Rubyland

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan

• Triplebyte offers a $1000 signing bonus

• Cachefly

Panel

• Nate Hopkins

• Dave Kimura

• Andrew Mason

• Charles Max Wood

Joined by Special Guest: Lori Olson

Summary

Lori Olson introduces herself, her school and ruby motion. Lori invites all to come to her webinar introducing her “six steps from idea to app store”. The panel discusses their rubymotion experiences and issues; which Lori advises on gems that will help. Lori shares her introduction to ruby and the story of writing her book.The evolution of rubymotion is shared leading the panel to discuss dragon ruby, the rebranding…

RubyMine 2019.1 adds support for rbspy – a great sampling profiler for Ruby. This post will help you start profiling your Ruby/Rails apps with RubyMine in 5 minutes. Here are the exact steps:

• Identify the scenario to be analyzed
• Create a profiler configuration
• Run the program with the profiler attached
• Analyze the profiled data
• Export/Import the profiled data
• Other options

First things first: make sure you have rbspy installed. If it’s not, see this guide to install it for Maс, Linux, and Windows. Now you’re set. Run RubyMine 2019.1 and follow these steps to start profiling:

Identify the scenario to be analyzed

For demonstration purposes, we’ve added an inefficient piece of code to our…

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

Rails 6 added create_or_find_by and create_or_find_by!. Both methods rely on unique constraints on database level. If creation fails because of unique constraints on one or all of the given columns, it tries to find the record using find_by!.

create_or_find_by is an improvement over find_or_create_by because find_or_create_by first queries for the record and then inserts it if none is found. This might lead to a race condition.

As mentioned by DHH in the pull request, create_or_find_by has few cons too:

• The table must have unique constraints on relevant columns.
• This method relies on exception handling…

create_or_find_by! raises…

When you have multiple environments for an app on Heroku each command you execute requires you to pass in the -a (–app) flag with the app name. Heroku app names need to be unique not just for you, but for Heroku as a whole. This means the app name might not always be as memorable as you would like. KickoffLabs is actually broken up into three separate apps which further complicates things (6 total app names).

Instead of using the -a flag, you can also use the git remote name via the –remote flag.

The remote name only needs to be unique within your app. This means you can reign in this craziness a bit by using your own git remote names. By default, Heroku creates a remote called heroku.…

I was reading this post on Hash#fetch, and it reminded me of another lesser used/understood method on Ruby’s Hash object, new.

Typically, in Ruby, a hash is created by using just the {} literal. This is the equivalent of just doing Hash.new.

h1 = {}
h2 = Hash.new

Regardless of which option you choose, you get the same result.

However, as in most things Ruby, there is more than one way. The Hash initializer has three options:

1. No parameters
2. A default parameter
3. A Block

Next to the literal, the one I use most often is option #2, a default parameter. Typically, I use this when I want to count a bunch of things.

a = [1,2,3,4,1,1,3]
h = Hash.new(0)
a.each {|i| h[i] += 1}
puts h #{1…

Without the Hash.new(0) we…

Charity Majors is the CEO and co-founder of Honeycomb, a tool for software engineers to explore their code on production systems. Prior to co-founding Honeycomb, Majors worked as production engineering manager at Facebook, was the first infrastructure engineer on Parse also spent several years at Linden Lab as operations and database engineer working on the infrastructure that powers “Second Life“.

In this interview, we spoke with Majors about the importance of putting developers on call, the concept of observability-driven development and software ownership within teams.

You always underline the fact that you’re coming from the “ops” world rather than the “dev” one. In one of your…

When your application becomes popular it may attract the attention of hackers, who’ll try and find ways to exploit the weaknesses in your site to use it for nefarious means!

They’ll nearly always explore your site manually, signing up and testing attack vectors, before attempting to automate the weaknesses they’ve discovered.

During an attack, the hacker’s bots will typically sign up with a random email then do something bad, hundreds of times a minute, from a relatively small number of computers.

Instead of…

…allowing unlimited sign up attempts…

Use…

…Rack::Attack to limit the frequency of sign ups and ban the offending IP addresses.

Gemfile

gem 'rack-attack'

config/application.rb

1.KBA is moving out

Identity verification that relies on the possession of data is no longer a sufficient solution. KBA and SSN verification are proving to be a weak and unsafe security method and the most recent data leak involving US Postal Service further validates this. The digital world needs a better way to validate your real-world identity and what better with which to do that than with the one thing you are never without: your phone.

A phone number-to-identity link allows a business to authenticate the user signing up is the owner of the identity, not a fraudster using leaked data.

2. User experience is everything

From your website’s color scheme to a dedicated customer…

• Jesus Catello's website
• Jesus Castello on Twitter

Hi everyone,

I am happy to announce that Rails 5.1.7.rc1 has been released.

This is going to be the final bug fix release for the 5.1 series, so please make sure you test the release candidates to make sure no regressions are found.

If no regressions are found, expect the final release on Wednesday, March 27, 2019. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 5.1.6

To view the changes for each gem, please read the changelogs on GitHub:

• Action Cable CHANGELOG
• Action Mailer CHANGELOG
• Action Pack CHANGELOG
• Action View CHANGELOG
• Active Job CHANGELOG
• Active Model CHANGELOG
• A…

To see a summary of changes, please read the release on…

Chris is joined by Devon Zuegel who recently joined GitHub in the new Open Source Product Manager role. Devon and Chris discuss the complexities inherent to open source including funding models, managing motivation and burnout, different open source models, and end with a discussion around how we can be bittern open source citizens, both as consumers and maintainers.

• Devon on Twitter
• Devon's Blog
• Nadia Eghbal - Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure
• Patreon
• Sindre Sorhus on Patreon
• Open Collective
• ESLint on Open Collective
• Webpack on Open Collective
• Babel on Open Collective
• Sidekiq Pro
• GraphQL Pro
• GitHub related issues
• Clojure
• Rich Hickey
• Elm
• Evan…

Thank you to CircleCI for sponsoring this episode.

Hi everyone,

I am happy to announce that Rails 5.2.3.rc1 has been released.

If no regressions are found, expect the final release on Wednesday, March 27, 2019. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 5.2.2

To view the changes for each gem, please read the changelogs on GitHub:

• Action Cable CHANGELOG
• Action Mailer CHANGELOG
• Action Pack CHANGELOG
• Action View CHANGELOG
• Active Job CHANGELOG
• Active Model CHANGELOG
• Active Record CHANGELOG
• Active Storage CHANGELOG
• Active Support CHANGELOG
• Railties CHANGELOG

To see a summary of changes, please read the release on…

Amazon Transcribe streaming transcription enables you to send an audio stream, and with a single API call, receive a stream of text in real time. We’re excited to announce support for the #start_stream_transcription API with bidirectional streaming usage in the AWS SDK for Ruby.

