### Impact
Denial of service vulnerability that could be exploited during a guest checkout.
The regular expression used to validate a guest order's email was subject to
exponential backtracking through a fragment like `a.a.`.
Before the patch, it can be reproduced in the console like this:
```ruby
irb(main)> Spree::EmailValidator::EMAIL_REGEXP.match "a@a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.@"
processing time: 54.293660s
=> nil
```
To reproduce in the browser, fill in the "Customer Email" field with that fake
email address during a guest checkout. Before that, you should open the browser
dev tools and change the `type` attribute for that field from `email` to…
Why does every shared tweet need to end in ?s=20? Why has Amazon been tacking hasWorkingJavaScript=1 onto URLs for nearly 15 years?
If you’re like me, there’s nothing you love more than a tidy URL.
Amid GitHub Copilot kerfuffle (I am as concerned about the usefulness and ethical implications of this glorified fuzzy copy-paste as the next guy), I started to think about a related question:
Can AI be really useful in code writing? If so, how?..
I mean here the AI-as-we-know it, a.k.a. statistically trained “models”, not some genius “general intelligence”. My take on modern AI is that it encapsulates “experience” (as opposed to knowledge/analysis). As stated in one of my spellchecker articles:
The solution to every intellectual problem lies between two opposites: “with understanding” and “with experience”. Most of the time, we use a mix of both, though one can imagine “pure…
123 - Scaling a Rails App with Tom Rossi of Buzzsprout
In this episode, Tom Rossi and I talk about what types of challenges one might encounter when scaling a Rails application. We also talk about podcasting.
On my first day at work, I worked on a few onboarding tasks like setting up the official mail id, Slack, Freshbooks
and mailing my details to HR.
Post that, I was assigned a task to build a leave management system
and allotted a month to finish the project.
The task was further sub-divided into several sub-tasks and after completing each sub-task,
I needed to raise a PR(pull request) for review.
The above image is taken from
Unsplash.
The second day, I started with the first sub-task which was to create the Rails app
and to avoid fixtures from generating.
Fixtures are dummy objects that can be fed to run the unit tests without using the actual Active Record objects.…
RubyGems 3.2.33 includes deprecations, enhancements, bug fixes and documentation.
To update to the latest RubyGems you can run:
To install RubyGems by hand see the Download RubyGems page.
## Deprecations:
- Deprecate typo name. Pull request #5109 by nobu
## Enhancements:
- Add login & logout alias for the signin & signout commands. Pull request
#5133 by colby-swandale
- Fix race conditions when reading & writing gemspecs concurrently. Pull
request #4408 by deivid-rodriguez
- Installs bundler 2.2.33 as a default gem.
## Bug fixes:
- Fix
ruby setup.rb trying to write outside of --destdir. Pull request
#5053 by deivid-rodriguez
## Documentation:
One of the things that I want from css is to have to possibility to compose
already defined styles, to define new ones…
If you try to write “Semantic CSS”, you will find a hard time trying to avoid
the repetition on things that look the same but are different things, like
when you want to render a “card” for the an author and then for an article.
You can create “content agnostic CSS components”, but things start
to get complicated, when you want to avoid duplication if things from one
component are similar to other components.
One way of solving this problems is by using something like the @extend
function from sass, or the @apply function from Tailwind css, but both tools
are…
Hello Hanami community! We're thrilled to announce the release of Hanami 2.0.0.alpha4!
With this new cycle of monthly based releases we have smaller set of changes, but delivered more frequently.
Specifically, we're focusing on the cleanup of our application template.
The template is essential for you to try Hanami 2, but also for us to shape the ergonomics of the framework.
- Content Security Policy (new API)
- Router helpers to be accessible from actions
- CLI enhancements
Content Security Policy
We proudly share this story: Hanami was the first Ruby framework to ship with Content Security Policy (CSP) support.
In Hanami 1 the public API to handle CSP was…
Lately, I’ve been interested in abstractions: why objects behave the way they do, how do we architecture our code so it’s open to change (without causing unnecessary headaches), to which class that specific behavior should belong? And during that time, I’ve repeatedly heard folks talk about dependency injection.
I’m glad to report that I’ve finally managed to wrap my head around this enough to use this practice regularly. I guess it’s time for me to give you a tour of my current understanding of dependency injection: what it is, why do you need it, and how to use it?
What is a dependency?
First, let’s explain what a dependency is.
A dependency is an abstraction upon which another…
There are very few inconsistencies with Rails, but the very few times it does,
we’re left thinking: “How could they have missed this!”.
One such inconsistency is with date_select.
Though it has a myriad of options,
it lacks in some basic ones.
Before
date_select provides users with an option to control the format of the year
being displayed in the select box.
The default select boxes look like this,
Using the year_format option allows us to configure the format in which
the year gets printed out in the select box,
<%= f.date_select :birthday, year_format: -> (year) {"Year #{year}"} %>
This might seem trivial however, it happens that it is a crucial feature…
Rails 7 introducesPathname#existencemethod, which returns the receiver if the given file path exists otherwisereturns nil.
Before
We need to first check whether the given file path exist or not to perform anyother operations on it.
=> file_path = "config/schedule.yml"=> Pathname.new(file_path).read if Pathname.new(file_path).exist?
Rails 7 onwards
The Pathname#existence method acts like Object#presence for file existence.
=> file_path = "config/schedule.yml"=> Pathname.new(file_path).existence&.read
Please check out this pull requestfor more details.
I’ve recently had the exciting opportunity to work with Pathstream on their infrastructure automation. We experimented with using GitHub Actions, Terraform, and AWS together in a GitOps-style workflow. The results are compelling and worth sharing so I built a small example repo to demonstrate some of our findings.
Fellow thoughtboter Edward Loveall joins Steph to cohost and talk about alternative frontends and his own that he created: scribe.rip: an alternative frontend to Medium, learning about what it's like to be a manager/non-IC, and helps answer a listener question re: how do you think about empathy in your work?
This episode is brought to you by ScoutAPM. Give Scout a try for free today and Scout will donate $5 to the open source project of your choice when you deploy.
