Rubyland

What this post covers

In this post I’m going to show what could be considered a “hello world” of Ansible + AWS, using Ansible to launch an EC2 instance.

Aside from the time required to set up an AWS account and install Ansible, you should be able to get your EC2 instance running in 20 minutes or less.

Why Ansible + AWS for Rails hosting?

AWS vs. Heroku

For hosting Rails applications, the service I’ve reached for the most in the past is Heroku.

Unfortunately it’s not always possible or desirable to use Heroku. Heroku can get expensive at scale. There are also sometimes legal barriers due to e.g. HIPAA.

So, for whatever reason, AWS is sometimes a more viable option than Herokou.

The…

Mean Time Between Failures experienced by end-users. The higher the time, the more reliable the system.

The post MTBF (Mean Time Between Failures) appeared first on frontdeveloper.pl.

Learn how to secure your Ruby on Rails application from the inside-out following the complete list of Ruby on Rails Security Best Practices and Measures.

The post 70+ Ruby on Rails Security Best Practices & Vulnerabilities appeared first on Hix on Rails.

A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby.

Details

When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with size and buffer arguments, they initially resize the buffer to the specified size. In cases where the operation would block, they return without copying any data. Thus, the buffer string will now include arbitrary data from the heap. This may expose possibly sensitive data from the interpreter.

This issue is exploitable only on Linux. This issue had been since Ruby 2.5.0; 2.4 series is not vulnerable.

Affected versions

• Rub…

Ruby 2.4.10 has been released.

This release includes a security fix. Please check the topics below for details.

• CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix)

Ruby 2.4 is now under the state of the security maintenance phase, until the end of March of 2020. After that date, maintenance of Ruby 2.4 will be ended. Thus, this release would be the last of Ruby 2.4 series. We recommend you immediately upgrade Ruby to newer versions, such as 2.7 or 2.6 or 2.5.

Download

• https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.10.tar.bz2

  SIZE: 12513799
  SHA1: 96737b609f4a82f8696669a17017a46f3bd07549
  SHA256:…

Ruby 2.5.8 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix)
• CVE-2020-10933: Heap exposure vulnerability in the socket library

See the commit logs for details.

Download

• https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.8.tar.bz2

  SIZE: 13801410
  SHA1: 823b6b009a6e44fef27d2dacb069067fe355d5d8
  SHA256: 41fc93731ad3f3aa597d657f77ed68fa86b5e93c04dfbf7e542a8780702233f0
  SHA512: 037a5a0510d50b4da85f081d934b07bd6e1c9b5a1ab9b069b3d6eb131ee811351cf02b61988dda7d7aa248aec91612a58d00929d342f0b19ddd7302712caec58
  

• https://cache.ruby-lang.org/pub…

Ruby 2.6.6 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix)
• CVE-2020-10933: Heap exposure vulnerability in the socket library

See the commit logs for details.

Download

• https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.6.tar.bz2

  SIZE: 14137163
  SHA1: 62adcc4c465a8790b3df87860551e7ad7d84f23d
  SHA256: f08b779079ecd1498e6a2548c39a86144c6c784dcec6f7e8a93208682eb8306e
  SHA512: 001851cf55c4529287ca7cc132afc8c7af4293cdef71feb1922da4901ece255ec453d7697b102a9a90aef2a048fe3d09017ea9378ab4a4df998c21ec3890cdbb
  

• https://cache.ruby-lang.org/pub…

Ruby 2.7.1 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix)
• CVE-2020-10933: Heap exposure vulnerability in the socket library

See the commit logs for details.

Download

• https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.1.tar.bz2

  SIZE: 14684616
  SHA1: e83a084a4329e1e3f55591bf5ac0c8ebed6444b3
  SHA256: d703d58a67e7ed822d6e4a6ea9e44255f689a5b6ea6752d17e8d031849822202
  SHA512: 4af568f5210379239531dbc54d35739f6ff7ab1d7ffcafc54fed2afeb2b30450d2df386504edf96a494465b3f5fd90cb030974668aa7a1fde5a6b042ea9ca858
  

• https://cache.ruby-lang.org/pub…

We make the biggest decisions when we have the least knowledge. Note to myself: Try to chose flexible solutions and be open to adjust them when you know more about the project.

The post The Project Paradox appeared first on frontdeveloper.pl.

When I was a child, I lived with my parents in the woods. We had an old-fashioned hand-dug well, the kind from storybooks that looks like a big hole in the ground lined with stacked stones. In summer, if there was a drought, the well would sometimes run dry.

There was another well in a neighboring field. It was deeper, or perhaps just in a better spot, and it would often still have water when our own well was dry. So my mother and I would take a cart filled with water vessels, and trek across the field.

On these excursions, my mother would carry with her a one-gallon jug already filled with water. Because the well in the field was an old-fashioned hand-pump that had to be primed.…

In this episode Andy and I talk about learning Rails, Tailwind CSS, graphic design, usability testing, entrepreneurial mistakes, and more.

• Hello Rails
• Andy Leverenz on Twitter
• Spaceship ZSH theme

JavaScript Remote Conf 2020

May 14th to 15th - register now!
 

We talk with Vladimir Dementyev about Ruby Next, its use cases and why you might want to get features from newer versions of Ruby in your current version

Panel

• Dave Kimura
• John Epperson
• Tom Rossi

Guest

• Vladimir Dementyev

____________________________________________________________

"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!

