Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
The Life of a Radar 

Are the switches on a Kinesis Gaming Freestyle Edge RGB Keyboard hot-swappable?

No.

The switches on this keyboard are not hot-swappable. They are soldered on to the board.

(This post brought to you by attempting to find this information online, failing at that, and then dissecting the keyboard to inspect it myself.)

Hi, we're Arkency 

First class json(b) handling in Rails Event Store

First class json(b) handling in Rails Event Store

Recently, in Rails Event Store v2.8.0 PreserveTypes transformation has been introduced. v2.9.0 release brought RailsEventStore::JSONClient. It’s a set of great improvements for RES users who plan to or already use PostgreSQL with jsonb data type for keeping events’ data and metadata.

Back to the primitive

According to RFC 4627 JSON can represent four primitive types:

  • strings
  • numbers
  • booleans
  • null

and two structured types:

  • objects
  • arrays

When data is serialised to JSON format with JSON.dump or ActiveSupport::JSON.encode, which happens implicitly when persisting event, the data need to be converted to primitives or structured types.

RichStone Input Output 

Heroku's eco plan is not as eco for your personal Rails projects

Heroku's eco plan is not as eco for your personal Rails projects

In a previous post, I shared that it's nice that you could have multiple projects on Heroku for 5$ with the eco plan.

I thought it would be a nice way to keep my projects there and support Heroku.

But it has some gotchas that are a bit lame.

You can't really have just a Rails project for 5$ bucks because you need a postgres database configured which is 5$ extra. So it's 5$ extra per project here, maybe it's charged per usage maybe flat, not sure yet.

Also with the eco plan, if you want to run it with your own domain you'll need to have your own SSL certificate which you can buy somewhere lake at namecheap.com for 10$ or so (upgrade to a higher plan of course, then I think Heroku is taking over…

Shopify Engineering - Shopify Engineering 

Performance Testing At Scale—for BFCM and Beyond

Let’s unpack our approach to BFCM Scale Testing to explore some of what it takes to ensure that our ecommerce platform can handle the busiest weekend of the year.

More

Ruby on Rails 

New AssumeSSL middleware, raise on missing translations everywhere, and more

Hi, it’s Wojtek. Let’s explore this week’s changes in the Rails codebase.

Rails 7.0.4.2 and 6.1.7.2 have been released
Released 7.0.4.2 and 6.1.7.2 versions addressing a compatibility issue with the 7.0.4.1 and 6.1.7.1 security releases from last week.

Allow use of SSL-terminating reserve proxy that doesn’t set headers
Add ActionDispatch::AssumeSSL middleware that can be turned on via config.assume_ssl. It makes the application believe that all requests are arriving over SSL. This is useful when proxying through a load balancer that terminates SSL, the forwarded request will appear as though it’s HTTP instead of HTTPS to the application. This makes redirects and cookie security target HTTP

Island94.org 

Framing open source contributions at work

Excerpts from the excellent RailsConf 2022 keynote: The Success of Ruby on Rails by Eileen Uchitelle [reformatted from the transcript]:

Upgrading is one of the easiest ways to find an area of Rails that can benefit from your contributions. Fixing an issue in a recent release has a high likelihood of being merged.

Running off Rails Main is another way to find contributions to Rails. If you don’t want to run your Main in production, you could run it in a separate CI build. Shopify, GitHub and Basecamp run it.

Running off Main may be harder than running off a release because features and bug fixes are a little in flux sometimes. If you are running off of Main, a feature added…

Awesome Ruby Newsletter 

💎 Issue 349 - DragonRuby Zine Issue 1 — a free zine celebrating Ruby game development

RichStone Input Output 

Shape Up Your Side Projects

Shape Up Your Side Projects

One way to have more fun as a software engineer is to learn your craft via resources like books, videos, and courses, but then also track the progress of it and finish useful byproducts on the way.

If you've done side projects before, you might know that they get dropped from time to time prematurely, without a chance for a glimmer of light.

Shape Up is a project management framework that 37signals uses to get projects done. So why not try it in a team of One?

A part of the framework, at least how 37signals use it, is working in 4 to 6-week sprints.

I found it appealing to try this out more consistently in my own side projects this year.

I've started doing this with an 8-week sprint, working on…

RichStone Input Output 

Reading List of a Random Software Developer Dude

Reading List of a Random Software Developer Dude

Reading is a constant dance. I rarely ever dance for real but I imagine it like this for avid dancers. Choosing your dance partners may be a tough process. They are all lined up there, waiting for you to dance with them. But with some dance partners, you may see that you both woke up on the left foot, so probably best to skip this one for now. With others, you skim them with a couple of quick moves and see that it doesn't make any sense at all. Others again, you observe each other for years and years and don't dare to ask for a dance. And then there are some dance partners who you enjoy dancing with so much and when it's over you are sad. Like happy sad, being thirsty to dance again ASAP.

No…

Shopify Engineering - Shopify Engineering 

From Farmer to Security Engineer: How Dev Degree Helped Me Find My Dream Job

This story looks at the opportunity Dev Degree gave me, the challenges I overcame, and the weaknesses that turned out to be strengths. If you’re thinking about a career in tech, but don’t think you have the stuff for it, this story is for you. 

More

Ruby Weekly 

Packing a Ruby 3.1 app into an executable

#​638 — January 26, 2023

Read on the Web

Ruby Weekly

My Adventure With Async Ruby — How a developer used the async gem to speed up a portion of his app. It’s a fantastic library, but we agree that it could do with getting more docs and write-ups, like this very post.

Matheus Richard

Rails on Docker — A line-by-line explanation of the “official” Rails Dockerfile that is coming in 7.1. While there are sure to be changes before it’s released, this is a handy way to grok the purpose of each line in the file and whether it’ll suit your setup.

Brad Gessler (Fly․io)

🔠 Add CSV Import to Your App with…

Ruby Rogues 

Things Software Developers Should Know to Succeed With Andy Hunt - RUBY 579

Andy Hunt is a programmer turned consultant, author, and publisher. He also co-authored the best-selling and seminal book, "The Pragmatic Programmer". He joins the show to discuss the important things that software developers should know in this generation. He talks about some of the things that have evolved since he started. 


Important Points

  • Reliable CI/CD Pipeline
  • Effective low-friction collaboration
  •  Free flow of information
  • Constant Learning / Skills improvement
  • a. Read more technical books
  • b. Read more fiction
  • Think about how we build software
  • a. Software that is replaceable and deposable


Sponsors


Links

Honeybadger Developer Blog 

What Next.js Has to Offer React Developers

Next.js is one of the hottest web frameworks of 2022. It supplements React applications with server-side rendering, static site generation, and more. Picking and choosing which parts of the site to generate on the server rather than on the client can speed up your site while maintaining usability.

Developers familiar with React will find getting started with Next to be not too big of a stretch, and migrating existing apps just as approachable.

Many companies are already using Next.js in production at scale, such as Netflix, Uber, Hulu, and more!

In this article, we'll explain what Next.js is and how it differs from React. You'll also learn what makes Next.js so great, see how to migrate…

Passenger - Phusion Blog 

Passenger 6.0.17

Passenger 6.0.17

Version 6.0.17 of the Passenger application server has been released. This release adds support for Ruby 3.2.0, and bumps the preferred Nginx to 1.22.1.