Before calling #start_stream_transcription

To use the Amazon Transcribe #start_stream_transcription API, you need to have http-2 gem and aws-sdk-transcribestreamingservice gem available, as follows.

gem 'http-2', '~> 0.10'
gen 'aws-sdk-transcribestreamingservice', '~> 1.0'

The Amazon Transcribe #start_stream_transcription API enables you to send an audio stream and receive a stream of text in real time.…

Using Mappers to Organize Your Data

Improve the organization of your components

At some point during the development of your project, you might have needed to develop a feature that consumed data from an external source. You had no idea, however, about the shape of the data. All you had is a wireframe or a mock of the screen.

Undoubtedly, you’ve called your backend co-worker to ask for a sample of the API response so you can identify the elements you need. But you haven’t gotten it right away, so you turned your brain into the “I need this, how can I guess it?” mode.

In such a situation, you need to be able to fake out an API response using the wireframe as a reference. But what happens when…

Given on Ubuntu 18.04

ffmpeg -i vokoscreen-2019-03-21_07-45-03.mkv -codec copy output.mp4

source: https://askubuntu.com/questions/50433/how-to-convert-mkv-file-into-mp4-file-losslessly

Sponsors

• Sentry use the code "devchat" for $100 credit
• TripleByte
• CacheFly

Panel

• David Kamira
• Eric Berry
• Andrew Mason

Special Guest: Karthik Gaekwad

Episode Summary

In this episode of Ruby Rogues, the panelists speak with Karthik Gaekwad, who helped build the Oracle Kubernetes Engine. The panelists discuss the naming of Ruby as the Server-Side Programming Language of the Year in 2018, beating out PHP and Java. Karthik talks about incorporating Ruby into Oracle. His team uses Ruby in both development and operations, and having a common language has increased their efficiency.

The panelists discuss the shift from constant servers to more volatile servers…

Many times developer needs to copy over database dump or some migration csv file containing data to server. Easiest way is to just do scp but sometimes you are not able to do that due to firewall restrictions, or because you have only web-console availble, therefore no real ssh connection (e.g. Kubernetes dashboard)

scp

So if you have direct ssh access to server easiest way is to do scp

scp /tmp/my-file.csv user@123.123.123.123:project/folder/

scp /tmp/my-file.csv user@123.123.123.123:/home/user/project/folder/

scp /tmp/my-file.csv user@123.123.123.123:/tmp

# multiple files
scp -r /tmp/folder-full-of-files user@123.123.123.123:/tmp/

encrypt file, push to cloud, pull from cloud

Whe…

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plank
• .TECH - Go.tech/MRS and use the coupon code “MRS.TECH” and get a 1 year .TECH Domain at $9.99 and 5 Year Domain at $49.99. Hurry!
• CacheFly

Host: Charles Max Wood

Guest: Sebastian Sogamoso

Episode Summary

In this episode of My Ruby Story, Charles hosts Sebastian Sogamoso, a software developer from Colombia. Sebastian now lives in Panama City and works for CookPad. Listen to Sebastian on the Ruby Rogues podcast here.

Sebastian first started coding in high school with Pascal. Upon graduating with a Systems Engineering degree from National University of Colombia, he continued developing in Ruby.js.

Sebast…

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

Rails 6 raises ActiveModel::MissingAttributeError when update_columns is used with a non-existing attribute. Before Rails 6, update_columns raises ActiveRecord::StatementInvalid error.

Rails 5.2

>> User.first.update_columns(email: 'amit@bigbinary.com')
SELECT  "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT $1  [["LIMIT", 1]]
UPDATE "users" SET "email" = $1 WHERE "users"."id" = $2  [["email", "amit@bigbinary.com"], ["id", 1]]

=> Traceback (most recent call last):
        1: from (irb):8
ActiveRecord::StatementInvalid (PG::UndefinedColumn: ERROR:  column "email" of relation "users" does not exist)
LI…

Rails 6.0.0.beta2

>> User.first.update_columns(email: 'amit@bigbinary.com')
SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT ?  [["LIMIT", 1]]

Traceback (most recent call last):
        1: fr…

Here is the relevant commit.

Guest host, Nick Schwaderer, chatted with Edouard Chin, Production Engineer at Shopify about one of the biggest Rails releases to date: Rails 6. Tune in to hear which features Nick and Edouard are most excited to use at their respective jobs.

Links for this episode:

• Episode Music: "Funkorama" by Kevin MacLeod
  
• Edouard Chin on Github
  
• Ruby on Rails 6.0 Beta 1 Deprecations
  
• Shopify's Deprecation Toolkit
  
• Shopify's Bootboot
  
• Episode Introduction and Outro by Michael Springer
  

Brought to you by:

• Blockstack The Blockstack ecosystem is hard at work to provide better, safer, user-owned apps. Ruby developers can get started in 45 minutes with the ‘Zero-to-Dapp’ Tutorial which will take you through building…

The following is an excerpt from my book, Rails Testing for Beginners.

What we’re going to do

One of the biggest challenges in getting started with testing is just that—the simple act of getting started. What I’d like is for you, dear reader, to get a small but meaningful “win” under your belt as early as possible. If you’ve never written a single test in a Rails application before, then by the end of this chapter, you will have written your first test.

Here’s what we’re going to do:

• Initialize a plain-as-possible Rails application
• Create exactly one static page that says “Hello, world!”
• Write a single test (using RSpec and Capybara) that verifies that our static page in fact says “Hello,…

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

Rails 6 changed return value of ActiveRecord::Base.configurations to an object of ActiveRecord::DatabaseConfigurations. Before Rails 6, ActiveRecord::Base.configurations returned a hash with all the database configurations. We can call to_h on object of ActiveRecord::DatabaseConfigurations to get a hash.

A method named as configs_for has also been added on to fetch configurations for a particular environment.

Rails 5.2

>> ActiveRecord::Base.configurations

=> {"development"=>{"adapter"=>"sqlite3", "pool"=>5, "timeout"=>5000, "database"=>"db/development.sqlite3"}, "test"=>{"adapter"=>"sqlite3", "pool"=>5, "…

Rails 6.0.0.beta2

>> Activ…

A THE CONF deste ano já começou a ser organizada e o Call for Papers já está no ar! Enviem suas propostas até o fim de Abril!

Pra quem não conhece, a idéia da THE CONF apareceu no fim de 2016. É uma iniciativa da Codeminer 42 com parceria da InfoQ Brasil desde o começo. Na Europa ou na Ásia existem dezenas de eventos de tecnologia e apesar de inglês não ser a língua nativa em muitos desses países mesmo assim a língua nativa nos principais eventos é inglês. Quer você goste ou não, a língua universal principalmente em tecnologia é e vai continuar sendo inglês. Não tirar vantagem disso não faz nenhum sentido.