Become a Sponsor of…
Before we walk down to theory, We have Repo out with a demo to show the difference between Recoil & Redux. Also, try running the application to see how new features from Recoil makes a difference. PerformanceRecoil subscriptions are on atom/selector updaters, while Redux is on all actions. So if you have N connected component and dispatch …
Continue reading Can Recoil replace Redux ? State management in React.We’re almost ready to declare Rails 7 done! The feedback since the first alpha release has been wonderful, we’ve eliminated a slew of issues, and we’ve seen Basecamp, HEY, GitHub, and Shopify all run in production on this alpha series. So we now feel so confident that this is nearly ready that we’re skipping straight from alpha to release candidate. This is RC1.
Please help us do the final testing of all this new stuff so we can ensure a solid final release of Rails 7 this year!
All New Answers On The Front-End
After almost five years with Webpacker as our default answer to writing modern JavaScript in Rails, it’s time to move on. Advancements in browser support for ES6/ESM, widespread…
Hello! Yesterday I tweeted this:
and I want to talk about it a little more. This came up because I was showing a
friend a demo of how DNS caching works last week, and he realized that what was
happening in the demo didn’t line up with his mental model of how DNS worked.
He immediately brought this up and adjusted his mental model (“oh, DNS records are
pulled, not pushed!“). But this it got me thinking – why did my very
smart and experienced friend have an inaccurate mental model for how…
Hey everybody, I’m so glad you could tune in for the debut episode of Fullstack Ruby. I’ve been on a few Ruby-themed podcasts over the past 18 months, but this is the first time I’m running a show about Ruby myself!
To kick things off, I’d like to introduce you to Ruby2JS and explain why I think this technology is a game changer.
Ruby2JS isn’t simply about an attempt to write what appears to be Ruby code for your website frontend. It’s really about writing JavaScript—AS IF JavaScript had Ruby’s syntax and was inspired by Ruby’s stdlib, ActiveSupport, and the like. A “RubyScript” if you will.
Three examples I cover on today’s episode:
-
set_timeout
-
tap & yield_self
…
In the previous blog of this series,
I’ve written about ‘Why did we decide to rebrand?’.
Read our previous blog
here.
When I was interviewing for Saeloun,
I asked about the meaning of the company name and why it was chosen.
Later I found out that a lot of us had the same question
and were keen to understand the meaning of
Saeloun and its identity.
We realized that we needed to first define the brand identity and for that,
a brand sprint seemed like a good start.
We followed
google ventures’ 3-hour brand sprint
for this.
What is a brand sprint?
“A brand sprint is an expressive exercise that helps turn ideas about your brand into a defined brand image. A brand sprint can help your company…
In this episode, we explore some of the new features with Turbo and interactions that we can do with little or no javascript.
It is easy with Rails’ syntax for defining routes to make more URLs in your application available than you might intend to.
Instead of…
…using an open resources block in your routes:
resources :orders do
resources :products
end
Use…
…the only and except options to limit the actions you’re generating:
resources :orders, except: %w[destroy] do
resources :products, only: %w[show]
end
Why?
This is all about clarity, tidying up, and protecting against unexpected errors or security holes.
In the default, unrestricted, case all seven default routes are created. If a user calls a route that is defined but not used, Rails will attempt to call the relevent controller action, even if it…
In our Ruby guide we recommend using Standard. The gem describes itself as a
Ruby style guide, linter, and formatter. It helps avoid the never-ending debates
around code style by making decisions for us (I’m looking at you single vs
double quotes!). It’s easy to use, consistent, avoids configuration and helps us
write better styled and more consistent Ruby code.
As developers, we often write HTML when working with Ruby. It can be useful to
lint our .erb templates to ensure consistency and catch errors. The
erb-lint gem from Shopify is a tool to lint our views. The linters enabled by
default are outlined in the documentation.
We…
OK so you know that your mailing list is the foundation of your banana stand business. Now it’s time to talk about the tech you use to manage your mailing list.
First, let’s make this concrete
What I’m talking about in this article is a huge sector of products and services, of which you are most likely going to pick one and stick with it for a long time. To make this concrete, here are a few examples of what we’re talking about:
- ActiveCampaign
- Aweber
- ConvertKit
- Drip
- Hubspot
- InfusionSoft
- MailChimp
- Ontraport
- Sendinblue
These are just a few examples; there are many, many more such services. It’s a packed field. Don’t worry, I’ll help you pick one by the end of this…
Ruby blocks can be difficult to understand. One of the details which presents an obstacle to fully understanding blocks is the fact that there is more than one way to call a block.
In this post we’ll go over the two common ways of calling a Ruby block: block.call and yield.
There are also other ways to call a block, e.g. something called instance_exec. But that’s an “advanced” topic which I’ll leave out of the scope of this post.
Here are the two common ways of calling a Ruby block and why they exist.
The first way: block.call
Below is a method that accepts a block, then calls that block.
def hello(&block)
block.call
end
hello { puts "hey!" }
You may wonder what the & in front of &block…
Hello! I talked to a couple of friends recently who mentioned they wished they knew
how to use dig to make DNS queries, so here’s a quick blog post about it.
When I first started using dig I found it a bit intimidating – there are so
many options! I’m going to leave out most of dig’s options in this post and just
talk about the ones I actually use.
Also I learned recently that you can set up a .digrc configuration file to make its output
easier to read and it makes it SO MUCH nicer to use.
I also drew a zine page about dig a few years ago, but I wanted to write this post to include a bit more information.
2 types of dig arguments: query and formatting
There are 2 main types of…
Let's look at this special type of object that only exists in C extensions called TypedData objects.
Welcome back to RUBY3.dev! Only…it’s not! Rather, a very warm welcome from Fullstack Ruby. Why the name change?
Well, a couple of reasons—the first of which is that your humble author (that’s me!) is not just a “Ruby developer” but a “web developer” as well. Yes, I’ll admit it: I don’t just write Ruby because I like assembling command line tools or crafting data processors or solving algorithmic puzzles. I like building websites. And I like building tools for building websites. I’m a web developer. It’s in my DNA.
So running a blog that’s generically about Ruby couldn’t hold my attention for too long. Thus I had to simultaneously narrow the focus all while expanding it to the broader web…
As you may know, in the last few months I’ve been working on
Tipi, a new web server for Ruby, with
innovative features such as support for HTTP/2, automatic SSL certificates, and
streaming request and response bodies. As part of the development process, I
also had to deal with how to represent HTTP requests and responses internally.
