Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Ruby Central 

Ruby Central's OSS Changelog: July 2025

Ruby Central's OSS Changelog: July 2025

Hello, and welcome to the July newsletter. Read on for announcements about our Open Source Program and a report of the OSS work we’ve done over the past month!

As mentioned in our previous newsletters, we will now be sending out separate updates for the Open Source Program and general Ruby Central organization and community news.

You can expect our general Ruby Central newsletter (the Ruby Central README) in your inbox later this month.

Open Source Program Announcements

Ruby Central at Open Source Summit North America

At Open Source Summit North America, our lead security engineer, Samuel Giddins, continued discussions on supply chain security and creating a binary transparency scheme that will…

Ruby on Rails: Compress the complexity of modern web apps 

A new touch option, accessing the editor from the error page and better migration logs

Hi, it’s Claudio Baccigalupo. So many great changes to the Rails codebase this week. Let’s check them out.

Add touch option to update_column(s)
Particularly useful for ETL processes that rely on the updated_at timestamps instead of copying the whole table. Previously, to keep timestamps current, the touch method had to be called after using update_column.

Add support to open files in the code editor from the crash page
All the most common editors are supported, from Atom to Zed.

Fix errors when query string keys have invalid encoding
Bots hitting your Rails app with malformed requests could generate noisy 500 Server Errors. After this PR the requests won’t be reported as an app exception.

Remote Ruby 

Ruby Podcast Panel at RailsConf 2025

In this special episode of Remote Ruby, ‘AI Andrew’ introduces a panel discussion recorded at RailsConf in Philadelphia. Hosted by David Hill (Ode to Rails Conf, Ruby Gems Podcast), the panel features Drew Bragg (Code and the Coding Coders who Code it), Stephanie Minn (The Bike Shed), and Chris Oliver (Remote Ruby), who take the stage to share their experiences, insights, and memories from the Ruby and Rails community. They discuss how to improve social interactions at conferences, the pros and cons of having podcast guests, how to attract new programmers to Ruby and Rails, and their favorite RailsConf memories. The panel also dives into valuable tips for creating compelling podcast content…

Awesome Ruby Newsletter 

💎 Issue 478 - Hanami and the elephant in the room

JRuby.org News 

JRuby 10.0.1.0 Released

The JRuby community is pleased to announce the release of JRuby 10.0.1.0.

JRuby 10.0.1.x targets Ruby 3.4 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! @PChambino, @kares, @Earlopain

Compatibility

Libraries

  • The net-imap library is updated from 0.5.4 to 0.5.8 (#8826, #8828)

62 Issues and PRs resolved for 10.0.1.0

Ruby Weekly 

It's time to get ready for Bundler v4

#​759 — July 17, 2025

Read on the Web

Ruby Weekly

How I Spent Months Solving Ruby's Most Annoying Gem Installation Problem — If you’ve sat waiting for bundle install to finish for ages, you’ll have felt Maciej's pain. He set out to see why his gem (rdkafka) took so long to install and if it’s possible to improve: the answer is yes, he took it from taking sixty seconds to install to just three! One for all the gem maintainers!

Maciej Mensfeld

Ruby 3.4.5 Released — A scheduled maintenance update that includes bug fixes and adds GCC 15 support. The next release, 3.4.6, is due in September.

Takashi…

Rails Designer 

Rails Designers: private community for Rails UI Engineers

Over the period that I ran Rails Designer, and many years before that, I have been in touch with many other Rails UI engineers or product designers. Initially through my SaaS businesses where I got questions on how I tackled certain UI issues in the Rails/Hotwire way, and later through the Rails Designer work (components, articles and UI consultancy).

These conversations were all (short), siloed conversations, that often could also helped other UI engineers. Also with AI (LLM) rising, many functionalities and features are often one prompt away. But it often is still lacking in best practices, clean, nicely written code and general good taste.

AI is lacking best practices, clean written…

Closer to Code 

The 60-Second Wait: How I Spent Months Solving the Ruby’s Most Annoying Gem Installation Problem

Notice: While native extensions for rdkafka have been extensively tested and are no longer experimental, they may not work in all environments or configurations. If you find any issues with the precompiled extensions, please report them immediately and they will be resolved.

Every Ruby developer knows this excruciating feeling: you're setting up a project, running bundle install, and then... you wait. And wait. And wait some more as rdkafka compiles for what feels like eternity. Sixty to ninety seconds of pure frustration, staring at a seemingly frozen terminal that gives no indication of progress while your coffee is getting cold.

I've been there countless times. As the maintainer of the …

Bundler Blog 

Bundler v2.7: last release before Bundler 4

A major release of Bundler is finally happening, consolidating unreleased major changes that had been pending for a decade. It will be named Bundler 4 (skipping Bundler 3), so that we can release it in lockstep with RubyGems 4, making the version number of Bundler & RubyGems in sync from now on.

Final Bundler 4 release will happen at the end of 2025, but for now we’re presenting Bundler 2.7 as the last big step towards this major release.

Bundler 2.7 features a simulate_version configuration that will allow users to configure Bundler to behave exactly as Bundler 4 will behave, with all major breaking changes enabled by default. We encourage all users to enable this setting, experiment…

justin․searls․co - Digest 

📸 Invoice for my first Mac (2004)

Thanks to a bug in Apple Mail, my Gmail archive likes to revert to sort by ascending date every now and then. Today, I scanned through some of those early emails and stumbled upon this incredible artifact: the e-mail invoice from Apple.com for my first Mac. It was a build-to-order 12" iBook G4 in July 2004.

Besides being set in such carefully-coifed monospace plaintext, the invoice provides an almost hilarious level of detail and verbiage by today's standards. Also, it never gets old to marvel at how much computers have depreciated over time. A whopping $1,362.00 for a mid-tier build of Apple's smallest, cheapest laptop in 2004. That's $2,317.82 in 2025 dollars after inflation. Today,…

Island94.org 

How to customize Rails I18n key suffixes like `_md` for Markdown

If you’ve had reason to use internationalization in Rails on Rails, you’ve probably used a nifty feature of it:

Keys with a _html suffix… are marked as HTML safe. When you use them in views the HTML will not be escaped.

Authoring HTML within translations can be a pain because HTML is quite verbose and easy to mess up when maintaining multiple versions of the same phrase, or paragraph, or page across multiple languages.

It would be nice 💅 to have something like this:

Keys with a _md suffix can be authored in Markdown and will be automatically converted to HTML and marked as HTML safe.

Markdown is a lot less verbose than HTML and easier to write and eyeball.…

RubySec 

GHSA-29g5-m8v7-v564 (measured): Measured is vulnerable to Path Traversal attacks during class initialization

### Impact A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the `Measured::Cache::Json class` would be able to instruct the library to read arbitrary files. ### Patches Users should update to the latest version.
SINAPTIA 

Ruby Argentina July meetup

On July 15th, 2025, the Argentina Ruby community gathered for another fantastic meetup in Buenos Aires. The event was sponsored by several companies, including SINAPTIA, LeWagon, Rootstrap, OmbuLabs, and Crunchloop, who also hosted the event at their office space.

The evening began with two compelling talks that explored various aspects of Ruby development.

Tree structures in Rails

First up, we heard from Patricio Mac Adden of SINAPTIA, who presented “Tree Structures in Rails”. Patricio shared a real-world problem he encountered while working on SolidTelemetry, a database-backed OpenTelemetry solution for Rails. He walked us through the initial challenges, exploring various existing…

Planet Argon Blog 

Solving Docker Compatibility Issues with Kamal and Ruby 2.2.2

Solving Docker Compatibility Issues with Kamal and Ruby 2.2.2

What happens when modern deployment tools meet legacy Ruby code? Here's a look at the real-world compatibility obstacles and solutions we found while deploying an app with Kamal.

