No.
The switches on this keyboard are not hot-swappable. They are soldered on to the board.
(This post brought to you by attempting to find this information online, failing at that, and then dissecting the keyboard to inspect it myself.)
First class json(b) handling in Rails Event Store
Recently, in Rails Event Store v2.8.0 PreserveTypes
transformation has been introduced. v2.9.0 release brought RailsEventStore::JSONClient
. It’s a set of great improvements for RES users who plan to or already use PostgreSQL with jsonb
data type for keeping events’ data
and metadata
.
Back to the primitive
According to RFC 4627 JSON can represent four primitive types:
- strings
- numbers
- booleans
- null
and two structured types:
When data
is serialised to JSON format with JSON.dump
or ActiveSupport::JSON.encode
, which happens implicitly when persisting event, the data
need to be converted to primitives or structured types.
…

In a previous post, I shared that it's nice that you could have multiple projects on Heroku for 5$ with the eco plan.
I thought it would be a nice way to keep my projects there and support Heroku.
But it has some gotchas that are a bit lame.
You can't really have just a Rails project for 5$ bucks because you need a postgres database configured which is 5$ extra. So it's 5$ extra per project here, maybe it's charged per usage maybe flat, not sure yet.
Also with the eco plan, if you want to run it with your own domain you'll need to have your own SSL certificate which you can buy somewhere lake at namecheap.com for 10$ or so (upgrade to a higher plan of course, then I think Heroku is taking over…
Let’s unpack our approach to BFCM Scale Testing to explore some of what it takes to ensure that our ecommerce platform can handle the busiest weekend of the year.
More
Hi, it’s Wojtek. Let’s explore this week’s changes in the Rails codebase.
Rails 7.0.4.2 and 6.1.7.2 have been released
Released 7.0.4.2 and 6.1.7.2 versions addressing a compatibility issue with the 7.0.4.1 and 6.1.7.1 security releases from last week.
Allow use of SSL-terminating reserve proxy that doesn’t set headers
Add ActionDispatch::AssumeSSL middleware that can be turned on via config.assume_ssl. It makes the application believe that all requests are arriving over SSL. This is useful when proxying through a load balancer that terminates SSL, the forwarded request will appear as though it’s HTTP instead of HTTPS to the application. This makes redirects and cookie security target HTTP…
Excerpts from the excellent RailsConf 2022 keynote: The Success of Ruby on Rails by Eileen Uchitelle [reformatted from the transcript]:
Upgrading is one of the easiest ways to find an area of Rails that can benefit from your contributions. Fixing an issue in a recent release has a high likelihood of being merged.
Running off Rails Main is another way to find contributions to Rails. If you don’t want to run your Main in production, you could run it in a separate CI build. Shopify, GitHub and Basecamp run it.
Running off Main may be harder than running off a release because features and bug fixes are a little in flux sometimes. If you are running off of Main, a feature added…

One way to have more fun as a software engineer is to learn your craft via resources like books, videos, and courses, but then also track the progress of it and finish useful byproducts on the way.
If you've done side projects before, you might know that they get dropped from time to time prematurely, without a chance for a glimmer of light.
Shape Up is a project management framework that 37signals uses to get projects done. So why not try it in a team of One?
A part of the framework, at least how 37signals use it, is working in 4 to 6-week sprints.
I found it appealing to try this out more consistently in my own side projects this year.
I've started doing this with an 8-week sprint, working on…

Reading is a constant dance. I rarely ever dance for real but I imagine it like this for avid dancers. Choosing your dance partners may be a tough process. They are all lined up there, waiting for you to dance with them. But with some dance partners, you may see that you both woke up on the left foot, so probably best to skip this one for now. With others, you skim them with a couple of quick moves and see that it doesn't make any sense at all. Others again, you observe each other for years and years and don't dare to ask for a dance. And then there are some dance partners who you enjoy dancing with so much and when it's over you are sad. Like happy sad, being thirsty to dance again ASAP.
No…
This story looks at the opportunity Dev Degree gave me, the challenges I overcame, and the weaknesses that turned out to be strengths. If you’re thinking about a career in tech, but don’t think you have the stuff for it, this story is for you.
More
#638 — January 26, 2023
Read on the Web
Ruby Weekly
My Adventure With Async Ruby — How a developer used the async gem to speed up a portion of his app. It’s a fantastic library, but we agree that it could do with getting more docs and write-ups, like this very post.
Matheus Richard
Rails on Docker — A line-by-line explanation of the “official” Rails Dockerfile that is coming in 7.1. While there are sure to be changes before it’s released, this is a handy way to grok the purpose of each line in the file and whether it’ll suit your setup.
Brad Gessler (Fly․io)
🔠 Add CSV Import to Your App with…
Andy Hunt is a programmer turned consultant, author, and publisher. He also co-authored the best-selling and seminal book, "The Pragmatic Programmer". He joins the show to discuss the important things that software developers should know in this generation. He talks about some of the things that have evolved since he started.
Important Points
- Reliable CI/CD Pipeline
- Effective low-friction collaboration
- Free flow of information
- Constant Learning / Skills improvement
- a. Read more technical books
- b. Read more fiction
- Think about how we build software
- a. Software that is replaceable and deposable
Sponsors
Links
Next.js is one of the hottest web frameworks of 2022. It supplements React applications with server-side rendering, static site generation, and more. Picking and choosing which parts of the site to generate on the server rather than on the client can speed up your site while maintaining usability.
Developers familiar with React will find getting started with Next to be not too big of a stretch, and migrating existing apps just as approachable.
Many companies are already using Next.js in production at scale, such as Netflix, Uber, Hulu, and more!
In this article, we'll explain what Next.js is and how it differs
from React. You'll also learn what makes Next.js so great, see
how to migrate…

Version 6.0.17 of the Passenger application server has been released. This release adds support for Ruby 3.2.0, and bumps the preferred Nginx to 1.22.1.
Passenger 6 introduced Generic Language Support, or: the ability to support any and all arbitrary apps.
Updates & improvements
- [Enterprise] The
debug
gem is now supported for debugging on Ruby 3.1.
- Removed use of deprecated 'File.exists?' method for Ruby 3.2.0.
- Upgrades preferred Nginx to 1.22.1 from 1.20.2.
- Changes minimum supported macOS version to 10.14 Mojave.
- Adds support for a
PASSENGER_MAX_LOG_LINE_LENGTH_BYTES
environment variable. The default length remains at 8KB.
- Upgrades Boost to 1.81.
- Updated various library versions used in…
Installing 6.0.17
Please see the installation guide for advice on getting started with Passenger. Coming from a language other than Ruby,…
Conferences 'n' Camps
What's News? What's Upcoming in 2023?