Tipi being a modern web server, with emphasis on concurrency, performance, and
streaming, I felt it was wrong to base it on the
Rack interface. While Rack is today ubiquitous
in the Ruby ecosystem—it underlies basically all Ruby web frameworks and all
Ruby app servers—it has some important limitations, especially as regards being
able to perform HTTP
upgrades…
[00:01:23] Rafael tells us what got him into Ruby and eventually into Rails.
[00:05:08] We learn more about Rafael’s experience working at Plataformatec.
[00:06:28] Rafael explains more about the Rails and Merb merge.
[00:11:18] Find out when Rails engines became a thing, what a Railtie is, and how the Rails engine builds on top of the Railtie.
[00:15:44] Chris wonders how the engine approach has helped organize such a big application like Shopify and Rafael tells us about a challenge with the lack of tooling.
[00:20:11] Rafael goes in depth about his team at Shopify.
[00:24:26] We hear about the state of Rails 7.
[00:27:32] Jason asks Rafael what it would take to get some…
Cypress has added a new configuration option slowTestThreshold using which we can set the custom
threshold value to specify a slow test.
A test that executes for longer than the slowTestThreshold time will be highlighted in
yellow with the default spec reporter.
This is a visual change only - slow tests still pass.
Before
Before version 8.7.0,
the default slow test threshold was 75ms (mocha’s default).
A test is marked in red,
if the test takes more than 75ms.
We did not have any option to specify our threshold values, and hence
we were not able to manage the report.
describe('slowTestThreshold', () => {
it('passes slowly', () => {
cy.wait(120)
cy.wrap(true).should('be.true')
…
Now,
if we run the above test via the cypress run --spec…
A flaw was discovered in Puppet Agent and Puppet Server that may result
in a leak of HTTP credentials when following HTTP redirects to a different host.
This is similar to CVE-2018-1000007
A flaw was discovered in Puppet Agent where the agent may silently ignore
Augeas settings or may be vulnerable to a Denial of Service condition prior to the
first 'pluginsync'.
The JRuby community is pleased to announce the release of JRuby 9.3.2.0
JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below.
Security
-
Date-parsing methods have been modified to accept an input-size limit option. This addresses CVE-2021-41817. It was originally reported against Ruby’s C-based date extension, which JRuby does not use, but JRuby’s own implementation of date is also affected by the same issue.
The fix is detailed in #6952. A workaround is provided, via patching the pure-Ruby …
-
In order to match Ruby behavior and permit interrupting these date-parsing regular expression matches, this release also enables interruptible regular expressions globally. This feature can be…
Samuel Cochran, creator and maintainer of MailCatcher joins the Rogues to discuss how he pulled EventMachine together with Ruby to build out MailCatcher.
He goes into the maintenance and contributions that have come in over the years. He dives into changes that are being made and the stability of the project.
Panel
- Charles Max Wood
- Darren Broemmer
- John Epperson
- Valentino Stoll
Guest
Sponsors
Links
…
#581 — December 2, 2021
Read on the Web
😶 It's a verrrrry quiet week in the Ruby world, so this issue is mostly about the code and tools section. Instead, I am going to gently encourage you all to give Advent of Code a try..? 😆
__
Peter Cooper, your editor
Ruby Weekly
The Advent of Code 2021: 25 Days of Code Challenges — If you have a little time each day to do some programming puzzles, the Advent of Code is always fantastic and now in its seventh year. There’s a sub-Reddit where people share and discuss their solutions and I’ve picked up a fair few Ruby tricks from looking at other people’s approaches. Day one…
React creates single-page applications.
In single-page applications, it is important to
display multiple views without having to reload the browser.
React Router plays an important role in managing this.
It is the most popular lightweight, fully-featured routing library for React.
The latest release of React Router 6, has created a lot of buzz in the React community.
In this blog, we will look into some of the new changes in React Router 6.
More compact and elegant
React Router v6 was built from scratch using React hooks.
It helped the v6 code to be more compact and elegant than the v5 code.
Smaller bundle size
In v6 the minified gzipped bundle size dropped by more than 50% !
React…
The GDPR has been around for several years now, and as advocates of data privacy, we are convinced by the legitimacy of such a regulation. However, as good as this measure is from a user’s perspective, it comes with its own puzzles and challenges for an online service provider… Here we’ll try to describe the solution we implemented to deal with the user’s data deletion, which is one of the rights granted by the GDPR (General Data Protection Regulation) to any European user of a service collecting personal data. As a result, this piece does not try to cover all the implications of the GDPR, nor does it pretend to bring a one size fits all solution deal with user data deletion.
GDPR In A…
The JRuby community is pleased to announce the release of JRuby 9.2.20.1
JRuby 9.2.x is compatible with Ruby 2.5.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below. All users are encouraged to upgrade.
This is a security release to address CVE-2021-41817. It was originally reported against Ruby’s C-based date extension, which JRuby does not use, but JRuby’s own implementation of date is also affected by the same issue.
The issue affects calls to various Date and DateTime parsing methods with extremely long strings. The regular expressions…
When running and maintaining an application in a production environment, we want
to feel confident about the behavior of the application and know
when it isn’t working as expected. At the least, we want to track
errors, monitor performance, and collect specific metrics throughout the
application.
Because we’re developers and love maintainable solutions (right?), we also
don’t want to end up in a jumble of tools, integrations, and dependencies that
make it harder for us to keep track of everything.
In this post, we will add AppSignal to a Ruby on Rails
application to help give clear insights into application
behavior.
Prerequisites if you want to follow along with the code:
Brittany and Jemma record right after Rubyconf 2021 so they could share their experiences and favorite talks both in-person and virtual. Oh, also, this is now a running podcast.
Show Notes & Links:
Talks Discussed:
Sponsored By:
Honeybadger
Honeybadger makes you a DevOps hero by combining error monitoring, uptime monitoring and check-in monitoring into a single,…
Rails provides fantastic internationalization options with its I18n library.
However,
its translate method sometimes behaves unpredictably.
Fortunately,
Rails 7 irons out of most of those irregularities.