Passenger 6 introduced Generic Language Support, or: the ability to support any and all arbitrary apps.

Updates & improvements

  • [Enterprise] The debug gem is now supported for debugging on Ruby 3.1.
  • Removed use of deprecated 'File.exists?' method for Ruby 3.2.0.
  • Upgrades preferred Nginx to 1.22.1 from 1.20.2.
  • Changes minimum supported macOS version to 10.14 Mojave.
  • Adds support for a PASSENGER_MAX_LOG_LINE_LENGTH_BYTES environment variable. The default length remains at 8KB.
  • Upgrades Boost to 1.81.
  • Updated various library versions used in…

Installing 6.0.17

Please see the installation guide for advice on getting started with Passenger. Coming from a language other than Ruby,…

Ruby Conferences 'n' Camps in 2023 - What's Upcoming? 

RailsGirls Rotterdam @ Rotterdam, Netherlands Announced

Conferences 'n' Camps

What's News? What's Upcoming in 2023?

RailsGirls Rotterdam
Mar/18 (1d) Sat @ Rotterdam, Netherlands • (Updates)

See all Conferences 'n' Camps in 2023».

Remote Ruby 

RubyConf at Home Hanami Panel

Welcome to a special episode of Remote Ruby! Today’s episode is the RubyConf Home Edition panel where we’ll be talking about all things Hanami. Jason is joined by Brittany Martin, Engineering Manager at TextUs and co-host of The Ruby on Rails Podcast, and together and they’ll take on the role of the moderators. They are also joined by a respected group of panelists. First, we have Luca Guidi, who’s the Hanami author, on dry-rb core, and Backend Architect at Toptal. Then we have Tim Riley, who’s Principal Engineer at Buildkite and a core team at Hanami, dry-rb, and rom-rb, and finally, Peter Solnica, who’s a Senior Software Engineer at Valued.app and a core team member at Hanami,…

The Ruby on Rails Podcast 

Episode 454: Rubyconf @ Home: Hanami Core Team

Captured live from Rubyconf 2022 Home Edition on January 11th, 2023, this is a special episode recorded with the Hanami Core Team: Luca Guidi, Tim Riley and Peter Solnica. Co-moderated by Jason Charnes and Brittany Martin.

Moderated By:

Panelists:

A special thanks to the organizers of Rubyconf @ Home for making this happen!

Show Notes:

Sponsored By:

Honeybadger

Recent studies found that downtime can cost $427 per minute for small businesses, and up to $9,000 per minute for medium-sized businesses.…

Ruby Magic by AppSignal 

Calling Ruby Methods in C: Avoid Memory Leaks

Memory leaks are a pain for gem users. They are hard to track and can lead to expensive infrastructure costs.

Memory leaks within a C extension are even worse. You'll see a lot of tools and articles about finding leaks in Ruby. However, you don't have the same access to internals in C.

A naive usage of rb_funcall can cause memory leaks: it's much better to use rb_protect instead. So, if you are a C extension writer, please read on for the sake of developers who will use your gem.

Let's get started!

The Issue with rb_funcall and C

rb_funcall can be a great tool when you need to interact between Ruby and the C parts of your library but only need to write a little C.

However, when you run rb_f…

Ruby on Rails 

Rails 7.0.4.2 and 6.1.7.2 have been released!

Hello again! We’ve just released Rails 7.0.4.2 and 6.1.7.2 addressing a compatibility issue with the 7.0.4.1 and 6.1.7.1 security releases from last week. This release adds a single extra commit to fix an issue users were seeing when using domain: :all for cookies on a one-level two-letter TLD.

The 6.0.6.1 release did not include the problematic code as that series is no longer receiving security patches for non-critical issues. Users on this release are encouraged to upgrade to a newer version.

This doesn’t contain any additional security fixes, so users who have already upgraded to either 7.0.4.1 or 6.1.7.1 can upgrade at their convenience.

Below are the shas for the released versions:

The Rails Tech Debt Blog 

Optimizing Images - Part 3

When we allow users to upload images, they usually upload files without any optimization for the web. It’s up to us to add some measure to prevent those images from slowing down our app. Luckily, the different gems commonly used to handle user uploads also give us solutions for this problem.

This is the third installment on a series of blog posts about optimizing images, check the previous ones here (raster images) and here (vector graphics).

ActiveStorage

A common mistake when displaying ActiveStorage image attachments is to display the attachment as uploaded by the user like this:

image_tag user.avatar

This will use the image exactly as uploaded by the user, even if the image…

OmbuLabs Blog 

Design Sprint Day 3: Decide

Day 3 is all about picking a direction and going forward with it. Over the course of the third day of the Design Sprint, we will assess which parts of our designs are most successful and create a storyboard to show the steps that our target customer might take towards achieving the goal.

Remember your sketches from Day 2? It’s time for the team to see them. The purpose of this activity is for the entire team to see each other’s work and get to pick out all the best pieces for our next activity.

1. Heat Map Activity

Example of a Heat Map created using dot voting.

In this activity, the team silently reviews all the solutions that they worked on yesterday. Each team member posts their solution onto the digital whiteboard so that we…

Evil Martians, an extraterrestrial product development consultancy 

How to build a better React map with Pigeon Maps and Mapbox

Authors: Rita Klubochkina, Sr. Frontend Engineer, Alena Kirdina, Sr. Product Designer, and Travis Turner, Tech EditorTopics: Frontend, Design, Case Study, JavaScript, React, Gatsby, Jamstack, Node.js

We needed a lightweight, essentially free solution for a customer map that would display our events in our React app. So we turned to Pigeon Maps and Mapbox, and here is how we made it.

Evil Martians recently launched an Events page on our brand new website. Like the site itself, the Events page is overflowing with bold and extraordinary design solutions. The heart of the new page is the events map—a cool visual reminder about our team's worldwide presence.

Stanko's blog 

Vanilla Rails view components with partials

Vanilla Rails View Components with partials Many projects I work on have some kind of view component that is repeated multiple times in the same view, or is present in multiple different views. These view components can be anything that has a specific styling, JavaScript specific attributes (lik...
The RubyMine Blog : Intelligent Ruby and Rails IDE | The JetBrains Blog 

The RubyMine 2023.1 Early Access Program Is Open!

The RubyMine 2023.1 early access program has started! You can get the new build from our website or via the free Toolbox App.

In this post, we’ll highlight some of the most important updates included in the first EAP version. 

We’d also like to remind you that RubyMine 2022.3 introduced the option to switch to the new UI using the Enable new UI setting in Preferences | Settings | Appearance & Behavior | New UI. We invite you to switch to the new UI and let us know what you think. We’ll continue to update it based on your feedback throughout the entire RubyMine 2023.1 release cycle.

New gutter icons for navigating from create_table calls to models

In the last release, we added…

Test Double 

Hot swap your database schema

Live with the pain or change it?

Chances are you’ve worked on an application with a less-than-ideal database schema. Maybe the users table had over 50 columns and became costly to query, or there was an absence of foreign keys. Whatever your case may be, you have the decision to either live with it or change it.

