Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
John Nunemaker 

Founder Quest: Acquiring Fireside

Last, but not least for this week, I was on Founder Quest. I'm doing my best third wheel impression over there and appreciate that Ben and Josh haven't kicked me off yet. We talked about a lot of things but mostly focused on the fireside acquisition.

FounderQuest | Acquiring Fireside with John Nunemaker
Josh and Ben talk with John about his recent acquisition of Fireside, covering the finances, pitfalls avoided, and more acquisition tips.https://www.johnnunemaker.com/acquiring-fireside/https://www…

If you missed the other podcasts this week, here you go:

Ruby on Rails 

Lazy i18n watcher on boot and more

Hi, Wojtek here still feeling the good vibe of the Rails World. Cheers to all the attendees and see you in Amsterdam!

Fireside Chat with DHH, Matz and Tobi
The video from the Rails World is now ready to watch, followed by the Eileen keynote. All the videos will be available soon!

Don’t execute i18n watcher on boot
It shouldn’t catch any file changes initially which unnecessarily slowed down boot of applications with lots of translations.

Support method names for :block in browser blocking
Prior to this commit, :block options only supported callables. This commit aims to bring browser blocking closer in parity to callbacks declarations like before_action and after_action by supporting…

Add :except_on option for validations
Grants the…

Mintbit 

Migrations in Rails 8: Using the New Not Null Shortcut

In the latest version of Ruby on Rails (Rails 8), developers have been given a handy new shortcut for adding a NOT NULL constraint to database columns. This small but powerful enhancement simplifies the process of generating migrations, making them cleaner and more intuitive.

In this blog post, I’ll show how this new feature works and how it can help you create migrations faster.

What Is a NOT NULL Constraint?

Before diving into the new shortcut, let’s quickly revisit what a NOT NULL constraint is and why it’s important.

In a relational database, a column marked as NOT NULL ensures that no row can have a NULL value for that column. This constraint enforces data integrity by ensuring…

Tejas' Blog 

Redis pipelines to the rescue

In my earlier blog post we saw how using redis connection pools can help us improve performance in a multi-threaded/multi-process application like Rails. Now we will see another typical scenario where Redis is a bottleneck and how we can optimize it.

I was designing a caching system and ran into a problem where I wanted to delete a bunch of keys on some event and it turned out to be much slower than I expected.

Intuitively I assumed Redis would be fast enough to handle it with sub-millisecond response times. Turns out Redis uses client-server model and each command waits for response. So if you are sending each delete separately, the latency can add up quickly, more so if you are running…

Josh Software 

Creating a Dedicated Device Using Home Screen Admin App for Android

There are many ways to create a dedicated device. For Android, it’s even easier to do. But every approach has its pros and cons. In this article, we’ll learn about this in detail. Topics covered in this article: What is a Dedicated Device? By definition: A dedicated device is a specialized device that is built … Continue reading Creating a Dedicated Device Using Home Screen Admin App for Android
Remote Ruby 

Rails World and SellRepo

In this episode, Jason, Chris, and Andrew discuss their upcoming plans for the Rails World conference, sharing stories about travel arrangements, hotels, and Andrew's first time flying first class. The conversation delves into the technical side, with updates on Rails 8.1, Ruby’s new release schedule, and challenges related to Docker on Apple Silicon. Chris introduces his latest project, SellRepo, which allows users to sell digital products through GitHub. The episode also covers frustrations with JavaScript package management, GitHub CI caching, and API integration issues. They wrap up the episode with a  humorous conversation about nostalgic sodas like Surge and fast-food soda machines.…

Everyday Rails 

Testing with RSpec book updates for October 2024

Brand new chapter on testing controllers via request specs, and more!
Planet Argon Blog 

IMAX Screens, Duck Boats, and Myrtle the Turtle: My SquiggleConf Recap

IMAX Screens, Duck Boats, and Myrtle the Turtle: My SquiggleConf Recap

I had the privilege of opening SquiggleConf 2024 at the New England Aquarium, sharing the story of Oh My Zsh. Highlights included inspiring talks on Excalidraw, Chrome DevTools, and web animations, plus a fun Duck Boat tour where I got to drive on the Charles River.

Continue Reading

Awesome Ruby Newsletter 

💎 Issue 438 - What's New in Ruby on Rails 8

John Nunemaker 

The Moneyball approach

I joined Adam and Jerod to share my new thesis for acquiring Rails based SaaS apps. The conversation was great! This new moneyball approach (dubbed so by Jess) has been swimming around in my head for a few months now. So it's great to talk about it in public finally.

Changelog Interviews 612: The Moneyball approach – Listen on Changelog.com

If you like the episode, give 5 Businesses Acquired with a Long-Term Hold Model a listen too. Great stuff by someone with a lot more experience than me.

If you missed the other podcasts this week, here you go:

naildrivin5.com - David Bryant Copeland's Website 

A Simple Explanation of Postgres' Timestamp with Time Zone

Postgres provides two ways to store a timestamp: TIMESTAMP and TIMESTAMP WITH TIME ZONE (or timestamptz). I’ve always recommended using the later, as it alleviates all confusion about time zones. Let’s see why.

What is a “time stamp”?

The terms “date”, “time”, “datetime”, “calendar”, and “timestamp” can feel interchangeable but the are not. A “timestamp” is a specific point in time, as measured from a reference time. Right now it is Oct 10, 2024 18:00 in the UK, which is the same timestamp as Oct 10 2024 14:00 in Washington, DC.

To be able to compare two timestamps, you have to include some sort of reference time. Thus, “Oct 10, 2025 18:00” is not a timestamp, since you don’t know…

The Rails Changelog 

026: Exploring Rails' Default Debugger with Stan Lo

The debugger you didn't know you needed. Ruby comes with an official debugger called Debug, which is now included in new Rails applications. Surprisingly, many Rails developers are still unaware of just how powerful this tool is. In this episode, Stan and I dive into its capabilities, exploring how it enhances the debugging process and makes troubleshooting more efficient.

Debug
The Startup of You 

Ruby Weekly 

Ruby 3.4 (preview 2) gets a new parser

#​723 — October 10, 2024

Read on the Web

Ruby Weekly

Ruby 3.4.0 Preview 2 Released — The preview releases leading up to final Christmas Day Ruby releases don’t tend to throw up many changes, but this is an exception. A significant change is that Ruby’s default parser has been changed to Prism, so it’s absolutely worth testing your code against it now. You can also now use it as a default block parameter, amongst other minor syntax tweaks.

Yui Naruse

An Introduction to the Ruby LSP Add-on SystemRuby LSP is a language server that uses static analysis to improve Ruby editing features in editors like…

Andy Waite

👊RailsBump.org Is Now…

Rails Designer 

Smooth Transitions with Turbo Streams

With Turbo Streams you can update specific parts of your app. Inject a chat message, update a profile picture or insert a Report is being created alert.

The preciseness Turbo Streams offers is great. But often the abruptness of it, its not too appealing to me. The new component is just there (or isn’t, if you remove it).

I’d like to add a bit more joy to my apps and this technique is something that does just that. I previously explored multiple techniques to add some kind of transition or animation when an element was inserted or removed. I fine-tuned it over the years while using it in production. And I can say I’m happy with how the technique works I am outlining today.

