.


For this blog post, let’s consider building an app that has Posts that have polymorphic content, where a post’s content can be either an Article or a Video.

We can scaffold such a resource with the Rails CLI:

bin/rails generate scaffold Post title:string! content:belongs_to{polymorphic}

This command will create a migration file like…

Notes to self 

How does Kamal deploy to multiple hosts

How does Kamal deploy to multiple hosts at once? And how to configure it?

SSHKit

Kamal is built around SSHKit which provides Kamal with the SSH connections to issue remote commands. Through out the Kamal codebase we can notice the following SSHKit DSL which let’s Kamal schedule work on each hosts with their own thread:

on(KAMAL.hosts) do |host|
  # Execute commands on each host
end

Kamal also enhances the SSHKit capabilities further in some ways. The most notable are the changes to SSHKit::Runner::Parallel that lets Kamal wait on all threads and collect the failures:

class SSHKit::Runner::Parallel
  # SSHKit joins the threads in sequence and fails on the first error it encounters,…
Hanami 

State of Hanami, December 2024

Welcome to your first State of Hanami update! 🌸

There’s plenty going on around Hanami. With these updates, I want to make it easy for everyone in the community to keep up. We’ll share our recent achievements, as well as our plans for what’s coming next.

We’ll bring you these updates twice a year. This one is special, though, because we get to cover all of 2024!

Two major releases

2024 was a big year for Hanami. We made two major releases:

  • Hanami 2.1 in February, introducing our view layer and frontend assets support.
  • Hanami 2.2 in November, introducing our database layer as well as operations.

Two years after we brought you Hanami 2.0, our vision for…

Saeloun Blog 

Rails 8 Adds Parameters#expect To Safely Filter And Require Params.

Rails 8 introduces params#expect, a new method that enhances parameter handling by filtering parameters based on expected types. This reduces errors caused by tampering or invalid input.

Before

ActionController parameters allows us to choose which attributes should be permitted with the help of require and permit. By default, the recommended way of handling parameters in Rails works fine. Until someone using our app starts messing with the parameters and causing 500 errors.

params.require(:post).permit(:title, :summary, categories: [:name])
http://localhost:3000/?post[title]=Hello World

#=> {"title"=>"Hello World"}

Passing a String Instead of a Hash

If someone tampered params by…

Stefan’s Blog 

Gitlab + Hetzner S3: Migrate Omnibus Gitlab CE storages to new Hetzner S3

Recently, Hetzner announced the new S3-compatible storage service. At the same time, we are using Gitlab CE as our main development back-end since their early 1.0 versions - as issues back-end, customer inquiries management, container registry, CI-CD with runners, company chat via Mattermost, and of course as a git repository. During the last 5 years or so, we were running Gitlab as the Omnibus installation, meaning, all the upgrades of Gitlab were done by the package manager. If you are following the upgrade path, we had no issues ever during upgrades. One issue though, was the increasing space requirements, especially after slowly adopting Docker for deployment, like using Kamal in a…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 117

The one where 1Password joins The Rails Foundation and where Dave Thomas solves Advent of Code with Ruby
The Bike Shed 

450: Javascript-Driven Development?

Joël and Stephanie go back to fundamentals as they pick apart some recent conversations they’ve been having around the office.

Together they discuss the advantages of GraphQL over a REST API, how they utilise JSONB over a regular column or table, and the use-cases for and against a frontend framework like React.

But what’s the theme that ties all these conversations together?


The article mentioned in this episode was Why I’m over GraphQL

Your hosts for this episode have been thoughtbot’s own Stephanie Minn and Joël Quenneville.

If you would like to support the show, head over to our GitHub page, or check out our website.

Got a question or comment about the show? Why not…

Ryan Bigg's Blog 

Scoping an Active Record join

Active Record is well known for its footguns, like N+1 queries and letting you dump all the business logic for your applications in models. (For an alternative, read Maintainable Rails.)

A lesser-known footgun is this seemingly innocuous use of joins in a tenanted Rails application. By “tenanted” I mean that most records have something like a tenant_id on them that declares ownership. In our case, it’s merchant_id. Here’s the query:

FraudCheck.where(merchant: merchant).joins(:purchase)

Fraud checks belong to a merchant, and they also belong to a purchase. Purchases have just the one fraud check. Merchants have many fraud checks and purchases.

The query this executes is:

SELECT…
Gusto Engineering - Medium 

Bee-ing in Sync: Centralizing User Data with a CDP

Two bees on a yellow flower

Co-authored by Julie Chen

Imagine a bustling beehive, but instead of a well-coordinated colony, every bee is flying in its own direction, collecting pollen and nectar from its own flower patch and dropping it into random cells within a hive. There’s no queen to guide the workers, no organization, and no way to ensure the honey is uniformly distributed. Chaos ensues and the hive struggles to produce consistent results.

At Gusto, managing user data across our different platforms often felt like this chaotic hive. Our Backend, Web, iOS, and Android systems each maintained direct integrations with tools empowered by our Marketing, Data/Analytics, Customer Service, and Sales teams. These…

The Rails Tech Debt Blog 

Refactoring Rails: Strategies to refactor models

There’s abundant online guidance about refactoring controllers and keeping them lightweight, but resources on model refactoring are less common. In this blog, we’ll explore some techniques for effectively refactoring models.

The refactoring goal remains consistent whether you’re working on a controller, model, or any other file. The current file might be complex, lengthy, or error-prone. Our objective is to create code that is:

  1. Easier to understand
  2. Simpler to maintain
  3. Less susceptible to bugs

Before beginning the refactoring process, two critical prerequisites must be addressed:

  1. How do you determine that a file needs refactoring?
  2. Do you have sufficient test coverage for…

How do you determine that a file needs…

Fractaled Mind 

Loading extensions

Rails continues to expand its lead as the single best platform for building web applications backed by SQLite! You can now load extensions directly from the database.yml file. This now means you have quick and easy access to the full range of SQLite extensions. This is a major step forward from the previous way, which required writing a custom initializer or using the enhanced adapter.


The PR that was recently merged for this feature was implemented by the one and only Mike Dalessio (aka @flavorjones).

It builds on the work that Mike did in the sqlite3-ruby driver to make loading extensions much easier.

These two features together allow your config/database.yml to look like:

develop…
Passenger - Phusion Blog 

Passenger 6.0.24

Passenger 6.0.24

Version 6.0.24 of the Passenger application server has been released. This release adds packages for Ubuntu 24.10 (Oracular), and improves rolling restart performance.

Passenger 6 introduced Generic Language Support, or: the ability to support any and all arbitrary apps.

Rolling restart improvements

We changed the way we route requests during a Rolling Restart in order to provide better performance and reliability. Instead of picking the least-busy process to route requests to, we now prioritize new processes first. During a rolling restart, this new behavior leads to more efficient utilization of application caches, faster validation of new rollouts, and faster recovery from problematic…

Fractaled Mind 

Introducing sqlite.directory

sqlite.directory is a directory of web applications that use the SQLite database engine in some meaningful capacity in production. I have just launched the initial release today. Check it out and list your SQLite-backed app today: https://sqlite.directory

A screenshot of the sqlite.directory listing form


The whole app is open source, a simple #SQLiteOnRails application. The codebase is vanilla Rails, Puma, and—of course—SQLite. Basically the simplest possible setup. Feel free to make suggestions or improvements.

https://github.com/fractaledmind/sqlite.directory

I’ve started simple and minimal, but there are all kinds of additional data we could gather about production applications that rely on SQLite. Let me know your thoughts on…

Rails Designer 

Simple accordion without JavaScript

It’s no secret that HTML and CSS has gotten a lot better over the years. And while I have become to enjoy writing JavaScript, whenever I can get away with it, I do.