RailsGirls Rotterdam
Mar/18
(1d)
Sat
@ Rotterdam, Netherlands
• (Updates)
See all Conferences 'n' Camps in 2023».
Welcome to a special episode of Remote Ruby! Today’s episode is the RubyConf Home Edition panel where we’ll be talking about all things Hanami. Jason is joined by Brittany Martin, Engineering Manager at TextUs and co-host of The Ruby on Rails Podcast, and together and they’ll take on the role of the moderators. They are also joined by a respected group of panelists. First, we have Luca Guidi, who’s the Hanami author, on dry-rb core, and Backend Architect at Toptal. Then we have Tim Riley, who’s Principal Engineer at Buildkite and a core team at Hanami, dry-rb, and rom-rb, and finally, Peter Solnica, who’s a Senior Software Engineer at Valued.app and a core team member at Hanami,…
Captured live from Rubyconf 2022 Home Edition on January 11th, 2023, this is a special episode recorded with the Hanami Core Team: Luca Guidi, Tim Riley and Peter Solnica. Co-moderated by Jason Charnes and Brittany Martin.
Moderated By:
Panelists:
A special thanks to the organizers of Rubyconf @ Home for making this happen!
Show Notes:
Sponsored By:
Honeybadger
Recent studies found that downtime can cost $427 per minute for small businesses, and up to $9,000 per minute for medium-sized businesses.…
Memory leaks are a pain for gem users. They are hard to track and can lead to expensive infrastructure costs.
Memory leaks within a C extension are even worse. You'll see a lot of tools and
articles about finding leaks in Ruby. However, you don't have the same access to internals in C.
A naive usage of rb_funcall
can cause memory leaks: it's much better to use rb_protect
instead. So, if you are a C extension
writer, please read on for the sake of developers who will use your gem.
Let's get started!
The Issue with rb_funcall
and C
rb_funcall
can be a great tool when you need to interact between Ruby and the C parts
of your library but only need to write a little C.
However, when you run rb_f…
Hello again! We’ve just released Rails 7.0.4.2 and 6.1.7.2 addressing a
compatibility issue with the 7.0.4.1 and 6.1.7.1 security releases from last
week. This release adds a single extra commit to fix an issue users were seeing
when using domain: :all
for cookies on a one-level two-letter TLD.
The 6.0.6.1 release did not include the problematic code as that series is no
longer receiving security patches for non-critical issues. Users on this
release are encouraged to upgrade to a newer version.
This doesn’t contain any additional security fixes, so users who have already
upgraded to either 7.0.4.1 or 6.1.7.1 can upgrade at their convenience.
Below are the shas for the released versions:
…
When we allow users to upload images, they usually upload files without any optimization for the web. It’s up to us to add some measure to prevent those images from slowing down our app. Luckily, the different gems commonly used to handle user uploads also give us solutions for this problem.
This is the third installment on a series of blog posts about optimizing images, check the previous ones here (raster images) and here (vector graphics).
ActiveStorage
A common mistake when displaying ActiveStorage image attachments is to display the attachment as uploaded by the user like this:
This will use the image exactly as uploaded by the user, even if the image…
Day 3 is all about picking a direction and going forward with it. Over the course of the third day of the Design Sprint, we will assess which parts of our designs are most successful and create a storyboard to show the steps that our target customer might take towards achieving the goal.
Remember your sketches from Day 2? It’s time for the team to see them. The purpose of this activity is for the entire team to see each other’s work and get to pick out all the best pieces for our next activity.
1. Heat Map Activity

In this activity, the team silently reviews all the solutions that they worked on yesterday. Each team member posts their solution onto the digital whiteboard so that we…
Authors: Rita Klubochkina, Sr. Frontend Engineer, Alena Kirdina, Sr. Product Designer, and Travis Turner, Tech Editor
Topics: Frontend, Design, Case Study, JavaScript, React, Gatsby, Jamstack, Node.js

We needed a lightweight, essentially free solution for a customer map that would display our events in our React app. So we turned to Pigeon Maps and Mapbox, and here is how we made it.
Evil Martians recently launched an Events page on our brand new website. Like the site itself, the Events page is overflowing with bold and extraordinary design solutions. The heart of the new page is the events map—a cool visual reminder about our team's worldwide presence.
Vanilla Rails View Components with partials
Many projects I work on have some kind of view component that is repeated multiple times in the same view, or is present in multiple different views. These view components can be anything that has a specific styling, JavaScript specific attributes (lik...
The RubyMine 2023.1 early access program has started! You can get the new build from our website or via the free Toolbox App.
In this post, we’ll highlight some of the most important updates included in the first EAP version.
We’d also like to remind you that RubyMine 2022.3 introduced the option to switch to the new UI using the Enable new UI setting in Preferences | Settings | Appearance & Behavior | New UI. We invite you to switch to the new UI and let us know what you think. We’ll continue to update it based on your feedback throughout the entire RubyMine 2023.1 release cycle.
New gutter icons for navigating from create_table calls to models
In the last release, we added…
Live with the pain or change it?
Chances are you’ve worked on an application with a less-than-ideal database schema. Maybe the users table had over 50 columns and became costly to query, or there was an absence of foreign keys. Whatever your case may be, you have the decision to either live with it or change it.
Modifying the database schema can be daunting if you’ve never done it before. There are a lot of unknowns, and you might worry: how can the database change without breaking the application? But living with it causes another sort of pain. Sure, changing the database schema is risky, but with the right know-how it becomes quite trivial.
tl;dr
Have you ever considered how to efficiently render HTML out of your markdown input in ruby? Here we cover this problem with additional custom cosmetic improvements.
What is a CSRF token?
A CSRF token is a unique value that is generated by the server
and stored on the client’s session.
This token is included in every subsequent request made by the client,
either in an HTTP header or as a hidden field on a form submission.
The Rails server then compares this token against the one stored in its session store.
If the token on the request does not match the one on the server,
the request is considered illegitimate
and is not processed.
Why do we need to store the CSRF token outside of the session?
The default CSRF protection in Rails stores the token in the user’s session,
which is secure but may cause issues when using a cache such as Redis.…
What is a CSRF token?
A CSRF token is a unique value that is generated by the server
and stored on the client’s session.
This token is included in every subsequent request made by the client,
either in an HTTP header or as a hidden field on a form submission.
The Rails server then compares this token against the one stored in its session store.
If the token on the request does not match the one on the server,
the request is considered illegitimate
and is not processed.
Why do we need to store the CSRF token outside of the session?
The default CSRF protection in Rails stores the token in the user’s session,
which is secure but may cause issues when using a cache such as Redis.…
Stephanie talks about hosting a "Soup Group"! Joël got nerd-sniped during the last episode and dove deeper into Maggie Appleton's "Tools for Thought."
