news, opinion, tutorials, about ruby, aggregated
Sources About

CVE-2021-43805 (solidus_core): ReDos vulnerability on guest checkout email validation

### Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.`. Before the patch, it can be reproduced in the console like this: ```ruby irb(main)> Spree::EmailValidator::EMAIL_REGEXP.match "a@a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.@" processing time: 54.293660s => nil ``` To reproduce in the browser, fill in the "Customer Email" field with that fake email address during a guest checkout. Before that, you should open the browser dev tools and change the `type` attribute for that field from `email` to…
Test Double Blog 

How to remove UTM Query Parameters from your URLs

Why does every shared tweet need to end in ?s=20? Why has Amazon been tacking hasWorkingJavaScript=1 onto URLs for nearly 15 years? If you’re like me, there’s nothing you love more than a tidy URL.
zverok with ruby 

On GitHub Copilot and (Ruby's) Rubocop, Or, How AI Could Help Coding

Amid GitHub Copilot kerfuffle (I am as concerned about the usefulness and ethical implications of this glorified fuzzy copy-paste as the next guy), I started to think about a related question:

Can AI be really useful in code writing? If so, how?..

I mean here the AI-as-we-know it, a.k.a. statistically trained “models”, not some genius “general intelligence”. My take on modern AI is that it encapsulates “experience” (as opposed to knowledge/analysis). As stated in one of my spellchecker articles:

The solution to every intellectual problem lies between two opposites: “with understanding” and “with experience”. Most of the time, we use a mix of both, though one can imagine “pure…

Code with Jason 

123 - Scaling a Rails App with Tom Rossi of Buzzsprout

In this episode, Tom Rossi and I talk about what types of challenges one might encounter when scaling a Rails application. We also talk about podcasting.

Saeloun Blog 

My first week at Saeloun as an apprentice

On my first day at work, I worked on a few onboarding tasks like setting up the official mail id, Slack, Freshbooks and mailing my details to HR. Post that, I was assigned a task to build a leave management system and allotted a month to finish the project. The task was further sub-divided into several sub-tasks and after completing each sub-task, I needed to raise a PR(pull request) for review.

The above image is taken from Unsplash.

The second day, I started with the first sub-task which was to create the Rails app and to avoid fixtures from generating. Fixtures are dummy objects that can be fed to run the unit tests without using the actual Active Record objects.…

RubyGems Blog 

3.2.33 Released

RubyGems 3.2.33 includes deprecations, enhancements, bug fixes and documentation.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Deprecations:

  • Deprecate typo name. Pull request #5109 by nobu

## Enhancements:

  • Add login & logout alias for the signin & signout commands. Pull request #5133 by colby-swandale
  • Fix race conditions when reading & writing gemspecs concurrently. Pull request #4408 by deivid-rodriguez
  • Installs bundler 2.2.33 as a default gem.

## Bug fixes:

  • Fix ruby setup.rb trying to write outside of --destdir. Pull request #5053 by deivid-rodriguez

## Documentation:

  • Move…
Benito Serna 

Styler, a tool to compose css classes with ruby

One of the things that I want from css is to have to possibility to compose already defined styles, to define new ones…

If you try to write “Semantic CSS”, you will find a hard time trying to avoid the repetition on things that look the same but are different things, like when you want to render a “card” for the an author and then for an article.

You can create “content agnostic CSS components”, but things start to get complicated, when you want to avoid duplication if things from one component are similar to other components.

One way of solving this problems is by using something like the @extend function from sass, or the @apply function from Tailwind css, but both tools are…


Announcing Hanami v2.0.0.alpha4

Hello Hanami community! We're thrilled to announce the release of Hanami 2.0.0.alpha4!

With this new cycle of monthly based releases we have smaller set of changes, but delivered more frequently.

Specifically, we're focusing on the cleanup of our application template. The template is essential for you to try Hanami 2, but also for us to shape the ergonomics of the framework.

  • Content Security Policy (new API)
  • Router helpers to be accessible from actions
  • CLI enhancements

Content Security Policy

We proudly share this story: Hanami was the first Ruby framework to ship with Content Security Policy (CSP) support.

In Hanami 1 the public API to handle CSP was…

Rémi Mercier 

Exploring dependency injection in Ruby

Lately, I’ve been interested in abstractions: why objects behave the way they do, how do we architecture our code so it’s open to change (without causing unnecessary headaches), to which class that specific behavior should belong? And during that time, I’ve repeatedly heard folks talk about dependency injection.

I’m glad to report that I’ve finally managed to wrap my head around this enough to use this practice regularly. I guess it’s time for me to give you a tour of my current understanding of dependency injection: what it is, why do you need it, and how to use it?

What is a dependency?

First, let’s explain what a dependency is.

A dependency is an abstraction upon which another…
Saeloun Blog 

Rails 7 adds :day_format option to date_select

There are very few inconsistencies with Rails, but the very few times it does, we’re left thinking: “How could they have missed this!”. One such inconsistency is with date_select. Though it has a myriad of options, it lacks in some basic ones.


date_select provides users with an option to control the format of the year being displayed in the select box. The default select boxes look like this,

Using the year_format option allows us to configure the format in which the year gets printed out in the select box,

<%= f.date_select :birthday, year_format: -> (year) {"Year #{year}"} %>

This might seem trivial however, it happens that it is a crucial feature…

BigBinary Blog 

Rails 7 adds Pathname#existence

Rails 7 introducesPathname#existencemethod, which returns the receiver if the given file path exists otherwisereturns nil.


We need to first check whether the given file path exist or not to perform anyother operations on it.

=> file_path = "config/schedule.yml"=> if

Rails 7 onwards

The Pathname#existence method acts like Object#presence for file existence.

=> file_path = "config/schedule.yml"=>

Please check out this pull requestfor more details.

Test Double Blog 

Elevate Your Terraform Workflow With GitHub Actions

I’ve recently had the exciting opportunity to work with Pathstream on their infrastructure automation. We experimented with using GitHub Actions, Terraform, and AWS together in a GitOps-style workflow. The results are compelling and worth sharing so I built a small example repo to demonstrate some of our findings.
The Bike Shed 

318: Successful Skills with Edward Loveall

Fellow thoughtboter Edward Loveall joins Steph to cohost and talk about alternative frontends and his own that he created: an alternative frontend to Medium, learning about what it's like to be a manager/non-IC, and helps answer a listener question re: how do you think about empathy in your work?

This episode is brought to you by ScoutAPM. Give Scout a try for free today and Scout will donate $5 to the open source project of your choice when you deploy.

Become a Sponsor of…

Josh Software 

Can Recoil replace Redux ? State management in React.

