GHSA-vcc3-rw6f-jv97 (nokogiri): Use-after-free in libxml2 via Nokogiri::XML::Reader
This is part 1 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 2andpart 3.
At neeto, the product team, developers and the UI teamoften communicate using short videos and screen recordings. We relied on popularsolutions like Loom and Bubbles. But they allowed only a small number ofrecordings in their free versions and Soon, they presented us with the upgradedscreens - upgrades were quite expensive for our team due to our team size andthe number of recordings we made daily.
So, we thought of building a solution of our own. We found the browser'sMediaStream Recording API.
MediaStream Recording API
The MediaStream Recording API, sometimes called the MediaRecorder…
Efficient uploading and persistent storage of neetoRecord videos using AWS S3
This is part 2 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 1andpart 3.
In the previous blog, we learned how to use the Browser APIs to record screenand generate a WEBM file. We now need to upload this file to persistent storageto have a URL to share our recording with our audience.
Uploading a large file all at once is time-consuming and prone to failure due tonetwork errors. The recording is generated in parts, each part pushed to anarray and joined together. So it would be ideal if we could upload these smallerparts as and when they are generated, and then join together in the backend oncethe recording is completed. AWS'sSimple Storage Service (S3) made a…
Universal playback and streaming support using MP4 and Range request headers
This is part 3 of our blog on how we are buildingneetoRecord, a Loom alternative. Here arepart 1andpart 2.
In the part 1 of our blog, we uploaded the recording from the browser to S3 insmall parts and stitched them together to get the final WEBM video file. Wecould use this WEBM file to share our recording with our audience, but it has afew drawbacks:
WEBM is not universally supported. Though most modern browsers support WEBM,a few browsers, especially devices in the Apple ecosystem, do not play WEBMreliably.
Metadata for timestamps and duration are not present in WEBM videos. So,these videos are not "seekable." It means these videos do not show the videolength, and we cannot move back and…
Hence, we needed to convert the WEBM videos to a…
At neeto, the product team, developers and the UI teamoften communicate using short videos and screen recordings. We relied on popularsolutions like Loom and Bubbles. But they allowed only a small number ofrecordings in their free versions and Soon, they presented us with the upgradedscreens - upgrades were quite expensive for our team due to our team size andthe number of recordings we made daily.
So, we thought of building a solution of our own. We found the browser'sMediaStream Recording API.
MediaStream Recording API
The MediaStream Recording API, sometimes called the MediaRecorder API, isclosely affiliated with theMedia Capture and Streams APIand theWebRTC API. TheMediaStream Recording…
Efficient uploading and persistent storage of neetoRecord videos using AWS S3
In the previous blog, we learned how to use the Browser APIs to record screenand generate a WEBM file. We now need to upload this file to persistent storageto have a URL to share our recording with our audience.
Uploading a large file all at once is time-consuming and prone to failure due tonetwork errors. The recording is generated in parts, each part pushed to anarray and joined together. So it would be ideal if we could upload these smallerparts as and when they are generated, and then join together in the backend oncethe recording is completed. AWS'sSimple Storage Service (S3) made a perfect fit asit provides cheap persistent storage, along withMultipart Uploadsfeature.
S3 Multipart…
Universal playback and streaming support using MP4 and Range request headers
This is part 2 of our blog on how we are buildingneetoRecord.
In the part 1 of our blog, we uploaded the recording from the browser to S3 insmall parts and stitched them together to get the final WEBM video file. Wecould use this WEBM file to share our recording with our audience, but it has afew drawbacks:
WEBM is not universally supported. Though most modern browsers support WEBM,a few browsers, especially devices in the Apple ecosystem, do not play WEBMreliably.
Metadata for timestamps and duration are not present in WEBM videos. So,these videos are not "seekable." It means these videos do not show the videolength, and we cannot move back and forth using the seek bar. The videostarts…
Hence, we needed to convert the WEBM videos to a universally supported format tosolve the…
Browser compatibility is critical for ensuring that a website displays and performs properly across several web browsers. Every browser renders code differently, thus compatibility testing is critical for reaching a larger audience. It involves evaluating how a website appears in several browsers such as Chrome, Firefox, Safari, and Internet Explorer.
As the number of mobile users grows, interoperability with mobile platforms becomes increasingly important.
Before
Before Rails 8, browser compatibility was detected using the browser gem
gem "browser"
To detect whether a browser can be considered as modern or not, we create a method that abstracts our versioning constraints.
def modern_…
Context:
I started working at Seezo, where we are building a product for security design reviews. At this point, we are on the 0 to 1 journey and all the technical decisions we make might have a large impact on the future of our company.
Personally, I have always been curious about why did someone pick X framework over Y or should you build a feature in this way or that...
Now that I am in a place where I get to be close to this decision-making process, I'll try to document it here. Some of the tradeoffs might actually come through a mix of research, previous experience, and discussions while some are just made in the moment(relying on our gut feeling).
Which framework?
Okay, this is the most…
CVE-2024-28181 (turbo_boost-commands): TurboBoost Commands vulnerable to arbitrary method invocation
Our product team is busy adding many great new features to Aha! Whiteboards and Aha! Knowledge — including wireframes, voting, and improvements to viewing Aha! Roadmaps data within a whiteboard. We added all of this functionality in just the last few months, and we are busy building…
Have you ever thrown actual spaghetti at a wall? It’s funny, sticky and barely induces any panic. HackerOne reports, on the other hand, have the opposite effect. Unlike wet spaghetti, the clean-up job is far more work for our security team.
Running a bug bounty program means a stream of incoming reports, not all of them correct, that must be reviewed. After receiving enough dire-sounding reports that ultimately lead nowhere, it can look like thrown spaghetti (a see-what-sticks approach). Though we try to give each report a thorough, unbiased evaluation, it’s difficult to keep an open mind about any given report.
