Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Ruby on Rails 

Rails Versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1 have been released!

Hi everyone!

Rails Versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1 have been released!

These are security patches addressing 4 possible ReDoS (Regular expression Denial of Service) attacks. All of these only affect Ruby versions below 3.2 so we urge users on older versions of Ruby to upgrade to these new Rails versions at their earliest convenience.

Additionally we strongly recommend users upgrade to Ruby 3.2 or greater, to take advantage of the improved ReDoS mitigations in newer versions.

Ruby 3.1 is approaching it’s end of life for security support from Ruby upstream and is the only maintained version of Ruby still vulnerable to these attacks. Going forward we plan to continue to…

Planet Argon Blog 

Community, Connections, and Insights from Rails World 2024

Community, Connections, and Insights from Rails World 2024

Explore our software developer William Mena’s key takeaways from Rails World 2024, where he reignited his passion for Rails and learned about the exciting future of Rails 8.

Continue Reading

RubyGems Blog 

New Design for RubyGems.org

We are excited to announce the initial release of the new design for RubyGems.org!

The new design is the result of a collaboration with UX designer Ian Taylor and the RubyGems.org core team. Eventually, the full refresh of the site aims to meet our goals of modernizing the design and improving the usability of RubyGems.org for all of our users.

The design will be released incrementally and we’ve chosen the /pages routes to be refreshed first. These pages contain non-critical, mostly static content, allowing us to release the design without risking problems for our users.

As part of the roll-out strategy, we are prioritizing stability over a “big reveal”.

The new design aims to support…

Ruby on Rails 

New Rails maintenance policy and end of maintenance announcements

We’re excited to announce updates to our maintenance policy for Ruby on Rails.

These changes are designed to provide clarity on our support timelines and help you plan your Rails upgrades effectively. You can find the full details of our new policy in our site.

New Maintenance Policy Overview

Our support is now divided into three categories:

  1. New Features
    • We aim to release a version containing new features every six months.
  2. Bug Fixes
    • Minor releases will receive bug fixes for one year after the first release in their series.
    • For example, if version 1.1.0 is released on January 1, 2023, it will receive bug fixes until January 1, 2024.
  3. Secu…

Currently Supported Releases

As of now, the following releases are supported:

  • 7.…
Fullstack Ruby 

Episode 11: Designing Your API for Their API (Yo Dawg!)

It’s tempting to want to take the simplistic approach of writing “to the framework” or to the external API directly in the places where you need to interface with those resources, but it’s sometimes a much better approach to create your own abstraction layer. Having this layer which sits between your high-level business logic or request/response handling, and the low-level APIs you need to call, means you’ll be able to define an API which is clean and makes sense for your application…and then you can get messy down in the guts of the layer or even swap out one external API for another one. I explore all this and more in another rousing episode of Fullstack Ruby.

Links & Show Notes:

Evil Martians 

A taste of Go code generator magic: a quick guide to getting started

Authors: Valentin Kiselev, Backend Engineer, and Travis Turner, Tech EditorTopics: Backend, Go

Make a small program that generates wrapping functions for the given type methods, and use this example as a good starting point for your own Go code generator!

Many languages have support for metaprogramming and code generation, but in Go, it feels like something that requires more effort. For instance, if you Google “How to write a Go code generator” you’ll find very few articles explaining the tools and concepts even for creating a simple code generator. So, in this short post, I’d like to share a small program that generates wrapping functions for the given type methods, and this specific…

Alchemists: Articles 

Git For Each Ref

Cover
Git For Each Ref

The Git for-each-ref command (Documentation) — if not aware — is a powerful plumbing command for obtaining information about your repository references (i.e. .git/refs). An example of this is shown in the screenshot above. Don’t worry, we’ll discuss what the command is doing shortly.

As of Git 2.47.0, the for-each-ref command has gained a new superpower in the form of a new is-base field which can dynamically calculate the current parent branch. This is a most welcomed enhancement so I want to spend time talking this and more in this article. 🎉

Basics

Out of the box,…

Greg Molnar 

TailwindCSS and Rails 8

Someone asked on Twitter yesterday about the how to add TailwindCSS to a Rails 8 project the easiest way and having hot reload. This is how I believe it is to do so in a few minutes.

Mintbit 

3 Must-Know Module Extensions in ActiveSupport

In this post, we’ll explore some of the most useful core extensions in Rails that enhance how developers work with modules: delegate, concern, and the deprecated but still important alias_method_chain. These tools simplify method delegation, modularize code, and modify method behavior. While alias_method_chain is no longer in use, understanding its history is helpful for maintaining legacy code. We’ll break down how each of these methods works and why they’re valuable, especially when writing cleaner, more efficient Rails applications.

1. Module#delegate

One of the most widely used extensions in Rails is Module#delegate. This method allows you to delegate method calls from one object to…

BigBinary Blog 

Benchmarking Crunchy Data for latency

In Rails world 2024 DHH unveiled Kamal 2 in hisopening keynote. Now folks wantto give Kamal a try but some people are worried about the data. They want totake one step at a time and they feel more comfortable if their database ismanaged by someone else.

That's where Crunchy Data comes in. They providemanaged Postgres service. Checkout thistweet from DHH about CrunchyData.

In our internal discussion one of the BigBinary engineers brought up the issueof "latency". Since the PostgreSQL server will not be in the same data center,what would be the latency. How much impact will it have on performance.

We didn't know the answer so we thought we would do some benchmarking.

Benchmarking

To do the…

Saeloun Blog 

Rails 7.1 Raises Error On Assignment To Readonly Attributes.

In Rails, we can mark certain attributes of a model as readonly using the attr_readonly method. Once an attribute is marked as readonly, it cannot be changed after the record is created.

class User < ActiveRecord::Base
  attr_readonly :email
end

Before

If we try to assign a new value to a readonly attribute, the assignment operation would appear to succeed, but the change would not be persisted to the database.

user = User.create!(email: "doe@example.com")
user.email # => "doe@example.com"

user.email = "andy@example.com" # allows assignment
user.email # => "andy@example.com"

user.save! # change to email won't be persisted to database

user.reload.email # =>"doe@example.com" 

After

R…

The Bike Shed 

444: From Solutions To Patterns

What’s the difference between solving problems and recognizing patterns, and why does it matter for developers? In this episode, Stephanie and Joël discuss transitioning from collecting solutions to identifying patterns applicable to broader contexts in software development. They explore the role of heuristics, common misconceptions among junior and intermediate developers, and strategies for leveling up from a solution-focused mindset to thinking in patterns. They also discuss their experiences of moving through this transition during their careers and share advice for upcoming software developers to navigate it successfully. They explore how learning abstraction, engaging in code…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 109

The one with Ruby 3.4.0-preview2 launch, videos from Rails World published, Xavier explaining how Zeitwerk and namespacing work and inspiring Ruby code samples
justin․searls․co - Digest 

📸 Fall fashions

New brand of T-shirt (Bella Canvas) for the uniform. Fresh colors to mark the start of what's next.

Rails Designer 

Rails UI Components Library Tips and Tricks

Rails Designer is the first UI component library built for modern SaaS apps built with ViewComponent, designed with Tailwind CSS and enhanced with Hotwire. Launched earlier in 2024 it has seen, next to a huge amount of components and variants, many great quality of life improvements too.