Before we walk down to theory, We have Repo out with a demo to show the difference between Recoil & Redux. Also, try running the application to see how new features from Recoil makes a difference. PerformanceRecoil subscriptions are on atom/selector updaters, while Redux is on all actions. So if you have N connected component and dispatch … Continue reading Can Recoil replace Redux ? State management in React.
Riding Rails 

Rails 7.0 RC1: New JavaScript Answers, At-Work Encryption, Query Origin Logging, Zeitwerk Exclusively

We’re almost ready to declare Rails 7 done! The feedback since the first alpha release has been wonderful, we’ve eliminated a slew of issues, and we’ve seen Basecamp, HEY, GitHub, and Shopify all run in production on this alpha series. So we now feel so confident that this is nearly ready that we’re skipping straight from alpha to release candidate. This is RC1.

Please help us do the final testing of all this new stuff so we can ensure a solid final release of Rails 7 this year!

All New Answers On The Front-End

After almost five years with Webpacker as our default answer to writing modern JavaScript in Rails, it’s time to move on. Advancements in browser support for ES6/ESM, widespread…

Julia Evans 

DNS "propagation" is actually caches expiring

Hello! Yesterday I tweeted this:

and I want to talk about it a little more. This came up because I was showing a friend a demo of how DNS caching works last week, and he realized that what was happening in the demo didn’t line up with his mental model of how DNS worked. He immediately brought this up and adjusted his mental model (“oh, DNS records are pulled, not pushed!“). But this it got me thinking – why did my very smart and experienced friend have an inaccurate mental model for how…

Fullstack Ruby 

Episode 1: Why Ruby2JS is a Game Changer

Hey everybody, I’m so glad you could tune in for the debut episode of Fullstack Ruby. I’ve been on a few Ruby-themed podcasts over the past 18 months, but this is the first time I’m running a show about Ruby myself!

To kick things off, I’d like to introduce you to Ruby2JS and explain why I think this technology is a game changer.

Ruby2JS isn’t simply about an attempt to write what appears to be Ruby code for your website frontend. It’s really about writing JavaScript—AS IF JavaScript had Ruby’s syntax and was inspired by Ruby’s stdlib, ActiveSupport, and the like. A “RubyScript” if you will.

Three examples I cover on today’s episode:

  • set_timeout

  • tap & yield_self

Saeloun Blog 

Our first step to creating brand guidelines - Brand sprint

In the previous blog of this series, I’ve written about ‘Why did we decide to rebrand?’. Read our previous blog here.

When I was interviewing for Saeloun, I asked about the meaning of the company name and why it was chosen. Later I found out that a lot of us had the same question and were keen to understand the meaning of Saeloun and its identity. We realized that we needed to first define the brand identity and for that, a brand sprint seemed like a good start. We followed google ventures’ 3-hour brand sprint for this.

What is a brand sprint?

“A brand sprint is an expressive exercise that helps turn ideas about your brand into a defined brand image. A brand sprint can help your company…

Drifting Ruby Screencasts 

Dabbling with Turbo

In this episode, we explore some of the new features with Turbo and interactions that we can do with little or no javascript.
Andy Croll 

Tidy Up Your Routes with Only

It is easy with Rails’ syntax for defining routes to make more URLs in your application available than you might intend to.

Instead of…

…using an open resources block in your routes:

resources :orders do
  resources :products


…the only and except options to limit the actions you’re generating:

resources :orders, except: %w[destroy] do
  resources :products, only: %w[show]


This is all about clarity, tidying up, and protecting against unexpected errors or security holes.

In the default, unrestricted, case all seven default routes are created. If a user calls a route that is defined but not used, Rails will attempt to call the relevent controller action, even if it…

Giant Robots Smashing Into Other Giant Robots 

A Standard Way to Lint your Views

Why Standard?

In our Ruby guide we recommend using Standard. The gem describes itself as a Ruby style guide, linter, and formatter. It helps avoid the never-ending debates around code style by making decisions for us (I’m looking at you single vs double quotes!). It’s easy to use, consistent, avoids configuration and helps us write better styled and more consistent Ruby code.

Introducing erb-lint

As developers, we often write HTML when working with Ruby. It can be useful to lint our .erb templates to ensure consistency and catch errors. The erb-lint gem from Shopify is a tool to lint our views. The linters enabled by default are outlined in the documentation.


Your Autoresponder (A Pattern Language of Banana Stands)

OK so you know that your mailing list is the foundation of your banana stand business. Now it’s time to talk about the tech you use to manage your mailing list.

First, let’s make this concrete

What I’m talking about in this article is a huge sector of products and services, of which you are most likely going to pick one and stick with it for a long time. To make this concrete, here are a few examples of what we’re talking about:

  • ActiveCampaign
  • Aweber
  • ConvertKit
  • Drip
  • Hubspot
  • InfusionSoft
  • MailChimp
  • Ontraport
  • Sendinblue

These are just a few examples; there are many, many more such services. It’s a packed field. Don’t worry, I’ll help you pick one by the end of this…

Code with Jason 

The two common ways to call a Ruby block

Ruby blocks can be difficult to understand. One of the details which presents an obstacle to fully understanding blocks is the fact that there is more than one way to call a block.

In this post we’ll go over the two common ways of calling a Ruby block: and yield.

There are also other ways to call a block, e.g. something called instance_exec. But that’s an “advanced” topic which I’ll leave out of the scope of this post.

Here are the two common ways of calling a Ruby block and why they exist.

The first way:

Below is a method that accepts a block, then calls that block.

def hello(&block)

hello { puts "hey!" }

You may wonder what the & in front of &block

Julia Evans 

How to use dig

Hello! I talked to a couple of friends recently who mentioned they wished they knew how to use dig to make DNS queries, so here’s a quick blog post about it.

When I first started using dig I found it a bit intimidating – there are so many options! I’m going to leave out most of dig’s options in this post and just talk about the ones I actually use.

Also I learned recently that you can set up a .digrc configuration file to make its output easier to read and it makes it SO MUCH nicer to use.

I also drew a zine page about dig a few years ago, but I wanted to write this post to include a bit more information.

2 types of dig arguments: query and formatting

There are 2 main types of…

Peter Zhu 

A Rubyist’s Walk Along the C-side (Part 7): TypedData Objects

Let's look at this special type of object that only exists in C extensions called TypedData objects.
Fullstack Ruby 

The Rise of Fullstack Ruby & the Next Frontier of the Web

Welcome back to! Only…it’s not! Rather, a very warm welcome from Fullstack Ruby. Why the name change?

Well, a couple of reasons—the first of which is that your humble author (that’s me!) is not just a “Ruby developer” but a “web developer” as well. Yes, I’ll admit it: I don’t just write Ruby because I like assembling command line tools or crafting data processors or solving algorithmic puzzles. I like building websites. And I like building tools for building websites. I’m a web developer. It’s in my DNA.

So running a blog that’s generically about Ruby couldn’t hold my attention for too long. Thus I had to simultaneously narrow the focus all while expanding it to the broader web…


Qeweney - a feature-rich HTTP request/response API for Ruby

As you may know, in the last few months I’ve been working on Tipi, a new web server for Ruby, with innovative features such as support for HTTP/2, automatic SSL certificates, and streaming request and response bodies. As part of the development process, I also had to deal with how to represent HTTP requests and responses internally.

