| |||||||||||||||||||
This Week's Ruby News - Issue 130
Ruby Weekly - A Weekly Ruby Newsletter Issue #130 - January 31, 2013 ================================================================================ This Week's Security Updates ---------------------------- RubyGems.org Compromised http://news.ycombinator.com/item?id=5139583 I wouldn't normally link to a Hacker News discussion but it's a great source of information. Basically, a gem was pushed to RubyGems.org that took advantage of a YAML-parsing vulnerability to break into some of the site's configuration files, prompting a widespread security alert. (Things have now died down a bit, thankfully.) Rails 3.0.20, and 2.3.16 Released Due to JSON Vulnerabilities http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-... Fresh security fixes are out for the Rails 3.0.x and 2.3.x branches. If you're on Rails 3.1.x and 3.2.x, you can breathe easy (for now). How to Apply a Rails Security Patch http://blog.endpoint.com/2013/01/how-to-apply-rails-secur... There may be reasons you can't upgrade your entire set of Rails gems so you'll instead want to apply a patch. Brian Buchalter shows how it's done. Security Announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.3 Released http://blog.plataformatec.com.br/2013/01/security-announc... From our Sponsor ---------------- Monitor Your Apps' Performance Anytime, Anywhere with New Relic for iPhone http://newrelic.com/application-monitoring-iphone?utm_sou... At New Relic, we want to make your life more enjoyable, even when you’re on the go. That’s why we built a New Relic iPhone app, a new way to interact with New Relic. The app is perfect for those on the go who need quickly understand how their applications, servers and key transactions are behaving. Reading ------- Threads, Not Just for Optimizations http://www.jstorimer.com/2013/01/24/threads-not-just-for-... Jesse Storimer looks at some potentially unexpected ways MRI uses threads. A nice investigation. We Can Solve The Multiple-'Default'-Stacks Problem With Rails Application Templates http://gilesbowkett.blogspot.com/2013/01/we-can-solve-mul... Giles Bowkett picks up on the oft-forgotten Rails 'application templates' feature for rolling out fresh apps with custom setups. One Way 1.9 Drives Me Nuts http://blog.zenspider.com/blog/2013/01/one-way-1-9-drives... Do you think "if !foo" and "unless foo" are functionally equivalent in Ruby? Ryan Davis explains why, in Ruby 1.9, they're not. Ruby MRI Source Code Idioms #2: C That Resembles Ruby http://patshaughnessy.net/2013/1/31/ruby-mri-source-code-... Chief MRI spelunker Pat Shaughnessy is back with another look at MRI's C source code, this time picking up on how you can read Ruby's C code with an eye trained solely in Ruby patterns. Functional Eye for the Ruby Guy http://blog.hashrocket.com/posts/functional_eye_ruby_guy A craftily titled blog post that looks at practical applications of Ruby 2.0's Enumerator::Lazy and refinements features. Ruby and Random http://rbjl.net/67-ruby-and-random A look at why relying on 'srand' may not be the best solution and a way to get random numbers more securely. Padrino Framework 0.11 and 1.0 https://speakerdeck.com/daddye/padrino-framework-0-dot-11... A slide deck that walks through Padrino and looks at what's coming in versions 0.11 and 1.0. Building a PaaS in Ruby http://www.activestate.com/blog/2013/01/building-paas-ruby ActiveState are building what is essential a 'Heroku-in-a-box' which you can run in a VM or on your own hardware cluster. This article goes behind the scenes and shows off what other tools they're using to do it. Ruby Speedup: Memoize those Methods http://6brand.com/ruby-speedup-memoize-those-methods.html A crafty memoization/caching technique involving using ||= and a multi-line begin/end block. Rails 4 Security for Session Cookies http://blog.envylabs.com/post/41711428227/rails-4-securit... Handling Requests Asynchronously in Rails http://www.jonb.org/2013/01/25/async-rails.html Refactoring the Deeply-Nested Hash Antipattern http://pivotallabs.com/refactoring-the-deeply-nested-hash... Watching and Listening ---------------------- DRb Basics: A Free MetaCasts Screencast for Ruby Weekly Readers http://www.metacasts.tv/rubyweekly MetaCasts is a new screencasting venture recently launched by Mark Bates. No money is changing hands but he kindly agreed to let Ruby Weekly readers watch an episode all about Ruby's DRb library for free. Enjoy. Rails Is Omakase: A Dramatic Reading http://www.youtube.com/watch?feature=player_embedded&... Giles Bowkett presents an amusing 'dramatic reading' of DHH's recent "Rails is Omakase" blog post. Steer clear if you have no time for humor though. Libraries and Code ------------------ Sinatra 1.3.4 Released: Bug Fix Release, 1.4.0 Promised Soon https://groups.google.com/forum/#!topic/sinatrarb/GOHRFWd... Wrong: A General Assert Method with Rich Failure Messages https://github.com/sconover/wrong Wrong provides a general assert method that takes a predicate block. Hard to remember matchers be gone. Not new but a piece of gold from the archive. multirb: Run Ruby Code From A Prompt Across Multiple Ruby Versions https://github.com/peterc/multirb Something I've built to help me with recording my Ruby 2.0 Walkthrough. Primo: A Better, Configurable, Default ('prime') Rails Stack. https://github.com/cbetta/primo I'm not convinced this is the answer but it's <em>an</em> answer. split: A Rack-Based A/B Split Testing Framework https://github.com/andrew/split Sometimes: Let Ruby Blocks Run.. Sometimes https://github.com/sudara/sometimes Jobs ---- Ruby Infrastructure Engineer https://gist.github.com/192a628d20685843b75e Passionate about Ruby and infrastructure? Zendesk is looking for an engineer to join our most excellent infrastructure team in San Francisco. Solid challenges? Check. Smart colleagues? Check. Great culture? Check. Software Developer (Amsterdam) - Good in Perl or willing to Learn? http://www.booking.com/jobs.en-us.html?sid=250ab6c8307530... Join the #1 Accommodation website of the world: Booking.com. We need 25 sharp devs to join our big Perl shop in Amsterdam. You don’t need to know Perl, only the willingness to learn. This position is open to worldwide candidates –visa and relocation package included. Join our international team of hackers. Test Driven JavaScript and Ruby Developer (San Francisco and Santa Monica, CA) http://www.carbonfive.com/jobs Great people, awesome workplace, and new projects all the time. Work with seasoned pros building products people use and keep your nights/weekends for yourself. Ruby Developer at HouseTrip (London, UK) http://hire.jobvite.com/j/?cj=oqRWWfwT&s=Ruby_weekly Last but not least.. -------------------- Euruko 2013: Athens, June 28-29 http://euruko2013.org/ The venue and date for Europe's primary Ruby conference have now been nailed down and they have a Web site ready to roll. No tickets for sale yet but save those dates. ================================================================================ You opted in for Ruby Weekly at http://rubyweekly.com/ to get weekly e-mails about the Ruby programming language. Our mailing address is: Office 30, Lincoln Way, Fairfield Enterprise Centre, Louth, Lincs, UK, LN11 9EJ. You can e-mail the list maintainer directly at rw@peterc.org in case of problems/questions. (Log in to post comments)
|
|||||||||||||||||||