Dead-end reports cost the RubyGems security team time, and slow down our…
RailsConf 2024 🔗
I’m on the RailsConf 2024 Program Committee. We just released the program for this year’s event, and I hope you’ll join us!
One thing we don’t have are formally-themed tracks. In past years, our CFP might have included prompts for different topics. Or we’d group some talks in publicly-shared and advertised ways.
We aren’t doing that this year. That lets us focus on the overall conference theme: building with Rails. However, that didn’t stop me from brainstorming a list of possible tracks, in case we did want to add them in.
The following is a list of what could have been, but will not be: tracks that are not part of the RailsConf 2024 program.
Lend an Enginear 🔗
Story Time!…
There’s a project I’m consulting on where programmers develop predominantly in cloud environment. This setup simplifies a lot of moving parts and has the benefit of providing everyone homogenous containers to run code. If it runs on my box — it will run on everyone’s box. In that case, that box is Linux-based. It has the drawback of having greater latency and being more resource-constrained than a beefy local machine a developer is equipped with, i.e. MacBook Pro running on Apple Silicon.
Recently we’ve upgraded this development environment from Ruby 3.2.2 to Ruby 3.3.0. The process was smooth and predictable in the cloud environment. It worked on my box and by definition on everyone’s…
Once a Maintainer: Ralf Gommers
Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.
This week we’re talking to Ralf Gommers, Co-Director of Quansight Labs and leading contributor to NumPy, the fundamental package for scientific computing in Python, as well as SciPy, meson-python, and the Array API Standard. NumPy published the first pre-release version of their upcoming 2.0 release in public beta this week. This is the first new major version of NumPy in 16 years.
Once a Maintainer is written by the team at Infield, a platform for managing open source dependency upgrades. Ralf spoke to us from Norway.
How did you get into software engineering?
To begin, I trained as an experimental…
Active Record Basics Guide Refresh, Encrypted Attributes Re-Optimization, and more…
Hi, it’s zzak. Let’s explore this week’s changes in the Rails codebase.
The Rails World CFP will close in just one week on March 21.
Submit your talk in time!
Active Record Basics Guide
This PR refreshes the guide covering the basics of Active Record.
Do not try to alias on key update when raw SQL is supplied
A bug was found when updating duplicates with raw SQL.
Memoize “key_provider” from “key” or deterministic “key_provider” if any
Previously, this memoization was removed which lead to a performance hit for encrypted attributes.
Updating Astana with a Western Kazakhstan timezone
On March 1, 2024, Kazakhstan (all parts) switched to a single time zone UTC+5.
Using the latest tzinfo-da…
Struggles and Strategies-Dev Dilemmas
Join Chris and Andrew in this episode as they discuss their recent experiences and
challenges with software development projects. They cover a range of topics including
the impact of ADHD on productivity, troubleshooting coding issues, the intricacies of
working with React, caching problems, and the dilemmas faced when debugging and
deploying. They also dive into the variations of using Docker, optimizing CI/CD
pipelines, the potential of Rust for CLI applications, and reflect on their journey with
various programming tools and environments. Additionally, they touch upon the
development of Rails applications, the utilization of Docker containers for development
without installing Ruby or Rails, and…
Numeric data types in Ruby and when to use them
In programming, we usually deal with numbers daily, sometimes without even noticing it. There is a nice offer of numeric types in Ruby, each serving a purpose, supporting features and having different behaviours.
Let’s have a look at what these types are, what performance and precision they provide and how to use them properly in our programs.
Numbers are Numeric
objects
The core parent class of all core numeric types is
Numeric
, itself inheriting from
Object
. It includes the Comparable
module and provides methods for
querying (e.g. #positive?
), comparing (e.g. #<=>
) or converting
(e.g. #floor
).
We don’t directly use this class, but those which inherit from it.
Numeric…
Ruby provides a handy defined?(arg)
keyword that returns a string describing its argument.
language = 'Ruby'
defined? language # 'local-variable'
defined? @instance_var # 'instance-variable'
defined? @@class_var # 'class variable'
defined? nil # 'nil'
defined? 1 # 'expression'
defined? 'Ruby' # 'expression'
defined? String # 'constant'
You can use defined?
to test if the expression
refers to anything recognizable. The expression
can be an object, a variable, a method name, etc.
Note that a variable set to nil
is still initialized and recognized by ruby as a local-variable
.
framework =…
How to add a loading animation to your turbo frame with TailwindCSS
Ever been working on a project and hit a snag? That’s what happened to me recently. I came across a turbo frame that was slow to load and didn’t show any signs of loading. Talk about confusing!
The busy
attribute of the turbo frame
The easiest way to add a loading state to the turbo frame is to insert the loader inside the frame tag. Problem is that it only works on the very first load, after that you’ll see the old content until the new one fully loads.
I did some digging and found out that turbo frames actually have states, which can be useful: one…
Turbocharging Puma with Thruster
#694 — March 14, 2024
Ruby Weekly
37signals Open Sources Thruster — First seen in Campfire, Thruster is a minimal HTTP/2 proxy for production Rails deployments – it runs alongside Puma and offers HTTP/2, Caching, SSL via LetsEncrypt, and static file serving with compression, filling a similar role to Traefik or Caddy (like them, it’s written in Go).
37signals
IRB 1.12.0 Released — One advantage to various parts of Ruby being turned into separate gems is you can upgrade them without upgrading Ruby itself, and IRB is certainly worth upgrading frequently. v1.12 introduces enhancements to…
What is a product? How does a product manager improve software teams and lead to stronger return on investments? How does a product manager reduce risk by focus on learning and validating assumptions?