Before
I18n’s #translate method behaves differently when different default values are passed to it.
This inconsistency led to unexpected problems.
Let’s look at some examples!
I18n’s translate method accepts a default parameter which returns this
value when the translation key is not found.
Below we can see it in action.
There is a key called hello in our en.yml file,
but the hi key is missing.
This is how the default parameter handles this situation.
> ApplicationController.helpers.t('…
Catch Dave on Episode 006 of Greater Than Code! Getting Technology Into the Hands of Children with David Bock
02:10 - Dave’s Superpower: Ability to Reevaluate and Drop Ideas – Onto The Next!
07:10 - The Acceptance of Ruby; Using Ruby as a Teaching Language
18:01 - Mobile Development
24:10 - Teaching Remotely
One of the aspects of Ruby that often confuses newbies coming from other languages is the fact that it has both throw and catch and raise and rescue statements. In this article I’ll try and clear up that confusion.
If you’re familiar with Java, C#, PHP, or C++, you are probably used to using try, catch, and throw for exception handling. You use try to delineate the block in which you expect an exception may occur. You use catch to specify what to do when an exception is raised. And you use throw to raise an exception yourself.
You’ve probably noticed that Ruby has throw and catch… but they don’t seem to be used the way you’re used to in other languages! And there are also these “…
122 - Deployment from Scratch with Josef Strzibny
In this episode, Josef Strzibny and I talk about his book, Deployment from Scratch, and, naturally, deploying and running web applications.
Hello everyone,
RubyMine 2021.3 is now available! Below is a brief overview of the most notable features. For a detailed description of this update, please visit our What’s new page.
Support for remote development workflow
RubyMine now supports an early version of the remote development workflow. It allows you to connect – from anywhere in the world – to a remote machine running a RubyMine backend.
All the processing will happen on that powerful remote machine, and you’ll be able to work on the project seamlessly, as if it were on your local machine.
Bundled RBS type signatures
This version comes bundled with RBS signatures.
With the RBS signatures present, RubyMine is now able to provide …
On challenges of designing the “query language” for a human-readable encyclopedia.
Some time ago, I posted a write-up on Wikipedia’s abundance of knowledge and approaches to extracting it programmatically. It was designated to be a gentle introduction to my new and still rough project, so here is a long-overdue continuation. Or the first part of it.
To reiterate on the where we are standing:
- …one should be able to write (in Python, Ruby, Haskell, whatever) something to the meaning of
World.country("Ukraine").attr("area") and receive a meaningful answer. For any/most of the “commonly known” facts.
- Looking for a source for this data, one will quickly arrive at Wikipedia: it is crucial…
In one of our internal products, we received complaints regarding slow page loads and longer response times for a certain page. Our team members used New Relic to debug the cause of the slowness and were able to resolve the issue. After the issue was resolved I made a video for internal purpose. In this blog we are posting that video as it was recorded.
<iframe width="100%" height="315" src="https://www.youtube.com/embed/pmCcey4BiG0" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
If you work with capybara and you are constantly searching for capybara helpers, maybe to have this little cheatsheet at hand could work for you.
I already have share it on as a blog post, but now I want to share it with you as a pdf.
Authors: Vladimir Dementyev, Principal Backend Engineer at Evil Martians and Travis Turner, Tech Editor at Evil Martians
Much as the ancient Greeks struggled with squaring the circle, so too do modern web developers struggle to find a convenient way to deploy their app on Kubernetes. YAML, Helm, (and the compass and straightedge for that matter) are all tried-and-true tools, but using these alone might require too many steps to accomplish the task. Some developers are okay with this! Rubyists like us, on the other hand, prefer to concentrate on the creative side of programming, and we’re always looking for ways to minimize the routine. So today, in honor of this impluse, I’d like to…
A lot of times when working on web applications, a need arises to redirect a user
without the user explicitly clicking on a link.
For example,
assume that a user has just created a post on an application.
Once the post is created,
it makes sense to redirect the user to the new post location,
instead of back to the creation page.
Before
There are a few ways to calculate where a user must be navigated to,
but a popular way is to pass a redirect_url query parameter.
However,
this opens up a vulnerability for an intruder to override this parameter
and
send users to unsafe locations.
Rails already rejects unsafe redirects,
but it does not provide a fallback location in cases where we still…
class SignInsController < Applica…
Steph gives an update about RSpec focus and how she often forgets to remove the focus feature from tests. She figured out two solutions: one using Rubocop, and the other from a Twitter user, suggesting using a GitHub gist. She also suggests that if you're one of those people who misses being in an office environment, you check out soundofcolleagues.com for ambient office noise selection.
Chris has been struggling to actually do any coding and is adjusting to doing more product management and shares some strategies that have been helping him.
They answer a listener question about dealing with large pull requests and how it's hard to recognize a good seam to break them up when you…
Introduction A few upsides come with adopting an opinionated framework like Ruby on Rails. One of them is having a clear pattern to the layout of a project’s source code directories and guidance on where specific code should live.
Refactoring a Javascript countdown timer into a reusable Stimulus controller gives a look at the flexibility we can achieve by taking advantage of the Stimulus Values API and customizing the default values.
If you dig into your programming language's syntax, you might
discover that it is capable of much more than you thought it was.
Wikipedia defines “Language Primitive” this
way:
In computing, language primitives are the simplest elements available in a
programming language. A primitive is the smallest 'unit of processing'
available to a programmer of a given machine, or can be an atomic element of an
expression in a language.
By looking at a language’s primitives, we can learn what kind of code will be
easy to write or impossible to express, and what types of problems the language
was intended to solve. Whether you’ve been using a language for years, or just
now learning a new…
2 real-world examples of using algebraic effects in Hanami ruby applications with dry-effects.
In part 1, we learned how to deploy a Rails application on a local Kubernetes cluster with Kind. In this post, we will delve deeper into other Kubernetes artifacts, such as services, Ingress, and the Horizontal Pod Autoscaler (HPA).
We will also wire it up with a subdomain so that we can see the app working on a public URL, which will be a subdomain for this tutorial. Let’s get going.
Prerequisites
To continue running our bands API rails app on a full-on production-ready Kubernetes cluster on DigitalOcean, the following are some prerequisites:
- Kubectl command is installed and working on your system.
