Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Saeloun Blog 

Rails 7.1 Adds exclude? And extract_value methods To ActionController::Parameters

Rails ActionController::Parameters is a convenient way to pass data from a request to a controller action.

It allows us to choose which attributes should be permitted for mass updating and thus prevents accidentally exposing parameters that shouldn’t be exposed.

Before exclude?

To check if the given key is present in the parameters, we can use the include? method, but ActionController::Parameters does not provide any method to check if the given key is not present in the parameters.

params = ActionController::Parameters.new(name: "John", age: 26)

params.include?("name") #=> true

After exclude?

Rails 7.1 adds exclude? method to ActionController::Parameters. It is the inverse of inclu…

The exc…

Dimiter Petrov 

"We don't deploy on Fridays"

Hearing "we don't deploy on Fridays" makes me sad, because I always encounter as a precautionary measure.

Fear and precaution

The subtext is "it's not safe to deploy" and "if there is a problem, it takes too long to fix".

There is plenty out there about this topic. Search for "deployment on Friday". I almost forgot I've also written about this before. The arguments are more or less the same. If you are afraid to deploy, it may be because:

  • you have insufficient monitoring and alerting; or
  • the deployment process is error-prone; or
  • deployments, and thus rollbacks, are too slow; or
  • if something breaks, you don't know how to fix it; or
  • risky changes are deployed all at once (vs using feature…

Those are all valid reasons. But they're also valid reasons on a Monday morning. So, do address them.

Valid reasons to not deploy on Fridays

Still, I'd love to…

Evil Martians 

How to do launch weeks for developer tools, startups, and small teams

Authors: Olga Rusakova, Head of Communications, and Travis Turner, Tech EditorTopic: Business

A launch week is densely packed with content and activities designed to announce and explain new releases and features from different angles. They are a tested promotional strategy for early stage startups (and especially for developer tools with small teams!)

A “launch week” is a tested promotional strategy for early stage startups (especially for developer tools with small teams!) They are effective at reaching your target customers from multiple channels—and can also be very cost-efficient when properly done. In this post, we’ll unravel launch weeks, determine if they’re a good option for your…

Planet Argon Blog 

Ruby on Rails vs. React: Finding the Perfect Fit for Your Web Development Project

Ruby on Rails vs. React: Finding the Perfect Fit for Your Web Development Project

Let's explore how React and Ruby on Rails can streamline your development process. This combination is a perfect fit for small teams wanting to get more done with less hassle.

Continue Reading

BigBinary Blog 

Creating blurred or virtual backgrounds in real-time video in React apps

Modern tools like Zoom and Google Meet allow us to blur or completely replaceour background in real-time video, creating a polished and distraction-freeenvironment regardless of where we are.

This is possible because of advancements in machine learning. In this blog,we'll explore how to achieve real-time background blurring and replacement usingTensorFlow's body segmentation capabilities.

Tensorflow body segmentation

TensorFlow body segmentation is a computer vision technique that involvesdividing an image into distinct regions corresponding to different parts of ahuman body. It typically employs deep learning models, such as convolutionalneural networks (CNNs), to analyze an image and predict…

RubyGems Blog 

3.5.23 Released

RubyGems 3.5.23 includes enhancements, bug fixes, performance and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Validate user input encoding of gem CLI arguments. Pull request #6471 by deivid-rodriguez
  • Fix gem update --system leaving old default bundler executables around. Pull request #8172 by deivid-rodriguez
  • Installs bundler 2.5.23 as a default gem.

## Bug fixes:

  • Fix commands with 2 MFA requests when webauthn is enabled. Pull request #8174 by deivid-rodriguez
  • Make --enable-load-relative binstubs prolog work when Ruby is not installed in the same directory…

## Performance:

  • Speed up gem install <nonexistent-gem> by…
Greg Molnar 

Deploying a Jekyll site with Kamal

Since Kamal 2 can host multiple sites on the same server, I am consolidating my apps into larger hosts so I have less servers to worry about. Most of my apps are Rails apps, but I have a few static jekyll sites like this blog and I decided to look into how could I move this site to a server I host other Rails apps on.

Stefan’s Blog 

Postfix + ActionMailbox - integrating into existing postfix server by using aliases + curl command

In the past, I built several e-Mail processing features using Ruby that predate the official ActionMailbox - Such as: Bounce processing, e-mail notifications, newsletters, order confirmations, forwardings etc. So before, I always used a IMAP client run by a great mail_room to fetch emails from a mailbox and process them by directly supplying them to Sidekiq queue. The internal Mail routing (Which email should be processed and shown to which customer etc.) was handled internal, as well as bounces etc. So it was time, that I try out the whole ActionMailbox stack instead, which is a more standardized solution and has great testing support.

We are using Postfix so handle our own e-mail…

Rémi Mercier 

Poking around PostgreSQL full-text search: a beginners primer

Today, I want to share a different type of post. Nothing polished. Just me goofing around with PostgreSQL’s full-text search capabilities. And yes, if you’re wondering how someone can have fun while using full-text search, well, I’m wondering about that myself.

A note: this post is beginners friendly. Even though it is long, I’ll only scratch the topic’s surface.

Let’s start with the basics!

What is full-text search?

The PostgreSQL documentation says it best:

Full-Text Searching (or just text search) provides the capability to identify natural-language documents that satisfy a query, and optionally to sort them by relevance to the query.

PostgreSQL documentation

In layman’s…

Saeloun Blog 

Rails 7.1 Supports Descending Order For in_batches Without Block

ActiveRecord::Batches provides methods like find_each, find_in_batches, and in_batches to process records in batches, reducing the load on the database and memory consumption.

By default, records are processed in ascending order by primary key(ID).

Rails 6.1 has added support for providing order(ASC/DESC) to batch processing methods like find_each, find_in_batches and in_batches.

Before

Before Rails 7.1, using in_batches without a block on an ActiveRecord relation did not support descending order, even if it was specified. Instead, records were processed in ascending order.

Note that the ordering works fine for both find_each and find_in_batches methods with ASC/DESC.

It also works…

Hanami 

Hanami 2.2: Persistence pays off

Two years ago, we released Hanami 2.0, opening a new chapter for Hanami and our vision for Ruby apps.

Earlier this year, we took another step and introduced our view layer with Hanami 2.1.

Today we complete the vision! We are thrilled to share Hanami 2.2 with you. With this release, we introduce a powerful new database layer and a brand new tool for organizing your business logic.

Persistence pays off: Hanami’s new database layer

Hanami’s new database layer gives you a clear home for every aspect of your database interactions, along with the means to build your own clean interface for your app’s business layer to consume.

When you generate a new app,…

Nithin Bekal 

avante.nvim: AI copilot in Neovim

Lately, I’ve been trying out the Cursor IDE at work. The editor itself is VS Code under the hood, but it adds a bunch of AI-driven features on top, much like Github Copilot.

I’ve found Cursor quite enjoyable to use, especially in the unfamiliar corners of the codebase, where I’m trying to understand what’s going on. However, my ideal editing environment would be Neovim with these capabilities thrown in.

Enter avante.nvim, which emulates the behavior of Cursor from within Neovim. Over the past few days, I’ve been playing around it, and found it quite pleasant to use.

Basic setup

The initial setup was really easy. I copied over the config from the readme into my lazy.nvim config, and set…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 112

The one where Jeremy launched the Liminal forum and with many releases - Ruby 3.2.6, Rails 8.0.0.rc2, Hanami 2.0.0.rc1, Rails 7.1.6, Rails 7.2.2 and the big discussion about Fibers
Ruby News 

Ruby 3.3.6 Released

Ruby 3.3.6 has been released.