Modifying the database schema can be daunting if you’ve never done it before. There are a lot of unknowns, and you might worry: how can the database change without breaking the application? But living with it causes another sort of pain. Sure, changing the database schema is risky, but with the right know-how it becomes quite trivial.

tl;dr

Hanami Mastery newest episodes! 

#39 HTML from markdown made simple!

Have you ever considered how to efficiently render HTML out of your markdown input in ruby? Here we cover this problem with additional custom cosmetic improvements.
Saeloun Blog 

Secure CSRF Token Storage in Rails 7 using Encrypted Cookies

What is a CSRF token?

A CSRF token is a unique value that is generated by the server and stored on the client’s session. This token is included in every subsequent request made by the client, either in an HTTP header or as a hidden field on a form submission. The Rails server then compares this token against the one stored in its session store. If the token on the request does not match the one on the server, the request is considered illegitimate and is not processed.

Why do we need to store the CSRF token outside of the session?

The default CSRF protection in Rails stores the token in the user’s session, which is secure but may cause issues when using a cache such as Redis.…

Saeloun Blog 

Secure CSRF Token Storage in Rails 7 using Encrypted Cookies

What is a CSRF token?

A CSRF token is a unique value that is generated by the server and stored on the client’s session. This token is included in every subsequent request made by the client, either in an HTTP header or as a hidden field on a form submission. The Rails server then compares this token against the one stored in its session store. If the token on the request does not match the one on the server, the request is considered illegitimate and is not processed.

Why do we need to store the CSRF token outside of the session?

The default CSRF protection in Rails stores the token in the user’s session, which is secure but may cause issues when using a cache such as Redis.…

The Bike Shed 

368: Sustainable Web Development

Stephanie talks about hosting a "Soup Group"! Joël got nerd-sniped during the last episode and dove deeper into Maggie Appleton's "Tools for Thought."

Stephanie has been thinking a lot about Sustainable Web Development. What is sustainability? How does it relate to tech and what we do?


This episode is brought to you by Airbrake. Visit Frictionless error monitoring and performance insight for your app stack.


Transcript:

AD:
thoughtbot is thrilled to announce our own incubator launching this year. If you are a non-technical founding team…

DEV Community 👩‍💻👨‍💻: Brandon Weaver 

Pattern Matching Interfaces in Ruby

Defining a standard for implementing pattern matching interfaces in Ruby, originally from the 2021 document "Pattern Matching Interfaces in Ruby"

Author: Brandon Weaver (@baweaver)

Last Updated: January 20, 2021

Status: RFC

Contributors:

Overview

What does this document intend to achieve?

Pattern Matching is a powerful new syntax in Ruby that allows us more flexibility in retrieving data from nested structures and more power in making assertions about the structure of that data.

This document intends to define a set of best practices for defining pattern matching interfaces in Ruby code.

As it is very easy to add…

The Life of a Radar 

Ruby GraphQL field notes

Here’s a series of my notes of working within a GraphQL application as I can think of them. This comes out of my work on Twist’s GraphQL API, and other GraphQL APIs that are deployed in production.

Overall sentiment is that GraphQL is an improvement over the classic REST approach because:

  1. It gives you clear types of fields
  2. You can choose which fields you wish to select
  3. You can choose to select from a single resource, or from multiple, disparate resources at the same time.

I like its interoperability between Ruby and JavaScript, with good tooling existing on both sides of that divide in the GraphQL Rubygem and the Apollo Client on the JavaScript side of things. Honorable…

Ruby Central 

December 2022 Monthly Update

Hello! Welcome to the monthly update. During December, our work was supported by Zendesk and many others.

Ruby Central News

In December, Ruby Central's open source work was supported by 35 different companies, including Ruby member Zendesk.

On top of those companies, 1 new developer, Christopher Bloom, signed up as a member. In total, we were supported by 123 developer members. Thanks to all of our members for making everything that we do possible. <3

RubyGems News

This month in RubyGems, we released final versions of RubyGems 3.4.0 and 3.4.1 and Bundler 2.4.0 and 2.4.1 featuring:

  • a new "call to update" message when RubyGems is outdated - #5922.
  • an enhanced Bundler resolver based on PubGrub, with…
Fullstack Ruby 

Episode 8: Hotwiring Multi-Platform Rails Apps with Ayush Newatia

Ayush is on the core team of Bridgetown, a specialist in Ruby on Rails and Hotwire app development, and a personal friend. I’m very excited to have him on the show today to talk about all things fullstack web dev, his new book The Rails & Hotwire Codex, and why “vanilla” is awesome!

Links:


Become a part of the Fullstack Ruby community and learn how to put your Ruby skills to work on the backend AND the frontend. Know somebody who’s a JavaScript developer but is interested in learning more about Ruby?…

RubySec 

CVE-2022-4891 (sisimai): Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component.
RubySec 

GHSA-q95h-cqrv-8jv5 (exiftool_vendored): ExifTool vulnerable to arbitrary code execution

### Impact Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads ### Patches ExifTool has already been patched in version 12.24. `exiftool_vendored.rb`, which vendors ExifTool, includes this patch in [v12.25.0](https://github.com/exiftool-rb/exiftool_vendored.rb/releases/tag/v12.25.0). ### Workarounds No
Hi, we're Arkency 

Replaying events in RailsEventStore

Replaying events in RailsEventStore

Event Sourcing comes with a very handy utility that lets you replay events that happened in the system. Imagine that you’re introducing a new report, or you fixed an existing event handler and you need to run some events against it to produce a valuable outcome that your business friends expect.

If you are not familiar with event-sourcing, it’s a way to store the state of a system as a series of events, not just the current state. Check out our event sourcing tag.

How do I replay events with RailsEventStore?

Let’s assume that we want to send a Xmas card to our customers that made at least 5 orders and haven’t returned any of them during last 3 months.…

Giant Robots Smashing Into Other Giant Robots 

My Adventure With Async Ruby

I was working on an app that generated a Markdown article. The article content had some dynamic parts that were fetched via HTTP requests. While not a huge problem, this made the article generation slow.

Ruby 3.0 introduced the fiber scheduler interface, which is used by the async gem to run tasks concurrently. It’s particularly useful for I/O-bound workloads, so I decided to give it a try. This post is a summary of my journey in figuring out how to use it.

If you don’t care about any of this, skip to the final thoughts section.

The problem

The article generation code looked like this (I’m using sleep to simulate the HTTP requests time):

class Article
  def to_s
    <<~MARKDO…
Andy Croll 

Only use locals in view partials

The Rails view layer, the main way our users and customers access our work, is incredibly flexible, but it can easily become tricky to manage.

It is easy to introduce bugs and scoping issues when using the views and partials in a more complex Rails application.

Instead of…

…accessing instance variables inside partials:

# calling the partial
<%= render "user_email" %>

# inside the _user_email.html.erb partial
<%= @user.email %>

Use…

…local variables to pass in context:

# calling the partial
<%= render partial: "user_email", locals: { user: @user } %>

# inside the _user_email.html.erb partial
<%= user.email %>

Why?

This is primarily a good practice for better maintenance and…

Short Ruby Newsletter 

👋 Short Ruby News - Edition #26

Excited about the future

👉 I activated subscriptions for the newsletter. I want to keep the newsletter free for everybody; thus, I don’t have a unique offering for people who decide to pay a subscription.

