Rubyland

Stephanie is back with a book recommendation: "Thinking in Systems" by Donella Meadows. This book has helped to bolster her understanding of complex systems in environmental, organizational, and software contexts, particularly through user interactions and system changes. Joël describes his transformative experience watching last week's total solar eclipse.

Together, they explore how systems thinking influences software development and team dynamics by delving into practical applications in writing and reading code, suggesting that understanding complex systems can aid developers in navigating and optimizing codebases and team interactions.

Transcript:

 JOËL: Hello and welcome…

Active Record introduced transaction callbacks recently. This change allows you to have a callback for the whole transaction, rather than to just have callbacks on a record’s after_commit event. To make this possible, ActiveRecord::Base.transaction yields a transaction object now and the callback can be registered on that:

3 popular UI patterns for keeping users informed about ongoing processes: the spinner, the X of Y pattern, and the progress bar, the pros and cons of each, and tips for choosing the one that best suits your needs.

Enhance the way your CLIs report progress to users. While there are many developer experience improvements we could make to most command-line apps, I see this one as absolutely essential. If you are creating an app or a shell script for a terminal emulator and you're pressed for time but can only squeeze in one more improvement, make sure it is how…

Welcome to my thenth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I fixed some DoS vectors in RubyGems.org.

Documentation for the compact index

I spent a few hours helping Martin write down some authoritative documentation for the compact index API, which should help implementers of other RubyGems package repositories support the format, which comes with some big security benefits (largely, the ability to verify gem checksums on download & install).

Re-introducing avatars to RubyGems.org

I spent a few…

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems News

This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup…

Some other important accomplishments from the team this month include:

Making gem install respect the umask of the target…:

• …

The Right Number of Cooks in the Kitchen 🔗

Today we’re going to make a stew. The recipe has three steps that can all run independently. But when they’re done, their output needs to come together to finish the stew.

We’ll set each step up as a separate Sidekiq job. The details of each step aren’t important for this demonstration.

class GetRawVeggiesWorker  include Sidekiq::Job  def perform; endendclass GetBaconWorker  include Sidekiq::Job  def perform; endendclass GetCupOfSoupWorker  include Sidekiq::Job  def perform; endend

We can enqueue these to run by themselves no problem. However, we need to know when they’re all done so we can finish our recipe. We can group these together using a Sidekiq…

Because good things come in threes.

Surprise! It’s a 3-Day Flash Sale. RailsConf Detroit is just over three weeks away. We'll be in Detroit for three days from May 7 -9. So for three days only join us at a DISCOUNTED price before we sell out! Sale ends Monday.

Grab your discounted tickets HERE!

Hi, it’s Greg. Let’s explore this week’s changes in the Rails codebase.

Fix union select parentheses
When building UNION or UNION ALL queries involving LIMIT or ORDER BY, Arel generated invalid SQL previously. This pull request changes Arel::Visitors::ToSql so that SELECT statements in Union and UnionAll nodes are enclosed in parentheses to avoid syntax errors.

Fix copying virtual columns when altering a table in SQLite3
When Rails alters a SQLite table, it creates a new table and copies the structure and data from the old one.
The problem is that virtual columns are incorrectly copied (copied as classic columns). This pull request fixes that.

Fix ActiveJob::EnqueueAfterTransactionCommit…
perform_later is supposed to return…

RubyGems 3.5.9 includes enhancements.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Enhancements:

• Installs bundler 2.5.9 as a default gem.

SHA256 Checksums:

• rubygems-3.5.9.tgz
  2b203642191e6bb9ece19075f62275a88526319b124684c46667415dca4363f1
• rubygems-3.5.9.zip
  e84246e89ddd8ac14844fc289e5c863346c67fdaa898c88a55438943397993b6
• rubygems-update-3.5.9.gem
  4825e486c53db8885978f5892357fd7c2c8bebb39601d66e24e9c2fe1d891cbd

After my previous post, How a Ruby Method Becomes a Rails Action, I got quite a few emails asking about the best way to read the Rails source code. Here's one from Peter, a long-time reader of the blog:

You have mentioned that you enjoy just reading the Rails source code. I am interested in going through the Rails source code but the code base is so large, I'm not quite sure where to start. Would you have a suggestion for someone like me, just learning Rails, to tackle this?

It just seems so overwhelming that I'm not quite sure where to start and how to proceed.

While I don't think there's one best way to read the Rails codebase, I've found a few techniques that are much more effective than…

In today’s episode, Jason, Chris, and Andrew, along with their guest, Irina Nazarova, CEO of Evil Martians, engage in a candid discussion that covers the intricacies of using Rails and integrating it with technologies like React, and the challenges of marketing developer-facing products. The discussion also touches on open-core business models, the relevance of Docker in current tech companies, and the future of software deployment. Also, Irina touches on a new tool from Thoughtbot called Superglue, a new open source product called Skooma, and she invites listeners to come to RailsConf and some Ruby meetups in San Francisco coming soon. Press download to hear more!

Panelists:
Jason Charnes
Ch…

Upcoming Conference Talks by thoughtbot

The year’s already gone by so fast; Since January 2024, thoughtbotters have already attended and presented talks at events like CCOSS and Sin City Ruby 2024.

Didn’t make it to these events? Don’t worry, we’ve got more amazing talks lined up for the spring and summer of 2024. Mark your calendars for these upcoming talks by thoughtbotters!

Tropical.RB: April 4-5

Tropical.RB brings together Rails developers from Latin America to talk about Rails and share knowledge.

The Fast Lane: Asynchronous Rails

Join Matheus, a senior developer at thoughtbot, at Tropical.RB on April 5, 2024, as we explore how to leverage…

RubyGems 3.5.8 includes security, enhancements and bug fixes.

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

## Security:

• Respect global umask when writing regular files. Pull request #7518 by deivid-rodriguez

## Enhancements:

• Allow string keys with gemrc. Pull request #7543 by hsbt
• [Experimental] Add “gem rebuild” command. Pull request #4913 by duckinator
• Installs bundler 2.5.8 as a default gem.