Tipi being a modern web server, with emphasis on concurrency, performance, and streaming, I felt it was wrong to base it on the Rack interface. While Rack is today ubiquitous in the Ruby ecosystem—it underlies basically all Ruby web frameworks and all Ruby app servers—it has some important limitations, especially as regards being able to perform HTTP upgrades

Remote Ruby 

Rails 7, Railties, and Sorbet at Shopify with Rafael França from Rails Core

[00:01:23] Rafael tells us what got him into Ruby and eventually into Rails.

[00:05:08] We learn more about Rafael’s experience working at Plataformatec.

[00:06:28] Rafael explains more about the Rails and Merb merge.

[00:11:18] Find out when Rails engines became a thing, what a Railtie is, and how the Rails engine builds on top of the Railtie. 

[00:15:44] Chris wonders how the engine approach has helped organize such a big application like Shopify and Rafael tells us about a challenge with the lack of tooling.

[00:20:11] Rafael goes in depth about his team at Shopify.

[00:24:26] We hear about the state of Rails 7. 

[00:27:32] Jason asks Rafael what it would take to get some…

Saeloun Blog 

Cypress 8.7.0 - Adds 'slowTestThreshold' config option.

Cypress has added a new configuration option slowTestThreshold using which we can set the custom threshold value to specify a slow test. A test that executes for longer than the slowTestThreshold time will be highlighted in yellow with the default spec reporter. This is a visual change only - slow tests still pass.


Before version 8.7.0, the default slow test threshold was 75ms (mocha’s default). A test is marked in red, if the test takes more than 75ms. We did not have any option to specify our threshold values, and hence we were not able to manage the report.

describe('slowTestThreshold', () => {
  it('passes slowly', () => {

Now, if we run the above test via the cypress run --spec…


CVE-2021-27023 (puppet): Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

CVE-2021-27025 (puppet): Silent Configuration Failure in Puppet Agent

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Awesome Ruby Newsletter 

💎 Issue 289 - Kubing Rails: stressless Kubernetes deployments with Kuby News 

JRuby Released

The JRuby community is pleased to announce the release of JRuby

JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below.


  • Date-parsing methods have been modified to accept an input-size limit option. This addresses CVE-2021-41817. It was originally reported against Ruby’s C-based date extension, which JRuby does not use, but JRuby’s own implementation of date is also affected by the same issue.

    The fix is detailed in #6952. A workaround is provided, via patching the pure-Ruby

  • In order to match Ruby behavior and permit interrupting these date-parsing regular expression matches, this release also enables interruptible regular expressions globally. This feature can be…

Ruby Rogues 

MailCatcher ft. Samuel Cochran - RUBY 525

Samuel Cochran, creator and maintainer of MailCatcher joins the Rogues to discuss how he pulled EventMachine together with Ruby to build out MailCatcher.

He goes into the maintenance and contributions that have come in over the years. He dives into changes that are being made and the stability of the project.


  • Charles Max Wood
  • Darren Broemmer
  • John Epperson
  • Valentino Stoll


  • Samuel Cochran



Ruby Weekly 

It's, oh, so quiet. Shh, shh..

#​581 — December 2, 2021

Read on the Web

😶 It's a verrrrry quiet week in the Ruby world, so this issue is mostly about the code and tools section. Instead, I am going to gently encourage you all to give Advent of Code a try..? 😆
Peter Cooper, your editor

Ruby Weekly

The Advent of Code 2021: 25 Days of Code Challenges — If you have a little time each day to do some programming puzzles, the Advent of Code is always fantastic and now in its seventh year. There’s a sub-Reddit where people share and discuss their solutions and I’ve picked up a fair few Ruby tricks from looking at other people’s approaches. Day one…

Saeloun Blog 

What's new in React Router 6?

React creates single-page applications. In single-page applications, it is important to display multiple views without having to reload the browser. React Router plays an important role in managing this. It is the most popular lightweight, fully-featured routing library for React.

The latest release of React Router 6, has created a lot of buzz in the React community.

In this blog, we will look into some of the new changes in React Router 6.

More compact and elegant

React Router v6 was built from scratch using React hooks. It helped the v6 code to be more compact and elegant than the v5 code.

Smaller bundle size

In v6 the minified gzipped bundle size dropped by more than 50% ! React…

Getaround Engineering 

GDPR compliance and account deletion

The GDPR has been around for several years now, and as advocates of data privacy, we are convinced by the legitimacy of such a regulation. However, as good as this measure is from a user’s perspective, it comes with its own puzzles and challenges for an online service provider… Here we’ll try to describe the solution we implemented to deal with the user’s data deletion, which is one of the rights granted by the GDPR (General Data Protection Regulation) to any European user of a service collecting personal data. As a result, this piece does not try to cover all the implications of the GDPR, nor does it pretend to bring a one size fits all solution deal with user data deletion.

GDPR In A… News 

JRuby Released

The JRuby community is pleased to announce the release of JRuby

JRuby 9.2.x is compatible with Ruby 2.5.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below. All users are encouraged to upgrade.

This is a security release to address CVE-2021-41817. It was originally reported against Ruby’s C-based date extension, which JRuby does not use, but JRuby’s own implementation of date is also affected by the same issue.

The issue affects calls to various Date and DateTime parsing methods with extremely long strings. The regular expressions…

Ruby Magic by AppSignal 

Ruby on Rails Application Monitoring with AppSignal

When running and maintaining an application in a production environment, we want to feel confident about the behavior of the application and know when it isn’t working as expected. At the least, we want to track errors, monitor performance, and collect specific metrics throughout the application.

Because we’re developers and love maintainable solutions (right?), we also don’t want to end up in a jumble of tools, integrations, and dependencies that make it harder for us to keep track of everything.

In this post, we will add AppSignal to a Ruby on Rails application to help give clear insights into application behavior.

Prerequisites if you want to follow along with the code:

  • An account on w…
The Ruby on Rails Podcast 

Episode 394: Rubyconf 2021 Recap: Live + Virtual (Brittany & Jemma)

Brittany and Jemma record right after Rubyconf 2021 so they could share their experiences and favorite talks both in-person and virtual. Oh, also, this is now a running podcast.

Show Notes & Links:

Talks Discussed:

Sponsored By:


Honeybadger makes you a DevOps hero by combining error monitoring, uptime monitoring and check-in monitoring into a single,…

Saeloun Blog 

Rails 7: Pass default values to I18n's `translate` method

Rails provides fantastic internationalization options with its I18n library. However, its translate method sometimes behaves unpredictably. Fortunately, Rails 7 irons out of most of those irregularities.


I18n’s #translate method behaves differently when different default values are passed to it. This inconsistency led to unexpected problems. Let’s look at some examples!

