Rubyland

This article was adapted from my Rails World talk “Rails and the Ruby Garbage Collector: How to Speed Up Your Rails App”.

Ruby’s garbage collector is designed to be adaptable, scaling from short Ruby scripts to running apps that serve millions of requests per second. While it’s designed to be adaptable, it may not work optimally for every use case. For this reason, Ruby’s garbage collector supports many (19 at the time of writing) parameters that can be used to tune it. However, the use of these parameters requires knowledge of how the garbage collector works on the inside. It also doesn’t help that there are changes to the garbage collector in every major Ruby release, meaning that…

Rails developers often faced challenges optimizing performance due to logs that lacked detailed SQL query information.

This made it difficult to identify specific performance bottlenecks, as the logs only provided general data on database interactions and view rendering times.

A recent update to the Rails framework, offers an insightful enhancement to how Rails logs SQL queries during template rendering.

This feature is particularly useful for developers who need to monitor SQL queries to optimize performance and debug issues efficiently.

Before

Prior to the implementation of this feature, Rails logs displayed basic metrics about the requests processed, including total time, view…

There are so many Ruby events happening recently, that it can be hard to know which one to go to. Today we’re going to talk about a rather unique event in the Ruby community. What if you could go to an event that was just the Hallway Track? And that event happened at a summer camp?

Show Notes
Rails Camp West Website - https://west.railscamp.us
Big Nerd Ranch - https://bignerdranch.com/

Sponsors
Honeybadger

As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime issues, troubleshooting, and error tracking. How can you spend more time shipping code and less time putting out fires?

Honeybadger is how. It’s a suite of monitoring tools…

I’ve been scouting out what it will take to update Agile Web Development with Rails 7 for Rails 8, and chapter 17 (Deployment and Production) will need be rewritten to focus on Kamal. This naturally lead me to spend a few hours deploying my Showcase Rails app to Hetzner. Up to this point, I had been following the Kamal project closely, but never had actually used it.

Overall, I will say that if I didn’t have Fly.io available to me I would be inclined to use Kamal. Actually, I’ll go a bit further: I will continue to use it - I’ll maintain a server that serves primarily as a…

Well-structured, detailed documentation matters for all open source projects, but for Open Core solutions adopted by large businesses—it’s absolutely critical. See how we helped Teleport not only redesign their docs, but gain a super user acquisition channel in the process.

Well-structured, detailed documentation matters for all open source projects, but for Open Core solutions adopted by large businesses—it’s absolutely critical. Our customer project with Teleport where we totally redesigned their documentation platform is a…

Ruby on Rails is the most popular web framework in the Ruby ecosystem and has a large user base, ranging from freelancers to large established companies. With an active user community and wide-ranging documentation, it can be used to build everything from simple applications to complex web platforms.

That said, a new contestant is taking on Rails’ dominance for the full-stack Ruby framework title: Hanami. It is a fast, modular Ruby framework with improved performance and maintainability compared to Rails.

In this article, we'll explore the strengths and weaknesses of each framework in terms of performance, features, testing, and more. So whether you are looking to build a customer-facing…

Hi all,

Amanda here from the Rails Foundation. We have a quick update about Rails World 2024 tickets.

Tickets will be available beginning Tuesday April 30 at 1pm EDT.

General admission tickets are $559 USD. (This year we will not be issuing Early Bird tickets.)

Good to know: To mitigate any potential rush for tickets, all speakers have been informed if they are invited to speak, and all sponsor and Rails Foundation member tickets have been set aside. We are hoping that this reduces the amount of people looking for a ticket at the same time, so if your company is sponsoring Rails World or is a member of the Rails Foundation, please ask internally for the booking process.

If there are…

So this might come as a news to some of you, but I left my full-time job near the end of 2023.

Part of the reason was to focus on a few personal projects, but another reason was to dabble in freelancing. As a result, since the start of this year, I've been working as an independent software developer, working with Ruby and Rails.

So far, I've worked on three freelance development projects with one American and two Canadian clients, have successfully wrapped up two, and close to finishing the last one. I have probably written more Ruby in last few months than I did in the last year.

I had never worked as a freelancer before this experiment, but I am enjoying it so far, and the more…

In opensearch-api-specification#260 I added eslint, but had a hard time finding a cookbook for auto-fixing specific violations. Here it is.

First, I followed the getting started with eslint guide, which essentially tells you to run npm init @eslint/config@latest.

Rewrite eslint.config.mjs using the newer flat configuration format, making sure that the ignores and rules section appears last, as it will overwrite the defaults. For my TypeScript project, see the complete file here.

export default [
  pluginJs.configs.recommended,
  ...compat.extends('standard-with-typescript'),
  {
    files: ['**/*.{js,ts}'],
    ignores: [
      ...
    ],
    rules: {
      ...
    }
  }
]

Add the…

We have released the Ruby version 3.0.7, 3.1.5, 3.2.4 and 3.3.1 that have a security fix for an arbitrary memory address read vulnerability in Regex search. This vulnerability has been assigned the CVE identifier CVE-2024-27282.

Details

An issue was discovered in Ruby 3.x through 3.3.0.

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings.

Recommended action

We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby series, you may update as follows instead:

• For Ruby 3.0 users: Update to 3.0.7
• For…

Ruby 3.0.7 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
• CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
• CVE-2024-27280: Buffer overread vulnerability in StringIO

See the GitHub releases for further details.

After this release, Ruby 3.0 reaches EOL. In other words, this is expected to be the last release of Ruby 3.0 series. We will not release Ruby 3.0.8 even if a security vulnerability is found (but could release if a severe regression is found). We recommend all Ruby 3.0 users to start migration to Ruby 3.3, 3.2, or 3.1 immediately.