## Bug fixes:

• Fix NoMethodError crash when building errors about corrupt package files. Pull request #7539 by jez
• Fix resolver to properly intersect Arrays of Gem::Resolver::Activation objects.…

SHA256 Checksums:

• rubygems-3.5.8.tgz
  6ddd48fc8c53ec303b24b7517a6102477463c9929…

As of today, this site is also my canonical social media presence!

Notes on making this happen:

I’m using the ActivityPub and Webfinger plugins to make WordPress users into full-fledged Fediverse citizens.

I had a lot of trouble getting Mastodon to recognize this site as a valid target for an account move. Mastodon demands some not-so-standardized stuff to appear on the target site that effectively makes its vaunted “account mobility” only work with other Mastodon instances

First off I had to disable caching for user profile pages. To be fair this part wasn’t a Mastodon issue. I’m going to come back around later and see if I can re-introduce caching more in content-type-aware…

While writing about Git, I’ve noticed that a lot of folks struggle with Git’s error messages. I’ve had many years to get used to these error messages so it took me a really long time to understand why folks were confused, but having thought about it much more, I’ve realized that:

1. sometimes I actually am confused by the error messages, I’m just used to being confused
2. I have a bunch of strategies for getting more information when the error message git gives me isn’t very informative

So in this post, I’m going to go through a bunch of Git’s error messages, list a few things that I think are confusing about them for each one, and talk about what I do when I’m confused by the message.

imp…

Rails 7 and Hotwire have completely revolutionized server side Rails apps. Developers can now get much more reactivity with way less javascript, less tooling, and simpler deployments. You’ve probably heard a lot about Rails 7.1 and Hotwire. Maybe you’re even using it in production? Ayush Newatia joins the show to talk about his new book, The Rails and Howtire Codex.

Show Notes
Radioactive Toy - https://radioactivetoy.tech
Rails and Hotwire Codex - https://railsandhotwirecodex.com
Folly Ayush on Ruby Social - https://ruby.social/@ayush
Listen to Ayush on The Just A Spec Podcast - https://justaspec.show
Rails and Hotwire Codex Link https://railsandhotwirecodex.com/

The SuperFastRails joke

Before reading this one, you should read the previous article to understand fully.

If you don’t have a few extra minutes, here is a summary: I was describing a new revolutionary gem that could automatically optimize any Rails app. It could create missing indexes, remove unused indexes, optimize SQL queries, and handle dangerous migrations. All that without needing you to think about it.

That was of course an April fools’ joke. It worked pretty well, possibly too well:

Not going to consider you for a good long while until I get over the April 1st post. Boomed me good

A promise given is a debt. Now the joke is on you, my friend.

Sorry, that was quite a…

Miss the convenience of Rails when working in React? Tired of building React forms ever so slightly different from project to project? Prefer working with HTML over customizing the Rails form builder? Prefer HATEOAS? Boy, do I have the tool for you!

Introducing form_props, a new member of the React ❤️ Rails family, which includes props_template, humid, and superglue. It’s a fork of Rails’s own form_with, made to output HTML attributes instead of HTML so you can wield the power of Rails’s form in React, and even React Native!

How it works:

Within a jbuilder or props_template file: new.json.jbuilder or new.json.props

json.create_form do
  form_props(@post) do |f|
    f.text :title
    f.s…

Would output

{
  "createForm": {
    …

I recently left this comment on a Pragmatic Engineer review of Fred Brook’s Mythical Man Month in “What Changed in 50 Years of Computing: Part 2”. This was what I reacted to:

Software design and “the second-system effect”

Brooks covers an interesting phenomenon in Chapter 5: “The Second-System Effect.” He states that architects tend to design their first system well, but they over-engineer the second one, and carry this over-engineering habit on to future systems.

“This second system is the most dangerous system a [person] ever designs. When [they] do this and [their] third and later ones, [their] prior experiences will confirm each other as to the general characteristics of…

We use i18next to handle our localizationrequirement. We have written in great detail how we usei18next and react-i18next librariesin our applications.

As our translations grew, we realized instead of adding every combination of thetexts as separate entries in the translation file, we can reuse most of them byutilizing the i18next interpolation feature.

Interpolation isone of the most used functionalities in i18n. It allows integrating dynamicvalues into our translations.

{  "key": "{{what}} is {{how}}"}

i18next.t("key", { what: "i18next", how: "great" });// -> "i18next is great"

Problem

As we started to use interpolation more and more, we started seeing lot of textwith irregular casing. For…

If you’ve ever worked on a Rails project with a team, you’ve probably run into an issue with changes appearing in db/schema.rb. The Rails robots that make up Active Record do their best to be helpful by keeping your db/schema.rb file up to date. But while they’re doing that, they tend to inject a bunch of other unwanted changes.

Here’s an example from a project I’ve been working on:

@@ -102,7 +102,7 @@ ActiveRecord::Schema[7.0].define(version: 2024_02_06_230921) do

   create_table "active_storage_attachments", force: :cascade do |t|
     t.bigint "blob_id", null: false
-    t.datetime "created_at", null: false
+    t.datetime "created_at", precision: nil, null: false

In this…

We examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we'll not only introduce a new Ruby gem, Skooma, that will be a revelation for those who are ready to follow this path, you can also read on for practical tips and advice for jumping in.

In this post, we’ll examine approaches to API documentation, with a case for why the documentation-first approach is beneficial, plus, we’ll not only introduce a new Ruby gem that will be a revelation for those who are ready to follow this path, you can also read on…

Ruby’s NotImplementedError exception is often used as a placeholder in abstract classes for methods that should be implemented by subclasses. But did you know that this is not how this exception class was intended to be used?

How is it commonly (mis)used?