I18n’s translate method accepts a default parameter which returns this value when the translation key is not found. Below we can see it in action. There is a key called hello in our en.yml file, but the hi key is missing. This is how the default parameter handles this situation.

> ApplicationController.helpers.t('…
Greater Than Code 

261: Celebrating Computer Science Education with Dave Bock

Catch Dave on Episode 006 of Greater Than Code! Getting Technology Into the Hands of Children with David Bock

02:10 - Dave’s Superpower: Ability to Reevaluate and Drop Ideas – Onto The Next!

07:10 - The Acceptance of Ruby; Using Ruby as a Teaching Language

18:01 - Mobile Development

24:10 - Teaching Remotely 

Throw, Catch, Raise, Rescue – I’m So Confused!

One of the aspects of Ruby that often confuses newbies coming from other languages is the fact that it has both throw and catch and raise and rescue statements. In this article I’ll try and clear up that confusion.

If you’re familiar with Java, C#, PHP, or C++, you are probably used to using trycatch, and throw for exception handling. You use try to delineate the block in which you expect an exception may occur. You use catch to specify what to do when an exception is raised. And you use throw to raise an exception yourself.

You’ve probably noticed that Ruby has throw and catch… but they don’t seem to be used the way you’re used to in other languages! And there are also these “

Code with Jason 

122 - Deployment from Scratch with Josef Strzibny

In this episode, Josef Strzibny and I talk about his book, Deployment from Scratch, and, naturally, deploying and running web applications.

The RubyMine Blog : Intelligent Ruby and Rails IDE | JetBrains Blog 

RubyMine 2021.3 Released

RubyMine 2021.3

Hello everyone,

RubyMine 2021.3 is now available! Below is a brief overview of the most notable features. For a detailed description of this update, please visit our What’s new page.

Support for remote development workflow

RubyMine now supports an early version of the remote development workflow. It allows you to connect – from anywhere in the world – to a remote machine running a RubyMine backend.

All the processing will happen on that powerful remote machine, and you’ll be able to work on the project seamlessly, as if it were on your local machine.

Remote development

Bundled RBS type signatures

This version comes bundled with RBS signatures.

With the RBS signatures present, RubyMine is now able to provide …

zverok with ruby 

Wikipedia as the data source: taming the irregular, pt.1

On challenges of designing the “query language” for a human-readable encyclopedia.

Some time ago, I posted a write-up on Wikipedia’s abundance of knowledge and approaches to extracting it programmatically. It was designated to be a gentle introduction to my new and still rough project, so here is a long-overdue continuation. Or the first part of it.

To reiterate on the where we are standing:

  • …one should be able to write (in Python, Ruby, Haskell, whatever) something to the meaning of"Ukraine").attr("area") and receive a meaningful answer. For any/most of the “commonly known” facts.
  • Looking for a source for this data, one will quickly arrive at Wikipedia: it is crucial…
BigBinary Blog 

Fix slow page loads in a Ruby on Rails application by identifying n+1 queries

In one of our internal products, we received complaints regarding slow page loads and longer response times for a certain page. Our team members used New Relic to debug the cause of the slowness and were able to resolve the issue. After the issue was resolved I made a video for internal purpose. In this blog we are posting that video as it was recorded.

<iframe width="100%" height="315" src="" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Benito Serna 

Capybara cheatsheet as pdf

If you work with capybara and you are constantly searching for capybara helpers, maybe to have this little cheatsheet at hand could work for you.

I already have share it on as a blog post, but now I want to share it with you as a pdf.

Martian Chronicles, Evil Martians’ team blog 

Kubing Rails: stressless Kubernetes deployments with Kuby

Authors: Vladimir Dementyev, Principal Backend Engineer at Evil Martians and Travis Turner, Tech Editor at Evil Martians

Much as the ancient Greeks struggled with squaring the circle, so too do modern web developers struggle to find a convenient way to deploy their app on Kubernetes. YAML, Helm, (and the compass and straightedge for that matter) are all tried-and-true tools, but using these alone might require too many steps to accomplish the task. Some developers are okay with this! Rubyists like us, on the other hand, prefer to concentrate on the creative side of programming, and we’re always looking for ways to minimize the routine. So today, in honor of this impluse, I’d like to…

Saeloun Blog 

Rails 7 adds the ability to check if a location is safe before redirecting

A lot of times when working on web applications, a need arises to redirect a user without the user explicitly clicking on a link. For example, assume that a user has just created a post on an application. Once the post is created, it makes sense to redirect the user to the new post location, instead of back to the creation page.


There are a few ways to calculate where a user must be navigated to, but a popular way is to pass a redirect_url query parameter. However, this opens up a vulnerability for an intruder to override this parameter and send users to unsafe locations. Rails already rejects unsafe redirects, but it does not provide a fallback location in cases where we still…

class SignInsController < Applica…
The Bike Shed 

317: Burn The Ships!

Steph gives an update about RSpec focus and how she often forgets to remove the focus feature from tests. She figured out two solutions: one using Rubocop, and the other from a Twitter user, suggesting using a GitHub gist. She also suggests that if you're one of those people who misses being in an office environment, you check out for ambient office noise selection.

Chris has been struggling to actually do any coding and is adjusting to doing more product management and shares some strategies that have been helping him.

They answer a listener question about dealing with large pull requests and how it's hard to recognize a good seam to break them up when you…

Test Double Blog 

Test Double React (TDR) Project Layout

Introduction A few upsides come with adopting an opinionated framework like Ruby on Rails. One of them is having a clear pattern to the layout of a project’s source code directories and guidance on where specific code should live.
GoRails Screencasts 

Refactoring Javascript with Stimulus Values API & Defaults

Refactoring a Javascript countdown timer into a reusable Stimulus controller gives a look at the flexibility we can achieve by taking advantage of the Stimulus Values API and customizing the default values.
Pat Shaughnessy 

Find Your Language’s Primitives

If you dig into your programming language's syntax, you might
discover that it is capable of much more than you thought it was.

Wikipedia defines “Language Primitive” this way:

In computing, language primitives are the simplest elements available in a programming language. A primitive is the smallest 'unit of processing' available to a programmer of a given machine, or can be an atomic element of an expression in a language.

By looking at a language’s primitives, we can learn what kind of code will be easy to write or impossible to express, and what types of problems the language was intended to solve. Whether you’ve been using a language for years, or just now learning a new…

Hanami Mastery newest episodes! 

#11 Effective programming in ruby

2 real-world examples of using algebraic effects in Hanami ruby applications with dry-effects.
Honeybadger Developer Blog 

Running Rails on a Kubernetes Cluster: Part 2

In part 1, we learned how to deploy a Rails application on a local Kubernetes cluster with Kind. In this post, we will delve deeper into other Kubernetes artifacts, such as services, Ingress, and the Horizontal Pod Autoscaler (HPA).