I want to highlight a few of these features that are more than components, but that surely will help you build your next SaaS app in Rails.

When you install Rails Designer an initializer is created. This holds the most important configuration to make Rails Designer’s components truly yours.

Customize colors

Tailwind CSS comes with a huge color palette. The full rainbow is available among some nice gray…

Remote Ruby 

DHH on Rails World 2024 and what's coming in Rails 8.1

In this episode, Chris and Andrew welcome David Heinemeier Hansson (DHH) to
discuss the release of Rails 8, starting with a recap of the Rails World Toronto conference. DHH shares insights on the growing Rails community, the challenges of planning large-scale conferences, and Rails’ philosophy of staying independent from venture capital. They dive into developer ergonomics in Rails 8, new deployment and notification tools like Kamal, Action Notifier, House (MD), and Propshaft, and upcoming features like ActiveRecord Search. The episode also covers accessibility improvements, Rails' approach to frontend frameworks, and DHH’s long-term vision for the platform. Hit download now to hear more!

RoRvsWild's blog 

RoRvsWild RDoc theme

So we started to investigate the RDoc template generator, which powers the Ruby documentation, to see how it worked and what we could do with it. We finally made quite a few changes.

Layout and navigation

We updated the layout and structure of the page to make it easier to navigate the documentation.

We added a fixed top bar with the project title and moved the search field there to make it always reachable. The search result benefits from more space than when they were in the sidebar.

RDoc RoRvsWild theme – search results

On larger screens, we’ve hidden the navigation toggle and made the main navigation always visible. The main navigation content is now always the same on all documentation pages. It lists all the classes…

Ruby Rogues 

Secrets Management Best Practices and Tools - RUBY 655

Charles and Valentino are joined by special guest Brian Vallelunga, CEO and co-founder of Doppler, a leading secrets management platform often described as "GitHub for secrets."
Dive into an engaging conversation about best practices for managing sensitive information, such as API keys and encryption keys, and treating all environment-configured settings as secrets. Brian shares insights on using tools like AWS Secrets Manager, Docker, and Doppler’s seamless integration with popular development workflows, ensuring robust access control and audit logging.
They discuss about the severe consequences of data breaches, compelling real-world scams, and the human cost of leaked data. Learn how…
SINAPTIA 

This week in #devs - Issue #2

Our #devs channel is a cross-project, shared space where the entire dev team of SINAPTIA can ask questions, share opinions, and discuss interesting articles or tech they come across. The idea is to post a curated extract of what happens there every week.

Rails data migrations

Fernando shared news regarding Rails 8: new script folder and generator. Rails 8 introduces a new script folder dedicated to holding one-off or general-purpose scripts, such as data migrations, cleanup tasks, or other utility operations. This addition helps organize these scripts neatly, keeping them separate from your main application logic.

This news triggered a conversation about how we handled data migrations in…

Joy of Rails 

Mastering Custom Configuration in Rails

As your Ruby on Rails application grows, you‘ll need to add your own bits of configuration.

Where do you put API keys for third-party apps? What if you need different application values depending on the Rails environment? What if you‘re testing a new feature that should be disabled in production for the time-being? Sure, you can add some ENV vars here and there. You could manually load YAML files in different places throughout your app. You might be tempted to reach for another Ruby gem to help manage all this behind a common interface.

But there‘s no need for all that. Rails.configuration has your back. It‘s got features to support your custom configuration, not to mention the built-in…

The…

Rémi Mercier 

Interfacing with external APIs: the facade pattern in Ruby

Interacting with third-party APIs is common practice in applications. You might need to convert addresses into geographic coordinates, fetch subscription information from marketplaces, prompt an LLM, etc.

Coding with Ruby, you’ll often find gems providing a first abstraction over third-party APIs: the client layer. The client layer is usually responsible for accessing the features of the external API.

One could use the client as is and sprinkle calls to the external API across their codebase. By doing so, teams will often duplicate logic, reinvent the wheel, and create multiple change points.

One way to DRY this is to create an authoritative representation of the external API that’ll…

Ruby – Dogweather 

Cleaning up Ruby code with Railway Oriented Programming

I’ll lead with my code—before and after—then follow up with an explanation. Before Refactoring I had a gigantic method, Perm#make for creating permanent redirects. The site I’m working on has a million or so pages, and they move around for many reasons, often outside of my control. After Refactoring Railway Oriented Programming turned out to…More
Hotwire Weekly 

Week 41 - Celebrating 1 Year of Hotwire Weekly! 🎉

Hotwire Weekly Logo

Celebrating 1 Year of Hotwire Weekly! 🎉

Welcome to the 1-year anniversary issue of Hotwire Weekly! It’s been one year since we launched Hotwire Weekly! With 52 editions, we’ve delivered the latest Hotwire content every week for the last year.

While the concept hasn’t changed much, now feels like the perfect time to reflect on how the newsletter is going and what could improve.

We Want Your Feedback!

We’d love to hear your overall thoughts on Hotwire Weekly! Is the newsletter useful for you? Are the sections too long, too short, or just right? Should anything change, or stay the same?

Is there anything you’d like to see more of, less of, or done differently? Feel free to share any…

Greg Molnar 

Introducing Silk Rail

2 weeks ago, at the last day of Rails World, Sahil, the founder of Gumroad made a tweet, stating that Rails is a legacy framework, and announced that their are rewriting Gumroad in TypeScript for a few reasons. One was to get rid of the technical debt. It is a very weird take, because you will end up with the same technical debt after a while with whatever language or framework you use. Another reason he stated was that LLMs can generate TypeScript code better than Ruby code, so he will be able to move faster. I don’t agree with that statement either, I think Ruby and Rails offers all the tools to move fast.

Posts on Kevin Murphy 

Two Drawer End Tables Construction

Building in 3D 🔗

I make a lot of things. Most commonly code. I blog (maybe you’re aware, given you’re here). I build conference talks. Sometimes manifestos. Most of these live on the computer. Sometimes I need to step away and not look at a screen.

On occasion, I’ll build some piece of furniture we need in the house. Or some small accessory out of wood that I’ll use on my desk. This is one such time, and I decided to document it.

Similar to my recent posts on music I’m listening to, this isn’t directly related to software development. If you want to bail because of that, no judgement.

The Problem 🔗

There wasn’t really so much a problem. I recently built an end table for my office. I had extra…

avdi.codes 

https://avdi.codes/26784-2/?utm_source=rss&utm_medium=rss&utm_campaign=26784-2

One of the ways the Californian Ideology won in tech is to make everyone a US Republican in their relationship with governance. So obsessed with decentralization (we’ll get it right this time!) that when centralization inevitably builds up no one knows how to manage it healthily, or even that it needs to be managed. And then a Matt Mullenweg happens and everyone is like “oh no, I have learned nothing from this other than that centralization is bad, we’ll get it right this time!”. Rinse, repeat.

It’s a perpetual motion machine of suck: ignore the role of governance, let it devolve to the worse people in the worst emergent structures, complain about how bad it is, try to get rid of it,…

Saeloun Blog 

Rails 7.1 Supports Multiple Preview Paths For Mailers.

