| |||||||||||||||||||
This Week's Ruby News - Issue 137
Ruby Weekly - A Weekly Ruby Newsletter Issue #137 - March 20, 2013 ================================================================================ Featured -------- Rails 3.2.13, 3.1.12 and 2.3.18 Released: New Security Issues http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2... Four new security issues (symbol DoS vulnerability in ActiveRecord, XML parsing vulnerability, and two XSS vulnerabilities) have forced the quick release of some new Rails versions. Careful, though, as 3.2.13 is proving less simple of an upgrade as would be suspected (see item below). Beware Rails 3.2.13: Performance Regressions and Major Bugs? http://blog.bugsnag.com/2013/03/20/rails-3-2-13-performan... The minor security release of 3.2.13 doesn't seem to be as simple as it would appear. Numerous bugs seem to have crept in and <a href="https://github.com/blog/1440-today-s-email-incident">GitHub experienced a major issue</a> upon upgrading. The biggest problems are a change in <a href="https://github.com/rails/rails/issues/9813">how scopes work</a> and <a href="https://github.com/rails/rails/issues/9803">performance issues</a> with asset path resolution. The Ruby on Rails Tutorial for Rails 4.0 (Beta) Available http://news.railstutorial.org/ruby-on-rails-tutorial-rail... A Rails 4.0–compatible version of Michael Hartl's popular 'Ruby on Rails Tutorial' book is now available online. The e-book and screencast versions will be available once Rails 4.0 is officially released, however. RubyGems.org Gets a Snazzy New Blog Design http://blog.rubygems.org/2013/03/18/new-blog-design.html From our Sponsor ---------------- How Fast Are Your Tests? Try Tddium's Parallel CI For One Month Free https://www.tddium.com/ Solano Labs, the maker of Tddium, has integrated major updates to make the product easier to use, and we want to share these awesome changes with you. These changes include Github Sign-In, Pull-Request & Status Integration. Heroku Single Sign-On. Flowdock. BitBucket. Simple Setup Hooks. Our parallel optimizations usually get your build results 10 to 20 times faster. <a href="http://www.solanolabs.com">Sign up</a> for a free one-month trial using promo code <code>MarchRubyWeekly</code> and see for yourself. Visit us at <a href="http://support.tddium.com">http://support.tddium.com</a> and let us know how to make this product work even better for you. Reading ------- Understanding Method Lookup in Ruby 2.0 http://tech.pro/tutorial/1149/understanding-method-lookup... Method lookup has changed a little in Ruby 2.0 with both the introduction of Module#prepend and a number of optimizations made at the VM level. Marc-André Lafortune looks at the bigger picture here. Ruby delegate.rb Secrets http://www.saturnflyer.com/blog/jim/2013/03/21/ruby-deleg... Jim Gay shows off the 'delegate' library and Delegator class that comes in Ruby's standard library. Happily Upgrading Ruby On Rails At Production Scale http://webuild.envato.com/blog/upgrading-ruby-on-rails-at... Envato's marketplace sites recently upgraded from Rails 2.3 to Rails 3.2 with no downtime despite handling 8000 requests per minute. The team shares some of their story. A Practical Guide to Using Signed Ruby Gems http://blog.meldium.com/home/2013/3/3/signed-rubygems-part A three part series of posts on making gems more secure. It starts with <a href="http://blog.meldium.com/home/2013/3/3/signed-rubygems-part">a look at a new Bundler feature</a> which can enforce signing policies on gems, but moves on to <a href="http://blog.meldium.com/home/2013/3/6/signed-gems-on-heroku">using signed gems on Heroku</a> and <a href="http://blog.meldium.com/home/2013/3/6/signing-gems-how-to">signing your own gems.