We will also wire it up with a subdomain so that we can see the app working on a public URL, which will be a subdomain for this tutorial. Let’s get going.


To continue running our bands API rails app on a full-on production-ready Kubernetes cluster on DigitalOcean, the following are some prerequisites:

  1. Kubectl command is installed and working on your system.
  2. You are aware of how Kubernetes works and how it handles DNS and Ingress.
  3. You have some…
Saeloun Blog 

Experiments in rebranding - The What and Why

We recently decided to redo our branding following certain steps to arrive at brand guidelines. As Saeloun grows, we’ve been creating many branding and press materials, which has evolved past the website and blog designs.

While we do, we are trying to document our process, the challenges we faced and what decisions we took along the way. This is going to be a series of articles about this process and learnings.

Why did we decide to rebrand?

When Saeloun was founded in early 2019, the team took inspiration from words from different languages that meant ‘fresh’ or ‘new’ and finally decided to go with the Korean word ‘Saeloun’.

Sojan graciously created our first logo, also helped us with…

Rich Stone Input Output 

Ruby Open Source Projects For Beginners

Ruby Open Source Projects For Beginners

I see why maintainers and their associates are advocating and sourcing for open source contributors ( ͡° ͜ʖ ͡°) I also see the benefit for developers, and especially for aspiring developers to take the leap and to contribute. This is the greatest opportunity to gather real-world experience while you are still on your journey of getting into the industry.

Lately, I witnessed interesting keynotes and talks about open source projects in the last Ruby and Rails Conferences. For example:

As a beginner, you have special needs to ease yourself…

Saeloun Blog 

cy.pause() now pauses test while running cypress run --headed --no-exit

Cypress gives us the ability to stop the test at a spot via cy.pause() command. We can use this to stop the test before any action or assertion that is causing our tests to fail. But this command only works when we run Cypress in GUI mode and, it is ignored when we run the tests in headless mode.


Before version 8.6.0 cy.pause() was ignored if we run our tests via cypress run --headed --no-exit command.

describe("example", () => {
  it("should not pause the test", () => {
    cy.get('input[value="Google Search"');

Now, if we run the above test via the cypress run --headed --no-exit command, then…

Riding Rails 

Composable blobs, improved upsert and much more!

Hey, Wojtek here with recent additions to Rails. All of them today for FREE, for you.
Thank you all the contributors for making Rails. Those from one-time to day by day committers.

Add compose method to Active Storage Blob
Concatenating multiple blobs is now possible.

Support custom metadata on Active Storage
Setting custom metadata on blobs are now persisted to remote storage.

Allow to configure the list of columns to update in upsert_all
Before, you could only customize the update SQL sentence via :on_duplicate. There is now a new option :update_only that lets you provide a list of columns to update in case of conflict.

Expose role/shard on pool/connection
It can be useful to know…

Notes to self 

Summer and winter time changes with DateTime

Developers usually think of timezones, but European summertime changes can be easily overlooked. I have to admit I overlooked them when parsing dates with DateTime.from_naive!/2.

What’s the issue, you ask?

Let’s parse some time with DateTime.from_naive!/:

iex> datetime = DateTime.from_naive!(DateTime.utc_now(), "EET")
#DateTime<2021-11-26 10:36:32.810393+02:00 EET EET>

Most of the time, this works as you would expect – and looks innocent.

But it all breaks for summer and winter time changes which are known as Daylight Saving Time (DST). Consider getting a datetime string on the day and minute of the change:

iex(17)> datetime = DateTime.from_naive!(~N[2021-10-31 03:00:00], "EET")
** (
Saeloun Blog 

ECMAScript: Top-level await


The async/await feature introduced in ECMAScript 2017 enables asynchronous, promise-based behavior to be written in a cleaner style avoiding the need for promise chains. The await keyword can only be used inside an async function. Attempting to use an await outside of an async function results in a SyntaxError - SyntaxError: await is only valid in async function.

The ECMAScript feature ‘Top-level await’ which is promoted to Stage 4 in the TC39 process lets us use the asynchronous await operator at the top level of modules. Top-level await enables modules to act as big async functions. With top-level await, ECMAScript Modules (ESM) can await resources. Other modules which…

OmbuLabs Blog 

What is TypeScript Anyway?

What is TypeScript Anyway?

To the seasoned developer this may seem like a silly question, but to developers who are self-taught, bootcamp trained, or even just have never come across a project in TypeScript - understanding exactly what it is and how to use it can be a bit of a mystery.

In this article we will try to explain the basic concepts behind TypeScript, and the reasons for using it.

JavaScript and TypeScript; the relationship.

JavaScript is the most used programming language in the world. We imagine that it is almost impossible to be a developer and not have to write at least some piece in JavaScript in your career. JavaScript is the programming language that is responsible…

Code with Jason 

What the ampersand in front of &block means

Here’s a code sample that I’ve grabbed more or less at random from the Rails codebase.

def form_for(record, options = {}, &block)

The first two arguments, record and options = {}, are straightforward to someone who’s familiar with Ruby. But the third argument, &block, is a little more mysterious. Why the leading ampersand?

This post will be the answer to that question. In order to begin to understand what the leading ampersand is all about, let’s talk about how blocks relate to Proc objects.

Blocks and Proc objects

Let’s talk about blocks and Proc objects a little bit, starting with Proc objects.

Here’s a method which takes an argument. The method doesn’t care of what type the argument is.…

Awesome Ruby Newsletter 

💎 Issue 288 - Where is Ruby Headed in 2021?

Cool Request 

Replacing Select2 with Tom Select + Stimulus

We all used Select2. We all depended on it for a long time, for all our Select/Autocomplete needs. But it’s been showing signs of aging for quite a while, and it’s one of the last libraries that still keeps me tied to jQuery.

It was time to let go.

After quickly evaluating a few alternatives, I decided to take a closer look at Tom Select.

Tom Select was forked from selectize.js with the goal of modernizing the code base, decoupling from jQuery, and expanding functionality.

Well, that looks good to me.

And since it was renovating time, I also decided to consolidate all that JS used to make Select2 work with Ajax, filtering, etc. in a few Stimulus controllers.

All the examples…
The RubyMine Blog : Intelligent Ruby and Rails IDE | JetBrains Blog 

RubyMine 2021.3 Release Candidate 2

RubyMine 2021.3 RC2 is available!

Unlike previous EAP builds, the RC requires you to have a valid RubyMine license. Otherwise, it will install and run as a free 30-day trial.

You can install the RC version alongside a stable version of RubyMine.

Here’s a quick roundup of the most notable new features being introduced in the upcoming 2021.3 release:

Ruby and RBS

Type Checking

Ruby Weekly 

Ruby in VR? It's now possible.