ActionMailer previews provide a way to see how our emails look in the browser by visiting a special URL that renders them without actually sending the emails.

It is particularly useful for testing and developing email templates.

class UserInvitationPreview < ActionMailer::Preview
  def send_invitation_email
    UserInvitationMailer.with(invitation: Invitation.last).invitation_email
  end
end

Before

By default, Rails looks for mailer previews in the test/mailers/previews directory.

If we want to customize the location of our mailer previews, we can only specify a single path using the preview_path configuration, as ActionMailer is limited to one preview path.

For example, if we want…

John Nunemaker 

Founder Quest: Acquiring Fireside

Last, but not least for this week, I was on Founder Quest. I'm doing my best third wheel impression over there and appreciate that Ben and Josh haven't kicked me off yet. We talked about a lot of things but mostly focused on the fireside acquisition.

FounderQuest | Acquiring Fireside with John Nunemaker
Josh and Ben talk with John about his recent acquisition of Fireside, covering the finances, pitfalls avoided, and more acquisition tips.https://www.johnnunemaker.com/acquiring-fireside/https://www…

If you missed the other podcasts this week, here you go:

Ruby on Rails 

Lazy i18n watcher on boot and more

Hi, Wojtek here still feeling the good vibe of the Rails World. Cheers to all the attendees and see you in Amsterdam!

Fireside Chat with DHH, Matz and Tobi
The video from the Rails World is now ready to watch, followed by the Eileen keynote. All the videos will be available soon!

Don’t execute i18n watcher on boot
It shouldn’t catch any file changes initially which unnecessarily slowed down boot of applications with lots of translations.

Support method names for :block in browser blocking
Prior to this commit, :block options only supported callables. This commit aims to bring browser blocking closer in parity to callbacks declarations like before_action and after_action by supporting…

Add :except_on option for validations
Grants the…

Mintbit 

Migrations in Rails 8: Using the New Not Null Shortcut

In the latest version of Ruby on Rails (Rails 8), developers have been given a handy new shortcut for adding a NOT NULL constraint to database columns. This small but powerful enhancement simplifies the process of generating migrations, making them cleaner and more intuitive.

In this blog post, I’ll show how this new feature works and how it can help you create migrations faster.

What Is a NOT NULL Constraint?

Before diving into the new shortcut, let’s quickly revisit what a NOT NULL constraint is and why it’s important.

In a relational database, a column marked as NOT NULL ensures that no row can have a NULL value for that column. This constraint enforces data integrity by ensuring…

Tejas' Blog 

Redis pipelines to the rescue

In my earlier blog post we saw how using redis connection pools can help us improve performance in a multi-threaded/multi-process application like Rails. Now we will see another typical scenario where Redis is a bottleneck and how we can optimize it.

I was designing a caching system and ran into a problem where I wanted to delete a bunch of keys on some event and it turned out to be much slower than I expected.

Intuitively I assumed Redis would be fast enough to handle it with sub-millisecond response times. Turns out Redis uses client-server model and each command waits for response. So if you are sending each delete separately, the latency can add up quickly, more so if you are running…

Josh Software 

Creating a Dedicated Device Using Home Screen Admin App for Android

There are many ways to create a dedicated device. For Android, it’s even easier to do. But every approach has its pros and cons. In this article, we’ll learn about this in detail. Topics covered in this article: What is a Dedicated Device? By definition: A dedicated device is a specialized device that is built … Continue reading Creating a Dedicated Device Using Home Screen Admin App for Android
Remote Ruby 

Rails World and SellRepo

In this episode, Jason, Chris, and Andrew discuss their upcoming plans for the Rails World conference, sharing stories about travel arrangements, hotels, and Andrew's first time flying first class. The conversation delves into the technical side, with updates on Rails 8.1, Ruby’s new release schedule, and challenges related to Docker on Apple Silicon. Chris introduces his latest project, SellRepo, which allows users to sell digital products through GitHub. The episode also covers frustrations with JavaScript package management, GitHub CI caching, and API integration issues. They wrap up the episode with a  humorous conversation about nostalgic sodas like Surge and fast-food soda machines.…

Everyday Rails 

Testing with RSpec book updates for October 2024

Brand new chapter on testing controllers via request specs, and more!
Planet Argon Blog 

IMAX Screens, Duck Boats, and Myrtle the Turtle: My SquiggleConf Recap

IMAX Screens, Duck Boats, and Myrtle the Turtle: My SquiggleConf Recap

I had the privilege of opening SquiggleConf 2024 at the New England Aquarium, sharing the story of Oh My Zsh. Highlights included inspiring talks on Excalidraw, Chrome DevTools, and web animations, plus a fun Duck Boat tour where I got to drive on the Charles River.

Continue Reading

Awesome Ruby Newsletter 

💎 Issue 438 - What's New in Ruby on Rails 8

John Nunemaker 

The Moneyball approach

I joined Adam and Jerod to share my new thesis for acquiring Rails based SaaS apps. The conversation was great! This new moneyball approach (dubbed so by Jess) has been swimming around in my head for a few months now. So it's great to talk about it in public finally.

Changelog Interviews 612: The Moneyball approach – Listen on Changelog.com

If you like the episode, give 5 Businesses Acquired with a Long-Term Hold Model a listen too. Great stuff by someone with a lot more experience than me.

If you missed the other podcasts this week, here you go:

naildrivin5.com - David Bryant Copeland's Website 

A Simple Explanation of Postgres' Timestamp with Time Zone

Postgres provides two ways to store a timestamp: TIMESTAMP and TIMESTAMP WITH TIME ZONE (or timestamptz). I’ve always recommended using the later, as it alleviates all confusion about time zones. Let’s see why.

What is a “time stamp”?

The terms “date”, “time”, “datetime”, “calendar”, and “timestamp” can feel interchangeable but the are not. A “timestamp” is a specific point in time, as measured from a reference time. Right now it is Oct 10, 2024 18:00 in the UK, which is the same timestamp as Oct 10 2024 14:00 in Washington, DC.

To be able to compare two timestamps, you have to include some sort of reference time. Thus, “Oct 10, 2025 18:00” is not a timestamp, since you don’t know…

The Rails Changelog 

026: Exploring Rails' Default Debugger with Stan Lo

The debugger you didn't know you needed. Ruby comes with an official debugger called Debug, which is now included in new Rails applications. Surprisingly, many Rails developers are still unaware of just how powerful this tool is. In this episode, Stan and I dive into its capabilities, exploring how it enhances the debugging process and makes troubleshooting more efficient.

Debug
The Startup of You 

Ruby Weekly 

Ruby 3.4 (preview 2) gets a new parser

#​723 — October 10, 2024

Read on the Web

Ruby Weekly

Ruby 3.4.0 Preview 2 Released — The preview releases leading up to final Christmas Day Ruby releases don’t tend to throw up many changes, but this is an exception. A significant change is that Ruby’s default parser has been changed to Prism, so it’s absolutely worth testing your code against it now. You can also now use it as a default block parameter, amongst other minor syntax tweaks.