…

Ruby 3.1.5 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
• CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
• CVE-2024-27280: Buffer overread vulnerability in StringIO

See the GitHub releases for further details.

Download

• https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.5.tar.gz

  SIZE: 20884264
  SHA1: e3387c8fa2b6faf20beade2239ebdfc701ee6268
  SHA256: 3685c51eeee1352c31ea039706d71976f53d00ab6d77312de6aa1abaf5cda2c5
  SHA512:…

• https://cache.ruby-lang…

Ruby 3.2.4 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
• CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
• CVE-2024-27280: Buffer overread vulnerability in StringIO

See the GitHub releases for further details.

Download

• https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.4.tar.gz

  SIZE: 20581711
  SHA1: a177e809102270f1cd77bf23c6df30c50ee7c107
  SHA256: c72b3c5c30482dca18b0f868c9075f3f47d8168eaf626d4e682ce5b59c858692
  SHA512:…

• https://cache.ruby-lang…

Ruby 3.3.1 has been released.

This release includes security fixes. Please check the topics below for details.

• CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
• CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
• CVE-2024-27280: Buffer overread vulnerability in StringIO

See the GitHub releases for further details.

Download

• https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.1.tar.gz

  SIZE: 22074535
  SHA1: affd82947d7cd84bd586f7f487a1da0c0bd8b1fd
  SHA256: 8dc2af2802cc700cd182d5430726388ccf885b3f0a14fcd6a0f21ff249c9aa99
  SHA512:…

• https://cache.ruby-lang…

As we close the books on a busy Q1, the Rails Foundation is happy to welcome our newest Contributing member: makandra.

As the first German company to join the foundation, makandra brings with it over 15 years of building on Rails for large corporations such as Volkswagen and Audi to one-man companies such as Wissensbox.

Joining the Rails Foundation is a huge milestone for us and shows that we are fully behind Ruby on Rails. We are proud to be part of this community and we are determined to do our part to further develop and strengthen the framework.

Thomas Eisenbarth, makandra CEO and Founder

makandra has already spent years supporting the maintenance of the Rails ecosystem through…

The ability to record and see everything happening across your web applications is essential when building resilient and highly available systems. All of your events—from application logs to errors to user behavior—contain data that could be useful to you and your team. When you have a central place to access all this information, finding issues and their root causes becomes easier because you have the data at your fingertips. At Honeybadger, we're making that easier for everyone with our new observability platform, Honeybadger Insights. While you can send many things to Insights, logging is one of the quickest wins with the most gain.

In this tutorial, we'll deploy a Rails application to…

Exploring Early Career — Part 2: Navigating a Relationship With Your Manager

Co-authored by Jessica Fan

Stepping into a new career, whether you’re a recent graduate or shifting your professional focus, can feel overwhelming. Effectively navigating your new environment while expanding your knowledge and network presents a challenge that, if approached with care, can foster professional growth in many rewarding ways. In the early stages of your career, the choices you make and the resources you leverage can significantly shape the way in which you impact your community and contribute as a developer!

This series will outline tips and strategies that will make this daunting endeavor a bit more…

Streamline the authentication process and essentially alleviate the burden of managing it by integrating AWS Cognito and AWS Amplify into your React TypeScript application, with a focus on SAML 2.0 integration with Identity Providers and enhancing REST API security using Bearer token authentication.

Tired of the complexities and time-consuming tasks involved in implementing authentication in your React TypeScript application? What if there was a way to simplify the process?

TL;DR: You can route an incoming HTTP request to a valid Rack endpoint using the following syntax:

match '/url', to: RackApp

# OR

mount RackApp, at: "/url"

# OR

mount RackApp => "/url"

Let's dig in to learn why, what, and how. This is what we'll learn in this post:

• Why You Want to Route to a Rack App
• How to Route to a Rack Application
• Receiving Requests at Root of Rack App
• Standard Rails Routes are Rack-Compliant
• You can Use a Lambda as a Route Handler

The Neonify challenge on Hack The Box is a small Sinatra(a Ruby web framework) app, that generates a glowing text of the submitted value:

Automating things in your life can save you time and mental energy which are rare but crucial resources in a world distracted by phones and screens. Same for businesses, only that all time and mental energy saved also translate directly into dollars.

You know that. But you still end up doing that manual boring task once a day for 5 minutes which translate into 6 wasted days of your life over 5 years:

Imagine a world where you could just get out there into the 2024+ Internet and automate it? Maybe chat with a robot and get a great solution for it?

Umm, actually, this is almost reality. The only unsurmountable thing that stands between you and your…

Ruby for All Podcast 🔗

I was a guest on episode 66 of the Ruby for All podcast. Julie and I are both on the RailsConf 2024 Program Committee. I joined Julie and Andrew to talk about RailsConf 2024 and what it’s been like being on the Program Committee.

From the episode description:

In this episode of ‘Ruby For All’, hosts Andrew and Julie welcome guest Kevin Murphy, Software Developer at Pubmark and member of the RailsConf program committee. The discussion kicks off with Andrew and Julie catching up, then transitions into an in-depth conversation about the RailsConf planning process. Kevin and Julie, the Speaker Liaison, share insights into the workings of the program committee, the selection…

Hello! Welcome to the April newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In March, Ruby Central's open-source work was supported by Ruby Shield sponsor Shopify, AWS, the German Sovereign Tech Fund (STF), and Ruby Central memberships from 29 other companies, including Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 173 members. Thanks to all of our members for making everything that we do possible. <3 

Ruby Central News

New Jobs Added to Ruby Central Job Board

• Revela recently posted a few new opportunities! Check it out here.