This is a routine update that includes minor bug fixes. It also stops warning missing default gem dependencies that will be bundled gems in Ruby 3.5. For more details, please refer to the release notes on GitHub.

Release Schedule

As previously announced, we intend to release the latest stable Ruby version (currently Ruby 3.3) every 2 months following a .1 release.

We expect to release Ruby 3.3.7 on January 7th. If any significant changes arise that impact a large number of users, we may release a new version earlier than scheduled.

Download

JRuby.org News 

JRuby 9.4.9.0 Released

The JRuby community is pleased to announce the release of JRuby 9.4.9.0.

JRuby 9.4.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! @kares, @jpcamara, @jsvd

Ruby Compatibility

  • Various fixes for keyword arguments. #8344, #8344, #8382, #8389
  • Mutex has been fixed to check for thread interrupts (Thread#kill, Thread#raise) immediately after acquiring the lock. #8403, #8404

Standard Library

  • The fiddle library is now a default gem and can be upgraded independently of JRuby. #8385

Developer Experience

  • The core jar file of JRuby can be…
Felipe Vogel 

Alpine.js as a Stimulus alternative

Recently I discovered Alpine.js as an alternative to Stimulus for conveniently sprinkling JavaScript into server-rendered pages—and it may even be a better alternative.

You may know of Alpine as that little JS library where you write inline JS in the HTML—ewww! That’s all I knew about it too.

But it turns out that you can put the JS in separate…

Rails Designer 

Use Action Cable with Your Main PostgreSQL Database

In a recent article I wrote about broadcasting Turbo Streams without Redis. Next to using the long-available PostgreSQL adapter, there is the new Solid Cable gem.

The default installation assumes another (SQLite) database to store the “messages”. While that works if you host your Rails (via something like Kamal), if you use Heroku (like I do for all my SaaS apps), this gets tricky.

I want to highlight how to install Solid Cable and use it with your primary (PostgreSQL) database.

  1. bundle add solid_cable
  2. bin/rails solid_cable:install

So far this is the default installation. Some manual work now!

  1. Create a new migration file bin/rails generate migration CreateSolidCableTables
  2. Ope…
Drifting Ruby Screencasts 

Kamal Kitchen Sink

In this episode, we look at creating an entire infrastructure (proxy, load balancer, app servers, worker servers, database server, and a storage server) on our own hardware use Kamal to provision and deploy our Ruby on Rails application.
Hotwire Weekly 

Week 44 - Comparing Hotwire with HTMX, Nested Models in One Form, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! There is a lot to unpack this week, Happy reading! 🚀✨

P.S. You can now find us on Bluesky too! 🦋


📚 Articles, Tutorials, and Videos

How To Use Importmaps With Rails - This GoRails episode by Chris Oliver introduces the basics of using Importmaps in Rails, a feature allowing developers to manage JavaScript modules without relying on bundlers.

Create Nested Models with One Form - Nested Attributes Explained - Vini Oyama explores in his blog post and video how to handle complex nested models in Rails using nested attributes within a single form. He provides a step-by-step guide on setting up models, controllers, and views…

Safely Passing Ruby Variables…

RubySec 

CVE-2024-21510 (sinatra): Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
The Rails Changelog 

027: Migrating a Rails Monolith from MySQL to Trilogy with Adrianna Chang

In this episode, I sit down with a seasoned Rails engineer to dive into the technical intricacies and community-building work that power the Ruby ecosystem. Adrianna, who currently works as an engineer at Shopify shares insights into their role, their experience with the vibrant WNB.rb community, and what goes into organising meetups focused on all things Ruby and Rails.

We take a deep dive into Trilogy, Shopify’s custom implementation of the MySQL protocol. Adrianna unpacks the motivation behind developing Trilogy, the design choices that distinguish it from the traditional libmysqlclient library, and the trade-offs they faced. We also discuss the challenges of migrating from MySQL…

Ruby Rogues 

Embracing AI Efficiency in Rails Development - RUBY 658

 In today's episode, they dive deep into the world of AI, technology, and Ruby on Rails with our special guest, Gustavo Valenzuela. Charles and Valentino unpack everything from community-driven insights and AI advancements to the fascinating board game "Star Realms." They explore Gustavo’s journey, his innovative platform "Startups on Rails," and how it aims to document companies powered by Ruby on Rails. Plus, get ready for discussions on AI's transformative role in development, the economic landscape affecting tech hiring, and valuable entrepreneurial advice for developers. Whether you're curious about Hugging Face's new tools or looking for insights into Rails' vibrant community, this…
Nithin Bekal 

Optimizing page loads for Giscus comments

A few months ago, I removed Disqus comments from this blog, and replaced it with Giscus, which uses Github discussions for blog comments. When I checked the pagespeed scores of this site recently, I was surprised to see the relatively low scores.

The score was 78 on desktop and 88 on mobile. For a blog this lightweight, I’d have thought the scores would be in the 90s. Turns out that the Giscus JS snippet was adding about 330ms of blocking time to the page load.

Replacing the script

The script below is what you get when you set up Giscus. With the data-loading="lazy" attribute, it actually does a great job of not loading things until you scroll down, but even loading the script has a cost.

katafrakt’s garden 

Chekhov’s gun principle for testing

It’s not an uncommon notion that writing tests is more of a storytelling task than a technical one. Most recently I encountered it in The Bike Shed podcast, but you can find blog posts and conference talks about it as well. And if it is a storytelling act, perhaps we should look into narrative principles to make our tests better?

One of the first rules that comes to my mind when thinking about storytelling is Chekhov’s gun rule. What’s it about? In Anton Chekhov’s own words (I’m quoting after Britannica):

One must never place a loaded rifle on the stage if it isn’t going to go off. It’s wrong to make promises you don’t mean to keep.

Aforementioned Britannica also provides a…

Ruby on Rails 

Default Regexp.timeout and more!

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Cast query_cache value when using URL configuration for Active Record
When configuring the Active Record connection with DATABASE_URL, due to not casting the value to an integer, the query cache was not set to the given value. This pull request fixes this issue.

Default Regexp.timeout to 1s
This pull requests sets Regexp.timeout to 1 second by default to improve security over Regexp Denial-of-Service attacks. If a timeout was already configured in the application, Rails won’t override it.

Authenticate the Action Cable connection too
The new authentication generator will add authentication to Action Cable too now.

Ex…

Alchemists: Articles 

Shuhari

Cover
Shuhari

Shuhari, as a concept, is rooted in traditional Japanese martial arts with a philosophy focused on learning and mastery. This seems fitting considering Ruby is a programming language created by Yukihiro “Matz” Matsumoto who is Japanese along with part of the Ruby core team. I’m not saying both are intertwined but I find the concept and the language, both being Japanese, interesting because the journey to mastery — or any language for that matter — takes years of grit, rigor, and practice.

For context, the word "Shuhari" is composed of three Japanese characters:

  • Shu (守): Means "to protect" or "to obey". This represents the initial stage of learning, where the apprentice…

Remote Ruby 

RubyGems & Ruby Central with Marty Haught

In this episode, Jason and Chris welcome back Marty Haught, a long-time leader in the Ruby community, to discuss his history and continued involvement with Ruby Central. Marty shares his journey from joining the Ruby Central board in 2012 to his recent role as interim open source lead. The conversation dives into the origins of RubyGems, the evolution of RailsConf and RubyConf, and the challenges of managing these vital aspects of the Ruby ecosystem. Marty also talks about his plans for sustaining RubyGems' future and the infamous "Marty dinner" tradition at conferences. Hit download now to hear more!