#​580 — November 25, 2021

Read on the Web

Ruby Weekly

Ruby 3.0.3 Released — A point release but it fixes three important security issues around regex-based date parsing (as with Date.parse), a CGI.escape_html buffer overrun, and cookie prefix spoofing. Perhaps even more importantly to many, though, is the fix for a memory leak issue plaguing 3.0.2 when Hash#transform_keys! is used, so if you're on 3.0 you'll def want to upgrade.

Tomoyuki Chikanaga

ASMREPL: A REPL for x86 Assembly Language — A Ruby powered REPL for x86 assembly from Ruby and Rails’ own tenderlove! As a big fan of Compiler Explorer, I can…

Aaron Patterson

Code with Jason 

[LIVE from RubyConf 2021] Crossover Episode

This multi-podcast crossover episode was recorded live at RubyConf 2021 in Denver. In this episode you'll hear Jemma Issroff, Emily Giurleo, Nick Schwaderer, Jason Charnes, Andrew Mason and Jason Swett.

Ruby Rogues 

BONUS: How to do LARGE Volumes of HIGH Quality Work - While Spending Fewer Hours Working


Get the Black Friday/Cyber Monday "Double Your Productivity by 5pm Today" Deal
Coupon Code: "DEEP" for a GIANT discount

Mani provides us with strategies and tactics to get Deep Work time and how to get our minds into that focused state for hours at a time.

He has read hundreds of books that have taught him the secrets to getting more done by getting into this state.

He starts by telling us how he was passed over for a promotion at Qualcomm in favor of someone younger and less experienced and how that inspired him to figure out what the other guy was doing differently. He learned that he needed to get more done with the time he was spending on his projects.



Introduction to Rails Event Store

Event store is a proper name for a..., well, storage of events. Events are facts from the past. Such a trait makes our storage a great candidate for append-only mode, ie. there are only two operations available: read and add. It might feel like a weird constraint but it allows to optimize mentioned operations to be as fast as possible. At the same time, simplicity creates a foundation for our creativity and making really complicated solutions.


CVE-2021-41816 (cgi): Buffer Overrun in CGI.escape_html

A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to `CGI.escape_html` on a platform where `long` type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use `gem update cgi` to update it. If you are using bundler, please add `gem "cgi", ">= 0.3.1"` to your `Gemfile`. Alternatively, please update Ruby to 2.7.5 or 3.0.3. This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6 is not vulnerable.

CVE-2021-41819 (cgi): Cookie Prefix Spoofing in CGI::Cookie.parse

The old versions of `CGI::Cookie.parse` applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, `CGI::Cookie.parse` no longer decodes cookie names. Note that this is an incompatibility if cookie names that you are using include non-alphanumeric characters that are URL-encoded. This is the same issue of CVE-2020-8184. If you are using Ruby 2.7 or 3.0: * Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You can use `gem update cgi` to update it. If you are using bundler, please add `gem "cgi", ">= 0.3.1"`` to your `Gemfile`. *…
Saeloun Blog 

Ruby 3.1 adds MatchData#match and MatchData#match_length

When working with strings, we come across cases where we need to match string characters or words using regular expressions. We use regular expressions widely for matching email and phone numbers formats.

A regex for a valid email address is as below -

VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i

result = VALID_EMAIL_REGEX.match("")
=> #<MatchData "" 1:nil>

result = VALID_EMAIL_REGEX.match("invalid_email")
=> nil


Ruby returns an object of class MatchData where we can use the [] function on the result object. The [] function will expect either an index or symbol as an argument. We can also access multiple matches by passing a…

Remote Ruby 

Live from RubyConf 2021!

[00:00:28] The panelists introduce themselves.

[00:01:37] We hear what everyone is most excited about being at RubyConf and the talks they are most excited about going to.

[00:04:11] Jason Swett shares how he prepped for the workshops, and Nick and Emily tell us about their talks. 

[00:08:13] Jemma asks the panelists why they come to conferences and what brings them here.

[00:11:12] Everyone here is a podcaster, so we find out why they do these podcasts.

[00:15:11] The panelists share what is so special and unique about the Ruby community.

[00:18:59] Find out which podcast episodes the panelists are most proud of that they put out. 

[00:22:42] What do the panelists think about the…

Hi, we're Arkency 

The Difference Between a Cache and a Read Models, an example

Let’s say you have a fairly complicated view: a calendar-like table with apartments to rent as rows and availability dates as columns.

Of course you want to be able to:

  • filter by availability, by location
  • sort
  • paginate the list of properties
  • paginate the dates (look at a different date range)

The server gives you a JSON which is then consumed by a client like a SPA frontend.

You need to join data from a couple different tables:

  • apartments
  • addresses
  • bookings
  • a sequence of dates

What happens next:

  • At the beginning you just query your tables, do some joins.
  • Later you optimize the queries and perhaps write some of them by hand.
  • Developers keep extending this view over the years by…
Code with Jason 

Understanding Ruby Proc objects

What we’re going to do and why

If you’re a Ruby programmer, you almost certainly use Proc objects all the time, although you might not always be consciously aware of it. Blocks, which are ubiquitous in Ruby, and lambdas, which are used for things like Rails scopes, both involve Proc objects.

In this post we’re going to take a close look at Proc objects. First we’ll do a Proc object “hello world” to see what we’re dealing with. Then we’ll unpack the definition of Proc objects that the official Ruby docs give us. Lastly we’ll see how Proc objects relate to other concepts like blocks and lambdas.

A Proc object “hello world”

Before we talk about what Proc objects are and how they’re used, let’s…

Ruby News 

CVE-2021-41816: Buffer Overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escape_html. This vulnerability has been assigned the CVE identifier CVE-2021-41816. We strongly recommend upgrading Ruby.


A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.

Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You can use gem update cgi to update it. If you are using bundler, please add gem "cgi", ">= 0.3.1" to your Gemfile. Alternatively, please update Ruby to 2.7.5 or 3.0.3.

This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6…

Ruby News 

CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse. This vulnerability has been assigned the CVE identifier CVE-2021-41819. We strongly recommend upgrading Ruby.


The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application.

By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this is an incompatibility if cookie names that you are using include non-alphanumeric characters that are URL-encoded.

This is the same issue of CVE-2020-8184.

If you are using Ruby 2.7 or 3.0:

  • Please…
Ruby News 

Ruby 2.6.9 Released

Ruby 2.6.9 has been released.

This release includes security fixes. Please check the topics below for details.

See the commit logs for details.

Ruby 2.6 is now under the state of the security maintenance phase, until the end of March of 2022. After that date, maintenance of Ruby 2.6 will be ended. We recommend you start planning the migration to newer versions of Ruby, such as 3.0 or 2.7.


Ruby News 

Ruby 2.7.5 Released

Ruby 2.7.5 has been released.

This release includes security fixes. Please check the topics below for details.

See the commit logs for details.


Ruby News 

Ruby 3.0.3 Released

Ruby 3.0.3 has been released.

This release includes security fixes. Please check the topics below for details.