Let’s start with an example of a common usage pattern of NotImplementedError. We have a BaseSetting class, and we want to convey that anyone subclassing this should implement a to_html method.

class BaseSetting
  def to_html
    raise NotImplementedError
  end
end

class Text < BaseSetting
  def to_html
    "<input type='text'>"
  end
end

class Number < BaseSetting
  # Forgot to implement to_html
end

TextSetting.new.to_html   #=>…

In the above case, the Text setting class already implements to_html, If we’re introducing a new Number setting…

Joël conducted a thoughtbot mini-workshop on query plans, which Stephanie found highly effective due to its interactive format. They then discuss the broader value of interactive workshops over traditional talks for deeper learning.

Addressing listener questions, Stephanie and Joël explore the strategic use of if and else in programming for clearer code, the importance of thorough documentation in identifying bugs, and the use of Postgres' EXPLAIN ANALYZE, highlighting the need for environment-specific considerations in query optimization.

• Episode mentioning query plans
• Query plan visualizer
• RailsConf 2024
• Episode 349: Unpopular Opinions
• Squint test
• Episode 405: Retro on Sandi…

I unexpectedly wrote a second book. And I unexpectedly sold 300 copies while making it.

Idea

The idea of Kamal Handbook came after spending more time deploying with the tool and seeing my Kamal blog post trending.

But the thing was I didn’t want to write another book. And in fact, the main selling point of Deployment from Scratch was that it didn’t focus an any particular deploy tool.

Kamal changed this perspective for two reasons. I genuinely liked the tool and I could be the first author to publish something on Kamal. I wouldn’t do it if such a book existed.

So I conviced myself that if I can do this in ~ 5 weeks, I should.

Writing

The biggest change from my last book was giving…

For many applications, access is usually through a single domain, such as yourapp.com. This way, the application developer is able to offer a unified experience to all users. This works great most of the time, but imagine a situation where you need to give each user a customized experience; how would you achieve this?

One of the ways you can customize the user experience in a single application is by using account-based subdomains. Instead of giving users a single entry point into your app, offer them customized subdomains: user1.exampleapp.com, user2.exampleapp.com, and so forth. With account-based subdomains, you essentially give users an individualized entry point where they can manage…

In…

When talking to developers about gradual modularization, one of the questions is, “So… where are we headed?” That is, what is the destination of a modularization journey? These developers all work in a large, monolithic codebase-the large application that backs much of Gusto’s functionality. Based on discussions with our peers at different organizations, we know there are a whole bunch of companies in similar situations. These companies all have one thing in common, we’re using Ruby and Rails as a significant part of their backend systems.

We believe there is a juncture that all of these companies should strive to move their packages towards. This realization is based on working on…

RuboCop is a static code analyzer also linter and code formatter for the Ruby programming language. It will enforce the guidelines outlined in the community Ruby Style Guide.

It helps developers in ensuring adherence to coding style standards, identifying potential code flaws, and enhancing the overall quality of the codebase. In addition to identifying code problems, RuboCop also automatically corrects those issues.

Developers can adjust rules defined by Rubocop to match project coding standards.

Before Rails 8.0

Before Rails 8 we had to manually integrate Rubocop gem to our project.

We can simply install it like below.

gem install rubocop

or we can add it to the gemfile of the…

Our clients have seen big wins from our design sprints: rapid MVPs, design artifacts that set the project course, new investment funds, successful business pivots, and even design awards. This is the ideal way to kickstart the entire development process, bring founder ideas to life, and give Evil Martians a test drive.

Google originally introduced the Design Sprint methodology back in 2010. Since then, Evil Martians have customized that original framework to perfectly suit our clients’ needs. Today, the strength of the Martian Design…

Ruby blocks are simply amazing, and I’ve written about some of the cool things you can do with them.

But something which confused me early on as I learned Ruby and started using gems and frameworks was when to write a block vs. when to write an explicit proc or lambda.

For example, here’s some example code provided by Faraday, a popular HTTP client for Ruby:

conn = Faraday.new(url: 'http://httpbingo.org') do |builder|
  builder.request :authorization, 'Bearer', -> { MyAuthStorage.get_auth_token }
  # more code here...
end

As you can see, there are two different use of blocks/procs here. The first one is the one passed to Faraday.new — it yields builder so you can configure the request.…

I recently wrote a post over on the PlanetScale blog sharing how we make schema changes for our own Rails app.

In the post I share a couple concepts that might be new to you.

1. "Online" schema change tools
2. Separating rails db:migrate from deploys

If your team or app is starting to grow and you're wondering what to look out for next. Give it a read, I hope you find it helpful.

Back in 2014, I was doing quite well. I played poker professionally, essentially living my dream. But my career had to stop abruptly for health and financial reasons.

I looked for a new dream and found coding. It went OK most of the time; I liked the nerdy aspect of it. But it also came with severe dips and challenges that seemed unsurmountable. I was on the brink of switching studies to something like art history because I had considerable trouble passing a course exercise. I also ran away from what seemed like an undoable challenge, e.g., giving a talk in front of a big audience or finishing a coding project that appeared to have lost its purpose.

What if there was a way to see the other…

"I will teach you to be rich!"

"Everyone is a coach nowadays!"

"I'm looking for mentorship in sorting my socks."

"I'm not your guru!"

"No, I'm not a freelancer, I'm a consultant."

There are so many terms trying to explain training and helping relationships between human beings. With many terms comes confusion and misuse. What if there was a committee that would decide about the proper usage of those terms? How many mentees would be saved from being coached? How many minutes of podcasts could be unwasted trying to figure out the right terms to use?

Wait no longer. And don't wait for a committee. You can have your own definition right now.

Below is my unscientific digest about the differences…

As a Rails developer, you probably know what the following piece of code does.

# config/routes.rb

get "/about", to: "pages#about"


# controllers/pages_controller.rb

class PagesController < ApplicationController
  def about
    @title = "About Me"
  end
end

# views/pages/about.html.erb

<h1><%= @title %><h1>

As expected, it defines a route that directs a request to /about page to the PagesController#about method, which sets an instance variable @title that's displayed by the about.html.erb view.