Awesome Ruby Newsletter 

💎 Issue 441 - Benchmarking Ruby Parsers

Julia Evans 

ASCII control characters in my terminal

Hello! I’ve been thinking about the terminal a lot and yesterday I got curious about all these “control codes”, like Ctrl-A, Ctrl-C, Ctrl-W, etc. What’s the deal with all of them?

a table of ASCII control characters

Here’s a table of all 33 ASCII control characters, and what they do on my machine (on Mac OS), more or less. There are about a million caveats, but I’ll talk about what it means and all the problems with this diagram that I know about.

You can also view it as an HTML page (I just made it an image so it would show up in RSS).

different kinds of codes are mixed together

The first surprising thing about this diagram to me is that there are 33 control codes, split into (very…

Ruby Weekly 

All Ruby treats, no tricks

#​725 — October 31, 2024

Read on the Web

🎃 Boo! We're back after a rare week off, but now we're here through to Thanksgiving. I hope you have a fun Halloween, if you partake in it, but rest assured this issue is all treats and no tricks..
__
Peter Cooper, your editor

Ruby Weekly

Benchmarking Ruby Parsers — Prism is (almost certainly going to be) the new default parser in Ruby 3.4, but is it the best-performing option? Benoit looks at several candidates, including Ripper and ruby_parser, and gives us the good news that yes, Prism is fast!

Benoit Daloze

Ruby Video: An Index of ~4000 Ruby Talks — Over the…

Posts on Kevin Murphy 

Happy Halloween 2024

Frequently Played 🔗

Maybe you’re wearing a witch hat today, like my daughter will be. Maybe you’d befine treating it like just another day, like I am. Either way, enjoy the day.

Halloween 🔗

Full Lyrics

And who are you supposed to be?
You look like heaven tonight
Me, I’m a tomb, a corpse in a suit
Trying to look a little alive
Are you alright?
‘Cause I worry sometimes
Are you dressed up to take my life?

A Night with the Jersey Devil 🔗

Full Lyrics

Set my flesh to burning, whilst I sleep
I burn, burn, burn, till my soul burn black
Black rains fall, I come back, I come back

Monster Mash 🔗

Certainly not their strongest effort.

Coincidentally, the E Street Band starts the Canadian swing of their tour tonight. I’d…

Rails Designer 

Hotwire and Stimulus Tools You Need to Know

The Hotwire/Turbo/Stimulus community is not as big as React or even Vue. But it has some dedicated users—yours truly included—that have built and shared some cool tools and extra’s.

In this article I want to list some nifty, smart or otherwise cool extensions/tools for Hotwire/Stimulus. This article will be updated whenever I stumble upon something new.

Turbo Power

This power pack extends the default Turbo Stream actions (append, update, replace, etc.) with many other useful actions. From (meta) title update to updating a data attribute and from toggling css to set a value in local storage.

Just add it using your favorite package manager to get all these goodies. Comes with a related Ra…

Ruby on Rails 

Rails Versions 7.1.5 and 7.2.2 have been released!

Hi friends!

I’m happy to announce that Rails 7.1.5 and 7.2.2 have been released. These are regular bugfix releases.

This is likely to be the last set of bug fixes for the 7.1 series, which will continue receiving security patches until October 1, 2025. 7.2 will continue to receive bug fix releases like this until August 9, 2025 followed by another year of security patches.

For those excited for Rails 8.0, we also published a second release candidate yesterday: 8.0.0.rc2. Thanks to everyone who helped us with testing the beta and first release candidate ❤️.

CHANGES since 7.1.4

To see a summary of changes, please read the release on GitHub:

7.1.5 CHANGELOG To view the changes for each…

code.dblock.org | tech blog 

Safely Passing Ruby Variables to JavaScript in ERB

A user reported a bug in Slava, a bot that syncs Strava activities to Slack, where they couldn’t subscribe to the paid version because their Slack team name contained a quote. That was a rookie mistake on my part in HTML escaping that almost cost me $9.99. Interestingly, it required a rather non-trivial fix.

The bot’s code extensively uses ERB, the standard Ruby templating system. The implementation attempts to render a team name in bold. The recommended way to do this is to combine .html_safe with the displayed value.

<script>
  $(document).ready(function() {
    message('<%= "Welcome <b>".html_safe + name + "</b>!".html_safe %>');
  });
</script>

Aside of being not very elegant, this…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v23 - M4 Supermax

Direct link to podcast audio file

It is Wednesday, my dudes! This is normally a weekend listen, but there are new Macs to talk about. I wanted to give you the absolute freshest, least accurate information I can about all these neat new computers that I WILL NOT BE BUYING BECAUSE TIM COOK IS A COWARD.

Write something you want to say in all caps over at podcast@searls.co and maybe I'll scream it on the show!

Inside-voice links follow:

Shopify Engineering - Shopify Engineering 

How We Built the BFCM 2023 Globe

AkitaOnRails.com 

Omakub pra Manjaro e ArchWSL

Algum tempo atrás o DHH lançou uma ferramenta open source chamada Omakub que instala diversas ferramentas e configura um ambiente de desenvolvimento moderno em Ubuntu. Ele vai além de coisas só de terminal e também configura vários aspectos do ambiente GNOME. Vale a pena experimentar, nem que seja numa Virtual Machine, pra ver como fica.

Omakub - demo

Eu gostei bastante das escolhas do DHH, ele sempre foi um cara de Mac, eu também. Mas eu migrei de volta pra Linux quase 10 anos atrás. O motivo foi porque eu evangelizava tech pra desenvolvedores júniors e no Brasil ficou inviável incentivar Macs. E não queria que parecesse que sem usar Macs você estaria automaticamente em grande desvantagem. Então…

Mintbit 

Rails 8: Key Features and Developer Benefits

Ruby on Rails 8 is shaping up to be one of the most exciting versions yet, introducing powerful features for both seasoned developers and those new to the framework. From supporting SQLite for production to native authentication and improved Progressive Web App (PWA) support, Rails 8 brings significant innovations to the table. Here’s a breakdown of some of the most impactful changes:

1. Progressive Web Apps (PWAs) Get a Boost

Rails 8 brings enhanced support for Progressive Web Apps, with PWA setup files generated by default. Moreover, it introduces Action Notifier, a new framework dedicated to managing push notifications, similar to how Action Mailer handles emails. This improvement…

RoRvsWild's blog 

Speed Up Compound Full-Text Searches in PostgreSQL by 300x

Full-text Search Approaches

Full-text search is a vital part of many web applications. Approaches to tackle this challenge are as diverse as the circumstances under which your app operates:

  • If you have to combine documents from many sources, for example, you are likely going to reach for Elasticsearch. If you want a Rails integration the Searchkick gem has you covered.
  • If you want a solution that’s similar to Elasticsearch’s capabilities but less devops-intensive, consider Meilisearch, which has a single-node architecture.
  • If you want a fully managed, off-site solution, you could take a look at Algolia, for example.
  • If you want to go full cutting edge, you could use a local LLM…

Chances are, though, either of these solutions are breaking a fly on a wheel for your application. If you are using Postgresql as your database management system, the pg_search gem might be a perfect, low friction fit that doesn’t introduce additional operational complexity.