Stephanie has been thinking a lot about Sustainable Web Development. What is sustainability? How does it relate to tech and what we do?
This episode is brought to you by Airbrake. Visit Frictionless error monitoring and performance insight for your app stack.
Transcript:
AD:
thoughtbot is thrilled to announce our own incubator launching this year. If you are a non-technical founding team…
Defining a standard for implementing pattern matching interfaces in Ruby, originally from the 2021 document "Pattern Matching Interfaces in Ruby"
Author: Brandon Weaver (@baweaver)
Last Updated: January 20, 2021
Status: RFC
Contributors:
Overview
What does this document intend to achieve?
Pattern Matching is a powerful new syntax in Ruby that allows us more flexibility in retrieving data from nested structures and more power in making assertions about the structure of that data.
This document intends to define a set of best practices for defining pattern matching interfaces in Ruby code.
As it is very easy to add…
Hereâs a series of my notes of working within a GraphQL application as I can think of them. This comes out of my work on Twistâs GraphQL API, and other GraphQL APIs that are deployed in production.
Overall sentiment is that GraphQL is an improvement over the classic REST approach because:
- It gives you clear types of fields
- You can choose which fields you wish to select
- You can choose to select from a single resource, or from multiple, disparate resources at the same time.
I like its interoperability between Ruby and JavaScript, with good tooling existing on both sides of that divide in the GraphQL Rubygem and the Apollo Client on the JavaScript side of things. Honorable…
Hello! Welcome to the monthly update. During December, our work was supported by Zendesk and many others.
Ruby Central News
In December, Ruby Central's open source work was supported by 35 different companies, including Ruby member Zendesk.
On top of those companies, 1 new developer, Christopher Bloom, signed up as a member. In total, we were supported by 123 developer members. Thanks to all of our members for making everything that we do possible. <3
RubyGems News
This month in RubyGems, we released final versions of RubyGems 3.4.0 and 3.4.1 and Bundler 2.4.0 and 2.4.1 featuring:
- a new "call to update" message when RubyGems is outdated - #5922.
- an enhanced Bundler resolver based on PubGrub, with…
Ayush is on the core team of Bridgetown, a specialist in Ruby on Rails and Hotwire app development, and a personal friend. I’m very excited to have him on the show today to talk about all things fullstack web dev, his new book The Rails & Hotwire Codex, and why “vanilla” is awesome!
Links:
Become a part of the Fullstack Ruby community and learn how to put your Ruby skills to work on the backend AND the frontend. Know somebody who’s a JavaScript developer but is interested in learning more about Ruby?…
A vulnerability has been found in Sisimai up to 4.25.14p11 and classified
as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`.
The manipulation leads to inefficient regular expression complexity. The exploit
has been disclosed to the public and may be used. Upgrading to version 4.25.14p12
is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e.
It is recommended to upgrade the affected component.
### Impact
Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads
### Patches
ExifTool has already been patched in version 12.24. `exiftool_vendored.rb`, which vendors ExifTool, includes this patch in [v12.25.0](https://github.com/exiftool-rb/exiftool_vendored.rb/releases/tag/v12.25.0).
### Workarounds
No
Replaying events in RailsEventStore
Event Sourcing comes with a very handy utility that lets you replay events that happened in the system. Imagine that you’re introducing a new report, or you fixed an existing event handler and you need to run some events against it to produce a valuable outcome that your business friends expect.
If you are not familiar with event-sourcing, it’s a way to store the state of a system as a series of events, not just the current state. Check out our event sourcing tag.
How do I replay events with RailsEventStore?
Let’s assume that we want to send a Xmas card to our customers that made at least 5 orders and haven’t returned any of them during last 3 months.…
I was working on an app that generated a Markdown article. The article content
had some dynamic parts that were fetched via HTTP requests. While not a huge
problem, this made the article generation slow.
Ruby 3.0 introduced the fiber scheduler interface, which is used by the async
gem to run tasks concurrently. It’s particularly useful for I/O-bound
workloads, so I decided to give it a try. This post is a summary of my journey
in figuring out how to use it.
If you don’t care about any of this, skip to the final thoughts section.
The article generation code looked like this (I’m using sleep
to simulate the
HTTP requests time):
class Article
def to_s
<<~MARKDO…
The Rails view layer, the main way our users and customers access our work, is incredibly flexible, but it can easily become tricky to manage.
It is easy to introduce bugs and scoping issues when using the views and partials in a more complex Rails application.
Instead of…
…accessing instance variables inside partials:
# calling the partial
<%= render "user_email" %>
# inside the _user_email.html.erb partial
<%= @user.email %>
Use…
…local variables to pass in context:
# calling the partial
<%= render partial: "user_email", locals: { user: @user } %>
# inside the _user_email.html.erb partial
<%= user.email %>
Why?
This is primarily a good practice for better maintenance and…
Excited about the future
👉 I activated subscriptions for the newsletter. I want to keep the newsletter free for everybody; thus, I don’t have a unique offering for people who decide to pay a subscription.
Do you like this newsletter and can afford to become a paid subscriber for 5$/month?
In that case, you get nothing different except the pleasure of knowing that you’re supporting the Short Ruby News to keep publishing the free edition weekly and pay for some of the tools I use to create this newsletter. And, of course, my gratitude for your big gesture!
I can help you write an email for your manager/leader to expense your subscription from your learning budget, so please reach out to me at h…
If you are already a free subscriber and want to update, you can click on Upgrade your subscription. If you are not a subscriber, you can subscribe as free or paid or just read the newsletter on the web.
You can jump directly to one of the following…
Keeping your apps updated and constantly upgrading to the most recent version of the stacks they utilize has many benefits: preventing vulnerabilities, enhancing usability, and accessing bug fixes and new features. Therefore, even if your app still functions properly with old code, whenever you can, it’s usually best to perform an upgrade.
In this article, I’ll share tips on how to upgrade earlier Laravel versions to more recent releases in your existing apps.
What's New in Laravel 9
For a long time, Laravel has been a popular, if not the most popular, open-source PHP framework. It is flexible, scalable, and adaptive, and it has become the top-shelf choice for engineers and businesses…
GoodJob is a multithreaded, Postgres-based, ActiveJob backend for Ruby on Rails. GoodJob has many features that take it beyond ActiveJob. One such feature is cron-like functionality that allows scheduling repeated jobs on a fixed schedule.
This post is a brief technical story of how GoodJob prevents duplicated cron jobs from running in a multi-process, distributed environment.
This is all true as of GoodJob’s current version, 3.7.4.