One of those things that don’t need JavaScript is the typical accordion. It’s the kind of component that is simple to create with JS frameworks like Vue, Alpine and Stimulus, but for the most basic version you don’t need any of them. And to make them look good all you need is CSS.

This example is what I am going for. You see it doesn’t have to be the typical FAQ-list style. Using it for sections like this one, works perfectly fine too.

This article goes from:

  • the basics;
  • to adding visual interest;
  • to cool…
Josh Software 

Kya Aapke Software Mein AI Hai?

Remember the iconic toothpaste ad: “Kya aapke toothpaste mein namak hai?” It made everyone wonder why on earth we needed salt in toothpaste. Fast forward to today, and we’re living in a similar moment in tech: “Kya aapke software mein AI hai?” If the answer is no, prepare for judgmental stares, awkward silences, and unsolicited advice about … Continue reading Kya Aapke Software Mein AI Hai?
Hotwire Weekly 

Week 49 - Hotwire Essentials tutorial, Solid Cable in Production, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Hotwire Essentials is here: Learn Hotwire by building a podcast player - Lindsey Christensen and the thoughtbot team launched an interactive tutorial called "Hotwire Essentials". Hotwire Essentials takes you step-by-step through building a functional podcast player and teaches you how to apply Hotwire patterns to solve real-world problems. Learn Turbo's capabilities, Stimulus controllers, and best practices for server-driven interactivity. The source-code for the app is also available on GitHub.

Why Disconnect in Stimulus Controller - Rails Designer emphasizes the…

All about coding 

Everything that I published this week about Ruby #4

Monday

Every Monday, I publish the Short Ruby Newsletter:

Short Ruby Newsletter - edition 116 - The one where Rails World, Friendly.rb, and EuRuKo announced the dates for 2025 conferences, and Marco Roth announced rubytriathlon.com

Tuesday

I wrote and shared on social media a recommendation of two products for blogging made by two members of our Ruby community:

Two recommendations if you want to start a blog

Wednesday

I finished an article I started during the weekend when I installed the Writebook for booklet.goodenoughtesting.com where I shared how you can override a class method or instance method of a Ruby object used in a Ruby on Rails app:

Overriding Methods in Ruby on Rails: A…

Ruby Rogues 

Black-Belt Debugging with Chelsea Troy - RUBY 663

In this episode of Ruby Rogues, Chelsea Troy teaches us to hone our debugging skills to a razor-sharp edge. We learn how to actively improve debugging skills, train troubleshooting instincts and practical strategies for tackling brain-bending bugs.

Links

Picks


Become a…
The Code Gardener 

Hexagonal Architecture + Rails

Hexagonal Architecture + Rails

Last night, Fito and I watched Alistair Cockburn's Hexagonal Architecture talk from the Tech Excellence Conference. We really enjoyed it, and despite thinking I already understood the pattern, I learned a ton. In fact, before you continue reading, you should go watch it. Go ahead! I'll wait...

Awesome!

So, when I first started learning the Ports & Adapters pattern, I found it confusing. Eventually, I thought I'd made sense of it, but I was over complicating it. And, for some reason, it never clicked with me that the term "adapter" was a direct reference to the Gang of Four Adapter Pattern. So, seeing the pattern represented so simply in code was a real face-palm moment for me. And, it was the…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v25 - Ghost Engineering

Direct link to podcast audio file

I left the country for a few weeks to get that taste out of my mouth but now I'm back and as salty as ever. Brace yourself.

I made a pretty strong appeal that you should e-mail the show at podcast@searls.co, so I won't repeat myself here. DO IT. DO IT NOW.

Hopefully I'll be back at least once more before we call it for 2024. Stay tuned. 📻

Remote Ruby 

Jason Meller on 1Password joining the Rails Foundation

In this episode, Chris catches up with guest Jason Meller, CEO and founder of Kolide. Today, Jason shares exciting news about Kolide, a startup focused on device security, which was recently acquired by 1Password. He delves into the history of Kolide, its growth, and its acquisition by 1Password. Jason also talks about the technical aspects of Kolide’s product, the importance of behavioral science in security, and the transition to working with 1Password. The conversation touches on scaling challenges, the hiring process, and Rails' influence on their development practices. Chris talks about his contribution by discussing improvements in the Getting Started Guide for Rails 8 and the…

RoRvsWild's blog 

Ruby Meetups in Europe

We are witnessing the rebirth of the Ruby meetup scene worldwide, including in Europe. The excitement is real, Renaissance style. Look at this Ruby conferences website that recently had to add new ways to filter its content. Or look at this latest initiative: Ruby Europe. Please put yourself on the map if you’re not yet.

We are so happy GenevaRB is back and for other cities to launch or relaunch their edition. At geneva.rb, we have an old Swiss tradition of offering the speaker some chocolate. We made a few bars, and we want to spread this tradition and send a little package to all Ruby Meetups across Europe. We’ve started reaching out, but please get in touch with us if you see this…

RoRvsWild chocolate

And if you’re coming…

Ruby on Rails 

SQLite3 extensions loading and more

Hi, Wojtek here. Let’s explore this week’s news in the Rails. 🎅

Getting started tutorial
New pull request up for a community review: the new Getting Started tutorial shows you how to build an e-commerce app using all of Rails 8’s features out of the box - straight through to deployment. This will be the flagship tutorial to guide new Rails devs for years to come, so we’d love your feedback.

The Rails Foundation welcomes 1Password as Core member
Expanding Core membership means a stronger foundation with more long-term growth and sustainability, and most importantly: more support for the Rails community.

Support loading SQLite3 extensions
The sqlite3 gem v2.4.0 introduces support for…

RubyMine : Intelligent Ruby and Rails IDE | The JetBrains Blog 

Mastering Ruby Debugging: From puts to Professional Tools

Hello, Ruby developers!

Debugging is an essential skill in software development, and in this post, we’ll be looking at how to investigate the behavior of Ruby code. As the RubyMine team, we’ve accumulated considerable expertise in creating tools for Ruby developers, and we’re excited to share our experience and knowledge with you.

Recently, at the EuRuKo 2024 conference, our team member Dmitry Pogrebnoy presented the Demystifying Debuggers talk. This blog post is the first in a series based on that presentation, aiming to provide you with valuable insights into debugging Ruby applications.

Every Ruby programmer inevitably encounters situations where their code doesn’t behave as…

All about coding 

How to Return Multiple Values from a Method in Ruby Using Data.define

I read a question on Bluesky and X that I quickly replied to, but I wanted to expand on my recommendation.

The context

This is the code that was originally shared and we were asked for our opinion on it.

def something_with_two_outputs  a = parse_data  b = process_result  return a,b endparsed_data, result = something_with_two_outputs

I think it's a valid question. I've seen code in real production apps that returns not just 2, but 6 values, which are then passed to other methods that use one or more of these values.