Do you like this newsletter and can afford to become a paid subscriber for 5$/month?

  • In that case, you get nothing different except the pleasure of knowing that you’re supporting the Short Ruby News to keep publishing the free edition weekly and pay for some of the tools I use to create this newsletter. And, of course, my gratitude for your big gesture!

  • I can help you write an email for your manager/leader to expense your subscription from your learning budget, so please reach out to me at h…

If you are already a free subscriber and want to update, you can click on Upgrade your subscription. If you are not a subscriber, you can subscribe as free or paid or just read the newsletter on the web.


You can jump directly to one of the following…

Honeybadger Developer Blog 

How to Upgrade to Laravel 9

Keeping your apps updated and constantly upgrading to the most recent version of the stacks they utilize has many benefits: preventing vulnerabilities, enhancing usability, and accessing bug fixes and new features. Therefore, even if your app still functions properly with old code, whenever you can, it’s usually best to perform an upgrade.

In this article, I’ll share tips on how to upgrade earlier Laravel versions to more recent releases in your existing apps.

What's New in Laravel 9

For a long time, Laravel has been a popular, if not the most popular, open-source PHP framework. It is flexible, scalable, and adaptive, and it has become the top-shelf choice for engineers and businesses…

Island94.org 

How GoodJob's Cron does distributed locks

GoodJob is a multithreaded, Postgres-based, ActiveJob backend for Ruby on Rails. GoodJob has many features that take it beyond ActiveJob. One such feature is cron-like functionality that allows scheduling repeated jobs on a fixed schedule.

This post is a brief technical story of how GoodJob prevents duplicated cron jobs from running in a multi-process, distributed environment.

This is all true as of GoodJob’s current version, 3.7.4.

Briefly, how GoodJob’s cron works

GoodJob heavily leans on Concurrent::Ruby high-level primitives, and the cron implementation is no different. GoodJob::CronManager accepts a fixed hash of schedule configuration and feeds them into Concurrent::ScheduledTasks…

Blog by Abhay Nikam 

Rails 7.1 adds regroup to ActiveRecord

Rails 7.1 adds regroup to ActiveRecord::Relation. regroup overrides the existing group condition with a new one. regroup is a short-hand for unscope(:old_group_fields).group(:new_group_fields)

Here is how it can be used.

Project.group(:title, :owner)
# SELECT "projects".* FROM "projects" GROUP BY "projects"."title", "projects"."owner"

Project.group(:title, :owner).regroup(:priority)
# SELECT "projects".* FROM "projects" GROUP BY "projects"."priority"

Here is the relevant pull request adding this change.

Emmanuel Hayford 

An Overview Of Ruby on Rails 7.1 Features. Part III.

Here are links to the other parts of the series:

This post brings us to the last in the “An Overview Of Ruby on Rails 7.1 Features” series. Rails has improved a lot over the years, no question about that, but this minor version, in my books, is the most exciting. Rails now comes inbuilt with Dockerfiles. Who’d have thought?

RubyGems Blog 

3.4.5 Released

RubyGems 3.4.5 includes enhancements.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Installs bundler 2.4.5 as a default gem.

SHA256 Checksums:

  • rubygems-3.4.5.tgz
    e280c6227abaf8d807106a58badaa7d0f2874bf4ca969f58eafdb81a6fd6d592
  • rubygems-3.4.5.zip
    177fbc738a442840f9843e6549fb346ed19cc71f007b36d640391e3ede2afc3f
  • rubygems-update-3.4.5.gem
    06295f0333b21d15b46cded2d35a62b3eae8caa25cdb3121a49bb9b4ca927064
code.dblock.org | tech blog 

Migrating from Dokku to DigitalOcean Apps

In 2016 I moved half a dozen apps from Heroku to a DigitalOcean droplet to save money. I found dokku, a docker-powered PaaS. It was already quite mature, and worked flawlessly. In 2023 I am moving back from the single droplet to apps, but staying on DigitalOcean. It was a good 7-year-long run for my droplet!

What am I moving?

I’ve got 4 profitable, and 5 money-losing or free Slack apps, all open-source.

Why move?

Over the years I got…

Stanko's blog 

COVID hangover

With a lot of tech companies laying people off in the last month I got to see how insane the firing practices in the US are and how greed rules supreme in the tech industry. But this is only a harbinger of what’s to come. Through friends and from what I’ve seen first hand, the standard procedu...
Shopify Engineering - Shopify Engineering 

Making Your React Native Gestures Feel Natural

Ruby on Rails 

Active Record regroup, CurrentAttributes name restrictions and more!

Hola, this is Greg, bringing you the latest changes from Rails.

Raise exception when if a restricted attribute name is used with CurrentAttributes
Attribute names like set and reset should not be used with ActiveSupport::CurrentAttributes, because they clash with its public API. With this change, an ArgumentError is raised when a restricted attribute name is used.

Add regroup method to Active Record This pull request adds regroup and regroup! methods to Active Record. Here is an example on how to use it:

Post.group(:title).regroup(:author)

Change assert_emails to return the emails that were sent
Before this pull request, assert_emails just returned true or raised if the assertion…

Jekyll • Simple, blog-aware, static sites 

Jekyll 4.3.2 Released

Hello Jekyllers!

This is a small release containing fixes for some issues that came to our attention after the release of v4.3.1:

  • Our link tag had a significant performance regression with the release of v4.3.0 solely due to a change related to Jekyll::Site#each_site_file. The new patch restores previous performance while maintaining the enhancements introduced in v4.3.0.
  • The tables printed out on running a build with the --profile did not stop including the misleading TOTALS row as advertised in the release-notes for v4.3.0. The row has been removed completely now.
  • jekyll-sass-converter-3.0.0 that shipped in the interim was not happy with our blank-site scaffolding (from running je…

That’s about it for this release. Depending on whether you use the features patched in this release, you may either wait for v4.4.0 (releasing in the near future) to update your Gemfile or, download the latest release right away! :)

Happy Jekyllin’!!

RubyGems Blog 

December 2022 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in December.

RubyGems News

This month in RubyGems, we released final versions of RubyGems 3.4.0 and 3.4.1 and Bundler 2.4.0 and 2.4.1 featuring:

  • a new “call to update” mechanism for RubyGems cleaning - #5922.
  • an enhanced Bundler resolver based on PubGrub - #6146.
  • generating of gems with rust extensions via bundle gem - #6149.
  • lighter Bundler git sources using shallow clones under the hood - #6241.

In addition to that, we made the following improvements and…

Saeloun Blog 

Simplifying DOM Element Generation in Rails with the Enhanced dom_id Method

Rails offers a variety of methods for generating unique DOM IDs and classes for elements on a page. One such method is the dom_id method, which can generate a unique ID for a specific object or model. However, by default, the dom_id method only generates an ID and does not include any classes.

Recently, however, Rails has added a new feature that allows the dom_id method to also accept a class. This allows developers to generate both an ID and a class for an element without the need to use different methods for generating IDs and classes.