See the commit logs for details.


The Ruby on Rails Podcast 

Episode 393: The Rubyconf 2021 Live Podcast Panel

Recorded live from Rubyconf 2021 in Denver, CO with an audience! Panelists from The Ruby on Rails Podcast, Code with Jason and Remote Ruby gathered to chat about why they were excited to attend Rubyconf, favorite episodes and to field listener questions.

Moderated By:


Show Notes & Links:

Sponsored By:


Honeybadger makes you a DevOps hero by combining error…

Martian Chronicles, Evil Martians’ team blog 

The Martian Design Sprint: starting and running projects faster

Authors: Gleb Stroganov, Product Designer at Evil Martians, Anton Senkovskiy, Account Manager at Evil Martians, and Travis Turner, Tech Editor at Evil Martians

Google created the Design Sprint methodology back in 2010, but many teams still use and adapt this framework, and Evil Martians are no exception. So far, the Martian Design team has already run 12 design sprints, helping our customers better understand their projects, accurately evaluate development, find effective solutions, and save money. But it’s about more than these things. This is the time to make sure you truly understand your goals and relationship with your users. The decisions made during this period are key to building…

Ruby Rogues 

Mastering Hanami ft. Sebastian Wilgosz - RUBY 524

Sebastian Wilgosz joins the Rogues to discuss Hanami, a web framework for Rubyists. He discusses how it works and how it differs from other Ruby based web frameworks.

He also discusses what's coming down the pipe and how to get started.

Check out his website at


  • Charles Max Wood
  • Darren Broemmer


  • Sebastian Wilgosz




Special Guest: Sebastian Wilgosz.


Greater Than Code 

260: Fixing Broken Tech Interviews with Ian Douglas

01:01 - Ian’s Superpower: Curiosity & Life-Long Learning

  • Discovering Computers
  • Sharing Knowledge

06:27 - Streaming and Mentorship: Becoming “The Career Development Guy”

12:01 - Tech Interviews (Are Broken)

16:43 - How do I even get a first job in the tech industry?

  • Tech Careers = Like Choose Your Own Adventure Book
  • Highlight What You Have: YOU ARE
  • Apply Anyway

24:25 - Interview Processes Don’t Align with Skills Needed


Signal handling in concurrent apps with Ruby and Polyphony

In the last few weeks I’ve been writing about different aspects of Polyphony, a library for writing fiber-based concurrent apps in Ruby. Polyphony makes it easy for developers to use stock Ruby core and stdlib classes and APIs in a highly-concurrent environment in order to create scalable, high-performance apps.

In order for provide a solid developer experience, Polyphony reimplements different parts of the Ruby runtime functionality, which are adjusted so developers will see a consistent and reliable behaviour. In this article I’ll discuss how Polyphony implements signal handling. For the sake of brevity, I’ll assume the reader is familiar with POSIX signals and has some knowledge of…

Josh Software 

Apps! No installion, Try Instant!

Everyone has randomly downloaded several apps and not deleted them for months, years, or eternity!I bet You have some of those apps now! People can now use an app or game without installing it first. Increase engagement with your Android app and gain more installs by surfacing your instant app across the Play Store and … Continue reading Apps! No installion, Try Instant!
BigBinary Blog 

Rails 7 adds accepts_nested_attributes_for support for delegated_type

Rails 6.1 introduced the delegated_type to Active Record which makes it easierfor models to share responsibilities. Please see ourblogto read more about delegated_type.

class Entry < ApplicationRecord  # Schema  #  entryable_type, entryable_id, ...  delegated_type :entryable, types: %w[ Message Comment ]endclass Message  # Schema  #  subject, ...endclass Comment  # Schema    #  content, ...end

The accepts_nested_attributes_for option is very helpful while handling nestedforms. We can easily create and update associated records by passing detailsalong with main object parameters when the accepts_nested_attributes_foroption is enabled.


The accepts_nested_attributes_for option is not…

BigBinary Blog 

Ruby 3.1 Class#descendants

Ruby 3.1 introduces the Class#descendants method which returns all descendantsof a class excluding the receiver and singleton classes.

We can see many implementations for calculating all descendant classes of aparticular class from the Ruby community with different gems. TheActiveSupport::DescendantsTrackeris one of such implementations used in Rails framework. Finally, Ruby has addedthe Class#descendants native implementation for it's 3.1 version release.

After Ruby 3.1

=> class User; end=> class Employee < User; end=> class Client < User; end=> class Manager < Employee; end=> class Developer < Employee; end=> User.descendants=> [Employee, Client, Manager, Developer]=> Employee.descendants=>…
RubyGems Blog 

3.2.32 Released

RubyGems 3.2.32 includes enhancements.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Refactor installer thread safety protections. Pull request #5050 by deivid-rodriguez
  • Allow gem activation from operating_system.rb. Pull request #5044 by deivid-rodriguez
  • Installs bundler 2.2.32 as a default gem.

SHA256 Checksums:

  • rubygems-3.2.32.tgz
  • rubygems-update-3.2.32.gem
Code with Jason 

121 - API Design with Damir Svrtan, Senior Software Engineer at Netflix

In this episode, Damir and I take a deep dive on API design.

Saeloun Blog 

Remove Personal Identifiable Information(PII) from Data using AWS DMS

Personal Identifiable Information (PII) is any data that could potentially be used to identify a particular Person / Company / Entity. Examples include a Social Security Name, Passport Number, Bank Account, Email or Telephone etc.

Use case for PII Removal might arise for

  • HIPPA Compliance
  • Security Compliance
  • Data Subsetting for Staging / Testing / Dev Environments


The goal of this article is to establish a replication task through which we continuously replicate data from a source to a clean PII removed database instance.

Given we have a table Companies in source Database, we want to be able to have the same table Companies in the DATABASE B with original content…

Test Double Blog 

Mastering the Macro Machine

Do you want to know more about how to use macros in Vim? In this talk, learn tips and tricks for mastering macros in Vim with an example project. This talk was presented by Camilo Payan at VimConf 2021 on October 29, 2021.

CVE-2021-41274 (solidus_auth_devise): Authentication Bypass by CSRF Weakness

### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: - Executed whether as: - A `before_action` callback (the default) - A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). - Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). That means that applications that haven't been configured differently…

CVE-2021-41275 (spree_auth_devise): Authentication Bypass by CSRF Weakness

### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A `before_action` callback (the default) * A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). * Configured to use ``:null_session` or ``:reset_session` strategies (``:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use ``:exception`). That means that applications that haven't been configured differently…

GHSA-5629-8855-gf4g (solidus-core): Authentication Bypass by CSRF Weakness

### Impact The actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2]( for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end. ### Patches For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`. ### Workarounds Look at the workarounds described at [GHSA-xm34-v85h-9pg2](
Honeybadger Developer Blog 

How to Add Exception Monitoring to FastAPI

"Errors should never pass silently" is easy to say, but complicated to achieve. A robust application needs a powerful monitoring system to control, debug errors, and promptly alert you when something goes wrong. These are the problems Honeybadger is dedicated to solving.