For my purpose I want to use something else to have some names for what is happening inside. But it reflects the same question or pattern

def parse(response)  headers =…
Ryan Bigg's Blog 

Using Elastic Search's Profile API

Recently, we saw that one of our production applications was experiencing very long query times when users were searching for their customers, with some queries taking as long as 60 seconds.

We use Elastic Search to power this search (even though Postgres’ own full-text search would’ve been suitable!) and the query we wrote for Elastic Search was this one written about 10 years ago:

{
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "Ryan*"
          }
        }
      ],
      "filter": [
        {
          "bool": {
            "must": [
              {
                "terms": {
                  "merchant_id": [2]
                }
…
justin․searls․co - Digest 

📄 How to add a headrest to a Steelcase Leap chair

The Steelcase Leap (v2) is a good office chair in a world of mostly bad office chairs. I've been using it since 2020 and I don't love it, but I definitely hate it less than every other office chair I've ever owned. That's one reason I find myself vexed that Steelcase does not offer an after-market headrest for the chair (and no longer seems to let you configure one with a built-in headrest). In fact, so few office chairs offer headrests that I was briefly tempted to buy a "gaming chair" (do not buy a gaming chair).

And if you're reading this and identify as an Online Ergonomics Expert, I know you're champing at the bit to tell me, "headrests are bad, actually."

But if you're like me and…

Awesome Ruby Newsletter 

💎 Issue 446 - Speeding up Ruby by rewriting C in Ruby

ruby – Bibliographic Wilderness 

Accessing capybara-screenshot artifacts on Github CI

We test our Rails app with rspec and capybara.

For local testing, we use the capybara-screenshot plugin which “Automatically save screen shots when a Capybara scenario fails”, even when the tests were running in a headless browser you couldn’t see at all. This can be very helpful in debugging tricky capybara failures, especially ones that are “flaky” and hard to reproduce failure on.

We run all our tests automatically as CI in Github Actions.

I was running into some capybara browser tests that were failing flakily and inconsistently on Github Actions, but I could not manage to reproduce locally at all. What was going on? It would be super helpful to have access to the…

Ruby Weekly 

Making Ruby faster with more Ruby and less C

#​729 — December 5, 2024

Read on the Web

🗓️ If you missed last week's issue, don't worry, it didn't exist – we took a week off for Thanksgiving! We're now back all the way through to the Christmas break :-)
__
Your editor, Peter Cooper

Ruby Weekly

Ruby Evolution: New Ruby Features Added in 2.0 → 3.3 — First launched a couple of years ago covering up to Ruby 3.1, Victor’s handy resource covering the key changes to the Ruby language over the years now goes up to Ruby 3.3. A fantastic way to check your knowledge of modern Ruby features.

Victor Shepelev

Speeding Up Ruby by Rewriting C.. in Ruby? — A…

Rails Designer 

Advanced Stimulus: Custom Action Options

Stimulus allows you to register your own custom action options. These are the things you can append to an action, like keypress->input#validate:prevent (as shown in the article on Stimulus Features You (Didn’t) Know). :prevent is an action option and will prevent the default event (similar to adding event.preventDefault()). Other available options are: :stop, and :self.

You can create your own as well! Allowing you to squeeze even more out of Stimulus (who would’ve thought a modest framework had so many feature?!).

I want to list a few suggestions to help you get an idea of what they can do and inspire you to make your own.

The basics

You can create your own action options with the Appl…

Ruby Central 

Ruby Central’s Infrastructure Improvements for RubyGems.org

Ruby Central’s Infrastructure Improvements for RubyGems.org

At Ruby Central, we know that RubyGems.org is more than just a tool—it’s a lifeline for Ruby developers worldwide. With millions of daily downloads, RubyGems.org supports developers globally by providing secure, reliable access to Ruby gems. To maintain its resilience and scalability, we’ve embarked on a series of essential infrastructure improvements designed to optimize both performance and cost.

Here’s how we’re strengthening the foundation of RubyGems.org to serve the Ruby community better:

From Rackspace to AWS

RubyGems.org has evolved significantly since its early days. Originally hosted on platforms like Heroku and Rackspace, it was maintained by individuals who volunteered their time…

Planet Argon Blog 

Re-tooling the Retro Way: Ditching Complex Tools for Leaner, Simpler Marketing

Re-tooling the Retro Way: Ditching Complex Tools for Leaner, Simpler Marketing

Kickin' it old-school with a modern twist! Learn why we ditched all-in-one platforms like HubSpot for leaner, simpler tools that empower smarter workflows.

Continue Reading

37signals Dev 

Mission Control — Jobs 1.0 released

We’ve just released Mission Control — Jobs v1.0.0, the dashboard and set of extensions to operate background jobs that we introduced earlier this year. This new version is the result of 92 pull requests, 67 issues and the help of 35 different contributors. It includes many bugfixes and improvements, such as:

  • Support for Solid Queue’s recurring tasks, including running them on-demand.
  • Support for API-only apps.
  • Allowing immediate dispatching of scheduled and blocked jobs.
  • Backtrace cleaning for failed jobs’ backtraces.
  • A safer default for authentication, with Basic HTTP authentication enabled and initially closed unless configured or explicitly disabled.
Mintbit 

Exploring Ruby’s Programming Paradigms

Ruby is known for its flexibility and simplicity, allowing developers to work with different programming paradigms, such as procedural, object-oriented, and functional. Each of these styles has its strengths and can be applied in Ruby on Rails projects to solve specific problems elegantly. In this post, we’ll explore each paradigm with practical examples.

Procedural Paradigm

The procedural paradigm organizes code as a sequence of instructions to be executed in order. Although Ruby is predominantly object-oriented, this style can still be applied in specific parts of a Rails application, such as initialization scripts or Rake tasks.

Example: Data Import Script

A common example of…

BigBinary Blog 

Requesting camera and microphone permission in an Electron app

Recently, we built NeetoRecord, a loomalternative. The desktop application was built using Electron. In a series ofblogs, we capture how we built the desktop application and the challenges we raninto. This blog is part 7 of the blog series. You can also read aboutpart 1,part 2,part 3,part 4,part 5 andpart 6.

When developing an Electron app, handling permissions for the camera andmicrophone varies from platform to platform. On macOS, apps are denied access tothe camera and microphone by default. To gain access, we must explicitly requestthese permissions from the user. On the other hand, Windows tends to grant thesepermissions to apps by default, although users can manually revoke them…

All about coding 

Overriding Methods in Ruby on Rails: A No-Code-Editing Approach

The context

Recently, I installed the Writebook a Ruby on Rails app from 37signals because I wanted to publish some long essays or long-form articles about testing for developers.

The installation worked like a charm, including replacing Rescue with Solid Queue and adding Solid Cable. I installed it manually, not via the once tool as I already have other projects on that specific server and did not had enough time to think how deploying it via the provided tool will affect the other projects. This means I would have to update it when an update came around manually.

It is currently published at https://booklet.goodenoughtesting.com, and I suggest checking it out if you are interested in…

The Rails Tech Debt Blog 

Refactoring Rails: How We Improve Code Quality and Maintainability

In this post, we share our approach to refactoring Rails applications, focusing on improving code maintainability, reducing technical debt, and ensuring scalability. Discover the tools, techniques, and strategies we use to transform complex codebases into cleaner, more efficient systems.