____________________________________________________________

Picks

Dave Kimura:

• brew install ctop
• Illustration Gallery by ManyPixels | Open-Source Editable Illustrations

John Epperson:

• Powerball

…

Keep it simple stupid. Note to myself: Most systems work best if they are simple.  Simplicity is a goal. Unnecessary complexity should be avoided.

The post KISS appeared first on frontdeveloper.pl.

Always leave the campground cleaner than you found it. Note to myself: Continuous improvement is the way to learn and improve (Kaizen). Always try to find time for some refactoring or small improvements.

The post The Boy Scout Rule appeared first on frontdeveloper.pl.

The number of team members who, if run over by a bus, would put the project in danger. Note to myself: Share knowledge by writing, conducting brown bags or light talks.

The post Bus Factor appeared first on frontdeveloper.pl.

sudo dmesg diagnostic message, prints the message buffer of the kernel.

The post dmesg appeared first on frontdeveloper.pl.

Basic Input/Output System. Allows to send signals to hardware before operating system is running.

The post BIOS appeared first on frontdeveloper.pl.

find / -name "script.sh" to find a file or a directory.

The post find appeared first on frontdeveloper.pl.

It it impossible in a distributed data store to guarantee more than two out of the following three guarantees: Consistency aka every reader receives the most recent write or an error. Availability aka every reader receives a response without the guarantee that it contains the most recent write. Partition tolerance aka a system continues to

The post CAP theorem appeared first on frontdeveloper.pl.

A summary of Your first 90 days as CTO by Will Lethain. Definitions of CTO and VP of Engineering differ across companies. Priorities for a brand new CTO vary; different priorities for a startup versus a mature company. Priorities and goals To figure them out Will defined some questions to ask yourself: How does the

The post Your first 90 days as CTO (article summary) appeared first on frontdeveloper.pl.

Command Query Responsibility Segregation pattern. This pattern has the following benefits: Supports multiple denormalized views that are scalable and performant Improved separation of concerns = simpler command and query models Necessary in an event sourced architecture and the following drawbacks: Increased complexity Potential code duplication Replication lag/eventually consistent views Note to myself: Try to implement

The post CQRS appeared first on frontdeveloper.pl.

Mean Time To Recovery measures how long it takes to fix a bug or an outage, either through a rollback or another action. There are also: Mean Time To Repair, Mean Time To Respond, Mean Time to Resolve. Note to myself: The metrics should be as low as possible. Having effective monitoring and alerting systems

The post MTTR (Mean Time To Recovery) appeared first on frontdeveloper.pl.

In this week's episode, Chris shares details about his new greenfield project, implementing static pages with high voltage, opting for just-in-time architecture decisions and working with various admin libraries. Steph discusses various ways to advocate for change across larger engineering teams, recognizing when it's important to push for change vs letting go of strong opinions, and how to gain buy-in from your team.

Enroll in our free online-workshop on going remote Being Human in the Absence of Humans: A Live Q&A for Product Teams

• Rock & Roll with Ember.js
• suspenders
• high voltage
• active admin
• rails admin
• administrate
• dependabot
• thoughtbot guides

The term was introduced by Martin Fowler. Build with an intention to rebuild when the time comes. It’s like throw-away prototypes, only in production. When your business grows, you may have to throw away some or all of your previous code base (as eBay did, twice). This does not mean that the previous solutions were

The post Sacrifical architecture appeared first on frontdeveloper.pl.

Photo by Glen Carrie

The Virus

I had read a lot about plagues and pandemics years back wondering how and why these viruses spring up, wreak havoc and then just vanish into thin air! I realised these outbreaks were periodic, spanning several months if not years. Little did I know, that my generation would be living through one. Another question I pondered was if these pandemics are cyclic, why haven’t we in the 21st century, with all the advancements in technology and medicine, learned anything about how to prevent these epidemics and pandemics, most of which are endemic? Perhaps we aren’t the most intelligent species in the universe after all.

I’m deeply saddened and brokenhearted by how…

In an earlier post, we explained the addition and usage of ActiveRecord::Relation#pick method. In essence, ActiveRecord::Relation#pick allows picking the first value from the named column in the relation.

Taking forward the implementation, Rails has added a change which allows ActiveRecord::Relation#pick to use already loaded results. Before the change, it used to make a query to the database even when the results were already loaded. This change is along the same lines of ActiveRecord#pluck implementation, where it uses already loaded results when available.

In Rails 6

books = Book.where(published: true).order(:published_at).limit(5).load

# SELECT  "books".* FROM "books"
# WHERE…

Hello friends,

It’s been another couple weeks of hunkering down with Jess & family in St. Louis. It turns out the way I deal with social distancing is to buckle down and work really hard. When all this is over I may need to impose periodic “productivity quarantines” on myself to match this level of output.

What’s good

• Martin Fowler: How to do effective video calls.
• Henrik Nyh on conversational implicature in testing. Aka how to write tests that don’t say too much.
• Jessica Kerr on why complication isn’t the enemy.
• Martin Fowler (and friends) again, with an excellent article on why business value needs to be treated as an architectural…

What’s new

• New freebie from the RubyTapas archives: Using strings to build up command lines for execution is error-prone and potentially insecure. Check out why Ruby's %W…

Actually, problems only get solved because people roll up their sleeves and do shit, and government is the collective coordinating apparatus that helps us know what shit needs to get done and who needs to do it.