Briefly, how GoodJob’s cron works
GoodJob heavily leans on Concurrent::Ruby
high-level primitives, and the cron implementation is no different. GoodJob::CronManager
accepts a fixed hash of schedule configuration and feeds them into Concurrent::ScheduledTask
s…
Rails 7.1 adds regroup
to ActiveRecord::Relation. regroup
overrides the
existing group condition with a new one. regroup
is a
short-hand for unscope(:old_group_fields).group(:new_group_fields)
Here is how it can be used.
Project.group(:title, :owner)
Project.group(:title, :owner).regroup(:priority)
Here is the relevant pull request
adding this change.
Here are links to the other parts of the series:
This post brings us to the last in the “An Overview Of Ruby on Rails 7.1 Features” series. Rails has improved a lot over the years, no question about that, but this minor version, in my books, is the most exciting. Rails now comes inbuilt with Dockerfiles. Who’d have thought?
…
RubyGems 3.4.5 includes enhancements.
To update to the latest RubyGems you can run:
To install RubyGems by hand see the Download RubyGems page.
## Enhancements:
- Installs bundler 2.4.5 as a default gem.
SHA256 Checksums:
- rubygems-3.4.5.tgz
e280c6227abaf8d807106a58badaa7d0f2874bf4ca969f58eafdb81a6fd6d592
- rubygems-3.4.5.zip
177fbc738a442840f9843e6549fb346ed19cc71f007b36d640391e3ede2afc3f
- rubygems-update-3.4.5.gem
06295f0333b21d15b46cded2d35a62b3eae8caa25cdb3121a49bb9b4ca927064
In 2016 I moved half a dozen apps from Heroku to a DigitalOcean droplet to save money. I found dokku, a docker-powered PaaS. It was already quite mature, and worked flawlessly. In 2023 I am moving back from the single droplet to apps, but staying on DigitalOcean. It was a good 7-year-long run for my droplet!
What am I moving?
I’ve got 4 profitable, and 5 money-losing or free Slack apps, all open-source.
Why move?
Over the years I got…
With a lot of tech companies laying people off in the last month I got to see how insane the firing practices in the US are and how greed rules supreme in the tech industry. But this is only a harbinger of what’s to come.
Through friends and from what I’ve seen first hand, the standard procedu...
Hola, this is Greg, bringing you the latest changes from Rails.
Raise exception when if a restricted attribute name is used with CurrentAttributes
Attribute names like set and reset should not be used with ActiveSupport::CurrentAttributes, because they clash with its public API. With this change, an ArgumentError is raised when a restricted attribute name is used.
Add regroup method to Active Record
This pull request adds regroup and regroup! methods to Active Record. Here is an example on how to use it:
Post.group(:title).regroup(:author)
Change assert_emails to return the emails that were sent
Before this pull request, assert_emails just returned true or raised if the assertion…
Hello Jekyllers!
This is a small release containing fixes for some issues that came to our attention after the
release of v4.3.1:
- Our
link
tag had a significant performance regression with the release of v4.3.0 solely due
to a change related to Jekyll::Site#each_site_file
. The new patch restores previous performance
while maintaining the enhancements introduced in v4.3.0.
- The tables printed out on running a build with the
--profile
did not stop including the
misleading TOTALS
row as advertised in the release-notes for v4.3.0. The row has been removed
completely now.
-
jekyll-sass-converter-3.0.0
that shipped in the interim was not happy with our blank-site
scaffolding (from running je…
That’s about it for this release. Depending on whether you use the features patched in this release,
you may either wait for v4.4.0 (releasing in the near future) to update your Gemfile or, download
the latest release right away! :)
Happy Jekyllin’!!
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in December.
RubyGems News
This month in RubyGems, we released final versions of RubyGems 3.4.0 and 3.4.1 and Bundler 2.4.0 and 2.4.1 featuring:
- a new “call to update” mechanism for RubyGems cleaning - #5922.
- an enhanced Bundler resolver based on PubGrub - #6146.
- generating of gems with rust extensions via bundle gem - #6149.
- lighter Bundler git sources using shallow clones under the hood - #6241.
In addition to that, we made the following improvements and…
Rails offers a variety of methods for generating unique DOM IDs
and classes for elements on a page.
One such method is the dom_id
method,
which can generate a unique ID for a specific object or model.
However, by default, the dom_id
method
only generates an ID
and does not include any classes.
Recently, however,
Rails has added a new feature
that allows the dom_id
method
to also accept a class.
This allows developers to generate both an ID
and a class for an element without the need to use different methods for generating IDs
and classes.
Before
Before this feature was added,
developers would have to use the dom_id
method to generate an ID,
and then use a separate method…
Welcome to Remote Ruby and thanks for joining us! It’s a full house this week as Jason, Chris, and Andrew are back together! They also have a great guest joining them, Nadia Odunayo, who’s the Founder, CEO, and Software Developer of The StoryGraph, a book tracking, and recommendations app. Nadia spoke at the Rails SaaS Conference and her talk was titled, “Getting to one million users as a one-woman dev team.” After listening to this episode, you’ll understand why she’s such an engaging speaker. Today, Nadia shares her journey of how she got into programming and building software apps, to being the Founder of The StoryGraph. She shares some interesting things about scaling and…
The method
method in Ruby is one of my favourite methods in Ruby. It gives you an object that represents an underlying method. Itâs helpful for demonstrating that integer addition in Ruby is a method call:
1.method(:+)
=> #<Method: Integer#+(_)>
Where is this method defined?
With this method method
, you can find out where a method is defined, if it is defined in Ruby code anywhere:
SomeModel.method(:find).source_location
=> ["...activerecord-x.x.x/lib/active_record/core.rb", 337]
Then I can look at this source code within the Active Record gem to find out how find
works.
Call me, maybe?
Methods can also be passed in place of traditional block arguments:
class Maths
def…
A vulnerability classified as critical has been found in prodigasistemas
curupira up to 0.1.3. Affected is an unknown function of the file
app/controllers/curupira/passwords_controller.rb.
The manipulation leads to sql injection. Upgrading to version 0.1.4 is able
to address this issue. The name of the patch is
93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the
affected component. VDB-218394 is the identifier assigned to this
vulnerability.
There is a potential denial of service vulnerability present in
ActiveRecord’s PostgreSQL adapter.
This has been assigned the CVE identifier CVE-2022-44566.
Versions Affected: All.
Not affected: None.
Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
# Impact
In ActiveRecord <7.0.4.1 and <6.1.7.1, when a value outside the range for a
64bit signed integer is provided to the PostgreSQL connection adapter, it
will treat the target column type as numeric. Comparing integer values
against numeric values can result in a slow sequential scan resulting in
potential Denial of Service.