1. Introduction

Refactoring is an essential part of maintaining any Rails application. Over time, as applications evolve and grow, the codebase can become harder to manage, introducing technical debt and slowing down development.

Refactoring helps us address these challenges by improving maintainability and making it possible for smaller teams to effectively work on the codebase. Clear, well-structured…

RubySec 

CVE-2024-53985 (rails-html-sanitizer): rails-html-sanitizer has XSS vulnerability with certain configurations

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8. ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways: * allow both "math" and "style" elements * or allow both "svg"…
RubySec 

CVE-2024-53986 (rails-html-sanitizer): rails-html-sanitizer has XSS vulnerability with certain configurations

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: - the "math" and "style" elements are both explicitly allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation…
RubySec 

CVE-2024-53987 (rails-html-sanitizer): rails-html-sanitizer has XSS vulnerability with certain configurations

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: - the "style" element is explicitly allowed - the "svg" or "math" element is not allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for…
RubySec 

CVE-2024-53988 (rails-html-sanitizer): rails-html-sanitizer has XSS vulnerability with certain configurations

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: - the "math", "mtext", "table", and "style" elements are allowed - and either "mglyph" or "malignmark" are allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for…
RubySec 

CVE-2024-53989 (rails-html-sanitizer): rails-html-sanitizer has XSS vulnerability with certain configurations

## Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. * Versions affected: 1.6.0 * Not affected: < 1.6.0 * Fixed versions: 1.6.1 ## Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: - the "noscript" element is explicitly allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for…
danielabaron.me RSS Feed 

Fixing Gem Install Errors on M3 Mac with Ruby 2.7

A guide to resolving common gem installation errors such as `pg`, `nokogiri`, and `msgpack` when setting up a Rails project on an M3 Mac with Ruby 2.7.8, including solutions and troubleshooting steps.
Short Ruby Newsletter 

Short Ruby Newsletter - edition 116

The one where Rails World, Friendly.rb and EuRuKo announced the dates for 2025 conferences and Marco Roth announces rubytriathlon.com
The Bike Shed 

449: Evergreen skills for new-ish developers

One of the most challenging things about starting out as a developer is how much you need to master all at once. And with so much to learn, it can be difficult for experts to guide fresh developers and advise them on where to focus first. Luckily, some skills will always be useful, no matter what language you’re coding in. In today’s episode, Stephanie and Joël tackle this topic by unpacking several key evergreen skills that will always be valuable, from reading error messages to deciphering a stack trace. They break down how new-ish developers can start acquiring these skills, key obstacles they’re likely to encounter, and how to ask for help when you hit a block. Their…

Super Good Blog 

No title

Terms and Conditions

Last updated: April 04, 2022

Please read these terms and conditions carefully before using Our Service.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of these Terms and Conditions:

  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or…

Super Good Blog 

No title

Privacy Policy

Last updated: April 04, 2022

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Template.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall…

Island94.org 

Including Rails View Helpers is a concern

If you’re currently maintaining a Ruby on Rails codebase, I want you to do a quick regex code search in your Editor:

include .*Helper

Did you get any hits? Do any of those constants point back to your app/helpers directory? That could be a problem.

Never include a module from app/helpers into anything in your application. Don’t do it.

  • Modules defined in app/helpers should exclusively be View Helpers. Every module in the app/helpers directory is automatically included into Views/Partials, and available within Controllers via the helpers proxy e.g. helpers.the_method in Controllers or ApplicationController.helpers.the_method anywhere else.
  • Including View Helpers into other files…
Joy of Rails 

What you need to know about SQLite

Have you heard? SQLite is taking the web by storm. The widespread belief has been that SQLite isn’t a production-grade database for web apps. But lately, this sentiment is starting to change.

SQLite is already just about everywhere else—smartphones, TVs, web browsers, desktop applications—so why now for web apps? Why now for Rails?

It’s basically this: computers have gotten faster, and Rails has finally figured out how to configure SQLite properly for the web.

With the recent release of Rails 8, it’s easier than ever to choose SQLite as your primary database for production. The question is, should you?

(Go to the article to see dynamic content)

SQLite3::Database.open

Joy of Rails has run on…

Notes to self 

Test Driving Rails, 1st edition is released!

I am releasing my third book today. This time about Rails-native testing!

Idea

I am a big fan of Rails defaults and especially those for testing. Minitest and fixtures rock! But all I ever see are posts and books on RSpec. Nothing really wrong with RSpec (well, except 2 things), but I am surprised people don’t embrace the simplicity and performance of Rails default testing stack (less dependencies too!).

Originally the idea for the book was more about somebody else writing it. Time passed and nobody did. There is only one related Minitest book I know of and it’s from 2016. That’s Rails 5 with references to Rails 4. We need more Minitest and fixtures. And I want to apply to my next job…

Ruby on Rails 

The Rails Foundation welcomes 1Password as Core member

The Rails Foundation is growing! After 2 years, we have made great strides in fulfilling our mission, but there is still more we want to accomplish. With that in mind, at a recent board meeting, the board voted in favor of expanding the number of Core members and seats on the board.

Founded in 2022 by Core members Cookpad, Doximity, Fleetio, GitHub, Intercom, Procore, Shopify, and 37signals, the Rails Foundation has since welcomed 7 other Contributing members, and enjoyed two years of operations, including two successful Rails Worlds, an ongoing documentation project, and a host of other initiatives.

Expanding Core membership means a stronger foundation with more long-term growth and…

justin․searls․co - Digest 

📸 Pick a side, cowards!

Really feels like these ¥100 silicone mug toppers are trying to have it both ways.

Rails Designer 

Why Disconnect in Stimulus Controllers

The disconnect lifecycle method in Stimulus is one of three lifecycle methods. The other two are initialize and connect. Disconnect gets called when the controller is removed from the DOM. For this, Stimulus uses mutation observers to track DOM elements.

Within the disconnect method you can do your teardown, clean up and whatever. The reasons to do this depends on your code, but range from preventing memory leaks, maintaining browser performance and preventing unexpected side effects.

Let’s look at some examples:

export default class extends Controller {
  connect() {
    this.interval = setInterval(() => {
      console.log("Run, Forrest, run!");
    }, 1000);
  }
}

Without clearing…

Ruby Rogues 

Building AI-Powered Applications in Ruby - RUBY 662

This week, our host Charles Max Wood sits down with co-host Valentino Stoll to dive deep into the cutting-edge tools and strategies in AI development and integration. Valentino shares his go-to resources, including Langchain and Rails plug-ins like RAIX and Ray, to enhance applications with AI. They discuss the nuances of agent-based systems, Justin Bowen’s frameworks, and AI engines from industry leaders like Alex Rudolph and Toby Lukett.

Charles and Valentino also explore the significant impact of AI tools such as Copilot, ChatGPT, and more focused GPT models in streamlining coding tasks, automating tests, and refactoring code. They offer insights on leveraging AI for business operations,…
Drifting Ruby Screencasts 

Kamal Database Backups

In this episode, we look at some precautions we can take with our production environment and setup recurring backups for the database.
Evil Martians 

bolt.new from StackBlitz: how they surfed the AI wave—with no wipeouts

Authors: Victoria Melnikova, Head of New Business, and Travis Turner, Tech EditorTopic: Business

We helped StackBlitz scale to 3M+ developers and build bolt.new, going from 0 to $4M ARR in 4 weeks. Read on and let's help your dev tool surf the AI wave.