Current Affairs, Everything has changed overnight, via @AnnieGal@mastodon.social

Have you seen this console error while trying to adopt Webpack?

Uncaught TypeError: $(...).myJqueryPlugin is not a function

Assuming you installed it correctly, there could be a few explanations. In this post, we'll look one possible reason: with Webpack, your jQuery plugin might not need jQuery.

Subscribe to my newsletter to learn more about using Webpack with Rails.

Example: the Flickity plugin

To take advantage of this distinction, more plugins are being written without the assumption of jQuery as a dependency, but with the ability to use a plugin to support (what's becoming) the legacy pattern.

Here's an example. The…

Follow the less-known path of the Rails Way to the Ruby on Rails Hidden Goodies by learning what they are and how to implement them in your Rails workflow.

The post Ruby on Rails Hidden Goodies You Gotta Know About appeared first on Hix on Rails.

The problem with infinitely flexible building blocks is that there are always a half-dozen well-documented ways to do things wrong.

I wanted my AWS Lambda app (I refuse to call it a “function” because it isn’t) to get the third-party API keys it needs from environment variables. Not from hardcoded strings or config files.

The most immediately accessible way to set up env vars for a Lambda is via the AWS console. But that’s not a reproducible, versionable workflow I can capture in my project.

Searching for info on setting up environment variables in a SAM-based AWS Lambda app turns up a lot of results. It seems you can set variables in the SAM config in template.yaml.

Resources:
…

Our Early Access Program is coming to an end, and we’re happy to announce that RubyMine 2020.1 Beta 2 is now available! This build mostly polishes the new features for the upcoming v2020.1.

To catch up on what has already been implemented in v2020.1, check out our previous EAP blog posts. In this post, we’ll talk about a couple of improvements that we haven’t previously announced.

• Version control systems
  • New “Interactively Rebase from Here” dialog
  • Improved Branches popup
• Database tools
  • Query results in the editor
  • Database scripts in run configurations

Version control systems

New “Interactively Rebase from Here” dialog

Git allows you to edit your project history by performing the in…

DESCRIPTION

Erratas: - a letra da Apple na Bolsa é AAPL e não APPL como eu coloquei no video - me corrigiram que eu acho que falei errado uma hora. Esclarecendo, COVID-19 é a doença e o vírus é o Novo Corona Virus (é uma família de virus), acho que uma hora eu falo que o vírus é o COVID. - numa das telas de conta eu fiz um typo, o certo é (60.000 * 25% = 15.000) e não 5.000. - quando eu defino securitização eu não falei totalmente certo, melhor esclarecer: "O Akita é risco C de crédito e pega uma dívida de 12 meses, com parcelas de 1000 reais. A chance do Akita pagar as 6 primeiras parcelas é muito maior do que as 6 últimas. Dois investidores emprestaram a mesma quantia pro Akita, que…

DESCRIPTION

Esta é uma história de coincidências e erros que moldaram o mundo de programação como você conhece hoje e que possivelmente mudem completamente esse mesmo mundo.

Richard Stallman e James Gosling são dois gigantes da computação e as ações que eles tomaram colocaram em movimento uma série de eventos que culmina com o processo da Oracle contra o Google. Quem está certo?

Links:

• Richard Stallman - ILC 2002 (https://www.youtube.com/watch?v=4Jjhmc3Txv0)
• My Lisp Experiences and the Development of GNU Emacs (https://www.gnu.org/gnu/rms-lisp.en.html)
• Free Software: Freedom and Cooperation (https://www.gnu.org/philosophy/rms-nyu-2001-transcript.txt)
• James Gosling on Richard…

DESCRIPTION

Muita gente acha que é defensor do Software Livre, mas na realidade não é.

Pior ainda, por simplesmente só acreditar que está defendendo um movimento social, no final você está só defendendo o marketing de empresas e nem se dá conta disso. Nem é uma coisa completamente ruim, mas certamente não é o que sua crença diz.

Então hoje eu vou desmistificar o que é software livre, open source e como as grandes corporações te enganaram. A idéia não é ser um vídeo completo sobre o assunto, somente sobre os temas que eu acho mais importantes pra começar.

Links:

• Affero General Public License (https://en.wikipedia.org/wiki/Affero_General_Public_License)
• What is free software?…

DESCRIPTION

Faz anos que você ouve falar que "programar é fácil" ou "qualquer um consegue programar". Eu mesmo já disse coisas parecidas.

Hoje eu quero explicar porque na última década a programação alcançou esse status bizarro de "salvador da pátria" e porque os mercados estão num momento desproporcional de abundância, e o que isso pode significar pra sua carreira.

Warning: quem achou outros vídeos um "tapa na cara" ou "pedrada", entre neste com cuidado porque pode ser pior. Frágeis de ego: eu avisei.

SCRIPT

Olá pessoal, Fabio Akita

Esta semana, pra variar vou fazer um video mais curto que o normal, me preparando pra tentar fazer algo maior durante o Carnaval. O videozinho que…

DESCRIPTION

Continuando o episódio sobre Git, vamos encerrar o assunto hoje. Desta vez vai ser mais ou menos um tutorial mas nada do básico. Vamos ver o que a maioria dos tutoriais de iniciantes não cobre pra você conseguir manter um repositório limpo e bem organizado. Como manipular commits. Como reescrever o histórico.