- You are aware of how Kubernetes works and how it handles DNS and Ingress.
- You have some…
We recently decided to redo our branding following
certain steps to arrive at brand guidelines.
As Saeloun grows, we’ve been creating many branding and press materials,
which has evolved past the website and blog designs.
While we do, we are trying to document our process,
the challenges we faced and what decisions we
took along the way.
This is going to be a series of articles about this process and learnings.
Why did we decide to rebrand?
When Saeloun was founded in early 2019,
the team took
inspiration from words from different languages that meant
‘fresh’ or ‘new’ and finally decided to go with
the Korean word ‘Saeloun’.
Sojan graciously created our first logo,
also helped us with…
I see why maintainers and their associates are advocating and sourcing for open source contributors ( ͡° ͜ʖ ͡°) I also see the benefit for developers, and especially for aspiring developers to take the leap and to contribute. This is the greatest opportunity to gather real-world experience while you are still on your journey of getting into the industry.
Lately, I witnessed interesting keynotes and talks about open source projects in the last Ruby and Rails Conferences. For example:
As a beginner, you have special needs to ease yourself…
Cypress gives us the ability to stop the test at a spot via
cy.pause() command.
We can use this to stop the test before any action or assertion that is causing
our tests to fail.
But this command only works when we run Cypress in GUI mode and, it is
ignored when we run the tests in headless mode.
Before
Before version 8.6.0
cy.pause() was ignored if we run
our tests via cypress run --headed --no-exit command.
describe("example", () => {
it("should not pause the test", () => {
cy.visit("www.google.co.in");
cy.pause();
cy.contains("India");
cy.get('input[value="Google Search"');
});
});
Now, if we run the above test via the cypress run --headed --no-exit command,
then…
Hey, Wojtek here with recent additions to Rails. All of them today for FREE, for you.
Thank you all the contributors for making Rails. Those from one-time to day by day committers.
Add compose method to Active Storage Blob
Concatenating multiple blobs is now possible.
Support custom metadata on Active Storage
Setting custom metadata on blobs are now persisted to remote storage.
Allow to configure the list of columns to update in upsert_all
Before, you could only customize the update SQL sentence via :on_duplicate. There is now a new option :update_only that lets you provide a list of columns to update in case of conflict.
Expose role/shard on pool/connection
It can be useful to know…
Developers usually think of timezones, but European summertime changes can be easily overlooked. I have to admit I overlooked them when parsing dates with DateTime.from_naive!/2.
What’s the issue, you ask?
Let’s parse some time with DateTime.from_naive!/:
iex> datetime = DateTime.from_naive!(DateTime.utc_now(), "EET")
#DateTime<2021-11-26 10:36:32.810393+02:00 EET EET>
Most of the time, this works as you would expect – and looks innocent.
But it all breaks for summer and winter time changes which are known as Daylight Saving Time (DST). Consider getting a datetime string on the day and minute of the change:
iex(17)> datetime = DateTime.from_naive!(~N[2021-10-31 03:00:00], "EET")
** (…
async/await
The async/await feature introduced in ECMAScript 2017
enables asynchronous, promise-based behavior to be written in a cleaner style
avoiding the need for promise chains.
The await keyword can only be used inside an async function.
Attempting to use an await outside of an async function results in a SyntaxError -
SyntaxError: await is only valid in async function.
The ECMAScript feature ‘Top-level await’ which is
promoted to Stage 4 in the TC39 process
lets us use the asynchronous await operator at the top level of modules.
Top-level await enables modules to act as big async functions.
With top-level await, ECMAScript Modules (ESM) can await resources.
Other modules which…
What is TypeScript Anyway?
To the seasoned developer this may seem like a silly question, but to developers who are self-taught, bootcamp trained, or even just have never come across a project in TypeScript - understanding exactly what it is and how to use it can be a bit of a mystery.
In this article we will try to explain the basic concepts behind TypeScript, and the reasons for using it.
JavaScript and TypeScript; the relationship.
JavaScript is the most used programming language in the world. We imagine that it is almost impossible to be a developer and not have to write at least some piece in JavaScript in your career. JavaScript is the programming language that is responsible…
Here’s a code sample that I’ve grabbed more or less at random from the Rails codebase.
def form_for(record, options = {}, &block)
The first two arguments, record and options = {}, are straightforward to someone who’s familiar with Ruby. But the third argument, &block, is a little more mysterious. Why the leading ampersand?
This post will be the answer to that question. In order to begin to understand what the leading ampersand is all about, let’s talk about how blocks relate to Proc objects.
Blocks and Proc objects
Let’s talk about blocks and Proc objects a little bit, starting with Proc objects.
Here’s a method which takes an argument. The method doesn’t care of what type the argument is.…
We all used Select2. We all depended on it for a long time, for all our Select/Autocomplete needs. But it’s been showing signs of aging for quite a while, and it’s one of the last libraries that still keeps me tied to jQuery.
It was time to let go.
After quickly evaluating a few alternatives, I decided to take a closer look at Tom Select.
Tom Select was forked from selectize.js with the goal of modernizing the code base, decoupling from jQuery, and expanding functionality.
Well, that looks good to me.
And since it was renovating time, I also decided to consolidate all that JS used to make Select2 work with Ajax, filtering, etc. in a few Stimulus controllers.
All the examples…
RubyMine 2021.3 RC2 is available!
Unlike previous EAP builds, the RC requires you to have a valid RubyMine license. Otherwise, it will install and run as a free 30-day trial.
You can install the RC version alongside a stable version of RubyMine.
Here’s a quick roundup of the most notable new features being introduced in the upcoming 2021.3 release:
Ruby and RBS
Type Checking
[LIVE from RubyConf 2021] Crossover Episode
This multi-podcast crossover episode was recorded live at RubyConf 2021 in Denver. In this episode you'll hear Jemma Issroff, Emily Giurleo, Nick Schwaderer, Jason Charnes, Andrew Mason and Jason Swett.
Mani provides us with strategies and tactics to get Deep Work time and how to get our minds into that focused state for hours at a time.
He has read hundreds of books that have taught him the secrets to getting more done by getting into this state.