Keep up with Ruby Central’s…

Introduction

Ruby has three main classes for handling date and time: Date, Time, and DateTime. The DateTime class is a subclass of Date and is used to handle date, hour, minute, second, and offset. However, The Ruby documentation also recommends using the Time class instead of DateTime.

The DateTime class is still available in Ruby for backward compatibility, but developers are encouraged to use the Time class for new projects and to migrate existing code to use the Time class.

DateTime in Ruby

DateTime in Ruby is a class that can handle date, hour, minute, second, and offset. It is a subclass of the Date class. The DateTime class can be used to represent a specific point in time with a…

Most traditional interviews are focused on celebrities or popular personalities. However, I am more interested in interviews with hidden gems, unknown figures doing solid work, folks overcoming challenges just to be on the same playground as everyone else.

Hence, I wanted to start featuring some of them on this blog, providing a platform for sharing their compelling stories and valuable lessons. While they may not be on the covers of major publications or appearing on popular podcasts, their stories, backgrounds and experiences are nonetheless fascinating and worthy of a read.

This post shares the story of Pedro David Garcia Lopez, who switched careers from being a Lorry driver to a Ruby on…

Hey everyone, Happy Friday! I hope you get some time to unwind and relax going into the weekend 😎

Vipul here with the latest updates for This Week in Rails. Let’s dive in.

Allow ActiveRecord::Base#pluck to accept hash values
This change adds support for ActiveRecord::Base#pluck to accept hash values.

# Before
Post.joins(:comments).pluck("posts.id", "comments.id", "comments.body")

# After
Post.joins(:comments).pluck(posts: [:id], comments: [:id, :body])

The same applies to .pick, which is implemented using .pluck.

Fix child association loading in :n_plus_one_only mode
Strict loading in :n_plus_one_only mode is designed to prevent performance issues when deeply traversing…

The OpenSearch API specification is authored in OpenAPI and used to auto-generate OpenSearch language clients. I wanted to know how much of the API was described in it vs. the actual API implemented in the default distribution of OpenSearch that includes all plugins. To do so, I have exposed an iterator over REST handlers in OpenSearch core, and wrote a plugin that rendered a very minimal OpenAPI spec at runtime. All that was left was to compare the manually authored OpenAPI spec in opensearch-api-specification to the runtime one, added in opensearch-api-specification#179. The comparison workflow output a total and relative number of APIs described.

To surface this information in pull…

If you're finding AstroVim is lagging on very large files, it is possible the source of the problem is vim-illuminate.

To determine if it is, run :TSDisable illuminate. Does it solve your problem?

Large file cutoff

If that solved your problem, you can disable illuminate for large files with the following config change.

nvim/lua/plugins/vim-illuminate.lua

return {
  "RRethy/vim-illuminate",
  event = "User AstroFile",
  opts = function()
    return {
      large_file_cutoff = 3000,
    }
  end,
}

Now any file over 3000 lines will stop using illuminate.

Introduction

Ruby has three main classes for handling date and time: Date, Time, and DateTime. The DateTime class is a subclass of Date and is used to handle date, hour, minute, second, and offset. However, The Ruby documentation also recommends using the Time class instead of DateTime.

The DateTime class is still available in Ruby for backward compatibility, but developers are encouraged to use the Time class for new projects and to migrate existing code to use the Time class.

DateTime in Ruby

DateTime in Ruby is a class that can handle date, hour, minute, second, and offset. It is a subclass of the Date class. The DateTime class can be used to represent a specific point in time with a…

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Armin Ronacher, creator of the Flask framework and founder of the Pocoo team, a group of open source developers working on several widely used Python projects. Armin is a regular speaker at various developer conferences and currently works as a Principal Architect for Sentry.

Once a Maintainer is written by the team at Infield, a platform for managing open source dependency upgrades. Armin spoke with us from Austria.

How did you get into open source? Do you remember your first contribution?

Actually, it took me a lot longer to contribute than to write my own open source…

Delegated types are a modelization pattern introduced in Rails in 2020 ¹. While researching this pattern for a feature, I found that existing articles overly focus on the theoretical comparison between delegated types, STI, and polymorphism. Examples used in these posts are often unrepresentative of the complexity of real-life applications.

Today, I want to share a real-world use case. I’ll walk you through my pre-existing domain architecture, the initial requirements, my mistakes, how I eventually used delegated types, what I learned, and my open questions.

This post is not your typical tutorial, so prepare for some detours. Hopefully, this post will help you better understand how…

Columbia Business School, The Kellogg School of Management and MIT all offer product management programs. There’s even a dedicated Product School and the Product Institute.

Companies from startups to enterprises are formalizing product management divisions – including Google, Mailchimp, Nextlix, Reddit and 1Password.

The role of Chief Product Officer is becoming increasingly prevalent, as evidenced by its adoption by seven out of the Top 10 companies on the Fortune 100 list.

Product management isn’t just a trend. It’s a powerhouse driving success across industries.

In fact, strong product management is critical to the success of software investments – both maximizing revenue…

Recently, at RubyGems.org, we’ve encountered an unusual surge of empty packages, triggering an investigation by our team. This influx of pointless gems, referencing one of the reasonably popular packages, hinted at an attempt to manipulate the tea.xyz protocol. As with any potentially risky incident, we delved deeper into the motives and mechanics behind these submissions. This short article contains our investigation, the conclusions we’ve reached, and how, theoretically, individuals looking to abuse the system can distort the idea of rewarding OSS contributions.

tea.xyz Trigger

The tea.xyz cryptocurrency creators claim that it came to life to enhance the sustainability of open-source…

Phlex is a Ruby gem for building HTML components. Even though the HTML specification permits the usage of the javascript scheme in the href attribute of an anchor tag, Phlex doesn’t permit it to prevent an accidental XSS. When I had an initial look at the gem around its inception, I didn’t really checked how this filtering works, but a Twitter exchange with Joel reminded me to see if it can be bypassed somehow.