# Workarounds
Ensure that user supplied input which is provided to ActiveRecord clauses do
not contain…
There is a possible denial of service vulnerability in the Range header
parsing component of Rack. This vulnerability has been assigned the CVE
identifier CVE-2022-44570.
Versions Affected: >= 1.5.0
Not affected: None.
Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1
# Impact
Carefully crafted input can cause the Range header parsing component in Rack
to take an unexpected amount of time, possibly resulting in a denial of
service attack vector. Any applications that deal with Range requests (such
as streaming applications, or applications that serve files) may be impacted.
# Workarounds
There are no feasible workarounds for this issue.
There is a denial of service vulnerability in the Content-Disposition parsing
component of Rack. This vulnerability has been assigned the CVE identifier
CVE-2022-44571.
Versions Affected: >= 2.0.0
Not affected: None.
Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1
# Impact
Carefully crafted input can cause Content-Disposition header parsing in Rack
to take an unexpected amount of time, possibly resulting in a denial of
service attack vector. This header is used typically used in multipart
parsing. Any applications that parse multipart posts using Rack (virtually
all Rails applications) are impacted.
# Workarounds
There are no feasible workarounds for this issue.
There is a denial of service vulnerability in the multipart parsing component
of Rack. This vulnerability has been assigned the CVE identifier
CVE-2022-44572.
Versions Affected: >= 2.0.0
Not affected: None.
Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1
# Impact
Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack
to take an unexpected amount of time, possibly resulting in a denial of
service attack vector. Any applications that parse multipart posts using
Rack (virtually all Rails applications) are impacted.
# Workarounds
There are no feasible workarounds for this issue.
There is a possible regular expression based DoS vulnerability in Action
Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2023-22792.
Versions Affected: >= 3.0.0
Not affected: < 3.0.0
Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
# Impact
Specially crafted cookies, in combination with a specially crafted
X_FORWARDED_HOST header can cause the regular expression engine to enter a
state of catastrophic backtracking. This can cause the process to use large
amounts of CPU and memory, leading to a possible DoS vulnerability All users
running an affected release should either upgrade or use one of the
workarounds immediately.
# Workarounds
We recommend that all…
There is a possible vulnerability in ActiveRecord related to the
sanitization of comments. This vulnerability has been assigned the CVE
identifier CVE-2023-22794.
Versions Affected: >= 6.0.0
Not affected: < 6.0.0
Fixed Versions: 6.0.6.1, 6.1.7.1, 7.0.4.1
# Impact
Previously the implementation of escaping for comments was insufficient for
If malicious user input is passed to either the annotate query method, the
optimizer_hints query method, or through the QueryLogs interface which
automatically adds annotations, it may be sent to the database with
insufficient sanitization and be able to inject SQL outside of the comment.
In most cases these interfaces won’t be used with user input and…
There is a possible regular expression based DoS vulnerability in Action
Dispatch related to the If-None-Match header. This vulnerability has been
assigned the CVE identifier CVE-2023-22795.
Versions Affected: All
Not affected: None
Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
# Impact
A specially crafted HTTP If-None-Match header can cause the regular
expression engine to enter a state of catastrophic backtracking, when on a
version of Ruby below 3.2.0. This can cause the process to use large amounts
of CPU and memory, leading to a possible DoS vulnerability All users running
an affected release should either upgrade or use one of the workarounds
immediately.
#…
There is a possible regular expression based DoS vulnerability in Active
Support. This vulnerability has been assigned the CVE identifier
CVE-2023-22796.
Versions Affected: All
Not affected: None
Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
# Impact
A specially crafted string passed to the underscore method can cause the
regular expression engine to enter a state of catastrophic backtracking.
This can cause the process to use large amounts of CPU and memory, leading
to a possible DoS vulnerability.
This affects String#underscore, ActiveSupport::Inflector.underscore,
String#titleize, and any other methods using these.
All users running an affected release should either upgrade…
There is a vulnerability in Action Controller’s redirect_to. This
vulnerability has been assigned the CVE identifier CVE-2023-22797.
Versions Affected: >= 7.0.0
Not affected: < 7.0.0
Fixed Versions: 7.0.4.1
# Impact
There is a possible open redirect when using the redirect_to helper with
untrusted user input.
Vulnerable code will look like this:
```
redirect_to(params[:some_param])
```
Rails 7.0 introduced protection against open redirects from calling
redirect_to with untrusted user input. In prior versions the developer was
fully responsible for only providing trusted input. However the check
introduced could be bypassed by a carefully crafted URL.
All users running an affected…
There is a ReDoS based DoS vulnerability in the GlobalID gem. This
vulnerability has been assigned the CVE identifier CVE-2023-22799.
Versions Affected: >= 0.2.1
Not affected: < 0.2.1
Fixed Versions: 1.0.1
# Impact
There is a possible DoS vulnerability in the model name parsing section
of the GlobalID gem. Carefully crafted input can cause the regular
expression engine to take an unexpected amount of time. All users running
an affected release should either upgrade or use one of the workarounds
immediately.
# Workarounds
There are no feasible workarounds for this issue.
Rails 7.1 is getting an official Dockerfile, which should make it easier to deploy Rails applications to production environments that support Docker. Think of it as a pre-configured Linux box that will work for most Rails applications.
That means you'll start seeing a Dockerfile
in the project directory of a lot more Rails apps. If you're not familiar with Docker, you might open the file and see a few things that look familiar like some bash commands, but some other things might be new and foreign to you.
Let's dive into what's in a Dockerfile
so its less of a mystery, but first let's have a look at how Fly.io uses Docker so you better understand how Docker fits into a Rails stack.
How Does…
This article gives some insight into how we use Hubspot's tools to connect with prospective clients and help solve their problems before we're ever in a working relationship.
Continue Reading
We’ve been delighted by the enthusiasm and adoption of Standard
Ruby since its release in 2018, and
it’s only picked up steam since hitting 1.0 in 2021. In fact, as Standard
crosses 8 million downloads this week (but who’s
counting?), we have something new and
exciting to share!
What Standard aims to solve
But first, it might be good to back up and remind ourselves of Standard’s
purpose. Yes, what it does is to automatically format code and safeguard it
against common problems. But why it exists is to reduce the frequency of
low-value discussions and disagreements that occur when it falls on each and
every team to reach consensus on how to format code consistently. Put
differently,…
We’ve been delighted by the enthusiasm and adoption of Standard
Ruby since its release in 2018, and
it’s only picked up steam since hitting 1.0 in 2021. In fact, as Standard
crosses 8 million downloads this week (but who’s
counting?), we have something new and
exciting to share!