Yui Naruse

An Introduction to the Ruby LSP Add-on SystemRuby LSP is a language server that uses static analysis to improve Ruby editing features in editors like…

Andy Waite

👊RailsBump.org Is Now…

Rails Designer 

Smooth Transitions with Turbo Streams

With Turbo Streams you can update specific parts of your app. Inject a chat message, update a profile picture or insert a Report is being created alert.

The preciseness Turbo Streams offers is great. But often the abruptness of it, its not too appealing to me. The new component is just there (or isn’t, if you remove it).

I’d like to add a bit more joy to my apps and this technique is something that does just that. I previously explored multiple techniques to add some kind of transition or animation when an element was inserted or removed. I fine-tuned it over the years while using it in production. And I can say I’m happy with how the technique works I am outlining today.

First, this…

André Arko 

Updating iTunes Track Parser Scripts for Music.app

Moving from my usual niche interests to a niche so small that I have only seen two people on the internet who care about this: I have some really great news if you still want to manage metadata tags like it’s 2010 and you’re ripping CDs into iTunes. I’ve updated the most useful iTunes track naming script to ever exist, so you can use it in Music.app on macOS 15.1 Sequoia in the year 2024.

The scripts are named Track Parser (Clipboard) and Track Parser (Song name), and they were written by Dan Vanderkam in 2004. He maintained them until 2009, put them into a public Google Code project, and eventually moved on with his life. I used both scripts hundreds or maybe even thousands of times…

Jake Zimmerman 

Approximating strace with Instruments.app

The other day I learned that Instruments.app can record file system activity on macOS!
The Ruby on Rails Podcast 

Episode 525: Catching Up With Ruby Central with Marty Haught

Ruby Central has been a foundational part of the Ruby community since 2003. They organize Ruby Conf and Rails Conf and maintain critical Ruby infrastructure like rubygems.org. With Ruby Conf Chicago just around the corner and new initiatives at Ruby Central, we thought it would be a good time to catch up with our friends at Ruby Central. Marty Haught joins the show to tell us more about Ruby Central's open source initiatives.

Show Notes
https://rubyconf.org/
https://rubycentral.org/news/

John Nunemaker 

Code and the Coding Coders who Code it

Last week Drew invited me on his podcast. I loved the format (what are you working on, what are your blockers, what have you learned recently) and suspect I'll become a regular listener.

The episode summary pretty much sums it up...

Ever wondered why a seasoned entrepreneur would choose acquisition over starting from scratch? Join us as veteran Rubyist John Nunemaker unravels the secrets behind his strategic purchase of Fireside FM. You’ll discover the ins and outs of transitioning ownership and handling infrastructure while gaining insights into why stepping into an existing company can be a game-changer for entrepreneurs.

John's journey doesn't stop at Fireside FM. He shares his…

Nithin Bekal 

Contributing to Ruby docs

Last week, I came across a few small improvements that I could make to the Ruby docs. In the past, I’ve found the idea of contributing to the Ruby repo quite daunting, but I found that it’s actually pretty straightforward.

I made some notes about the steps to get things set up locally, and I’m sharing these here in the hope that I can convince someone else how easy it is to contribute!

Getting set up to make changes to docs

First, I forked the ruby repo, and cloned my fork:

git clone git@github.com:nithinbekal/ruby.git

Before I could run the configure scripts, I had to install autoconf:

brew install autoconf

Next, you generate the configure script:

./autogen.sh

And then run the…

Posts on Kevin Murphy 

1,000 Miles

eBike eXcitement 🔗

This evening, on the way home from gymnastics, with my daughter in the rear cargo seat, my eBike’s odometer ticked over 1,000 miles. I was riding at the time, so you’ll need to settle for the obligatory picture of it at 1,001 miles.

My bike's odometer reading 1,001 miles

And you’ll have to trust me that by getting to 1,001 I first rode 1,000 miles.

We’ve had the eBike for almost 14 months, and it’s been the primary way my daughter and I get around town. I ride her into school every day on the bike, no matter how cold it is. We ride to the playground. We go to the library. We ride in to drop her off at summer camp in the morning. Maybe we’ll go to get ice cream. We go to her activities. Stop to run an errand.

It’s…

Gusto Engineering - Medium 

Envelope Encryption in Authentication Service Using Google Tink

Encypting TOTP secrets in the Keycloak library

A coder in front of a computerDesigned by Freepik

Overview

At Gusto, our team is building a new authentication service using the open source authentication library called Keycloak. Keycloak offers a comprehensive range of security features and customizations but some components of the Keycloak library require enhanced security hardening to meet the security needs of Gusto. As part of our authentication service, it is crucial to support various Multi-Factor Authentication (MFA) methods — SMS, TOTP, WebAuthn, etc. to strengthen our security posture and prevent unauthorized access.

Problem

Keycloak currently stores TOTP secret (seed) in plain text within its database. This secret…

BigBinary Blog 

Evaluating JavaScript code in the browser

NeetoCourse allows anyone to buildinteractive courses where they can add codeblocks and assessments. This allowsthe user to run their code, see the output and check if their solution iscorrect or not. Check outBigbinary Academy's JavaScript courseto see this in action.

Let's see how we evaluate JavaScript code and check if the output matches thecorresponding solution.

Synchronous code

For a simple synchronous code, first thing we need to check is if everythinglogged by the user is same as that of the solution code. What we do here isaggregate all the logs to an array and then compare that array with the arraygenerated by the solution code. This is done by transforming the code using anAST…

ruby – Bibliographic Wilderness 

Getting rspec/capybara browser console output for failed tests

I am writing some code that does some smoke tests with capybara in a browser of some Javascript code. Frustratingly, it was failing when run in CI on Github Actions, in ways that I could not reproduce locally. (Of course it ended up being a configuration problem on CI, which you’d expect in this case). But this fact especially made me really want to see browser console output — especially errors, for failed tests, so I could get a hint of what was going wrong beyond “Well, the JS code didn’t load”.

I have some memory of being able to configure a setting in some past capybara setup, to make error output in browser console automatically fail a test and output? But I can’t find any…

RichStone Input Output 

RubyMine Debugger: You have already activated X, but your Gemfile requires Y

This is just a post for myself since otherwise, every half a year or so, I'm running into this.

At some point, I start to get an error like the one from the title when running my apps in the RubyMine debugger.

Typically, my first reaction is to leave that in peace and let it resolve itself. Then, after I'm annoyed with all the other debugging tools, I make myself search for it on Google. Usually, I hit this StackOverflow post and skim it for any answers or comments I upvoted:

By the way, I tried some ChatGPT incantations, but it doesn't seem to pick up the comment.

So here we go ChatGPT, you just need to do this in your terminal:

$ bundle clean --force

And then run the RubyMine debugger again.

So…

Rails Inside Out 

Deploying Rails Apps to a Caprover Instance

A few days ago I wrote an article on deploying rails apps with nginx + puma + mina. Some people in the comments suggested I try Caprover, Dokku and other open source PaaS software. Dokku didnt cut it for me, its a good piece of software it just wasnt for me.

Im aware of kamal and its also a great piece of software especially since its a first class rails citizen, however as always competition cant hurt. (I also didnt like how kamal is full of configuration) I mean, rails at its core is convention over configuration and kamal in its current state is the opposite of that, which I totally understand its only on version 2 and writing software takes a lot of work.

