Scorched Earth is an artillery style game (a la Gorillas that came with QBasic) and its mechanic has been elegantly recreated in Ruby here by James Moriarty.
If the string includes an invalid byte sequence for the encoding, #scrub replaces invalid bytes with a given replacement character.
A processor for Paperclip that allows you to optimize and minify uploaded JPG, PNG or GIF images by wrapping around ImageOptim.
Put common attributes in a single table, non-shared attributes in separate tables with foreign key references, and use object delegation so that each model transparently pulls what it needs from both.
With the recent release of Rails 4.0.0 Release Candidate 1, it’s time to try it out and report any bugs. Here, Ryan Bates walks us through the steps to upgrade a Rails 3.2 application to Rails 4.0.
So reassured of its quality, the Phusion crew decided to leap straight to a more trustworthy 4.0.1 for the first stable release of Passenger 4, the popular Nginx and Apache deployment and server module for Rack apps.
Dashing is a Sinatra based framework that lets you build beautiful dashboards.
- Use premade widgets, or fully create your own with scss, html, and coffeescript.
- Widgets harness the power of data bindings to keep things DRY and simple. Powered by batman.js.
- Use the API to push data to your dashboards, or make use of a simple ruby DSL for fetching data.
- Drag & Drop interface for re-arranging your widgets.
- Host your dashboards on Heroku in less than 30 seconds.
This project was created at Shopify for displaying custom dashboards on TVs around the office.
Secure defaults are critical to building secure systems. If a developer must take explicit action to enforce secure behavior, eventually even an experienced developer will forget to do so. For this reason, security experts say:
“Insecure by default is insecure.”
Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.
However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as well as inspire changes to Rails itself.
Ruby 2.0’s new lazy enumerator feature seems like magic. In case you haven’t tried it yet, it allows you to iterate over an infinite series of values and take just the values you want. It brings the functional programming concept of lazy evaluation to Ruby – at least for enumerations.
Avoid bloat! Keep that Gemfile slim.
See how many dependencies a gem has *before* adding it to your project.
For instance, try the bookmarklet on the devise gem.
It’s a scary world right now, guys. Your Twitter password can cause the Dow Jones to drop nearly 150 points and compel dozens of blogs to write breathless posts about the future of online journalism. You should be worried.
In order to help everyone out a little, we’ve created an algorithm that will examine your password and tell you if it’s secure enough. Spoiler alert: it isn’t.
There is a trivially exploitable remote code execution vulnerability in all versions of rails. The vulnerability is related to the XmlMini xml parser used by the rails ParamsParser which prepares the “params” object for ActionController.
By supplying YAML contents parsed via XML elements using “type=yaml” attackers can instantiate arbitrary objects in the rails runtime which can be exploited through core rails and application-defined method calls. Several exploitable conditions have been confirmed, the worst of which result in RCE via shell commands in the underlying system.
31 – Page and Action Caching Gem Extraction
30 – Generate Controller-Wide ETags
29 – Strong Parameters
28 – HTTP PATCH Verb
27 – Collection Form Helpers
26 – Observers Gem Extraction
25 – Rails.queue
24 – Renaming *_filter to *_action
23 – Asynchronous Action Mailer
22 – Not Equal support for Active Record queries
21 – Dalli replaces memcache-client
20 – Dynamic index.html
19 – ActiveModel::Model
18 – Register your own flash types
17 – ActiveRecord::SessionStore Gem Extraction
16 – New HTML5 Form Input Helpers
15 – Routing Concerns
14 – Rails 4 requires at least Ruby 1.9.3
13 – Sprockets Rails
12 – Russian Doll Caching & Cache Digests
11 – What’s new in Active Record
10 – MiniTest
9 – Rails::Plugin reaches end of life
8 – ActiveResource Gem Extraction
7 – Rails 4 is thread safe by default
6 – Schema Cache Dump
5 – Turbolinks
4 – ActiveModel Absence Validator
3 – A love affair with PostgreSQL
2 – Live Streaming
1 – Rails 4 Upgrading Guide
Following in the long tradition of Christmas Day MRI releases, this year we get Ruby 1.9.3-p362. It’s focused on bug fixes but also promises “Windows 8 support (hopefully).”