First, this…

André Arko 

Updating iTunes Track Parser Scripts for Music.app

Moving from my usual niche interests to a niche so small that I have only seen two people on the internet who care about this: I have some really great news if you still want to manage metadata tags like it’s 2010 and you’re ripping CDs into iTunes. I’ve updated the most useful iTunes track naming script to ever exist, so you can use it in Music.app on macOS 15.1 Sequoia in the year 2024.

The scripts are named Track Parser (Clipboard) and Track Parser (Song name), and they were written by Dan Vanderkam in 2004. He maintained them until 2009, put them into a public Google Code project, and eventually moved on with his life. I used both scripts hundreds or maybe even thousands of times…

Jake Zimmerman 

Approximating strace with Instruments.app

The other day I learned that Instruments.app can record file system activity on macOS!
The Ruby on Rails Podcast 

Episode 525: Catching Up With Ruby Central with Marty Haught

Ruby Central has been a foundational part of the Ruby community since 2003. They organize Ruby Conf and Rails Conf and maintain critical Ruby infrastructure like rubygems.org. With Ruby Conf Chicago just around the corner and new initiatives at Ruby Central, we thought it would be a good time to catch up with our friends at Ruby Central. Marty Haught joins the show to tell us more about Ruby Central's open source initiatives.

Show Notes
https://rubyconf.org/
https://rubycentral.org/news/

John Nunemaker 

Code and the Coding Coders who Code it

Last week Drew invited me on his podcast. I loved the format (what are you working on, what are your blockers, what have you learned recently) and suspect I'll become a regular listener.

The episode summary pretty much sums it up...

Ever wondered why a seasoned entrepreneur would choose acquisition over starting from scratch? Join us as veteran Rubyist John Nunemaker unravels the secrets behind his strategic purchase of Fireside FM. You’ll discover the ins and outs of transitioning ownership and handling infrastructure while gaining insights into why stepping into an existing company can be a game-changer for entrepreneurs.

John's journey doesn't stop at Fireside FM. He shares his…

Nithin Bekal 

Contributing to Ruby docs

Last week, I came across a few small improvements that I could make to the Ruby docs. In the past, I’ve found the idea of contributing to the Ruby repo quite daunting, but I found that it’s actually pretty straightforward.

I made some notes about the steps to get things set up locally, and I’m sharing these here in the hope that I can convince someone else how easy it is to contribute!

Getting set up to make changes to docs

First, I forked the ruby repo, and cloned my fork:

git clone git@github.com:nithinbekal/ruby.git

Before I could run the configure scripts, I had to install autoconf:

brew install autoconf

Next, you generate the configure script:

./autogen.sh

And then run the…

Posts on Kevin Murphy 

1,000 Miles

eBike eXcitement 🔗

This evening, on the way home from gymnastics, with my daughter in the rear cargo seat, my eBike’s odometer ticked over 1,000 miles. I was riding at the time, so you’ll need to settle for the obligatory picture of it at 1,001 miles.

My bike's odometer reading 1,001 miles

And you’ll have to trust me that by getting to 1,001 I first rode 1,000 miles.

We’ve had the eBike for almost 14 months, and it’s been the primary way my daughter and I get around town. I ride her into school every day on the bike, no matter how cold it is. We ride to the playground. We go to the library. We ride in to drop her off at summer camp in the morning. Maybe we’ll go to get ice cream. We go to her activities. Stop to run an errand.

It’s…

Gusto Engineering - Medium 

Envelope Encryption in Authentication Service Using Google Tink

Encypting TOTP secrets in the Keycloak library

A coder in front of a computerDesigned by Freepik

Overview

At Gusto, our team is building a new authentication service using the open source authentication library called Keycloak. Keycloak offers a comprehensive range of security features and customizations but some components of the Keycloak library require enhanced security hardening to meet the security needs of Gusto. As part of our authentication service, it is crucial to support various Multi-Factor Authentication (MFA) methods — SMS, TOTP, WebAuthn, etc. to strengthen our security posture and prevent unauthorized access.

Problem

Keycloak currently stores TOTP secret (seed) in plain text within its database. This secret…

BigBinary Blog 

Evaluating JavaScript code in the browser

NeetoCourse allows anyone to buildinteractive courses where they can add codeblocks and assessments. This allowsthe user to run their code, see the output and check if their solution iscorrect or not. Check outBigbinary Academy's JavaScript courseto see this in action.

Let's see how we evaluate JavaScript code and check if the output matches thecorresponding solution.

Synchronous code

For a simple synchronous code, first thing we need to check is if everythinglogged by the user is same as that of the solution code. What we do here isaggregate all the logs to an array and then compare that array with the arraygenerated by the solution code. This is done by transforming the code using anAST…

ruby – Bibliographic Wilderness 

Getting rspec/capybara browser console output for failed tests

I am writing some code that does some smoke tests with capybara in a browser of some Javascript code. Frustratingly, it was failing when run in CI on Github Actions, in ways that I could not reproduce locally. (Of course it ended up being a configuration problem on CI, which you’d expect in this case). But this fact especially made me really want to see browser console output — especially errors, for failed tests, so I could get a hint of what was going wrong beyond “Well, the JS code didn’t load”.

I have some memory of being able to configure a setting in some past capybara setup, to make error output in browser console automatically fail a test and output? But I can’t find any…

RichStone Input Output 

RubyMine Debugger: You have already activated X, but your Gemfile requires Y

This is just a post for myself since otherwise, every half a year or so, I'm running into this.

At some point, I start to get an error like the one from the title when running my apps in the RubyMine debugger.

Typically, my first reaction is to leave that in peace and let it resolve itself. Then, after I'm annoyed with all the other debugging tools, I make myself search for it on Google. Usually, I hit this StackOverflow post and skim it for any answers or comments I upvoted:

By the way, I tried some ChatGPT incantations, but it doesn't seem to pick up the comment.

So here we go ChatGPT, you just need to do this in your terminal:

$ bundle clean --force

And then run the RubyMine debugger again.

So…

Rails Inside Out 

Deploying Rails Apps to a Caprover Instance

A few days ago I wrote an article on deploying rails apps with nginx + puma + mina. Some people in the comments suggested I try Caprover, Dokku and other open source PaaS software. Dokku didnt cut it for me, its a good piece of software it just wasnt for me.

Im aware of kamal and its also a great piece of software especially since its a first class rails citizen, however as always competition cant hurt. (I also didnt like how kamal is full of configuration) I mean, rails at its core is convention over configuration and kamal in its current state is the opposite of that, which I totally understand its only on version 2 and writing software takes a lot of work.

Getting Caprover

Back to this…

Greg Molnar 

Upgrading to Kamal 2

Kamal 2 was released recently and it brings a few singnificant changes. Traefik is replaced by kamal-proxy, Kamal runs all containers in a custom Docker network and secrets are passed differently to new containers. All these changes mean that the upgrade is not simple, but in this article I will walk you through an example to help with the process.