He starts by telling us how he was passed over for a promotion at Qualcomm in favor of someone younger and less experienced and how that inspired him to figure out what the other guy was doing differently. He learned that he needed to get more done with the time he was spending on his projects.
The…
Event store is a proper name for a..., well, storage of events. Events are facts from the past. Such a trait makes our storage a great candidate for append-only mode, ie. there are only two operations available: read and add. It might feel like a weird constraint but it allows to optimize mentioned operations to be as fast as possible. At the same time, simplicity creates a foundation for our creativity and making really complicated solutions.
A security vulnerability that causes buffer overflow when you pass a very large
string (> 700 MB) to `CGI.escape_html` on a platform where `long` type takes 4 bytes,
typically, Windows.
Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use
`gem update cgi` to update it. If you are using bundler, please add `gem "cgi",
">= 0.3.1"` to your `Gemfile`. Alternatively, please update Ruby to 2.7.5 or 3.0.3.
This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby
2.6 is not vulnerable.
The old versions of `CGI::Cookie.parse` applied URL decoding to cookie names.
An attacker could exploit this vulnerability to spoof security prefixes in
cookie names, which may be able to trick a vulnerable application.
By this fix, `CGI::Cookie.parse` no longer decodes cookie names. Note that
this is an incompatibility if cookie names that you are using include
non-alphanumeric characters that are URL-encoded.
This is the same issue of CVE-2020-8184.
If you are using Ruby 2.7 or 3.0:
* Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You
can use `gem update cgi` to update it. If you are using bundler, please add
`gem "cgi", ">= 0.3.1"`` to your `Gemfile`.
*…
When working with strings,
we come across cases where we need to match
string characters or words using regular expressions.
We use regular expressions widely for matching
email and phone numbers formats.
A regex for a valid email address is as below -
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i
result = VALID_EMAIL_REGEX.match("sam@example.com")
=> #<MatchData "sam@example.com" 1:nil>
result = VALID_EMAIL_REGEX.match("invalid_email")
=> nil
Before
Ruby returns an object of class MatchData where we can use the [] function
on the result object.
The [] function will expect either an index or symbol as an argument.
We can also access multiple matches by passing a…
[00:00:28] The panelists introduce themselves.
[00:01:37] We hear what everyone is most excited about being at RubyConf and the talks they are most excited about going to.
[00:04:11] Jason Swett shares how he prepped for the workshops, and Nick and Emily tell us about their talks.
[00:08:13] Jemma asks the panelists why they come to conferences and what brings them here.
[00:11:12] Everyone here is a podcaster, so we find out why they do these podcasts.
[00:15:11] The panelists share what is so special and unique about the Ruby community.
[00:18:59] Find out which podcast episodes the panelists are most proud of that they put out.
[00:22:42] What do the panelists think about the…
Let’s say you have a fairly complicated view: a calendar-like table with apartments to rent as rows and availability dates as columns.
Of course you want to be able to:
- filter by availability, by location
- sort
- paginate the list of properties
- paginate the dates (look at a different date range)
The server gives you a JSON which is then consumed by a client like a SPA frontend.
You need to join data from a couple different tables:
apartmentsaddressesbookings- a sequence of dates
What happens next:
- At the beginning you just query your tables, do some joins.
- Later you optimize the queries and perhaps write some of them by hand.
- Developers keep extending this view over the years by…
What we’re going to do and why
If you’re a Ruby programmer, you almost certainly use Proc objects all the time, although you might not always be consciously aware of it. Blocks, which are ubiquitous in Ruby, and lambdas, which are used for things like Rails scopes, both involve Proc objects.
In this post we’re going to take a close look at Proc objects. First we’ll do a Proc object “hello world” to see what we’re dealing with. Then we’ll unpack the definition of Proc objects that the official Ruby docs give us. Lastly we’ll see how Proc objects relate to other concepts like blocks and lambdas.
A Proc object “hello world”
Before we talk about what Proc objects are and how they’re used, let’s…
A buffer overrun vulnerability was discovered in CGI.escape_html.
This vulnerability has been assigned the CVE identifier CVE-2021-41816.
We strongly recommend upgrading Ruby.
Details
A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.
Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You can use gem update cgi to update it. If you are using bundler, please add gem "cgi", ">= 0.3.1" to your Gemfile.
Alternatively, please update Ruby to 2.7.5 or 3.0.3.
This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6…
A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse.
This vulnerability has been assigned the CVE identifier CVE-2021-41819.
We strongly recommend upgrading Ruby.
Details
The old versions of CGI::Cookie.parse applied URL decoding to cookie names.
An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application.
By this fix, CGI::Cookie.parse no longer decodes cookie names.
Note that this is an incompatibility if cookie names that you are using include non-alphanumeric characters that are URL-encoded.
This is the same issue of CVE-2020-8184.
If you are using Ruby 2.7 or 3.0:
Ruby 2.6.9 has been released.
This release includes security fixes.
Please check the topics below for details.
See the commit logs for details.
Ruby 2.6 is now under the state of the security maintenance phase, until the end of March of 2022.
After that date, maintenance of Ruby 2.6 will be ended.
We recommend you start planning the migration to newer versions of Ruby, such as 3.0 or 2.7.
Download
Ruby 2.7.5 has been released.
This release includes security fixes.
Please check the topics below for details.
See the commit logs for details.
Download
Ruby 3.0.3 has been released.
This release includes security fixes.
Please check the topics below for details.
See the commit logs for details.
Download
Recorded live from Rubyconf 2021 in Denver, CO with an audience! Panelists from The Ruby on Rails Podcast, Code with Jason and Remote Ruby gathered to chat about why they were excited to attend Rubyconf, favorite episodes and to field listener questions.
Moderated By:
Panelists:
Show Notes & Links:
Sponsored By:
Honeybadger
Honeybadger makes you a DevOps hero by combining error…
Authors: Gleb Stroganov, Product Designer at Evil Martians, Anton Senkovskiy, Account Manager at Evil Martians, and Travis Turner, Tech Editor at Evil Martians
Google created the Design Sprint methodology back in 2010, but many teams still use and adapt this framework, and Evil Martians are no exception. So far, the Martian Design team has already run 12 design sprints, helping our customers better understand their projects, accurately evaluate development, find effective solutions, and save money. But it’s about more than these things. This is the time to make sure you truly understand your goals and relationship with your users. The decisions made during this period are key to building…
Sebastian Wilgosz joins the Rogues to discuss Hanami, a web framework for Rubyists. He discusses how it works and how it differs from other Ruby based web frameworks.