Getting Caprover

Back to this…

Greg Molnar 

Upgrading to Kamal 2

Kamal 2 was released recently and it brings a few singnificant changes. Traefik is replaced by kamal-proxy, Kamal runs all containers in a custom Docker network and secrets are passed differently to new containers. All these changes mean that the upgrade is not simple, but in this article I will walk you through an example to help with the process.

The Bike Shed 

443: Rails World and Open Source with Stefanni Brasil

Learning from other developers is an important ingredient to your success. During this episode, Joël Quenneville is joined by Stefanni Brasil, Senior Developer at Thoughtbot, and core maintainer of faker-ruby. To open our conversation, she shares the details of her experience at the Rails World conference in Toronto and the projects she enjoyed seeing most. Next, we explore the challenge of Mac versus Windows and how these programs interact with Ruby on Rails and dive into Stefanni’s involvement in Open Source for Thoughtbot and beyond; what she loves about it, and how she is working to educate others and expand the current limitations that people experience. This episode is also…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 108

The one where there is a new Ruby core committer, Dragon Ruby v6.0 release, Ruby Central looking for a new board member, and so many interesting code samples.
Posts on Kevin Murphy 

Office End Table Construction

Building in 3D 🔗

I make a lot of things. Most commonly code. I blog (maybe you’re aware, given you’re here). I build conference talks. Sometimes manifestos. Most of these live on the computer. Sometimes I need to step away and not look at a screen.

On occasion, I’ll build some piece of furniture we need in the house. Or some small accessory out of wood that I’ll use on my desk. This is one such time, and I decided to document it.

Similar to my recent posts on music I’m listening to, this isn’t directly related to software development. If you want to bail because of that, no judgement.

The Problem 🔗

In my office, I have a couch. Right now there’s a metal filing cabinet next to the couch that I’m…

Julia Evans 

Some notes on upgrading Hugo

Warning: this is a post about very boring yakshaving, probably only of interest to people who are trying to upgrade Hugo from a very old version to a new version. But what are blogs for if not documenting one’s very boring yakshaves from time to time?

So yesterday I decided to try to upgrade Hugo. There’s no real reason to do this – I’ve been using Hugo version 0.40 to generate this blog since 2018, it works fine, and I don’t have any problems with it. But I thought – maybe it won’t be as hard as I think, and I kind of like a tedious computer task sometimes!

I thought I’d document what I learned along the way in case it’s useful to anyone else doing this very specific migration. I upgraded…

Write Software, Well 

Not-Null Shortcut in Rails 8 Migration Generator

Not-Null Shortcut in Rails 8 Migration Generator

If you're on the latest (8) version of Ruby on Rails, there's a nice shortcut to add the not null modifier to your database columns. Just add an exclamation mark after the type, and Rails will mark that column as not null.

For example, consider the following generator command.

$ bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string!

It will produce the following migration.

class CreateUsers < ActiveRecord::Migration[8.0]
  def change
    create_table :users do |t|
      t.string :email_address, null: false
      t.string :password_digest, null: false

      t.timestamps
    end
    
    add_index :users, :email_address, unique: true
  end
end

Pretty handy!

P.…

Fullstack Ruby 

Top 10 Most Excellent Gems to Use in Any Ruby Web Application

The ecosystem of Ruby gems is rich with libraries to enable all sorts of useful functionality you’ll need as you write your web applications. However, at times it can be a challenge when you’re working within a broader Ruby context (aka not using Rails) to find gems which integrate well into all sorts of Ruby applications.

Occasionally you’ll come across a gem which doesn’t clearly label itself as Rails-only. In other cases, the manner in which you can use the gem outside of Rails isn’t clearly documented or there are odd limitations.

But thankfully, there are plenty of gems which are quite solid to use no matter what architecture you choose, and a few you might come across may even…

In this…

Ruby Magic by AppSignal 

What's New in Ruby on Rails 8

The first Rails 8 beta has officially been released, bringing an exciting set of features, bug fixes, and improvements. This version builds on the foundation of Rails 7.2, while introducing new features and optimizations to make Rails development even more productive and enjoyable.

Key highlights include an integration with Kamal 2 for hassle-free deployments, the introduction of Propshaft as the new default asset pipeline, and extensive ActiveRecord enhancements. Rails 8 also brings several SQLite integration upgrades that make it a viable option for production use.

Let's dive in and explore everything that Rails 8 has to offer!

Effortless Deployments with Kamal 2 and Thruster

Rails 8…

Ruby News 

Ruby 3.4.0 preview2 Released

We are pleased to announce the release of Ruby 3.4.0-preview2.

Prism

Switch the default parser from parse.y to Prism. [Feature #20564]

Language changes

  • String literals in files without a frozen_string_literal comment now emit a deprecation warning when they are mutated. These warnings can be enabled with -W:deprecated or by setting Warning[:deprecated] = true. To disable this change, you can run Ruby with the --disable-frozen-string-literal command line argument. [Feature #20205]

  • it is added to reference a block parameter. [Feature #18980]

  • Keyword splatting nil when calling methods is now supported. **nil is treated similarly to **{}, passing no…

Core classes updates

Note: We’re only listing outstanding class updates.

  • Exception

    • Exception#set_backtrace now accepts an array of Thread::Backtrace::Location. Kernel#raise, Thread#raise and Fiber#r…
  • Range

Notes to self 

Running multiple apps on a single server with Kamal 2

Kamal 2 finally brings the most requested feature to reality and allows people to run multiple applications simultaneously on a single server. Here’s how.

The Kamal way

Kamal is an application-centric deploy tool rather than a small PaaS. And this hasn’t changed with the new version 2. But what does it even mean?

Let’s look at a typical config/deploy.yml to run a generic application:

# config/deploy.yml
service: [APP_NAME]

image: [DOCKER_REGISTRY]/[APP_NAME]

servers:
  web:
    - 165.22.71.211
  job:
    hosts:
      - 165.22.71.211
    cmd: bin/jobs

proxy:
  ssl: true
  host: [APP_DOMAIN]

registry:
  username: [DOCKER_REGISTRY]

  # Always use an access token rather than real…

As you can notice the configuration describes only one particular service. And this hasn’t changed. Applications still have…

Mintbit 

Using Active Record Store in Ruby on Rails

Active Record Store is a powerful feature in Ruby on Rails that allows you to store structured data in a flexible way. Instead of creating separate tables for every piece of information, you can store data as a hash directly in your model. This is especially useful for scenarios where the structure of the data may change over time or is not strictly defined.

Example Scenario: Managing Book Preferences

Let’s imagine you are building a book review application where users can save their reading preferences. Instead of creating separate columns for each preference (like favorite genres, preferred authors, and reading status), you can use Active Record Store to simplify the model.

Step 1:…

Rails Designer 

S3 Alternatives for Rails’ ActiveStorage

ActiveStorage is a Rails framework that simplifies file uploads and attachments to cloud storage services. It provides a unified interface for handling file uploads, transformations, and storage across various cloud providers.

