What’s New In Ruby: May 2013 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
A Scorched Earth Game in Ruby with OpenGL/Gosu/Chingu
Scorched Earth is an artillery style game (a la Gorillas that came with QBasic) and its mechanic has been elegantly recreated in Ruby here by James Moriarty.
String#scrub Method Added to Edge Ruby (Ruby 2.1)
If the string includes an invalid byte sequence for the encoding, #scrub replaces invalid bytes with a given replacement character.
PaperclipOptimizer: Minify JPEG and PNG Attachments Received via Paperclip
A processor for Paperclip that allows you to optimize and minify uploaded JPG, PNG or GIF images by wrapping around ImageOptim.
Better Single-Table Inheritance through Model Delegation
Put common attributes in a single table, non-shared attributes in separate tables with foreign key references, and use object delegation so that each model transparently pulls what it needs from both.
Popular Ruby-based Static Site Generator Jekyll Reaches 1.0
Railscasts: Upgrading to Rails 4
With the recent release of Rails 4.0.0 Release Candidate 1, it’s time to try it out and report any bugs. Here, Ryan Bates walks us through the steps to upgrade a Rails 3.2 application to Rails 4.0.
Phusion Passenger 4.0.1 released
So reassured of its quality, the Phusion crew decided to leap straight to a more trustworthy 4.0.1 for the first stable release of Passenger 4, the popular Nginx and Apache deployment and server module for Rack apps.
What’s New In Ruby: April 2013 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
Dashing –
The exceptionally handsome dashboard framework.
Dashing is a Sinatra based framework that lets you build beautiful dashboards.
Key features:
- Use premade widgets, or fully create your own with scss, html, and coffeescript.
- Widgets harness the power of data bindings to keep things DRY and simple. Powered by batman.js.
- Use the API to push data to your dashboards, or make use of a simple ruby DSL for fetching data.
- Drag & Drop interface for re-arranging your widgets.
- Host your dashboards on Heroku in less than 30 seconds.
This project was created at Shopify for displaying custom dashboards on TVs around the office.
Rails’ Insecure Defaults:
13 Security Gotchas You Should Know About
Secure defaults are critical to building secure systems. If a developer must take explicit action to enforce secure behavior, eventually even an experienced developer will forget to do so. For this reason, security experts say:
“Insecure by default is insecure.”
Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.
However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as well as inspire changes to Rails itself.
Ruby 2.0 Works Hard So You Can Be Lazy
Ruby 2.0’s new lazy enumerator feature seems like magic. In case you haven’t tried it yet, it allows you to iterate over an infinite series of values and take just the values you want. It brings the functional programming concept of lazy evaluation to Ruby – at least for enumerations.
GemLou.pe: View the full dependency tree for any ruby gem.
Avoid bloat! Keep that Gemfile slim.
See how many dependencies a gem has *before* adding it to your project.
For instance, try the bookmarklet on the devise gem.
Is My Twitter Password Secure?
It’s a scary world right now, guys. Your Twitter password can cause the Dow Jones to drop nearly 150 points and compel dozens of blogs to write breathless posts about the future of online journalism. You should be worried.
In order to help everyone out a little, we’ve created an algorithm that will examine your password and tell you if it’s secure enough. Spoiler alert: it isn’t.
What’s New in Ruby: January 2013 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
Upgrade your Rails apps.
There is a trivially exploitable remote code execution vulnerability in all versions of rails. The vulnerability is related to the XmlMini xml parser used by the rails ParamsParser which prepares the “params” object for ActionController.
By supplying YAML contents parsed via XML elements using “type=yaml” attackers can instantiate arbitrary objects in the rails runtime which can be exploited through core rails and application-defined method calls. Several exploitable conditions have been confirmed, the worst of which result in RCE via shell commands in the underlying system.
31 articles about Rails 4
31 – Page and Action Caching Gem Extraction
30 – Generate Controller-Wide ETags
29 – Strong Parameters
28 – HTTP PATCH Verb
27 – Collection Form Helpers
26 – Observers Gem Extraction
25 – Rails.queue
24 – Renaming *_filter to *_action
23 – Asynchronous Action Mailer
22 – Not Equal support for Active Record queries
21 – Dalli replaces memcache-client
20 – Dynamic index.html
19 – ActiveModel::Model
18 – Register your own flash types
17 – ActiveRecord::SessionStore Gem Extraction
16 – New HTML5 Form Input Helpers
15 – Routing Concerns
14 – Rails 4 requires at least Ruby 1.9.3
13 – Sprockets Rails
12 – Russian Doll Caching & Cache Digests
11 – What’s new in Active Record
10 – MiniTest
9 – Rails::Plugin reaches end of life
8 – ActiveResource Gem Extraction
7 – Rails 4 is thread safe by default
6 – Schema Cache Dump
5 – Turbolinks
4 – ActiveModel Absence Validator
3 – A love affair with PostgreSQL
2 – Live Streaming
1 – Rails 4 Upgrading Guide
Ruby 1.9.3-p362 is released
Following in the long tradition of Christmas Day MRI releases, this year we get Ruby 1.9.3-p362. It’s focused on bug fixes but also promises “Windows 8 support (hopefully).”