E no final quero discutir rapidamente sobre o assunto de monorepos que o Google ou Facebook usam. E finalmente explicar porque o desenvolvimento da kernel do Linux, que foi de onde originou o Git, dificilmente poderia funcionar em plataformas como GitHub.

Links:

• Git: Squash your latests commits into one…

DESCRIPTION

Finalmente estou de volta depois de uns 2 meses de férias!

Pegando o gancho que eu deixei no primeiro episódio da série Começando aos 40, em Conhecimentos Gerais eu falei que era obrigatório saber sobre Git. Pois bem, finalmente consegui fazer um episódio pra cobrir esse assunto.

Porém, diferente de qualquer outro vídeo que daria um tutorial dos comandos básicos, eu não vou ensinar nenhum comando nem fluxo de trabalho. Em vez disso quero contar algumas histórias de como eu comecei a usar Git e o que me convenceu a insistir em usar mais de 10 anos atrás quando basicamente ninguém fora do projeto de desenvolvimento do kernel do Linux estava interessado.

Vamos mergulhar…

There are some really great guides for starting a new open source projects, yet when it comes to dealing with a possibly abandoned, unmaintained project, there is no definitive guide for users, contributors, or maintainers.

I hope that this can be a useful guide for our community.

Problem

When do you declare that an open source project has been abandoned? How many days have to go by until you start maintaining your own fork? What's the standard for communicating with maintainers, contributors, and users? How do you avoid n competing OSS forks of popular projects? How do you avoid duplicated work by people who want to maintain popular, but unmaintained OSS projects? What's the best way to…

Philip Poots is the VP of Engineering at ClubCollect, a FinTech startup in Amsterdam. He is a Pareto product programmer, remote advocate and a self proclaimed dilettante. His recent talk, "Rediscovering Ruby" was a big point of discusssion between Brittany and him.

Links for this episode:

• ClubCollect - have a financially healthy organisation
  
• Understanding the Pareto Principle (The 80/20 Rule)
  
• Deep Work - Cal Newport
  
• pootsbook (Philip Poots) · GitHub
  
• Phil's Blog | Crossing the Rubicon
  
• Episode Music by Kevin MacLeod
  
• Episode Introduction and Outro by Michael Springer
  

Brought to you by:

ExpressVPN

ExpressVPN protects your privacy and security online but you can also use ExpressVPN to unlock movies…

Learn all there is to know about Ruby on Rails Application Monitoring tools, services and audits - take your Ruby on Rails maintenance to the next level.

The post 40+ Ruby on Rails Application Monitoring Tools [2020] appeared first on Hix on Rails.

Conferences 'n' Camps

What's News? What's Upcoming in 2020?

CANCELED! - RubyConf Thailand (TH)
Oct/16+17 (2d) Fri+Sat @ Bangkok, Thailand • (Updates)

See all Conferences 'n' Camps in 2020».

The JRuby community is pleased to announce the release of JRuby 9.2.11.1

• Homepage: http://www.jruby.org/
• Download: http://www.jruby.org/download

JRuby 9.2.x is compatible with Ruby 2.5.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below. All users are encouraged to upgrade.

As we are actively working on 9.3.0.0 we decided to put out a mini release which fixes a single issue.

• sprintf substring string formatting with precision may expose characters (#6137)

If you format a string using a precision specifier (e.g. %.1s) AND you pass in a substring of a larger string, you may see some of the larger string’s…

When writing an application, one of the major issues you have to think about is how the application will be shared with the rest of the world.

One common approach has been to launch on Heroku. It's easy to set up and is fully managed. But, it's also common for teams to drop Heroku later. As their traffic grows, Heroku becomes too expensive and inflexible.

What if it were possible to deploy a new application with Heroku-like ease without giving up the flexibility and cost-savings that you get from a more general-purpose platform like AWS? It is possible, using Elastic Beanstalk -- a service from AWS.

In this article, I'm going to walk you through setting up a Rails 6 application and…

Webpacker 5.0.1 was released yesterday. The previous release of Webpacker happened in December 2019 which was version 4.2.2. As 5.0 is a major version bump, I decided to see what are the changes from the 4.x series and the 5.x series.

Minimum node version

Minimum node version for Webpacker is now updated to 10.13.0 from 8.16.0. This means that to use Webpacker, we have to use Node 10.13.0 or above. Node 8 is no longer maintained so this change changes the minimum node version to the next active node version which is 10.x.

How does it affect us?

On Heroku, Node version 10.x, 11.x and 12.x are supported so we don't have to change anything.

If we are using Node 8 locally or on your deployment…

00:57 - Eric’s Superpower: The Ability To Explain Things In A Way That Makes Sense To Most People

02:37 - Legacy Capability Of The Web

• Web Technologies Are Long Term
• Frameworks
• Lynx
• Y2K

11:30 - Creating Long Term Within Frameworks

• Static Can Be Good

15:50 - Ethical Dimensions

• RAINN
• Information Accessible As Widely As Possible
• Long Term vs. Short Term Code

20:50 - Longevity Of The Web

23:11 - Edge Cases - Stress Cases

• Evan Hensleigh @futuraprime
• Design For Real Life

25:44 - Make Everything Accessible To The Most People

• Diverse Teams Are Stronger
• Making Assumptions
• Write People Off Explicitly

44:00 - Design For Real Life

• Challenging Team Assumptions
• The…

When you look up AWS Lambda tutorials they usually walk you through using the web console to roll out a function-as-a-service. This is a nice parlor trick, but it doesn't help you do real work on Lambda because it's not reproducible. Until Github Actions can include “click 150 different things on console.aws.amazon.com”, reproducible builds means writing code on a developer machine, and making use of code-as-config and command-line tools to build and deploy.