Grape is a popular Ruby framework for building RESTful APIs. Exception handling plays a crucial role in ensuring the stability and reliability of any application, including those made with Grape.

This article will explore the basics of Grape exception handling, including customizing exceptions. We'll also touch on some best practices, and how to integrate your app with AppSignal for enhanced error monitoring and management.

Let's get started!

Basics of Grape Exception Handling

In this tutorial, we’ll see how to handle exceptions in a Grape API built in Rails. I have made a demo job board API for this, and you can check out the source code on GitHub.

Raising an Exception

You can raise an…

Everything in money comes down to cushion vs flow.

Cushion is cash (or anything easily and quickly convertible to cash).

Flow is money in (and out).

To feel good/safe/whatever about your money situation, you need have a cushion large enough to cover your flow (for a good time period) and/or a healthy balance between inflow and outflow.

What's been striking me lately is the relationship between the two.

You can use cushion to create flow or you can use flow to create cushion.

Flow to Cushion

Not everyone has cushion, but everyone has flow. So let's run through some flow examples first.

Your flow is money in (income) and out (expenses).

• $100k salary? That's flow.
• Side hustle book making $1k/mo?…

In Ruby 3.3.0, a new standard library was added to CRuby called Prism. Prism is a parser for the Ruby language, exposed as both a C library (optionally usable by CRuby) and a Ruby library (usable as a Ruby gem). The Prism project represents many person-years worth of effort, and is the result of a collaboration between Shopify, CRuby core contributors, other Ruby implementation authors, and Ruby tooling developers.

This post provides an overview of the Prism project — why it exists, where it stands today, and what the future holds. It also gives some insight into the broader ecosystem of Ruby parsers, intermediate representations, and tools. This includes some well-known projects that you…

This took me a while to figure out.

In this file: ~/.config/nvim/lua/community.lua

You need to add the following line.

{ import = "astrocommunity.completion.copilot-lua-cmp" },

Then, when you start nvim again. Run :Copilot auth. This will trigger the setup and you'll be good to go!

Stephanie is back with a book recommendation: "Thinking in Systems" by Donella Meadows. This book has helped to bolster her understanding of complex systems in environmental, organizational, and software contexts, particularly through user interactions and system changes. Joël describes his transformative experience watching last week's total solar eclipse.

Together, they explore how systems thinking influences software development and team dynamics by delving into practical applications in writing and reading code, suggesting that understanding complex systems can aid developers in navigating and optimizing codebases and team interactions.

Transcript:

 JOËL: Hello and welcome…

Active Record introduced transaction callbacks recently. This change allows you to have a callback for the whole transaction, rather than to just have callbacks on a record’s after_commit event. To make this possible, ActiveRecord::Base.transaction yields a transaction object now and the callback can be registered on that:

3 popular UI patterns for keeping users informed about ongoing processes: the spinner, the X of Y pattern, and the progress bar, the pros and cons of each, and tips for choosing the one that best suits your needs.

Enhance the way your CLIs report progress to users. While there are many developer experience improvements we could make to most command-line apps, I see this one as absolutely essential. If you are creating an app or a shell script for a terminal emulator and you're pressed for time but can only squeeze in one more improvement, make sure it is how…

Welcome to my thenth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I fixed some DoS vectors in RubyGems.org.

Documentation for the compact index

I spent a few hours helping Martin write down some authoritative documentation for the compact index API, which should help implementers of other RubyGems package repositories support the format, which comes with some big security benefits (largely, the ability to verify gem checksums on download & install).

Re-introducing avatars to RubyGems.org

I spent a few…

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems News

This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup…

Some other important accomplishments from the team this month include:

Making gem install respect the umask of the target…:

• …

The Right Number of Cooks in the Kitchen 🔗

Today we’re going to make a stew. The recipe has three steps that can all run independently. But when they’re done, their output needs to come together to finish the stew.

We’ll set each step up as a separate Sidekiq job. The details of each step aren’t important for this demonstration.

class GetRawVeggiesWorker  include Sidekiq::Job  def perform; endendclass GetBaconWorker  include Sidekiq::Job  def perform; endendclass GetCupOfSoupWorker  include Sidekiq::Job  def perform; endend

We can enqueue these to run by themselves no problem. However, we need to know when they’re all done so we can finish our recipe. We can group these together using a Sidekiq…

Because good things come in threes.

Surprise! It’s a 3-Day Flash Sale. RailsConf Detroit is just over three weeks away. We'll be in Detroit for three days from May 7 -9. So for three days only join us at a DISCOUNTED price before we sell out! Sale ends Monday.

Grab your discounted tickets HERE!

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Fix union select parentheses
When building UNION or UNION ALL queries involving LIMIT or ORDER BY, Arel generated invalid SQL previously. This pull request changes Arel::Visitors::ToSql so that SELECT statements in Union and UnionAll nodes are enclosed in parentheses to avoid syntax errors.

Fix copying virtual columns when altering a table in SQLite3
When Rails alters a SQLite table, it creates a new table and copies the structure and data from the old one.
The problem is that virtual columns are incorrectly copied (copied as classic columns). This pull request fixes that.

Fix ActiveJob::EnqueueAfterTransactionCommit…
perform_later is supposed to return…

RubyGems 3.5.9 includes enhancements.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

• Installs bundler 2.5.9 as a default gem.