Continue Reading

Ruby Rogues 

Indexing the Ruby World with RubyEvents.org - RUBY 677

Hey everyone, Charles Max Wood here! It’s great to be back behind the mic with Ayush Nawatia for another episode of Ruby Rogues. This time, we’re diving into the fascinating world of Ruby community resources with two amazing guests: Adrien Poly and Marco Roth. They’re the creators behind RubyEvents.org, an ambitious project that’s aiming to centralize and modernize access to Ruby-related videos, conferences, meetups, and more.

In this episode, we explore the vision and evolution of RubyEvents.org—originally RubyVideo.dev—and how it’s grown into a hub for the Ruby community. We discuss the technical stack (think SQLite, Tailwind, Vite, and Hotwire), how they’re leveraging LLMs to auto-tag…
ruby – Bibliographic Wilderness 

Whisper-generated transcripts used in presentation of archival video

Here at the Science History Institute, we have a fairly small, but growing, body of video/film in our Digital Collections, at present just over 100 items, around 70 hours total.

We wanted to add transcripts/captions to these videos, for accessibility to those who are hearing impaired, for searchability of video transcript content, and for general usability. We do not have the resources to do any manual transcription or even really Quality Assurance, but we decided that OpenAI whisper automated transcription software was of sufficient quality to be useful.

We have implemented whisper-produced transcriptions. We use them for on-screen text track captions; for an accompanying…

justin․searls․co - Digest 

📄 TLDR is the best test runner for Claude Code

A couple years ago, Aaron and I had an idea for a satirical test runner that enforced fast feedback by giving up on running your tests after 1.8 seconds. It's called TLDR.

I kept pulling on the thread until TLDR could stand as a viable non-satirical test runner and a legitimate Minitest alternative. Its 1.0 release sported a robust CLI, configurable (and disable-able) timeouts, and a compatibility mode that makes TLDR a drop-in replacement for Minitest in most projects.

Anyway, as I got started working with Claude Code and learned about how hooks work, I realized that a test runner with a built-in concept of a timeout was suddenly a very appealing proposition. To make TLDR a great companion…

Ruby Magic by AppSignal 

Advanced JIT compilers for Ruby: TruffleRuby and JRuby

In this post, we'll explore two advanced JIT compilers for Ruby: TruffleRuby and JRuby, looking at their benefits and drawbacks. We'll also briefly touch on the recently announced ZJIT compiler.

But before we get started, let's define JIT compilation.

What is JIT compilation?

JIT (Just-In-Time) compilation is a technique that combines aspects of code interpretation and traditional compilation. In statically compiled languages that utilize AOT (ahead-of-time) compilation, source code is translated into machine code before execution. Optimizations are performed during this compilation stage, and the resulting machine code is executed directly at runtime with no further changes.

In purely…

RubyGems Blog 

3.7.0 Released

RubyGems 3.7.0 includes security, breaking changes, enhancements, bug fixes and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

### Security:

  • Update vendored resolv to 0.6.2. Pull request #8831 by hsbt

### Breaking changes:

  • Stop generating binstubs with support for RubyGems before 2.6.2. Pull request #8833 by deivid-rodriguez
  • Drop support for Ruby 3.1. Pull request #8634 by segiddins

### Enhancements:

  • Update SPDX license list as of 2025-07-01. Pull request #8829 by github-actions[bot]
  • Add push_rubygem as a default scope for gem signin command. Pull request #8672 by hsbt
  • Up…
Aha! Engineering Blog 

Is AI the end of coding as we know it, or just another tool?

img { max-height: 400px; margin-right: auto; margin-left: auto; } table, th, td { font-family: Red Hat Display, "Helvetica Neue", Arial, "Noto Sans", sans-serif; border: 1px solid var(--aha-gray-400); } th { background-color: var(--aha-gray-100); color: var(--aha-gray-900); text-align: left; } td img { margin: 0.5em auto !important; }

The rapid advancement of AI tools has left many developers worried about the future of their careers. AI is either coming to take your job, or it's going to make you 10 times more productive — if you learn to use it effectively. Nobody wants to be in the first category. But I've found surprisingly little…

RubySec 

CVE-2025-53623 (job-iteration): Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

### Impact There is an arbitrary code execution vulnerability in the `CsvEnumerator` class of the `job-iteration` repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise. ### Patches Issue is fixed in versions `1.11.0` and above. ### Workarounds Users can mitigate the risk by avoiding the use of untrusted input in the `CsvEnumerator` class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid calling `size` on enumerators constructed with…
Ruby News 

Ruby 3.4.5 Released

Ruby 3.4.5 has been released.

This is a routine update that includes bug fixes and GCC 15 support. Please refer to the release notes on GitHub for further details.

Release Schedule

We intend to release the latest stable Ruby version (currently Ruby 3.4) every two months following the most recent release. Ruby 3.4.6 is scheduled for September, 3.4.7 for November, and 3.4.8 for January.

If a change arises that significantly affects users, a release may occur earlier than planned, and the subsequent schedule may shift accordingly.

Download

Ruby on Rails: Compress the complexity of modern web apps 

Chime joins the Rails Foundation as a Contributing member

The Rails Foundation is excited to share our newest Contributing member, one that Americans will be very familiar with: Chime Financial.

Chime is a financial technology company founded on the belief that core banking services should be helpful, easy, and free. Since its inception, Chime has used Ruby on Rails to build and scale a platform that empowers millions of members with access to fee-free financial services.

Their engineering team includes hundreds of Ruby developers who rely on Rails to manage transactions, improve security, and drive innovation. As of Q1 2025, Chime has 8.6 million active members, and is one of the most downloaded banking apps in America.

Rails has been…

Alchemists: Articles 

Git Rebase Exec

Cover
Git Rebase Exec

When using Git Rebase, you might find yourself wishing you could automate manual tasks by executing code during the rebase. Well, good news, you can! Executing code is one of the most powerful features of rebasing but also a slightly more complex feature to use than the other commands.

To start, let’s initialize a Git repository with a basic Ruby calculator implementation:

mkdir demo
git init

printf "%s\n\n" "# frozen_string_literal: true" > calc.rb
git add --all .
git commit --message "Added calculator script file" \
           --message "Provides initial script file only (implementation to be added later)."

printf "%s\n" 'ARGV.then { |a, b| puts "#{a} plus…
Remote Ruby 

Soham Parekh, Turbo Frames and AI Antics

In this episode of Remote Ruby, Chris and Andrew discuss a range of topics including an exciting announcement on Jason’s Job Boardly project that got acquired, a technical deep dive into implementing real-time emoji reactions using Turbo and Rails, an explanation on using Rules CLI, and a viral story about a developer. They also touch on intricate programming challenges, such as maintaining state in real-time applications and navigating AI-driven coding tools. Later, the conversation turns to humorous cybersecurity stories, the rising use of AIs in coding, the ethical challenges posed by multi-job professionals, and the impact of streaming services. The episode concludes with discussions…

Judoscale Dev Blog 

Rails On-Premise... At RailsConf!

The Judoscale team just arrived back from RailsConf 2025 and boy did we have fun! In case you missed Adam’s posts on LinkedIn (and elsewhere), Judoscale brought the fun and music to RailsConf this year… with kazoos. Free Kazoos for all!

Adam pouring out a bag of Judoscale kazoos into a display at Judoscale’s RailsConf 2025 booth We had so many kazoos..

Now, you might be asking yourself, “Why kazoos? What does that have to do with autoscaling?” And the official answer is… nothing! We didn’t sponsor RailsConf to try to sell Judoscale or win customers, we just wanted to have some fun and bring some silliness to the traditional sponsor-booth. So… kazoos! A bit of whimsy, a touch of joy, and a whole lot of noise. It was awesome.