Over the last decade, schools like Harvard Business School, Cornell University’s Johnson Graduate School of Management and Northwestern University’s Kellogg School of Management all rolled out new courses and programs aimed at teaching Product Management.
And yet, despite the rapidly growing industry of product management, many businesses still don’t fully understand how to leverage product managers to support the bottom line.
“There are probably more misconceptions about product…
CVE-2024-28199 (phlex): Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Notes from migrating from Minitest to RSpec, with help from GitHub Copilot
This year’s line-up celebrates everyday developers that build with Ruby on Rails
PASADENA, C.A. (March. 13, 2024) – RailsConf 2024 is the world's largest gathering of Rails developers, brought together to further discussion and learning about building, managing, and testing Rails applications. Long-time conference organizers, Ruby Central, Inc., have just announced the program for the 19th annual RailsConf. Forty speakers have been chosen to present talks or workshops at the conference, which takes place from Tuesday, May 7 to Thursday, May 9 in Detroit, MI.
“This year’s speakers have been selected to give attendees real-life, practical, insights into building and running Rails apps and…
In Defence of Gerrit
The first team I joined in the tech industry was not doing what I understood modern software development to be. There was no CI/CD. There wasn’t a single automated test. They’d only recently adopted Git, but were using it primarily as a big save button. Some project histories were just a long string of arbitrary commits with the message “EOD”.
I was in my early twenties. I’d been programming actively for about ten years, but only as a hobbyist or in school. I had no industry experience. I’d been consuming all the programming material I could find to help me land a job. I was alarmed by the complete absence of “best practices”, but in no position to lobby for changes.
I eventually pushed…
This article is translated from a Japanese article written by me.
Hello, I'm Pocke.
Today, I created a gem called activerecord-originator, and I'd like to introduce it to you.
ActiveRecord::Originator
Add SQL comments to indicate the origin of the SQL.
This gem adds SQL comments indicating the origin of the part of the query. This is useful for debugging large queries.
Rails tells us where the SQL is executed, but it doesn't tell us where the SQL is constructed This gem lets you know where the SQL is constructed! For example:
Article Load (0.1ms) SELECT "articles……
Homebrew Unleashed: Diving into the Fast and Efficient Packaging Process - RUBY 628
Mike McQuaid is the CTO and cofounder at Workbrew. They dive into the world of Homebrew, an open-source package manager for macOS and Linux. They explore the history and development of Homebrew, from its origins in the Ruby community to its evolution into a widely-used tool for installing and managing software.
The conversation delves into the intricacies of building and maintaining packages, the introduction of binary packages and a new JSON API, and the creation of Workbrew, a company focused on commercializing features for Homebrew. They also touch on the latest developments in Ruby, the differences between Homebrew Cask and Homebrew Core, and the complexities of handling a large number…
You may have heard about WebAssembly. It’s an open standard that aims to help developers create high performance applications on the web. It’s a portable binary execution format traditionally used on the front end, but there are also other ways to use it. I am completely new to WebAssembly, so today we have a guest to talk about it with us.
Show Notes
- Extism repo: https://github.com/extism/extism
- WebAssembly MDN Docs: https://developer.mozilla.org/en-US/docs/WebAssembly
- Have a comment on this episode? Send an email to comments@therubyonrailspodcast.com
Sponsors
Honeybadger
As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime issues,…
In part one of this series, we used Hotwire's Stimulus and Turbo Frames to present modals in Rails.
Now, we'll dive into another method we can use to present modals: Turbo Streams.
What Are Turbo Streams in Ruby on Rails?
Turbo Streams is a subset of Turbo. It allows us to make fine-grained, targeted updates to a page. By default, it contains seven CRUD actions, but we're free to add more actions within our applications.
Now, we'll create a show_remote_modal
action which renders and presents the <dialog>
from our previous post.
Creating a Custom Action
Create a folder to place all custom Stream Actions in:
$ mkdir app/javascript/stream_actions
$ touch app/javascript/stream_actions/index.js
…Claude 3 Opus - First impressions
Disclaimers and technical details
If you are looking for comprehensive benchmarks, head over the Anthropic announcement blog post, or to the fantastic LMSYS leaderboard.
My goal with this blog post is to provide anecdote only. Here are a limited number of tests and examples pitting Claude 3 Opus against the current (as of 08-03-2024) flagship model by Open AI, GPT-4 Turbo version 0125-preview.
I hope to provide entertainment and a glimpse into the capabilities of both of these impressive models.
I performed all my testing using Discourse AI which provides consistent tool (the ability to invoke functions) and persona support across a wide…
…Ruby’s reduce
(aka inject
) can be intimidating. It can be hard to both read and to write.
This handy two-step approach has helped me write reduce
code without tying my
brain in knots.
Two-step process
Here are the two steps:
- Figure out how to combine 2 items
- Use
reduce
to scale up to n items
They derive from a helpful mental model I have:
reduce
is a tool for scaling a method that combines 2 items into a method that combines n items.
Problem: Aggregating T-shirt inventory
Consider some code that models multiple warehouses that hold inventory of various sized t-shirts. We might want to find the total inventory across all warehouses. Aggregation problems…
This blog series is dedicated to celebrating our Black, Latino/a/e/x, and Women Engineers who are making an impact in the lives of our Gusties and Gustomers (Gusto customers) every day.
Today, we’re spotlighting Hugo Rodriguez, who works out of Mexico and has been with Gusto for 1.5 years and is now on the Payroll Experiences team. He also has 12 years of experience teaching Computer Science at the UNAM (Universidad Nacional Autonoma de Mexico).
Hugo wearing a concert T-shirt for Helloween & HammerfallAbby: Tell us a little about how you got to Gusto.