As far as their core businesses are concerned, many companies are sidequesting off in search of AI riches. And yes! In some cases, many skilled founders mangaged to strike gold, seizing new opportunities and enhancing what they've already built. In this post, one of those success stories: Our long-term client StackBlitz is a prime example of turning technological disruption into triumph, going 0 to 4m ARR in 4 weeks with their new product…

The Code Gardener 

Abstract vs. DRY

Abstract vs. DRY

We've talked about this before, including on our podcast and blog, but it bears repeating: DRY is the worst programming advice ever. It will almost always make your code harder to change as requirements evolve.

For example, say you have some code that uses a driver to manipulate a vending machine to prepare either coffee or tea. Like this:

class VendingMachine
  attr_reader :driver

  def initialize(driver: Driver.new)
    @driver = driver
  end

  def vend(beverage:, options: {})
    case beverage
    when :coffee
      dispense_cup 
      heat_water 
      prepare_grounds 
      dispense_water
      dispense_sweetener if options[:sweet]
      dispense_cream if options[:creamy]
     …
lucas.dohmen.io 

Going immutable

My friend mkhl told me about the initiative to turn Gnome OS into a general-purpose distro. This pushed all my buttons as it combined the excellent proposal by Lennart Poettering for an immutable distro with my favorite desktop environment, Gnome. At this point, Gnome OS is a bit too early stage for me, so I wanted to try out a similar approach for now and landed on Fedora Silverblue.

Silverblue is also an immutable distro, but in a slightly different style. Like Gnome OS, it is built on Gnome and Flatpak for its desktop environment and its command-line experience is very close to what Gnome OS works like: Podman and Toolbx are pre-installed. But it also offers to layer on packages with…

Hotwire Weekly 

Week 48 - Super Solid Cable, Tailwind 4 beta, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Wishing you a joyful Thanksgiving weekend! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Super Solid Cable - Miles Woodroffe shares his experience integrating Solid Cable, the new default WebSocket adapter in Rails 8, into a simple demo application.

How to build a dropdown menu with just HTML - Kyrylo Silin demonstrates creating a dropdown menu using only HTML and minimal CSS, eliminating the need for JavaScript by utilizing the <details> and <summary> HTML tags.

Nobuild with Rails and Importmap - Mario Alberto Chávez explores how modern versions of Rails emphasize simplicity, enabling developers to manage…

Alchemists: Articles 

Git Revert

Cover
Git Revert

When committing changes to your Git repository, you’ll sometimes make mistakes. If on a feature branch, you can use Git Rebase to erase mistakes for a clean Git history and improved Code Reviews. Otherwise, if the mistake is made on your default branch or, worse, deployed into production you’ll need to use git revert because you need to document the change being made and explain why you had to unwind a previous change.

The problem everyone makes is using git revert <sha> instead of git revert --no-commit <sha>. The former results in an ugly and hard to read commit with no further modification to the commit message while the latter allows you to explain your reasoning.

T…

Ruby Changes 

Ruby Evolution

All about coding 

Everything that I published this week about Ruby #3

Monday

Every Monday, I publish the Short Ruby newsletter I create over the weekend:

Short Ruby Newsletter - edition 115

Additionally, I also published a page with some discounts for my Good Enough Testing Workshop:

Black Friday / Cyber Monday Deals for Good Enough Testing Workshop

I started curating a list of deals for Ruby developers as well and I kept updating it every day while discovering new deals:

Black Friday/Cyber Monday Deals for Ruby developers

Tuesday

This has become a habit for me: I set aside a few long-form or interesting articles about Ruby while working on the newsletter over the weekend and choose three to recommend. This weeks recommendation is:

Three Ruby Links #10

On the same day,…

The Code Gardener 

The Code Gardener Podcast

The Code Gardener Podcast

We are very excited to announce that we started podcasting this week! For right now, it's just the two of us chatting about writing software well and whatever else strikes our fancy.

Our first episode dropped on Monday. In it, we introduce ourselves and talk a little bit about one of our favorite projects ever, as well as interviewing and a little bit on RubyConf.

Our second episode, a Thanksgiving weekend special, dropped Friday. In it we talk about what we're thankful for this year, the pivot to why DRY is the worst programming advice ever.

You can follow us through the links below, on our podcast website, or view episodes here on The Code Gardener podcast page.

Julia Evans 

Why pipes sometimes get "stuck": buffering

Here’s a niche terminal problem that has bothered me for years but that I never really understood until a few weeks ago. Let’s say you’re running this command to watch for some specific output in a log file:

tail -f /some/log/file | grep thing1 | grep thing2

If log lines are being added to the file relatively slowly, the result I’d see is… nothing! It doesn’t matter if there were matches in the log file or not, there just wouldn’t be any output.

I internalized this as “uh, I guess pipes just get stuck sometimes and don’t show me the output, that’s weird”, and I’d handle it by just running grep thing1 /some/log/file | grep thing2 instead, which would work.

So as I’ve been doing a terminal…

Mintbit 

Decoupling for Orthogonality in Ruby on Rails: Why It Matters

In the world of software engineering, building maintainable, scalable, and robust applications is a priority. Ruby on Rails, a popular framework, emphasizes conventions that simplify development, but this convenience can sometimes lead to tightly coupled code. Decoupling, the practice of reducing dependencies between different parts of your code, plays a vital role in improving orthogonality—a system’s ability to make changes in one part without impacting others. This blog post explores why decoupling is essential for achieving orthogonality in Ruby on Rails applications and how it benefits your codebase.

What is Orthogonality?

Orthogonality in software design means that different…

Remote Ruby 

Ruby Developer Experience with Vini Stock

In this episode, Jason, Chris, and Andrew catch up with Vini Stock, who works on the Ruby developer experience team at Shopify. They discuss recent advancements in Ruby LSP, including ERB support, the addition of the Copilot Agent, and improvements to the indexing of Ruby code. Vinny shares insights into the complexities of maintaining and advancing a language server and talks about potential future enhancements for the Ruby ecosystem. They also delve into the challenges and possibilities of modern developer tooling and the importance of community contributions. Hit download now!

Honeybadger
Honeybadger is an application health monitoring tool built by developers for developers.

Disclaimer:…
Ruby on Rails 

Rails World 2025 dates announced and more!

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Rails World 2025 - Save the date
Rails World 2025 will take place September 4 and 5, 2025, again in Amsterdam. The same venue, the same city, and good news - more tickets. The CFP is expected to open in early spring 2025, and tickets to be released shortly thereafter. Sponsorship sales opening soon (email: sponsors@rubyonrails.org).

Raise a more specific error when the job class can’t be instantiated
With this change, Rails will raise a more specific error during deserialization when a previously serialized job class is now unknown. ActiveJob::UnknownJobClassError will be raised instead of a more generic NameError to…

Awesome Ruby Newsletter 

💎 Issue 445 - Rails is better low code than low code

John Nunemaker 

Shrinking a Postgres Table

Ok folks, this is kind of a weird one. I'm going to put it in the "you won't ever need this, but if you do, you are going to be glad I wrote this up for ya" category.