The Bike Shed 

443: Rails World and Open Source with Stefanni Brasil

Learning from other developers is an important ingredient to your success. During this episode, Joël Quenneville is joined by Stefanni Brasil, Senior Developer at Thoughtbot, and core maintainer of faker-ruby. To open our conversation, she shares the details of her experience at the Rails World conference in Toronto and the projects she enjoyed seeing most. Next, we explore the challenge of Mac versus Windows and how these programs interact with Ruby on Rails and dive into Stefanni’s involvement in Open Source for Thoughtbot and beyond; what she loves about it, and how she is working to educate others and expand the current limitations that people experience. This episode is also…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 108

The one where there is a new Ruby core committer, Dragon Ruby v6.0 release, Ruby Central looking for a new board member, and so many interesting code samples.
Posts on Kevin Murphy 

Office End Table Construction

Building in 3D 🔗

I make a lot of things. Most commonly code. I blog (maybe you’re aware, given you’re here). I build conference talks. Sometimes manifestos. Most of these live on the computer. Sometimes I need to step away and not look at a screen.

On occasion, I’ll build some piece of furniture we need in the house. Or some small accessory out of wood that I’ll use on my desk. This is one such time, and I decided to document it.

Similar to my recent posts on music I’m listening to, this isn’t directly related to software development. If you want to bail because of that, no judgement.

The Problem 🔗

In my office, I have a couch. Right now there’s a metal filing cabinet next to the couch that I’m…

Julia Evans 

Some notes on upgrading Hugo

Warning: this is a post about very boring yakshaving, probably only of interest to people who are trying to upgrade Hugo from a very old version to a new version. But what are blogs for if not documenting one’s very boring yakshaves from time to time?

So yesterday I decided to try to upgrade Hugo. There’s no real reason to do this – I’ve been using Hugo version 0.40 to generate this blog since 2018, it works fine, and I don’t have any problems with it. But I thought – maybe it won’t be as hard as I think, and I kind of like a tedious computer task sometimes!

I thought I’d document what I learned along the way in case it’s useful to anyone else doing this very specific migration. I upgraded…

Write Software, Well 

Not-Null Shortcut in Rails 8 Migration Generator

Not-Null Shortcut in Rails 8 Migration Generator

If you're on the latest (8) version of Ruby on Rails, there's a nice shortcut to add the not null modifier to your database columns. Just add an exclamation mark after the type, and Rails will mark that column as not null.

For example, consider the following generator command.

$ bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string!

It will produce the following migration.

class CreateUsers < ActiveRecord::Migration[8.0]
  def change
    create_table :users do |t|
      t.string :email_address, null: false
      t.string :password_digest, null: false

      t.timestamps
    end
    
    add_index :users, :email_address, unique: true
  end
end

Pretty handy!

P.…

Fullstack Ruby 

Top 10 Most Excellent Gems to Use in Any Ruby Web Application

The ecosystem of Ruby gems is rich with libraries to enable all sorts of useful functionality you’ll need as you write your web applications. However, at times it can be a challenge when you’re working within a broader Ruby context (aka not using Rails) to find gems which integrate well into all sorts of Ruby applications.

Occasionally you’ll come across a gem which doesn’t clearly label itself as Rails-only. In other cases, the manner in which you can use the gem outside of Rails isn’t clearly documented or there are odd limitations.

But thankfully, there are plenty of gems which are quite solid to use no matter what architecture you choose, and a few you might come across may even…

In this…

Ruby Magic by AppSignal 

What's New in Ruby on Rails 8

The first Rails 8 beta has officially been released, bringing an exciting set of features, bug fixes, and improvements. This version builds on the foundation of Rails 7.2, while introducing new features and optimizations to make Rails development even more productive and enjoyable.

Key highlights include an integration with Kamal 2 for hassle-free deployments, the introduction of Propshaft as the new default asset pipeline, and extensive ActiveRecord enhancements. Rails 8 also brings several SQLite integration upgrades that make it a viable option for production use.

Let's dive in and explore everything that Rails 8 has to offer!

Effortless Deployments with Kamal 2 and Thruster

Rails 8…

Ruby News 

Ruby 3.4.0 preview2 Released

We are pleased to announce the release of Ruby 3.4.0-preview2.

Prism

Switch the default parser from parse.y to Prism. [Feature #20564]

Language changes

  • String literals in files without a frozen_string_literal comment now emit a deprecation warning when they are mutated. These warnings can be enabled with -W:deprecated or by setting Warning[:deprecated] = true. To disable this change, you can run Ruby with the --disable-frozen-string-literal command line argument. [Feature #20205]

  • it is added to reference a block parameter. [Feature #18980]

  • Keyword splatting nil when calling methods is now supported. **nil is treated similarly to **{}, passing no…

Core classes updates

Note: We’re only listing outstanding class updates.

  • Exception

    • Exception#set_backtrace now accepts an array of Thread::Backtrace::Location. Kernel#raise, Thread#raise and Fiber#r…
  • Range

Notes to self 

Running multiple apps on a single server with Kamal 2

Kamal 2 finally brings the most requested feature to reality and allows people to run multiple applications simultaneously on a single server. Here’s how.

The Kamal way

Kamal is an application-centric deploy tool rather than a small PaaS. And this hasn’t changed with the new version 2. But what does it even mean?

Let’s look at a typical config/deploy.yml to run a generic application:

# config/deploy.yml
service: [APP_NAME]

image: [DOCKER_REGISTRY]/[APP_NAME]

servers:
  web:
    - 165.22.71.211
  job:
    hosts:
      - 165.22.71.211
    cmd: bin/jobs

proxy:
  ssl: true
  host: [APP_DOMAIN]

registry:
  username: [DOCKER_REGISTRY]

  # Always use an access token rather than real…

As you can notice the configuration describes only one particular service. And this hasn’t changed. Applications still have…

Mintbit 

Using Active Record Store in Ruby on Rails

Active Record Store is a powerful feature in Ruby on Rails that allows you to store structured data in a flexible way. Instead of creating separate tables for every piece of information, you can store data as a hash directly in your model. This is especially useful for scenarios where the structure of the data may change over time or is not strictly defined.

Example Scenario: Managing Book Preferences

Let’s imagine you are building a book review application where users can save their reading preferences. Instead of creating separate columns for each preference (like favorite genres, preferred authors, and reading status), you can use Active Record Store to simplify the model.

Step 1:…

Rails Designer 

S3 Alternatives for Rails’ ActiveStorage

ActiveStorage is a Rails framework that simplifies file uploads and attachments to cloud storage services. It provides a unified interface for handling file uploads, transformations, and storage across various cloud providers.

It’s beautifully simple and easy to set up. Adding an user avatar is just one line of code:

class User < ApplicationRecord
  has_one_attached :avatar
end

Love Rails! ❤️

Being one of the first to market, Amazon’s S3 (Simple Storage Service), has been the default storage provider for your ActiveStorage attachments. But the last few years more options have appeared. This is great for companies and customers alike!

For my next big thing, I have explored other…

Drifting Ruby Screencasts 

Kamal 2

In this episode we look at deploying a Rails 8 beta application to a Digital Ocean droplet. We'll also look at a scenario of deploying Action Cable broadcasts and another with recurring background jobs.
justin․searls․co - Digest 

🎙️ Breaking Change podcast v21 - Not From Backup

Direct link to podcast audio file

Get ready for a three-hour-plus Breaking Change spectacular! Why is it special? I'm not going to tell you. You'll just have to listen.

Remember, money doesn't change hands when you consume this Content™, but that doesn't make it free! In exchange for downloading this MP3, the license requires you to write in to podcast@searls.co at least once every three episodes. Some of y'all are past due, and I know where to find you.