Hugo: Before Gusto, I was working for an energy company for 5 years building their frontend and backend systems for energy-price forecasting.…
Introducing Dead Code
As software consultants, we bring more than Solidus expertise to the organizations we work with. We’re also specialists in iterative software development, which we believe is necessary for success in the eCommerce industry. We do our best to help shape the organizations we work with to make them better at delivering software.
In a sense, we’re undercover Extreme Programming consultants. We use our unique position as outsiders to the organization to facilitate healthy changes that push them towards iterative planning and incremental delivery. Different organizations are more or less receptive to this, but even when we collaborate with a more rigid organization, we do what we can to help make…
Introducing Dead Code
It was only a matter of time before the disease that gets everyone in my demographic got me too. I’ve started a podcast. I know, I know, but the software industry needs me. I couldn't help myself.
One team’s best practices are another’s anti-patterns. The TDD debate continues with no end in sight. Agile might be dead, but it might still be alive and well, just divorced from its name. Computer science academia is totally disconnected from software development, and bootcamps have tried to improve on that by, uh, exploiting market conditions or something.
That’s where Dead Code comes in. Through conversations with people across the software world, we’re going hunting for our industry’s best…
Automating Case Conversion in Axios for Seamless Frontend-Backend Integration
In the world of web development, conventions often differ between backend andfrontend technologies. This becomes evident when comparing variable naming caseconventions used in Ruby on Rails (snake case) and JavaScript (camel case). Atneeto, this difference posed a major hurdle: the requirement for manual caseconversion between requests and responses. As a result, there was a significantamount of repetitive code needed to handle this conversion.
Heres a snippet illustrating the issue faced by our team:
// For requests, we had to manually convert camelCase values to snake_case.const createUser = ({ userName, fullName, dateOfBirth }) => axios.post("/api/v1/users", { user_name: userName, …
We’ve been shipping Kubernetes to clients since 2015, and over the years, we realized it would be nice to have a setup that referred to some core distribution for our Kubernetes configuration. Read about our efforts creating a toolkit for our clients that make adopting it easy and affordable, transforming it from potential headache into just another…
Ruby string substitution using the %
operator is a way to format strings in Ruby, enabling you to insert variables or expressions within a string. This technique can make it easier to build strings dynamically, particularly when you need to include variable content.
When you pass a hash of values for string substitution in Ruby, you can use named placeholders within the string. This approach is more readable and maintainable, especially with many variables or when the order of variables is only sometimes apparent. Here's how it works:
Syntax with Hash
To use a hash for string substitution, you specify symbols in the format string corresponding to the hash keys. Then, you pass the…
How to customize Rails console setup without modifying the project
Goodbye, Pivotal Tracker
I just learned (through this article) that Pivotal Tracker is shutting down for everyone except enterprise customers. I’ve been using Pivotal Tracker for only slightly less time than I’ve been working with Rails. In the beginning I didn’t appreciate it. It was ugly. I didn’t understand the words it used. It was rigid. Eventually that changed.
Bugs didn’t get pointed, which made the team extremely aware of the cost of defects. Chores didn’t either, and that urged our team to break things down into user-oriented functionality, so that it would “count”. The “automatic” sprint planning was imperfect, but it tempered our unrealistic expectations of what we could get done. You could even create…
Joël talks about his difficulties optimizing queries in ActiveRecord, especially with complex scopes and unions, resulting in slow queries. He emphasizes the importance of optimizing subqueries in unions to boost performance despite challenges such as query duplication and difficulty reusing scopes. Stephanie discusses upgrading a client's app to Rails 7, highlighting the importance of patience, detailed attention, and the benefits of collaborative work with a fellow developer.
The conversation shifts to Ruby's reduce method (inject), exploring its complexity and various mental models to understand it. Joël and Stephanie discuss when it's preferable to use reduce over other…
Hanami is a full-stack Ruby web framework. Unlike Rails, which has many default assumptions about how an app should be built, Hanami promises developer freedom by not imposing too many such defaults.
The framework is also blazingly fast due to its low memory footprint and focus on minimalism. Combine that with a focus on strict abstractions, and you get a fully-featured Ruby framework that could rival Rails for building some applications, such as APIs and micro-services.
In this tutorial, we'll learn about the framework's structure and features as we go through the steps of building a simple blog application.
Let's get started.
Prerequisites
In order to follow along with this tutorial,…
Hello everyone!
We’re back with the latest update on the RubyMine 2024.1 Early Access Program.
You can download the Beta build from our website or via the free Toolbox App.
Here are the highlights:
Full Line Code Completion
RubyMine 2024.1 comes with the Full Line code completion (FLCC) feature for Ruby code. It is available as part of the Full Line Code Completion plugin, which is bundled with your IDE.
The plugin enriches your code completion with multi-token proposals, employs a deep learning model, and operates on your local machine, ensuring that no data is transmitted over the internet. As a result, the functionality remains accessible even when you don’t have an…
Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.
Feedback for structuring the Active Record Query Guide
The Active Record Querying Guide is getting restructured and the team working on it requests feedback from the community.
Rails World CFP closes in 2 weeks
2 more weeks left to submit your talk to Rails World 2024!
Railties: configure sanitizer vendor in 7.1 defaults more robustly
In apps where rails-html-sanitizer was not eagerly loaded, the sanitizer default could end up being Rails::HTML4::Sanitizer
when it should be set to Rails::HTML5::Sanitizer
. This change require
s rails-html-sanitizer immediately before it’s needed, and avoids the possibly-incorrect…
Illustrator .ai files are previewable as PDFs
This happened…
How HEAD works in git
Hello! The other day I ran a Mastodon poll asking people how confident they were that they understood how HEAD works in Git. The results (out of 1700 votes) were a little surprising to me:
- 10% “100%”
- 36% “pretty confident”
- 39% “somewhat confident?”
- 15% “literally no idea”
I was surprised that people were so unconfident about their understanding –
I’d been thinking of HEAD
as a pretty straightforward topic.