Plain and simple.

Have you ever wondered how does an incoming HTTP request reaches the about method in the Rails controller? Like, who actually calls this method, what really happens before this…

Last week I spoke at the SF Bay Area Ruby Meetup, which was hosted at GitHub HQ, which made for an easy commute for me. Here’s the video and the slides. My talk was entitled “An OK compromise: Faster development by designing for the Rails autoloader”

Also, I haven’t shared here the 3 podcasts I did over the past few years. Here they are:

• The Ruby on Rails Podcast from September, 2021.
• GemRuby Show from September, 2023.
• The Ruby Rogues from January, 2024.

This post, A Ruby Meetup and 3 Podcasts, is published on Island94.org. Tweet me at @bensheldon to discuss it.

High traffic websites often use database replicas to scale out their reads. Most web traffic is a GET request anyway and never modifies data.

But how do you know when you should READ from the primary?

The answer is more complex than you might think. And it's important to understand the details.

Whenever data is updated on the primary, the change needs to be replicated to each of the replicas. The time this takes is known as “replication lag”.

You need to understand this concept to be able to work with replicas effectively.

Healthy replication lag is usually just a few milliseconds. But if you have a busy database, or are maybe running a schema change, it can grow to seconds…

Welcome to my ninth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I dealt with the fallout from the xz/liblzma backdoor. I also took a last minute trip to NY for a funeral, which was honestly more exhausting than firefighting the backdoor.

xz/liblzma backdoor

Thanks for ruining my Friday, Saturday, & Sunday, world. Like every other infosec professional, I spent several days chasing down the impact of the xz backdoor on RubyGems and the Ruby ecosystem writ large. The major product of those dozens of hours of…

Welcome to Once a Maintainer, where we interview open source maintainers and tell their story.

This week we’re talking to Jeremy Smith, co-host of the IndieRails podcast, organizer of the BlueRidge Ruby conference, and enthusiastic member of the Ruby and Rails communities.

Once a Maintainer is written by the team at Infield, a platform that helps companies upgrade their open source software without breaking things.

How did you get into programming?

So I distinctly remember seeing my first website when I was a teenager, probably 1995-96, something like that. I had dial up access to my dad's university Internet service because he was getting his PhD, so he had it as part of his program. I…

In today’s episode, Jason, Chris, and Andrew kick things off sharing things from their
personal and professional lives, touching upon various themes such as the peculiarities
of working on Good Friday, the journey from late-night adventures to morning rituals,
and the complexities of parenting. The discussion also dives into programming topics,
such as issues with using Rails, Turbo, and Stimulus for web development, and
experiences with React components. They share personal stories about the Sin City
Ruby conference, including the challenges and highlights of Jason’s live coding during
his presentation, the dynamics of attending without a ticket, networking among
colleagues, and exploring casinos…

Hi, Wojtek here exploring this week’s changes.

Rails World 2024 edition website is now live
With tickets going on sale in April.

Allow to register transaction callbacks outside of a record
ActiveRecord::Base.transaction now yields an ActiveRecord::Transaction object, which allows to register callbacks on it.

Article.transaction do |transaction|
  article.update(published: true)
  transaction.after_commit do
    PublishNotificationMailer.with(article: article).deliver_later
  end
end

Added ActiveRecord::Base.current_transaction which also allows to register callbacks on it.

Article.current_transaction.after_commit do
  PublishNotificationMailer.with(article: article).deliver_later
end

…

This is mainly a test post to verify that this blog is now on the Fediverse (via the ActivityPub plugin). Hi there, fedi-friends!

The post Hello, Fediverse first appeared on avdi.codes.

High-risk industries have regulatory compliance for a reason. While regulatory requirements might feel like a painful or tedious process, they build guardrails that save time and money in the long run.

Because no one person should be in a position to cause an aircraft component to fail.

Prior to joining Test Double in 2023, I had spent nearly the entirety of my professional career working in regulated software industries. With a decade of experience in aerospace, I learned how to implement the stories and code that made up a product while always staying within the scope of the regulations.

As I’ve moved away from regulated software industries and into DevOps consulting, I keep…

After 17 years dedicated to open source Ruby, Luca Guidi has stepped down from the Hanami and dry-rb projects.

In Luca’s place, I will step up as Hanami project lead. I also remain a committed member of the dry-rb core team.

As for Hanami, we’re continuing on the path we’ve followed over the last few years. 2.1 is now out the door, and 2.2 is next. As we plan for this release, you can look forward to seeing updates on our forum.

I’d like to extend a heartfelt thank you to Luca for all his contributions to Hanami and Ruby. Collaborating with Luca has been a true pleasure for me, and I’m very proud of what we’ve been able to create together in Hanami 2. I’m looking forward to extending…

RubyMine 2024.1 is now available!

At the heart of RubyMine 2024.1 lies its full line code completion feature, which is powered by a fully-integrated, advanced deep learning model. RubyMine 2024.1 also introduces support for the mise version manager, further streamlining the management of Ruby versions. This release includes improved AI Assistant and inspection updates tailored to Ruby 3.3.

Additionally, RubyMine 2024.1 enhances the development experience with features such as closing tags in ERB, the ability to run VCS commands with the current project’s SDK, and debase 3.0 support that is optimized for Ruby 3.3, enhancing debugging capabilities and ensuring seamless compatibility…

Programming with AI is still a highly divisive topic, but there’s no denying that more and more developers are starting to incorporate AI into their daily workflows. Whether you’ve already picked your side in the debate or are still undecided, we’ve got a new feature in v2024.1 of JetBrains IDEs that might just pique your interest – full line code completion. It’s AI-powered and runs locally without sending any data over the internet.

In this blog post, we’ll tell you more about what full line code completion is, how it works, what languages are supported, and how you can provide feedback about it to us.