Na Codeminer atendemos clientes no Brasil mas muitos nos EUA e também na Europa.…

Despite the fact that it's been around longer than I've been a programmer, I feel like the buzz around the Go programming language has increased of late. This might be why, a few weeks ago, the company I'm working with announced their intention to start migrating portions of their Node microservices into Go. Since then I've spent some time learning Go, and pitching in on a Test Double open source project called Diplomat in order to get my bearings.

The process of learning a new language is, for me, a process of re-evaluating how I think. After almost five years in the land of JavaScript and Node, Go presented not only a challenge in terms of syntax, but in terms of worldview. Reflecting…

Recently I was refactoring a part of one our projects to add more domain events to the Identity bounded context so that we can have better audit logs of certain actions performed on identities in our system. I started from extracting a service that was responsible for consuming commands. I started with something like this:

class UpdatePersonalSettings
  include Command
  attribute :email, String
  attribute :name, String
  attribute :identity_id, Integer
end

class IdentityService
  # ...

  def update_personal_settings(command)
    Identity.find(command.identity_id) do |identity|
      identity.email = command.email
      identity.name = command.name
      identity.save!
      publish(
 …

At first sights, everything looked OK. I had some tests that was verifying the…

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan

• Triplebyte offers a $1000 signing bonus

• Cachefly

Panel

• Andrew Mason

• Eric Berry

• Dave Kimura

Joined by Special Guest: Sean Handley

Summary

Sean Handley explains in detail ruby bindings and FFI and why they might be useful. The panel discusses the advantages of using a ruby binding, such as speed and opening up access to other projects. Sean Handley and Dave Kimura give advice on organizing code, to make it easier to use the FFI library. Sean Handley talks about his experience using FFI and native extension. The discussion switches gears and talks about Sean Handley’s blog post…

• Jekyll, a blog-aware static site generator, is approaching version 4.0.0. Alpha release is available now and it addresses one of the most painful part of Jekyll: slow render times with many pages. Ruby Tuesday webpage is powered by Jekyll, by the way. Jekyll 4.0.0.pre.alpha1 since today.
• It’s still several months left unitl the release of Ruby 2.7, but we already have one cool feature merged: shorthand syntax for accessing parameters in block a.k.a. numbered parameters This feels to be taken straight from Elixir but it works well there and I think it should work well in ruby too, unless people abuse it. So, goodbye array.map { |elem| my_transformation(elem) }, hello array.map {…
• Before Amazon started supporting Ruby in its Lambda serverless…

Dear Jekyllers,

Time has come to release a first alpha for Jekyll 4!

This pre version fixes many bugs, and should improve your build times. Some of you already shared really good results. We hope your Jekyll sites will also benefit from these optimizations.

If you’re a plugin developer, we definitely need your feedback, especially if your plugin does not work with v4.

Jekyll now exposes a caching API, that some plugins could benefit from.

Also be aware that it’s a new major version, and it comes with a few breaking changes, notably :

1. We dropped support for Ruby 2.3 who goes EOL at the end of the month. GitHub Pages runs Ruby 2.5.x, services lile Netlify or Forestry already upgraded…
2. link tag now include …

One of the first complications that most webapps of any complexity will run into is the need for privileged users who can do things that normal users can't or shouldn't be able to do. Before too long, you're headed towards writing your very own administrative interface. This is not only extra work, but can be tricky to do without compromising the security of the application you're administering. Most Rails developers will be familiar with this story, and Rails being Rails, it turns out that there are a couple of good options for extending your existing applications with a pre-generated, customizable admin console.

Specifically, you have two good choices in the form of ActiveAdmin and Adm…

Scope is an important concept to understand for all Ruby developers. It’s the source of many error messages & confusion. What is scope? Scope refers to what variables are available at any given point in time. Different kind of variables have different scopes. A scope can be very narrow (local variables) or very wide (global […]

The post Understanding Ruby: Scope & Binding Objects appeared first on RubyGuides. Don't miss your free gift here :)

Rails has a lot of magic that we often take for granted. A lot is going on the behind the clever, elegant abstractions that Rails provides us as users of the framework. And at a certain point, I find it’s useful to peek behind the curtain and see how things really work.

But opening the Rails source code can be absolutely daunting at first. It can feel like a jungle of abstractions and metaprogramming. A large part of this is due to the nature of object-oriented programming: by its nature, it’s not easy to follow a step-by-step path that would be taken at runtime. Sometimes, it helps to have a guide.

With this in mind, let’s take some time to explore how routing…

BigBinary started in 2011. Here are our revenue numbers for the last 7 years.

We achieved this to date without having any outbound marketing and sales strategy.

• We have never sent a cold email.
• We have never sent a cold LinkedIn message.
• The only time we advertised was a period of two months when we tried Google advertisements, with no outcomes.
• We do not sponsor any podcast.
• We have not had a sales person.
• We have not had a marketing person.

We have kept our head down and have focused on what we do best, such as designing, developing, debugging, devops, and blogging.

This is what has worked out for us so far:

• We contribute to the community through blog posts and…
…

Strong parameters allow us to control the user input in our Rails app. In development environment the unpermitted parameters are shown in the log as follows.

It is easy to miss this message in the flurry of other messages.

Rails 6 has added a change to show these params in red color for better visibility.

Hello friends,

It's been two weeks since the last SIGAVDI. I visited my kids in Pennsylvania last weekend, then came home and went into a bit of an emotional tailspin. As of today (Sunday) I'm feeling a bit better. I attribute the improvement mostly to getting some much-needed human touch and socialization over the past two days. It's amazing how much these things help.

Heads up: I'm officially looking for a part-time consulting client. There's some more info here; feel free to pass it along!

Some premises about my relationship with unit testing:

1. I like test-driven development.
2. I like driving out individual object design small, isolated (e.g. no database) unit tests.
3. I think of these unit…

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan
• Triplebyte offers a $1000 signing bonus
• Cachefly

Panel:

• Eric Berry
• Dave Kimura
• Andrew Mason

Joined by Special Guest: Stefan Wintermeyer

Episode summary

Stefan Wintermeyer, a german consultant, discusses his recent blog post “Rails needs Active Deployment”. He goes on to explain that this isn’t meant for rails deployment “rockstars” or Heroku, this is for normal developers who need an easier way to deploy their rails applications. Stefan Wintermeyer addresses the suggestions of using Docker. This begins a discussion of the different services that can be used and the disconnects found in many of…

Last week I released a new zine: Bite Size Networking! It’s the third zine in the “bite size” series:

1. Bite Size Linux
2. Bite Size Command Line
3. Bite Size Networking

You can get it for $10 at https://wizardzines.com/zines/bite-size-networking/! (or $150/$250/$600 for the corporate rate).

Here’s the cover and table of contents!