So yesterday I took another crack at learning AWS SAM (Serverless Application Model), which is a command-line-and-config-files abstraction layer on top of AWS CloudFormation.

As is my habit these days, I put my experimental…

As mentioned in the title *_previously_changed? accepts :from and :to keyword arguments like *_changed?. So before understanding what previously_changed? does let’s understand how changed? functions.

car = Car.new
car.changed?                                      # => false
car.company = "Tesla"
car.changed?                                      # => true
car.company_changed?                              # => true
car.company_changed?(from: nil, to: "Tesla")      # => true

As described in the API documentation changed? returns true if any of the attributes has unsaved changes, false otherwise. So when we create a new Car instance and check if it’s value has changed? it will return false…

You will hardly find a Ruby developer who hasn’t heard about RuboCop, the Ruby linter and formatter. And still, it is not that hard to find a project where code style is not enforced. Usually, these are large, mature codebases, often successful ones. Fixing linting and formatting can be a challenge if it wasn’t set up correctly from the get-go. So, your RuboCop sees red! Here’s how to fix it.

Disclaimer: This article is being regularly updated with the best recommendations up to date; take a look at a Changelog section.

In this post, I will show you how we at Evil Martians touch up codebases of our customers in 2020: from…

Me and Mike start with a detailed discussion of how systemd and systemctl work in Linux, then transition into server infrastructure in general, then finally we talk about the business side of Sidekiq.

• Sidekiq
• Derry Girls

Being remote means you don’t always have face-to-face contact with your customers, with the domain experts, or with the right people who know how the business you’re trying to model works.

This must not be an excuse to skip the modeling part. It is even more important to have a good shared understanding of the domain and the problem you try to solve, to build & use the ubiquitous language.

Start with shared document

You don’t need any special knowledge, you don’t need to read books, you don’t need to take courses. Just start collaborating with the right people, the people who know the business or the people who have experience with old systems. Start by asking questions and by actually…

Programming things such as recurring events or events with dates that depend on each other are not the easiest thing a developer can set out to do.

If you’ve ever worked with a calendar or scheduling application, you might have found yourself calculating a set of dates and saving them to your database, or scheduling a bunch of background jobs to run at given times. You might have also prayed for those dates you calculated and scheduled never to change because it’s hard to wrap your head around what will happen if you try to update them.

In this article, I suggest an alternative approach that delegates all the hard work to the database. It uses Ruby on Rails as the example web framework,…

Two kinds of multi-step forms

The creation of multi-step forms is a relatively common challenge faced in Rails programming (and probably in web development in general of course). Unlike regular CRUD interfaces, there’s not a prescribed “Rails Way” to do multi-step forms. This, plus the fact that multi-step forms are often inherently complicated, can make them a challenge.

Following is an explanation of I do multi-step forms. First, it’s helpful to understand that there are two types of them. There’s an easy kind and a hard kind.

After I explain what the easy kind and the hard kind of multi-step forms are, I’ll show an illustration of the hard kind.

The easy kind

The easy kind of multi-step…

I’ve spent a good part of last year collaborating with different teams at work on the theme of scaling our MySQL stack to the next level. For background, like many other companies founded in the mid-2000s (Facebook, YouTube, GitHub, Basecamp), Shopify is a MySQL shop. We’ve invested a lot into our tooling to manage and scale MySQL, and lately, it’s been time to invest in improving ways how applications interact with MySQL.

Accounting for all my learnings, I decided to commit not just for a single post about it, but to a series of at least three posts about scaling MySQL stack. As always, follow me on Twitter to be the first to read them.

This post is the first in the series, and it will…

Joseph Goguen authored Algabraic Semantics of Imperative Programs, and was professor of computing systems at Oxford. Given those credentials, one might expect him to have been  firmly on the “formal methods” side of programming language research. But in an essay in Software Development and Reality Construction entitled “Denial of Error“,  he wrote this:

In proposing methodologies to guarantee the absence of error, we deny the incredible richness of our own experience, in which confusion and error are often the seeds of creation; in this way, we limit our own creativity.

Edsger Dijkstra was one of the principle instigators of the “formal methods” and school of thought.…

Here are some Git workflow anti-patterns I’ve observed in my career. This is not meant to be an exhaustive list. These are just some of the common ones I’ve come across.

And as a side note: I firmly believe that the workflows I describe in the post are the best way to do things most of the time, but at the same time I know that there’s almost never a right answer that applies to everything all the time. For example, what’s appropriate for a 20-person team isn’t appropriate for a solo developer. Keep that in mind as you’re reading.

Now let’s get into the anti-patterns.

Long-lived feature branches

I don’t like feature branches to last for more than a few days. The longer a branch lives, the…

Automating away your library release process because you find it boring and tedious is the worst thing you can do. People rely on your releases to be meaningful, have meaningful version numbers, and meaningful release notes. Yes, these take time. But your releases are when your users are reminded that you exist. At other times, your library is just quietly doing its thing. Releases are when your users take notice. They want to read your change log, look at the version number to see if they need to pay attention. You’re in the spotlight. This is your performance. Give your releases some love.