DHH on the Parley list
This is long and rambling, but has some interesting thoughts.
RailsPanel
RailsPanel is a Chrome extension for Rails development that will end your tailing of development.log. Have all information about your Rails app requests in the browser – in the Developer Tools panel. Provides insight to db/rendering/total times, parameter list, rendered views and more.
Benchmarking with Ruby
Compare different code to see what runs faster.
Easier debugging with capybara-screenshot
As the name suggests, when a capybara test fails, the gem will automatically take a screenshot of what the browser rendered.
Get your app ready for Rails 4
A lookahead to see what you can do now to your application ready.
What’s new in Ruby: October 2012 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
Rails Rumble 2012
The Rails Rumble is a distributed programming competition where teams of one to four people, from all over the world, have 48 hours to build an innovative web application, with Ruby on Rails or another Rack-based Ruby web framework. After the 48 hours are up, a panel of expert judges will pick the top ten winners.
Registration is closed, but there are some people around that signed up, so if you want to hop on a team, ask around.
Labrador
Labrador is a web-based, database (agnostic) client for your development needs. With pow integration and automatic database connections, you’ll be browsing your postgres, mongodb, mysql, and sqlite databases after a single shell command.
Turbolinks: Rails 4 to Get Ajax-based Page Loading by Default
David Heinemeier Hansson has unveiled a pjax-a-like Ajax-based full page replacement library that will ‘ship as default-on in Rails 4.0.’ Worth investigating.
Rescuing Resque: Let’s Do This
Steve Klabnik puts out the call for folks to get involved with revitalizing the popular Resque project. If you’ve been itching to help out on a popular Ruby project, here’s a bat signal.
RubyTapas Episode 1: Binary Literals
Avdi Grimm (of Exceptional Ruby fame) has launched a new subscription service focused around short Ruby screencasts. Here’s episode 1 which he’s offering as a sample
What’s new in Ruby: September 2012 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
Rails 3.2.8 Released: important security fixes
This version contains three important security fixes, please upgrade immediately.
- CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
- CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
- CVE-2012-3465 XSS Vulnerability in strip_tags
One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag’s prompt option and strip_tags helper from ActionPack.
We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.
User Thor to Build a Command Line Interface
For instance, this gist builds a basic command line ruby program with commands and options.
Bundler 1.2 Released
Specify the Ruby version and/or engine you want
ruby "1.9.3", :engine => "jruby", :engine_version => "1.6.7"
Package :git and :path Dependencies
bundle package --all
The bundle package command can also package :git and :path dependencies besides .gem files. This needs to be explicitly enabled via the –all option. Once used, the –all option will be remembered.
Local Git Repos
Now when developing against a remote git repository, you can use a local git repo and keep the remote version for deployment. You can do this by setting a local git override:bundle config local.GEM_NAME /path/to/local/git/repository
Then, you can use your local development copy with a standard command:
gem 'rack', :github => 'rack/rack', :branch => 'master'
For a full list, check out the Bundler 1.2 release CHANGELOG
What’s New in Ruby: The August 2012 edition
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
Pow 0.4 with xip.io support
xip.io allows you to test your application from your local network without setting up DNS. Testing in IE? Testing from iPad? Especially handy when you need subdomains to work or have multiple apps running on a port and need domain resolution.
rspec’s new expectation syntax
rspec is getting a new expectation syntax.
Now:
foo.should eq(bar) foo.should_not eq(bar)
Then:
expect(foo).to eq(bar) expect(foo).not_to eq(bar)
Read the post to get more information about the new rspec syntax.
Rails 4.0 Sneak Peek: Asynchronous ActionMailer
Rails 4.0 has Rails.queue and this new feature allows you to push emails into the queue with code like:
class WelcomeMailer < ActionMailer::Base self.async = true end
When you call the mailer:
WelcomeMailer.welcome(@user.id).deliver
... you need to use ids and look the object up in the mailer, instead of marshalling the entire object, like so:
class WelcomeMailer < ActionMailer::Base
def welcome(id)
@user = User.find(id)
...
end
end
What’s New in Ruby: The June 2012 edition
Posted by Wes in Kansas City Ruby User Group, Programming, Ruby, Ruby on Rails, Videos 
No comments 12
Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper’s fantastic Ruby Weekly selections, along with other items picked up around the web.