Before

Before this feature was added, developers would have to use the dom_id method to generate an ID, and then use a separate method…

Remote Ruby 

Finding Ruby, Scaling a Business on Rails, and Public Speaking with Nadia Odunayo

Welcome to Remote Ruby and thanks for joining us! It’s a full house this week as Jason, Chris, and Andrew are back together! They also have a great guest joining them, Nadia Odunayo, who’s the Founder, CEO, and Software Developer of The StoryGraph, a book tracking, and recommendations app. Nadia spoke at the Rails SaaS Conference and her talk was titled, “Getting to one million users as a one-woman dev team.” After listening to this episode, you’ll understand why she’s such an engaging speaker.  Today, Nadia shares her journey of how she got into programming and building software apps, to being the Founder of The StoryGraph.  She shares some interesting things about scaling and…

The Life of a Radar 

The method method

The method method in Ruby is one of my favourite methods in Ruby. It gives you an object that represents an underlying method. It’s helpful for demonstrating that integer addition in Ruby is a method call:

1.method(:+)
=> #<Method: Integer#+(_)>

Where is this method defined?

With this method method, you can find out where a method is defined, if it is defined in Ruby code anywhere:

SomeModel.method(:find).source_location
=> ["...activerecord-x.x.x/lib/active_record/core.rb", 337]

Then I can look at this source code within the Active Record gem to find out how find works.

Call me, maybe?

Methods can also be passed in place of traditional block arguments:

class Maths
  def…
RubySec 

CVE-2015-10053 (curupira): curupira is vulnerable to SQL injection

A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.
RubySec 

CVE-2022-44566 (activerecord): Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact In ActiveRecord <7.0.4.1 and <6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. # Workarounds Ensure that user supplied input which is provided to ActiveRecord clauses do not contain…
RubySec 

CVE-2022-44570 (rack): Denial of service via header parsing in Rack

There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: >= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1 # Impact Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. # Workarounds There are no feasible workarounds for this issue.
RubySec 

CVE-2022-44571 (rack): Denial of Service Vulnerability in Rack Content-Disposition parsing

There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571. Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 # Impact Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. # Workarounds There are no feasible workarounds for this issue.
RubySec 

CVE-2022-44572 (rack): Denial of service via multipart parsing in Rack

There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572. Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 # Impact Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. # Workarounds There are no feasible workarounds for this issue.
RubySec 

CVE-2023-22792 (actionpack): ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds We recommend that all…
RubySec 

CVE-2023-22794 (activerecord): SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: 6.0.6.1, 6.1.7.1, 7.0.4.1 # Impact Previously the implementation of escaping for comments was insufficient for If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database with insufficient sanitization and be able to inject SQL outside of the comment. In most cases these interfaces won’t be used with user input and…
RubySec 

CVE-2023-22795 (actionpack): ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. #…
RubySec 

CVE-2023-22796 (activesupport): ReDoS based DoS vulnerability in Active Support’s underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 # Impact A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. This affects String#underscore, ActiveSupport::Inflector.underscore, String#titleize, and any other methods using these. All users running an affected release should either upgrade…
RubySec 

CVE-2023-22797 (actionpack): Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1 # Impact There is a possible open redirect when using the redirect_to helper with untrusted user input. Vulnerable code will look like this: ``` redirect_to(params[:some_param]) ``` Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL. All users running an affected…
RubySec 

CVE-2023-22799 (globalid): ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: >= 0.2.1 Not affected: < 0.2.1 Fixed Versions: 1.0.1 # Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID gem. Carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds There are no feasible workarounds for this issue.
Awesome Ruby Newsletter 

💎 Issue 348 - Ruby 3.2’s YJIT is Production-Ready (2023)

The Ruby Dispatch 

Rails on Docker

Rails 7.1 is getting an official Dockerfile, which should make it easier to deploy Rails applications to production environments that support Docker. Think of it as a pre-configured Linux box that will work for most Rails applications.

That means you'll start seeing a Dockerfile in the project directory of a lot more Rails apps. If you're not familiar with Docker, you might open the file and see a few things that look familiar like some bash commands, but some other things might be new and foreign to you.

Let's dive into what's in a Dockerfile so its less of a mystery, but first let's have a look at how Fly.io uses Docker so you better understand how Docker fits into a Rails stack.

How Does…

Planet Argon Blog 

How & Why Planet Argon Uses Hubspot

How & Why Planet Argon Uses Hubspot

This article gives some insight into how we use Hubspot's tools to connect with prospective clients and help solve their problems before we're ever in a working relationship.

Continue Reading

Ruby Weekly 

Ruby for game development is no joke

#​637 — January 19, 2023

Read on the Web

Ruby Weekly

Ruby 3.2’s YJIT is Production Ready — YJIT has been in production at Shopify since mid-December and, as part of Ruby 3.2, is now robust and production ready. Shopify has seen a ~10% speed bump across the board and many individual benchmarks are even better. This article provides a good update on the state of play as well as the team’s future plans.

Maxime Chevalier-Boisvert (Shopify)

The Gemfile of Dreams: The Libraries Evil Martians Use to Build Rails Apps — If martians (or, at least, the developers at Evil Martians) landed and demanded the perfect set…

Test Double 

Super Standard

We’ve been delighted by the enthusiasm and adoption of Standard Ruby since its release in 2018, and it’s only picked up steam since hitting 1.0 in 2021. In fact, as Standard crosses 8 million downloads this week (but who’s counting?), we have something new and exciting to share!

What Standard aims to solve

But first, it might be good to back up and remind ourselves of Standard’s purpose. Yes, what it does is to automatically format code and safeguard it against common problems. But why it exists is to reduce the frequency of low-value discussions and disagreements that occur when it falls on each and every team to reach consensus on how to format code consistently. Put differently,…

Test Double 

Super Standard

We’ve been delighted by the enthusiasm and adoption of Standard Ruby since its release in 2018, and it’s only picked up steam since hitting 1.0 in 2021. In fact, as Standard crosses 8 million downloads this week (but who’s counting?), we have something new and exciting to share!

What Standard aims to solve

But first, it might be good to back up and remind ourselves of Standard’s purpose. Yes, what it does is to automatically format code and safeguard it against common problems. But why it exists is to reduce the frequency of low-value discussions and disagreements that occur when it falls on each and every team to reach consensus on how to format code consistently. Put differently,…

Ruby Rogues 

Boosting Your App's Performance - RUBY 578

Gavin Morrice is a Senior Ruby Engineer at Cookpad. It is a food tech company and the largest online recipe platform. He joins the Rogues to tackle his article, "How we improved our Rails app’s performance with Conditional Get Requests". He explains the idea of their article, what led them to develop their technique, and the way that this technique improves the user's experience.


Sponsors


Links

Picks

Honeybadger Developer Blog 

Deploying a Django application on Ubuntu

Using a PaaS like Heroku or Netlify is cool, but using tools like these comes at the cost of flexibility. You can’t choose the firewall you want, and all your data will be stored in the PaaS provider’s database. Additionally, the PaaS provider may not provide support for a particular tool.

There is a way to have flexibility, security, and increased compatibility and integration with other tools: deploy your application to a server.