As you may or may not know, I recently acquired fireside.fm, an awesome podcast host. While investigating a slow query, I noticed that the database servers were at 87% disk space use.

$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       158G  129G   21G  87% /

I typically use a managed Postgres, which makes it real obvious when you are starting to use a lot of disk space and easy to fix. But this is self-managed Postgres on Linode.

Servers don't like to run out of disk space (or even get close to running…

Rails Designer 

Stimulus Features You (Didn’t) Know

Stimulus is advertised as a modest framework for the HTML you already have. It still packs quite a few features that you (didn’t) know (or have forgotten about).

Existential properties

Every API in stimulus (targets, classes, values and outlets) has the existential attribute option. Meaning you can check if an attribute is available.

  • hasButtonTarget;
  • hasButtonClass;
  • hasLabelValue;
  • hasActionsOutlet.

You can do your logic based off of that boolean value (it returns true or false).

update() {
  if (!this.hasButtonTarget) return;

  this.buttonTarget.classList.add(this.hasButtonClass ? this.buttonClass : "btn");
}

Connected and disconnected callbacks for targets

You most…

justin․searls․co - Digest 

📍 Gaburi Chicken Musashikosugi

I've written about Gaburi before but it remains the absolute best karaage I've found in years of searching. Just order the boneless fried chicken thighs ("momo karaage, hone-nashi") and, if you drink, enjoy the $10 all you can drink course for two hours.

Can't afford not to.

Jake Zimmerman 

What if typing on phones was fast?

What more would be possible if text input on phones was as fast and precise as text input on keyboards?
The Ruby on Rails Podcast 

Episode 528: Working In Tech With ADHD with Chris Ferdinandi

In the last few years, there’s been more awareness about ADHD in adults. We’ve learned that it’s more than hyperactivity and it’s not a deficit of attention. Many working in tech have ADHD and because we have a world built for neurotypicals, there can be unique challenges for those working in tech with ADHD. Today, Chris Ferdinandi joins the show to talk to us about how to thrive in tech with ADHD.

Show Notes

Ruby on Rails 

Rails World 2025: Save the date - September 4 & 5, Amsterdam

Mark your calendars: Rails World 2025 will take place September 4 and 5, 2025, again in Amsterdam. The same venue, the same city, and good news - this time we will release more tickets.

We don’t have a specific timeline yet, but you can expect the CFP to open in early spring 2025, and tickets to be released shortly thereafter.

For any companies looking to sponsor, we will have the prospectus ready soon, so please email sponsors@rubyonrails.org to receive a copy.

But…why Amsterdam again?

You might be wondering why we’ve chosen to return to Amsterdam and the same venue.

The answer is simple: by working with a familiar space and trusted vendors, we can build on the foundation we created…

Saeloun Blog 

Rails 8 Allows drop_table To Accept An Array Of Table Names.

ActiveRecord provides drop_table method to drop a table from database using migration.

class DropPosts < ActiveRecord::Migration[7.2]
  def change
    drop_table :posts
  end
end

Before

If we want to drop multiple tables in one call using drop_table, ActiveRecord did not provide direct support.

So we have to either call drop_table multiple times or use raw SQL.

class DropMultipleTables < ActiveRecord::Migration[7.2]
  def change
    drop_table :users
    drop_table :posts
    drop_table :comments
  end
class DropMultipleTables < ActiveRecord::Migration[7.2]
  def change
    [:users, :posts, :comments].each do |table_name|
      drop_table table_name
    end
  end
end
ActiveRecord::Ba…
BigBinary Blog 

Building deep-links in Electron application

Recently, we built NeetoRecord, a loomalternative. The desktop application was built using Electron. In a series ofblogs, we capture how we built the desktop application and the challenges we raninto. This blog is part 6 of the blog series. You can also read aboutpart 1,part 2,part 3,part 4,part 5 andpart 7.

When developing a desktop application, including every feature directly withinthe app is often unnecessary. Instead, we can offload some tasks such aslogin/signup to a web application. And from the web app, create deep-links tothe desktop app. We can also create shareable links that opens specific contenton the app.

In this blog, we are going to discuss how to create deep-links in ourElec…

Ruby Magic by AppSignal 

Server-sent Events and WebSockets in Rack for Ruby

In the previous part of this series, we discovered how to create persistent connections in Rack in theory, but now we'll put what we learned into practice.

The web has two formalized specifications for communication over a persistent connection: server-sent events (SSEs) and WebSockets.

WebSockets are widely used and highly popular, but SSEs are far less well-known. Let's explore them first.

Server-sent Events

Server-sent events (SSEs) enable a client to hold an open connection with the server, but only the server can publish messages to the client. It isn't a bi-directional protocol.

SSEs are a JavaScript API, so let's modify our app to serve an HTML page with the required script:

class…
Mintbit 

Safe Navigation Operator vs. Explicit Nil Check: Which is Better?

When writing Ruby code, one of the most common tasks is to handle potential nil values safely. Ruby provides a few ways to do this, and two approaches often come up: using the safe navigation operator(&.) and placing an explicit nil check first. In this post, we’ll compare both techniques and help you understand which one is best suited for your code.

The Safe Navigation Operator (&.)

Introduced in Ruby 2.3, the safe navigation operator (&.) allows you to call methods on an object only if that object is not nil. If the object is nil, the expression returns nil instead of throwing an error. This is especially useful when you’re unsure whether an object exists or is nil and want to avoid…

Stefan’s Blog 

ZUGFeRD/X-Rechnung: create required XML+PDF invoice format for EU compliance for 2025 in Ruby + Ghostscript

On 1st Jan 2025 B2B companies will be required to send invoices in a machine-readable format. The name/spec in Germany is called ZUGFeRD (Zentraler User Guide des Forums elektronische Rechnung Deutschland). As not all receiving companies will be able to process a raw XML file, it is best to produce a PDF/A-3 file with embedded XML. This is also known as X-Rechnung in Germany.

To enable the whole process for our B2B company, I did the following steps:

1. Create a XML version of your invoice

The simplest way could be to just make a “invoice.xml.erb”, extract an example xrechnung.xml from ferd-net’s repo and fill in the blanks with your invoice + company’s details.

The way, we did it, by…

All about coding 

How to make a small pulsating animation

The other day, I added a deals page to the GoodEnoughTesting website and considered making the menu item a bit more visible. I wanted it to pulsate just a bit, without being too much.

Tailwind already has an animation called pulse, but I wanted something else. I wanted something that would scale a bit and then come back.

This is what I implemented:

First, I added the following in the application.tailwind.css where I define a 3 keyframes, and I scale it just a bit over at 50% (or the middle frame):

@keyframes pulsate {  0% {    transform: scale(1);  }  50% {    transform: scale(1.10);  }  100% {    transform: scale(1);  }}

Then I extended Tailwind to include this as animation, by adding the…

Everyday Rails 

Testing with RSpec book updates for November 2024

More coverage of request specs, factory_bot, and debugging tests
Ryan Bigg's Blog 

React is fine

This post called “Things you forgot (or never knew) because of React by Josh Collinsworth is a good read about the deficiencies of React, and includes a good comparison between React and the other frontend frameworks at the moment.