RailsInstaller for OS X: Ruby, Rails, Git, and More in One Download
Engine Yard’s RailsInstaller has long been a popular way to install Rails, Ruby, Git, Sqlite and other tools in one hit on Windows. Now it’s here for OS X too.
Errbit: The open source error catcher
Errbit is a tool for collecting and managing errors from other applications. It is Airbrake (formerly known as Hoptoad) API compliant, so if you are already using Airbrake, you can just point the airbrake gem to your Errbit server.
RubyMotion
RubyMotion is a revolutionary toolchain for iOS.
It lets you quickly develop and test native iOS applications for iPhone or iPad, all using the awesome Ruby language you know and love.
Parts of RubyMotion Open Sourced
RubyMotion is a Ruby compiler/framework for iOS that has recently taken the Ruby world by storm. Its creator, Laurent Sansonetti, has now open sourced parts (but not all) of the framework so that the community can contribute to and extend the platform.
Building Streaming REST APIs with Ruby
Streaming APIs are great for pushing data from the backend to clients. They reduce resource usage because the server can decide when it’s a good time to send a incremental chunk of data. They can also improve the responsiveness of your user experience. The same HTTP API can be reused to power multiple different apps.
Avdi Grimm: Making Little Classes out of Big Ones
Lunch n’ Learn #1 with Avdi Grimm: Making Little Classes out of Big Ones from Hashrocket on Vimeo.
Three quick Rails console tips
Dig into your app with the ‘app’ method, play with helpers, and find out where certain methods are defined (more a general 1.9 trick though).
Everyone should be using low level caching in Rails
Low level caching is very easy to get started with in Rails 3, but it seems to be missing from the official guides.
Why should you use low level caching, and what should you use it for? Maybe you have some data which you need regularly over multiple pages, e.g. a list of categories for your blog. You might want to display them on every page but they’re not going to need to be entirely up to date for every request.
10 Minutes on Rails Engines
Ryan Bigg presents a well-recorded ten minute tour of Rails engines, what they are, how they work in different versions of Rails, how to build them, and examples of their usage in Forem and Spree.
Ten Things You Didn’t Know Rails Could Do by James Edward Gray II
Slides: https://speakerdeck.com/u/jeg2/p/10-things-you-didnt-know-rails-could-do (all 234 of them!)
Kansas City Ruby: What’s New in Ruby – February 2012
Posted by Wes in Blog, Kansas City, Kansas City Ruby User Group, Ruby, Ruby on Rails No comments 22
At the beginning of each Kansas City Ruby meeting, I do a quick presentation on some new neat things from the last month in Ruby news.
What’s New In Ruby
February 2012
Ruby on Rails 3.2 released
http://weblog.rubyonrails.org/
- Faster development mode
- End of Ruby 1.8.7
-
puts Person.active.limit(5).explain
- Automatically shows when > half a second
- TaggedLogger
ActiveRecord Store
class User < ActiveRecord::Base store :settings, accessors: [ :color, :homepage ] end
u = User.new(color: 'black', homepage: '37signals.com') u.color # Accessor stored attribute
# Any attribute, even if not specified with an accessor u.settings[:country] = 'Denmark'
RubyMine 4.0 released
http://blog.jetbrains.com/ruby/2012/02/rubymine-4-is-here-to-make-you-feel-the-productivity/
RubyMine is a popular Ruby and Rails IDE by JetBrains (the folks behind IntelliJ IDEA).
A focus has been put on improving its performance and UI, but it now also supports all of Rails 3.2 features, including CoffeeScript compilation right from the IDE.
Spree 1.0 Released
Spree is almost certainly the most popular, fully featured Rails-based e-commerce system and its creators are proud to announce the release of version 1.0.0.
Strano
https://github.com/joelmoss/strano
The Github backed Capistrano deployment management UI.
Guard::RSpectacle
https://github.com/netzpirat/guard-rspectacle
Guard::RSpectacle automatically tests your application with RSpec when files are modified.
Lightning Talks
Kansas City Ruby Users: Luke Pillow on Jeweler
Luke Pillow present to the Kansas City Ruby Users Group on Jeweler and Gemcutter rubygems.org.
Also, Luke is helping to organize the Ruby Midwest conference, so you should check that out.
Kansas City Ruby Users Group | March 2010 | Luke Pillow | Jeweler for Rubygems | kcrug.org from Wes Garrison on Vimeo.
Kansas City Ruby Users: Ryan Smith on Heroku
Ryan Smith presents to the Kansas City Ruby Users Group on Heroku: why it’s wonderful for deploying Ruby on Rails applications, how to set up a new application and deploy it to Heroku in minutes, and how to use Heroku add-ons to support search.
Kansas City Ruby Users Group | March 2010 | Ryan Smith | Heroku | kcrug.org from Wes Garrison on Vimeo.