Whil…

Rails Designer 

Click to reveal feature with Tailwind CSS

Today I wanted to go over a quick little UI element I added for a recent consultancy gig. The idea was to toggle the visibility of a user’s API key in their account’s settings (I think Stripe did a similar thing in the past, but couldn’t find it in their dashboard). The beautiful thing about this solution is that it doesn’t need any JavaScript at all. Winning! 🏆 Whenever I can skip JavaScript (although it is my second-favorite language), I go for it.

This is the element I am going for:

API key

Click to Reveal sk_test_4eC39HqLyjWDarjtT1zdp7dc

Let’s go over how it’s done. First, the non-togglable element:

<fieldset class="relative…
Hotwire Weekly 

Week 28 - Hotwire components that refresh themselves, Stimulus' Action Parameters, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another, slightly shorter, issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Smarter Use of Stimulus' Action Parameters - Rails Designer shows how to reduce repetitive controller code by using action parameters in Stimulus. Instead of writing separate methods like updateTheme or setFontSize, a single updateSetting method can handle multiple updates based on a key-param.

Hotwire components that refresh themselves - Matt Swanson, with guest Jesper Christiansen, introduces a clean pattern for self-refreshing UI using ViewComponent + Turbo Streams on the Boring Rails blog. Instead of scattering identifiers and partials across…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v39.0.1 - Use AI in Anger

Direct link to podcast audio file

Welcome to the first episode of 🔥Hotfix🔥! Breaking Change's first show-within-a-show, wherein I let somebody else talk for once. Each episode will show up as a patch release in the Breaking Change feed and feature guests with Hot takes about a relevant issue and a clear fix in mind for what we can do about it.

That first guest is a long-time collaborator and top 5 all-time colleague of mine named Dave Mosher, who's here to drop some truth bombs labeled "agentic coding" on the unsuspecting populace.

My secret mission on each of these is to lean into the show's E-for-explicit tag and try to get the guest to say something that could get them fired. I…

Blog by Abhay Nikam 

Rails Solid Queue for Background Jobs

Rails 8.0 introduces Solid Queue as the default queueing system for processing background jobs. It is designed by the Basecamp/HEY team with the Rails philosophy in mind: convention over configuration, fewer dependencies, and built-in defaults.

Before Solid Queue, you would use external libraries like Sidekiq (Redis), Resque, or Delayed Job to manage background jobs. These tools are good, but they also introduce operational overhead, like:

  • Redis integration
  • Managing the deployment and monitoring of background services
  • Custom logic for multitenancy apps

Benefits of Solid Queue

  • Solid Queue has zero external dependencies, like Sidekiq, which requires Redis. All background jobs are stored…
Tom Dalling 

Milestones As Talking Points

Recently someone said to me “stakeholders only care about milestones,” and something clicked for me.

Posts on Kevin Murphy 

RailsConf 2025 Recap

RailsConf 2025 🔗

RailsConf recently wrapped up in Philadelphia, Pennsylvania. The 2025 conference, and also the RailsConf event itself is now over as far as we know it. This post is meant to highlight the great work from all involved. I hope you’ll seek out the full videos of all the sessions that interest you once they are available. Unfortunately, I couldn’t be everywhere, so this covers what I saw.

Preparing 🔗

Just as I’ve done in the past, I joined Ruby Central members for the CFP coaching sessions. We helped others with their proposals in small groups. This was a great opportunity to meet with prospective speakers and workshop ideas to submit for the conference. I’m glad that Ruby Central…

justin․searls․co - Digest 

📄 Notify your iPhone or Watch when Claude Code finishes

I taught Claude Code a new trick this weekend and thought others might appreciate it.

I have a very bad habit of staring at my computer screen while waiting for it to do stuff. My go-to solution for this is to make the computer do stuff faster, but there's no getting around it: Claude Code insists on taking an excruciating four or five minutes to accomplish a full day's work. Out of the box, claude rings the terminal bell when it stops out of focus, and that's good enough if you've got other stuff to do on your Mac. But because Claude is so capable running autonomously (that is, if you're brave enough to --dangerously-skip-permissions), that I wanted to be able to walk away from my Mac…

This led me to cobble together this solution that…

Tom Dalling 

Work In Thin Vertical Slices

Work should be completed in a series of small changes, where each change is a polished, fully-working improvement.

Planet Argon Blog 

Meet Your Next Favorite Rails Podcast: On Rails

Meet Your Next Favorite Rails Podcast: On Rails

We’re thrilled to share that our very own, Robby Russell, is hosting On Rails—a new podcast produced by the Rails Foundation. The show dives into real-world engineering decisions, trade-offs, and technical stories from teams building and scaling with Ruby on Rails. It’s the kind of hallway-track insight we love… now in podcast form.

Continue Reading

RubySec 

CVE-2025-24294 (resolv): Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting…
Hanami 

Hanami and the elephant in the room

It’s week 5 of our sponsorship drive! By now you’ve already heard the many reasons to become a patron of Hanami, Dry and Rom. You’ve also seen me talk about such things on conference stages over the years.

Thing is, I’m a fairly restrained person, and I always try to be thoughtful and positive. Sometimes I wonder what this means for my cut-through, especially when so far I’ve tried to stay focused on our gear and its benefits, rather than the elephant in the room — Ruby on Rails.

Today I’ll share my reasons again, but this time directly acknowledging Rails, and trying not to pull any punches. So, let’s imagine ourselves in the hallway track at one of those conferences, having a chat, and…

Ruby on Rails: Compress the complexity of modern web apps 

Added rename_schema and more

Hi, Wojtek here. Let’s explore this week’s changes in the Rails codebase.

Farewell RailsConf!
800 devs gathered in Philadelphia to share memories and say goodbye at the final RailsConf. Huge thanks to Ruby Central and all the speakers and attendees who made it such a memorable event over the past 19 years.

Add rename_schema method for PostgreSQL
To complement already existing add_schema, drop_schema and schema_exists? methods.

Improve error message for table index length validation
Includes current character length in error messages for index and table name length validations.

Validate encoding on query keys
Always check query string keys for valid encoding just like values are checked.

Write Software, Well 

Sitemaps: A Quick SEO Win for New Websites

Sitemaps: A Quick SEO Win for New Websites

I recently added sitemaps to a few Rails-based marketing sites I manage for clients, and within weeks, we saw a noticeable boost in search traffic. It reminded me that not many people know about them or have totally forgotten about them (it's quite an old but effective SEO technique). Even fewer know about Google Search Console (not Google Analytics), the official Google tool where you can submit sitemaps and request indexing for new pages as soon as you publish them.

So wanted to give a quick primer about what a sitemap is, how you can create it yourself in Rails, and how to submit it to Google. Sometimes it's these small technical things that can make a big difference.

SEO is all about…

Saeloun Blog 

Rails 8 does not include redis by default in the dev container.

A development container (or dev container for short) allows us to use a container as a full-featured development environment.

It can be used to run an application, to separate tools, libraries, or runtimes needed for working with a codebase, and to aid in continuous integration and testing.

The dev containers can be run locally or remotely, in a private or public cloud, in a variety of supporting tools and editors.

Before

Rails 7.2 ships with dev containers as an opt-in feature.