And yet, I find myself and my team consistently being productive with React. The main application we develop uses a lot of it, a second application has had a re-write of a key component into React, and other apps have “React sprinkles” through them. It’s a versatile framework!

In our main application, we have React componentry brought in from our design system, which is then bundled together into much larger components. Most of these are static components: take…

Once a Maintainer 

Once a Maintainer: Santiago Pastorino

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Santiago Pastorino, contributor to the Rust compiler team and alumni of the Rails Core team. Santiago is also a cofounder of a software development consultancy called Wyeworks, and he spoke to us from Uruguay.

Once a Maintainer is written by the team at Infield, a platform for managing open source upgrades.

How did you first get into programming?

I live in Montevideo, Uruguay. And I would say that like most of the people back in the day who started when I did, we got into programming through formal study. I went to university to do computer science. It was less of a hobby…

Radan Skorić's website 

Rails is better low code than low code

Update 2024-12-02 : There was a lively discussion about the post on Hacker News you might also find interesting: link to thread. “We need a very simple CRUD app for managing the reservations.” They1 said. “Don’t spend too much time on it.” They added. My thoughts are racing: “Hm, I am very good with Ruby on Rails, this seems like a good fit. But then I’ve also used these low code tools befo...
Saeloun Blog 

Implementing Passwordless Authentication with WebAuthn in Rails

What is Passwordless authentication?

Passwordless authentication is an authentication method that verifies users identity and grant access to a site or system without using password. Instead, users can authenticate using methods like:

  • Biometrics: Face ID, Touch ID
  • Hardware tokens: Devices like YubiKeys
  • Digital tokens: Generated by authenticator apps
  • Magic links: Sent to the user’s email

This method enhances security and simplifies the login process by eliminating password vulnerabilities.

What is WebAuthn?

WebAuthn (Web Authentication API) is a W3C and FIDO standard that provides strong, passwordless authentication using public-key cryptography. It replaces passwords and…

Rails Designer 

Spacer Components introduced in ViewComponent 3.20

Version 3.20 of ViewComponent introduced spacer_component.

It’s a new attribute that can be added to a collection to add another component between each item of a collection. It works like this:

<%= render(ProductComponent.with_collection(@products, spacer_component: SpacerComponent.new)) %>

This will then render SpacerComponent’s between each ProductComponent. Pretty cool.

If you think, you’ve seen this feature before. You could be right. It was inspired by Rails’ collection partial rendering.

The Bike Shed 

448: Other Uses for Tests

How can tests serve beyond just catching bugs in code? In this episode, Stephanie and Joël dive into the various roles that tests can play in a developer's toolkit. Covering all the fundamentals, from aiding knowledge transfer and documentation to ensuring accountability in code reviews, they explore the unexpected ways that tests support developer workflows. They also explain the balance between writing detailed tests for documentation and managing complex code, and how effective testing practices can help developers become more confident and informed in their work. Gain insights about the impact of test suites on team collaboration, code readability, and project handoffs, and…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 115

The one about conferences opening tickets or announcing speakers for 2025, where Samuel Williams announced async-cable, Puma 6.5.0 released
Giant Robots Smashing Into Other Giant Robots 

Automating barcode scanner tests with Capybara

A lot of barcode scanners are basic human interface devices — essentially behaving like a keyboard and not requiring any special drivers. Essentially, they just type on a keyboard very quickly. They’ll support lots of different styles of codes — from the 1D barcodes you see on a lot of products in shops to 2D barcodes (more commonly known as QR codes) which are able to hold much more data and that you might have found yourself scanning a lot more of in the past few years.

We were building a system that creates receipts with QR codes on them. The QR code contains a URL. We want to scan those receipts as part of our application. Thus the need for the test.

When we’re writing system tests…

justin․searls․co - Digest 

📍 Lake Hamana Rest Stop

When Americans think of a highway rest stop, if they were feeling generous they imagine a gorgeous park, filled with children playing and couples strolling. Maybe a second-rate Starbucks and ice cream shop. Possibly even a nice view of the water.

But nothing like this. This puts them all to shame.

Gusto Engineering - Medium 

Super-Scaling Open Policy Agent with Batch Queries

Many shipping containers on a dockyardPhoto by CHUTTERSNAP on Unsplash

Please note: This is in part a continuation of my previous blog post on the topic, and the remainder of this post assumes that you have read the previous one, or at least have some familiarity with Open Policy Agent.

It was back on a cold day of the winter academic term in early 2016, in a depressingly-architected basement classroom underneath a somehow-more-depressingly-architected mall in downtown Montreal, that a much younger version of myself heard about context switches for the first time from a locally famous professor. It’s not something most programmers have to worry about for the most part, but once in a while I am presented with a problem that makes…

Ruby Central 

November 2024 Newsletter

Hello! Welcome to the November newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In October, Ruby Central's open source work was supported by Ruby Shield sponsor Shopify, AWS, the Sovereign Tech Agency (STA), and Ruby Central memberships from 29 other companies, including Partner-level member Sidekiq. In total, we were supported by 186 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

RubyConf 2024: Our Biggest Event Since the Pandemic

RubyConf 2024 took place in Chicago last week, bringing together over 600 attendees for three unforgettable days celebrating the Ruby…

GoRails 

Black Friday 2024 - Sales on GoRails, Courses, Jumpstart, SellRepo! 🎉

Black Friday sales are a way for us to say thanks for all your support. We wouldn't be here without you! 💖

Our Black Friday 2024 sales

36% off GoRails with the yearly plan - Get the deal

Get a yearly subscription to GoRails for just $144/year. That's only $12/mo to stay up-to-date with Hotwire, Rails 7, Ruby 3, and much more!

Want to buy someone a GoRails subscription?

Buy a gift subscription for GoRails and we'll add the subscription to their account for you.

You can also send us a message with the name and email of the recipient and how many months you'd like to gift them. We'll send you an invoice and once it's paid we'll invite them to their account.

$50+ off Jumpstart Pro…

Saeloun Blog 

Rails 8 Adds Ability To Use Multiple Rate Limits Per Controller.

Rate limiting is a crucial technique for managing server traffic, enhancing performance, and bolstering security. By controlling the number of incoming requests over a specific time, it protects systems from abuse and overload.

Before

In Rails 7.2, rate limiting was introduced to Action Controller, enabling developers to limit requests to specific actions within a defined time period.

class PostsController < ApplicationController
  rate_limit to: 10, within: 3.minutes, only: :create
end

However, the limitation here was the inability to define multiple rate limits for different use cases within the same controller.

After

Rails 8 introduces support for multiple rate limits per controller

Rails Designer 

Inline Unsupported Browser Warning (using Rails 7.2 feature)

Rails 7.2 came with a feature to check for allowed browsers. This allows you to block older browsers that don’t support certain features of your app (eg. webp images, web push and CSS nesting and so on).

The way it works is essentially a simple before action; it’s added by default for new apps.

class ApplicationController < ActionController::Base
  allow_browser versions: :modern
end

This will block all requests (that inherit from ApplicationController) and return a 426 error and render the HTML for it (stored in public/). I find it is written quite elegant, but that’s just an aside.