A few people have asked for a 3-pack with all 3 “bite size” zines which is coming soon!

why this zine?

In last few years I’ve been doing a lot of networking at work, and along the way I’ve gone from “uh, what even is tcpdump” to “yes I can just type in sudo tcpdump -c 200 -n port 443 -i lo” without even thinking twice about it. As usual this zine is the…

Recently, Hongli Lai of Phusion Passenger fame, has been looking at how to reduce CRuby’s memory usage without going straight to jemalloc. I think that’s an admirable goal - especially since you can often combine different fixes with good results.

When people have an interesting Ruby speedup they’d like to try out, I often offer to benchmark it for them - I’m trying to improve our collective answer to the question, “does this make Rails faster?”

So: let’s examine Hongli’s fix, benchmark it, and see what we think of it!

The Fix

Hongli has suggested a specific fix - he mentioned it to me, and I tested it out. The basic idea is to occasionally use malloc_trim to free additional blocks of memory…

Sp…

Hello. This is Wojtek here bringing you the exciting updates from Rails.

Security fix releases of Rails

Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released containing important security fixes. Note that with 6.0 release only Rails 6.x.y and Rails 5.2.x are guaranteed to receive both major and minor security fixes by Rails core.

Active Record adds “insert_all” and “upsert_all” methods

It’s now possible to insert many records at once within one SQL statement. You can check summary of this feature in Josef’s blog post.

Rails command “db:seed:replant” added

Bring back clean state of database seeds with this simple command without redoing the database structure.

…

• Avdi Grimm's Website
• Avdi on Twitter
• RubyTapas
• Master the Object-Oriented Mindset in Ruby and Rails
• Enough With the Service Objects Already
• Alan Kay, on Quora, Answers the question: "Why is functional programming seen as the opposite of OOP rather than an addition to it?"

On this week's episode, Chris is joined by Alex Sullivan, mobile developer in our Boston office. Alex takes Chris on a tour of the mobile landscape comparing the core native platforms (Android and iOS), the languages, developer tooling and IDEs, and fundamental thinking. They also dip into a discussion around React Native highlighting some of its strengths, as well as areas where native still clearly wins. Finally they touch on Flutter, the newest entrant into the mobile space to round out the discussion.

• Runkeeper
• Android
• iOS
• ViewModel
• Room
• Java
• Kotlin
• Objective C
• Swift
• Scala
• JetBrains
• Type erasure
• Reified types
• Android Studio
• Xcode
• AppCode
• Gary Bernhardt
• React Native
• Xamarin
• Fl…

Thank you to CircleCI for sponsoring this episode.

Ruby 2.5.5 has been released.

This release includes a bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma.

See the commit logs for changes in details.

Download

• https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.5.tar.bz2

  SIZE:   14165422 bytes
  SHA1:   1932db85ace80ecdbc5cfc7aada5b5123f7ad739
  SHA256: 1f2567a55dad6e50911ce42fcc705cf686924b897f597cabf803d88192024dcb
  SHA512: 1b56aa79569b818446440b9f2d13122bf7c2976ab9b2865f5fb62d247d7768dd4ac5b5e463709ffec0f757bff7088afd293c2a8c5349c3780763b6444bb354a8
  

• https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.5.tar.gz

  SIZE:   15996436 bytes
  SHA1:  …

Amazon Kinesis launched two significant performance-improving features for Amazon Kinesis Data Streams: enhanced fan-out and an HTTP/2 data retrieval API (“SubscribeToShard”). This API allows data to be delivered from producers to consumers in 70 milliseconds or better. Today, we’re excited to announce the support for Kinesis SubscribeToShard API in the AWS SDK for Ruby.

Before calling the #subscribe_to_shard API

The #subscribe_to_shard API is available in the aws-sdk-kinesis gem version 1.10.0 and later for Ruby version 2.1 and later. This API is built on the HTTP/2 protocol for streaming back shard events, instead of the normal API call based on the HTTP1.1 protocol. You need to have ht…

gem…

We recently released a new search key autocomplete feature here at Honeybadger. It was such a fun project that I just had to write it up for you all. Not only does it showcase an exciting use of DynamoDB, but it also shows the challenges of using DynamoDB cost-effectively with large amounts of frequently-updated data.

What do we mean by search key autocomplete?

Honeybadger stores error reports. Those reports contain lots of data (like params, session, context) that is searchable.

Need to find all errors caused by "Bob"? Just do this search:

context.user.first_name:"Bob"

As you can imagine, nested searches are handy. However, they have had two big problems. To do the above search we had…

Do you want your engineering team to deliver bug-free code at high velocity? A fast and reliable CI/CD pipeline is crucial for doing that sustainably over time.

What is a CI/CD pipeline?

A CI/CD pipeline helps you automate steps in your software delivery process, such as initiating code builds, running automated tests, and deploying to a staging or production environment. Automated pipelines remove manual errors, provide standardized development feedback loops and enable fast product iterations.

What do CI and CD mean?

CI, short for Continuous Integration, is a software development practice in which all developers merge code changes in a central repository multiple times a day.…

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

As described by DHH in the issue, Rails has find_or_create_by, find_by and similar methods to create and find the records matching the specified conditions. Rails was missing similar feature for deleting/destroying the record(s).

Before Rails 6, deleting/destroying the record(s) which are matching the given condition was done as shown below.

  # Example to destroy all authors matching the given condition
  Author.find_by(email: "abhay@example.com").destroy
  Author.where(email: "abhay@example.com", rating: 4).destroy_all

  # Example to delete all authors matching the given condition
  Author.find_by(email: …

The above examples were missing the symmetry like find_or_create_by and find_by methods.

In Rails 6, the new delete_by and destroy_by methods have been added…

Hello! Welcome to the monthly update. During January and February, our work was supported by Handshake, Stripe, Bleacher Report, DigitalOcean, and many others.

Yearly update update: Wondering why you didn’t get the 2018 yearly update last month? Our email sending system was down last month due to a denial of service attack. You can read the 2018 yearly update from last month on our website.

ruby together news

In January and February, Ruby Together was supported by 63 different companies, including Sapphire member Stripe. In total, we were supported by 66 individual members and 63 friends of Ruby Together. Thanks to all of our members for making everything that we do possible. <3

In…

Tom Rossi is the cofounder of Higher Pixels, the company behind several Ruby on Rails built web products. He joined Brittany from sunny Florida to talk about transitioning from a client services business to a product company and being intentionally small.

Links for this episode:

• Episode Introduction and Outro by Michael Springer
  
• Higher Pixels
  
• Buzzsprout on Twitter (@buzzsprout)
  
• Episode Music: "Funkorama" by Kevin MacLeod
  

Brought to you by:

• Blockstack The Blockstack ecosystem is hard at work to provide better, safer, user-owned apps. Ruby developers can get started in 45 minutes with the ‘Zero-to-Dapp’ Tutorial which will take you through building your first decentralized application today.