Want URLs? I got URLs:

Hotwire Weekly 

Week 40 - Why Your Turbo Form Submission Fails, Hotwire Native content, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Next week, Rocky Mountain Ruby 2024 takes place in Boulder, Colorado, Oct 7-8, featuring some Hotwire and Hotwire-adjacent talks:

  • How to make your application accessible (and keep it that way!) - Joel Hawksley
  • Evolution of Real-Time and AnyCable Pro - Irina Nazarova
  • Leveling Up Developer Tooling For The Modern Rails & Hotwire Era - Marco Roth

I hope to see you there! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

ActiveStorage Direct Upload with Stimulus - This article by Rails Designer explains how to implement direct uploads with ActiveStorage using Stimulus. It shows how to set up a Stimulus controller to…

katafrakt’s garden 

Mruby: Errors in Ruby code and how to find them

In the article about using mrbgems we had a situation when ARGV constant was not defined, but referenced. As a result the code execution failed (the side-effects were not produced), however it did that completely silently. No error message was emitted. And even the exit code was zero.

This is obviously bad. So I set to fix it. By examining mruby source code I discovered mrb_print_error function. Putting it to use looks like this:

#define MRUBY_ERROR 1

// ...

/* handle exceptions */
if(mrb->exc) {
  fputs("Error when executing Ruby code:\n", stderr);
  mrb_print_error(mrb);
  mrb_close(mrb);
  return MRUBY_ERROR;
}

We can invoke it by referencing some undefined constant in our Ruby…

RichStone Input Output 

Getting into home games and reading a new book

Getting into home games and reading a new book

Hey friends!

My subscribers are usually good and driven people, so you are probably busy with some good stuff, so no time to wonder where this Rich guy has been for the past four months.

Well, TL;DR: After a few mini projects for fun, a failed SaaS project with a buddy of mine (we had no co-founder fit), and a month or two in figuring out what's next. I'm starting a new project.

I'm a natural born gamer, so this time, it's about my favorite topic in real life: home games.

The first part of the app is a score tracker to answer a few questions that bother me for the past 25+ years:

How do you track scores and determine who's the best in your bar card round? How often does your kid really win in…

zverok's space 

On programming and poetry (not Python’s tool)

Some thoughts on how programming’s unlikely relations to poetry, and some implications of those relations

I don’t have much time recently to work on articles about programming (especially considering my typical article length); but I have some previously written content to share. This article was drafted as a Twitter thread on my 39th birthday: a day when I published my new site, and announced “I’ll be writing more here soon!” It was Feb 14, 2022, ten days before the full-scale Russian invasion started. Two and a half years later, I finally go to making it into a standalone text with clearer arguments, some links and conclusions. Anyway.

You don’t see poetry (as in writing and reading…

justin․searls․co - Digest 

📸 Everybody needs a hobby.

Maybe I’ll start posting more photos.

justin․searls․co - Digest 

📸 gj everyone

X marks the spot on this SEO.

katafrakt’s garden 

Mruby: Beyond “hello world”

In the last article , I took an initial look at mruby: how to install it using asdf, how to execute a simple code and how to build a standalone binary from a Ruby source. Now it’s time to try to look further and build something more complex.

But first, let me just acknowledge how really basic the mruby is. It supports almost all Ruby syntax (apart from pattern matching), but when it comes to standard library, you’ll find many things missing. Some potentially surprisin omissions include: JSON parsing/building, regular expressions, HTTP client.

> JSON.parse('{"test": [null]}')
uninitialized constant JSON (NameError)

Does this mean that I have to write a JSON parser or regular…

Julia Evans 

Terminal colours are tricky

Yesterday I was thinking about how long it took me to get a colorscheme in my terminal that I was mostly happy with (SO MANY YEARS), and it made me wonder what about terminal colours made it so hard.

So I asked people on Mastodon what problems they’ve run into with colours in the terminal, and I got a ton of interesting responses! Let’s talk about some of the problems and a few possible ways to fix them.

problem 1: blue on black

One of the top complaints was “blue on black is hard to read”. Here’s an example of that: if I open Terminal.app, set the background to black, and run ls, the directories are displayed in a blue that isn’t that easy to read:

To understand why we’re seeing this…

RubySec 

CVE-2024-43795 (openc3): OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

### Summary The login functionality contains a reflected cross-site scripting (XSS) vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition ### Impact This issue may lead up to Remote Code Execution (RCE). **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g#advisory-comment-104904).
RubySec 

CVE-2024-46977 (openc3): OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)

### Summary A path traversal vulnerability inside of `LocalMode`'s `open_local_file` method allows an authenticated user with adequate permissions to download any `.txt` via the `ScreensController#show` on the web server COSMOS is running on (depending on the file permissions). Note: This CVE affects all OpenC3 COSMOS Editions ### Impact This issue may lead to Information Disclosure. **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8#advisory-comment-104903).
RubySec 

CVE-2024-47529 (openc3): OpenC3 stores passwords in clear text (`GHSL-2024-129`)

### Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition ### Impact This issue may lead to Information Disclosure. **NOTE:** The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm#advisory-comment-104905).
Ruby on Rails 

Make Float distinguish between float4 and float8 in PostgreSQL and more

Hi, it’s Greg, bringing to you the latest changes from Rails, while recovering from an amazing Rails World experience.

Make ActionController::AllowBrowser::BrowserBlocker private
To reduce the API surface area of the allow_browser feature, this commit marks the class as private API.

Change ActiveSupport::HashWithIndifferentAccess#stringify_keys to stringify all keys not just symbols
This pull request changes ActiveSupport::HashWithIndifferentAccess#stringify_keysto stringify all keys, not just symbols.
Before the change:

{ 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2

After this change:

{ 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2

Make Float distinguish…

justin․searls․co - Digest 

📸 Are Apple Vision personas… people?

This is some real snake-eating-its-own-tail shit by Apple Photos. What the hell am I supposed to click in order to not screw up its training of Aaron's face?

SINAPTIA 

This week in #devs

Our #devs channel is a cross-project, shared space where the entire dev team of SINAPTIA can ask questions, share opinions, and discuss interesting articles or tech that they come across. The idea is to post a curated extract of what happens there every week.

On Rails Performance

Last week, we discussed Rails performance extensively due to some work we’re doing on one of our client’s Ruby on Rails applications. Fernando shared an article about DHH’s take on N+1 queries: “N+1 is a feature”. Used with a Russian doll caching setup, it could be even more performant than eager loading. The topic is a bit controversial, as DHH’s opinions usually are, but we found the thought exercise fruitful.…

Ruby Rogues 

Navigating Rails for Front-End Developers: A Comprehensive Guide to Integration and Transition - RUBY 654

In this episode, Valentino and Ayush dive deep into the evolving landscape of web frameworks, particularly focusing on Ruby on Rails. Join them as they explore the challenges and advantages of transitioning from front-end-centric frameworks like Next.js to Rails, the seamless features Rails offers, and the complexities of integrating front-end components.