What Standard aims to solve
But first, it might be good to back up and remind ourselves of Standard’s
purpose. Yes, what it does is to automatically format code and safeguard it
against common problems. But why it exists is to reduce the frequency of
low-value discussions and disagreements that occur when it falls on each and
every team to reach consensus on how to format code consistently. Put
differently,…
Gavin Morrice is a Senior Ruby Engineer at Cookpad. It is a food tech company and the largest online recipe platform. He joins the Rogues to tackle his article, "How we improved our Rails app’s performance with Conditional Get Requests". He explains the idea of their article, what led them to develop their technique, and the way that this technique improves the user's experience.
Sponsors
Links
Picks
Using a PaaS like Heroku or Netlify is cool, but using tools like these comes at the cost of flexibility. You can’t choose the firewall you want, and all your data will be stored in the PaaS provider’s database. Additionally, the PaaS provider may not provide support for a particular tool.
There is a way to have flexibility, security, and increased compatibility and integration with other tools: deploy your application to a server.
In this tutorial, I will show you how to get a Linux server from Linode, set it up with the security configuration, and then deploy the Django application. You will be building a lead management application for this tutorial, but if you already have an…
Hi graceful devs! Long time no news post, once again. And oh boy is there some news…
Content Updates
I’ve been mostly focused on site improvements, so we only have one new video since the last news update:
-
RUBYOPT and the Sneaky Shim – an exploration of how to sneak temporary code patches into Ruby programs even when there’s no obvious point of insertion. This is the first episode to really show off some of the upgrades I’ve been making to my video production capabilities.
I’ve been digging into some Fediverse coding lately. Along the way I’ve been exploring Roda, Rodauth, and various applications of the Oauth2 spec. I’ve made notes for half a dozen topics along the way, so…
I do most of my text editing with MacVim, but when I pair with people I like to use tmate.
tmate is just an easy way to connect tmux sessions with a remote person.
But this means that I go from coding in a GUI to coding in a terminal.
Normally this wouldn’t be a problem, but I had made a Fish alias that would open the MacVim GUI every time I typed vim
in the terminal.
Of course when I’m pairing via tmate, the other people cannot see the GUI, so I would have to remember a different command to open Vim.
Today I did about 10min of research to fix this problem and came up with the following Fish command:
$ cat .config/fish/functions/vim.fish
function vim --wraps='vim' --description 'open…
Hello! A few days back we talked about problems with floating point numbers.
This got me thinking – but what about integers? Of course integers have all
kinds of problems too – anytime you represent a number in a small fixed amount of
space (like 8/16/32/64 bits), you’re going to run into problems.
So I asked on Mastodon again for examples of integer problems and got all kinds of great responses again. Here’s a table of contents.
example 1: the small database primary key
example 2: integer overflow/underflow
aside: how do computers represent negative integers?
example 3: decoding a binary format in Java
example 4: misinterpreting an IP address or string as an integer
example 5:…
Like last time, I’ve written some…
When you’re making a pull request, do you ever realize your Git branch has become a massive pile of disordered and unrelated changes, but then you don’t do anything about it because you’re afraid of making an even worse mess by fooling around with Git commands that you don’t understand or even know how to undo?
Me? No, of course not…

Anyway, I’ve decided to improve my Git skills, and I thought I’d share my favorite learning resources that I found.
My favorite Git learning resources
These are excerpted from the new “Git” section of my “Learn Ruby” list. (Yeah I know, Git is not…
Sometimes we need to temporarily patch third-party code—to add compatibility shims, or to add some diagnostics. And sometimes, that’s not easy to do… and we have to get a little bit sneaky!
The full episode is available now in The Tapastry and Inspecting Ruby courses.
What is Server-Side Request Forgery (SSRF), and why is it a concern for web security?
Ruby is a wonderful language, made for humans first and machines
second. It is easy to read and write. There are plenty of ways to write anything,
and you can often guess its standard library by typing the name of the
method you would have chosen yourself.
Because of this, Ruby's arguments are very flexible, which lets us
express our APIs very clearly. But this comes with a drawback: Ruby is quite hard to parse for C
extension developers!
In this article, we'll go through two ways to set up a complex Ruby API
that is written in C:
- with
rb_define_method
and parsing it with rb_scan_args
- using a Ruby interface
Let's get started!
C and Ruby: An Introduction
As mentioned, Ruby is hard to parse…
Finalmente vou falar sobre linguagens que você goste ou use, mas vou fazer isso do meu jeito: escovando bits e explicando como muita coisa funciona por baixo de Python, Javascript e outras linguagens que talvez você não sabia antes de concluir na segunda metade onde discuto onde cada linguagem pode ser melhor aproveitada e porque.
Capítulos
- 00:00 - Intro
- 01:36 - Cap 1 - Perl e Regex | Anos 90
- 06:18 - Cap 2 - Estilo C e ICU | strftime
- 10:25 - Cap 3 - Tudo de Python é em C! | Linguagem "Grude"
- 17:54 - Cap 4 - Tudo de Node.js é em C! | LibUV
- 22:31 - Cap 5 - Compilado vs Interpretado | ABI de C
- 28:21 - Cap 6 - Interoperabilidade: Marshalling/Unmarshalling | FFI
- 36:21 - Cap 7 - Onde cada…
Links
- https://github.com/python/cpython/search?p=2&q=ifdef+MS_WINDOWS
- https://github.com/python/cpython/blob/a87c46eab3c306b1c5b8a072b7b30ac2c50651c0…
Brittany guested on Ruby for All this week! She joins Julie J to talk about why integrations are important to developers and why integration knowledge can give Juniors a leg up in hiring. They also discuss the differences between APIs and webhooks and review a real world example.
Show Notes & Links:
Sponsored By:
Honeybadger
Status Pages now come with incident management! Build confidence with a public status page that shows your live service status, incident history, and more—and bring your own domain! Transparency inspires trust—when your next outage happens, communication is key. Go to Honeybadger.io to learn more.
Miro
Brainstorm, solve problems, and…
Hello! Hot off the press Rails Versions 7.0.4.1, 6.1.7.1, and 6.0.6.1 have been released to address some security vulnerabilities.
You can read about them in our posts to the security announcement forum:
In accordance…
Upeka posing in front of a muralThis blog series is dedicated to celebrating our Black, Latinx, and Women Engineers who are making an impact in the lives of our Gusties and Gustomers (Gusto customers) every day.
Today, we’re spotlighting Upeka Bee, who has been with Gusto for 5 and a half years. She is currently the Head of Engineering for the PIE group (People Information Ecosystem). She joined Gusto as a Staff+ in the Payroll group, after which she moved into engineering leadership and has led many different teams and groups during her long tenure.