It’s beautifully simple and easy to set up. Adding an user avatar is just one line of code:

class User < ApplicationRecord
  has_one_attached :avatar
end

Love Rails! ❤️

Being one of the first to market, Amazon’s S3 (Simple Storage Service), has been the default storage provider for your ActiveStorage attachments. But the last few years more options have appeared. This is great for companies and customers alike!

For my next big thing, I have explored other…

Drifting Ruby Screencasts 

Kamal 2

In this episode we look at deploying a Rails 8 beta application to a Digital Ocean droplet. We'll also look at a scenario of deploying Action Cable broadcasts and another with recurring background jobs.
justin․searls․co - Digest 

🎙️ Breaking Change podcast v21 - Not From Backup

Direct link to podcast audio file

Get ready for a three-hour-plus Breaking Change spectacular! Why is it special? I'm not going to tell you. You'll just have to listen.

Remember, money doesn't change hands when you consume this Content™, but that doesn't make it free! In exchange for downloading this MP3, the license requires you to write in to podcast@searls.co at least once every three episodes. Some of y'all are past due, and I know where to find you.

Want URLs? I got URLs:

Hotwire Weekly 

Week 40 - Why Your Turbo Form Submission Fails, Hotwire Native content, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Next week, Rocky Mountain Ruby 2024 takes place in Boulder, Colorado, Oct 7-8, featuring some Hotwire and Hotwire-adjacent talks:

  • How to make your application accessible (and keep it that way!) - Joel Hawksley
  • Evolution of Real-Time and AnyCable Pro - Irina Nazarova
  • Leveling Up Developer Tooling For The Modern Rails & Hotwire Era - Marco Roth

I hope to see you there! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

ActiveStorage Direct Upload with Stimulus - This article by Rails Designer explains how to implement direct uploads with ActiveStorage using Stimulus. It shows how to set up a Stimulus controller to…

katafrakt’s garden 

Mruby: Errors in Ruby code and how to find them

In the article about using mrbgems we had a situation when ARGV constant was not defined, but referenced. As a result the code execution failed (the side-effects were not produced), however it did that completely silently. No error message was emitted. And even the exit code was zero.

This is obviously bad. So I set to fix it. By examining mruby source code I discovered mrb_print_error function. Putting it to use looks like this:

#define MRUBY_ERROR 1

// ...

/* handle exceptions */
if(mrb->exc) {
  fputs("Error when executing Ruby code:\n", stderr);
  mrb_print_error(mrb);
  mrb_close(mrb);
  return MRUBY_ERROR;
}

We can invoke it by referencing some undefined constant in our Ruby…

RichStone Input Output 

Getting into home games and reading a new book

Getting into home games and reading a new book

Hey friends!

My subscribers are usually good and driven people, so you are probably busy with some good stuff, so no time to wonder where this Rich guy has been for the past four months.

Well, TL;DR: After a few mini projects for fun, a failed SaaS project with a buddy of mine (we had no co-founder fit), and a month or two in figuring out what's next. I'm starting a new project.

I'm a natural born gamer, so this time, it's about my favorite topic in real life: home games.

The first part of the app is a score tracker to answer a few questions that bother me for the past 25+ years:

How do you track scores and determine who's the best in your bar card round? How often does your kid really win in…

zverok's space 

On programming and poetry (not Python’s tool)

Some thoughts on how programming’s unlikely relations to poetry, and some implications of those relations

I don’t have much time recently to work on articles about programming (especially considering my typical article length); but I have some previously written content to share. This article was drafted as a Twitter thread on my 39th birthday: a day when I published my new site, and announced “I’ll be writing more here soon!” It was Feb 14, 2022, ten days before the full-scale Russian invasion started. Two and a half years later, I finally go to making it into a standalone text with clearer arguments, some links and conclusions. Anyway.

You don’t see poetry (as in writing and reading…

justin․searls․co - Digest 

📸 Everybody needs a hobby.

Maybe I’ll start posting more photos.

justin․searls․co - Digest 

📸 gj everyone

X marks the spot on this SEO.

katafrakt’s garden 

Mruby: Beyond “hello world”

In the last article , I took an initial look at mruby: how to install it using asdf, how to execute a simple code and how to build a standalone binary from a Ruby source. Now it’s time to try to look further and build something more complex.

But first, let me just acknowledge how really basic the mruby is. It supports almost all Ruby syntax (apart from pattern matching), but when it comes to standard library, you’ll find many things missing. Some potentially surprisin omissions include: JSON parsing/building, regular expressions, HTTP client.

> JSON.parse('{"test": [null]}')
uninitialized constant JSON (NameError)

Does this mean that I have to write a JSON parser or regular…

Julia Evans 

Terminal colours are tricky

Yesterday I was thinking about how long it took me to get a colorscheme in my terminal that I was mostly happy with (SO MANY YEARS), and it made me wonder what about terminal colours made it so hard.

So I asked people on Mastodon what problems they’ve run into with colours in the terminal, and I got a ton of interesting responses! Let’s talk about some of the problems and a few possible ways to fix them.

problem 1: blue on black

One of the top complaints was “blue on black is hard to read”. Here’s an example of that: if I open Terminal.app, set the background to black, and run ls, the directories are displayed in a blue that isn’t that easy to read:

To understand why we’re seeing this…

RubySec 

CVE-2024-43795 (openc3): OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

### Summary The login functionality contains a reflected cross-site scripting (XSS) vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition ### Impact This issue may lead up to Remote Code Execution (RCE). **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g#advisory-comment-104904).
RubySec 

CVE-2024-46977 (openc3): OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)

### Summary A path traversal vulnerability inside of `LocalMode`'s `open_local_file` method allows an authenticated user with adequate permissions to download any `.txt` via the `ScreensController#show` on the web server COSMOS is running on (depending on the file permissions). Note: This CVE affects all OpenC3 COSMOS Editions ### Impact This issue may lead to Information Disclosure. **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8#advisory-comment-104903).
RubySec 

CVE-2024-47529 (openc3): OpenC3 stores passwords in clear text (`GHSL-2024-129`)

### Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition ### Impact This issue may lead to Information Disclosure. **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm#advisory-comment-104905).
Ruby on Rails 

Make Float distinguish between float4 and float8 in PostgreSQL and more

Hi, it’s Greg, bringing to you the latest changes from Rails, while recovering from an amazing Rails World experience.

Make ActionController::AllowBrowser::BrowserBlocker private
To reduce the API surface area of the allow_browser feature, this commit marks the class as private API.

Change ActiveSupport::HashWithIndifferentAccess#stringify_keys to stringify all keys not just symbols
This pull request changes ActiveSupport::HashWithIndifferentAccess#stringify_keysto stringify all keys, not just symbols.
Before the change:

{ 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2

After this change:

{ 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2

Make Float distinguish…

justin․searls․co - Digest 

📸 Are Apple Vision personas… people?

This is some real snake-eating-its-own-tail shit by Apple Photos. What the hell am I supposed to click in order to not screw up its training of Aaron's face?

SINAPTIA 

This week in #devs - Issue #1

Our #devs channel is a cross-project, shared space where the entire dev team of SINAPTIA can ask questions, share opinions, and discuss interesting articles or tech they come across. The idea is to post a curated extract of what happens there every week.