They also discuss exciting potentials like better integration of Vue component libraries with Rails, the simplicity and utility of custom elements, and the desire for Rails to incorporate features similar to Phoenix LiveView. The panelists share their thoughts on the evolving Rails stack, the need for better tools and documentation, and the…
Remote Ruby 

Jeremy and Jess from IndieRails

In this crossover episode, Jason and Chris are joined by Jeremy and Jess from the Indie Rails podcast to discuss Ruby programming, indie development, and the challenges of building and maintaining software as solo developers. They dive deep into the origins of Indie Rails, share their individual career journeys, and explore Jeremy's project, Liminal, which aims to replace traditional forums and Slack with a more modern solution. The group reflects on the frustrations with current platforms, their experiences with indie development, and the importance of marketing alongside coding. They also compare Rails and Laravel, talk about the "one-person framework" concept, and the challenges in…

justin․searls․co - Digest 

📸 I hate code review less now

I've hated the culture of asynchronous code review for years, especially as the popularity of GitHub and its pull request workflow lent itself to slow, uninformed, low-empathy, bureaucratic workflows to address problems that would be better solved by higher-bandwidth collaboration between team members.

That said, as someone who's spent the last 9 months building an app by myself, I've really enjoyed having GPT 4o as my "pair". It's still too slow: I get bored and tab away to check Mail or Messages. But instead of waiting hours for feedback I'm waiting for literal seconds. There's also zero ego, politics, or posturing. And while it does hallucinate bullshit, there's far less of it than one…

DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 22

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 22. Use method_missing for Delegation

Y'know after reading that intro paragraph in the book I'm questioning whether or not I want to pursue management again, but then again a lot of my job nowadays is writing Documents (heh) and delegating work to others and trying to distill context…

DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 21

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 21. Use method_missing for Flexible Error Handling

What exactly happens when Ruby doesn't find the method it's looking for? Well it goes hunting for that method of course, but it has to go all the way up its inheritance chain to try and find it first before it then falls back to the…

Awesome Ruby Newsletter 

💎 Issue 437 - It has to be the most beautiful open source project written in Ruby

DotRuby - Things we have to say. 

How to Create Custom Error Pages in Rails

Don't let error pages break your brand's flow. Learn how to create custom error pages in Rails that match your design, keeping the user experience smooth—even when things go wrong.
Rails at Scale 

An Introduction to the Ruby LSP Add-on System

CONFERENCE NEWS

The Ruby LSP team will be in attendance at RubyConf 2024 in Chicago (November). Reach out if you want to chat about anything related to Ruby LSP, or the wider Ruby developer experience.

Overview

In this post we introduce the Ruby LSP add-on system. We’ll explain the problem it solves, discuss its architecture, showcase some example add-ons, and share our vision for a future add-on ecosystem that enhances the Ruby development experience.

Introduction

Ruby LSP is a language server implementation designed to streamline writing Ruby code. It uses static analysis to parse your code to provide editor features. However, in the Ruby ecosystem, dynamic programming and DSL

RubyGems Blog 

3.5.21 Released

RubyGems 3.5.21 includes enhancements and bug fixes.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

  • Fix Gem::MissingSpecVersionError#to_s not showing exception message. Pull request #8074 by deivid-rodriguez
  • Remove code that makes suggest_gems_from_name give worse results. Pull request #8083 by duckinator
  • Warning about PATH in --user-install mode is only necessary for gems with executables. Pull request #8071 by deivid-rodriguez
  • Installs bundler 2.5.21 as a default gem.

## Bug fixes:

  • Fix error in one source when fetching dependency APIs clearing results from all sources. Pull…
justin․searls․co - Digest 

📸 Pro-tip: engrave your iPhone PIN on your AirPods case

I guarantee a non-zero number of people have put their iPhone PIN on their AirPods case.

Ruby Weekly 

A smorgasbord of Rails 8 related updates

#​722 — October 3, 2024

Read on the Web

Ruby Weekly

▶  DHH's Rails World 2024 Opening KeynoteRails World took place last week, and by all accounts it was an amazing experience. DHH took to the stage to introduce Rails 8.0 beta 1, talk about the idea of the ‘One Person Framework’, espouse import maps, getting off the cloud, and more besides.

David Heinemeier Hansson

Eliminating Intermediate Array Allocations — Sure, all most things in Ruby are objects, but do all objects cause memory allocations? The answer is “no,” but the logic behind allocations is worth knowing, as understanding Ruby’s behavior…

Notes to self 

Upgrading from Kamal 1 to Kamal 2

Here’s some possible steps to take and notes from upgrading a single server Kamal setup to the new Kamal 2.

1. Upgrade to Kamal 1.9.x

First upgrade to Kamal 1.9 and confirm you can still deploy:

$ gem install kamal --version 1.9.0
$ kamal config
$ kamal deploy

2. Upgrade to Kamal 2

Update Kamal version again to a 2.x release:

$ gem install kamal --version 2.1.0

Do not redeploy just yet.

3. Remove Traefik mentions

Remove the Traefik section from config/deploy.yml:

traefik:
  options:
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
    network: "private"
  ...

And remove any other mentions of the proxy such as traefik.* labels…

Rails Designer 

ActiveStorage Direct Upload with Stimulus

In two previous articles I explored first previewing images before upload and then a drag & drop feature. In this article I am going, once again, extend the functionality by adding a direct upload feature.

Direct Upload in ActiveStorage allows files to be uploaded directly from the user to the cloud storage service (eg. S3), without touching your app’s server. This is mostly useful for larger files like audio and video, but nonetheless useful for images too.

Let’s start, also this time, with the HTML where the previous article ended:

<div data-controller="image-preview dropzone" data-dropzone-image-preview-outlet="#image-preview" data-action="dragover->dropzone#dragOver…
DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 20

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 20. Use Hooks to Keep Your Program Informed

So we're now into the metaprogramming chapters. The very short version of my opinion on it is that it's very powerful potentially, yes, but it's also capable of making your programs substantially harder to reason about for very little gain.…

RubySec 

CVE-2024-41673 (decidim): Decidim has a cross-site scripting vulnerability in the version control page

### Impact The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL. ### Workarounds Not available ### References OWASP ASVS v4.0.3-5.1.3 ### Credits This issue was discovered in a security audit organized by [Open Source Politics](https://opensourcepolitics.eu/) against Decidim done during July 2025.
Greg Molnar 

Rails World 2024

I had the privilege to attend and speak at Rails World 2024 in Toronto.

Ruby Magic by AppSignal 

Measuring the Impact of Feature Flags in Ruby on Rails with AppSignal

Feature flags are a powerful tool in software development, allowing developers to control the behavior of an application at runtime without deploying new code. They enable teams to test new features, perform A/B testing, and roll out changes gradually.

In Ruby on Rails, feature flags can be managed using diverse tools, the most popular being the Flipper gem. This article will explore implementing and measuring the impact of feature flags in a Solidus storefront using Flipper and AppSignal's custom metrics.

What Are Feature Flags in Rails, Again?

If you are looking for an introduction to the subject, check out the post Add Feature Flags in Ruby on Rails with Flipper.

In a nutshell, though,…

All about coding 

Where to list your Ruby company online

A couple of projects or directories in the Ruby community are trying to aggregate companies or products using Ruby or Ruby on Rails. If you are using Ruby or any Ruby-based framework in your company or for one of your projects, then I think you should add it to these websites as you see fit.

These efforts are important for the community, as they provide a valuable resource for job seekers while offering inspiration and opportunities about what can be built with Ruby and Ruby on Rails.

Moreover, it is equally good to show what kind of projects and companies can be built with Ruby / Ruby on Rails for anyone considering learning Ruby.