RubyMine 2020.1 has hit Beta! In this post, you’ll learn about several new features that are available in this version.

• Commit tool window & Commit dialog
• Install Git from the IDE
• Split terminal sessions vertically/horizontally
• More flexibility when sharing run configurations
• Auto-import of settings

Commit tool window & Commit dialog

RubyMine 2020.1 introduces the Commit Tool Window as an alternative to the Commit Dialog. You can switch between them in Preferences / Settings | Version Control | Commit Dialog with the checkbox called Commit from local changes without showing the Commit dialog.

The new tool window incorporates the Local Changes and Shelf tabs. This tool window covers all…

Hello friends,

It’s been a weird week for all of us, I think. I don’t have a lot more to say about that, so I’m just going to proceed forward as usual.

Update

I accidentally posted the wrong shas for the 5.2.4.2 release in the original version of this post. I’ve updated the post to reflect the correct information.

Hi everyone,

HAPPY THURSDAY EVERYONE!!!!

I am pleased to announce that Rails 6.0.2.2 and 5.2.4.2 have been released. This release contains a security fix for CVE-2020-5267. You can find out more about the issue here.

For ease of upgrade, these releases only contain one patch which addresses the security issue.

If you would like to see the full list of changes, you can check out all of the commits on GitHub.

• Here are all the changes for 6.0.2.2.
• Here are all the changes for 5.2.4.2.

SHA-256

If you’d like to…

At Ombu Labs we have many values that have been key to our success. This is an article about five core values that differentiate our company from the rest.

Every team member is expected to follow these values, especially when things get tough. This is a living document: It's open source and open to enhancements by design. We have been tweaking these values ever since I started the company.

Team First

We can't run a successful consultancy if we don’t value and respect every team member. We don't want people who "live to work". Workaholism is toxic and it leads to burnout. We strive to maintain a healthy work/life balance, to "work to live" a great life, and to grow as professionals…

There is an unsafe object creation vulnerability in the json gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2020-10663. We strongly recommend upgrading the json gem.

Details

When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.

This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parse(user_input), but didn’t address some other styles of JSON parsing including JSON(user_input) and JSON.parse(user_input, nil).

See CVE-2013-0269 in detail. Note that the issue was exploitable to cause a Denial of Service by…

Andy Croll is CTO at CoverageBook & AnswerThePublic, Rubyist, conference organizer of Brighton Ruby, author, speaker, bootstrapper & twin dad. Amidst the COVID-19 pandemic, Andy had to pivot this year's conference into a new experience. He and Brittany discuss the details and the potentially lasting effects on the community.

Links for this episode:

• Brighton Ruby Conference 2020
  
• Andy Croll's Personal Site
  
• One Ruby Thing
  
• Andy Croll (@andycroll) | Twitter
  
• Episode Music by Kevin MacLeod
  
• Episode Introduction and Outro by Michael Springer
  

Mindlessly checking social networks, watching YouTube, and permanently distracted by push notifications. Have you been there? In my least technical post so far, I’m going to share a couple of tips on tackling the internet and smartphone addiction.

How I limit the distractions when working remotely?

As a full-time remote worker, I spend the majority of my waking hours in front of a desktop computer. I’m not very good at resisting the temptation to compulsively check the social media, news, or usage stats of my apps. Instead, I use a simple hack to limit my habit of mindlessly visiting the same websites again and again.

It’s the /etc/hosts file. Without going too technical, you can break…

Tough Love

One of the first things that a journeyperson programmer will have to learn when they transition from full time student to working developer is that things in the real world are never as cut and dry as their classes may have made it seem. At the end of the day, software is not written because we love building castles of logic in the sky, it's written to solve a real problem. That might seem like a trite observation, but it explains almost everything you observe as a working developer.

Because perfection isn't profitable, real world applications are developed under less than ideal circumstances, often under intense pressure, and with inevitable compromises. Large applications…

This morning I read "Integrated systems for integrated programmers" article by DHH. I totally agree with it, replacing a monolith by microservices won't solve all its problems automagically.

The post Fallacies of distributed computing for Ruby developers appeared first on frontdeveloper.pl.

While working with third party APIs, lot of times we get nested JSON structure in the response. Here is sample response from GitHub API.

[
  {
    "id": 1,
    "title": "Found a bug",
    "body": "I'm having a problem with this.",
    "user": {
      "login": "octocat",
      "id": 1,
    },
    "labels": [
      {
        "name": "bug"   
      }
    ],
    "assignee": {
      "login": "octocat",
    },
    "assignees": [
      {
        "login": "octocat"       
      }
    ],
    "milestone": {      
      "creator": {
        "login": "octocat"
      },
      "open_issues": 4,      
    },
    "pull_request": {
      "url": "https://api.github.com/repos/octocat/Hello-World/pulls/1347"
  …

I don't have kids yet, but when I do, I want them to learn two things:

• Personal finance
• Machine learning

Whether or not you believe that the singularity is near, there's no denying that the world runs on data. Understanding how that data is transformed into knowledge is critical for anyone coming of age these days – and even more so for developers.

This is the first article in a series that will attempt to make machine learning (ML) accessible to full-stack Ruby developers. By understanding the ML tools at your disposal, you'll be able to help your stakeholders make better decisions. Future articles will focus on individual techniques and practical examples, but in this one, we're…

Rails has a very useful feature called schema cache.