Usually when people say that a topic is confusing when I think it’s not, the
reason is that there’s actually some hidden complexity that I wasn’t
considering. And after some follow up conversations, it turned out that HEAD
actually was a bit more complicated than I’d appreciated!
…
Introducing props_template: A Jbuilder alternative
I like Jbuilder. It’s been part of every Rails project every time I run rails
new
and the first thing I reach for when I want to create JSON responses. It’s
as synonymous with JSON as ERB is with HTML.
But I wanted a version of Jbuilder that had layouts, didn’t merge hashes, had faster caches, directly used OJ’s StringWriter instead of building a hash, and allowed me to dig into a structure using a key path. Sometimes it makes sense to contribute to an open source project and submit pull requests for the features you want; sometimes we diverge so much that it makes sense to start anew.
Introducing props_template. A JSON builder with a Jbuilder-like DSL that has support for all of the…
DHH's Windows odyssey
#693 — March 7, 2024
Ruby Weekly
A Cookbook of Ruby One-Liners — Ruby is a fantastic language for one-liners, whether in IRB or from the command line. We’ve linked to this cookbook before but it continues to prove very useful and Sundeep has released a new version of it, along with PDF/EPUB builds, and ▶️ a video explaining the project.
Sundeep Agarwal
Better Know a Ruby Thing: Keyword Arguments — Noel continues a series digging deep into specific Ruby features with a look at keyword arguments, from the basics through to fun stuff like using **nil
to prevent keyword arguments being…
Rails 7.1.2 now ignores implicitly passed locals in templates that use strict local definitions
Templates have always been a powerful way to organize and reuse view elements. Rails 7.1 introduced strict local definitions in templates. This means that templates can now define a strict list of locals that they accept. This is useful for catching typos and other errors.
For example, to render a profile card with strict locals, a template might look like this:
# app/views/_profile.html.erb
<%# locals: (name:, avatar:) -%>
<div>
<%= image_tag avatar %>
<%= name %>
</div>
The magic comment locals: (name:, avatar:)
defines the locals that this template accepts. If a local that is not defined is passed to this template, an exception will be raised.
#…
Complex file processing can be easy with serverless solutions, but to perform manipulations on the uploaded files, you also need an easy-to-integrate system. Learn file processing tools and techniques with a real case and see an example serverless app for Google Cloud Platform.
Complex file processing can be made easy with serverless solutions, but when it comes to performing various manipulations on the uploaded files, you also need a robust system that’s easy to integrate. Yet, if you want to create a complex service, you'll need to know some…
Burnout is a common occurrence in the tech industry. And the recent onslaught of layoffs have left many stressed about their job search, or overworked from the increased demands of the smaller teams. I know some of my listeners have experienced burnout. I myself have had a recent experience with burnout that took months to recover from. Dr. Katy Cook joins the show to teach us more about Burnout.
Show Notes
The Psychology of Silicon Valley (2019)
APA Studies on Burnout
Have a comment on this episode? Send an email to comments@therubyonrailspodcast.com
Active Record or Sequel: Which Best Fits The Needs of Your Ruby App?
When it comes to choosing an object-relational mapping (ORM) library for your Ruby application, Active Record is usually the favorite choice. It's an easy-to-use ORM library that allows for lots of data wrangling without resorting to SQL. All the same, you might wonder: "Is Active Record the only Ruby ORM library I can use?"
In this article, we'll compare some Active Record features to its lesser-known but powerful cousin, Sequel. There are too many points of comparison to cover everything (such as how each library handles CRUD operations, table joins, associations, database replication and sharding, etc). Instead, we'll scratch the surface of a few database operations — namely, filtering,…
I've been using Honeybadger for a while now on my Rails applications (both personal, hobby projects and for clientwork). I mainly use it for error and uptime monitoring. Both features work really great, and I really like their simple offerings and intuitive UI.
For a long time, I've been waiting for a simple hosted log management solution from them, and I recently stumbled across it while reading their docs. It's called Insights and you can read the docs here. I really like the following marketing copy, which helped clear some confusion I had about the related jargon.
Logging EventsThe setup is…
“We need some help with SQL Server work. Can you start Monday?”
It was Friday afternoon. I had taken a class in Microsoft SQL Server years before, on a version years out of date. I’d never really used it in any real projects. And this phone call came from five hours away, in another state.
But I was unemployed. So I said, “Sure thing. See you Monday morning!”
The SQL Server Logo in its tribal tattoo phaseThen I ended the call, got in my car, and drove an hour to the nearest Borders bookstore. I purchased two promising books on Microsoft SQL Server, went to the bookstore’s in-house Starbucks, purchased a venti iced coffee, sat down with those two books and a…
For the last few months, I’ve been working semi-full-time on my first Rust project. After the first painful weeks of struggling against The Compiler, I feel I’m now spoiled by Rust development experience. In this blog post, I’ll describe improvements to my Ruby workflow that originate from what I’ve seen in the Rust ecosystem.
“Mom, can we have a Ruby compiler?”
Despite similar syntax, Rust and Ruby are vastly different. Compiled vs. interpreted, rigid type system vs. “If it quacks…“.
The initial learning curve is relatively steep, with the simplest implementations requiring type-related annotations. This “syntax overhead” might initially seem pointless for someone with a Ruby…
BigBinary is building a suite of products under neeto. Wecurrently have around 22 products under development and all of the products areusing Sidekiq. After thelaunch of Solid Queue, wedecided to migrate neetoForm from Sidekiq toSolid Queue.
Please note that Solid Queue currently doesn't support cron-style or recurringjobs. There is a PR openregarding this issue. We have only partially migrated to Solid Queue. Forrecurring jobs, we are still using Sidekiq. Once the PR is merged, we willmigrate completely to Solid Queue.