UsingRails.com

https://usingrails.com is a project by Andy Croll

Performance Action Pack - a cost effective way to audit and optimize your Rails app 

How to use Cloudflare Workers proxy with Rust

Visits counter was a critical feature of every website just 20 years ago. In this tutorial, we will implement it with Rust Cloudflare Workers by adding persistence and dynamic behaviors to an otherwise static page. We will also discuss other practical use cases of CF workers edge proxy.

Static blog with CF edge caching

Visits: [VISITS_COUNT]

This blog is a static JekyllRB website hosted on an EC2 behind an NGINX proxy. Additionally, it’s using a Cache everything Cloudflare cache rule with the following header for each HTML page:

cache-control: public, max-age=3600

Cloudflare cache everything rule

You can check it by running this cURL:

curl -I https://pawelurbanek.com/cloudflare-workers-rust | grep cache

#…
justin․searls․co - Digest 

📸 Help me fill this out

Starting from scratch with my RSS subscriptions.

Only rules for each feed:

  1. Is interesting
  2. Is published by an individual

Anything you'd recommend? Let me have it: justin@searls.co

Rails Inside Out 

Deploying Multiple Rails Apps on The Same Server with Puma + Nginx

If Kamal is not for you then this article is for you. Theres a lot of my opinions in this article, feel free to jump to the setup section

After coming back to rails from Laravel I found that it wasnt clear how to run multiple rails apps on the same server. If you google deploy rails right now you see something about deploying to heroku which was the thing when I started using rails in rails 5.

With PHP-FPM + Nginx I could run an infinite number of apps on a $5/month server. When it was time to deploy Pulse, as always I did a deep dive, most of the articles on the internet assumed I wanted to run 1 rails app on 1 vm, my first attempt worked, I ran puma, I dont even remember how, it worked but…

John Nunemaker 

How to Find a Business Partner

I've had business partners for every business I've been a part of. Yet, I've never asked myself "Why?". Yesterday someone did.

You’ve been fairly prolific over the years, and I was wondering what your thoughts were on taking a business partner? I think you’ve had a partner(s) for every initiatve/business? Would you ever do one without or do you typically find it better with one?

This was my answer: risk reduction. I'm a scaredy cat. 

Back in the early days of my first business (2008?), I partnered with Steve Smith instead of going it alone. Great decision. 

We had complimentary product skills (he was form and I was function) and had worked together for a few years at the University of Notre…

naildrivin5.com - David Bryant Copeland's Website 

Custom Elements Reacting to Changes

In the end notes of my post on creating a sorting and filter table using custom elements, I mentioned that my solution would not work if the <table> inside <fancy-table> was modified. This post outlines how to address that using MutationObserver, and it’s kinda gnarly.

The Problem - Your DOM Changes out From Under You

The contract of the <fancy-table> as that if sort-column was set, the table’s rows would be sorted, and if filter-terms was set, only rows matching the filter would be shown. That contract breaks if the inside of the <table> is modified.

Ideally, whatever behavior an HTML Web Component bestows upon the DOM it wraps is bestowed to whatever is in there, no matter when or…

Mintbit 

Writing More Expressive Ruby with the it Shorthand

Ruby is a language that consistently evolves to make code more expressive, concise, and readable. With the release of Ruby 3.4, one of the exciting new features introduced is the use of it as a shortcut for the first parameter in a block. This enhancement aims to simplify code, especially in situations where blocks are used extensively, reducing the need to explicitly declare block parameters.

In this post, we’ll explore how the it shorthand works, why it was introduced, and when it’s useful.

What Is the it Shorthand?

The it keyword is now an implicit reference to the first block parameter. This means that instead of having to define a block parameter explicitly, you can use it as a…

Alchemists: Articles 

htmx View Transitions

Cover
htmx View Transitions

View Transitions, if not aware, provide CSS and HTML support for animating state transitions between elements within the same document or across different documents. This allows web applications to use smooth transitions normally only seen with native mobile apps.

Currently, View Transitions have growing, but limited, browser support with Firefox being the sole laggard. The good news is we can implement view transitions while having automatic progressive enhancement as browser support grows.

In this article, I’ll use the following stack to animate a deck of slides for presentation purposes:

I’ll assume…

BigBinary Blog 

Creating a synchronized store between main and renderer process in Electron

When building desktop applications with Electron, oneof the key challenges developers often face is managing the shared state betweenthe main process and multiple renderer processes. While the main processhandles the core application logic, renderer processes are responsible for theuser interface. However, they often need access to the same data, like userpreferences, application state, or session information.

Electron does not natively provide a way to persist data, let alone give asynchronized state across these processes.

electron-store to store data persistently

Since Electron doesn't have a built-in way to persist data, We can useelectron-store, an npm packageto store data persistently. e…

The Bike Shed 

442: Paradigms - What is a Program?

What is a program? Your answer to this question will determine the paradigm through which you view programming. During this episode, you’ll come to understand how things change once you develop an awareness of your paradigm, and what. To kick off this episode, Stephanie shares key insights she took from Planet Argon’s 2024 Ruby on Rails survey and dives deeper into her history with Ruby on Rails. Next, we dive into the definition of a paradigm and unpack three different paradigms you might hold as a developer: procedural, object-oriented, and functional. Considering how each of these impacts the way that you might approach your work as a developer, and what you can learn from the…

Josh Software 

Will the Real Deepfake Please Stand Up?

In the rapidly evolving digital landscape, the banking and financial services sector has made significant strides in leveraging technology to streamline processes, enhance customer experiences, and strengthen security measures. Among these advancements, eKYC processes have become a cornerstone of digital transformation, offering a faster and more convenient way to verify identities and onboard customers. However, … Continue reading Will the Real Deepfake Please Stand Up?
Short Ruby Newsletter 

Short Ruby News - Edition #107

The one about Rails World when Rails 8.0.0.beta1 was announced
justin․searls․co - Digest 

📸 Hey, I know that speaker

Extremely proud of… how much my posture has apparently improved since I started speaking.

It was a real journey.

Super Good Blog 

Making Solidus Customizations More Resilient

One of the biggest benefits of using Solidus as your eCommerce framework is that it’s designed to be customized. It comes with built in hooks, extension points, good documentation, and it’s also written in Ruby, a language that lets you reach into any class or module and modify it. However, this flexibility comes with a degree of risk—modifying code that you don’t own, such as the Solidus gem, can lead to hard-to-catch bugs when upgrading gems.

There’s a number of practices and general guidelines I’ve adopted that help make my customizations to Solidus (and other gems) more resilient to gem upgrades.

If you haven’t already, start by reading the “Customization” section of the official…

Gusto Engineering - Medium 

How we work in distributed teams at Gusto

MacBook Pro on a wood table displaying a group of people on a video call. Next to the computer is a green mug.Source: Unsplash

Since 2019, the corporate world has changed fundamentally due to COVID-19. Many companies were forced into working remotely due to safety concerns. However, four years out from the onset of the pandemic, we have seen companies adopting return-to-office (RTO) policies where employees can either be fully remote, fully in person, or in a more hybrid approach. In many cases, teams are spread out across these different modes of working. So how has Gusto adapted to these changes?

Many of our teams are working in a remote or hybrid environment, and also working across many different time zones. Although Gusto has offices in Denver, New York, and San Francisco, we have many Gusties…

mattbrictson.com 

Upgrading to PostgreSQL&nbsp;17 with Homebrew

Postgres 17 has arrived! For those using Homebrew on macOS, this article offers a quick walkthrough of how to upgrade from 16 to 17, migrating over all existing data.