On Rails Performance

Last week, we discussed Rails performance extensively due to some work we’re doing on one of our client’s Ruby on Rails applications. Fernando shared an article about DHH’s take on N+1 queries: “N+1 is a feature”. Used with a Russian doll caching setup, it could be even more performant than eager loading. The topic is a bit controversial, as DHH’s opinions usually are, but we found the thought exercise fruitful. Both…

Ruby Rogues 

Navigating Rails for Front-End Developers: A Comprehensive Guide to Integration and Transition - RUBY 654

In this episode, Valentino and Ayush dive deep into the evolving landscape of web frameworks, particularly focusing on Ruby on Rails. Join them as they explore the challenges and advantages of transitioning from front-end-centric frameworks like Next.js to Rails, the seamless features Rails offers, and the complexities of integrating front-end components.


They also discuss exciting potentials like better integration of Vue component libraries with Rails, the simplicity and utility of custom elements, and the desire for Rails to incorporate features similar to Phoenix LiveView. The panelists share their thoughts on the evolving Rails stack, the need for better tools and documentation, and the…
Remote Ruby 

Jeremy and Jess from IndieRails

In this crossover episode, Jason and Chris are joined by Jeremy and Jess from the Indie Rails podcast to discuss Ruby programming, indie development, and the challenges of building and maintaining software as solo developers. They dive deep into the origins of Indie Rails, share their individual career journeys, and explore Jeremy's project, Liminal, which aims to replace traditional forums and Slack with a more modern solution. The group reflects on the frustrations with current platforms, their experiences with indie development, and the importance of marketing alongside coding. They also compare Rails and Laravel, talk about the "one-person framework" concept, and the challenges in…

justin․searls․co - Digest 

📸 I hate code review less now

I've hated the culture of asynchronous code review for years, especially as the popularity of GitHub and its pull request workflow lent itself to slow, uninformed, low-empathy, bureaucratic workflows to address problems that would be better solved by higher-bandwidth collaboration between team members.

That said, as someone who's spent the last 9 months building an app by myself, I've really enjoyed having GPT 4o as my "pair". It's still too slow: I get bored and tab away to check Mail or Messages. But instead of waiting hours for feedback I'm waiting for literal seconds. There's also zero ego, politics, or posturing. And while it does hallucinate bullshit, there's far less of it than one…

DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 22

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 22. Use method_missing for Delegation

Y'know after reading that intro paragraph in the book I'm questioning whether or not I want to pursue management again, but then again a lot of my job nowadays is writing Documents (heh) and delegating work to others and trying to distill context…

DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 21

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 21. Use method_missing for Flexible Error Handling

What exactly happens when Ruby doesn't find the method it's looking for? Well it goes hunting for that method of course, but it has to go all the way up its inheritance chain to try and find it first before it then falls back to the…

Awesome Ruby Newsletter 

💎 Issue 437 - It has to be the most beautiful open source project written in Ruby

DotRuby - Things we have to say. 

How to Create Custom Error Pages in Rails

Don't let error pages break your brand's flow. Learn how to create custom error pages in Rails that match your design, keeping the user experience smooth—even when things go wrong.
Rails at Scale 

An Introduction to the Ruby LSP Add-on System

CONFERENCE NEWS

The Ruby LSP team will be in attendance at RubyConf 2024 in Chicago (November). Reach out if you want to chat about anything related to Ruby LSP, or the wider Ruby developer experience.

Overview

In this post we introduce the Ruby LSP add-on system. We’ll explain the problem it solves, discuss its architecture, showcase some example add-ons, and share our vision for a future add-on ecosystem that enhances the Ruby development experience.

Introduction

Ruby LSP is a language server implementation designed to streamline writing Ruby code. It uses static analysis to parse your code to provide editor features. However, in the Ruby ecosystem, dynamic programming and DSL

RubyGems Blog 

3.5.21 Released

RubyGems 3.5.21 includes enhancements and bug fixes.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Fix Gem::MissingSpecVersionError#to_s not showing exception message. Pull request #8074 by deivid-rodriguez
  • Remove code that makes suggest_gems_from_name give worse results. Pull request #8083 by duckinator
  • Warning about PATH in --user-install mode is only necessary for gems with executables. Pull request #8071 by deivid-rodriguez
  • Installs bundler 2.5.21 as a default gem.

## Bug fixes:

  • Fix error in one source when fetching dependency APIs clearing results from all sources. Pull…
justin․searls․co - Digest 

📸 Pro-tip: engrave your iPhone PIN on your AirPods case

I guarantee a non-zero number of people have put their iPhone PIN on their AirPods case.

Ruby Weekly 

A smorgasbord of Rails 8 related updates

#​722 — October 3, 2024

Read on the Web

Ruby Weekly

▶  DHH's Rails World 2024 Opening KeynoteRails World took place last week, and by all accounts it was an amazing experience. DHH took to the stage to introduce Rails 8.0 beta 1, talk about the idea of the ‘One Person Framework’, espouse import maps, getting off the cloud, and more besides.

David Heinemeier Hansson

Eliminating Intermediate Array Allocations — Sure, all most things in Ruby are objects, but do all objects cause memory allocations? The answer is “no,” but the logic behind allocations is worth knowing, as understanding Ruby’s behavior…

Notes to self 

Upgrading from Kamal 1 to Kamal 2

Here’s some possible steps to take and notes from upgrading a single server Kamal setup to the new Kamal 2.

1. Upgrade to Kamal 1.9.x

First upgrade to Kamal 1.9 and confirm you can still deploy:

$ gem install kamal --version 1.9.0
$ kamal config
$ kamal deploy

2. Upgrade to Kamal 2

Update Kamal version again to a 2.x release:

$ gem install kamal --version 2.1.0

Do not redeploy just yet.

3. Remove Traefik mentions

Remove the Traefik section from config/deploy.yml:

traefik:
  options:
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
    network: "private"
  ...

And remove any other mentions of the proxy such as traefik.* labels…

Rails Designer 

ActiveStorage Direct Upload with Stimulus

In two previous articles I explored first previewing images before upload and then a drag & drop feature. In this article I am going, once again, extend the functionality by adding a direct upload feature.

Direct Upload in ActiveStorage allows files to be uploaded directly from the user to the cloud storage service (eg. S3), without touching your app’s server. This is mostly useful for larger files like audio and video, but nonetheless useful for images too.

Let’s start, also this time, with the HTML where the previous article ended:

<div data-controller="image-preview dropzone" data-dropzone-image-preview-outlet="#image-preview" data-action="dragover->dropzone#dragOver…
DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 20

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 20. Use Hooks to Keep Your Program Informed

So we're now into the metaprogramming chapters. The very short version of my opinion on it is that it's very powerful potentially, yes, but it's also capable of making your programs substantially harder to reason about for very little gain.…

RubySec 

CVE-2024-41673 (decidim): Decidim has a cross-site scripting vulnerability in the version control page

### Impact The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL. ### Workarounds Not available ### References OWASP ASVS v4.0.3-5.1.3 ### Credits This issue was discovered in a security audit organized by [Open Source Politics](https://opensourcepolitics.eu/) against Decidim done during July 2025.
Greg Molnar 

Rails World 2024

I had the privilege to attend and speak at Rails World 2024 in Toronto.