What is full line code completion in JetBrains IDEs?

This new type of code…

Quem acompanhava meu canal no YouTube ou meu Instagram já acompanhou a saga com meu NAS (meu servidor pessoal), meu Synology DS1821+ com quase 80 TB de espaço.

Todos os videos do meu canal, incluindo os arquivos originais, estão lá. Só isso dá terabytes. Todo minha biblioteca do Steam está lá, são uns 4 terabytes. Todos os meus jogos antigos, retro-games, também, incluindo ISOs de Xbox 360 e PS3. São mais 4 terabytes. Toda minha coleção de discos Ultra HD (BluRay 4K) eu ripei (fiz backup), são mais alguns terabytes. Neste instante já estou usando mais de 50 terabytes.

Antes que venham dar palpite, sim, isso não é pra qualquer um. Estamos falando de 8 HDs de 10.9 TB, mais upgrade de 2…

Recently, I moved iPhones and wanted to open my 2FA keys with the App “Authenticator Plus” - But Apple has removed it from the App Store. Unfortunately, the developer has gone inactive and the app is abandoned, hopefully, they are all right :/

• App Store discussion
• r/AndroidQuestions PSA: Authenticator Plus, once the darling of 2FA apps, is now abandoned and no longer works

But, I still had the app on my old iPhone and wanted to extract the keys. Here is how I did it:

Retrieve database

The App-Store discussion above outlines most of what I repeat here. Also, this blog post helped a lot: Nigelsim.org: Extracting Authenticator Plus

The app is also released for Android, so it should…

The past few days have seen the security world focused on the revelation of the xz/liblzma backdoor. For more background, see this early writeup of the issue, this GitHub Gist, this detailed timeline, and the official detail page for CVE-2024-3094.

In response to the backdoor becoming public, we have done an internal audit not just of the software used to run RubyGems.org itself, but also every gem that has ever been published.

We are happy to report that RubyGems.org is not vulnerable to this issue. Furthermore, we are happy to confirm that no gem currently published on RubyGems.org contains the vulnerable liblzma library.

I would like to thank the rest of the RubyGems.org security team…

Recently I’ve been trying out Flutter to try to learn if and when I might want to reach for it on future projects. I enjoy learning by reading books, and this time I worked through Programming Flutter by Carmine Zaccagnino, published by The Pragmatic Programmers. It’s a great book that really helped me get some Flutter foundations under my belt. (Note: this isn’t an affiliate link and we aren’t receiving anything for recommending it; it’s just a great book!)

There was just one challenge working through the book: it was written in 2020, and both the Flutter framework and the Dart programming language have undergone some changes since then. Some were fairly easy to get past, and some…

Replace aasm with Rails Enum today

There’s a great chance that your Rails app contains one of the gems providing so called state machine implementation. There’s event a greater chance that it will be aasm formerly known as acts_as_state_machine. Btw. Who remembers acts_as_hasselhoff? — ok, boomer. The aasm does quite a lot when included into your ActiveRecord model — the question is do you really need all those things?

My problem with aasm

I was struck by reckless use of this gem so many times that first thing I do after joining a new project is running cat Gemfile | grep aasm and here comes the meme which I made ~1.5 years ago:

My main concern with use of this gem is that you probably…

Recently, we migrated one app’s cronjobs from using simple whenever Crontab to a more enhanced Sidekiq-Cron.

Whenever - The old way

We used to have a simple whenever setup in our Rails app. It was easy to use and worked well for a long time. You can define your cronjobs in a Ruby DSL and then generate a crontab file with whenever --update-crontab during deployment. The system crond will then execute the jobs very reliably. If you change the crontab at the end of the deployment you have also no downtime in the cronjobs.

Plus:

• Easy to define cronjobs,
• reliable execution with system crond on one machine
• Zero downtime during deployment by default

Minus:

• No monitoring by default…

Introduction

In the world of Kafka and its applications, utilizing regular expressions for topic subscriptions is a common strategy. This approach is particularly beneficial for dynamically managing data. For example it can be used to handle information from various zones without necessitating application redeployment for each new topic.

For instance, businesses operating across multiple zones in the USA might manage topics named:

• us01.operational_events,
• us02.operational_events,
• us03.operational_events

and so on.

Karafka (Ruby and Rails Apache Kafka framework) facilitates such operations with its routing patterns feature, which leverages regular expressions for topic detection.

Simplif…

Stephanie revisits the concept of "spiking"—a phase of exploration to determine the feasibility of a technical implementation or to address unknowns in feature requests—sharing her recent experiences with a legacy Rails application. Joël brings a different perspective by discussing his involvement with a client project that heavily utilizes the dry-rb suite of gems, highlighting the learning curve associated with adapting to new patterns and libraries.

Joël used to be much more idealistic and has moved to be more pragmatic. Stephanie has moved the other way. So together, Stephanie and Joël engage in a philosophical discussion on being an idealistic versus a pragmatic programmer.…

A whimsical (but useful!) code style guideline

Software engineers have lots of opinions about code style. Pick a number between 50 and 150 and somebody on the internet will adamantly argue that a line of code can have that many characters but no more!

Instead of a rigid numeric limit, consider adopting the delicious fruit-based Banana Rule:

🍌 A line of code should not be longer than a banana

I can already hear the detail oriented readers cringing at the imprecision of this rule.

This fuzziness is intentional, to dissuade excessive discussion. Agreeing on the perfect line length is less important than generally writing readable code. You probably won’t agree, anyway. Under the Banana Rule, if a…

Let’s understand what is Rate Limiting

Rate limiting is a technique used to control the rate of incoming requests or traffic to a server, API, or service. It helps in limiting the rate at which requests are processed which ensures system security and performance.

By restricting the rate of requests made by individual clients or IP addresses, helps in preventing abuse, such as denial-of-service attacks or brute-force login attempts.

Now question is how to do this in Rails.