In this tutorial, I will show you how to get a Linux server from Linode, set it up with the security configuration, and then deploy the Django application. You will be building a lead management application for this tutorial, but if you already have an…

Graceful.Dev 

Site News #16: New dashboard, and more

Hi graceful devs! Long time no news post, once again. And oh boy is there some news…

Content Updates

I’ve been mostly focused on site improvements, so we only have one new video since the last news update:

  • RUBYOPT and the Sneaky Shim – an exploration of how to sneak temporary code patches into Ruby programs even when there’s no obvious point of insertion. This is the first episode to really show off some of the upgrades I’ve been making to my video production capabilities.

I’ve been digging into some Fediverse coding lately. Along the way I’ve been exploring Roda, Rodauth, and various applications of the Oauth2 spec. I’ve made notes for half a dozen topics along the way, so…

Tender Lovemaking 

Vim, tmux, and Fish

I do most of my text editing with MacVim, but when I pair with people I like to use tmate. tmate is just an easy way to connect tmux sessions with a remote person. But this means that I go from coding in a GUI to coding in a terminal. Normally this wouldn’t be a problem, but I had made a Fish alias that would open the MacVim GUI every time I typed vim in the terminal. Of course when I’m pairing via tmate, the other people cannot see the GUI, so I would have to remember a different command to open Vim.

Today I did about 10min of research to fix this problem and came up with the following Fish command:

$ cat .config/fish/functions/vim.fish 
function vim --wraps='vim' --description 'open…
Julia Evans 

Examples of problems with integers

Hello! A few days back we talked about problems with floating point numbers.

This got me thinking – but what about integers? Of course integers have all kinds of problems too – anytime you represent a number in a small fixed amount of space (like 8/16/32/64 bits), you’re going to run into problems.

So I asked on Mastodon again for examples of integer problems and got all kinds of great responses again. Here’s a table of contents.

example 1: the small database primary key
example 2: integer overflow/underflow
aside: how do computers represent negative integers?
example 3: decoding a binary format in Java
example 4: misinterpreting an IP address or string as an integer
example 5:…

Like last time, I’ve written some…

Felipe Vogel 

Learning Git

When you’re making a pull request, do you ever realize your Git branch has become a massive pile of disordered and unrelated changes, but then you don’t do anything about it because you’re afraid of making an even worse mess by fooling around with Git commands that you don’t understand or even know how to undo?

Me? No, of course not…

Nervous laughter

Anyway, I’ve decided to improve my Git skills, and I thought I’d share my favorite learning resources that I found.

My favorite Git learning resources

These are excerpted from the new “Git” section of my “Learn Ruby” list. (Yeah I know, Git is not…

Graceful.Dev 

New Video: RUBYOPT and the Sneaky Shim

Sometimes we need to temporarily patch third-party code—to add compatibility shims, or to add some diagnostics. And sometimes, that’s not easy to do… and we have to get a little bit sneaky!

The full episode is available now in The Tapastry and Inspecting Ruby courses.

Greg Molnar 

Server-Side Request Forgery in Rails

What is Server-Side Request Forgery (SSRF), and why is it a concern for web security?

Ruby Magic by AppSignal 

How to Parse Arguments in Your Ruby C Extension

Ruby is a wonderful language, made for humans first and machines second. It is easy to read and write. There are plenty of ways to write anything, and you can often guess its standard library by typing the name of the method you would have chosen yourself.

Because of this, Ruby's arguments are very flexible, which lets us express our APIs very clearly. But this comes with a drawback: Ruby is quite hard to parse for C extension developers!

In this article, we'll go through two ways to set up a complex Ruby API that is written in C:

  • with rb_define_method and parsing it with rb_scan_args
  • using a Ruby interface

Let's get started!

C and Ruby: An Introduction

As mentioned, Ruby is hard to parse…

AkitaOnRails.com 

[Akitando] #136 - Python? Java? Rust? Qual a Diferença? | Discutindo Linguagens

Finalmente vou falar sobre linguagens que você goste ou use, mas vou fazer isso do meu jeito: escovando bits e explicando como muita coisa funciona por baixo de Python, Javascript e outras linguagens que talvez você não sabia antes de concluir na segunda metade onde discuto onde cada linguagem pode ser melhor aproveitada e porque.

Capítulos

  • 00:00 - Intro
  • 01:36 - Cap 1 - Perl e Regex | Anos 90
  • 06:18 - Cap 2 - Estilo C e ICU | strftime
  • 10:25 - Cap 3 - Tudo de Python é em C! | Linguagem "Grude"
  • 17:54 - Cap 4 - Tudo de Node.js é em C! | LibUV
  • 22:31 - Cap 5 - Compilado vs Interpretado | ABI de C
  • 28:21 - Cap 6 - Interoperabilidade: Marshalling/Unmarshalling | FFI
  • 36:21 - Cap 7 - Onde cada…

Links

  • https://github.com/python/cpython/search?p=2&q=ifdef+MS_WINDOWS
  • https://github.com/python/cpython/blob/a87c46eab3c306b1c5b8a072b7b30ac2c50651c0…
The Ruby on Rails Podcast 

Episode 453: Ruby for All Crossover: Integrations

Brittany guested on Ruby for All this week! She joins Julie J to talk about why integrations are important to developers and why integration knowledge can give Juniors a leg up in hiring. They also discuss the differences between APIs and webhooks and review a real world example.

Show Notes & Links:

Sponsored By:

Honeybadger

Status Pages now come with incident management! Build confidence with a public status page that shows your live service status, incident history, and more—and bring your own domain! Transparency inspires trust—when your next outage happens, communication is key. Go to Honeybadger.io to learn more.

Miro

Brainstorm, solve problems, and…

Ruby on Rails 

Rails Versions 7.0.4.1, 6.1.7.1, and 6.0.6.1 have been released!

Hello! Hot off the press Rails Versions 7.0.4.1, 6.1.7.1, and 6.0.6.1 have been released to address some security vulnerabilities.

You can read about them in our posts to the security announcement forum:

In accordance…

Gusto Engineering - Medium 

Gusto Eng Spotlight Series: Upeka Bee

Upeka posing in front of a mural

This blog series is dedicated to celebrating our Black, Latinx, and Women Engineers who are making an impact in the lives of our Gusties and Gustomers (Gusto customers) every day.

Today, we’re spotlighting Upeka Bee, who has been with Gusto for 5 and a half years. She is currently the Head of Engineering for the PIE group (People Information Ecosystem). She joined Gusto as a Staff+ in the Payroll group, after which she moved into engineering leadership and has led many different teams and groups during her long tenure.

Our interviewers are Abby Walder and Kim Nguyen. Abby works on Gusto’s Invite Team to hire software engineering talent, while Kim builds…

Evil Martians, an extraterrestrial product development consultancy 

Gemfile of dreams: the libraries we use to build Rails apps

Authors: Vladimir Dementyev, Principal Backend Engineer, and Travis Turner, Tech EditorTopics: Backend, Full Cycle Software Development, Performance Audit and Optimization, Site Reliability Engineering, Ruby on Rails, Ruby, PostgreSQL, GraphQL, Prometheus

We unveil the toolbox of the Martian Rails engineer; we begin constructing a Gemfile from the universe of Martian gems that encapsulate our philosophy and soul.