Adding dev container on a new rails app

rails new <app_name> --devcontainer

Adding dev container to an existing rails app

bin/rails devcontainer

The .devcontainer folder includes everything needed to…

Josh Software 

Too Much on Your Plate? Burnout Might Be the Side Dish

You know that feeling when your mind says “focus” but your body says “nap”? When you’re doing your best but everything still feels like a drag? That’s not laziness — that’s burnout. And trust me, it’s not just you. Let’s look at the bigger picture. As per a recent Vertex Group survey, over half (52%) of … Continue reading Too Much on Your Plate? Burnout Might Be the Side Dish
Nithin Bekal 

Stop memoizing Hash lookups in Ruby

When a method performs a slow operation, memoizing the result using instance variables is a useful optimization. However, I’ve often seen people (including myself, sometimes!) reaching for memoization for things that don’t need to be optimized.

One common example is when there’s a class that wraps a Hash object. Hashes in Ruby are quite well optimized, so do you really need to memoize the result of the hash lookup? Let’s benchmark and find out.

Benchmarks

Let’s start with a simple Setting class that takes a data hash with type and value keys.

class Setting
  def initialize(data)
    @data = data
  end

  def type
    @data["type"]
  end

  def type_memoized
    @type ||= @data["type"]

There’s a type method here, and I’ve added a type_memoized method for comparison. Now let’s…

Awesome Ruby Newsletter 

💎 Issue 477 - Ruby 3.4 Frozen String Literals: What Rails Developers Need to Know

Ruby Weekly 

The beautiful simplicity of async in Ruby

#​758 — July 10, 2025

Read on the Web

Ruby Weekly

Brut: A New Web Framework for Ruby — With no controllers, no verbs, no resources, and an HTML-first, ‘low-ceremony’ approach Brut is treading its own path. Here’s a broader conceptual overview of what it’s about; I think it makes some fantastic choices and David has clearly put a lot of effort into it. (Be aware of the atypical licensing, though.)

David Bryant Copeland

Async Ruby is the Future of AI Apps (And It's Already Here) — After years in Python’s async ecosystem, Carmine found Ruby’s approach to concurrency dated at first, before discovering the…

Rails Designer 

Smarter Use of Stimulus’ Action Parameters

This article is extracted from the book JavaScript for Rails Developers and edited for the web (use SUMMERSALE to get a 25% discount 🤫☀️).


Let’s imagine a typical text editor that has settings for the theme (a string), line numbers (boolean) and the font size (number).

Try to think how’d you set that up in a Stimulus controller. Create a separate method for each setting? updateTheme and setLineNumbers and so on? Not bad, but I’d like to suggest a way that is more maintainable and applicable to any kind of settings set up.

As always, we follow the outside-in approach by adding the HTML first:

<div data-controller="editor">
</div>

The Stimulus controller could look something like this:

Julik Tarkhanov 

Data Over Time

Since 2021 I have been working at Cheddar Payments, which is a fledgling fintech startup in the UK. It was a substantial change from WeTransfer in terms of the problem domain, but also scale.

The scale at a B2C fintech is smaller, but the challenges are, in ways, much harder. And the biggest challenge - engineering-wise - is “data over time”. I’ve learned more about data over time than I would like, and it can be useful to share my experience.


Hire mefor your app.


The Rails Way™ is harmful for data over time

Rails assumes building systems happen with a “current state of the world” database, filled with rows that get mutated. For example, this would be a very standard pattern in Rails:

Planet Argon Blog 

Back-End Skills Every Front-End Developer Should Know

Back-End Skills Every Front-End Developer Should Know

There’s no front-end without the back-end. Explore why today’s best front-end devs think full-stack.

Continue Reading

Saeloun Blog 

Rails now allows associations to be marked as deprecated using deprecated: true

Active Record allows developers to mark associations as deprecated, providing robust reporting mechanisms to identify and eliminate their usage across all environments.

It supports multiple reporting modes and configurable backtraces, making the process of cleaning up or removing associations much safer and more efficient.

Before

We had no built-in way to deprecate associations. Removing an association like this:

has_many :projects

meant deleting projects and hoping CI or manual testing would catch all usage. This is risky in production, especially with incomplete test coverage or mocked associations.

After

Rails introduces deprecated: true for the deprecated associations. With…

Evil Martians 

We studied 100 dev tool landing pages—here’s what really works in 2025

Authors: Anton Lovchikov, Head of Design, and Travis Turner, Tech EditorTopics: Developer Products, Design, Design Engineering

While designing a landing page template for dev tool startups, we reviewed 100+ real product sites. Along the way, we uncovered practical insights—here’s what’s worth knowing if you’re building one yourself.

So, you’ve built an amazing open source project or developer tool. Now you need a landing page that doesn’t suck! You could spend weeks researching what works, A/B testing layouts, and second-guessing design decisions. Or… you could fight blank page pain by learning from what the best dev tools are doing in 2025. To save you the time, Anton Lovchikov, Head of…

Write Software, Well 

Polymorphic URLs with direct Router Helper

Polymorphic URLs with direct Router Helper

While reading the source code for the Maybe project (which is a really good Rails codebase that follows most of the Rails best practices and conventions), I came across this code in the router config file. It uses the Rails routing feature called direct to create custom URL helpers for a polymorphic model.

direct :entry do |entry, options|
  if entry.new_record?
    route_for entry.entryable_name.pluralize, options
  else
    route_for entry.entryable_name, entry, options
  end
end

At first glance, I didn't understand what it was doing, as I've personally never had to use the direct method like this in my Rails projects so far, so decided to do some reading and wanted to share everything I…

naildrivin5.com - David Bryant Copeland's Website 

Brut: A New Web Framework for Ruby

A brown rectangle with a large capital 'B'. Underneathe is 'brut'

Brut aims to be a simple, yet fully-featured web framework for Ruby. It's different than other Ruby web frameworks. Brut has no controllers, verbs, or resources. You build pages, forms, and single-action handlers. You write HTML, which is generated on the server. You can write all the JavaScript and CSS you want.

Here’s a web page that tells you what time it is:

class TimePage < AppPage
  def initialize(clock:)
    @clock = clock
  end

  def page_template
    header do
      h1 { "Welcome to the Time Page!" }
      TimeTag(timestamp: @clock.now)
    end
  end

end

Brut is built around low-abstraction and low-ceremony, but is not low-level like Sinatra. It’s a web…

Ruby News 

CVE-2025-24294: Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem.

Details

The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in…

RubyGems Blog 

RubyGems.org Policies Now Live

We’re excited to announce that the new policies for RubyGems.org are now live! These policies—Terms of Service, Privacy Notice, Acceptable Use Policy, and Copyright Policy—help bring clarity and transparency to how RubyGems.org operates and how we protect the platform and its users.

Originally introduced for community review in March, these policies officially took effect on June 30, 2025. We appreciate the thoughtful feedback submitted during the preview period via email and Slack—your input helped refine these documents to better serve the needs of the Ruby community.

To ensure all users are informed and aligned with these updates, returning users will now see a banner prompting them to…

Ruby Central 

Ruby Central Announces Open Source Fiscal Sponsorship Program & Hanami Support

Ruby Central Announces Open Source Fiscal Sponsorship Program & Hanami Support

At Ruby Central, we've been exploring new ways to support open source maintainers and make their work more sustainable. After speaking with project owners across the ecosystem, we heard a common theme: fundraising requires a huge amount of time and pulls maintainers away from building and working with the community.

As a 501(c)(3) nonprofit, Ruby Central is well-positioned to support open source projects with the administrative side of fundraising through fiscal sponsorship. And today, we’re excited to share our first partnership: Hanami!

What does fiscal sponsorship mean?

Ruby Central handles the back-office aspects of fundraising, including donation processing, accounting, and reporting.…

Boring Rails: Skip the bullshit and ship fast |  

Hotwire components that refresh themselves

This is a guest collaboration with Jesper Christiansen, a long-time fan of most things Ruby on Rails.

Earlier this year, I made a quick tweet about a pattern that I think makes working with Hotwire apps much better.