</a> Customize Your IRB http://rakeroutes.com/blog/customize-your-irb/ Stephen Ball demonstrates how to customize your IRB installation from the prompt and default gems through to things for Rails and command history. Giles Bowkett's 'Unf**k A Monorail For Great Justice' http://gilesbowkett.blogspot.co.uk/2013/03/new-ebook-unfu... Not one to shy away from a controversial title, Ruby's l'enfant terrible, Giles Bowkett, is back with an incisive look at how to get large, monolithic Rails apps back on track. But yes, it costs money. The Inadequate Guide to Rails Security https://www.honeybadger.io/blog/guides/2013/03/09/ruby-se... Testing Subdomains in Rails with xip.io http://www.chrisaitchison.com/2013/03/17/testing-subdomai... Watching and Listening ---------------------- Ruby Rogues: Patterns of Enterprise Architecture with Martin Fowler http://rubyrogues.com/097-rr-book-club-patterns-of-enterp... The Rogues sit down with the esteemed Martin Fowler (of Agile fame, not the EastEnders character) to discuss patterns, service layer, and similarly tasty 'serious developer' stuff. PeepCode Now Has an iOS App https://search.itunes.apple.com/WebObjects/MZContentLink.... The popular PeepCode screencasting site (to which many of you are subscribed, I'm sure) now has apps for iPhone and iPad users so you can more easily watch their entire video library on the go. I've given it a quick go and it seems pretty good. Libraries and Code ------------------ minitest 4.7.0 Released http://www.ruby-forum.com/topic/4412128 The minitest library, as included in the Ruby standard library, has been updated with a key enhancement: the MiniTest::Spec class has been <a href="https://github.com/seattlerb/minitest/commit/06b9ce388491...">refactored into a more easily extended DSL module.</a> In turn, minitest-spec-rails has had <a href="https://github.com/metaskills/minitest-spec-rails/issues/17">an update</a> which uses this new module to avoid a lot of monkey patching. Huginn: Build Agents That Perform Automated Tasks for You Online https://github.com/cantino/huginn/ Think of it as Yahoo! Pipes plus IFTTT on your own server. It's built in Rails and looks pretty impressive. SitePrism: A Page Object Model DSL for Capybara https://github.com/natritmeyer/site_prism SitePrism gives you a simple, clean and semantic DSL for describing your site using the Page Object Model pattern, for use with Capybara in automated acceptance testing. ActionCost: Counts SQL Queries Per Controller Action in ActiveRecord https://github.com/plerohellec/action_cost Hooks into ActiveRecord (and RecordCache, if used) and counts the number of SQL queries per controller action and per table. Scorched: An 'Evolutionary Enhancement of Sinatra' http://scorchedrb.com/ A generic, unopinionated, DRY, light-weight web framework for Ruby. Jobs ---- Ruby Developer for Financial Tech Startup (SF Bay Area) http://rubyweekly.com/misc/madrone.html Software startup in stealth mode finds hidden treasures among asset management debris. Can you write Ruby code, create the algorithms, mine the data, and deliver tools to return the treasure to its owner? We explore, map, and match assets with owners. Software Engineering /Academic Applications Developer at Dartmouth College [Hanover, New Hampshire] http://jobs.rubyinside.com/a/jbb/job-details/803306 Software Engineer at Nextpoint [Madison, Wisconsin] http://jobs.rubyinside.com/a/jbb/job-details/805424 Last but not least.. -------------------- SliceCraft: PSD to Modular Haml, Sass, Compass and CoffeeScript for Rails Apps http://www.slicecraft.com/ We deliver on time, have expert knowledge on Haml, Sass, Compass & CoffeeScript and understand the Rails asset pipeline. How’s that for a change? <a href="http://www.slicecraft.com/our-track-record.html">Check out our track record too.</a> ================================================================================ You opted in for Ruby Weekly at http://rubyweekly.com/ to get weekly e-mails about the Ruby programming language. Our mailing address is: Office 30, Lincoln Way, Fairfield Enterprise Centre, Louth, Lincs, UK, LN11 9EJ. You can e-mail the list maintainer directly at rw@peterc.org in case of problems/questions. (Log in to post comments)
|
|||||||||||||||||||