Hello everyone!

Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible:

• CVE-2019-5418 File Content Disclosure in Action View
• CVE-2019-5419 Denial of Service Vulnerability in Action View

Rails 5.2.2.1 and 6.0.0.beta3 also contain the following fix:

• CVE-2019-5420 Possible Remote Code Execution Exploit in Rails Development Mode

The released versions can be found in the usual locations, and you can find a list of changes on GitHub:

• Changes in 4.2.11.1
• Changes in 5.0.7.2
• Changes in 5.1.6.2
• Changes in 5.2.2.1
• Changes in 6.0.0.beta3

If…

The brilliant tool puma-dev is a great way to manage and run rack apps on your local machine in development, particularly on a Mac.

However, puma-dev used to default to using the .dev suffix on your locally running websites. The default is now .test.

As of March 2019, .dev domains are now a real top-level domain on the internet, that you can buy. Use DNSimple! (referral link)

As a long term user of puma-dev, you might find that trying to navigate to “live on the internet” .dev sites might fail because of the original setup of the tool. In Chrome you see a DNS_PROBE_FINISHED_NXDOMAIN error.

Even using the uninstall instructions failed to fix this issue for me, but you should try those…

If you have…

Ruby 2.5.4 has been released.

This release includes bug fixes and a security update of the bundled RubyGems. See details in Multiple vulnerabilities in RubyGems and the commit logs.

Download

• https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.4.tar.bz2

  SIZE:   14167366 bytes
  SHA1:   ac3248a055b5317cec53d3f922559c5b4a67d410
  SHA256: 8a16566207b2334a6904a10a1f093befc3aaf9b2e6cf01c62b1c4ac15cb7d8fc
  SHA512: 3c4f54f38ee50914a44d07e4fd299e53dddd045f2d38da2140586b8a9c45d1172fec2ad5b0411c228a9b31f5e161214820903a65b98caf3b0dfeeaabf2cab6ad
  

• https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.4.tar.gz

  SIZE:   15995815 bytes
  SHA1:  …

Ruby 2.6.2 has been released.

This release includes bug fixes and a security update of the bundled RubyGems.

See details in Multiple vulnerabilities in RubyGems and the commit logs.

Download

• https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.2.tar.gz

  SIZE:   16777765 bytes
  SHA1:   44c6634a41f63ebdc1f3ce6ddcf48a4766bb4df7
  SHA256: a0405d2bf2c2d2f332033b70dff354d224a864ab0edd462b7a413420453b49ab
  SHA512: bc96a6793a1e3111598b82b0aad98dc5b465e39cdb5b788c4259818752e028a44545c6489c02c323db0f43a362c26f0900acfba0277d6e2201587d7252f6125f
  

• https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.2.zip

  SIZE:   20601169 bytes
  SHA1:  …

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan
• Triplebyte offers a $1000 signing bonus
• CacheFly

Host: Charles Max Wood

Guest: Genadi Samokovarov

Episode Summary

In this episode of My Ruby Story, Charles chats with Genadi Samokovarov, a software developer who loves using Ruby.

Genadi has also been a guest on the podcast Ruby Rogues, you can listen to it here.

Genadi was born in Bulgaria and grew up playing video games. During his high school years he was the “go-to guy” for computers in his neighborhood. In his university years he got interested in Python and afterwards in Ruby.

He then applied for Google Summer of Code and continued developing his…

On the cusp of each new year, we’re usually pelted by articles proclaiming the death of this gem of a framework. And while Ruby on Rails is almost 15 years old, it’s nowhere close to passing on from the world of programming. In fact, there are many use cases where RoR offers a better fit than any other tool. Having delivered dozens of projects in this language since 2010, we know them all too well. So let’s back all of these claims up with some facts, shall we?

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

Before moving forward, we need to understand what touch method is. touch is used to update updated_at timestamp by default to current time. It also takes custom time or different columns as parameters.

Rails 6 has added touch_all on ActiveRecord::Relation to touch multiple records in a go. Before Rails 6, we needed to iterate on all records using an iterator to achieve this.

Let’s take an example in which we call touch_all on all User records.

Rails 5.2

>> User.count
SELECT COUNT(\*) FROM "users"

=> 3

>> User.all.touch_all

=> Traceback (most recent call last):1: from (irb):2
NoMethodError (undefined me…

Welcome to the December 2018 monthly update!

In January, we awarded our first three-month long project grant to David Rodriguez for his work on Bundler and RubyGems. Here’s his first update:

Hello everyone!

This is my first progress report about my collaboration with Ruby Together to improve Bundler’s release process and deprecation management. I feel really proud that I’ve been given this opportunity, and I will do my best to improve the core of the Ruby ecosystem!

I have focused on several things these first two weeks:

I stabilized the builds of both Bundler and RubyGems, by fixing skipped tests and flaky failures to get both CIs consistently green. This should make subsequent…

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in January and February.

rubygems.org news

In last two months, we updated our search API to use Elasticsearch, which resolves multiple issues including missing search results and slow performance. Thanks to @lucianosousa, we are now using Rails 5.2.2. We would also like to let you know that we sprinkled some styling to our email templates and now they are no longer being marked as spam by some email providers. We haven’t received any new help ticket for email being lost in…

In mid…

Sponsors

• Sentry use the code “devchat” for 2 months free on Sentry small plan
• Triplebyte offers a $1000 signing bonus
• Cachefly

Panel:

• Eric Berry
• Dave Kimura
• Andrew Mason

Joined by Special Guest: Stefan Wintermeyer

Episode summary

Stefan Wintermeyer, a german consultant, discusses his recent blog post “Rails needs Active Deployment”. He goes on to explain that this isn’t meant for rails deployment “rockstars” or Heroku, this is for normal developers who need an easier way to deploy their rails applications. Stefan Wintermeyer addresses the suggestions of using Docker. This begins a discussion of the different services that can be used and the disconnects found in many of…

Executive Summary - Jekyll Rest allows you to publish to a Jekyll based site which uses Github as a repository.

One of the things I like about the Jekyll + Github + Netlify combination is there is nothing to manage. No backups. No (major) concerns with hosting. Ultimately, nothing to do but write¹. This is actual serverless IMO.

The trade-off is a slower publishing flow and usually being tied to a computer with Git access. Most of the time this is not as big of an issue as it would seem (how many of you blog more than once a week). However, I am continuing to try and flush out my “shorts” concept and always needing to be at a computer with Git access was slowing me down.

I had…

In The Olden Days™ of web development, a single FTP server and a bash script were all that was necessary to deploy and serve an application. If it worked on your machine, it was good enough for the rest of the connected world. (Of course, if a server failed, a dozen sysadmins would scramble to the rack and swap out components.)