Note: Do not confuse this with the Postgres extension of the same name which is built and…

pg_search Primer

L…

Ruby Magic by AppSignal 

The Basics of Rack for Ruby

Rack is the foundation for every popular Ruby web framework in existence. It standardizes an interface between a Ruby application and a web server. This mechanism allows us to pair any Rack-compliant web server (such as Puma, Unicorn, or Falcon) with any Rack-compliant web framework (like Rails, Sinatra, Roda, or Hanami).

Separating the concerns like this is immensely powerful and provides a lot of flexibility. It does, however, also come with limitations.

Rack 2 operated on the assumption that every request must provide a response and close the connection. It made no facility for persistent connections to enable pathways like WebSockets.

Developers had to make use of a hacky escape hatch…

Ruby News 

Ruby 3.2.6 Released

Ruby 3.2.6 has been released.

Please see the GitHub releases for further details.

Download

Ruby Magic by AppSignal 

Optimize Database Performance in Ruby on Rails and ActiveRecord

In Rails, we're more likely to use SQL databases than other frameworks. Unlike NoSQL databases, which can be scaled horizontally with relative ease, SQL databases like PostgreSQL or MySQL are much less amenable to easy scaling.

As a result, our database usually becomes the primary bottleneck as our business grows. Although SQL databases are very efficient, as our growing customer base puts an increasing load on our servers, we begin scaling our instance counts, workers, etc. But we can't just make copies of our database for each new server we spin up. This makes optimizing database performance critical for any serious Rails project.

In this post, we'll explore strategies for optimizing…

On the Edge of Ruby 

Benchmarking Ruby Parsers

The new Prism parser has become the default in Ruby 3.4.0 preview 2.

Let’s benchmark Ruby parsers and find out how fast they are.

We run benchmarks on Ruby 3.4.0 preview 2 with YJIT (ruby 3.4.0preview2 (2024-10-07 master 32c733f57b) +YJIT +PRISM [x86_64-linux]), on an AMD Ryzen 7 3700X 8-Core Processor and a NVMe M.2 SSD, on Linux, with frequency scaling disabled and the performance CPU governor.

We will compare:

  • prism 1.2.0
  • parser 3.3.5.0
  • ruby_parser 3.21.1
  • Ripper from ruby 3.4.0preview2
  • RubyVM::AbstractSyntaxTree from ruby 3.4.0preview2

Which are the latest releases at the time of writing.

Our corpus will be all .rb files in railties 7.2.1.2, that is 151 files, consisting…

Evil Martians 

Woah, opacity! A full guide to this badass hero of efficient UI design

Authors: Arthur Objartel, Product Designer, Roman Shamin, Head of Design, and Travis Turner, Tech EditorTopic: Design

See how opacity can be a game changer for web apps, minimizing the number of design tokens, styles, and component variants, thus making your workflow more efficient and flexible, especially useful for startups and fast-moving teams.

Transparent colors are a staple of modern operating systems, yet, for some reason, web apps still underutilize this marvel of modern interface design. And what happens when you properly integrate transparent colors into your design toolkit? You can minimize the number of design tokens, styles, and component variations—making your workflow more…

Radan Skorić's website 

Hotwire and HTMX - Same Principles, Different Approaches

Hotwire and HTMX are two powerful libraries that both have the same goal: simplify building modern web applications. Both embrace the HTML+CSS basis of the web and enhance it to enable slick UIs with little or no javascript needed. While both projects share many fundamental values and even goals, they take different approaches to fulfilling them. By the end of this article you’ll have a good ...
Hanami 

Hanami 2.2.0.rc1

Our work on Hanami 2.2 continues, and today we’re very happy to offer a release candidate. This is our last stop before 2.2.0, which we plan to release this time next week!

In this release, we’ve continued to refine our new database layer:

  • You can now configure gateways (introduced in beta2) with a hash of connection_options.
  • Config from matching gateways in parent slices is applied to gateways in child slices, allowing you to configure shared gateways in one place only.
  • Hanami::Struct instances provide a convenient #to_json method.
  • A DatabaseCleaner setup is generated in new apps, to keep your test database in a predictable state between RSpec tests.
  • When running hanami db CLI commands…
BigBinary Blog 

Improving search experience using Elasticsearch

We use Elasticsearch in NeetoCourse for oursearching needs. Recently, we have made some changes to Elasticsearch config toimprove the search experience. In this blog, we will share the changes we madeand what we learned during the process.

Definitions

These are some of the terminologies in Elasticsearch that we use in this blog.

  • Document: A document in Elasticsearch is similiar to a row in a databasetable. It is a collection of key-value pairs.

  • Index: An index is a collection of documents. It is similar to a databasetable. Indexing is the process of creating the said index, and we canconfigure each step of this process.

  • Analyzer: An analyzer converts a string into a list of searchable…

The Bike Shed 

445: Working Iteratively

Does having smaller, more frequent iterations help to ease your cognitive load? During this episode, we discuss the benefits and challenges of working iteratively and whether or not it can prevent costly errors. You’ll hear about juggling individual pieces effectively, factors that incentivize and de-incentivize working iteratively, and how Joël gauges whether or not a project should be broken up into smaller tasks. It can be hard to adopt small iterations, and this conversation also touches on the idea of ‘good enough code’ and discusses how agility can reduce the cost of making changes. Tuning in, you’ll hear about some of the challenges of keeping up with changes as they evolve…

RubySec 

CVE-2024-49761 (rexml): REXML ReDoS vulnerability

## Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `` and `x...;` in a hex numeric character reference (`...;`). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03. ## Patches The REXML gem 3.3.9 or later include the patch to fix the vulnerability. ## Workarounds Use Ruby 3.2 or later instead of Ruby 3.1. ## References * https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761 * Announced on www.ruby-lang.org.
RubySec 

CVE-2024-49771 (mpxj): MPXJ has a Potential Path Traversal Vulnerability

### Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. ### Patches The issue is addressed in MPXJ version 13.5.1 ### Workarounds Do not pass zip files to MPXJ. ### References N/A
Short Ruby Newsletter 

Short Ruby Newsletter - edition 111

The one with 2 book launches, tickets available for BrightonRuby, a new release of ruby/json making JSON.dump twice faster
Aha! Engineering Blog 

Transparency, autonomy, responsiveness, and education: How the Aha! engineering team works

img { max-height: 400px; margin-right: auto; margin-left: auto; } table, th, td { font-family: Red Hat Display, "Helvetica Neue", Arial, "Noto Sans", sans-serif; border: 1px solid var(--aha-gray-400); } th { background-color: var(--aha-gray-100); color: var(--aha-gray-900); text-align: left; } td img { margin: 0.5em auto !important; }

Organizations have many different ways to approach how teammates write code. You have individual silos, pair programming, team-based work, and black box interfaces where you have no idea how the other team is structured.

We use a mix of these approaches at Aha! rather than sticking to one methodology. Th…

Rails Designer 

Basic Autocomplete Without JavaScript using Datalist

I recently had to add a basic autocomplete feature. A user can add settings with whatever key and with whatever value. But they could also create predefined settings which they could choose as well.

Preview of the datalist in action, select the slug value from the list

Above gif explains it well enough. They could enter any value in the field, but they choose the, predefined, slug key.

When you see this, you might opt for a JavaScript library, like the good-old selectize.js or the newer, and more light-weight, tom-select (and there are many more!). While those certainly have their use-case, in this case I think I can get away with something simpler (at least in the early stage as this product is at).

Enter: datalist. As you can see from the link, support…

justin․searls․co - Digest 

📸 Orlando, I love you 🎶

Seeing Book of Mormon in Orlando was as fun as I hoped. Cast hammed up the half dozen Orlando references from the show and crowd went nuts.