Our interviewers are Abby Walder and Kim Nguyen. Abby works on Gusto’s Invite Team to hire software engineering talent, while Kim builds…
Authors: Vladimir Dementyev, Principal Backend Engineer, and Travis Turner, Tech Editor
Topics: Backend, Full Cycle Software Development, Performance Audit and Optimization, Site Reliability Engineering, Ruby on Rails, Ruby, PostgreSQL, GraphQL, Prometheus

We unveil the toolbox of the Martian Rails engineer; we begin constructing a Gemfile from the universe of Martian gems that encapsulate our philosophy and soul.
From time immemorial, the Evil Martians team has worked on dozens of Ruby on Rails projects every year. Naturally, this process involves a lot of Ruby gems. Some reflect our desire to be cutting-edge and to use modern tools (or build our own!) Other gems are so flexible they've been…
So, our little exercise in design patterns is getting quite messy. Which is ironic, considering it's an exercise in design patterns.
The reason is that I'm mostly trying to be very focused on the Design Patterns book and just fleshing out the example implementations they provide.
Therefore, in order to organize things, I believe this is the right time to add unit tests. As a plus, I also get to test my little gem in an automated fashion.
Here I'll only go through the RandomMazeBuilder
class since it would be quite lengthy to go through every single file. To see all the other specs, just checkout the repo.
Testing the RandomMazeBuilder
So, our RandomMazeBuilder
class looks like this:
YJIT, a just-in-time (JIT) implementation on top of CRuby built at Shopify, is now production-ready and delivering major improvements to performance and speed. Maxime (Senior Staff Engineer and leader of the YJIT project) shares the updates that have been made in this newest version of YJIT, and future plans for further optimization.
More

I recently read in a newsletter that the developer job market is down and now turned from an employee market to a company market.
Meaning that previously the developer jobs came to the developers, whereas now there is less demand for developer work and more employees on the market.
I'm a tiny bit aware of massive layoffs at some big companies and about the economic situation not being the best. But I personally wouldn't yet speak in such big terms. Although I'm not an analyst nor an expert on job market fluctuations. All my expertise is based on my experience and the experience of people I happen to know. Let's see how this one develops over the next months.
Still, I thought that this would be…
Joël's been traveling. Stephanie's working on professional development. She's also keeping up a little bit more with Ruby news and community news in general and saw that Ruby 3.2 introduced a new class called data to its core library for the use case of creating simple value objects.
This episode is brought to you by Airbrake. Visit Frictionless error monitoring and performance insight for your app stack.
Transcript:
AD:
thoughtbot is thrilled to announce…
In this post we will discuss:
- What are Lookbehind Regex
- Browser Compatibility of Lookbehind Regex
- Alternative ways to use them so that it works in all browsers
What are Lookbehind regex
At times, we need to match a pattern only if it is followed or preceded by another pattern.
For eg. in case of URL which contains the organization information:
/organizations/:org/dashboard
Here, :org
is dynamic name of the organization which can be of following pattern:
/[a-z0-9]+/
We want to match all URLs which match the pattern for
/organizations/:org/*
But there are also URLs such as which we don't want to match.
/users/:slug/*
Where the slug
is also of same pattern as /[a-z0-9]/
.
So we want to make sure that we…
RubyGems 3.4.4 includes enhancements and documentation.
To update to the latest RubyGems you can run:
To install RubyGems by hand see the Download RubyGems page.
## Enhancements:
- Installs bundler 2.4.4 as a default gem.
## Documentation:
- Improve documentation about
Kernel
monkeypatches. Pull request #6217
by nobu
SHA256 Checksums:
- rubygems-3.4.4.tgz
7dab9b54c0493422dda5ab110e8cee78a94c106eaafeb83cc5c31f6157ce2e9a
- rubygems-3.4.4.zip
c2f347ebba5eb753db20e72a6494c243254f67b21fcdfd4cbcf1041363ddbd23
- rubygems-update-3.4.4.gem
d449a3c831e8ab6b28ae5d2217f81af6e7f785e1e2ec2bb94b00d9888f3c97c2
Mailers are a feature used in literally every Rails application. But they are often an after thought where we throw out the rules of well-written applications.
Writing mailers is a “set it and forget it” part of your codebase. But recently, I’ve revisited the handful of mailers in my application and I was shocked at both how bad things were and also how many nice mailer features in Rails I wasn’t aware of.
I’ve been writing Rails applications for over 10 years and there were things I figured out just this week about mailers that I will be using as my new defaults going forward.
Psst! If you like thinking about software and writing code in the "Boring Rails" style, we are
hiring…
Introduction
Signed URLs can be a very useful solution in many cases when you need to provide limited access to some resources or actions.
Today I’ll focus on when and how to use them in Ruby, with Rails, or by providing a custom implementation.
About Signed URLs
Signed URLs, as the name suggests, contain signatures that allow us to validate if they were generated by a trusted source.
What is more, they may expire over time.
They can be used in many cases:
- account confirmations, password change confirmations, etc. without storing any tokens in DB
- providing access to resources for not authenticated users (for example, users in the app can generate some reports and share them with…
So you’re working on a Rails upgrade in a pretty big app that has lots of active development. The app’s pretty far behind Rails versions—let’s say it’s on Rails 4.2. It’s tempting to upgrade straight to the latest Rails version, but you decide to take an incremental approach and upgrade to the next point release, Rails 5.0.
You have a feeling this upgrade is gonna take a while, and instead of trying to maintain a long-lived branch, you choose to go with a dual booting strategy. You do this with the Bootboot Bundler plugin and have dual booting setup in no time. You open a PR with the changes and wait for a green build, but before any tests are run, you see a weird error:
Unable to…
You can jump directly to one of the following sections if you like:
👐 Our Community
👉 All about Code and Ruby
🧰 Gems, Libraries, and Updates
🤝 Related (but not Ruby-specific)
More content: 🎥 🎧 🗞 (articles, podcasts, videos, slides, and newsletters)
If you want to read also the edition that covers the 2022 Winter holiday, I published it on the web but did not send it via email as it was too big:
Read the 2022 Winter Holiday edition
👐 Our Community
👐 Yukihiro Matz invited people to share what Ruby is for them:
Here is a selection from the replies that Matz retweeted:
What is Machine Learning? In simple words, Machine Learning is the concept that includes different types of algorithms through which we provide intelligence to a machine to work/predict something on itself on a particular dataset What is Docker? Docker is a platform that provides various operating systems so that the manual time required to install …
Continue reading Machine Learning Model inside DockerBusiness Intelligence (BI) is a tech-driven process for transforming raw data into actionable insights that support business decisions. These are often in the form of reports, dashboards, and charts.