He also discusses what's coming down the pipe and how to get started.
Check out his website at https://hanamimastery.com
Panel
- Charles Max Wood
- Darren Broemmer
Guest
Sponsors
Links
Picks
Special Guest: Sebastian Wilgosz.
Sponsored…
01:01 - Ian’s Superpower: Curiosity & Life-Long Learning
- Discovering Computers
- Sharing Knowledge
06:27 - Streaming and Mentorship: Becoming “The Career Development Guy”
12:01 - Tech Interviews (Are Broken)
16:43 - How do I even get a first job in the tech industry?
- Tech Careers = Like Choose Your Own Adventure Book
- Highlight What You Have: YOU ARE
- Apply Anyway
24:25 - Interview Processes Don’t Align with Skills Needed
…
In the last few weeks I’ve been writing about different aspects of
Polyphony, a library for writing
fiber-based concurrent apps in Ruby. Polyphony makes it easy for developers to
use stock Ruby core and stdlib classes and APIs in a highly-concurrent
environment in order to create scalable, high-performance apps.
In order for provide a solid developer experience, Polyphony reimplements
different parts of the Ruby runtime functionality, which are adjusted so
developers will see a consistent and reliable behaviour. In this article I’ll
discuss how Polyphony implements signal handling. For the sake of brevity, I’ll
assume the reader is familiar with POSIX signals and has some knowledge of…
Everyone has randomly downloaded several apps and not deleted them for months, years, or eternity!I bet You have some of those apps now! People can now use an app or game without installing it first. Increase engagement with your Android app and gain more installs by surfacing your instant app across the Play Store and …
Continue reading Apps! No installion, Try Instant!Rails 6.1 introduced the delegated_type to Active Record which makes it easierfor models to share responsibilities. Please see ourblogto read more about delegated_type.
class Entry < ApplicationRecord # Schema # entryable_type, entryable_id, ... delegated_type :entryable, types: %w[ Message Comment ]endclass Message # Schema # subject, ...endclass Comment # Schema # content, ...end
The accepts_nested_attributes_for option is very helpful while handling nestedforms. We can easily create and update associated records by passing detailsalong with main object parameters when the accepts_nested_attributes_foroption is enabled.
Before
The accepts_nested_attributes_for option is not…
Ruby 3.1 introduces the Class#descendants method which returns all descendantsof a class excluding the receiver and singleton classes.
We can see many implementations for calculating all descendant classes of aparticular class from the Ruby community with different gems. TheActiveSupport::DescendantsTrackeris one of such implementations used in Rails framework. Finally, Ruby has addedthe Class#descendants native implementation for it's 3.1 version release.
After Ruby 3.1
=> class User; end=> class Employee < User; end=> class Client < User; end=> class Manager < Employee; end=> class Developer < Employee; end=> User.descendants=> [Employee, Client, Manager, Developer]=> Employee.descendants=>…
RubyGems 3.2.32 includes enhancements.
To update to the latest RubyGems you can run:
To install RubyGems by hand see the Download RubyGems page.
## Enhancements:
- Refactor installer thread safety protections. Pull request #5050 by
deivid-rodriguez
- Allow gem activation from
operating_system.rb. Pull request #5044 by
deivid-rodriguez
- Installs bundler 2.2.32 as a default gem.
SHA256 Checksums:
- rubygems-3.2.32.tgz
1a8223ad81c442badc4735df35d92a642401419fd107942966d4f0468a500b9c
- rubygems-3.2.32.zip
e852f3087a4f4f67ef2398e0785f96d645f1772c4d2c775696e70fdb6e4a63ae
- rubygems-update-3.2.32.gem
8a6de61e080bf7275c93319c81fcf65689f849133318719065a55df58e833fde
121 - API Design with Damir Svrtan, Senior Software Engineer at Netflix
In this episode, Damir and I take a deep dive on API design.
Personal Identifiable Information (PII) is any data that could potentially be used to identify a particular Person / Company / Entity.
Examples include a Social Security Name, Passport Number, Bank Account, Email or Telephone etc.
Use case for PII Removal might arise for
- HIPPA Compliance
- Security Compliance
- Data Subsetting for Staging / Testing / Dev Environments
Goal
The goal of this article is to establish a replication task through which we continuously replicate data from a source to a clean PII removed database instance.
Given we have a table Companies in source Database, we want to be able to have the same table Companies in the DATABASE B with original content…
…
Do you want to know more about how to use macros in Vim? In this talk, learn tips and tricks for mastering macros in Vim with an example project.
This talk was presented by Camilo Payan at VimConf 2021 on October 29, 2021.
### Impact
CSRF vulnerability that allows user account takeover.
All applications using any version of the frontend component of `solidus_auth_devise`
are affected if `protect_from_forgery` method is both:
- Executed whether as:
- A `before_action` callback (the default)
- A `prepend_before_action` (option `prepend: true` given) before the
`:load_object` hook in `Spree::UserController` (most likely order to find).
- Configured to use `:null_session` or `:reset_session` strategies
(`:null_session` is the default in case the no strategy is given, but
`rails --new` generated skeleton use `:exception`).
That means that applications that haven't been configured differently…
### Impact
CSRF vulnerability that allows user account takeover.
All applications using any version of the frontend component of `spree_auth_devise`
are affected if `protect_from_forgery` method is both:
* Executed whether as:
* A `before_action` callback (the default)
* A `prepend_before_action` (option `prepend: true` given) before the
`:load_object` hook in `Spree::UserController` (most likely order to find).
* Configured to use ``:null_session` or ``:reset_session` strategies
(``:null_session` is the default in case the no strategy is given, but `rails --new`
generated skeleton use ``:exception`).
That means that applications that haven't been configured differently…
### Impact
The actual vulnerability has been discovered on `solidus_auth_devise`. See
[GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2)
for details.