From time immemorial, the Evil Martians team has worked on dozens of Ruby on Rails projects every year. Naturally, this process involves a lot of Ruby gems. Some reflect our desire to be cutting-edge and to use modern tools (or build our own!) Other gems are so flexible they've been…

OmbuLabs Blog 

Unit Testing our Design Patterns exercise

So, our little exercise in design patterns is getting quite messy. Which is ironic, considering it's an exercise in design patterns.

The reason is that I'm mostly trying to be very focused on the Design Patterns book and just fleshing out the example implementations they provide.

Therefore, in order to organize things, I believe this is the right time to add unit tests. As a plus, I also get to test my little gem in an automated fashion.

Here I'll only go through the RandomMazeBuilder class since it would be quite lengthy to go through every single file. To see all the other specs, just checkout the repo.

Testing the RandomMazeBuilder

So, our RandomMazeBuilder class looks like this:

Shopify Engineering - Shopify Engineering 

Ruby 3.2’s YJIT is Production-Ready

YJIT, a just-in-time (JIT) implementation on top of CRuby built at Shopify, is now production-ready and delivering major improvements to performance and speed. Maxime (Senior Staff Engineer and leader of the YJIT project) shares the updates that have been made in this newest version of YJIT, and future plans for further optimization.

More

RichStone Input Output 

Employee developer job market turns company market

Employee developer job market turns company market

I recently read in a newsletter that the developer job market is down and now turned from an employee market to a company market.
Meaning that previously the developer jobs came to the developers, whereas now there is less demand for developer work and more employees on the market.

I'm a tiny bit aware of massive layoffs at some big companies and about the economic situation not being the best. But I personally wouldn't yet speak in such big terms. Although I'm not an analyst nor an expert on job market fluctuations. All my expertise is based on my experience and the experience of people I happen to know. Let's see how this one develops over the next months.

Still, I thought that this would be…

The Bike Shed 

367: Value Objects

Joël's been traveling. Stephanie's working on professional development. She's also keeping up a little bit more with Ruby news and community news in general and saw that Ruby 3.2 introduced a new class called data to its core library for the use case of creating simple value objects.


This episode is brought to you by Airbrake. Visit Frictionless error monitoring and performance insight for your app stack.


Transcript:

AD:
thoughtbot is thrilled to announce…

Prathamesh Sonpatki 

Workaround for Lookbehind Regex in Safari

In this post we will discuss:

  • What are Lookbehind Regex
  • Browser Compatibility of Lookbehind Regex
  • Alternative ways to use them so that it works in all browsers

What are Lookbehind regex

At times, we need to match a pattern only if it is followed or preceded by another pattern.

For eg. in case of URL which contains the organization information:

/organizations/:org/dashboard

Here, :org is dynamic name of the organization which can be of following pattern:

/[a-z0-9]+/

We want to match all URLs which match the pattern for

/organizations/:org/*

But there are also URLs such as which we don't want to match.

/users/:slug/*

Where the slug is also of same pattern as /[a-z0-9]/.

So we want to make sure that we…

RubyGems Blog 

3.4.4 Released

RubyGems 3.4.4 includes enhancements and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Installs bundler 2.4.4 as a default gem.

## Documentation:

  • Improve documentation about Kernel monkeypatches. Pull request #6217 by nobu

SHA256 Checksums:

  • rubygems-3.4.4.tgz
    7dab9b54c0493422dda5ab110e8cee78a94c106eaafeb83cc5c31f6157ce2e9a
  • rubygems-3.4.4.zip
    c2f347ebba5eb753db20e72a6494c243254f67b21fcdfd4cbcf1041363ddbd23
  • rubygems-update-3.4.4.gem
    d449a3c831e8ab6b28ae5d2217f81af6e7f785e1e2ec2bb94b00d9888f3c97c2
Boring Rails: Skip the bullshit and ship fast |  

Writing better Action Mailers: Revisiting a core Rails concept

Mailers are a feature used in literally every Rails application. But they are often an after thought where we throw out the rules of well-written applications.

Writing mailers is a “set it and forget it” part of your codebase. But recently, I’ve revisited the handful of mailers in my application and I was shocked at both how bad things were and also how many nice mailer features in Rails I wasn’t aware of.

I’ve been writing Rails applications for over 10 years and there were things I figured out just this week about mailers that I will be using as my new defaults going forward.

Psst! If you like thinking about software and writing code in the "Boring Rails" style, we are hiring…
kukicola.io - Writing about ruby, rails and other web technologies 

Signed URLs with Ruby

Introduction

Signed URLs can be a very useful solution in many cases when you need to provide limited access to some resources or actions. Today I’ll focus on when and how to use them in Ruby, with Rails, or by providing a custom implementation.

About Signed URLs

Signed URLs, as the name suggests, contain signatures that allow us to validate if they were generated by a trusted source. What is more, they may expire over time.

They can be used in many cases:

  • account confirmations, password change confirmations, etc. without storing any tokens in DB
  • providing access to resources for not authenticated users (for example, users in the app can generate some reports and share them with…
Test Double 

Get Bootboot to work on Rails 4.x in deployment environments with Docker

So you’re working on a Rails upgrade in a pretty big app that has lots of active development. The app’s pretty far behind Rails versions—let’s say it’s on Rails 4.2. It’s tempting to upgrade straight to the latest Rails version, but you decide to take an incremental approach and upgrade to the next point release, Rails 5.0.

You have a feeling this upgrade is gonna take a while, and instead of trying to maintain a long-lived branch, you choose to go with a dual booting strategy. You do this with the Bootboot Bundler plugin and have dual booting setup in no time. You open a PR with the changes and wait for a green build, but before any tests are run, you see a weird error:

Unable to…
Short Ruby Newsletter 

🫶 Short Ruby News - Edition #25

You can jump directly to one of the following sections if you like:

👐 Our Community

👉 All about Code and Ruby

🧰 Gems, Libraries, and Updates

🤝 Related (but not Ruby-specific)

More content: 🎥 🎧 🗞 (articles, podcasts, videos, slides, and newsletters)


If you want to read also the edition that covers the 2022 Winter holiday, I published it on the web but did not send it via email as it was too big:

Read the 2022 Winter Holiday edition


👐 Our Community

👐 Yukihiro Matz invited people to share what Ruby is for them:

Source: @yukihiro_matz

Here is a selection from the replies that Matz retweeted:

  • “Makes me happy” (@rahulballal7)

  • “... makes you fall in love with programming!❤️ Thank you Matz !!!” (@ankurvyas27)

Josh Software 

Machine Learning Model inside Docker

What is Machine Learning? In simple words, Machine Learning is the concept that includes different types of algorithms through which we provide intelligence to a machine to work/predict something on itself on a particular dataset What is Docker? Docker is a platform that provides various operating systems so that the manual time required to install … Continue reading Machine Learning Model inside Docker
Honeybadger Developer Blog 

Business Intelligence on Rails With Blazer

Business Intelligence (BI) is a tech-driven process for transforming raw data into actionable insights that support business decisions. These are often in the form of reports, dashboards, and charts.

Many companies offer BI software, from specialized houses, such as Tableau and Qlik, to big corporations, such as Microsoft, IBM, and Google. Although these include a complete set of analytics tools, they usually come at a cost: complexity and price.