While this set up might work for some, I want to be a a bit friendlier. I want my apps to be usable for…

Notes to self 

Using non-root users in Kamal

Kamal gives us an option to connect with a non-root user, but how can we create it?

Creating a non-root user

If you use cloud VM providers like Hetzner or Digital Ocean, your virtual private server with likely come with root only. And Kamal unfortunately cannot create additional users automatically.

To change root to our own user, we can take advantage of the SSH key of the root user and use it to set up a new user. We can do that with a provisioning tool, script, or issuing the following commands after logging in to the server:

$ ssh root@public-ip

As a first step, we create the user itself with a home directory where we’ll install the SSH keys:

useradd --create-home
justin․searls․co - Digest 

📍 Kaze no yu HAZU

After visiting Kourankei, we took a brief break back at the hotel and asked ChatGPT for some ideas of other things to do near Shinshiro. Becky suggested we try Yuya Onsen town and then realized we had exactly 7 minutes to make the only train for the next two hours. So we speed-walked to the station and paid our fare on board the train.

The Yuya Onsen station is not manned. Despite being arguably more beautiful that day than the nationally famous Kourankei, its visitors are almost entirely regional…

justin․searls․co - Digest 

📸 Building with Becky

It has been very fun and very weird to be traveling across Japan using an app that I built doing workouts designed by my spouse, but it's worked a lot better for me than fucking around with Fitbod and other apps ever did.

Hotwire Weekly 

Week 47 - Sweet Streams, Turbo considered harmful?, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Process slow network requests with Turbo and Active Model - Steve Polito demonstrates on the thoughbot blog how to enhance user experience in Rails applications by offloading slow network requests to background jobs and utilizing Turbo for asynchronous updates.

Meetup Recording: Hotwire Native: Turn Your Rails App into a Mobile App - Yaroslav Shmarov gave a talk at the Paris.rb November 2024 Meetup and the recording is now available on YouTube and RubyVideo.

Meetup Recording: Leveling Up Developer Tooling for the Modern Rails & Hotwire Era - Marco Roth gave a talk at…

justin․searls․co - Digest 

📍 Kourankei

My friend Junko is from Nagoya, so when I asked for recommendations for where to see the leaves changing color (紅葉) she told me Kourankei in Aichi-ken was tops.

It was too warm too late in the year for the maple trees to hit their peak by our late November visit but it was still a really beautiful place to visit. I just wish I didn't have to leave the hotel at 5:30am to ensure I'd get a parking spot.

All about coding 

What I wrote about Ruby this week #2

Monday

My week started (as it always starts) with publishing the Short Ruby Newsletter on Monday

Short Ruby Newsletter - edition 114

Tuesday

I followed up on Tuesday with another series that I am starting that I call Three Ruby Links

Three Ruby Links #9

Wednesday

During my GoodEnoughTesting workshops we discuss in the beginning expectations from the training. There is always an expectation about best practices when writing tests and I tried in this article to pin down some high-level simple rules that I try to apply when writing test code

Tests should be simple

Thursday:

This is a small post showing how to use pattern matching in Ruby to check if an array is empty, not empty, or has some specific…

justin․searls․co - Digest 

📍 Hakusan Theme Park

Found this really nice park in approximately the middle of nowhere south of Kanazawa near our Airbnb.

Mintbit 

The Secret to Consistent Data: Active Record Validations

Ever inherited a project with a database full of messy, inconsistent data? Maybe you’ve dealt with users submitting forms filled with errors or blank fields? That’s where active record validations come to the rescue, and trust me—they’re a must-have in every developer’s toolkit.

Why Validations Matter

Validations are more than just error prevention—they’re your first line of defense for maintaining data integrity. Clean, validated data means fewer bugs, smoother user experiences, and more peace of mind for everyone involved.

Active record validations are your best friend for ensuring your app’s data is:

  • Present
  • Unique
  • Properly formatted
  • Just the right size
  • Always reliable

He…

The Code Gardener 

The Other Side of Fear

The Other Side of Fear

I prepared a lightning talk for RubyConf. Unfortunately, I got distracted and failed to secure a spot. But, I'm pretty proud of the little thing. So, I thought I'd share it here...

The Other Side of Fear

Fear.

It’s not something we talk about. But, it’s here. It’s here because we are. And as humans, we take it with us everywhere we go. 

Fear leads us to build emotional fortresses around our true selves, so we can cower behind them alongside our Imposter Syndrome.

Or, is that just me?

The Other Side of Fear

Hi. I’m Alan Ridlehoover.

And, everything I’ve ever wanted has been on the other side of fear.

Fear comes in many shapes and sizes. But I want to talk about the fear of rejection.

The Other Side of Fear

Like a virus, the fear of rejection causes us to put on masks…

justin․searls․co - Digest 

📸 GitHub spam has gotten worse?

I can't remember getting spam issues and comments so frequently at any point in GitHub's run, so I'm not sure what's driving it now.

This morning I woke up to 40+ emails generated by a dozen or so issues splayed across a bunch of Standard Ruby's repos and initiated by five or six accounts. Unfortunately, the GitHub web UI doesn't make it easy to quickly report spam, delete issues, and block users in one fell swoop. Separately, I encountered a number of race condition bugs in their React interface that resulted in validation failures, so I wasn't able to block them all from the org. Alas.

Great way to start the day.

The Rails Tech Debt Blog 

Upgrade Rails from 7.2 to 8.0

This article is part of our Upgrade Rails series. To see more of them, click here.

This article will cover the most important aspects that you need to know to get your Ruby on Rails application from version 7.2 to version 8.0.

  1. 1. Preparations
  2. 2. Ruby Version
  3. 3. Gems
  4. 4. Config Files
  5. 5. Rails Guides
  6. 6. Notable New Features
  7. 7. Application Code
  8. 8. Next Steps

1. Preparations

Before beginning with the upgrade process, we have some recommended preparations:

  • Your Rails app should have the latest patch version before you move to…
Ruby on Rails 

Active Support’s NotificationAssertions and `sql.active_record` gets `affected_rows`

Hi, it’s zzak. Let’s explore this week’s changes in the Rails codebase.

Add Active Support Notifications test helper module
This PR has been created because it’s currently cumbersome to test that a certain code block/action triggers an ActiveSupport::Notifications::Event to be emitted. It would be ideal to have some helpers to assert against such event emission. Have heard such helpers could be helpful internal to Rails as well.

Add “affected_rows” to “sql.active_record” event
The recently added row_count value is very useful for identifying cases where a query would return a large result set as large results can end up using a lot of memory or even be blocked by databases like Vitess.
Ho…

Ruby Rogues 

Embracing Human Factors and Rapid Development in Ruby on Rails Systems - RUBY 661

In today's episode, they dive deep into the fascinating intersections of system security, rapid development, and the human factors that influence them, with our esteemed guest Emil Kampp. Emil, a seasoned expert in critical infrastructure and fintech, shares his experiences and strategies for using Ruby on Rails to achieve unparalleled speed and robust testing in development.
They explore the nuances of dynamic typing versus static programming, why Ruby on Rails is often the go-to for swift feature deployment, and the significance of stability in critical systems. Emil also sheds light on the complexities of ensuring robust voting processes and the challenges of maintaining security in…