SHA256 Checksums:

• rubygems-3.5.9.tgz
  2b203642191e6bb9ece19075f62275a88526319b124684c46667415dca4363f1
• rubygems-3.5.9.zip
  e84246e89ddd8ac14844fc289e5c863346c67fdaa898c88a55438943397993b6
• rubygems-update-3.5.9.gem
  4825e486c53db8885978f5892357fd7c2c8bebb39601d66e24e9c2fe1d891cbd

After my previous post, How a Ruby Method Becomes a Rails Action, I got quite a few emails asking about the best way to read the Rails source code. Here's one from Peter, a long-time reader of the blog:

You have mentioned that you enjoy just reading the Rails source code. I am interested in going through the Rails source code but the code base is so large, I'm not quite sure where to start. Would you have a suggestion for someone like me, just learning Rails, to tackle this?

It just seems so overwhelming that I'm not quite sure where to start and how to proceed.

While I don't think there's one best way to read the Rails codebase, I've found a few techniques that are much more effective than…

In today’s episode, Jason, Chris, and Andrew, along with their guest, Irina Nazarova, CEO of Evil Martians, engage in a candid discussion that covers the intricacies of using Rails and integrating it with technologies like React, and the challenges of marketing developer-facing products. The discussion also touches on open-core business models, the relevance of Docker in current tech companies, and the future of software deployment. Also, Irina touches on a new tool from Thoughtbot called Superglue, a new open source product called Skooma, and she invites listeners to come to RailsConf and some Ruby meetups in San Francisco coming soon. Press download to hear more!

Panelists:
Jason Charnes
Ch…

Upcoming Conference Talks by thoughtbot

The year’s already gone by so fast; Since January 2024, thoughtbotters have already attended and presented talks at events like CCOSS and Sin City Ruby 2024.

Didn’t make it to these events? Don’t worry, we’ve got more amazing talks lined up for the spring and summer of 2024. Mark your calendars for these upcoming talks by thoughtbotters!

Tropical.RB: April 4-5

Tropical.RB brings together Rails developers from Latin America to talk about Rails and share knowledge.

The Fast Lane: Asynchronous Rails

Join Matheus, a senior developer at thoughtbot, at Tropical.RB on April 5, 2024, as we explore how to leverage…

RubyGems 3.5.8 includes security, enhancements and bug fixes.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Security:

• Respect global umask when writing regular files. Pull request #7518 by deivid-rodriguez

## Enhancements:

• Allow string keys with gemrc. Pull request #7543 by hsbt
• [Experimental] Add “gem rebuild” command. Pull request #4913 by duckinator
• Installs bundler 2.5.8 as a default gem.

## Bug fixes:

• Fix NoMethodError crash when building errors about corrupt package files. Pull request #7539 by jez
• Fix resolver to properly intersect Arrays of Gem::Resolver::Activation objects.…

SHA256 Checksums:

• rubygems-3.5.8.tgz
  6ddd48fc8c53ec303b24b7517a6102477463c9929…

As of today, this site is also my canonical social media presence!

Notes on making this happen:

I’m using the ActivityPub and Webfinger plugins to make WordPress users into full-fledged Fediverse citizens.

I had a lot of trouble getting Mastodon to recognize this site as a valid target for an account move. Mastodon demands some not-so-standardized stuff to appear on the target site that effectively makes its vaunted “account mobility” only work with other Mastodon instances

First off I had to disable caching for user profile pages. To be fair this part wasn’t a Mastodon issue. I’m going to come back around later and see if I can re-introduce caching more in content-type-aware…

While writing about Git, I’ve noticed that a lot of folks struggle with Git’s error messages. I’ve had many years to get used to these error messages so it took me a really long time to understand why folks were confused, but having thought about it much more, I’ve realized that:

1. sometimes I actually am confused by the error messages, I’m just used to being confused
2. I have a bunch of strategies for getting more information when the error message git gives me isn’t very informative

So in this post, I’m going to go through a bunch of Git’s error messages, list a few things that I think are confusing about them for each one, and talk about what I do when I’m confused by the message.

imp…

Rails 7 and Hotwire have completely revolutionized server side Rails apps. Developers can now get much more reactivity with way less javascript, less tooling, and simpler deployments. You’ve probably heard a lot about Rails 7.1 and Hotwire. Maybe you’re even using it in production? Ayush Newatia joins the show to talk about his new book, The Rails and Howtire Codex.

Show Notes
Radioactive Toy - https://radioactivetoy.tech
Rails and Hotwire Codex - https://railsandhotwirecodex.com
Folly Ayush on Ruby Social - https://ruby.social/@ayush
Listen to Ayush on The Just A Spec Podcast - https://justaspec.show
Rails and Hotwire Codex Link https://railsandhotwirecodex.com/

The SuperFastRails joke

Before reading this one, you should read the previous article to understand fully.

If you don’t have a few extra minutes, here is a summary: I was describing a new revolutionary gem that could automatically optimize any Rails app. It could create missing indexes, remove unused indexes, optimize SQL queries, and handle dangerous migrations. All that without needing you to think about it.

That was of course an April fools’ joke. It worked pretty well, possibly too well:

Not going to consider you for a good long while until I get over the April 1st post. Boomed me good

A promise given is a debt. Now the joke is on you, my friend.

Sorry, that was quite a…

Miss the convenience of Rails when working in React? Tired of building React forms ever so slightly different from project to project? Prefer working with HTML over customizing the Rails form builder? Prefer HATEOAS? Boy, do I have the tool for you!

Introducing form_props, a new member of the React ❤️ Rails family, which includes props_template, humid, and superglue. It’s a fork of Rails’s own form_with, made to output HTML attributes instead of HTML so you can wield the power of Rails’s form in React, and even React Native!