Have to imagine it plays a little differently in SLC.

Rails Designer 

Tailwind CSS Patterns

A few weeks ago I created the first layout for Rails Designer. I want them to be as lightweight as possible and easy to copy into your app. But also make them visually interesting.

As a result I explored a way to add background patterns using only CSS. To my surprise they could also be fully written with Tailwind CSS! Awesome! 🤩

To help and inspire you, I continued creating various other patterns that are now in one neat collection.

Enjoy these Tailwind CSS patterns! ✌️

Ruby News 

CVE-2024-49761: ReDoS vulnerability in REXML

There is a ReDoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-49761. We strongly recommend upgrading the REXML gem.

This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03.

Details

When parsing an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;).

Please update REXML gem to version 3.3.9 or later.

Affected versions

  • REXML gem 3.3.8 or prior with Ruby 3.1 or prior

Credits

Thanks to manun for discovering this issue.

History

  • Originally published at 2024-10-28 03:00:00 (UTC)

Posted by kou on 28 Oct 2024

Hotwire Weekly 

Week 43 - Turbo Broadcasting without Redis, Web Push from Rails, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Broadcast Turbo Streams without Redis - The article on Rails Designer explains how to broadcast Turbo Streams in a Rails app without using Redis. It discusses alternative setups like the async adapter for development and the PostgreSQL adapter for production, which leverages the NOTIFY command for updates. The guide also introduces Solid Cable, a new option that stores broadcast payloads in the database, making deployment simpler by reducing dependencies.

How do Turbo Streams Work (behind the scenes) - The article by Rails Designer explains how Turbo Streams work…

Julia Evans 

Using less memory to look up IP addresses in Mess With DNS

I’ve been having problems for the last 3 years or so where Mess With DNS periodically runs out of memory and gets OOM killed.

This hasn’t been a big priority for me: usually it just goes down for a few minutes while it restarts, and it only happens once a day at most, so I’ve just been ignoring. But last week it started actually causing a problem so I decided to look into it.

This was kind of winding road where I learned a lot so here’s a table of contents:

there’s about…

Ruby Rogues 

Architectures and Microservices with Darren Broemmer - RUBY 657

Darren Broemmer joins the Rogues to discuss how Ruby on Rails enables a microservices architecture and when it's appropriate to approach your system's architecture with microservices. Chuck and Dave lend their experience and expertise in pointing out some of the challenges with microservices and the power of Rails in enabling the Majestic Monolith. Tradeoffs are discussed and approaches are considered for when parts of an application may make a good candidate for microservices.


Links

Picks


Beco…
Posts 

10 Years of HexaPDF

I have been implementing HexaPDF for the last 10 years now and just released version 1.0.0. It all started due to missing features in an existing library (like with kramdown and so many other things) and an odd desire to implement a largish specification from scratch. Little did I know what that would entail…

The Beginnings (around September 2013)

It all started when I was creating a website where I wanted to output PDFs next to HTML from the source kramdown document. At that time the only meaningful way to create PDFs was to use the fantastic Prawn library. Luckily someone (me) had written a kramdown converter based on Prawn for creating PDFs from kramdown sources.

While this worked…

justin․searls․co - Digest 

📸 5 Star Very Good Podcast No Biases Detected

TFW you notice the only written review for your podcast is from your wife.

Alexandre's Blog 

Perfecting Your Rails Form: Atribute Accessors

In this first part of a series diving into Rails forms, let's explore Rails conventions used to bridge object accessors with forms.
justin․searls․co - Digest 

📸 Announcing fuckthis.app - Software products for exasperated people

Something has been stuck in my craw for several years/decades and I'm finally ready to do something about it.

Most software companies start from a place of, "let's make a simple useful thing and charge a fair price for it." And everything goes great for about fifteen minutes before they eventually concede all that simplicity and utility in order to establish additional revenue streams, or achieve planet-wide scale, or return an obscene multiple to their investors.

And who suffers when that happens? We do.

My favorite example is expense-tracking software. The Earth used to be populated with a diverse array of straightforward, easy-to-use apps that could ingest receipts, pretend a bunch of so…

Saeloun Blog 

Rails 7.1 Adds after_discard Method To ActiveJob For Discarded Jobs.

ActiveJob is used to enqueue and run the tasks in the background. But a job can fail because of many reasons.

Before

To manage job failures, ActiveJob provides methods like retry_on to reschedule job for re-execution and discard_on to discard the job with no attempts to retry , if the exception is raised.

While these methods provide a way to handle errors and retries, ActiveJob does not provide any method to excute custom logic to handle job failures or to perform cleanup actions after a job is discarded.

class MyJob < ApplicationJob
  discard_on StandardError

  def perform
    raise StandardError, "An error occurred"
  end
end

After

Rails 7.1 adds after_discard method to…

SINAPTIA 

This week in #devs - Issue #3

Our #devs channel is a cross-project, shared space where the entire dev team of SINAPTIA can ask questions, share opinions, and discuss interesting articles or tech they come across. The idea is to post a curated extract of what happens there every week.

Speeding up data migrations

At Rightboat, the team is working on a data migration process that is slow because it requires restoring a database dump from production, running the migration, and verifying if everything went correctly. If something goes wrong, they need to fix the issue and start over. On Fernando’s laptop, restoring a database dump takes more than an hour, making the entire restore-run-verify cycle extremely time-consuming.

Remote Ruby 

Seth Tucker on Amber Framework and AI

In this episode of Remote Ruby, Chris, Jason, and guest Seth Tucker dive deep into discussions about tech, programming, and AI developments. They explore topics like managing complex software systems, the challenges and benefits of using AI to enhance productivity, and reflections on legacy systems. Seth also shares insights on the open-source Amber Framework, his work on AI projects, an app he created called llamero, and some thoughts on the evolution of programming. You’ll also hear some personal stories that include woodworking, old tools, and even Costco hotdogs. Hit download now to hear more!

Seth Tucker on GitHub
Llamero

Honeybadger
Honeybadger is an application health monitoring tool…
Ruby on Rails 

Active Job config `enqueue_after_transaction_commit` has been deprecated

Hi, it’s zzak. Let’s explore this week’s changes in the Rails codebase.

Deprecate setting the behavior of deferring job queueing until after commit
The active_job.enqueue_after_transaction_commit setting has been deprecated. This behavior is not intended to be changed globally, but on a per-job basis.

Add support for using Kamal inside of the generated devcontainer
Just like the title implies, you can now use Kamal when running Rails in the devcontainer.

Fix enum labels to accept keyword arguments
Now you can define enums without the extra brackets using keyword arguments.

# Before
enum :status, { default: 0, scopes: 1, prefix: 2, suffix: 3 }

# After
enum :status, default: 0, scopes: 1,

Allow renaming enums to accept two from/to positional arguments similar to…

Josh Software 

SSO Implementation Using ReactJS & Golang For Google

What is Single Sign-On (SSO)? Single Sign-On (SSO) is a user authentication process allowing individuals to access multiple applications with a single login credentials. Instead of remembering different usernames and passwords for each app or service, users sign in once and can access all connected systems without re-entering their credentials. Here’s an easy way to … Continue reading SSO Implementation Using ReactJS & Golang For Google
Awesome Ruby Newsletter 

💎 Issue 440 - `hide_const`, the RSpec helper that I had never used before

AkitaOnRails.com 

Meus Teclados Modernos Favoritos

Pra quem acompanhou meu canal no YouTube, deve ter visto a trilogia de videos onde contei a história por trás de teclados, desmistifiquei os teclados mecânicos, os diversos componentes, modelos mais populares da época. E hoje estou de volta pra terminar falando dos meus teclados modernos mais interessantes e qual eu realmente uso todo dia.