Install PostgreSQL 17

Homebrew distributes Postgres as explicitly version-numbered packages. This allows you to have more than one version installed at a time, which is key for migrating data.

First, install the new version (17).

brew install postgresql@17

Don’t uninstall the old version (16) yet; you’ll need it for migrating data. For now, stop the service so it is no longer accepting connections.

brew services stop postgresql@16

Migrate your databases

Next, do a dry-run of the data migration using pg_upgrade with the …

naildrivin5.com - David Bryant Copeland's Website 

HTML Web Components Re-Use Logic, Which is What You Want

Custom elements that wrap HTML (AKA “HTML Web Components”) can be extremely useful for re-using logic without requiring the user of the custom element to adopt any particular UI or styling. And this is usually the sort of re-use you actually want.

Let me demonstrate by creating a way to sort and filter any HTML table. Sorry, this is a bit long.

HTML Web Components used in this way are extremely powerful because they work with the HTML you already have, no matter how that HTML generated. Unlike a sortable/filterable table made with React, the HTML Web Component we’ll create doesn’t require that the HTML be generated on the client, or from any particular server process. It works with…

GoRails Screencasts 

Customizing Rubocop Rails Omakase Rules

Rubocop Rails Omakase is just a starting place and provides a handful of rules.
Radan Skorić's website 

Migrating from Devise to Rails Auth before you can say "Rails World keynote"

Radan here: this is another guest post by Miha. He was so excited about it that he interrupted my weekend with a brand new post to review. I still found it interesting, so I hope you enjoy it as much as I did! Back to Miha now. Whether you caught wind of it through the GitHub PR, watched David’s Rails World 2024 opening keynote, or read the announcement on the Ruby on Rails blog for Beta 1, th...
Josh Software 

Flutter Performance Optimization: A Comprehensive Guide

Flutter is an excellent framework for building cross-platform mobile applications, but to ensure a smooth and responsive user experience, optimizing your Flutter app’s performance is essential. Below is a detailed guide covering best practices for improving Flutter app performance.  Why Optimize Flutter Performance? Optimizing your Flutter app can lead to: Common Performance Issues Some frequent … Continue reading Flutter Performance Optimization: A Comprehensive Guide
Tenderlove Making 

Eliminating Intermediate Array Allocations

Recently I gave a talk at RailsWorld (hopefully they’ll post the video soon), and part of my presentation was about eliminating allocations in tokenizers. I presented a simple function for measuring allocations:

def allocations
  x = GC.stat(:total_allocated_objects)
  yield
  GC.stat(:total_allocated_objects) - x
end

Everything in Ruby is an object, but not all objects actually make allocations. We can use the above function to measure allocations made in a block. Here are some examples of code that never allocate:

p allocations { true }                  # => 0
p allocations { false }                 # => 0
p allocations { nil }                   # => 0
p allocations { :hello }            …
Hotwire Weekly 

Week 39 - Rails World 2024, Hotwire Native, Hacktoberfest, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Rails World 2024 in Toronto, Canada has concluded, and DHH delivered the opening keynote. While there weren’t many Hotwire-specific announcements, numerous topics aligned with the Hotwire spirit.

Rails 8 aims to simplify the stack, making it easier than ever to start and scale Ruby on Rails apps, from Hello World to IPO, without extra dependencies.

Some key Frontend/Hotwire-related updates include:

  • Propshaft - A modern, simplified asset pipeline, replacing Sprockets. Default in Rails 8.
  • Solid Cable - A database-backed adapter for Action Cable, now the default in Rails 8.
  • Action Notifier - A framework for web push…

➡️ Opening Keynote: Rails World 2024 - David Heinemeier Hansson

Happy reading! 🚀✨


📚 Articles,…

RubySec 

GHSA-75j2-9gmc-m855 (camaleon_cms): Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to [documents][1] or a string of an [unsupported format][2]. If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.) [1]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106 [2]:…
Island94.org 

Spectator Sport, a brief introduction to an upcoming Rails plugin

Hi! 👋 I’m Ben Sheldon. I’m the author of GoodJob, an Active Job backend that I’ll humbly share is mildly popular and known for its broad features and ease of use. I’m working on a new plugin for Rails: ✨

Spectator Sport creates and replays video-like recordings of your live, production website, via a self-hosted Ruby on Rails Engine that lives in your application.

Spectator Sport uses the rrweb library to create recordings of your website’s DOM as your users interact with it, from the perspective of their web browser’s screen (html, css, images, dynamic content, mouse movements and clicks, navigation). These recordings are stored in your Active Record database for replay by developers…

Mintbit 

4 Tips to Resolve N+1 Queries in Ruby on Rails

In Ruby on Rails, N+1 query problems occur when your application makes an excessive number of database queries due to how associations between models are loaded. This can lead to severe performance degradation, especially as your data scales.

In this post, we’ll cover four effective ways to resolve the N+1 query problem in Rails and make your application faster and more efficient.

1. Use includes for Eager Loading

The most common solution to N+1 problems is to use includes. This method allows you to load associated records in a single query, rather than querying the database each time you access an association.

Without includes (N+1 query problem):

1
2
3
4
5
6
posts = Post.all
posts.each
Ruby Rogues 

Building Better Ruby Apps: Glimmer's Component Slots and More - RUBY 653

Today, Valentino dives deep into the world of Ruby development with our special guest, Andy Maleh. They explore innovative advancements in Glimmer DSL for LibUI and Glimmer DSL for Web. Andy talks about his after-hours efforts to improve productivity and maintainability in front-end development, his critiques of current JavaScript frameworks like React, and his preference for utilizing Ruby's simplicity.
Valentino shares his intriguing project, building a robotic arm, and discusses teleoperation technology and practical applications. As they wrap up, we touch on full-stack development benefits, easing the learning curve, and future personal projects. Get ready for insights into integrating…
justin․searls․co - Digest 

📸 How to Reset People & Pets in iCloud Photos

If you're experiencing persistent issues caused by the People & Pets metadata in iCloud Photos, there is a hidden way to reset it across all devices associated with your account.

The most common reasons you might want to do this:

  • You accidentally merged multiple people and can't train your way out of detangling them
  • You accidentally removed people and can't get iCloud Photos to recognize them as people again
  • The People Collection in the iOS Photo Shuffle lock screen and the updated watchOS 11 Photos watch face configurators is missing someone important, and you hope that by resetting everything, your spouse or kid or whoever will start appearing (this is the issue I've had for a couple…

The reset function is not currently available from any settings screen, and is only triggered by selecting and removing all people and pets in a single remove operation. I only tested this on a Mac (under macOS 15.0…

justin․searls․co - Digest 

📄 The Empowered Programmer citations

I meant to be more on top of it than this, but thanks to some day-of turbulence, I failed to do two things before my Rails World talk on Thursday:

  1. Post this promised post of links to my blog so people could see all the various tools and advice I'd referenced
  2. Redirect Becky's old site (buildwithbecky.com) to the new one (betterwithbecky.com)

Whoops!

