Scorched Earth is an artillery style game (a la Gorillas that came with QBasic) and its mechanic has been elegantly recreated in Ruby here by James Moriarty.
If the string includes an invalid byte sequence for the encoding, #scrub replaces invalid bytes with a given replacement character.
A processor for Paperclip that allows you to optimize and minify uploaded JPG, PNG or GIF images by wrapping around ImageOptim.
Put common attributes in a single table, non-shared attributes in separate tables with foreign key references, and use object delegation so that each model transparently pulls what it needs from both.
With the recent release of Rails 4.0.0 Release Candidate 1, it’s time to try it out and report any bugs. Here, Ryan Bates walks us through the steps to upgrade a Rails 3.2 application to Rails 4.0.
So reassured of its quality, the Phusion crew decided to leap straight to a more trustworthy 4.0.1 for the first stable release of Passenger 4, the popular Nginx and Apache deployment and server module for Rack apps.
Dashing is a Sinatra based framework that lets you build beautiful dashboards.
- Use premade widgets, or fully create your own with scss, html, and coffeescript.
- Widgets harness the power of data bindings to keep things DRY and simple. Powered by batman.js.
- Use the API to push data to your dashboards, or make use of a simple ruby DSL for fetching data.
- Drag & Drop interface for re-arranging your widgets.
- Host your dashboards on Heroku in less than 30 seconds.
This project was created at Shopify for displaying custom dashboards on TVs around the office.
Secure defaults are critical to building secure systems. If a developer must take explicit action to enforce secure behavior, eventually even an experienced developer will forget to do so. For this reason, security experts say:
“Insecure by default is insecure.”
Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.
However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as well as inspire changes to Rails itself.
Ruby 2.0’s new lazy enumerator feature seems like magic. In case you haven’t tried it yet, it allows you to iterate over an infinite series of values and take just the values you want. It brings the functional programming concept of lazy evaluation to Ruby – at least for enumerations.
Avoid bloat! Keep that Gemfile slim.
See how many dependencies a gem has *before* adding it to your project.
For instance, try the bookmarklet on the devise gem.
It’s a scary world right now, guys. Your Twitter password can cause the Dow Jones to drop nearly 150 points and compel dozens of blogs to write breathless posts about the future of online journalism. You should be worried.
In order to help everyone out a little, we’ve created an algorithm that will examine your password and tell you if it’s secure enough. Spoiler alert: it isn’t.
There is a trivially exploitable remote code execution vulnerability in all versions of rails. The vulnerability is related to the XmlMini xml parser used by the rails ParamsParser which prepares the “params” object for ActionController.
By supplying YAML contents parsed via XML elements using “type=yaml” attackers can instantiate arbitrary objects in the rails runtime which can be exploited through core rails and application-defined method calls. Several exploitable conditions have been confirmed, the worst of which result in RCE via shell commands in the underlying system.
31 – Page and Action Caching Gem Extraction
30 – Generate Controller-Wide ETags
29 – Strong Parameters
28 – HTTP PATCH Verb
27 – Collection Form Helpers
26 – Observers Gem Extraction
25 – Rails.queue
24 – Renaming *_filter to *_action
23 – Asynchronous Action Mailer
22 – Not Equal support for Active Record queries
21 – Dalli replaces memcache-client
20 – Dynamic index.html
19 – ActiveModel::Model
18 – Register your own flash types
17 – ActiveRecord::SessionStore Gem Extraction
16 – New HTML5 Form Input Helpers
15 – Routing Concerns
14 – Rails 4 requires at least Ruby 1.9.3
13 – Sprockets Rails
12 – Russian Doll Caching & Cache Digests
11 – What’s new in Active Record
10 – MiniTest
9 – Rails::Plugin reaches end of life
8 – ActiveResource Gem Extraction
7 – Rails 4 is thread safe by default
6 – Schema Cache Dump
5 – Turbolinks
4 – ActiveModel Absence Validator
3 – A love affair with PostgreSQL
2 – Live Streaming
1 – Rails 4 Upgrading Guide
Following in the long tradition of Christmas Day MRI releases, this year we get Ruby 1.9.3-p362. It’s focused on bug fixes but also promises “Windows 8 support (hopefully).”
This is long and rambling, but has some interesting thoughts.
RailsPanel is a Chrome extension for Rails development that will end your tailing of development.log. Have all information about your Rails app requests in the browser – in the Developer Tools panel. Provides insight to db/rendering/total times, parameter list, rendered views and more.
Compare different code to see what runs faster.
As the name suggests, when a capybara test fails, the gem will automatically take a screenshot of what the browser rendered.
A lookahead to see what you can do now to your application ready.
The Rails Rumble is a distributed programming competition where teams of one to four people, from all over the world, have 48 hours to build an innovative web application, with Ruby on Rails or another Rack-based Ruby web framework. After the 48 hours are up, a panel of expert judges will pick the top ten winners.
Registration is closed, but there are some people around that signed up, so if you want to hop on a team, ask around.
Labrador is a web-based, database (agnostic) client for your development needs. With pow integration and automatic database connections, you’ll be browsing your postgres, mongodb, mysql, and sqlite databases after a single shell command.
David Heinemeier Hansson has unveiled a pjax-a-like Ajax-based full page replacement library that will ‘ship as default-on in Rails 4.0.’ Worth investigating.
Steve Klabnik puts out the call for folks to get involved with revitalizing the popular Resque project. If you’ve been itching to help out on a popular Ruby project, here’s a bat signal.
Avdi Grimm (of Exceptional Ruby fame) has launched a new subscription service focused around short Ruby screencasts. Here’s episode 1 which he’s offering as a sample
This version contains three important security fixes, please upgrade immediately.
- CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
- CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
- CVE-2012-3465 XSS Vulnerability in strip_tags
One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag’s prompt option and strip_tags helper from ActionPack.
We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.
For instance, this gist builds a basic command line ruby program with commands and options.
Specify the Ruby version and/or engine you want
ruby "1.9.3", :engine => "jruby", :engine_version => "1.6.7"
Package :git and :path Dependencies
bundle package --all
The bundle package command can also package :git and :path dependencies besides .gem files. This needs to be explicitly enabled via the –all option. Once used, the –all option will be remembered.
Local Git Repos
Now when developing against a remote git repository, you can use a local git repo and keep the remote version for deployment. You can do this by setting a local git override:bundle config local.GEM_NAME /path/to/local/git/repository
Then, you can use your local development copy with a standard command:
gem 'rack', :github => 'rack/rack', :branch => 'master'
For a full list, check out the Bundler 1.2 release CHANGELOG
xip.io allows you to test your application from your local network without setting up DNS. Testing in IE? Testing from iPad? Especially handy when you need subdomains to work or have multiple apps running on a port and need domain resolution.
rspec is getting a new expectation syntax.
foo.should eq(bar) foo.should_not eq(bar)
expect(foo).to eq(bar) expect(foo).not_to eq(bar)
Read the post to get more information about the new rspec syntax.
Rails 4.0 has
Rails.queue and this new feature allows you to push emails into the queue with code like:
class WelcomeMailer < ActionMailer::Base self.async = true end
When you call the mailer:
... you need to use ids and look the object up in the mailer, instead of marshalling the entire object, like so:
class WelcomeMailer < ActionMailer::Base def welcome(id) @user = User.find(id) ... end end
Engine Yard’s RailsInstaller has long been a popular way to install Rails, Ruby, Git, Sqlite and other tools in one hit on Windows. Now it’s here for OS X too.
Errbit is a tool for collecting and managing errors from other applications. It is Airbrake (formerly known as Hoptoad) API compliant, so if you are already using Airbrake, you can just point the airbrake gem to your Errbit server.
RubyMotion is a revolutionary toolchain for iOS.
It lets you quickly develop and test native iOS applications for iPhone or iPad, all using the awesome Ruby language you know and love.
RubyMotion is a Ruby compiler/framework for iOS that has recently taken the Ruby world by storm. Its creator, Laurent Sansonetti, has now open sourced parts (but not all) of the framework so that the community can contribute to and extend the platform.
Streaming APIs are great for pushing data from the backend to clients. They reduce resource usage because the server can decide when it’s a good time to send a incremental chunk of data. They can also improve the responsiveness of your user experience. The same HTTP API can be reused to power multiple different apps.
Avdi Grimm: Making Little Classes out of Big Ones
Dig into your app with the ‘app’ method, play with helpers, and find out where certain methods are defined (more a general 1.9 trick though).
Low level caching is very easy to get started with in Rails 3, but it seems to be missing from the official guides.
Why should you use low level caching, and what should you use it for? Maybe you have some data which you need regularly over multiple pages, e.g. a list of categories for your blog. You might want to display them on every page but they’re not going to need to be entirely up to date for every request.
Ryan Bigg presents a well-recorded ten minute tour of Rails engines, what they are, how they work in different versions of Rails, how to build them, and examples of their usage in Forem and Spree.
Slides: https://speakerdeck.com/u/jeg2/p/10-things-you-didnt-know-rails-could-do (all 234 of them!)
At the beginning of each Kansas City Ruby meeting, I do a quick presentation on some new neat things from the last month in Ruby news.
What’s New In Ruby
Ruby on Rails 3.2 released
- Faster development mode
- End of Ruby 1.8.7
- Automatically shows when > half a second
class User < ActiveRecord::Base store :settings, accessors: [ :color, :homepage ] end
u = User.new(color: 'black', homepage: '37signals.com') u.color # Accessor stored attribute
# Any attribute, even if not specified with an accessor u.settings[:country] = 'Denmark'
RubyMine 4.0 released
RubyMine is a popular Ruby and Rails IDE by JetBrains (the folks behind IntelliJ IDEA).
A focus has been put on improving its performance and UI, but it now also supports all of Rails 3.2 features, including CoffeeScript compilation right from the IDE.
Spree 1.0 Released
Spree is almost certainly the most popular, fully featured Rails-based e-commerce system and its creators are proud to announce the release of version 1.0.0.
The Github backed Capistrano deployment management UI.
Guard::RSpectacle automatically tests your application with RSpec when files are modified.
Luke Pillow present to the Kansas City Ruby Users Group on Jeweler and Gemcutter rubygems.org.
Also, Luke is helping to organize the Ruby Midwest conference, so you should check that out.
Ryan Smith presents to the Kansas City Ruby Users Group on Heroku: why it’s wonderful for deploying Ruby on Rails applications, how to set up a new application and deploy it to Heroku in minutes, and how to use Heroku add-ons to support search.
- Database (5)
- Kansas City (2)
- Programming (7)
- Ajax (1)
- Factories (1)
- Kansas City Ruby User Group (12)
- Ruby (24)
- Ruby on Rails (35)
- System (1)
- Version Control (9)
- Sysadmin (16)
- Group Policy (1)
- Tips (2)
- Videos (5)
We live and work in Kansas City, USA.
We're passionate about helping small businesses succeed and want to help you use technology to get more done.
From server, desktop, network management to programming custom web applications in Ruby on Rails, we're here to lend a hand.
Contact us if you have any questions!