Se não assistiu, recomendo que assista a trilogia de videos depois:

Primeiro Aviso: antes que os chatos comentem. Sim, teclados mecânicos são caros. MUITO CAROS. Sim, dá pra escrever livros inteiros num…

Planet Argon Blog 

Rails World 2024: Shaping the Future of Ruby on Rails

Rails World 2024: Shaping the Future of Ruby on Rails

Our Software Developer, Will Weber, reflects on Rails World 2024—Rails 8 insights, AI breakthroughs, and the power of the Ruby on Rails community.

Continue Reading

RubySec 

CVE-2024-48652 (camaleon_cms): camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
Rails Designer 

Broadcast Turbo Streams without Redis

When the Hotwire suite of tools was introduced, one of the most exciting features was broadcasting pieces of HTML over websockets. This was done using a custom-element named <turbo-stream>. Whenever something was changed in the back-end, you could fire off a broadcast with the Turbo Frame element. Check out this article, if you want to know how Turbo Streams work behind the scenes.

You see in development, you already could get away with not using Redis with the async adapter. The way that works is it broadcasts in the same process as where the (Rails) server is running. This means if you, in the Rails console, make updates to any model that has broadcasts set up, broadcasts wouldn’t get…

Notes to self 

Understanding Kamal proxy roles

Kamal’s configuration comes with one primary proxy role to accept HTTP traffic. Here’s how to think about proxy roles and how to configure others.

Kamal roles

Roles are a Kamal way to split application containers by their assigned role. A web role runs the application server, a job role runs a job queue, and an api role might run API. They all run the same Docker image but can started with a different command:

# config/deploy.yml
...
servers:
  web:
    hosts:
      - 161.232.112.197
  job:
    hosts:
      - 161.232.112.197
    cmd: bin/jobs

A web role is special role since it’s a primary role that also runs Docker Proxy:

# config/deploy.yml
...
servers:
  web:
    hosts:
      - 161…
Ryan Bigg's Blog 

Ruby Retreat 2024

This weekend was Ruby Retreat (a re-branded Rails Camp) where we gathered 60 people from Australia and New Zealand at a camp ground in Warrnambool, the town where I live. Ruby Retreat is an un-conference event where Rubyists of all skill levels come together to hang out from a Friday night until a Monday morning. There may have even been some non-Rubyists there too. We provided catering and beds, they provided the activities.

The idea for this event came out of a Ruby Australia conference earlier in the year when a group of Ruby friends pulled me aside and said “we should have a camp again!”. We’ve had about 27 of these in the past, with them dating back to 2007. Covid threw a spanner in…

Evil Martians 

11 HTML best practices for login & sign-up forms

Author: Andrey Sitnik, Author of PostCSS and Autoprefixer, Principal Frontend EngineerTopics: Frontend, Accessibility, CSS, JavaScript

Even popular sites fail to implement the 11 best practices mentioned in this article, and thus have at least one mistake. Use this checklist on your next pull request review that deals with any form.

Most websites have login or sign-up forms; they’re a critical part of business conversion. However, even popular sites fail to implement the 11 best practices mentioned in this article, and thus have at least one mistake. So, read on, then check your forms and improve your UX by using HTML technologies the way they should be used.

Ruby on Rails 

Rails Versions 6.1.7.10, 7.0.8.6, 7.1.4.2, and 7.2.1.2 have been released!

Hello again!

Rails Versions 6.1.7.10, 7.0.8.6, 7.1.4.2, and 7.2.1.2 have been released!

These address a single bug in last week’s security releases in the block_format helper.

Compared to last week’s releases (6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1) there are no additional security fixes or implications to these fixed release so please feel free to upgrade when it’s convenient. We’re making this fixed release to ensure everyone can confidently upgrade to a patched version.

Once again the upcoming 8.0.0 series including beta and release candidate are not affected.

Thanks!

SHA-256

If you’d like to verify that your gems are the same as the ones we’ve uploaded, please use these SHA-256…

Ruby Central 

Ruby Central Joins Eclipse Foundation Working Group for Open Source Security & Compliance

We’re excited to announce that Ruby Central has become a member of the Eclipse Foundation's newly launched Open Regulatory Compliance (ORC) Working Group. This membership gives us a voice at a critical time as the open source community faces increasing regulatory pressures, particularly with the European Cyber Resilience Act.

What is the Eclipse Foundation?

The Eclipse Foundation is one of the largest independent nonprofit organizations focused on open source software development. With over 385 members, it provides a platform for software developers, innovators, and businesses worldwide to collaborate on open source projects that drive innovation across various industries.

The Eclipse…

Dhaval Singh's Blog 

Murphy's Law: Startup Version

Being a founding engineer has been a wild ride. I have learnt a lot over the last year and a lot of generic advice/quotes seem to make sense, one way or the other. But one stands out, ie: Murphys Law.

According to wikipedia:

Though similar statements and concepts have been made over the course of history, the law itself was coined by, and is named after, American aerospace engineer Edward A. Murphy Jr.; its exact origins are debated, but it is generally agreed it originated from Murphy and his team following a mishap during rocket sled tests some time between 1948 and 1949, and was finalized and first popularized by testing project head John Stapp during a later press conference.

Murphy's…

Felipe Vogel 

A Rubyist learns Haskell, part 3

I’m giving up on Haskell, and I’m 0% sad about it (OK, maybe 5% sad because of wounded pride) because I’ve found something a lot more to my liking: Roc.

… but don’t worry, you won’t be seeing a “Learning Roc” series anytime soon on this blog. I’m going to get back to writing about Ruby and web development, and put my explorations of functional programming on hold.

Why did I want to learn functional programming, anyway?

A couple years ago I posted half-baked thoughts on OOP vs. services for organizing business…

The Ruby on Rails Podcast 

Episode 526: Rails World with Robby Russell

Nick and I recorded an episode at Rails World with Robby Russell. This is a test of new format we're running where we discuss Rails News. Robby joins us to talk about the Rails Developer Survey that ran this summer. WE also chat about all the new things announced at Rails World.

Sponsors
Thanks to Buzzsprout for sponsoring our Rails World coverage and providing a sound booth to record from. They've helped over 400,000 podcasters launch their shows since 2009, so they've seen it all. Buzzsprout's tools, step-by-step guides, and remarkable customer support will make it easy to get your podcast out to the world.

Check out Buzzsprout today at https://www.buzzsprout.com/

justin․searls․co - Digest 

🔗 AT&T Offering Free 30-day Trial via eSIM

Get 100GB of data (and 25GB tethering) by adding this as your iPhone's second eSIM:

New customers can follow these easy steps to dive in:

  • Mobile: Download the myAT&T app to get started
  • Desktop: Visit att.com/freetrial, use the QR code or click the link to get started
  • Get set up in minutes: Click “start your trial” in the app, confirm your current phone compatibility, and sign up. No credit card no commitments to get started.
  • See the difference: Experience the AT&T network free for up to 30 days with no strings attached — switch or stop your trial anytime.

When iPhone went dual-eSIM in the US, I expected a lot more of this from carriers, so it's good to see it now. I'm not clamoring to…

Saeloun Blog 

Rails 7.1 Allows Subscribing To ActiveRecord Transaction Events For Instrumentation.

ActiveRecord transactions allow us to ensure that a series of database operations are executed together as a single unit. If any operation within the transaction fails, the entire transaction is rolled back, maintaining the integrity of our database.