As technology improved and access to the Internet broadened, more and more operational knowledge was required to accomplish the same goal. Developers adapted by learning more about how to configure the nitty gritty details of their servers. We picked the operating system, the database, and the web server; we learned how to mitigate disaster scenarios and manage…

The normal flow of visiting a website is that you load a page & if you want to see new information you have to either reload the page to update it, or click a link to visit a different page. This a synchronous flow. New data is only presented when a new page is requested […]

The post How to Use AJAX With Ruby on Rails appeared first on RubyGuides. Don't miss your free gift here :)

Rails’ view architecture is a flexible and magical place. Perhaps too much so. Some examples of ‘view magic’ include:

• Instance variables defined in controllers are magically available in view templates.
• Inferred template names.
• A global namespace of helpers.

For some it’s too much, but most of us accept the “magic” and muddle through any strangeness.

Instead of…

…using the global variables from your template inside your partials…

album/show.html.erb

...
<% @album.songs.each do |song| %>
  <h2><%= song.name %></h2>
  <%= render "character", collection: song.characters, as: :character %>
<% end %>
...

song/_character.html.erb

...
<p><%= character.name %></p>
<div class="popup"…

Three years ago I wrote about the difference between a CTO and a VP of Engineering at a startup, but only hired a VP in 2018. In this post I will explain why I decided to do it, and discuss one possible separation of responsibilities between a CTO and a VP of Engineering.

The List of CTO Responsibilities

My CTO role over the years included pretty much everything related to building software, ranging from coding to architecture, company strategy and Engineering budget. I also once served a coffee to an investor. With years I felt like the list of things I was doing became infinite, yet a lot of new hires had no idea about what I did anymore. Did I?

To Divide a List One Must Have Such a…

Say you have built a new futuristic website for your gem and now you want to update its homepage link on our site. What happened to the linkset edit link? is something you may find yourself asking when you find out that the edit link is no more (Press F?). Before more of you start questioning your sanity over it, let us assure you that it is still the same timeline you have always lived in. While we don’t have portals yet, you can now set your gem page sidebar links per version, so that’s something.

It started with @fwolfst suggesting that we should use the gemspec to set the source code link, and all we said back was:

submitting a pull request with this change and a test will get a…

Say you have built a new futuristic website for your gem and now you want to update its homepage link on our site. What happened to the linkset edit link? is something you may find yourself asking when you find out that the edit link is no more (Press F?). Before more of you start questioning your sanity over it, let us assure you that it is still the same timeline you have always lived in. While we don’t have portals yet, you can now set your gem page sidebar links per version, so that’s something.

It started with @fwolfst suggesting that we should use the gemspec to set the source code link, and all we said back was:

submitting a pull request with this change and a test will get a…

Sprint Retrospectives are a crucial part of our project management strategy at Ombu Labs. Because we are a remote and international team of software developers, we miss out on the “water-cooler” conversations and small talk that would normally occur between employees in a typical office environment.

Though it may seem small, those “hey, what are you working on today?” and “i’m having trouble with a client” conversations help keep the team up to speed.

It is important for project team's to make time to check in and discuss how the project is going. For this we have the Sprint Retrospective.

We like to schedule a Sprint Retrospective for each client project every two weeks. It is an…

• Javan Makhmali on Twitter
• Sam Stephenson on GitHub
• StimulusJS
• Turbolinks
• Turbolinks iOS
• Turbolinks Android (Deprecated)
• Trix
• Stimulus Implementation Overview
• Stimulus Classes & Values API

I wanted to experiment with using Caddy Server as a reverse proxy to an application hosted on Heroku.

If you are not familiar with Caddy, it is a newish, lightweight web server written in Go that was built from the ground up to leverage HTTPS (via Let’s Encrypt). Caddy is general purpose web server, but for now, I am only interested in using it as a reverse proxy.

You can create a minimalist version of a reverse proxy by adding a Caddyfile with the following:

yourdomainname.com
proxy / proxieddomain.com

You then start Caddy¹, and your requests from yourdomainname.com should be proxied to proxieddomain.com.

However, this does not work as is for Heroku. When a request is proxied to…

When time pressure from managers drives coders to write poor-quality code, some people think the responsible party is the managers. I say it’s the coders. Here’s why I think so.

The ubiquity of time pressure in software development work

I’ve worked on a lot of development projects with a lot of development teams. In the vast majority of cases, if not all cases, the development team is perceived as being “behind”. Sometimes the development team’s progress is slower than the development team themselves set. Sometimes development progress is seen as behind relative to some arbitrary, unrealistic deadline set by someone outside the development team. Either way, no one ever comes by and says to…

Semaphore gives you the power to easily create CI/CD pipelines that build, run and deploy Docker containers. DigitalOcean recently introduced a managed Kubernetes service which simplifies running cloud-native applications. Together, they’re a great match for productive software development. In this article we’ll show you how to connect these two services together in a fast continuous delivery pipeline.

What we’re building

We’ll use a Ruby Sinatra microservice which exposes a few HTTP endpoints and includes a test suite. We’ll package it with Docker and deploy to DigitalOcean Kubernetes. The CI/CD pipeline will fully automate the following tasks:

• Install project dependencies,…

A mysteriously broken test suite

The other day I ran my test suite and discovered that nine of my tests were suddenly and mysteriously broken. These tests were all related to the same feature: a physician search field that hits something called the NPPES NPI Registry, a public API.

My first thought was: is something wrong with the API? I visited the NPI Registry site and, sure enough, I got a 500 error when I clicked the link to their API URL. The API appeared to be broken. This was a Sunday so I didn’t necessarily the NPI API maintainers to fix it speedily. I decided to just ignore these nine specific tests for the time being.

By mid-Monday, to my surprise, my tests were still broken and…

Using strong parameters in Ruby on Rails applications to allow permitted values is usually not enough. Taking care of validating allowed values to make our applications is also important to make them more secure and less error-prone. To handle the validation properly we can write custom solution(s) or use handy gems like apipie-rails.

The post Why don’t we validate controller parameters? appeared first on frontdeveloper.pl.

Conferences 'n' Camps

What's News? What's Upcoming in 2019?

RubyConf Taiwan
Jul/26+27 (2d) Fri+Sat @ Taipei, Taiwan • (Updates)

See all Conferences 'n' Camps in 2019».

Sarah Withee is a polyglot software engineer, public speaker, and mentor located in Pittsburgh, PA. As the Director of Programming for Abstractions, a multi-disciplinary conference with an open CFP, Sarah offered advice for potential speakers and shared her thoughts on being a generalist.