Ruby Magic by AppSignal 

Measuring the Impact of Feature Flags in Ruby on Rails with AppSignal

Feature flags are a powerful tool in software development, allowing developers to control the behavior of an application at runtime without deploying new code. They enable teams to test new features, perform A/B testing, and roll out changes gradually.

In Ruby on Rails, feature flags can be managed using diverse tools, the most popular being the Flipper gem. This article will explore implementing and measuring the impact of feature flags in a Solidus storefront using Flipper and AppSignal's custom metrics.

What Are Feature Flags in Rails, Again?

If you are looking for an introduction to the subject, check out the post Add Feature Flags in Ruby on Rails with Flipper.

In a nutshell, though,…

All about coding 

Where to list your Ruby company online

A couple of projects or directories in the Ruby community are trying to aggregate companies or products using Ruby or Ruby on Rails. If you are using Ruby or any Ruby-based framework in your company or for one of your projects, then I think you should add it to these websites as you see fit.

These efforts are important for the community, as they provide a valuable resource for job seekers while offering inspiration and opportunities about what can be built with Ruby and Ruby on Rails.

Moreover, it is equally good to show what kind of projects and companies can be built with Ruby / Ruby on Rails for anyone considering learning Ruby.

UsingRails.com

https://usingrails.com is a project by Andy Croll

Performance Action Pack - a cost effective way to audit and optimize your Rails app 

How to use Cloudflare Workers proxy with Rust

Visits counter was a critical feature of every website just 20 years ago. In this tutorial, we will implement it with Rust Cloudflare Workers by adding persistence and dynamic behaviors to an otherwise static page. We will also discuss other practical use cases of CF workers edge proxy.

Static blog with CF edge caching

Visits: [VISITS_COUNT]

This blog is a static JekyllRB website hosted on an EC2 behind an NGINX proxy. Additionally, it’s using a Cache everything Cloudflare cache rule with the following header for each HTML page:

cache-control: public, max-age=3600

Cloudflare cache everything rule

You can check it by running this cURL:

curl -I https://pawelurbanek.com/cloudflare-workers-rust | grep cache

#…
justin․searls․co - Digest 

📸 Help me fill this out

Starting from scratch with my RSS subscriptions.

Only rules for each feed:

  1. Is interesting
  2. Is published by an individual

Anything you'd recommend? Let me have it: justin@searls.co

Rails Inside Out 

Deploying Multiple Rails Apps on The Same Server with Puma + Nginx

If Kamal is not for you then this article is for you. Theres a lot of my opinions in this article, feel free to jump to the setup section

After coming back to rails from Laravel I found that it wasnt clear how to run multiple rails apps on the same server. If you google deploy rails right now you see something about deploying to heroku which was the thing when I started using rails in rails 5.

With PHP-FPM + Nginx I could run an infinite number of apps on a $5/month server. When it was time to deploy Pulse, as always I did a deep dive, most of the articles on the internet assumed I wanted to run 1 rails app on 1 vm, my first attempt worked, I ran puma, I dont even remember how, it worked but…

John Nunemaker 

How to Find a Business Partner

I've had business partners for every business I've been a part of. Yet, I've never asked myself "Why?". Yesterday someone did.

You’ve been fairly prolific over the years, and I was wondering what your thoughts were on taking a business partner? I think you’ve had a partner(s) for every initiatve/business? Would you ever do one without or do you typically find it better with one?

This was my answer: risk reduction. I'm a scaredy cat. 

Back in the early days of my first business (2008?), I partnered with Steve Smith instead of going it alone. Great decision. 

We had complimentary product skills (he was form and I was function) and had worked together for a few years at the University of Notre…

naildrivin5.com - David Bryant Copeland's Website 

Custom Elements Reacting to Changes

In the end notes of my post on creating a sorting and filter table using custom elements, I mentioned that my solution would not work if the <table> inside <fancy-table> was modified. This post outlines how to address that using MutationObserver, and it’s kinda gnarly.

The Problem - Your DOM Changes out From Under You

The contract of the <fancy-table> as that if sort-column was set, the table’s rows would be sorted, and if filter-terms was set, only rows matching the filter would be shown. That contract breaks if the inside of the <table> is modified.

Ideally, whatever behavior an HTML Web Component bestows upon the DOM it wraps is bestowed to whatever is in there, no matter when or…

Mintbit 

Writing More Expressive Ruby with the it Shorthand

Ruby is a language that consistently evolves to make code more expressive, concise, and readable. With the release of Ruby 3.4, one of the exciting new features introduced is the use of it as a shortcut for the first parameter in a block. This enhancement aims to simplify code, especially in situations where blocks are used extensively, reducing the need to explicitly declare block parameters.

In this post, we’ll explore how the it shorthand works, why it was introduced, and when it’s useful.

What Is the it Shorthand?

The it keyword is now an implicit reference to the first block parameter. This means that instead of having to define a block parameter explicitly, you can use it as a…

Alchemists: Articles 

htmx View Transitions

Cover
htmx View Transitions

View Transitions, if not aware, provide CSS and HTML support for animating state transitions between elements within the same document or across different documents. This allows web applications to use smooth transitions normally only seen with native mobile apps.

Currently, View Transitions have growing, but limited, browser support with Firefox being the sole laggard. The good news is we can implement view transitions while having automatic progressive enhancement as browser support grows.

In this article, I’ll use the following stack to animate a deck of slides for presentation purposes:

I’ll assume…

BigBinary Blog 

Creating a synchronized store between main and renderer process in Electron

When building desktop applications with Electron, oneof the key challenges developers often face is managing the shared state betweenthe main process and multiple renderer processes. While the main processhandles the core application logic, renderer processes are responsible for theuser interface. However, they often need access to the same data, like userpreferences, application state, or session information.

Electron does not natively provide a way to persist data, let alone give asynchronized state across these processes.

electron-store to store data persistently

Since Electron doesn't have a built-in way to persist data, We can useelectron-store, an npm packageto store data persistently. e…

The Bike Shed 

442: Paradigms - What is a Program?

What is a program? Your answer to this question will determine the paradigm through which you view programming. During this episode, you’ll come to understand how things change once you develop an awareness of your paradigm, and what. To kick off this episode, Stephanie shares key insights she took from Planet Argon’s 2024 Ruby on Rails survey and dives deeper into her history with Ruby on Rails. Next, we dive into the definition of a paradigm and unpack three different paradigms you might hold as a developer: procedural, object-oriented, and functional. Considering how each of these impacts the way that you might approach your work as a developer, and what you can learn from the…

Josh Software 

Will the Real Deepfake Please Stand Up?

In the rapidly evolving digital landscape, the banking and financial services sector has made significant strides in leveraging technology to streamline processes, enhance customer experiences, and strengthen security measures. Among these advancements, eKYC processes have become a cornerstone of digital transformation, offering a faster and more convenient way to verify identities and onboard customers. However, … Continue reading Will the Real Deepfake Please Stand Up?
Short Ruby Newsletter 

Short Ruby News - Edition #107

The one about Rails World when Rails 8.0.0.beta1 was announced
justin․searls․co - Digest 

📸 Hey, I know that speaker

Extremely proud of… how much my posture has apparently improved since I started speaking.

It was a real journey.