This is long and rambling, but has some interesting thoughts.
RailsPanel is a Chrome extension for Rails development that will end your tailing of development.log. Have all information about your Rails app requests in the browser – in the Developer Tools panel. Provides insight to db/rendering/total times, parameter list, rendered views and more.
Compare different code to see what runs faster.
As the name suggests, when a capybara test fails, the gem will automatically take a screenshot of what the browser rendered.
A lookahead to see what you can do now to your application ready.
The primary motivation was for fixing a couple of security vulnerabilities and a handful of bugs.
Andy Lindeman presents a 40 minute tour of some of the forthcoming Rails 4′s new features, including strong_parameters, Russian Doll caching, PATCH verb support, removal of Rails 2 finder syntax, and more.
Good ideas on how to break larger objects down into smaller ones.
JRuby and Rubinius support real multi-core concurrency. JRuby and Rubinius threads map to real OS threads, and neither Ruby implementations have a global interpreter lock. In contrast, MRI Ruby 1.8 uses userspace threading and so cannot take advantage of multi-core using a single process. MRI Ruby 1.9 has real OS threads, but also has a global interpreter lock and so still cannot take advantage of multi-core using a single process.
Most developers know enough about refactoring to write code that’s pretty good. They create short methods, and classes with one responsibility. They’re also familiar with a good handful of refactorings, and the code smells that motivate them.
This talk is about the next level of knowledge: the things advanced developers know that let them turn good code into great. Code that’s easy to read and a breeze to change.
Over the past several years I’ve been asked that question at conferences, panels and over twitter. Due to historical reasons (or maybe just plain laziness) Rake has (incorrectly) been treating the second digit of the version as the major release number. So in my head Rake was already at version 9.
Well, it’s time to fix things. This next version of Rake drops old, crufty, backwards compatibility hacks such as top level constants, DSL methods defined in Object and numerous other features that are just no longer desired. It’s also time to drop the leading zero from the version number as well and call this new version of rake what it really is: Version 10.
So, welcome to Rake 10.0!
Rake 10 is actually feature identical to the latest version of Rake 9 (that would be the version spelled 0.9.3), except that Rake 10 drops all the sundry deprecated features that have accumulated over the years.
If your Rakefile is up to date and current with all the new features of Rake 10, you are ready to go. If your Rakefile still uses a few deprecated feeatures, feel free to use Rake 9 (0.9.3) with the same feature set. Just be aware that future features will be in Rake 10 family line.
F-Secure posted about the ZeroAccess botnet and included some pictures showing where the infected computers are.
Using rvm 1.16.3 to install ruby 1.9.3-p286 and received this error my Ubuntu (9.04) server:
It seems your ruby installation is missing psych (for YAML output). To eliminate this warning, please install libyaml and reinstall your ruby.
I had to install libtool first:
sudo apt-get install libtool
Then install libyaml via RVM:
rvm pkg install libyaml
Then reinstalled Ruby with:
rvm reinstall all --force
The Rails Rumble is a distributed programming competition where teams of one to four people, from all over the world, have 48 hours to build an innovative web application, with Ruby on Rails or another Rack-based Ruby web framework. After the 48 hours are up, a panel of expert judges will pick the top ten winners.
Registration is closed, but there are some people around that signed up, so if you want to hop on a team, ask around.
Labrador is a web-based, database (agnostic) client for your development needs. With pow integration and automatic database connections, you’ll be browsing your postgres, mongodb, mysql, and sqlite databases after a single shell command.
David Heinemeier Hansson has unveiled a pjax-a-like Ajax-based full page replacement library that will ‘ship as default-on in Rails 4.0.’ Worth investigating.
Steve Klabnik puts out the call for folks to get involved with revitalizing the popular Resque project. If you’ve been itching to help out on a popular Ruby project, here’s a bat signal.
Avdi Grimm (of Exceptional Ruby fame) has launched a new subscription service focused around short Ruby screencasts. Here’s episode 1 which he’s offering as a sample
This version contains three important security fixes, please upgrade immediately.
- CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
- CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
- CVE-2012-3465 XSS Vulnerability in strip_tags
One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag’s prompt option and strip_tags helper from ActionPack.
We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.
For instance, this gist builds a basic command line ruby program with commands and options.
Specify the Ruby version and/or engine you want
ruby "1.9.3", :engine => "jruby", :engine_version => "1.6.7"
Package :git and :path Dependencies
bundle package --all
The bundle package command can also package :git and :path dependencies besides .gem files. This needs to be explicitly enabled via the –all option. Once used, the –all option will be remembered.
Local Git Repos
Now when developing against a remote git repository, you can use a local git repo and keep the remote version for deployment. You can do this by setting a local git override:bundle config local.GEM_NAME /path/to/local/git/repository
Then, you can use your local development copy with a standard command:
gem 'rack', :github => 'rack/rack', :branch => 'master'
For a full list, check out the Bundler 1.2 release CHANGELOG
xip.io allows you to test your application from your local network without setting up DNS. Testing in IE? Testing from iPad? Especially handy when you need subdomains to work or have multiple apps running on a port and need domain resolution.
rspec is getting a new expectation syntax.
foo.should eq(bar) foo.should_not eq(bar)
expect(foo).to eq(bar) expect(foo).not_to eq(bar)
Read the post to get more information about the new rspec syntax.
Rails 4.0 has
Rails.queue and this new feature allows you to push emails into the queue with code like:
class WelcomeMailer < ActionMailer::Base self.async = true end
When you call the mailer:
... you need to use ids and look the object up in the mailer, instead of marshalling the entire object, like so:
class WelcomeMailer < ActionMailer::Base def welcome(id) @user = User.find(id) ... end end
Engine Yard’s RailsInstaller has long been a popular way to install Rails, Ruby, Git, Sqlite and other tools in one hit on Windows. Now it’s here for OS X too.
Errbit is a tool for collecting and managing errors from other applications. It is Airbrake (formerly known as Hoptoad) API compliant, so if you are already using Airbrake, you can just point the airbrake gem to your Errbit server.
RubyMotion is a revolutionary toolchain for iOS.
It lets you quickly develop and test native iOS applications for iPhone or iPad, all using the awesome Ruby language you know and love.
RubyMotion is a Ruby compiler/framework for iOS that has recently taken the Ruby world by storm. Its creator, Laurent Sansonetti, has now open sourced parts (but not all) of the framework so that the community can contribute to and extend the platform.
Streaming APIs are great for pushing data from the backend to clients. They reduce resource usage because the server can decide when it’s a good time to send a incremental chunk of data. They can also improve the responsiveness of your user experience. The same HTTP API can be reused to power multiple different apps.
Avdi Grimm: Making Little Classes out of Big Ones
Dig into your app with the ‘app’ method, play with helpers, and find out where certain methods are defined (more a general 1.9 trick though).
Low level caching is very easy to get started with in Rails 3, but it seems to be missing from the official guides.
Why should you use low level caching, and what should you use it for? Maybe you have some data which you need regularly over multiple pages, e.g. a list of categories for your blog. You might want to display them on every page but they’re not going to need to be entirely up to date for every request.
Ryan Bigg presents a well-recorded ten minute tour of Rails engines, what they are, how they work in different versions of Rails, how to build them, and examples of their usage in Forem and Spree.
Slides: https://speakerdeck.com/u/jeg2/p/10-things-you-didnt-know-rails-could-do (all 234 of them!)
- Database (5)
- Kansas City (2)
- Programming (7)
- Ajax (1)
- Factories (1)
- Kansas City Ruby User Group (12)
- Ruby (24)
- Ruby on Rails (35)
- System (1)
- Version Control (9)
- Sysadmin (16)
- Group Policy (1)
- Tips (2)
- Videos (5)
We live and work in Kansas City, USA.
We're passionate about helping small businesses succeed and want to help you use technology to get more done.
From server, desktop, network management to programming custom web applications in Ruby on Rails, we're here to lend a hand.
Contact us if you have any questions!