The ActiveSupport instrumentation API provides hooks so that we can subscribe to notifications whenever specific events take place within our application.

Use ActiveSupport::Notifications.subscribe with a block to listen to for notifications. Depending on the amount of arguments the block takes, we will receive different data. The block can take different numbers of arguments, we will receive different data depending on how we define it.

Bef…

Rails Designer 

New: Rails Development Tool

Over the past 10+ years I have built quite a few web apps using Ruby on Rails. One of the tools I’ve copied over and over again was one that let me:

  • fill forms, like log in forms with some predefined details
  • toggle the console for a quick lookup or to fire a Turbo Stream Broadcast
  • highlight all Turbo Frames and Stimulus Controllers
  • copy the actual resource’s id (ie. the primary key, instead of using the public-facing id)

Preview of the Spinal Builder app highlighting the Stimulus Controllers

The initial version was pretty simple, but over the years I’ve changed it a bit. It is built using a plain Rails helper and Stimulus (based on the @github/hotkey package, similar to Rails Designers’ GlobalHotkeyComponent.

Now I can type:

  • d f; fill fields…
Nithin Bekal 

Rails 8 authentication generator

Rails 8 has introduced a generator for adding basic authentication code to Rails apps. This builds upon the authentication primitives like has_secure_password that were introduced in previous versions of Rails. Last week, I decided to create a new Rails app and try out this new generator.

Running the generator

The first step to add authentication to your app is to run the generator:

bin/rails generate authentication

If you’re used to another Rails authentication generator, like authentication-zero, you’ll notice that there are no bells and whistles here. Just a single generator command, with no additional options.

The generated code

If you want to understand this code, the best place…

Rails at Scale 

Next Generation Out of Band Garbage Collection

In 2023, I wrote about how we’ve tuned Ruby’s garbage collector for Shopify’s monolith, including how we implemented out-of-band garbage collection to reduce the impact of major collection on latency.

While the latency improvements were massive, we weren’t entirely satisfied with the heuristics used to trigger out-of-band garbage collection. It was purely based on averages, so we had to trade latency for capacity. More importantly, it didn’t fully eliminate major collection from request cycles, it only made it very rare.

But in December 2023, while discussing with Koichi Sasada, we came up with a new idea.

Disabling Major GC Entirely

If we want major GC to never trigger during a request…

Ruby Central 

Announcing Ruby Central's Partnership with Fastly: Enhancing Performance & Stability for Open Source Tools

Ruby Central is thrilled to announce our partnership with Fastly, a leader in edge cloud services, to boost the speed, security, and stability of Ruby’s open source infrastructure. 

Fastly has committed over half a million dollars in in-kind services to Ruby Central over the next five years. This support will be crucial for projects like RubyGems and Bundler, ensuring they continue to perform at their highest level as the Ruby ecosystem grows.

What is Fastly?

Fastly provides an edge cloud platform that makes things happen instantly, anywhere across the internet. It is best known for getting content to many millions of users every day and making many of your favorite sites and apps speedy,…

Blog by Abhay Nikam 

Best Practices for Efficient Pull Request Reviews

Problem Statement

If you work in a large organization, you might have faced this problem. The backlog of pull requests (PRs) pending review keeps increasing. This can lead to delays in shipping features, fixes, and improvements. This also means that valuable changes are stalled, and contributors may lose momentum or motivation to drive those PRs to completion.

In this blog, we will discuss some of the best practices that can help you reduce the number of pending pull requests, improve the efficiency of reviews, and ensure that changes are consistently delivered with high quality.

Following are some of the best practices that you can implement:

1. PR Ownership

The responsibility for moving a…

Dhaval Singh's Blog 

Experiments with gpt-4o vision and architecture diagrams

I was playing around with 4os vision capability, especially for extracting complex technical architecture diagrams and here is how i did it. Its a bit too early for conclusion on what works and what doesnt. More on that in later posts.

What do we want out of this?

I am basically trying to find an optimal setting for LLMs to be able to read technical architecture diagrams correctly and consistently.

Setting up eval

There is almost no point in experimenting with LLMs if you dont have any kind of eval setup. Even the most rudimentry, basic stuff will work. But you need something.

I have always been meaning to try out Promptfoos eval library, as it has been made with a very similar thought process…

Evil Martians 

Growing pains and a dose of Go: real-time features for this Rails app

Authors: Victoria Melnikova, Head of New Business, and Travis Turner, Tech EditorTopics: Business, Go, Ruby on Rails

We helped Doximity, an online platform for medical professionals get maximum productivity for user calls. That involved keeping their investment in Rails but adding the real-time performance benefits of Go.

The very real challenge: doctors losing valuable time to automated systems while trying to reach colleagues or pharmacies. In this post, we explore how we leveraged Go for real-time processing in a Ruby on Rails monolith—with the help of the Martian-built AnyCable!

BigBinary Blog 

Building and publishing an Electron application using electron-builder

Building, packaging and publishing an app with the default Electron npm packagescan be quite challenging. It involves multiple packages and offers limitedcustomization. Additionally, setting up auto-updates requires significantadditional effort, often involving separate tools or services.

electron-builder is a complete solution forbuilding, packaging and distributing Electronapplications for macOS, Windows and Linux. It is a highly configurablealternative to the default Electron packaging process and supports auto-updateout of the box.

In this blog, we look into how we can build, package and distribute Electronapplications using electron-builder.

Electron processes

Electron has two types of…

RubyGems Blog 

September 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in September.

RubyGems News

In September, we released RubyGems 3.5.19 and 3.5.20 along with Bundler 2.5.19 and 2.5.20. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements include the removal of temporary .lock files unintentionally left behind by the gem installer, the rejection of unknown platforms when running bundle lock --add-platform, and a performance fix that addresses…

Some other important accomplishments from the…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 110

Stay updated on Ruby with launches like Ruby Static Pro, events like RubyConf, and the first RC of Rails 8.0.0. Explore new Ruby gems, tools, and insightful code samples in our latest newsletter.
RubyMine : Intelligent Ruby and Rails IDE | The JetBrains Blog 

Bridging the Gap Between the Classic and New UIs

Any significant update to the UI and UX of a professional tool is likely to pose challenges for its users. We recognize that the new UI of JetBrains IDEs represents a major change and understand how unsettling it can be when the software you rely on for productivity is significantly reworked. However, in order for us to evolve and innovate in line with global trends and emerging insights, change is essential.

In this post, we will tell you more about the motivation behind the new UI and how it was developed. We’ll also provide some useful tips for configuring it if you are used to the classic one.

Evolution of the UI and UX

In version 2024.2, the new UI became the default in…

Planet Argon Blog 

Top 10 Tech Podcasts in 2024 as Chosen by the Rails Community

Top 10 Tech Podcasts in 2024 as Chosen by the Rails Community

Get your headphones ready! Here are the top 10 tech podcasts of 2024, chosen by the Ruby on Rails community, featuring insights from developers, industry leaders, and entrepreneurs.

Continue Reading

Saeloun Blog 

Rails 7.1 Adds Adapter Option To Disallow Foreign Keys.

In Rails, adapters allow us to connect to different databases, while foreign keys are constraints that ensure the values in one table match valid records in another table. This helps to maintain data integrity.

If there is a need to disallow foreign keys temporarily, such as during data imports, we have to write migrations to drop foreign keys from each table individually.

This process is cumbersome and time consuming, especially in applications with multiple tables and relationships.