Honeybadger is a universal platform for error, uptime, and check-in monitoring, combined in a single, powerful application. By including it in your production stack, you will be able to keep track of all the exceptions occurring in your programs, constantly monitor their health status, and know when your background jobs and services go missing or silently fail.

When it comes to error monitoring, a lot of ground is covered…

Honeybadger Developer Blog 

Writing AWS Lambda Functions in Ruby

AWS Lambda allows us to set up scalable functions while minimizing overhead. Instead of writing, hosting, and maintaining an entire Ruby on Rails app, we can use Lambda functions to respond to individual events independently. This article will bring you from an AWS newcomer to writing Ruby in your own Lambda functions.

Lambda allows you to run code in response to events without managing servers. This event-driven architecture ensures that you only pay for your code while it's working for you, not while it's idling. While Lambda is most commonly used to respond to events within the AWS ecosystem, such as deleting a file in an S3 Bucket, it can also be configured to act as an API in…

Hanami Mastery newest episodes! 

#10 Model your business with structs on steroids - dry-struct in action!

A struct with static type check for all attributes is a pretty useful thing in Ruby and all other languages. Here are 3 examples of useful applications for typed structs using dry-struct.
Rich Stone Input Output 

3 Phases For How To Get A Job As A Web Developer By REAL Example

3 Phases For How To Get A Job As A Web Developer By REAL Example

For a coding coach, it's exciting to read when a coachee achieved one of his bigger goals:

"Contract signed! 🎉"

Earlier this year, Dave set a clear goal for himself:

Get a junior web developer position at a sustainable company with a great team culture that's doing good in the world within 6 months.

That's ambitious goal-setting by the book, let's see what he did and how close he came.

I. Preparation Phase

We'll see 3 phases that I just made up while looking back and recalling his journey. They are intertwined, but the time investment usually crucially shifts in one direction once a new phase really starts.

Create Credibility For Yourself

Dave did a self-taught developer Bootcamp program at the Od…

Riding Rails 

Automated shard swapping middleware, standardised error reporting interface and more!

Hey, this is Greg, bringing you the latest news about Ruby on Rails.

Support <form> elements without [action] By default, when a form is declared without an action attribute, browsers will encode the form’s fields into the current URL. Prior to this commit, none of the form construction variations supported declaring a form without an action attribute, form_with, form_for, and form_tag all default to url_for({}) when a url or action option is omitted, but with this change, when they are set to false, the form will be rendered without an action attribute.

Support authenticity_token option in button_to helper This PR adds support for passing authenticity_token option to button_to, the same…

Introduce field_name view helper The fi…

Code with Jason 

[LIVE from RubyConf 2021] I Tell Nick Schwaderer About My Soup

In this episode I tell Nick Schwaderer about some soup I ate. We touch on ingredients, spice level, utensils and consumption logistics.


Closer to Code 

Reading the uncompressed GZIP file size in Ruby without decompression

There are cases where you have a compressed GZIP file for which you want to determine the uncompressed data size without having to extract it.

For example, if you work with large text-based documents, you can either display their content directly in the browser or share it as a file upon request depending on the file size.

Luckily for us, the GZIP file format specification includes the following statement:

         |...compressed blocks...| (more-->)

           0   1   2   3   4   5   6   7
         |     CRC32     |     ISIZE     |

Benito Serna 

Preloading associations cheatsheet

Maybe you are already familiar with includes or preload, but you know that a lot of the time you will need more than just preload(:comments).

I have already share with you a guide for preloading associations

It starts with the basics, with just a regular has_manypreload orincludes, and build from this to then show you things like…

  • How to preload nested associations
  • How to define associations to help you simplify the preloading
  • How to preload just a part of the association like an scope
  • How to preload just the “top 1 per group” or the “latest of each”
  • How to preload just the “top n per group” or the “latest n of each”
  • How to use custom objects to represent a preloading

Now I want to…

Hanami Mastery newest episodes! 

ROM and Sequel over ActiveRecord?

I've wondered why Hanami uses sequel under the hood. There are some problems with ActiveRecord, but I've wanted to know exactly, what it is about. Here is the summary of my foundings.
The RubyMine Blog : Intelligent Ruby and Rails IDE | JetBrains Blog 

RubyMine 2021.3 Release Candidate

RubyMine 2021.3 Release Candidate is now available!

Unlike previous EAP builds, the RC requires you to have a valid RubyMine license. Otherwise, it will install and run as a 30-day free trial.

You can install the RC version alongside a stable version of RubyMine.

In this post, you will learn about the some of the new features in the upcoming 2021.3 release:

Database tools

Database in the Version Control System

A DDL data source is a virtual data source whose schema is based on a bunch of SQL scripts. Storing these files in the Version Control System is a way to keep your database under the VCS.


Remote Ruby 

RubyConf 2021 | Talks We Liked and People We Met

[00:00:52] The guys chat about being at RubyConf, how they recorded a live episode with six people, what they talked about, and something about a stellar ending.   

[00:02:50] Andrew and Jason talk about what happened from the first day of RubyConf and from then on, between meeting up with people, eating with friends, doing a lot of walking, hugging, and talking with so many people. 

[00:06:39] Jason tells us more about Matz’s talk on the Ruby 3 Nexus.

[00:10:49] Jason explains another thing Matz talked about regarding how there will not be a lot of language features focused on right now, but more performance and tooling. 

[00:12:38] Chris tells us about the new screencast he just did…

Code with Jason 

A model is not a simulation

A poor OOP example

Sometimes you come across OOP examples that demonstrate the modeling of a real-world object, like a vehicle for example. Below is an example which is made up by me but representative of such examples.

class Vehicle
  def initialize(fuel_tank_capacity, current_fuel_level)
    @fuel_tank_capacity = fuel_tank_capacity
    @current_fuel_level = current_fuel_level

  def fuel_level_percentage
    @current_fuel_level.to_f / @fuel_tank_capacity

vehicle =, 15)
vehicle.fuel_level_percentage # 0.75

To me, OOP is all about modeling. A model, the way I define it, is a piece of code that represents a part of reality in a simplified way in order to make…

Brandon Weaver 

Tales of the Autistic Developer – Order and Chaos

For those who don't know me, I'm autistic. I've been a developer for the better part of a decade.

I didn't find out I was ASD until 19, and didn't reconcile with that until years later. These posts will be a combination of advice I've given to those who are like me, as well as a letter of sorts to my past self who could have used a lot of it.

I write these posts in the hopes that someone like me will find value in knowing a very simple and very important truth about ASD:

You are not alone, and you are loved.

Order and Chaos

While I am most certainly autistic, I'm also ADHD, making for a very interesting mix of traits. My mind, quite simply, operates in a mode of constant…