When the Rails application is booted, it executes SHOW FULL FIELDS query to get information about the tables and the datatype of all the columns. Imagine, we have a large Rails application with many models. Rebooting the servers will fire the above heavy query SHOW FULL FIELDS for each model. This expensive operation may also kill our database.

The motive behind schema cache is to serialize database details like tables, columns, types into a file. Load this file on the application servers. Read the data from this file to avoid hitting the database.

This avoids load on our database and speeds up the boot time of servers.

Schema cache…

This blog is part of our Ruby 2.7 series. Ruby 2.7.0 was released on Dec 25, 2019.

Ruby 2.0 introduced Enumerator::Lazy, a special type of enumerator which helps us in processing chains of operations on a collection without actually executing it instantly.

By applying Enumerable#lazy method on any enumerable object, we can convert that object into Enumerator::Lazy object. The chains of actions on this lazy enumerator will be evaluated only when it is needed. It helps us in processing operations on large collections, files and infinite sequences seamlessly.

# This line of code will hang and you will have to quit the console by Ctrl+C.
irb> list = (1..Float::INFINITY).select { |i| i%3 == 0 …

In today’s post, we will be looking into a software design pattern called Facade. When I first adopted it, it felt a little bit awkward, but the more I used it in my Rails apps, the more I started to appreciate its usefulness. More importantly, it allowed me to test my code more thoroughly, to clean out my controllers, to reduce the logic within my views and to make me think more clearly about an application’s code’s overall structure.

Being a software development pattern, facade is framework agnostic but the examples I will provide here are for Ruby on Rails. However, I encourage you to read through this article and try them out regardless of the framework you are using. I’m sure that once…

01:38 - What Does Resilience Mean To The Panelists?

• John - [It’s] Like A Flexible Tree That Can Bend With The Wind Or Environment - It Does Not Resist Or Break
• Chanté - Tenacity And Grit And Being Able To Cope Or Withstand Something That You Didn’t Foresee - It Doesn’t Break You, It Makes You Stronger
• Antifragile
• Rein - [It’s] About Unforeseen Surprises

03:36 - Thoughts On David Woods - Four Concepts for Resilience

• Resilience As Rebound
• Resilience As Robustness
• Resilience As The Opposite Of Brittleness
• Resilience As Sustained Adaptability

04:49 - Applying Resilience To Leadership

• High Performance Organization - HPO
• People Make Up Companies

14:40 - The Difference Between…

Chris O’Sullivan joins the Rogues to talk about the people who influenced Ruby and how it’s shaped the community and technology we have today.

Panel

• Charles Max Wood
• Dave Kimura
• John Epperson

Guest

• Chris O'Sullivan

Sponsors

• Resolve Digital

____________________________________________________________

"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!

____________________________________________________________

Links

• 209 JSJ TypeScript with Anders Hejlsberg
• “DHH's whoops video”
• Mr. Neighborly's Humble Little Ruby Book
• Jim Weirich
• ruby/rake: A make-like build utility for Ruby.
• Quick…

Rails 5 introduced Action Cable which provides WebSocket support for Rails.
It is used for creating real-time features like chat or app notifications.
It uses the Pub/Sub or Publication/Subscription process. The idea of Pub/Sub is that when an event occurs and publishes a message then the subscriber who has subscribed for that kind of message will receive the event.

Action Cable mainly consists of three things:

• Connection
• Channel
• Consumer

Follow Streams

Action Cable provides two methods to create the new channel name:

• stream_from
• stream_for

ActionCable::Channel#stream_from

It expects a string for creating the channel.

class ChatChannel < ApplicationCable::Channel
  def…

I got a customer ticket the other day that said they weren’t worried about response time because “New Relic is showing our average response time to be sub 200ms”. Sounds good, right? Well, when it comes to performance - you can’t use the average if you don’t know the distribution. It’s usually best to use the median, which is also perc50, though you’ll also want to look at your long tail of responses. If you’re not following, then this post is for you.

In this episode I talk with Jason Gedge, Staff Production Engineer at Shopify, about Shopify's Rails monolith.

• Jason Gedge on Twitter
• Domain Driven Design

On this week's episode, Steph and Chris discuss the pros and cons of memoization, Chris revisits the discussion around the value of react snapshot tests as well as his continued explorations with Inertia.js while Steph updates us on living in a schema-less world, and they round out the conversation with a listener question about pairing tools, setup, and approaches.

This episode is brought to you by ExpressVPN.
Click through to get three months for free.

• memoization
• Jest snapshot tests
• RSpec custom matchers
• ActiveRecord columns_hash
• Inertia.js
• Tuple
• VSCode Live Share
• tmate
• Tomato Timer
• Effective Pairing Checklist

Sponsored By:

• ExpressVPN: Click through to get three months for…

As the weather warms up, I get energized to give my codebase a spring cleaning. I’ve worked on projects where the mess was so bad that we were afraid to touch anything and I’ve worked on projects where I aggressively tried to get to code neutral (deleting more lines of code than I added). But the right balance lies somewhere in the middle.

Over the years, I’ve found a few tasks that I think provide the biggest bang for the buck. Easy, low risk things you can do in under an hour to make your codebase a little bit more inhabitable. Do one every day for a week, or go all-out one Friday afternoon and see how much you can finish.