Before

We need to manually create migrations to drop foreign keys for each table, making it a labor-intensive task.

Once data import completes, we have to write additional migrations to re-add the…

justin․searls․co - Digest 

📸 Extremely Legitimate State Government Guy Here Totally Not A Scam Reply STOP to Block

One of the most bizarre and frustrating things about life in Florida is that the state government has decided to eschew official .gov domains in favor of a random smattering of .com domains, for seemingly no other reason than appearing pro-business. Or maybe anti-government? Regardless, it definitely doesn't make it easier to help constituents avoid scams.

Here's what I had to do to figure out whether this text was legitimate::

  1. Go to fl.gov which redirects to www.myflorida.com
  2. Click to see the list of state agencies, which takes you back to dos.fl.gov and lists the Department of Financial Services' homepage as www.myfloridacfo.com
  3. That homepage indicates Florida really has a "Chief…
Rails Designer 

How do Turbo Streams Work (behind the scenes)

Turbo Streams allows you to update specific parts of your app upon a web request (controller action), referred to as just Turbo Streams. Or as a Turbo Stream Broadcasts when fired by your back end (on model create, update or destroy or manually from any object) over websockets, typically through ActionCable.

While the source is different, the response (HTML) for both are the same. I want to quickly explain how Turbo Streams work, so you understand that there is, just like with Rails, no magic involved 🎩🐰. Just Plain Old JavaScript!

To broadcast a Turbo Stream you do something like this:

class Resource < ApplicationRecord
  after_create_commit -> { broadcast_append_to "resources" }
end

Notes to self 

A closer look at Rails force_ssl and assume_ssl

Rails comes with a built-in support for SSL in form of config.force_ssl. But what does it exactly do?

SSL middleware

The force_ssl directive adds the ActionDispatch::SSL middleware layer which is a Rack middleware for HTTPS requests:

# rails/railties/lib/rails/application/default_middleware_stack.rb
...
      def build_stack
        ActionDispatch::MiddlewareStack.new.tap do |middleware|
          if config.force_ssl
            middleware.use ::ActionDispatch::SSL, config.ssl_options
          end
...

This middleware does two main things:

  • SSL/TLS redirect: Redirecting http requests to https with the same URL host and path. Both from the Rails server and the browser by…

  • Secur…

GoRails Screencasts 

How to Configure Multiple Databases with Rails

Rails 8 now ships with multiple databases by default. In this lesson, we'll learn how the configuration works and how to deploy to production with environment variables
zverok's space 

There is no such thing as a global method (in Ruby)

What Ruby’s top-level methods actually are, who they belong to and how they are namespaced.

A few days ago, a curious question was asked on /r/ruby, which can be boiled down to this: How are the methods of the Kernel module available in the top-level scope?

The question was dedicated to rand method, but (as the author correctly suggests) it also applies to many seemingly “top-level” methods documented as belonging to the Kernel module, even as base as puts (print a string), require (load code from another file), or raise (an exception).

We know that in Ruby, all methods belong to some objects and are defined in their classes or modules. The documentation suggests that all of those…

justin․searls․co - Digest 

📸 This version's pun segment goes places

Aaron's reaction to my reading and ranking of his pun submission for the latest version of the Breaking Change podcast

justin․searls․co - Digest 

🎙️ Breaking Change podcast v22 - Coming to VHS

Direct link to podcast audio file

Welcome to this podcast which, by now, you have probably decided you either listen to or don't listen to! And if you don't listen to it, one wonders why you are reading this.

Remember to write in at podcast@searls.co with suggestions for news stories and whatever you'd like me to talk about. Please keep it PG-rated or NC-17 rated. I want nothing in between.

Family-friendly and/or sexually explicit links follow:

Island94.org 

A mostly technical reflection on Disaster Relief Assistance for Immigrants

“Meteors are not needed less than mountains”
— Robinson Jeffers, “Shine, Perishing Republic”

I recently kicked off a new outside project to build on my experience building GetCalFresh, a digital welfare assister that’s helped millions of Californian’s successfully apply for billions of dollars of food assistance from CalFresh/SNAP. While going through my contemporaneous notes from that time, I realized I had never written about another project I was deeply involved with: Disaster Relief Assistance for Immigrants (DRAI) during the COVID-19 pandemic.

Code for America published a little bit about DRAI in “Dismantling the Invisible Wall”:

DRAI was a modest but crucial lifeline for…

Hotwire Weekly 

Week 42 - Changing CSS on Scroll, Dynamic Form Fields, Web Push, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Thank you for the feedback in the 1-year anniversay edition last week! I'm trying to incorporate the feedback into the next editions! Thank you!

Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Changing CSS as You Scroll with Stimulus - Rails Designer's article explains how to change CSS based on scroll events using a Stimulus controller. The guide demonstrates how to add or remove CSS classes dynamically as specific elements interact with one another during scrolling.

Announcing JavaScript for Rails Developers - The article on Rails Designer introduces the "JavaScript for Rails" book, a guide tailored for Rails…

Ruby Rogues 

Practical Observability: Logging, Tracing, and Metrics for Better Debugging - RUBY 656

 Today, they dive deep into the world of observability in programming, particularly within Rails applications, with special guest, John Gallagher. Valentino openly shares his struggles with engineering challenges and the frustration of recurring issues in his company's customer account app. They explore a five-step process Valentino has developed to tackle these problems and emphasize the critical role of defining use cases and focusing on relevant data for effective observability.
In this episode, they talk about the emotional journey of dealing with bugs, the importance of capturing every event within an app, and why metrics, logs, and tracing each play a unique role in debugging. They…
Write Software, Well 

A Brief Introduction to Rails Initializers: Why, What, and How

A Brief Introduction to Rails Initializers: Why, What, and How

Initializers are an important concept in Rails, but I couldn't find much information about them online, other than the official Rails guides. Recently, I did a deep dive into the Rails initialization process, and what follows is everything I learned about initializers.

What we'll learn:

By the end of the article, I hope you'll have a much better understanding of initializers and an appreciation of all the things that Rails does behind the scenes to not only make it work, but also make it look like magic!

Let's begin...

What are Initializers?

An initializer is simply a piece of Ruby…

Ruby Central 

Why Ruby Central Supports the Open Source Pledge

Why Ruby Central Supports the Open Source Pledge

Ruby Central is proud to announce our support of the Open Source Pledge, spearheaded by our OSS sponsor Sentry, which asks companies to pay open source maintainers fairly and make the open source ecosystem more sustainable.  

As a member company, Ruby Central has committed to paying for the use of open source software (directly or through a funding organization) and compensating maintainers for the important work they do. 

We join many of the most prominent open source organizations across the world in supporting the Pledge, which reflects our deeply felt values and our commitment to maintainers and Rubyists who rely on our open source work (such as RubyGems and Bundler).

As businesses and…

Ruby on Rails 

New Maintenance policy, CVE releases, Rails World talks and more!

Hey everyone, Happy Friday!

Vipul here with the latest updates for This Week in Rails. Let’s dive in!

Rails World talks are out!
Check out the recap of these talks in this blog post, or head over to Rails’ YouTube for the full playlist.

New Rails maintenance policy and end of maintenance announcements
These changes are designed to provide clarity on support timelines and help to plan Rails upgrades effectively. Full details of the new policy can be found on the Rails website.

Rails Versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1 have been released!
These are security patches addressing 4 possible ReDoS (Regular expression Denial of Service) attacks. All of these only affect Ruby…

Shopify Engineering - Shopify Engineering 

How Shopify improved consumer search intent with real-time ML