Many companies offer BI software, from specialized houses, such as Tableau and Qlik, to big corporations, such as Microsoft, IBM, and Google. Although these include a complete set of analytics tools, they usually come at a cost: complexity and price.
If you are working on a Rails project and value simplicity or want to start gathering your first business metrics, then Blazer might be a good solution. With Blazer, you can write SQL queries to create dashboards with metrics and charts, perform…
Sometimes we need to temporarily patch third-party code—to add compatibility shims, or to add some diagnostics. And sometimes, that’s not easy to do… and we have to get a little bit sneaky!
The full episode is available now in The Tapastry and Inspecting Ruby courses.
Rails 7.1 adds
ActiveRecord::Base::normalizes API.
The normalizes
API is applied on model attributes
by applying some set of rules, such as converting all
email addresses to lowercase, removing leading/trailing
whitespace, or enforcing a specific format before they
are saved to the database.
Normalization of data helps to organize it in a
structured and consistent way, making it easier to
query, update, and maintain. It also reduces data
redundancy and minimizes the risk of errors and
inconsistencies.
Before Rails 7.1, you could normalize
attributes using normalize gem
or using before_save
model callbacks.
class User < ApplicationRecord
normalizes :email, with: -> email { email.strip.dow…

I love codebases for the surprises they offer. Some pieces of code jump at you like rare Pokémons and you gotta figure out what kind of a species it is and what it can do.
Gotta catch'em all!
In one project that I'm contributing to, I've recently encountered a Rails logger that I found weird. It's a special logger that is supposed to be used for data migrations and log to a specific log file (migrations.log
).
class DataMigrations::Logger < ActiveSupport::Logger
LOG_PATH = Rails.root.join("log/data_migrations.log")
class << self
delegate :debug, :info, :warn, :error, :fatal, :unknown, to: :logger
private
def logger
@logger ||= ActiveSupport::TaggedLogging.new(
…
This edition covers 19 December 2022 - 8 January 2023, when I was on holiday. I was not very active on the channels I usually follow, but I tried my best to read them all retrospectively, so if I need to include something that is not here, please let me know at shortruby@ghinda.com.
This was not sent via email as it is too long and covers a different period than last week.
This edition was created with the help of Adrian Marin from Avo for Ruby on Rails (a friendly full-featured Rails admin panel) and Jakob Cosoroabă.
You can jump directly to one of the following sections if you like:
👐 Our Community
👉 All about Code and Ruby
🧰 Gems, Libraries, and Updates
🤝 Related (but not Ruby-specific)
More…
Measuring Coverage of Eval 🔗
As I mentioned in my prior post, Ruby 3.2.0 has some changes to the Coverage
module. Now the module can measure the coverage of a Ruby expression in a string passed to the eval method.
This is important because of templates. ERB, when we ask for the template through the result method, calls eval
. When Rails is rendering a view, that also calls eval
. More specifically, Rails calls the module_eval
method.
Have you wondered how much of the logic in your views is exercised in your test suite? Thanks to this change, now you can see that in tools like SimpleCov.
Feature Introduction 🔗
Let’s walk through an example demonstrating this functionality.
require "coverage"Coverage.…
OmniAuth provides some tooling for mocking OAuth requests in your test suite. This is handy because your tests don't have to redirect to a production OAuth provider like Twitter, authenticate with real credentials, and then handle the response.
Instead, you can set test mode in OmniAuth and then add a mock OAuth provider. This will allow your tests to skip the production OAuth process and simulate it in your test environment.
One problem is testing additional params you might pass to OmniAuth. For testing, you normally just request the callback URL for the mock request. If you test only with the callback url however, the params will not be present. This is because the params are stored in…
Have you heard about the ActiveRecord becomes
method from Rails? Maybe it’ll come handy one day.
becomes
The #becomes
method can be used on any ActiveRecord model to become a different class instantly.
Here’s how:
class Car
...
end
class Honda < Car
...
end
# Later
@honda = Honda.new(..)
@i_am_a_car_instance = @honda.becomes(Car)
Any model can become some other model on a whim with the same attributes. But why do we need #become
at all?
A typical use-case would be using single table inheritance (STI) while keeping Rails conventions intact.
For example, building forms and rendering partials are derived from the instance class name which would intervene with reusing the parent…
Integer Overflow or Wraparound in GitHub repository publify/publify prior
to 9.2.10 due to an unlimited length user name field.
Insecure Storage of Sensitive Information in GitHub repository publify/publify
prior to 9.2.10.
Improper Input Validation in GitHub repository publify/publify prior
to 9.2.10.
Halløj. It’s me again, bringing you the usual goodies from Rails.
Show relevant commands when calling help
This pull request improves the user experience by displaying the appropriate commands for the context in which the user is running rails -h or rails. When outside of a Rails application, the output will be the options for the rails new command. When inside a Rails application, the common Rails commands will be displayed. This eliminates confusion for users who may have expected to see different commands in different contexts.
Let HWIA#transform_keys take a Hash argument like Ruby’s Hash#transform_keys
The HashWithIndifferentAccess#transform_keys method now mirrors the functionality…
Let delegate define method with proper arity when…

When you get to code together remotely, you are up for some good results and problem solutions. When your remote coding setup is trash, your coding session will be trash or close to trash.
The way you usually shape your organization's coding sessions will determine the best tool you should use.
If you are like 90% of developers, you are probably used to one of these remote coding setups:
- joining a video call and sharing the screen
- using a code-sharing software solution like VSCode Live Share
These are valid options. However, in some cases, you might prefer other tools, or a combination of tools, especially if you'd like to level up your remote collaboration game.
General
Most of all, apart from an…
Hello! I’ve been thinking about writing a zine about how things are represented on computers in bytes, so I was thinking about floating point.
I’ve heard a million times about the dangers of floating point arithmetic, like:
- addition isn’t associative (
x + (y + z)
is different from (x + y) + z
)
- if you add very big values to very small values, you can get inaccurate results (the small numbers get lost!)
- you can’t represent very large integers as floating numbers
- NaN/infinity values can propagate and cause chaos
- there are two zeros (+0 and -0), and they’re not represented the same way
- denormal/subnormal values are weird
But I find all of this a little abstract on its own, and I really…
What is a flaky test?
A flaky test is a test that passes sometimes and fails sometimes, even though no code has changed.
In other words, a flaky test is a test that’s non-deterministic.
A test can be non-deterministic if either a) the test code is non-deterministic or b) the application code being tested is non-deterministic, or both.
Below are some common causes of flaky tests. I’ll briefly discuss the fix for some of these common causes, but the focus of this post isn’t to provide a guide to fixing flaky tests, it’s to give you a familiarity with the most common causes for flaky tests so that you can know what to go looking for when you do your investigation work.
The causes I’ll discuss…