When you need to make a bit of UI that runs some code in the background, you can use turbo_streams to ‘refresh’ the front-end when the work starts, is in-progress, and finally when it’s finished.

But the problem is that, out of the box, turbo_streams use partials. And frankly, it just kind of sucks to work with. I found myself annoying by having to match up dom_ids across files and passing in data as locals. And it’s hard to search the codebase for partials, leading to cases…

justin․searls․co - Digest 

📄 Full-breadth Developers

The software industry is at an inflection point unlike anything in its brief history. Generative AI is all anyone can talk about. It has rendered entire product categories obsolete and upended the job market. With any economic change of this magnitude, there are bound to be winners and losers. So far, it sure looks like full-breadth developers—people with both technical and product capabilities—stand to gain as clear winners.

What makes me so sure? Because over the past few months, the engineers I know with a lick of product or business sense have been absolutely scorching through backlogs at a dizzying pace. It may not map to any particular splashy innovation or announcement, but everyone…

Hi, we're Arkency 

Breaking the Singleton: How to Reload Ruby Singleton Instance

Breaking the Singleton: How to Reload Ruby Singleton Instance

As you may know, the Singleton module implements the singleton pattern in Ruby. Technically it ensures that the class that includes the Singleton module will have one and only one instance throughout the application’s lifecycle available with the class method instance. The most common usage is for some configuration objects, logging or some global third-party clients. What Ruby Singleton effectively does is that it hides new and allocate methods on the class level so you can’t create a new instance and undefines the extend_object method of your class. It also raises an exception when you try to clone an instance using clone or dup

Drifting Ruby Screencasts 

Dependent Select

In this episode, we explore how to enhance standard select fields using a JavaScript library together with StimulusJS to create more dynamic and responsive dropdowns. The focus is on adding search functionality, handling dependent selections, and integrating smoothly with modern frontend setups.
Hotwire Weekly 

Week 27 - Final RailsConf, Capture Browser Console Logs in Tests, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another, slightly shorter, issue of Hotwire Weekly! Happy reading! 🚀✨

The final RailsConf 2025 is happening in Philadelphia next week and there a number of Hotwire-adjecent talks:

  • The Ghosts Of Action View Cache - Hartley McGuire
  • Rails Frontend Evolution: It Was A Setup All Along - Svyatoslav Kryukov
  • Master The Rails Asset Pipeline: Best Practices For Apps & Gems - Adrian Marin
  • Hotwire Native: A Rails Developer’s Secret Tool To Building Mobile Apps (Workshop) - Joe Masilotti
  • The Front-End Is Omakase - Cameron Dutro
  • The Future Of Rails Begins In The Browser - Vladimir Dementyev, Albert Pazderin
  • The Future Of: PWAs On Rails - Edy Silva
  • The Modern View…

You can find the full schedule on the RailsConf website or on RubyEvents.org.


📚 Articles, Tutorials, and Videos

Remote Ruby: Conferences, Hotwire Native updates, and a surprise guest! - Andrew Mason and Chris Oliver dive into Hotwire Native updates and features, among other things like RailsConf, Rails World, and app design tips.

Auto-pause YouTube Videos with Stimulus - Rails Designer

Island94.org 

Is everyone ok at the gemba

The following is the bones of a half-written essay I’ve had kicking around in my drafts for the past 3 years, occassionally updated. I recently read two things that said it all better anyways, but if you read through you get my perspectives as someone in software cooking the goose.

One: Albert Burneko’s “Toward a theory of Kevin Roose”:

My suspicion, my awful awful newfound theory, is that there are people with a sincere and even kind of innocent belief that we are all just picking winners, in everything: that ideology, advocacy, analysis, criticism, affinity, even taste and style and association are essentially predictions. That what a person tries to do, the…

Posts on Kevin Murphy 

How 10 years of RailsConfs can inform the next 10 years of your career

Abstract 🔗

RailsConf has played an important role in my professional and personal life. I’ve learned about technology in ways I wouldn’t have otherwise at RailsConf. I’ve learned about myself in ways I wouldn’t have otherwise thanks to RailsConf. I’ve met people that changed the course of my career thanks to RailsConf. I’ve met others who have become dear friends thanks to RailsConf. I’ve done things I’ve never done before thanks to RailsConf.

The same may be true for you. We should celebrate and reflect on that. Where do we go from here? Let’s talk about it together.

Presentation Resources 🔗

Ruby on Rails: Compress the complexity of modern web apps 

Deprecating Associations, Cleaner Backtraces, and Smarter Defaults

Hi! Emmanuel Hayford with some cool updates for you.

Deprecated associations
You can now mark associations as deprecated using:

has_many :posts, deprecated: true

Active Record will report any usage of the deprecated association. Three reporting modes are supported: :warn (default), :raise, and :notify. You can also enable or disable backtraces (disabled by default).

Add locale options to PostgreSQL adapter DB create
PostgreSQL adapter create DB now supports locale_provider and locale.

Fix annotate comments to propagate to update_all/delete_all
This PR fixes annotate comments to work with update_all and delete_all.

Rails New: Only add browser restrictions when using importmap
When you…

RubySec 

CVE-2025-34075 (vagrant): HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that…
Weelkly Article – Ruby Stack News 

🧠 Hash Transformations in Ruby: index_by vs index_with

🧠 Hash Transformations in Ruby: index_by vs index_with July 4, 2025 Ruby and Rails developers often appreciate how expressive and elegant the language is—especially when it comes to working with collections. One of the lesser-known gems in Ruby’s Enumerable toolbox is the pair of methods: index_by and index_with. Both are incredibly powerful for transforming arrays … Continue reading 🧠 Hash Transformations in Ruby: index_by vs index_with

Remote Ruby 

Conferences, Hotwire Native updates, and a surprise guest!

In this episode of Remote Ruby, Andrew and Chris dive into a range of Rails-related updates, development workflows, and tech frustrations, all while preparing for RailsConf and Rails World. Chris dives into the evolution of Ruby Gems toward Python-style wheels and secure precompiled binaries, while Andrew breaks down the value of namespacing and modularization in Rails apps. They also reflect on accessibility, QA, component architecture, and how LLMs are changing the game for solo devs, Plus, a surprise visit from J**** C******adds some comic relief and candid takes on sabbaticals, Rails World, and a podcast competition. Hit download now! 

Links

katafrakt’s garden 

Ecto, on_replace and deferred checks

Today I learned a valuable lesson about how a seemingly simple task can have very rough edge cases, which take hours to solve. It involved Ecto, its associations and on_replace option, and uniqueness checks in the database. Here’s the story.

The problem

Let’s say you are modelling some kind of processes. These processes have steps and the steps have to be executed in a precise order. This is how a database structure for it would look like:

def change do
  create table(:processes) do
    add :name, :string, null: false
  end

  create table(:steps) do
    add :process_id, references(:processes)
    add :name, :string, null: false
    add :order, :integer, null: false
  end
end

It is…

Planet Argon Blog 

7 Smart Strategies for Styling Your React App

7 Smart Strategies for Styling Your React App

Explore these 7 smart, scalable strategies to style your React app for better performance, cleaner code, and a more maintainable UI.

Continue Reading

Awesome Ruby Newsletter 

💎 Issue 476 - Ever heard of `then` in Ruby?

BigBinary Blog 

Active Record adds support for deprecating associations

In Rails8, we can now mark ActiveRecord associations as deprecated. This makesit easy to phase out old associations from our codebase, while still keepingthem around to safely remove their usages. Whenever a deprecated association isused, whether by calling the association, executing a query that references it,or triggering a sideeffect like :dependent or :touch, Rails will alert usaccording to our chosen reporting mode.