The security advisory here exists to provide an extra layer of security in the
form of a monkey patch for users who don't update `solidus_auth_devise`. For
this reason, it has been marked as low impact on this end.
### Patches
For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`.
### Workarounds
Look at the workarounds described at
[GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).
"Errors should never pass silently" is easy to say, but complicated to achieve. A robust application needs a powerful monitoring system to control, debug errors, and promptly alert you when something goes wrong. These are the problems Honeybadger is dedicated to solving.
Honeybadger is a universal platform for error, uptime, and check-in monitoring, combined in a single, powerful application. By including it in your production stack, you will be able to keep track of all the exceptions occurring in your programs, constantly monitor their health status, and know when your background jobs and services go missing or silently fail.
When it comes to error monitoring, a lot of ground is covered…
AWS Lambda allows us to set up scalable functions while minimizing overhead. Instead of writing, hosting, and maintaining an entire Ruby on Rails app, we can use Lambda functions to respond to individual events independently. This article will bring you from an AWS newcomer to writing Ruby in your own Lambda functions.
Lambda allows you to run code in response to events without managing servers. This event-driven architecture ensures that you only pay for your code while it's working for you, not while it's idling. While Lambda is most commonly used to respond to events within the AWS ecosystem, such as deleting a file in an S3 Bucket, it can also be configured to act as an API in…
A struct with static type check for all attributes is a pretty useful thing in Ruby and all other languages. Here are 3 examples of useful applications for typed structs using dry-struct.
For a coding coach, it's exciting to read when a coachee achieved one of his bigger goals:
"Contract signed! 🎉"
Earlier this year, Dave set a clear goal for himself:
Get a junior web developer position at a sustainable company with a great team culture that's doing good in the world within 6 months.
That's ambitious goal-setting by the book, let's see what he did and how close he came.
I. Preparation Phase
We'll see 3 phases that I just made up while looking back and recalling his journey. They are intertwined, but the time investment usually crucially shifts in one direction once a new phase really starts.
Create Credibility For Yourself
Dave did a self-taught developer Bootcamp program at the Od…
Hey, this is Greg, bringing you the latest news about Ruby on Rails.
Support <form> elements without [action]
By default, when a form is declared without an action attribute, browsers will encode the form’s fields into the current URL. Prior to this commit, none of the form construction variations supported declaring a form without an action attribute, form_with, form_for, and form_tag all default to url_for({}) when a url or action option is omitted, but with this change, when they are set to false, the form will be rendered without an action attribute.
Support authenticity_token option in button_to helper
This PR adds support for passing authenticity_token option to button_to, the same…
Introduce field_name view helper
The fi…
[LIVE from RubyConf 2021] I Tell Nick Schwaderer About My Soup
In this episode I tell Nick Schwaderer about some soup I ate. We touch on ingredients, spice level, utensils and consumption logistics.
Links:
There are cases where you have a compressed GZIP file for which you want to determine the uncompressed data size without having to extract it.
For example, if you work with large text-based documents, you can either display their content directly in the browser or share it as a file upon request depending on the file size.
Luckily for us, the GZIP file format specification includes the following statement:
+=======================+
|...compressed blocks...| (more-->)
+=======================+
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| CRC32 | ISIZE |
+---+---+---+---+---+---+---+---+
…Maybe you are already familiar with includes or preload, but you know that a lot of the time you will need more than just preload(:comments).
I have already share with you a guide for preloading associations…
It starts with the basics, with just a regular has_many, preload orincludes, and build from this to then show you things like…
- How to preload nested associations
- How to define associations to help you simplify the preloading
- How to preload just a part of the association like an scope
- How to preload just the “top 1 per group” or the “latest of each”
- How to preload just the “top n per group” or the “latest n of each”
- How to use custom objects to represent a preloading
Now I want to…
I've wondered why Hanami uses sequel under the hood. There are some problems with ActiveRecord, but I've wanted to know exactly, what it is about. Here is the summary of my foundings.
RubyMine 2021.3 Release Candidate is now available!
Unlike previous EAP builds, the RC requires you to have a valid RubyMine license. Otherwise, it will install and run as a 30-day free trial.
You can install the RC version alongside a stable version of RubyMine.
In this post, you will learn about the some of the new features in the upcoming 2021.3 release:
Database tools
Database in the Version Control System
A DDL data source is a virtual data source whose schema is based on a bunch of SQL scripts. Storing these files in the Version Control System is a way to keep your database under the VCS.
S…
[00:00:52] The guys chat about being at RubyConf, how they recorded a live episode with six people, what they talked about, and something about a stellar ending.
[00:02:50] Andrew and Jason talk about what happened from the first day of RubyConf and from then on, between meeting up with people, eating with friends, doing a lot of walking, hugging, and talking with so many people.
[00:06:39] Jason tells us more about Matz’s talk on the Ruby 3 Nexus.
[00:10:49] Jason explains another thing Matz talked about regarding how there will not be a lot of language features focused on right now, but more performance and tooling.
[00:12:38] Chris tells us about the new screencast he just did…
A poor OOP example
Sometimes you come across OOP examples that demonstrate the modeling of a real-world object, like a vehicle for example. Below is an example which is made up by me but representative of such examples.
class Vehicle
def initialize(fuel_tank_capacity, current_fuel_level)
@fuel_tank_capacity = fuel_tank_capacity
@current_fuel_level = current_fuel_level
end
def fuel_level_percentage
@current_fuel_level.to_f / @fuel_tank_capacity
end
end
vehicle = Vehicle.new(20, 15)
vehicle.fuel_level_percentage # 0.75
To me, OOP is all about modeling. A model, the way I define it, is a piece of code that represents a part of reality in a simplified way in order to make…
For those who don't know me, I'm autistic. I've been a developer for the better part of a decade.
I didn't find out I was ASD until 19, and didn't reconcile with that until years later. These posts will be a combination of advice I've given to those who are like me, as well as a letter of sorts to my past self who could have used a lot of it.
I write these posts in the hopes that someone like me will find value in knowing a very simple and very important truth about ASD:
You are not alone, and you are loved.
Order and Chaos
While I am most certainly autistic, I'm also ADHD, making for a very interesting mix of traits. My mind, quite simply, operates in a mode of constant…
