| |||||||||||||||||||
This Week's Ruby News - Issue 132
Ruby Weekly - A Weekly Ruby Newsletter Issue #132 - February 14, 2013 ================================================================================ Featured -------- More Security Releases: Rails 3.2.12, 3.1.11, and 2.3.17 Released http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2... The Rails codebase is undergoing some serious security testing lately and so releases for critical vulnerabilities are popping up a lot. This week's releases tackle issues with serialized attributes and attr_protected circumvention. Haml 4.0 Released http://blog.haml.info/post/42998475354/haml-4-0-has-been-... The popular template language gets a major update including SCSS, Less and CoffeeScript filters, better HTML5 support, hyphenated data attributes, and lots of fixes. Be careful when upgrading, however, as Haml 4.0 does not support Rails versions under 3.0 or Ruby versions before 1.8.7. Rack 1.5.2, 1.4.5, 1.3.10 and More Released Due to Security Issues http://rack.github.com/ Thought you were avoiding the security hassles by only using Sinatra or similar Rack-based systems? You have some updates to do as well. From our Sponsor ---------------- Our performance data is not the only thing you'll love http://newrelic.com/date-a-nerd?utm_source=COOP&utm_m... Fall in love again. We have announced February as Date-a-Nerd month and to celebrate, we're sending one lucky winner on the date of a lifetime to New York City! Enjoy airfare, two nights at a boutique hotel, a Broadway show, and fine dining each night, all on us. Reading ------- Getting To Know RubyMotion with Laurent Sansonetti http://rubysource.com/getting-to-know-rubymotion-with-lau... Pat Shaughnessy interviews Laurent Sansonetti, the creator of RubyMotion and former lead of MacRuby, about how the RubyMotion project started and what's involved with its development. YAML F7U12 http://tenderlovemaking.com/2013/02/06/yaml-f7u12.html Aaron 'tenderlove' Patterson dissects the attack vector used in the recent YAML based Rails exploit. How to Parse Ruby http://programmingisterrible.com/post/42432568185/how-to-... "If you want to parse Ruby, I wish you luck - there isn't any documentation or a formal grammar that fully describes the language," says Thomas Figg. Handle Incoming E-mail with Griddler http://robots.thoughtbot.com/post/42286882447/handle-inco... Joel Oliveira of Thoughtbot looks at Griddler, a Rails engine that provides an endpoint for the SendGrid Parse API which allows you to easily handle inbound e-mails. Rubytune's Rails Devops/Sysadmin Cheat Sheet http://rubytune.com/cheat A collection of command line tips and time-saving snippets. None are Ruby specific but cover things Rails app admins are likely to do. Rails Vulnerable to Mass Assignment and SQL Injection http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to... Thomas Hollstegge of Zweitag digs into the recent JSON parsing hole. Refactoring Towards 'Better' Code http://blowmage.com/2013/03/07/refactoring-better-code PORO (Plain Old Ruby Object) Validators in Rails http://henrik.nyh.se/2013/02/poro-validators-in-rails/ Effective Rails - Part 1: ActiveRecord Callbacks http://www.devmynd.com/blog/2013-2-effective-rails-part-1... Active Record Scopes vs Class Methods http://blog.plataformatec.com.br/2013/02/active-record-sc... Watching and Listening ---------------------- Jim Weirich's Roman Numerals Kata http://www.youtube.com/watch?feature=player_embedded&... It's a little blurry, but Ruby legend Jim Weirich performs a live programming exercise, doing a code kata for a Roman Numerals Calculator. He gives some great tips about TDD, complexity, and refactoring that anyone could apply in their daily programming. Contributing To Ruby http://www.youtube.com/watch?feature=player_embedded&... Zachary Scott is a core committer to MRI and in this recent talk at BostonRB, he looks at the ethos of open source before diving into how the Ruby contribution process works and how you can submit documentation patches of your own. Public Activity (RailsCasts) http://railscasts.com/episodes/406-public-activity In the latest public episode of RailsCasts, Ryan Bates demonstrates how to add a 'user activity feed' to a Rails application using the public_activity gem. Libraries and Code ------------------ Ruby 2.0.0 Release Candidate 2 Released http://www.ruby-lang.org/en/news/2013/02/08/ruby-2-0-0-rc... The final release of Ruby 2.0 on Sunday, February 24 inches ever closer with RC2 following a month after RC1. RC2 vs RC1 is mostly documentation improvements and bug fixes, although the CSV library's potentially dangerous load and dump methods were also removed. BetterReceive: A More Assertive Mock http://pivotallabs.com/introducing-better_receive/ RSpec's 'should_receive' doesn't check whether or not an object responds to the mocked method which can hide code that isn't working. BetterReceive solves that. RailsView: An Open Rails Themes Marketplace http://railsview.com/ I can't vouch for this as I haven't tried it, but it's an interesting idea. Sucker Punch: Ruby Async Processing using Celluloid https://github.com/brandonhilkert/sucker_punch A Ruby 2.0.0-rc2 Vagrant VM https://github.com/yrgoldteeth/ruby_200_rc2_vm Jobs ---- Full-stack Web App Engineer for fast-growing SaaS company https://gist.github.com/lylo/aa7d782ca200a954e462 FreeAgent are looking for a talented full-stack web app engineer to come and join their amazing team on their mission to democratize small business accounting. Senior Developers at Envato (Melbourne, Australia) http://techjobs.envato.com/roles/senior-developer.html Are you looking for an amazing team working on a top 200 site and genuinely interesting problems to solve? Envato is looking for people with experience building, testing and maintaining large scale webapps. Web Application Developer for the Big Nerd Ranch http://bignerdranch.theresumator.com/apply/PPxl0c/Web-App... Seeking smart, kind folks who want to make the world a little better through bad-ass development. Last but not least.. -------------------- Nominations Open for the Ruby Hero Awards 2013 http://rubyheroes.com/ Each year at RailsConf, Code School gives awards to Rubyists who've been nominated by their peers. Head over and nominate your chosen Rubyist for RailsConf 2013 now. Rails Security Monitor by Code Climate https://codeclimate.com/security-monitor Code Climate is accepting reservations to try out its Rails app security monitoring service. ================================================================================ You opted in for Ruby Weekly at http://rubyweekly.com/ to get weekly e-mails about the Ruby programming language. Our mailing address is: Office 30, Lincoln Way, Fairfield Enterprise Centre, Louth, Lincs, UK, LN11 9EJ. You can e-mail the list maintainer directly at rw@peterc.org in case of problems/questions. (Log in to post comments)
|
|||||||||||||||||||