Marking an association as deprecated

Simply pass the deprecated: true option when declaring an association.

class User < ApplicationRecord  has_many :meetings, deprecated: trueend

Now, every time the meeting association is invoked, well get a deprecationwarning in our logs.

>…
Ruby Weekly 

DHH on the beauty of modern Linux

#​757 — July 3, 2025

Read on the Web

Ruby Weekly

Omarchy: DHH's New Opinionated Arch/Hyprland Setup — DHH says he feels the same way about Linux now as he did about Ruby in 2003 and wants to ‘present its beauty in the most accessible way possible’. Omarchy is his attempt at making it easy to get running with an aesthetically pleasing, developer-friendly Linux setup. He writes more about it here.

David Heinemeier Hansson

💡 If you're not quite ready to go so far down the rabbit hole, Omakub is DHH's Ubuntu based setup/configuration for developers.

Let’s Hack Ruby Upgrade Tools Together @ RailsConf —…

Glauco Custodio 

TIL: previously_new_record? — A Hidden Gem in ActiveRecord

Have you ever needed to know if a record in Rails was just created — especially after using create_or_find_by or find_or_create_by?

Most Rails devs reach for new_record?, but it won’t help after create_or_find_by, because the record is already saved. So how do you know if a record was just created?

Say hello to previously_new_record?, which for my surprise is available since Rails 6.1.

It tells you if the record was new right before the last save — giving you a clean way to trigger onboarding logic, log metadata, or set defaults only for new records.

Here's how one can use it:

user = User.create_or_find_by(email: params[:email])

# only create the log if the user was just…
Rails Designer 

Auto-pause YouTube Videos with Stimulus

I recently published an article to auto-pause a video using Stimulus when it is outside of the viewport which I built for one of my Rails UI Consultancy clients. In this article I am exploring the same feature but using an embedded YouTube player using an iframe. While the implementation uses the same core concept as the previous video controller (the Intersection Observer API), working with YouTube’s iframe API adds some interesting complexity.

If you want to check out the full setup, check out this repo.

Again, let’s start with the HTML:

<div data-controller="youtube" data-youtube-percentage-visible-value="20">
  <iframe
    data-youtube-target="player"
    src="https://www.youtube.co…

Note a few…

Josh Software 

Securing GraphQL in Golang using Directives for Authentication & Authorization

When building an API, securing your data is just as important as exposing it. This post walks you through how to implement authentication and role-based access control in GraphQL using Golang, with a powerful feature called GraphQL Directives. We’ll learn how to: 📘 What are GraphQL Directives? GraphQL directives are annotations that can be added to your schema to change … Continue reading Securing GraphQL in Golang using Directives for Authentication & Authorization
Posts on Kevin Murphy 

Frequently Played July 2025

Frequently Played 🔗

I tend to listen to the same songs or albums on repeat that are evocative of how I’m feeling or what’s going on with me. Here is what I’m currently listening to over, and over, and over, and over, again.

Nothing Matters 🔗

I am definitely consuming all things The Last Dinner Party lately.

Full Lyrics

Even when the cold comes crashing through, I’m putting all my bets on you
I hope they never understand us
I put my heart inside your palms, my home in your arms, now we know
Nothing matters, nothing matters

Good Time 🔗

I’m missing them on tour with Gaslight Anthem this cycle.

Full Lyrics

So he rushes in to tell you what he did today
But he can’t think of what to say
I think you listen…

Evil Martians 

The early validation lesson: designing Quotient’s prompt sandbox

Authors: Yaroslav Lozhkin, Product Designer, and Travis Turner, Tech EditorTopics: Developer Products, Design, Case Study, AI, Design Engineering, AI Integration

The awesome Quotient team, a vision from the future, and a brilliant pivot. But if you're a visionary working on next-gen tech, you need to learn from the road we travelled on the way there!

We work with founders who embrace ambition. This was certainly the case when Quotient's team approached us with their vision: a prompt playground where AI-native developers could write production prompts, test with variables, evaluate outputs, and manage datasets. We knew we were working with builders who were looking into the future. But how to…

SINAPTIA 

Think before you cache

“Maybe we should cache this”. It’s a common thought when we notice a slow response or an expensive computation. Just as common - and even more frustrating - is the follow-up thought: “Must be the cache”. That moment when something returns an unexpected response, a stale value in a view, a wrong number in an API response, or a method returning outdated or just plain incorrect data. And the culprit? Caching gone wrong.

Most Rails apps are already leveraging caching from the get-go, even if it’s not immediately obvious. For example, digested assets (like stylesheets, JavaScript files, and logos) are fingerprinted and cached by the browser to avoid re-downloading them on every visit. Turbo…

Ruby Central 

Company Spotlight: FastRuby is the Answer to Rails Tech Debt That Overwhelms Teams

Company Spotlight: FastRuby is the Answer to Rails Tech Debt That Overwhelms Teams

What happens when your Rails app is stuck on an outdated version? You may know it needs to be upgraded, but the work feels overwhelming, risky, and no one on your team really wants to take it on. 

That’s where FastRuby comes in.

For the past eight years, FastRuby has carved out a unique (and much-needed) niche in the Ruby ecosystem: helping companies upgrade their Rails apps safely and sustainably. Founded by Ernesto Tagwerker, FastRuby has worked with clients like SoundCloud and Power Home Remodeling, and completed more than 100 projects, with over 50,000 developer hours invested in upgrades alone.

Company Spotlight: FastRuby is the Answer to Rails Tech Debt That Overwhelms Teams

“Early on, we did an upgrade for Power Home Remodeling,” Ernesto explained. “We finally had one…

justin․searls․co - Digest 

📄 A handy script for launching editors

Today, I want to share with you a handy edit script I use to launch my editor countless times each day. It can:

  • edit posse_party – will launch my editor with project ~/code/searls/posse_party
  • edit -e vim rails/rails – will change to the ~/code/rails/rails directory and run vim
  • edit testdouble/mo[TAB] – will auto-complete to edit testdouble/mocktail
  • edit emoruby – will, if not found locally, clone and open searls/emoruby

This script relies on following the convention of organizing working copies of projects in a GitHub <org>/<repo> format (under ~/code by default). I can override this and a few other things with environment variables:

  • CODE_DIR - defaults to "$HOME/code"
  • DEFAULT_ORG -…
a-chacon 

OasRails: From a Rails Engine to a Framework-Agnostic Solution

Ruby is a language that is easy to understand, fun to write, and performs well, but unfortunately, its popularity hasn’t grown over time. Worse yet, this popularity is almost entirely based on a single framework: Ruby on Rails. Therefore, it is essential for those of us who develop in Ruby to diversify the ecosystem and create solutions that work regardless of the framework to ensure Ruby’s longevity as a programming language that endures over time and isn’t controlled by a handful of companies.

Following this line, I discovered a framework called Rage for API creation. I had already tried Grape and knew about Padrino, Sinatra, and Hanami. But Rage seemed simple to me, and I also realized…

Rails at Scale 

A Ruby open-source sabbatical

I wanted to share a bit about the first part of my Ruby open-source sabbatical experience here at Shopify! There don’t seem to be nouns or verbs for someone doing a sabbatical, so I’m coining the terms sabbatical-er and sabbatical-ing for the rest of this post.

A bit about me (a sabbatical-er)

My name is Sid, and I’m currently doing a Ruby open-source sabbatical at Shopify on the Ruby Developer Experience team (aka Team Ruby DX). I’ve primarily worked on web applications using Rails and React for the past 6+ years building Shopify Collabs. I’m a proud Ruby developer and am increasingly appreciative of the Ruby community both here at the company and beyond.