Anyway, better late than never. Here are the things I mentioned in the talk:

Of course, most of you reading this weren't in the audience in Toronto and haven't seen the talk. Sit tight, I'm told that Rails World's turnaround time for getting the video online won't be too long. 🤞

There are a bunch of other things…

Greg Molnar 

Rails World 2024 Slides

I gave a talk about the State of Security in Rails 8 at Rails World in Toronto in 2024. These are the slides from my talk:

This browser does not support PDFs. Please download the PDF to view it: Download PDF.

</embed>
Ruby on Rails 

Announcing the 2024 Rails Luminary Winners: Akira Matsuda & Yukihiro Matsumoto

This year we were joined by two special guests at Rails World: Akira Matsuda and Yukihiro “Matz” Matsumoto.

Each was awarded a 2024 Rails Luminary award to acknowledge and celebrate the significant mark they have each made on the Rails ecosystems, shaping the tools we use and the community around them.

Rails Lifetime Award 2024: Yukihiro “Matz” Matsumoto

For the Rails Lifetime Award, DHH bestowed this year’s honor on none other than the creator of Ruby himself, Yukihiro “Matz” Matsumoto. Matz’s vision of a programming language that is both powerful and enjoyable has us all to where we are today. His kindness, passion for Ruby, and impact on software development have inspired generations…

Julia Evans 

Some Go web dev notes

I spent a lot of time in the past couple of weeks working on a website in Go that may or may not ever see the light of day, but I learned a couple of things along the way I wanted to write down. Here they are:

go 1.22 now has better routing

I’ve never felt motivated to learn any of the Go routing libraries (gorilla/mux, chi, etc), so I’ve been doing all my routing by hand, like this.

	// DELETE /records:
	case r.Method == "DELETE" && n == 1 && p[0] == "records":
		if !requireLogin(username, r.URL.Path, r, w) {
			return
		}
		deleteAllRecords(ctx, username, rs, w, r)
	// POST /records/<ID>
	case r.Method == "POST" && n == 2 && p[0] == "records" && len(p[1]) > 0:
		if !requireLogin(username,…
John Nunemaker 

Acquiring Fireside

First, let's set the scene. It's Saturday, July 20th in South Bend, Indiana. My kids are playing in the driveway (yes they left their toys out) while my wife and I work on some tweaks to our camper.

My phone dings. Just kidding. My phone never dings. It's always on silent. Let's pretend it buzzes. And please pretend I actually feel it in my shorts pocket (hint: I never feel it buzz, ask my wife).

It's a text from Garrett...

The Text

Garrett: Wanna buy fireside?
Me: What is it? Is that the podcast thing? I mean I’m interested in all things that make money haha.
Garrett: Yes. Fireside.fm. Will do an intro. Dan’s down to talk.
Me: Called Dan. Went well. We’ll catch up soon. 🤷‍♂️ 😬

Ok, now let's fast…

Once a Maintainer 

Once a Maintainer: Nate Berkopec

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Nate Berkopec, maintainer of the Ruby web server Puma and expert on Rails performance. Nate lives in Tokyo where he runs Speedshop, a Rails performance consultancy.

Once a Maintainer is written by the team at Infield, a platform for managing open source upgrades.

How did you become a software developer?

I was going to school in New York, and I kind of knew I wanted to be involved in tech startups. I was just interested in the whole scene, but I didn’t really know how to get involved. So I was just going to meetups and stuff like that in college. And I had a professor…

Ruby on Rails 

Rails 8.0 Beta 1: No PaaS Required

Deploying modern web apps – with all the provisions needed to be fast and secure while easily updateable – has become so hard that many developers don’t dare do it without a PaaS (platform-as-a-service). But that’s ridiculous. Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable. That’s a job for open source, and Rails is ready to solve it.

That was the premise of my keynote here at Rails World, and it’s the mission for Rails 8. So we are thrilled to release the first beta release of this new version in celebration with Rails World here in Toronto.

Despite being a beta release, the vast majority of everything that’s included…

Mintbit 

Positional and Keyword Arguments in Ruby on Rails

Method parameters can be passed in different ways, allowing for flexible and readable code. Understanding the difference between positional arguments and keyword arguments is essential for writing clean and maintainable code.

To illustrate how these types of arguments can be used in practice, we’ll take a look at an example using an initialize method. This example will help clarify the distinction between positional arguments and keyword arguments in the context of a class constructor. While this initializer serves as a concrete example, the concepts apply broadly across Ruby methods.

Let’s break down these two types of arguments using the following example of an initialize method:

1
2
3…
Ruby on Rails 

Rails 8 beta, DHH keynote, fresh error pages, and more!

Hi, it’s zzak. Let’s jump into This Week in Rails!

Rails 8.0 beta 1 has been released!
The first beta of Rails 8 is out! While the release notes are getting ready, have a look at the changes and give it a go.

DHH keynote from Rails World
The first talk recording from Rails World is up, and David goes over everything that went into Rails 8 and beyond.

Tidy up the error pages
The error pages built into Rails have been updated, here’s a preview of the new look: Screenshot 2024-09-26 at 10 46 56 AM

Drop support to Ruby 3.1
Rails 8 will require Ruby 3.2.0 or newer.

Add TaggedLogging#logger constructor for more pleasant logging interface
This updates the default logger in production to use ActiveSupport::TaggedLogging.logger(S…

Make Active Model Serialization…

DEV Community: Brandon Weaver 

Let's Read - Eloquent Ruby - Ch 19

Perhaps my personal favorite recommendation for learning to program Ruby like a Rubyist, Eloquent Ruby is a book I recommend frequently to this day. That said, it was released in 2011 and things have changed a bit since then.

This series will focus on reading over Eloquent Ruby, noting things that may have changed or been updated since 2011 (around Ruby 1.9.2) to today (2024 — Ruby 3.3.x).

Chapter 19. Save Blocks to Execute Later

This chapter wraps up the book's tour into block functions with the idea that we can save blocks to be used later. That may sound abstract, as the previous concepts also did, but you'll find that it's very common to see around Ruby especially for…

Nithin Bekal 

Rails: Benchmark.ms deprecated

Today I stumbled upon this PR which deprecates the Benchmark.ms monkeypatch in Rails, without a replacement. It’s a handy method for instrumenting different parts of the code. Here’s how you might use it:

time_in_ms = Benchmark.ms { sleep 0.5 }
#=> 501.8

This will no longer work in Rails 8.1 (8.0 beta was just released today, so it will still work for some time). However, if you use it, you will see this deprecation warning in the logs:

`Benchmark.ms` is deprecated and will be removed in Rails 8.1 without replacement.

But if you look at the original implementation, all it does is call Benchmark.realtime, and multiply the time in seconds by 1000.

def ms(&blk)
  1000 * realtime(&blk)
e…

I think the easiest way…

37signals Dev 

Kamal 2.0 released

We’ve just released version 2 of Kamal, our deployment tool for running web apps directly on VMs or bare metal servers.

Kamal 1.0 was designed with 37signal’s use case in mind — deploying an application across multiple hosts, served with an external load balancer.

With Kamal 2.0 we’ve focused on making it simpler to use at any scale, whether you are deploying your app to 50 servers or deploying 5 apps to a single server.

What’s new?


New proxy

Kamal uses a proxy to seamlessly switch between application versions.

Previously we used Traefik, but its declarative discovery model made it a poor match for…

Awesome Ruby Newsletter 

💎 Issue 436 - Design Patterns in Ruby