Before Rails 8.0

Before Rails 8 there were different ways to implement rate limiting that depends on specific requirements and constraints. One such way of it is by using rack-attack gem.

To use this gem, we need to…

My new book “Sustainable Dev Environments with Docker and Bash” is now available for $19.99. It will teach you Docker and Bash fundamentals you can apply to build a dev environment for any tech stack, that runs on Windows, macOS, and Linux.

This isn’t just recipes to copy and paste (although you will see those for the running example). This explains what the difference is between a container and an image, how to navigate DockerHub to find the right images and use them properly. It also provides a basic strategy for how to install any software in a Docker image.

I have used the techniques and code in this book to maintain many different dev environments for my personal projects, as…

I noticed some tech bloggers I follow have been making April Cools Day posts about topics they don’t normally write about (like decaf or microscopes). The goal isn’t to trick anyone, just to write about something different for a day.

I thought those posts were fun so here is a post with some notes on learning to crochet tiny cacti.

first, the cacti

I’ve been trying to do some non-computer hobbies, without putting a lot of pressure on myself to be “good” at them. Here are some cacti I crocheted:

They are a little wonky and I like them.

a couple of other critters

Here are a couple of other things I made: an elephant, an orange guy, a much earlier attempt at a cactus, and an…

Introducing SuperFastRails!

We are releasing a gem to help developers write ultra-optimized code. The goal is to allow developers to write code as fast as possible without caring about performance. Rails scales; it’s just a matter of writing the correct code.

SuperFastRails automatically improves the requests in your Rails application. Thus, we focus only on the business logic and don’t have to think about indexes, 1+n queries, dangerous migrations, etc.

For the first version, SuperFastRails takes good care of the database layer. We want to keep adding more automatic optimizations in the future. Here is the list of the current automatic optimizations.

Create automatically missing…

This is a comeback story of sorts for Fullstack Ruby, but it’s more than that.

I’ll spare you the intimate details of my serious Ruby-flavored burnout in the back half of 2023—if you really care to you can read up on it here as part of the Bridgetown 2.0 kickoff announcement. (Did I mention I’m hard on work on the next version of Bridgetown? 😁)

TL;DR: I got thoroughly bummed about the state of the Rails & Turbo ecosystems due to a long series of epic fails (in this author’s opinion) on the part of DHH and the cult of personality surrounding him which should have resulted in his ouster but instead seemed to cause Rails/Turbo to slide into yet more sorta-mostly-but-not-really-open-source…

Active Record, Ruby on Rail’s ORM, has support for Prepared Statements that work if you structure your query for it. Because of my work on GoodJob, which can make a lot of nearly identical database queries every second to pop its job queue, I’ve invested a lot of time trying to make those queries as efficient as possible.

Prepared Statements are a database feature that allow the database to reuse query parsing and planning when queries are structurally the same. Prepared statements, at least in Postgres, are linked to the database connection/session and stored in memory in the database. This implies some things:

• There can be a performance benefit to making queries “preparable” for…

Welcome to my eighth update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I wrapped up the pure-Ruby proto implementation.

Plain Ruby Protos

I landed a massive PR that basically makes the implementation compliant! There are only a few failing test cases, and they relate to Ruby’s JSON parser being too lenient. I’m calling this project wrapped for now.

Greetings! I’m Emmanuel Hayford, here to bring you your weekly instalment of “This Week In Rails”. Let’s dive straight into it.   Two new guides are now open for community review. If you are well versed in Action View, partials, and helpers, please review and submit your feedback here:

• Action View Overview PR
• Action View Helpers PR

Add config.active_record.permanent_connection_checkout setting This setting determines the action taken when ActiveRecord::Base.connection is accessed: whether it raises an error, emits a deprecation warning, or does nothing.

ActiveRecord::Base.connection acquires a database connection from the pool and maintains it until the request or job concludes.…

On a recent client engagement fellow agent Josh and I discovered a useful TypeScript feature that I hadn’t encountered before.

The team we were working with had a utility function that had not yet been given type expectations due to its complex return type. This function could return a different type based on its input type. TypeScript provides a feature for solving this kind of complex return type called conditional types. Learning how to define a conditional return type allowed us to inform TypeScript about the condition, resulting in better type awareness in all code that called the function.

A function with two return types

Our client’s TypeScript codebase had a utility function…

Sin City Ruby 2024 was one of this year’s Ruby conferences that we, thoughtbot, were excited about. In this post, I will share why.

Jason Swett, the organizer, invited me to be one of the speakers. It was a great opportunity to talk about JavaScript testing for Ruby devs. Spoiler: an extended version of this topic will be presented at RailsConf 2024. Hoping to see you there :)

I am so grateful for the opportunity and for thoughtbot sponsoring my travel. Here are my takeaways and highlights from Sin City Ruby 2024.

Smaller conference, bigger connection

Attending a single-track conference is great: you don’t have to choose any talks. They have been chosen for you already.…

RailsConf always boasts an exciting variety of talks that highlight the creativity and interdisciplinary nature of the Ruby community. I thought it would be fun to curate a series highlighting our speakers' stories and their experiences in tech. Read on for today’s speaker spotlight…

Title of Talk

Crafting Rails Plugins

Speaker

Chris Oliver

How Did you get into Ruby?

I started with Rails in college working for a professor and then built my senior project in Rails.

What’s your favorite part about working on Open Source Software?

It's amazing how much you can learn and help other people with open source. Because the code isn't closed, we can achieve so much more.

What’s your least favorite part about…

ConcreteAPI is a project inspired by AbstractAPI.com.

AbstractAPI offers a set of utility APIs so you as the developer do not have to build a bunch of stuff that someone else already has a solution for. According to AbstractAPI, the most popular APIs are email address and phone validation APIs, Geolocation API and data enrichment API.