Migrating to Solid Queue from Sidekiq
Here is a step-by-step migration guide you can use to migrate your Railsapplication from Sidekiq to Solid Queue.
1. Installation
- Add
gem…
417: Module Docs
Stephanie shares about her vacation at Disney World, particularly emphasizing the technological advancements in the park's mobile app that made her visit remarkably frictionless. Joël had a conversation about a topic he loves: units of measure, and he got to go deep into the idea of dimensional analysis with someone this week.
Together, Joël and Stephanie talk about module documentation within software development. Joël shares his recent experience writing module docs for a Ruby project using the YARD documentation system. He highlights the time-consuming nature of crafting good documentation for each public method in a class, emphasizing that while it's a demanding task, it…
There are many ways to deploy a Ruby on Rails application to the internet. Between hosting on your own hardware, renting a virtual machine, using a cloud provider, and using a platform, the opportunities are endless. The low-hassle way to host a Rails application is to use a Platform as a Service (PaaS). In this article, we'll show you how to deploy a Rails Application to Render.com, and as a bonus, monitor it with Honeybadger! You can find the final project here on Github.
Going a step further than cloud hosting and using a platform to deploy your web apps provides incredible convenience at a cost. Under the hood, platforms such as Render and Heroku use Amazon Web Services or other cloud…
Imagine inviting random strangers from the internet to bring along their code and run it on your servers in a Rails app. Sounds like a security nightmare, doesn’t it? Where do you even start?
If you run into a person at Fly.io, they might be saying something about “Fast booting VMs”, but what does that mean outside of faster deployment times?
Turns out when an entire machine can be boot in 2 seconds or less, it becomes possible to boot a server via a Rails background job, analyze a strangers code from within the confines of a virtual machine, and shut it down when the job is complete.
Sounds complicated right? It is, but Fly.io built the Machines API to manage all that complexity so you…
Note: This is one part of my journey to tame a spaghetti model or god object. Start with Post 1: Unraveling a Spaghetti Model to see how I chose to tackle this problem.
Your spaghetti model has been a dumping ground of methods and associations for years. In our case, it’s the company model. We know we need to add functionality to the system, so we place the new capability on the company because it’s convenient. We may rationalize it with “Besides, the company should know whether it has active medical benefits.”
Overview
To deal with models with way too many methods, Rails 4 introduced ActiveSupport Concerns as a way of partitioning and reusing model code. Methods and associations that worked…
Last year, I started writing a series of articles called Ruby no Rails on building a web application in Ruby, without using the Rails framework.
Part of the reason was to understand how frameworks like Ruby on Rails work. Like what really happens when your application receives a request? How does it invokes an action on a controller? How does it create the view? What? How? When? Why? So many questions...
Another reason was to demystify some of the magic that's typically associated with Rails, and try to explain in simple words the fundamentals of web applications, like HTTP, controllers, views, middleware, routing, and much more.
In all, I wrote 8 posts, and they were received very well by the…
Streaming LLM Responses
High Performance Requires Process
Processes are a prerequisite for high-performance in software engineering teams due to their ability to amplify the skill of the team. I believe there exists no team, given that there is little to no process to begin with, whose performance could not be improved by adding appropriate process.
CVE-2023-51774 (json-jwt): json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Serializing Ruby datatypes in JSON
When working with Ruby programs, you must have come across the following comment at the top of the file:
# frozen_string_literal: true
print "Let's learn Ruby on Rails"
# frozen_string_literal: true
is a magic comment in Ruby, which tells the Ruby interpreter that all the string literals must be frozen and memory should be allocated only once for each string literal.
A magic comment is a special type of comment in Ruby that's defined at the top of the Ruby script. It affects how the Ruby code is executed. You can think of them as "directives" or "instructions" for the Ruby interpreter.
Magic comments must always be in the first comment section in the file. Their scope…
On Matstodon, Peter Solnica posted some Ruby pattern-matching code, asking what Rails devs think about it. While pattern matching is interesting, I think I still prefer if
statements based on return objects. But, I also think the “success/failure” dichotomy is unnecessary, confusing, and often a modeling error.
Peter’s code example is as follows:
def create
create_user = Commands:: CreateUser.new
case create_user.call(params[:user].to_unsafe_h)
in Success(User => user)
redirect_to users_url, notice: "User was successfully created."
in Failure(user: user, errors: errors)
render :new, locals: 1 user: user, errors: errors }
in Failure(type: :exception, reason: :database…
In follow up comments, there were ideas expressed that the method “succeeded or had various failures”, or that you can in theory compose such results and execute more logic only on success.
I find that treating both “the…
The XDG Base Directory Specification defines an organized folder and file structure for applications to store associated user configuration, cache, data, state, and runtime information on UNIX-like systems. This allows for consistency across different programs and desktops. Consistency is key because, without the specification, we end up with messy and disorganized dotfiles.
The goal of this article is to explain what XDG Base Directory Specification is, why the specification is important, and how you can make use of it.
History
Version 0.1.0 of the…
Revolutionizing Ruby Deployment with Falcon Web Server and Async Concurrency Framework - RUBY 627
Samuel Williams is a Ruby Core Committer and the creator of Async & Falcon. They delve deep into the technical intricacies of Falcon, a cutting-edge application container that leverages the Async gem for event-driven concurrency. Additionally, they discuss the challenges and triumphs of deploying Ruby applications with Falcon and share insights into the evolution of async programming in Ruby. From the nitty-gritty of platform internals to the fascinating integration of async job execution in Rails, this episode is a must-listen for developers seeking to unravel the complexities of modern software deployment and concurrency.
Sponsors
Links
Added fixture method and bugfixes
Hi, Wojtek from this side. Let’s explore this week’s few changes in the Rails codebase.