How it works:

Within a jbuilder or props_template file: new.json.jbuilder or new.json.props

json.create_form do
  form_props(@post) do |f|
    f.text :title
    f.s…

Would output

{
  "createForm": {
    …

I recently left this comment on a Pragmatic Engineer review of Fred Brook’s Mythical Man Month in “What Changed in 50 Years of Computing: Part 2”. This was what I reacted to:

Software design and “the second-system effect”

Brooks covers an interesting phenomenon in Chapter 5: “The Second-System Effect.” He states that architects tend to design their first system well, but they over-engineer the second one, and carry this over-engineering habit on to future systems.

“This second system is the most dangerous system a [person] ever designs. When [they] do this and [their] third and later ones, [their] prior experiences will confirm each other as to the general characteristics of…

We use i18next to handle our localizationrequirement. We have written in great detail how we usei18next and react-i18next librariesin our applications.

As our translations grew, we realized instead of adding every combination of thetexts as separate entries in the translation file, we can reuse most of them byutilizing the i18next interpolation feature.

Interpolation isone of the most used functionalities in i18n. It allows integrating dynamicvalues into our translations.

{  "key": "{{what}} is {{how}}"}

i18next.t("key", { what: "i18next", how: "great" });// -> "i18next is great"

Problem

As we started to use interpolation more and more, we started seeing lot of textwith irregular casing. For…

If you’ve ever worked on a Rails project with a team, you’ve probably run into an issue with changes appearing in db/schema.rb. The Rails robots that make up Active Record do their best to be helpful by keeping your db/schema.rb file up to date. But while they’re doing that, they tend to inject a bunch of other unwanted changes.

Here’s an example from a project I’ve been working on:

@@ -102,7 +102,7 @@ ActiveRecord::Schema[7.0].define(version: 2024_02_06_230921) do

   create_table "active_storage_attachments", force: :cascade do |t|
     t.bigint "blob_id", null: false
-    t.datetime "created_at", null: false
+    t.datetime "created_at", precision: nil, null: false

In this…

We examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we'll not only introduce a new Ruby gem, Skooma, that will be a revelation for those who are ready to follow this path, you can also read on for practical tips and advice for jumping in.

In this post, we’ll examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we’ll not only introduce a new Ruby gem that will be a revelation for those who are ready to follow this path, you can also read on…

Ruby’s NotImplementedError exception is often used as a placeholder in abstract classes for methods that should be implemented by subclasses. But did you know that this is not how this exception class was intended to be used?

How is it commonly (mis)used?

Let’s start with an example of a common usage pattern of NotImplementedError. We have a BaseSetting class, and we want to convey that anyone subclassing this should implement a to_html method.

class BaseSetting
  def to_html
    raise NotImplementedError
  end
end

class Text < BaseSetting
  def to_html
    "<input type='text'>"
  end
end

class Number < BaseSetting
  # Forgot to implement to_html
end

TextSetting.new.to_html   #=>…

In the above case, the Text setting class already implements to_html, If we’re introducing a new Number setting…

Joël conducted a thoughtbot mini-workshop on query plans, which Stephanie found highly effective due to its interactive format. They then discuss the broader value of interactive workshops over traditional talks for deeper learning.

Addressing listener questions, Stephanie and Joël explore the strategic use of if and else in programming for clearer code, the importance of thorough documentation in identifying bugs, and the use of Postgres' EXPLAIN ANALYZE, highlighting the need for environment-specific considerations in query optimization.

• Episode mentioning query plans
• Query plan visualizer
• RailsConf 2024
• Episode 349: Unpopular Opinions
• Squint test
• Episode 405: Retro on Sandi…

I unexpectedly wrote a second book. And I unexpectedly sold 300 copies while making it.

Idea

The idea of Kamal Handbook came after spending more time deploying with the tool and seeing my Kamal blog post trending.

But the thing was I didn’t want to write another book. And in fact, the main selling point of Deployment from Scratch was that it didn’t focus an any particular deploy tool.

Kamal changed this perspective for two reasons. I genuinely liked the tool and I could be the first author to publish something on Kamal. I wouldn’t do it if such a book existed.

So I conviced myself that if I can do this in ~ 5 weeks, I should.

Writing

The biggest change from my last book was giving…

For many applications, access is usually through a single domain, such as yourapp.com. This way, the application developer is able to offer a unified experience to all users. This works great most of the time, but imagine a situation where you need to give each user a customized experience; how would you achieve this?

One of the ways you can customize the user experience in a single application is by using account-based subdomains. Instead of giving users a single entry point into your app, offer them customized subdomains: user1.exampleapp.com, user2.exampleapp.com, and so forth. With account-based subdomains, you essentially give users an individualized entry point where they can manage…

In…

When talking to developers about gradual modularization, one of the questions is, “So… where are we headed?” That is, what is the destination of a modularization journey? These developers all work in a large, monolithic codebase-the large application that backs much of Gusto’s functionality. Based on discussions with our peers at different organizations, we know there are a whole bunch of companies in similar situations. These companies all have one thing in common, we’re using Ruby and Rails as a significant part of their backend systems.

We believe there is a juncture that all of these companies should strive to move their packages towards. This realization is based on working on…

RuboCop is a static code analyzer also linter and code formatter for the Ruby programming language. It will enforce the guidelines outlined in the community Ruby Style Guide.

It helps developers in ensuring adherence to coding style standards, identifying potential code flaws, and enhancing the overall quality of the codebase. In addition to identifying code problems, RuboCop also automatically corrects those issues.

Developers can adjust rules defined by Rubocop to match project coding standards.

Before Rails 8.0

Before Rails 8 we had to manually integrate Rubocop gem to our project.