The goals of the ConcreteAPI project are:

• Instead of having those APIs, landing pages and docs scattered all over, have everything in one place using a great doc generation platform.
• Have SDKs for different languages auto-generated.
• Explore which parts can be open-sourced.
• If something has to be paid for, e.g. because ConcreteAPI needs to hit another paid API, have…

A new thing I’ve been trying while writing this Git zine is doing a bunch of polls on Mastodon to learn about:

• which git commands/workflows people use (like “do you use merge or rebase more?” or “do you put your current git branch in your shell prompt?”)
• what kinds of problems people run into with git (like “have you lost work because of a git problem in the last year or two?”)
• which terminology people find confusing (like “how confident do you feel that you know what HEAD means in git?”)
• how people think about various git concepts (“how do you think about git branches?”)
• in what ways my usage of git is “normal” and in what ways it’s “weird”. Where am I pretty similar to the majority of…

It’s been a lot of fun and some of the results have been surprising to me, so here are some of the results. I’m partly just posting these so that I can have them all in one place for myself to refer to, but maybe some of you will find them interesting too.

these polls are highly unscientific

Polls on social media that I thought about for approximately 45 seconds before posting are not the most rigorous way of doing user…

Let me tell you about what my day looks like in a codebase with no standards, no conventions, and no processes in place.

Every time I work on a new API endpoint, I wonder about:

• Which routing syntax should I pick from the four pre-existing syntaxes used in the file?
• Should I shallow nest my controller action as per SomeController or shouldn’t I shallow nest as per AnotherController?
• What about resource fetching? In a callback? Memoized perhaps?
• Am I to authorize the parent resource or the actual resource through Pundit? Why are there custom methods in our policies that do not match the methods from our controller?
• What about the methods of my controllers? CRUD? Not CRUD?…

Are you getting bored already? I know I am! And I did not even talk about models, service objects, jobs, serializers, or configuration.

These few questions are the thoughts that go through my brain before I can start working on my feature when there are no standards.

Not picking a standard or a convention…

Do you tune out Ruby deprecation warnings?

Looking into deprecation warnings is an essential habit to maintain an up-to-date tech stack. Thanks to the explicit configuration of ActiveSupport::Deprecation in the environment-specific configuration files, it’s quite common to handle deprecation warnings coming from Rails. However, I rarely see projects configured properly to handle deprecation warnings coming from Ruby itself. As we always want to keep both Rails and Ruby up-to-date, it’s crucial to handle both types of deprecation warnings.

How does Rails handle its deprecation warnings?

In the environment configuration files, Rails sets up the ActiveSupport::Deprecation like this:

#…

RailsConf is coming up fast! The program committee has released the schedule and keynote speakers. Ufuk Kayserilioglu joins the show to talk about the program and Ruby Central

Show Notes

• Kevin's blog post about RailsConf https://kevinjmurphy.com/posts/tracks-not-at-railsconf-2024/
• RailsConf website & registration https://railsconf.org/

If you have comments about this episode, send an email to comments@therubyonrailspodcast.com. You can include a text comment or attach a file from Voice Memos or Google Recorder and we’ll respond to some of them on a future show.

Sponsors
Honeybadger

As an Engineering Manager or an engineer, too much of your time gets sucked up with downtime…

Hello! Welcome to the March newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In February, Ruby Central's open source work was supported by Shopify, AWS, the German Sovereign Tech Fund (STF), as well as Ruby Central memberships from 29 other companies, including  Zendesk and Ruby Shield sponsor and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 174 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

Ruby Central Receives Alpha-Omega Grant

We’re thrilled to announce that we have been awarded a $250,000 grant…

• Backstory: from teacher to developer
• No one is safe from being laid off, and I’m not an exception
• The 6-month job search
• My job networking by the numbers
• The good news
• What’s next in my career?

Recently I wrote an upbeat how-to on job networking. Now comes the part where I pull back the curtain and tell how the job search really went.

Don’t worry, it’s not all depressing. I’ve waited for weeks to publish this post just so that I have some good news to share at the end.

Note: This post’s title specifies “early-career developer” only because I’m speaking from my own experience, not because only early-career developers are having a hard time. It’s a tough job market for…

When developing a web application, there could be numerous instances where wedeal with timers. The timer functions such as setTimeout, and setIntervalare basic browser APIs that all web developers are well acquainted with. Whentrying to implement something like a self-advancing timer, these timer APIs makethe job easy.

Let's consider a simple use case. In React, if we are asked to implement acountdown timer that updates the time on the screen every second, we can use thesetInterval method to get the job done.

const CountDownTimer = () => {  const [time, setTime] = useState(10);  useEffect(() => {    const interval = setInterval(() => {      setTime(time => {        if (time > 0) return time -…

Checklists are really useful to ensure you don’t forget certain things, so why not create one for your code review process? Here are my recommended checks:

From Bunnie Hung’s blog about exploring and designing an infrared chip imaging rig. I thought this is an interesting distinction between “low-effort” and “rapid” prototypes. I think the analogy in software would be a “Walking Skeleton that is production-like in architecture and deployment but does very little, versus building a demo using lightweight scripting and static site generators. (bolded text mine)

Sidebar: Iterate Through Low-Effort Prototypes (and not Rapid Prototypes)

With a rough idea of the problem I’m trying to solve, the next step is build some low-effort prototypes and learn why my ideas are flawed.

I purposely call this “low-effort” instead of “rapid” prototypes.…

There are many different ways that developer tools can visualize data, and some may not be so obvious. We examine 7 methods of displaying data, the pros and cons of each, real life cases, and we also share even more scenarios where you might leverage each type of graph.

Ever felt like your developer tools could display data in a more intelligent manner for your users? Fear not! In this post, we are exploring seven underrated data visualizations that fit right into the goldilocks zone: not too basic, not too complex. So, want to upgrade from the traditional bar and…

Ruby is my favorite programming language, thanks to the expressiveness, the focus on developer happiness and one of the best language communities out there. As a Ruby developer, I can get into a flow at will.

Another big part of Ruby’s shine: the rich ecosystem of gems and tools surrounding it.