What is an open-source…

Graceful.Dev 

Site News #26: Policy, Structure, and Memoization

Hi there, graceful devs! Here’s what’s new in the garden…

Content Updates

There are two hefty new episodes since the last update! The first one, Policy as Structure, introduces a powerful approach to architecting your code for flexibility and change.

A video thumbnail showing Avdi Grimm in a flowery shirt, with the title "Policy as Structure"

The second new episode follows on from it, although either can also be watched standalone. In this one you’ll learn why just because you can easily memoize objects so they aren’t re-created… doesn’t mean you should make it a habit.

Avdi Grimm pontificating in a colorful shirt, on top of a title slide reading "Resist Memoization - Episode 713"

There are also some new freebie episodes up on the YouTube channel:

That’s all for this month. Stay graceful!

danielabaron.me RSS Feed 

Capture Browser Console Logs in Rails System Tests with Capybara and Cuprite

Learn how to capture browser console logs in Rails system tests using Capybara and Cuprite, and debug JavaScript issues without slowing down test execution.
Hi, we're Arkency 

5 gems you no longer need with Rails

In my line of work as a consultant I’m often reviewing Rails codebases. Most of the time they’re not the greenfield apps — developed with latest and greatest Rails and Ruby releases. They power successful businesses though. To keep them running smoothly and securely they sometimes need a little push to stay within framework maintenance window.

Upgrading the Rails itself is the easiest part of the upgrade process. It’s well documented. The framework and its parts play well together. You can do it gradually, dealing with new framework defaults one by one.

The trickier part is the non-framework dependencies. The ones that gave tremendous leg while bootstrapping the application. When…

Weelkly Article – Ruby Stack News 

🚀 Using MongoDB in Ruby on Rails with Mongoid: A Practical Example

July 1, 2025 As developers, we often default to relational databases like PostgreSQL or MySQL when building Rails applications. But what happens when your data is better represented as documents, or you need more flexibility with your schema? That’s where MongoDB comes in — and with the help of Mongoid, integrating it with Rails is … Continue reading 🚀 Using MongoDB in Ruby on Rails with Mongoid: A Practical Example

Hi, we're Arkency 

Stop concatenating URLs with strings — Use proper tools instead

Stop concatenating URLs with strings — Use proper tools instead

How many times have you seen code like this in a Ruby application?

base_url = "https://api.example.com"
endpoint = "/users"
user_id = params[:id]

full_url = "#{base_url}#{endpoint}/#{user_id}

At first glance, it looks harmless, but it hides several traps that can lead to hard–to–debug errors.

Problems with Naive URL Concatenation

1. Double or missing slashes
base_url = "https://api.example.com/" # has trailing hash
endpoint = "/users" # has leading hash

url = "#{base_url}{#endpoint}"
# => "https://api.example.com//users"

Double slash is likely not desired. While most servers will handle it, this looks unprofessional.

base_u…
justin․searls․co - Digest 

📄 How to subscribe to email newsletters via RSS

I have exactly one inbox for reading blogs and following news, and it's expressly not my e-mail client—it's my feed reader. (Looking for a recommendation? Here are some instructions on setting up NetNewsWire; for once, the best app is also the free and open source one.)

Anyway, with the rise of Substack and the trend for writers to eschew traditional web publishing in favor of e-mail newsletters, more and more publishers want to tangle their content up in your e-mail. Newsletters work because people will see them (so long as they ever check their e-mail…), whereas routinely visiting a web site requires a level of discipline that social media trained out of most people a decade ago.

But, if…

Alchemists: Articles 

Software Issues

Cover
Software Issues

Managing issues that pop up with the software you are developing is a common occurrence. You’ll always have new enhancements to implement and bugs to tackle. Sadly, there is no industry standard, or best practices, on how to go about managing these issues but there should be.

One way is to think in terms of present and past tense which provides a nice synergy with the corresponding Git commits that make up your implementation to complete the issue. Example:

Present (issue) Past (commit)

Add

Added

Update

Updated

Fix

Fixed

Remove

Removed

Refactor

Refactored

There’s a nice simplicity to the above where present tense is used to describe what is…

The Bike Shed 

467: How to get the most out of attending a conference with Matheus Richard

Joël continues his preparations for the last RailsConf as he talks with Matheus about how to make the most of your time at the conference.

Hear their tips to connect and communicate with other attendees, the different ways to take notes at the various talks you can attend, what to do when your discussions have a lull, as well as how to draw inspiration from others talks and using it to your advantage.

Don’t miss out on the final RailsConf which takes place July 8th - July 10th in Philadelphia, PA!

Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.

You can connect with Matheus via LinkedIn

Rails Designer 

Summer sale: 25% off UI Components and JavaScript for Rails Developers

July brings longer days and a quieter inbox in the northern hemisphere. A good moment to push a side-project, an internal tool, or the first version of a SaaS.

Rails Designer UI Components can help. Just like it did for more than 1,000 developers already, and roughly 100 more arrive each month. The library is built with ViewComponent, styled with Tailwind CSS, and enhanced by Stimulus.

During July, both Pro and Infinite, are available with a 25% discount. Apply coupon SUMMERSALE at checkout and start shipping a little sooner. 🚢

Want to level-up your JS and your paycheck as a result? JavaScript for Rails Developers is also available with 25% off using the coupon SUMMERSALE. 🤑

André Arko 

You should delete tests

We’ve had decades of thought leadership around testing, especially coming from wholistic development philosophies like Agile, TDD, and BDD. After all that time and several supposedly superseding movements, the developers I talk to seem to have developed a folk wisdom around tests.

That consensus seems to boil down to simple but mostly helpful axioms, like “include tests for your changes” and “write a new test when you fix a bug to prevent regressions”. Unfortunately, one of those consensus beliefs seems to be “it is blasphemy to delete a test”, and that belief is not just wrong but actively harmful.

Let’s talk about why you should delete tests.

To know why we should delete tests, let’s…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 142

The one where Rails Foundation launches a new podcast, where Josef launched Kamal Devops and where Obie launches Claude On Rails gem and DHH announces Omarchy
Gusto Engineering - Medium 

False Fences Make Bad Neighbors

A green field with a dirt road running through it. A brown gate blocks the road but has no fencing to either side of it.An easily passable inconvenient fence blocking a road that appears to serve no purpose

Introduction

As software engineers, we’ve all encountered code that looked redundant, verbose, or just plain odd — and refactored it only to suffer failing tests or production bugs. After getting burned, we learn to be cautious and ask: “What non-obvious reason could require the code to be this way?”

Chesterton’s Fence

This cautionary principle is called Chesterton’s Fence. It originates from G.K. Chesterton’s 1929 book, The Thing, where he writes of a man encountering a fence crossing a road. The man believes the fence serves no purpose and wants it removed. Another man will not allow its removal until its…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v39 - Broken Home

Direct link to podcast audio file

I have returned to the nation of freedom and tariffs and all my shit has stopped working! Which shit? Why? What did I buy now? Listen and find out.

Remember, listeners who write in to podcast@searls.co will be spared on judgment day.

Website stuff follows:

Dhaval Singh's Blog 

Run any LLM locally on your Mac in less than 2 mins

I am just surprised that is is so simple. Plus its so elegant, I want to stand on my rooftop and shout. Anyway, here are the steps. BTW you only need 1min if you dont care about a fancy chat interface.

Step 1:

Visit https://ollama.com/ click on download

Step 2:

Click on Models on the above page, pick any model you want and run a cmd like this in your terminal

ollama run gemma3:4b

Step 3:

Congrats! Your local LLM is now up and running. You can start talking to it in the terminal itself.

Step 4:

Visit https://github.com/open-webui/open-webui to get the chat UI.