Rails security update releases
Rails Versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released last week which contain fixes for security issues.
Expose a generic “fixture” method in tests
To avoid conflicting methods, in example with Minitest, it is possible now to load fixtures like this:
assert_equal "Ruby on Rails", web_sites(:rubyonrails).name
assert_equal "Ruby on Rails", fixture(:web_sites, :rubyonrails).name
Introduce assert_initializer
Compliments the existing initializer generator action.
Set default_url_options values in development/test environments
Prior to this commit, new Rails…
Accelerating Operations Through Automated Data Loading and Population with Optical Character Recognition (OCR)
Traditionally, R&D Tax Credits has been operationally intensive. Gusto leads the way in simplifying access to these credits for small and medium-sized businesses (SMBs) through automated, self-service solutions. To ensure compliance with IRS standards, we request relevant documentation from our customers, including business owners and accountants, regarding their business operations.
Problem: The human cost
For our Operations team, extracting and populating crucial data from provided documents demands a substantial amount of time when serving our customers.
This includes information…
Sidekiq, under the hood
#692 — February 29, 2024
Ruby Weekly
The Art of Forking: Unlocking Scalability in Ruby — Karafka (a Ruby processing framework for Apache Kafka) requires concurrency and parallelism, which can present challenges in Ruby. The explanations here of how Karafka uses Ruby’s constructs is informative and shows that you don’t necessarily need to use another language to address issues of concurrency.
Maciej Mensfeld
How Does Sidekiq Work? — Sidekiq is the most heavily used background job system in the Ruby space, and this post digs into how it works, its architecture, and what’s going on under…
Ever wondered if offshore software consulting could be a magical shortcut to solve your software issues without burning a hole in your budget?
Offshore development centers are now sprawled across China, Malaysia, Pakistan, the Philippines, Mexico, Chile, and beyond. The promise: low-cost services from an army of programmers.
But is it truly a budget-friendly savior?
The price tag on software development goes far beyond the developers’ hourly rate. There’s the cost of time spent on communication, management, and approvals. There’s the quality of the software developed, the time it takes to develop and its impact on the business objectives. The maintenance costs required to support the…
CVE-2024-27285 (yard): YARD's default template vulnerable to Cross-site Scripting in generated frames.html
An experience-backed overview on adding a multiplayer/multi-tenant SaaS mode to an existing product with a focus on collaboration: conflict resolution, history management, and offline modes.
Until recently, realtime collaboration was just this shiny new thing: some of our consulting clients wanted it, but it was expensive to implement and the payoff wasn’t always crystal clear to them. In any case, the projects we had that saw us implementing collaborative features inspired us enough to go deep into building realtime tooling (see…
Recently, Ruby Central named a new executive director, Adarsh Pandit. Ruby Central has been a force in the Ruby community for years, organizing conferences and contributing to the community. The recent changes in governance have led t some exciting things on the horizon. Adarsh joined the show to talk about what's going to happen with Ruby Central in 2024.
Show Notes
Ruby Central Website - https://rubycentral.org/
Ruby Conf Musical Number Video - https://www.youtube.com/watch?v=8WhbX6dS6x0
RubyConf Recap Survey Results - https://rubycentral.org/p/c9897883-2135-4704-b53a-a4111ca272f3/
Ruby Central Get Involved Page - https://rubycentral.org/leadership/
Ruby Central contact page - c…
Recently, I got a Rails app running on AWS Elastic Beanstalk for the first time. I wanted to share the steps to do so here. Although there are other tutorials, AWS and Rails both change over time, so some of these steps here are updated compared to other tutorials. Since AWS is so complex, a lot of tutorials assume prior AWS knowledge as well; this one walks you through everything you need step by step.
In this tutorial, we’ll:
- Get an Elastic Beanstalk instance running the default sample Ruby application, including logging
- Create a fresh “hello world” Rails app
- Configure the Rails app to automatically deploy to Elastic Beanstalk using AWS CodePipeline
- Optionally, set up a custom…
I say “optionally” for the last two steps because if you aren’t ready to register a custom domain or set up SSL, you can stop before that point and the…
Speed Up Your Elixir Testing with Custom Tasks and Key Bindings in Visual Studio Code
Testing is an integral part of software development that ensures your code works as expected. However, running tests can sometimes be a slow and cumbersome process, especially when you're looking to quickly iterate on your code. I use a "secret" method that allows me to quickly run tests using custom tasks and key bindings in Visual Studio Code (VS Code). This approach is much faster and lighter than other solutions I've tried.
Custom Tasks in VS Code
The first step in speeding up your test runs is to set up custom tasks in VS Code. These tasks can be configured to run specific test commands, such as "test current line" or "debug current line.". All you need to do is to create .vscode/tasks.j…
Debugging The Zeitwerk Migration
Rails 6 introduces a new way of autoloading, integrating the gem Zeitwerk. Rails 7 drops support for classic autoloading, so it’s necessary to switch to Zeitwerk if you ever want to upgrade to Rails 7.
For those not familiar: autoloading in Rails provides access to all your classes and modules automatically, without having to use require
. Making the switch to Zeitwerk-based autoloading can be tricky, because it changes how your application looks up source code files. It’s easy to run into problems if you’re not aware of Zeitwerk’s conventions, and how it differs from the classic autoloader.