Over the years, I have accumulated quite the toolbox when it comes to working with Ruby. Here are some of my personal favorites tools and gems. (I tried not to focus too much on Rails, but obviously Rails occupies a significant space in the Ruby world, so it’s hard to avoid.)

Feedback Loops

A tight feedback loop is a game changer. Shortening your feedback loop will always pay dividends. Here…

Joël shares his recent project challenge with Tailwind CSS, where classes weren't generating as expected due to the dynamic nature of Tailwind's CSS generation and pruning. Stephanie introduces a personal productivity tool, a "thinking cap," to signal her thought process during meetings, which also serves as a physical boundary to separate work from personal life.

The conversation shifts to testing methodologies within Rails applications, leading to an exploration of testing philosophies, including developers' assumptions about database cleanliness and their impact on writing tests.

• Avdi’s classic post on how to use database cleaner
• RSpec change matcher
• Command/Query separation
…

Transcript:

 STEPHANIE: Hello and welcome to…

Although I’ve occasionally used Github Copilot on VS Code, I never really got into using it inside neovim, which is my main editor. I had tried setting it up using Github’s copilot.vim plugin, but I never got it working with my setup.

Today I came across copilot-cmp, which allows loading Copilot suggestions as snippets in the completion menu provided by the nvim-cmp completion engine. This plugin depends on copilot.lua, a Lua rewrite of copilot.vim that plays well with neovim.

Setup

Add it to lazy.nvim config:

local plugins = {
  -- other plugins

  {
    "zbirenbaum/copilot-cmp",
    event = "InsertEnter",
    config = function () require("copilot_cmp").setup() end,
    dependencies = {…

Over the last couple of months, I’ve been working across multiple applications that use various CSS frameworks. Specifically: Bulma, Bootstrap and Tailwind. There are (at least) three distinct CSS frameworks within these applications because each of these apps have been developed over almost a decade and a half, and the flavour-of-the-month has changed a lot over that time. As people have worked on the systems, they have left the “fingerprints” of personal choices.

Three years ago, I became the Platform Tech Lead at Fat Zebra, which meant I was in charge of the technical side of things when it comes to our frontend. Part of this job meant standardising our frontend tech stack. At this…

Co-authored by Varsha Balasubramaniam

Stepping into a new career, whether you’re a recent graduate or shifting your professional focus, can feel overwhelming. Effectively navigating your new environment while expanding your knowledge and network presents a challenge that, if approached with care, can foster professional growth in many rewarding ways. In the early stages of your career, the choices you make and the resources you leverage can significantly shape the way in which you impact your community and contribute as a developer!

This series will outline tips and strategies that will make this daunting endeavor a bit more digestible and help you leverage the resources you’re given to…

tldr:

• The common belief that more developers mean faster delivery is wrong. Overstaffing creates communication complexity and can lead to the development of unnecessary or redundant features, introducing complexity that adds little value to the end product.
• Smaller teams have streamlined processes, clearer communication channels and reduced cross-team dependencies.
• Without effective product management oversight, it’s common to find teams mired in inefficient processes that hinder productivity and innovation.

Struggling to meet deadlines and ship quality products fast enough?

The knee-jerk reaction might be to throw more people at the problem — but more than a decade of experience…

Although I've never been a big fan of test-first approach of software development, on my current client project I decided to follow it for a change, and really enjoying it so far. To learn more about testing, I started reading this book last week. It's been a solid read, despite my initial scepticism of yet another testing book, and I wanted to share my learnings so far.

What follows is not my thoughts, interpretations, and opinions but a collection of my notes and highlights from the book. Although I don't agree with all the aspects of TDD, I think it's a useful technique that provides the discipline and pushes you to write tests proactively, instead of leaving them for later and never…

I was doing a challenge on Hack The Box(since it is still active, I don’t want to point out which one it was) and I solved it with a little Ruby script. The challenge was to bypass 2FA protection. At the login proccess, a SQL injection enabled to bypass the password verification, but there was a second factor. Based on the available source code, the second factor was a 4 digit code and it was valid for 5 minutes, so I tried to brute-force it with Burp Intruder, but after the 20th attempt, my IP got blocked. I looked at the codebase again, and noticed that the application accepts an X-Forwarded-For header. I thought this might enable me to brute-force the 2FA code. Unfortunately Intruder…

Hey everyone, Happy Weekend!
Vipul here with the latest updates for This Week in Rails. Let’s dive in.

Rails guides gets a facelift
Rails guides has a received a big design update!
Check out the Edge Guides to see these changes. If you find a bug or wish to submit a suggestion, you can open a discussion on GitHub.

Two new official gems
Solid Queue, a DB-based queuing backend for Active Job, has graduated to an official Rails gem.

Same for Mission Control — Jobs, which provides a Rails-based frontend to Active Job adapters. It currently supports Resque and Solid Queue.

Don’t enqueue jobs to process a preview image if no variant requires it
This PR fixes the issue where previewable…

Welcome to my seventh update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

The past week I was mostly on airplanes and working on sigstore & protobufs.

Sigstore Verification

What is there to say?

TUF Client

As I’ve mentioned before, this is also a part of the sigstore work. I’ve been working on a TUF client in Ruby, which is a bit of a challenge because TUF is so loosely defined and there is no conformance test suite to implement againt. Testing an implementation like this is by far the hardest part, and I sort of have run…

Hello! I know I just wrote a blog post about HEAD in git, but I’ve been thinking more about what the term “current branch” means in git and it’s a little weirder than I thought.

four possible definitions for “current branch”

1. It’s what’s in the file .git/HEAD. This is how the git glossary defines it.
2. It’s what git status says on the first line
3. It’s what you most recently checked out with git checkout or git switch
4. It’s what’s in your shell’s git prompt. I use fish_git_prompt so that’s what I’ll be talking about.

I originally thought that these 4 definitions were all more or less the same, but after chatting with some people on Mastodon, I realized that they’re more different from each…