Tidy Up Your Dependencies

Tools like bundler and yarn generate…

I made a website in PHP around 1996, right after the birth of the thing itself, to replace some dirty C++ CGI scripts. That didn’t live for long, so I haven’t really done PHP in 24 (!) years.

And so, having recently struggled with using the AWS C++ SDK, I decided to waste more time, and build a “hello world” PHP sample for AWS Data Exchange using the AWS SDK for PHP. It was almost too easy.

Installing PHP

The Getting Started documentation was straightforward. On my Mac I ran brew install php and called it a day.

$ php -v
PHP 7.4.3 (cli) (built: Feb 20 2020 12:23:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3,…

PostgreSQL is a fantastic database isn't it? However for all those starting out, PostgreSQL console could be confusing to say the least.

Let's see in this cheat sheet what are the basic commands for moving your first steps it the PostgreSQL console.

A PostgreSQL console cheat sheet: first steps

First of all you want to login into the console. To do so become "postgres" from the command line with:

sudo su - postgres

Once inside enter the PostgreSQL console with:

psql

If you see this prompt you're in:

postgres=#

A PostgreSQL console cheat sheet: interacting with databases

Once inside the PostgreSQL console you can interact with databases. From now on I'll omit the…

Hello! A while back I learned how to make fun shiny spinny things like this using shaders:

My shader skills are still extremely basic, but this fun spinning thing turned out to be a lot easier to make than I thought it would be to make (with a lot of copying of code snippets from other people!).

The big idea I learned when doing this was something called “signed distance functions”, which I learned about from a very fun tutorial called Signed Distance Function tutorial: box & balloon.

In this post I’ll go through the steps I used to learn to write a simple shader and try to convince you that shaders are not that hard to get started with!

examples of more advanced shaders

If you…

Eric Normand (of LispCast and PurelyFunctional.tv) and I have been trading notes about the developer education business for years. The other day we caught up and talked about business models, subscription vs. product pricing, courseware software, and a lot more. We recorded it in hopes it might be helpful to anyone else who is in, or considering jumping into, this line of work.

Topics covered include:

• Non-obvious pros and cons of selling subscription vs one-off products.
• Courseware hosts such as Podia, Kajabi, Thinkific, and Teachable
• Why many of those courseware hosts have business models that favor hobbyists, not professional educators.
• The Lynda.com business model
• Our…

What is a many to one relationship?

In database design many to one (or one to many) refers to a relationship between one or more entities where a single entity can have many entities connected.

Let's make an example. Consider two entities: Mother and Daughter. As we know from real life, these two entities are most of the times connected like so:

• Every Daughter has one Mother
• One Mother can have many Daughters

So we have a many to one here where many is the Daughter and one is the Mother.

In an Entity Relationship Diagram this relationship is described with two boxes connected by the popular crow's foot:

On the Mother side you can see two…

Software development is more fun with friends; that's why we've built tons of collaboration features into Honeybadger over the years, making it easier for teams to fix errors.

Recently the team at DEV emailed us with a feature request: could we make it easier to involve the broader DEV open source community in the error-fixing process?

Today, we're excited to announce a new feature that does exactly that: Public Dashboards.

A public dashboard is a secret URL that you can share with outside users (such as contractors and open-source contributors). When you use the share button (see below for details) from the error details page, that error appears on the public dashboard for your…

Conferences 'n' Camps

What's News? What's Upcoming in 2020?

ONSITE CANCELED / ONLINE ONLY! - Ruby Wine 2.0
Apr/4 (1d) Sat @ Chisinau, Moldova • (Updates)

See all Conferences 'n' Camps in 2020».

Ernesto Tagwerker is the Founder of Ombu Labs, a small software development company dedicated to building lean code and reducing tech debt. He and Brittany enthusiastically discuss blockers in upgrading Rails, tech debt and Ernesto's future plans for his code scoring library, Skunk.

Links for this episode:

• Ombu Labs - The Lean Software Boutique
  
• Fast Ruby - Ruby on Rails Upgrades by Ombu Labs
  
• fastruby / skunk | A StinkScore Calculator for Ruby Code
  
• Ernesto Tagwerker (@etagwerker) | Twitter
  
• Episode Music by Kevin MacLeod
  
• Episode Introduction and Outro by Michael Springer
  

Photo by Emmanuel Hayford

“Wait, what?!”. “Aaah! I get it!”. “WTF?!?”. “I don’t get this.”

These were my thoughts when I was reading Elixir’s Getting Started Guide some years back. Seeing the last chapter of those guides has been nothing but a dream to this day. I did though, get a glimpse of what Elixir is about.

Elixir is this functional and concurrent programming language that runs on the Erlang virtual machine (BEAM). It was released in 2011 as an R&D project of Plataformatec (for years, I read this as Platformatec!) by José Valim.

From an object-oriented programming(OOP) point of view, it’s fancy, yet powerful! While everything in Ruby is an object, in Elixir, everything is an…

Sooner or later each of us encounters a situation where a method depends on time. The feature needs to be tested later on. Among Rubyists, the most popular gem which provides handy helpers to this problem is called timecop. Since Ruby on Rails 5.2 it can be replaced by built-in methods defined within the ActiveSupport::Testing::TimeHelpers module.

The post How we migrated from Timecop to built-in Rails 5.2 time helpers appeared first on frontdeveloper.pl.