Links for this episode:

• Abstractions CFP
  
• How to come up with conference proposal ideas
  
• Sarah's Site
  
• global diversity CFP day
  
• Sarah on Twitter (@geekygirlsarah)
  
• Abstractions on Twitter (@abstractionscon)
  
• Episode Introduction and Outro by Michael Springer
  
• Episode Music: "Funkorama" by Kevin MacLeod
  

Brought to you by:

• Blockstack The Blockstack ecosystem is hard at work to provide better, safer, user-owned apps. Ruby…

This blog is part of our Rails 6 series. Rails 6.0.0.beta2 was recently released.

When an enum attribute is defined on a model, Rails adds some default scopes to filter records based on values of enum on enum field.

Here is how enum scope can be used.

class Post < ActiveRecord::Base
  enum status: %i[drafted active trashed]
end

Post.drafted # => where(status: :drafted)
Post.active  # => where(status: :active)

In Rails 6, negative scopes are added on the enum values.

As mentioned by DHH in the pull request,

these negative scopes are convenient when you want to disallow access in controllers

Here is how they can be used.

class Post < ActiveRecord::Base
  enum status: %i[drafted…

Sponsors:

• Sentry– use the code “devchat” for $100 credit

Host: Charles Max Wood

Guest: Josh Justice

Stickers are now live on Drifting Ruby! You can visit your account or sign up for one to see what stickers are available. Stickers are a way for tracking progress throughout Drifting Ruby.

We will be adding various kinds of stickers in the future, but started off with some basic ones. Any suggestions are welcome if you’d like to see one added.

Why Stickers?

I’ve always enjoyed playing games and sites that have this kind of functionality. One notable site is Stack Overflow with their Badges. Some time ago, I played World of Warcraft and they had Achievements. Working towards something was always fun and wanted to bring the same kind of fun to Drifting Ruby.

Why the name?

I like to see how software reacts when I step off the happy path and make a mistake. Today I found this interesting difference with an unknown (or misspelled) command line option: "--derp": https://gist.github.com/dogweather/aac2dce97936484e765c04105ef6fa06 https://gist.github.com/dogweather/937420a48708ee36f3d0268161d61b80 An interesting difference! Personally, Django is reacting like I'd expect. And so for me it's following the principle of least … Continue reading Making mistakes: Django startproject and Rails new →

Last week I gave a talk at Melbourne Ruby involving some card tricks and Ruby trickery.

The talk is up on Youtube:

I do some card tricks for about 10 minutes, and then some Ruby tricks. I won't reveal how I did the card tricks in this blog post, but I will reveal how I did the Ruby tricks.

The Ruby trickery starts at about the 9m30s mark in that video. You can see the code for most of these tricks at radar/trickery on GitHub.

In this post, I'll cover all the tricks I had planned for the talk, not just the ones I showed off.

Please, do not use any code in this blog post in production systems. It can case weird behaviour. Especially the one involving JavaScript sorting.

The point of…

• Ruby can be weird. Don’t take my word for it. Instead, read this cool post called, well, Weird Ruby. A have already knew quite the few of things listed there, but still some blew my mind.
• Moving from Ruby to Rust is… Wait. Am I including a post about abandoning Ruby in a Ruby newsletter?! Kind of. But I prefer to see this post as an introduction to offloading your performance-critical code to a better performing language (Rust in this case) and call it from you Ruby code. Unlike many similar intruductory posts, Deliveroo actually did it in production and share their experience.
• dry-validation is one of most recognizable project from dry-rb team. It is going through quite a rewrite at…

Are you a meetup wallflower? Believe it or not, so am I.

Jessica Kerr isn't, though. She's one of the most vibrantly social developers I know. The other day I asked her: what are some ways to get over awkwardness and make valuable connections at tech events? We recorded the conversation, and you can watch it right here. Or, you can get an enhanced version with edited video, audio downloads, and a PDF below.

Debugging is an important skill to develop as you work your way up to more complex projects. Seasoned engineers have a sixth sense for squashing bugs and have built up an impressive collection of tools that help them diagnose and fix bugs.

I'm a member of Heroku’s Ruby team and creator of CodeTriage and today we’ll look at the tools that I used on a journey to fix a gnarly bug in Sprockets. Sprockets is an asset packaging system written in Ruby that lies at the heart of Rails’ asset processing pipeline.

At the end of the post, you will know how Sprockets works and how to debug in Ruby.

Unexpected Behavior in Sprockets

Sprockets gives developers a convenient way to compile, minify,…

This blog is part of our Ruby 2.6 series. Ruby 2.6.0 was released on Dec 25, 2018.

What is JIT?

JIT stands for Just-In-Time compiler. It converts repeatedly used code to bytecode which can be sent to processor directly hence saving time of compiling same piece of code again and again.

Ruby 2.6

MJIT is introduced in Ruby 2.6. It is most commonly known as MRI JIT or Method Based JIT.

It’s part of Ruby 3x3 project that was started by Matz. The name was to signify that Ruby 3.0 will be 3 times faster than Ruby 2.0 and it focused mainly on performance. Apart from performance it also aims for following things.

1. Portability
2. Stability
3. Security

MJIT is still in development and hence…

Ruby is not only a fun language, it also comes with an excellent standard library. Some of which are not that known, and are almost hidden Gems. Today guest writer Michael Kohl highlights a favorite: Stringscanner.

Ruby's hidden Gems: StringScanner

One can get quite far without having to resort to installing third party gems, from data structures like OpenStruct and Set over CSV parsing to benchmarking. However, there are some less well-known libraries available in Ruby's standard installation that can be very useful, one of which is StringScanner which according to the documentation "provides lexical scanning operations on a string".

Scanning and parsing

So what does "lexical scanning"…

Sponsors

• Sentry use the code “devchat” for $100 credit
• Triplebyte
• CacheFly

Panel

• Andrew Mason
• Eric Berry
• Dave Kimura
• Charles Max Wood

Joined by special guest: Maciej Mensfeld

Episode Summary

In this episode of Ruby Rogues, the panelists talk with Maciej Mensfeld, Senior Software Engineer at Castle Intelligence and the creator of the Karafka framework. Maciej explains to listeners the Karafka and Kafka frameworks and their advantages, the differences between Karafka and gems like DeliveryBoy and Racecar, certain use cases where Kafka can be used efficiently such as for fast data processing (messages at the rate of 50k per second), normalizing the request stream, buffering…

Using domain events in DDD make it easier to tackle complex workflows. If we are working in a monolith infrastructure, it may cause our event store to have thousands handlers and running all of them in test environment is short way for long test suites. However, there’s a trick which may allow you to increase the speed of your test suite by disabling unnecessary handlers.

The idea is to reinstantiate an event store configuration before each test. Developer will have the control over what will and what will not be run from the test file, by using rspec test metadata feature. You can probably find respective features in other testing frameworks as well.