How are constants resolved in Ruby
module Admin
class ProductsController < ApplicationController
…
February 2024 Newsletter
Hello! Welcome to the February newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month. In January, Ruby Central's open-source work was supported by 29 different companies, including Fastly, Sentry, Ruby Shield sponsor Shopify, and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 178 members. Thanks to all of our members for making everything that we do possible. <3
Ruby Central News
Ruby Meet-ups
- Directory coming soon! We’re creating a directory of ALL active Ruby meetups to help us connect with one another, and so we can offer resources and support. Click to fill…
Streamlining translation resource loading in React apps with babel-plugin-preval
At Neeto, our product development involves reusing common components, utilities,and initializers across various projects. To maintain a cohesive andstandardized codebase, we've created specialized packages, or "nanos
" such asneeto-commons-frontend
, neeto-fields-nano
, and neeto-team-members-nano
.
neeto-commons-frontend
houses utility functions, components, hooks,configuration settings etc. neeto-fields-nano
manages dynamic fieldcomponents, while neeto-team-members-nano
handles team member managementfunctionalities.
These nanos
, along with others, reduce redundancy and promote consistencyacross our products.
Translation Challenges
Many of our packages export components with text that requires…
(Portuguese below)
The Rails Foundation and Doximity are teaming up with Rails Girls São Paulo and Tropical.rb to co-host the return of the Rails Girls São Paulo in 2024.
Name: Rails Girls São Paulo
Date: April 6, 2024
Location: Le Wagon São Paulo
Scheduled for the weekend following Tropical.rb, Rails Girls São Paulo aims to bring together 30 individuals in teams of 6, each guided by dedicated Portuguese-speaking mentors, for a weekend of learning, coding, and community building.
Rails Girls took place regularly in São Paulo from 2015 to 2019, introducing nearly 300 local students to Rails in that time. Inspired by the current momentum in the Rails community and the return of…
Hanami 2.1: Views that are a sight to see
After a year of work, Hanami 2.1 is here! This release introduces our view layer and front-end assets support, and brings Hanami a big step closer to our full stack vision.
It all starts with hanami dev
Working on your app’s front-end now starts with a single new command: hanami dev
.
Running hanami dev
starts the familiar Hanami web server alongside our new front-end assets watcher and compiler.
From there, you’re ready to open http://localhost:2300
and take in our gorgeous new welcome screen, in both light and dark mode.
Welcome (back!) to Hanami. We’ve been building something special for you!
You’ll love our view on views
…Flipping the script on Black history: Transforming challenges into career superpowers
I think about our journey as Black business leaders every February. Black History Month is a time to honor and celebrate the strength we’ve summoned to overcome the obstacles in our path.
This year, my focus is on the skills and strategies Black business leaders develop in response to challenges. Adversity becomes a platform for us to enhance our capabilities and become even stronger. Our trials force us to cultivate superpowers.
I want to emphasize that I am not diminishing the impact of racism on our history. It’s been a horrible stain on our country since the first Africans arrived on this continent. We were considered property until 1865. Legal segregation continued until 1964.…
416: Multi-Dimensional Numbers
Joël discusses the challenges he encountered while optimizing slow SQL queries in a non-Rails application. Stephanie shares her experience with canary deploys in a Rails upgrade. Together, Stephanie and Joël address a listener's question about replacing the wkhtml2pdf tool, which is no longer maintained.
The episode's main topic revolves around the concept of multidimensional numbers and their applications in software development. Joël introduces the idea of treating objects containing multiple numbers as single entities, using the example of 2D points in space to illustrate how custom classes can define mathematical operations like addition and subtraction for complex data types.…
This article will introduce data science by presenting an essential method: linear regression.
It’s a method used when two types of continuous numeric data correlate. Typical examples of data that correlate are the size of a flat and its price, the amount of time spent studying and test scores, the number of years at work and the salary, the sales of a product and the amount spent on advertising.
So, we have two types of values, one of which will help predict the other.
Standard terms used are dependent variables, the variables we’re trying to find,
and independent variables for the variables that help us predict it.
When thinking about mathematical functions, the x
is the independent…
What is Brakeman?
Brakeman is a security scanner for the Rails application. It statically analyzes the source code and looks for security issues at any stage of development.
Brakeman requires no configuration, once it is installed, we can just run it.
It scans the application code and produces a report of all the security issues it has found.
Brakeman helps in early security issues detection, Developers are better aware of any security vulnerabilities with the help of Brakeman.
It can identify a wide range of security vulnerabilities like SQL injection, Cross-site scripting(XSS), and Cross-site request forgery(CSRf).
It also checks for code that allows users to bypass security checks…
For years, code would fall into two categories: easy (good!) and hard (bad!).
Recently, I’ve realized that not every piece of hard code is created equal. Complex code often encompasses two kinds of complexity: domain complexity and applicative complexity.
And I often failed to identify which is which.
Domain complexity
Domain complexity is what we refer to when we talk about “rocket science”. Building actual spaceships, forecasting extreme meteorological events, studying the human genome, etc… You know, hard stuff.
But any domain where programming happens has inbuilt complexity.
I once worked for a real estate company. The regulations were abstruse enough that our codebase reflected…
Validate Email Addresses
Ensuring you have data that makes sense is why Rails provides validations through the Active Model library, which underpins Active Record.
Making sure you can email your users is one of the most important things to get right in your application, so you probably already have validation checks around your User#email
attribute.
Instead of…
…inventing your own regular expression, or using this one from the older Rails docs:
class User < ApplicationRecord
validates :email,
format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i },
presence: true,
uniqueness: { case_insensitive: true }
end
Use…
…one of these several better options:
Devise
A reasonable choice, if…
Introduction
The journey towards efficient parallelization in library development has often been based on using threads. As Karafka celebrates its eighth anniversary, it's become clear that while threads have served us well for many tasks, there's room to explore further. That's why I've decided to introduce forking capabilities into Karafka, aiming to offer another dimension of parallelization to its users. This move isn't about replacing threads but about providing options to cover a broader spectrum of use cases than before.
For those who wonder what Karafka is, Karafka is a Ruby and Rails multi-threaded efficient Kafka processing framework designed for building efficient and scalable…