We can simply install it like below.

gem install rubocop

or we can add it to the gemfile of the…

Our clients have seen big wins from our design sprints: rapid MVPs, design artifacts that set the project course, new investment funds, successful business pivots, and even design awards. This is the ideal way to kickstart the entire development process, bring founder ideas to life, and give Evil Martians a test drive.

Google originally introduced the Design Sprint methodology back in 2010. Since then, Evil Martians have customized that original framework to perfectly suit our clients’ needs. Today, the strength of the Martian Design…

Feature delivery can be impacted by many factors. Some are readily visible, but others are more nuanced — or buried in mountains of data.

What if we could show developers and project managers the factors that would affect feature delivery in real time? And what if that information…

Ruby blocks are simply amazing, and I’ve written about some of the cool things you can do with them.

But something which confused me early on as I learned Ruby and started using gems and frameworks was when to write a block vs. when to write an explicit proc or lambda.

For example, here’s some example code provided by Faraday, a popular HTTP client for Ruby:

conn = Faraday.new(url: 'http://httpbingo.org') do |builder|
  builder.request :authorization, 'Bearer', -> { MyAuthStorage.get_auth_token }
  # more code here...
end

As you can see, there are two different use of blocks/procs here. The first one is the one passed to Faraday.new — it yields builder so you can configure the request.…

I recently wrote a post over on the PlanetScale blog sharing how we make schema changes for our own Rails app.

In the post I share a couple concepts that might be new to you.

1. "Online" schema change tools
2. Separating rails db:migrate from deploys

If your team or app is starting to grow and you're wondering what to look out for next. Give it a read, I hope you find it helpful.

Back in 2014, I was doing quite well. I played poker professionally, essentially living my dream. But my career had to stop abruptly for health and financial reasons.

I looked for a new dream and found coding. It went OK most of the time; I liked the nerdy aspect of it. But it also came with severe dips and challenges that seemed unsurmountable. I was on the brink of switching studies to something like art history because I had considerable trouble passing a course exercise. I also ran away from what seemed like an undoable challenge, e.g., giving a talk in front of a big audience or finishing a coding project that appeared to have lost its purpose.

What if there was a way to see the other…

"I will teach you to be rich!"

"Everyone is a coach nowadays!"

"I'm looking for mentorship in sorting my socks."

"I'm not your guru!"

"No, I'm not a freelancer, I'm a consultant."

There are so many terms trying to explain training and helping relationships between human beings. With many terms comes confusion and misuse. What if there was a committee that would decide about the proper usage of those terms? How many mentees would be saved from being coached? How many minutes of podcasts could be unwasted trying to figure out the right terms to use?

Wait no longer. And don't wait for a committee. You can have your own definition right now.

Below is my unscientific digest about the differences…

As a Rails developer, you probably know what the following piece of code does.

# config/routes.rb

get "/about", to: "pages#about"


# controllers/pages_controller.rb

class PagesController < ApplicationController
  def about
    @title = "About Me"
  end
end

# views/pages/about.html.erb

<h1><%= @title %><h1>

As expected, it defines a route that directs a request to /about page to the PagesController#about method, which sets an instance variable @title that's displayed by the about.html.erb view.

Plain and simple.

Have you ever wondered how does an incoming HTTP request reaches the about method in the Rails controller? Like, who actually calls this method, what really happens before this…

Last week I spoke at the SF Bay Area Ruby Meetup, which was hosted at GitHub HQ, which made for an easy commute for me. Here’s the video and the slides. My talk was entitled “An OK compromise: Faster development by designing for the Rails autoloader”

Also, I haven’t shared here the 3 podcasts I did over the past few years. Here they are:

• The Ruby on Rails Podcast from September, 2021.
• GemRuby Show from September, 2023.
• The Ruby Rogues from January, 2024.

This post, A Ruby Meetup and 3 Podcasts, is published on Island94.org. Tweet me at @bensheldon to discuss it.

High traffic websites often use database replicas to scale out their reads. Most web traffic is a GET request anyway and never modifies data.

But how do you know when you should READ from the primary?

The answer is more complex than you might think. And it's important to understand the details.

Whenever data is updated on the primary, the change needs to be replicated to each of the replicas. The time this takes is known as “replication lag”.

You need to understand this concept to be able to work with replicas effectively.

Healthy replication lag is usually just a few milliseconds. But if you have a busy database, or are maybe running a schema change, it can grow to seconds…

Welcome to my ninth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I dealt with the fallout from the xz/liblzma backdoor. I also took a last minute trip to NY for a funeral, which was honestly more exhausting than firefighting the backdoor.

xz/liblzma backdoor

Thanks for ruining my Friday, Saturday, & Sunday, world. Like every other infosec professional, I spent several days chasing down the impact of the xz backdoor on RubyGems and the Ruby ecosystem writ large. The major product of those dozens of hours of…

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Jeremy Smith, co-host of the IndieRails podcast, organizer of the BlueRidge Ruby conference, and enthusiastic member of the Ruby and Rails communities.

Once a Maintainer is written by the team at Infield, a platform that helps companies upgrade their open source software without breaking things.

How did you get into programming?

So I distinctly remember seeing my first website when I was a teenager, probably 1995-96, something like that. I had dial up access to my dad's university Internet service because he was getting his PhD, so he had it as part of his program. I…

In today’s episode, Jason, Chris, and Andrew kick things off sharing things from their
personal and professional lives, touching upon various themes such as the peculiarities
of working on Good Friday, the journey from late-night adventures to morning rituals,
and the complexities of parenting. The discussion also dives into programming topics,
such as issues with using Rails, Turbo, and Stimulus for web development, and
experiences with React components. They share personal stories about the Sin City
Ruby conference, including the challenges and highlights of Jason’s live coding during
his presentation, the dynamics of attending without a ticket, networking among
colleagues, and exploring casinos…

Hi, Wojtek here exploring this week’s changes.