Run these 2 simple cmds to install

pip install open-webuiopen-webui serve

Step 5:

It will automatically connect with ollama and you can start…

DEV Community: Doctolib 

Cracking the code: How Copilot supercharged my last CTF and where it fell short

Using AI for CTF

Over the years, I’ve always been drawn to riddles and brainteasers. It’s no surprise, then, that as a software engineer, I’ve always been interested in Capture The Flag (CTF) cybersecurity challenges. In these challenges, you need to find a solution (hack) to retrieve a secret string hidden somewhere. This could be in a website, social media, assembly code, images, or any medium that can conceal information. These challenges require a broad range of knowledge, particularly in computer science and software engineering, but also creativity and inventiveness. However, I never dared to try because, in my mind, CTFs were reserved for the elite: the seasoned hackers with skills far beyond my…

Now, at 35,…

justin․searls․co - Digest 

🔗 Goals are overrated, Constraints are underrated

Loved this post from Joan Westenberg, about the limitations of goals:

The cult of goal-setting thrives in this illusion. It converts uncertainty into an illusion of progress. It demands specificity in exchange for comfort. And it replaces self-trust with the performance of future-planning. That makes it wildly appealing to organizations, executives, and knowledge workers who want to feel like they're doing something without doing anything unpredictable.

And the liberation of constraints:

Constraints make solutions non-obvious. They force the kind of second-order thinking that goals actively discourage. Instead of aiming for a finish line, the constrained mind seeks viability. It doesn't…

Saeloun Blog 

Rails uses self-join for UPDATE with outer joins on PostgreSQL and SQLite

ActiveRecord joins is used to combine records from multiple tables based on associations. In this blog, we will discuss how UPDATE statements with outer joins are handled in PostgreSQL and SQLite.

class Client < ApplicationRecord
  has_many :projects
end

class Project < ApplicationRecord
  belongs_to :client
end

Before

When we do UPDATE with an OUTER JOIN and reference the updated table in the ON clause in PostgreSQL and SQLite, Rails generated subqueries as the join condition cannot be safely moved to the WHERE clause without breaking the query.

Client.joins("LEFT JOIN projects ON projects.client_id = clients.id")
      .where("projects.id IS NULL")
      .update_all(name: 'Archived…
UPDATE "clients" 
SET "name" = 'Archived Client' 
WHERE ("clients"."id") IN (
  SELECT "clients"."id" 
  
Island94.org 

Recently, June 29, 2025

  • We have a new fridge; it is the same model as the old fridge because only that model would fit in the cabinetry. The installers also discovered that the water valve was broken and couldn’t be shut off; subsequently, the plumber determined that only the handle had snapped. I ordered a completely new water valve to unscrew its handle and attach that handle to the existing valve. In this economy.
  • This week in Rails, I went back and replaced most of the places I was using turbo-broadcast-refresh and replaced them with targeted turbo-streams. I also spent a bunch of time trying to make an autogrowing textfield that didn’t bounce the page up and down which the style.hei…
Fullstack Ruby 

Sunsetting the Fullstack Ruby Podcast (and What I’m Doing Instead)

I always hate writing posts like this, which is why I rarely do it and tend to let content destinations linger on the interwebs indefinitely.

But I’m in the midst of spring summer cleaning regarding all things content creation, so I figured it’s best to be upfront about these things and give folks a heads up what I’m currently working on.

TL;DR: I’m bidding the Fullstack Ruby podcast a bittersweet farewell and gearing up to launch a new podcast centered on current events in the software & internet technology space, because we’ve reached a crisis point and future of the open web is more fragile than ever.


Here’s the truth. There’s a lot that’s fucked up about Big Tech and software…

Hotwire Weekly 

Week 26 - Multi-step forms done right, Turbo-friendly tables, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another, slightly shorter, issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

The Hotwire-Rails summit, or interactive multi-step forms at peak UX - Vladimir Dementyev showcases on the Evil Martians blog how they built a highly-interactive, multi-step form wizard within Rails + Hotwire, matching SPA-level user experience. Using Turbo Streams, morph updates and state-preserving UI tricks.

Making Tables Work with Turbo - Guillermo Aguirre fixes common Turbo issues with tables: avoid <turbo-frame> around <tbody>, use plain IDs on rows (dom_id) for inline edits, and use remote forms tied to rows.

Hotwire Native Live: Route…

justin․searls․co - Digest 

📍 Tabelogged: ハシゴ

I visited ハシゴ on May 29, 2025. I gave it a 3.3 on Tabelog.

justin․searls․co - Digest 

📍 Tabelogged: 串焼き居酒屋ゴバン

I visited 串焼き居酒屋ゴバン on May 29, 2025. I gave it a 3.3 on Tabelog.

justin․searls․co - Digest 

📍 Tabelogged: 米沢牛・焼肉 さかの

I visited 米沢牛・焼肉 さかの on May 29, 2025. I gave it a 3.5 on Tabelog.

justin․searls․co - Digest 

📍 Tabelogged: 餃子 照井 福島駅東口店

I visited 餃子 照井 福島駅東口店 on May 29, 2025. I gave it a 3.7 on Tabelog.

justin․searls․co - Digest 

📍 Tabelogged: ピッツェリア エ オスタリア ダヴェッロ

I visited ピッツェリア エ オスタリア ダヴェッロ on May 29, 2025. I gave it a 3.7 on Tabelog.

a-chacon 

When Machines Talk: ChatGPT and DeepSeek.

I’ve spent the last couple of days building a ChatBot for the company I’m currently working for, and I’ve had to research RAG, vector databases, Langchain, and more. Amidst this deep dive into the world of LLMs, I came up with a silly but fun experiment: What if ChatGPT and DeepSeek had the chance to talk to each other? What would they talk about? How far would they go?

I use DeepSeek mostly to generate code I’m too lazy to write, fix repetitive tasks, document, and generate tests. Its outputs aren’t perfect but are correctable. And I use ChatGPT more for defining structural approaches and solutions. They’re great tools, but just that—another tool in the universe of development and…

RubySec 

CVE-2025-6442 (webrick): Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
Judoscale Dev Blog 

Autoscaling: Proactive vs. Reactive

From the beginning, Judoscale has been focused on providing the fastest, most reliable queue-time-based autoscaling on the market. We believe that queue time is the metric that matters most for real applications out in the wild and that an autoscaler ought to be extremely responsive to queue time metrics as they arrive (most Judoscale applications scale up within 10 seconds of a queue time spike!). Our pitch and goal has remained more or less constant since we began: queue-time metrics scaled fast!

But what if queue time isn’t always the best answer? 👀 What if there’s another metric or style of autoscaling that’s more effective in certain cases and applications? Tl;dr: there is,…

justin․searls․co - Digest 

📄 Visiting Japan is easy because living in Japan is hard

Hat tip to Kyle Daigle for sending me this Instagram reel:

I don't scroll reels, so I'd hardly call myself a well-heeled critic of the form, but I will say I've never heard truer words spoken in a vertical short-form video.

It might be helpful to think of the harmony we witness in Japan as a collective bank account with an exceptionally high balance. Everyone deposits into that account all the ingredients necessary for maintaining a harmonious society. Withdrawals are rare, because to take anything out of that bank account effectively amounts to…

Remote Ruby 

Adventures with Puny Code and Other Programming Puzzles

In this episode of Remote Ruby, Chris and Andrew chat through everything from extreme summer heat, tornadoes, and driving habits, to browser quirks, Unicode bugs, Punycode, and the intricacies of building and maintaining rich text editors. Their conversation drifts into developer tools like Tiptap and Lexical, accessibility issues, browser rendering oddities, and even some personal stories involving cooking fails and skateboarding injuries. Hit download now to hear more! 

Links

Honeybadger
Honeybadger is an application health monitoring tool built by developers for…