But let’s start with the basics. If…

RubyGems 2.7.9 includes security fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Security fixes:

• Fixed following vulnerabilities:
  • CVE-2019-8320: Delete directory using symlink when decompressing tar
  • CVE-2019-8321: Escape sequence injection vulnerability in verbose
  • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
  • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  • CVE-2019-8324: Installing a malicious gem may lead to…

SHA256 Checksums:

• rubygems-2.7.9.tgz
  8fa1c95d0c6a1c601860a65a71664c84b01b62f9ecd95e7f34f98fd5330cd6ce
• rubygems-2.7.9.zip
  6d5043f8b1d8fb5b95c066df7820aaa215a7572eefbb7d…

RubyGems 3.0.3 includes security fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Security fixes:

• Fixed following vulnerabilities:
  • CVE-2019-8320: Delete directory using symlink when decompressing tar
  • CVE-2019-8321: Escape sequence injection vulnerability in verbose
  • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
  • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  • CVE-2019-8324: Installing a malicious gem may lead to…

SHA256 Checksums:

• rubygems-3.0.3.tgz
  cba8455df50588dedff3a2daa0d991b6b233aa155d23d82c829968abc169a5f8
• rubygems-3.0.3.zip
  6eec823241e933ae8edffea77416ca54400c14589cb546…

Today we’re disclosing several vulnerablities to RubyGems. They have all been reported via hackerone.

We strongly recommend to upgrade the latest stable version of RubyGems 3.0.3 or 2.7.8. If you can’t upgrade RubyGems 2.7 or 3.0, please use this patch for RubyGems 2.6.

CVE-2019-8320: Delete directory using symlink when decompressing tar

Description

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user’s…

There are multiple vulnerabilities in RubyGems bundled with Ruby. It is reported at the official blog of RubyGems.

Details

The following vulnerabilities have been reported.

• CVE-2019-8320: Delete directory using symlink when decompressing tar
• CVE-2019-8321: Escape sequence injection vulnerability in verbose
• CVE-2019-8322: Escape sequence injection vulnerability in gem owner
• CVE-2019-8323: Escape sequence injection vulnerability in API response handling
• CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
• CVE-2019-8325: Escape sequence injection vulnerability in errors

It is strongly recommended for Ruby users to take one of the following…

Hello Friends,

First off, sorry if you got another duplicate SIGAVDI from last week. Drip's RSS-to-email service apparently doesn't keep track of the IDs of posts it has already syndicated.

Let's start with a picture of a flower before I get cranky.

Last week I tried to get started with AWS Lambda. It did not go well. I did a lot of cursing on Twitter and on stream.

The AWS developer experience is straight-up awful, and it's a wonder to me that anyone tolerates it. It's reminiscent of J2EE a couple decades ago, in that there is a lot of totally unnecessary ceremony, but it's “the standard” so everyone assumes that this is just the way it has to be.

Now there is a devoted technical…

Did you know that the Ruby interpreter has lots of interesting & useful command-line options? Like: ruby -v Which gives you the Ruby version you are using right now. Or the -e flag which allows you to run a bit of code directly, without a file & without having to go into irb. Like this: […]

The post Ruby’s Many CLI Option Flags & How To Use Them appeared first on RubyGuides. Don't miss your free gift here :)

Red Hat developer advocate Michael Hausenblas is on the road 70 percent of his time — yet he managed to carve out some time to speak to us about what ills cloud native and what to do about it. Hint: aligning the Dev with the Ops inside organizations can go a long way in solving many deployment issues.

You’re a developer advocate at Red Hat and a Cloud Native ambassador. You’ve also authored a couple of books on Kubernetes/DevOps practices in general, and you hold a Ph.D. in computer science. How do you combine the knowledge-sharing and community-focus part of your activities with the practical/technical aspects of your job?

At the end of the day, it all boils down to communicating…

At Culture Amp, we kicked off the latest round of our Junior Engineering Program (JEP) about 8 weeks ago. We hired 9 junior developers all of varying levels of past experience and set about teaching them the foundational skills they need to be productive members of our product teams.

In this post, I want to take the time to reflect on what we've accomplished during those 8 weeks, and to note down my own personal reflections.

The new program

Before the juniors started, I spent a large amount of my time reviewing the curriculum from the last JEP. I talked about this in my last JEP post. On (or around) that topic I want to speak about a few things:

• Expectation setting
• The tech that we…

Why hello there! Tim here bringing you all the latest and greatest from This Week In Rails.

Negative scopes for enum values

Some sugar around enum values allows you to make negative scopes such as

Post.not_drafted # => where.not(status: :drafted)

New method: reselect

Allows you to change a previously set select statement in the same manner to rewhere and reorder, e.g.

Post.select(:title, :body).reselect(:created_at)

#size fixed when using SELECT DISTINCT

#size_ would ignore the DISTINCT in the select, giving a different result to #count. This is now fixed!

Active Storage’s _blob loading fixed

If you attached a has_one_attachment attachment, you may have found that the…

In June 2018 users started reporting slack-side disconnects in their Ruby bots, reported via slack-ruby-client#208, regardless of the concurrency library (Eventmachine or Celluloid) used. I was already observing this behavior in my larger production bots, especially playplay.io with hundreds of teams.

Because this was a new behavior I assumed that the client was not seeing or handling some new type of communication error correctly at the websocket library layer. This has been an issue before, and in the case of Celluloid, IO exceptions had to be handled by emitting a :close event here. That is, the websocket library was seeing a problem and raising an exception, but the client didn’t…

Jan Krutisch is a software developer from Hamburg, Germany and the cofounder of Depfu.com, a service that helps teams to keep their dependencies up to date. Jan and Brittany discuss dependency management, publishing and marketing tools to developers.

Links for this episode:

• Depfu with 5 by 5 Promotion
  
• Jan on Mastodon
  
• Episode Introduction and Outro by Michael Springer
  
• Episode Music: "Funkorama" by Kevin MacLeod
  

Being a Javascript developer and, more specific, using React as my main Front End Framework, one of the most common phrases that I hear when I join a project is “Let’s use React!”.

Even though React is really useful in lots of cases, it shouldn’t be your first option when developing your Front End.

However, if you are one of those people that wants to include this awesome technology in your already amazing application, you can do it without a lot of troubles and keep most of the logic you already have and just include React in those small parts that really needs it and let it bring those shines and sparkles that everyone talks about.

Honestly, start using React on you Rails app is like a…

Rails Girls - Get started with tech.

Our aim is to give tools and a community for women to understand technology and to build their ideas. We do this by providing a great experience on building things and by making technology more approachable.

Learn sketching, prototyping, basic programming and get introduced to the world of technology. Rails Girls was born in Finland, but is nowadays a global, non-profit volunteer community.

Links:

• Event page: https://www.facebook.com/events/594087341069509
• Registration form: Rails Girls Lviv 2019