If you are working on a Rails project and value simplicity or want to start gathering your first business metrics, then Blazer might be a good solution. With Blazer, you can write SQL queries to create dashboards with metrics and charts, perform…

Graceful.Dev 

New Video: RUBYOPTS and the Sneaky Shim

Sometimes we need to temporarily patch third-party code—to add compatibility shims, or to add some diagnostics. And sometimes, that’s not easy to do… and we have to get a little bit sneaky!

The full episode is available now in The Tapastry and Inspecting Ruby courses.

Blog by Abhay Nikam 

Normalizing Attributes in Rails 7.1 using ActiveRecord::Base::normalizes

Rails 7.1 adds ActiveRecord::Base::normalizes API. The normalizes API is applied on model attributes by applying some set of rules, such as converting all email addresses to lowercase, removing leading/trailing whitespace, or enforcing a specific format before they are saved to the database.

Normalization of data helps to organize it in a structured and consistent way, making it easier to query, update, and maintain. It also reduces data redundancy and minimizes the risk of errors and inconsistencies.

Before Rails 7.1, you could normalize attributes using normalize gem or using before_save model callbacks.

class User < ApplicationRecord
  normalizes :email,  with: -> email { email.strip.dow…
RichStone Input Output 

A weird Rails logger Pokémon

A weird Rails logger Pokémon

I love codebases for the surprises they offer. Some pieces of code jump at you like rare Pokémons and you gotta figure out what kind of a species it is and what it can do.

Gotta catch'em all!

In one project that I'm contributing to, I've recently encountered a Rails logger that I found weird. It's a special logger that is supposed to be used for data migrations and log to a specific log file (migrations.log).

class DataMigrations::Logger < ActiveSupport::Logger
  LOG_PATH = Rails.root.join("log/data_migrations.log")

  class << self
    delegate :debug, :info, :warn, :error, :fatal, :unknown, to: :logger

    private

    def logger
      @logger ||= ActiveSupport::TaggedLogging.new(
       …
Short Ruby Newsletter 

Short Ruby News - edition #24

This edition covers 19 December 2022 - 8 January 2023, when I was on holiday. I was not very active on the channels I usually follow, but I tried my best to read them all retrospectively, so if I need to include something that is not here, please let me know at shortruby@ghinda.com.

This was not sent via email as it is too long and covers a different period than last week.


This edition was created with the help of Adrian Marin from Avo for Ruby on Rails (a friendly full-featured Rails admin panel) and Jakob Cosoroabă.

You can jump directly to one of the following sections if you like:

👐 Our Community

👉 All about Code and Ruby

🧰 Gems, Libraries, and Updates

🤝 Related (but not Ruby-specific)

More…

Posts on Kevin Murphy 

Evaluating More Coverage in Ruby 3.2

Measuring Coverage of Eval 🔗

As I mentioned in my prior post, Ruby 3.2.0 has some changes to the Coverage module. Now the module can measure the coverage of a Ruby expression in a string passed to the eval method.

This is important because of templates. ERB, when we ask for the template through the result method, calls eval. When Rails is rendering a view, that also calls eval. More specifically, Rails calls the module_eval method.

Have you wondered how much of the logic in your views is exercised in your test suite? Thanks to this change, now you can see that in tools like SimpleCov.

Feature Introduction 🔗

Let’s walk through an example demonstrating this functionality.

require "coverage"Coverage.
GoRails 

How to test OmniAuth Params

OmniAuth provides some tooling for mocking OAuth requests in your test suite. This is handy because your tests don't have to redirect to a production OAuth provider like Twitter, authenticate with real credentials, and then handle the response.

Instead, you can set test mode in OmniAuth and then add a mock OAuth provider. This will allow your tests to skip the production OAuth process and simulate it in your test environment.

One problem is testing additional params you might pass to OmniAuth. For testing, you normally just request the callback URL for the mock request. If you test only with the callback url however, the params will not be present. This is because the params are stored in…

Notes to self 

What is ActiveRecord becomes from Rails

Have you heard about the ActiveRecord becomes method from Rails? Maybe it’ll come handy one day.

becomes

The #becomes method can be used on any ActiveRecord model to become a different class instantly.

Here’s how:

class Car
  ...
end

class Honda < Car
  ...
end

# Later

@honda = Honda.new(..)
@i_am_a_car_instance = @honda.becomes(Car)

Any model can become some other model on a whim with the same attributes. But why do we need #become at all?

A typical use-case would be using single table inheritance (STI) while keeping Rails conventions intact.

For example, building forms and rendering partials are derived from the instance class name which would intervene with reusing the parent…

RubySec 

CVE-2022-1812 (publify_core): Integer overflow in publify_core

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.
RubySec 

CVE-2022-2815 (publify_core): Publify Core does not strip metadata from images

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
RubySec 

CVE-2023-0299 (publify_core): Publify Improper Input Validation vulnerability

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
Ruby on Rails 

An endpoint for uptime monitors, an improved help command, etc

Halløj. It’s me again, bringing you the usual goodies from Rails.

Show relevant commands when calling help This pull request improves the user experience by displaying the appropriate commands for the context in which the user is running rails -h or rails. When outside of a Rails application, the output will be the options for the rails new command. When inside a Rails application, the common Rails commands will be displayed. This eliminates confusion for users who may have expected to see different commands in different contexts.

Let HWIA#transform_keys take a Hash argument like Ruby’s Hash#transform_keys The HashWithIndifferentAccess#transform_keys method now mirrors the functionality…

Let delegate define method with proper arity when…

RichStone Input Output 

Your remote coding setup

Your remote coding setup

When you get to code together remotely, you are up for some good results and problem solutions. When your remote coding setup is trash, your coding session will be trash or close to trash.

The way you usually shape your organization's coding sessions will determine the best tool you should use.

If you are like 90% of developers, you are probably used to one of these remote coding setups:

  1. joining a video call and sharing the screen
  2. using a code-sharing software solution like VSCode Live Share

These are valid options. However, in some cases, you might prefer other tools, or a combination of tools, especially if you'd like to level up your remote collaboration game.

General

Most of all, apart from an…

Julia Evans 

Examples of floating point problems

Hello! I’ve been thinking about writing a zine about how things are represented on computers in bytes, so I was thinking about floating point.

I’ve heard a million times about the dangers of floating point arithmetic, like:

  • addition isn’t associative (x + (y + z) is different from (x + y) + z)
  • if you add very big values to very small values, you can get inaccurate results (the small numbers get lost!)
  • you can’t represent very large integers as floating numbers
  • NaN/infinity values can propagate and cause chaos
  • there are two zeros (+0 and -0), and they’re not represented the same way
  • denormal/subnormal values are weird

But I find all of this a little abstract on its own, and I really…

Code with Jason 

What causes flaky tests

What is a flaky test?

A flaky test is a test that passes sometimes and fails sometimes, even though no code has changed.

In other words, a flaky test is a test that’s non-deterministic.

A test can be non-deterministic if either a) the test code is non-deterministic or b) the application code being tested is non-deterministic, or both.

Below are some common causes of flaky tests. I’ll briefly discuss the fix for some of these common causes, but the focus of this post isn’t to provide a guide to fixing flaky tests, it’s to give you a familiarity with the most common causes for flaky tests so that you can know what to go looking for when you do your investigation work.

The causes I’ll discuss…