Rails World 2024 edition website is now live
With tickets going on sale in April.

Allow to register transaction callbacks outside of a record
ActiveRecord::Base.transaction now yields an ActiveRecord::Transaction object, which allows to register callbacks on it.

Article.transaction do |transaction|
  article.update(published: true)
  transaction.after_commit do
    PublishNotificationMailer.with(article: article).deliver_later
  end
end

Added ActiveRecord::Base.current_transaction which also allows to register callbacks on it.

Article.current_transaction.after_commit do
  PublishNotificationMailer.with(article: article).deliver_later
end

…

This is mainly a test post to verify that this blog is now on the Fediverse (via the ActivityPub plugin). Hi there, fedi-friends!

The post Hello, Fediverse first appeared on avdi.codes.

High-risk industries have regulatory compliance for a reason. While regulatory requirements might feel like a painful or tedious process, they build guardrails that save time and money in the long run.

Because no one person should be in a position to cause an aircraft component to fail.

Prior to joining Test Double in 2023, I had spent nearly the entirety of my professional career working in regulated software industries. With a decade of experience in aerospace, I learned how to implement the stories and code that made up a product while always staying within the scope of the regulations.

As I’ve moved away from regulated software industries and into DevOps consulting, I keep…

After 17 years dedicated to open source Ruby, Luca Guidi has stepped down from the Hanami and dry-rb projects.

In Luca’s place, I will step up as Hanami project lead. I also remain a committed member of the dry-rb core team.

As for Hanami, we’re continuing on the path we’ve followed over the last few years. 2.1 is now out the door, and 2.2 is next. As we plan for this release, you can look forward to seeing updates on our forum.

I’d like to extend a heartfelt thank you to Luca for all his contributions to Hanami and Ruby. Collaborating with Luca has been a true pleasure for me, and I’m very proud of what we’ve been able to create together in Hanami 2. I’m looking forward to extending…

RubyMine 2024.1 is now available!

At the heart of RubyMine 2024.1 lies its full line code completion feature, which is powered by a fully-integrated, advanced deep learning model. RubyMine 2024.1 also introduces support for the mise version manager, further streamlining the management of Ruby versions. This release includes improved AI Assistant and inspection updates tailored to Ruby 3.3.

Additionally, RubyMine 2024.1 enhances the development experience with features such as closing tags in ERB, the ability to run VCS commands with the current project’s SDK, and debase 3.0 support that is optimized for Ruby 3.3, enhancing debugging capabilities and ensuring seamless compatibility…

Programming with AI is still a highly divisive topic, but there’s no denying that more and more developers are starting to incorporate AI into their daily workflows. Whether you’ve already picked your side in the debate or are still undecided, we’ve got a new feature in v2024.1 of JetBrains IDEs that might just pique your interest – full line code completion. It’s AI-powered and runs locally without sending any data over the internet.

In this blog post, we’ll tell you more about what full line code completion is, how it works, what languages are supported, and how you can provide feedback about it to us.

What is full line code completion in JetBrains IDEs?

This new type of code…

Quem acompanhava meu canal no YouTube ou meu Instagram já acompanhou a saga com meu NAS (meu servidor pessoal), meu Synology DS1821+ com quase 80 TB de espaço.

Todos os videos do meu canal, incluindo os arquivos originais, estão lá. Só isso dá terabytes. Todo minha biblioteca do Steam está lá, são uns 4 terabytes. Todos os meus jogos antigos, retro-games, também, incluindo ISOs de Xbox 360 e PS3. São mais 4 terabytes. Toda minha coleção de discos Ultra HD (BluRay 4K) eu ripei (fiz backup), são mais alguns terabytes. Neste instante já estou usando mais de 50 terabytes.

Antes que venham dar palpite, sim, isso não é pra qualquer um. Estamos falando de 8 HDs de 10.9 TB, mais upgrade de 2…

Recently, I moved iPhones and wanted to open my 2FA keys with the App “Authenticator Plus” - But Apple has removed it from the App Store. Unfortunately, the developer has gone inactive and the app is abandoned, hopefully, they are all right :/

• App Store discussion
• r/AndroidQuestions PSA: Authenticator Plus, once the darling of 2FA apps, is now abandoned and no longer works

But, I still had the app on my old iPhone and wanted to extract the keys. Here is how I did it:

Retrieve database

The App-Store discussion above outlines most of what I repeat here. Also, this blog post helped a lot: Nigelsim.org: Extracting Authenticator Plus

The app is also released for Android, so it should…

The past few days have seen the security world focused on the revelation of the xz/liblzma backdoor. For more background, see this early writeup of the issue, this GitHub Gist, this detailed timeline, and the official detail page for CVE-2024-3094.

In response to the backdoor becoming public, we have done an internal audit not just of the software used to run RubyGems.org itself, but also every gem that has ever been published.

We are happy to report that RubyGems.org is not vulnerable to this issue. Furthermore, we are happy to confirm that no gem currently published on RubyGems.org contains the vulnerable liblzma library.

I would like to thank the rest of the RubyGems.org security team…

Recently I’ve been trying out Flutter to try to learn if and when I might want to reach for it on future projects. I enjoy learning by reading books, and this time I worked through Programming Flutter by Carmine Zaccagnino, published by The Pragmatic Programmers. It’s a great book that really helped me get some Flutter foundations under my belt. (Note: this isn’t an affiliate link and we aren’t receiving anything for recommending it; it’s just a great book!)

There was just one challenge working through the book: it was written in 2020, and both the Flutter framework and the Dart programming language have undergone some changes since then. Some were fairly easy to get past, and some…