This Week's Ruby News - Issue 137

Ruby Weekly - A Weekly Ruby Newsletter
Issue #137 - March 20, 2013
================================================================================


Featured
--------

Rails 3.2.13, 3.1.12 and 2.3.18 Released: New Security Issues
http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2...

  Four new security issues (symbol DoS vulnerability in ActiveRecord, XML
  parsing vulnerability, and two XSS vulnerabilities) have forced the quick
  release of some new Rails versions. Careful, though, as 3.2.13 is proving
  less simple of an upgrade as would be suspected (see item below).

Beware Rails 3.2.13: Performance Regressions and Major Bugs?
http://blog.bugsnag.com/2013/03/20/rails-3-2-13-performan...

  The minor security release of 3.2.13 doesn't seem to be as simple as it
  would appear. Numerous bugs seem to have crept in and <a
  href="https://github.com/blog/1440-today-s-email-incident">GitHub
  experienced a major issue</a> upon upgrading. The biggest problems are a
  change in <a href="https://github.com/rails/rails/issues/9813">how scopes
  work</a> and <a
  href="https://github.com/rails/rails/issues/9803">performance issues</a>
  with asset path resolution.

The Ruby on Rails Tutorial for Rails 4.0 (Beta) Available
http://news.railstutorial.org/ruby-on-rails-tutorial-rail...

  A Rails 4.0–compatible version of Michael Hartl's popular 'Ruby on Rails
  Tutorial' book is now available online. The e-book and screencast versions
  will be available once Rails 4.0 is officially released, however.

RubyGems.org Gets a Snazzy New Blog Design
http://blog.rubygems.org/2013/03/18/new-blog-design.html



From our Sponsor
----------------

How Fast Are Your Tests? Try Tddium's Parallel CI For One Month Free
https://www.tddium.com/


  Solano Labs, the maker of Tddium, has integrated major updates to make the
  product easier to use, and we want to share these awesome changes with you.
  These changes include Github Sign-In, Pull-Request &amp; Status
  Integration. Heroku Single Sign-On. Flowdock. BitBucket. Simple Setup
  Hooks. Our parallel optimizations usually get your build results 10 to 20
  times faster. <a href="http://www.solanolabs.com">Sign up</a> for a free
  one-month trial using promo code <code>MarchRubyWeekly</code> and see for
  yourself. Visit us at <a
  href="http://support.tddium.com">http://support.tddium.com</a> and let us
  know how to make this product work even better for you.


Reading
-------

Understanding Method Lookup in Ruby 2.0
http://tech.pro/tutorial/1149/understanding-method-lookup...

  Method lookup has changed a little in Ruby 2.0 with both the introduction
  of Module#prepend and a number of optimizations made at the VM level.
  Marc-André Lafortune looks at the bigger picture here.

Ruby delegate.rb Secrets
http://www.saturnflyer.com/blog/jim/2013/03/21/ruby-deleg...

  Jim Gay shows off the 'delegate' library and Delegator class that comes in
  Ruby's standard library.

Happily Upgrading Ruby On Rails At Production Scale
http://webuild.envato.com/blog/upgrading-ruby-on-rails-at...

  Envato's marketplace sites recently upgraded from Rails 2.3 to Rails 3.2
  with no downtime despite handling 8000 requests per minute. The team shares
  some of their story.

A Practical Guide to Using Signed Ruby Gems
http://blog.meldium.com/home/2013/3/3/signed-rubygems-part


  A three part series of posts on making gems more secure. It starts with <a
  href="http://blog.meldium.com/home/2013/3/3/signed-rubygems-part">a look at
  a new Bundler feature</a> which can enforce signing policies on gems, but
  moves on to <a
  href="http://blog.meldium.com/home/2013/3/6/signed-gems-on-heroku">using
  signed gems on Heroku</a> and <a
  href="http://blog.meldium.com/home/2013/3/6/signing-gems-how-to">signing
  your own gems.</a>

Customize Your IRB
http://rakeroutes.com/blog/customize-your-irb/


  Stephen Ball demonstrates how to customize your IRB installation from the
  prompt and default gems through to things for Rails and command history.

Giles Bowkett's 'Unf**k A Monorail For Great Justice'
http://gilesbowkett.blogspot.co.uk/2013/03/new-ebook-unfu...

  Not one to shy away from a controversial title, Ruby's l'enfant terrible,
  Giles Bowkett, is back with an incisive look at how to get large,
  monolithic Rails apps back on track. But yes, it costs money.

The Inadequate Guide to Rails Security
https://www.honeybadger.io/blog/guides/2013/03/09/ruby-se...

Testing Subdomains in Rails with xip.io
http://www.chrisaitchison.com/2013/03/17/testing-subdomai...


Watching and Listening
----------------------

Ruby Rogues: Patterns of Enterprise Architecture with Martin Fowler
http://rubyrogues.com/097-rr-book-club-patterns-of-enterp...

  The Rogues sit down with the esteemed Martin Fowler (of Agile fame, not the
  EastEnders character) to discuss patterns, service layer, and similarly
  tasty 'serious developer' stuff.

PeepCode Now Has an iOS App
https://search.itunes.apple.com/WebObjects/MZContentLink....

  The popular PeepCode screencasting site (to which many of you are
  subscribed, I'm sure) now has apps for iPhone and iPad users so you can
  more easily watch their entire video library on the go. I've given it a
  quick go and it seems pretty good.


Libraries and Code
------------------

minitest 4.7.0 Released
http://www.ruby-forum.com/topic/4412128


  The minitest library, as included in the Ruby standard library, has been
  updated with a key enhancement: the MiniTest::Spec class has been <a

href="https://github.com/seattlerb/minitest/commit/06b9ce388491...">refactored
  into a more easily extended DSL module.</a> In turn, minitest-spec-rails
  has had <a
  href="https://github.com/metaskills/minitest-spec-rails/issues/17">an
  update</a> which uses this new module to avoid a lot of monkey patching.

Huginn: Build Agents That Perform Automated Tasks for You Online
https://github.com/cantino/huginn/


  Think of it as Yahoo! Pipes plus IFTTT on your own server. It's built in
  Rails and looks pretty impressive.

SitePrism: A Page Object Model DSL for Capybara
https://github.com/natritmeyer/site_prism


  SitePrism gives you a simple, clean and semantic DSL for describing your
  site using the Page Object Model pattern, for use with Capybara in
  automated acceptance testing.

ActionCost: Counts SQL Queries Per Controller Action in ActiveRecord
https://github.com/plerohellec/action_cost


  Hooks into ActiveRecord (and RecordCache, if used) and counts the number of
  SQL queries per controller action and per table.

Scorched: An 'Evolutionary Enhancement of Sinatra'
http://scorchedrb.com/


  A generic, unopinionated, DRY, light-weight web framework for Ruby.


Jobs
----

Ruby Developer for Financial Tech Startup (SF Bay Area)
http://rubyweekly.com/misc/madrone.html


  Software startup in stealth mode finds hidden treasures among asset
  management debris. Can you write Ruby code, create the algorithms, mine the
  data, and deliver tools to return the treasure to its owner? We explore,
  map, and match assets with owners.

Software Engineering /Academic Applications Developer at Dartmouth College [Hanover, New
Hampshire]
http://jobs.rubyinside.com/a/jbb/job-details/803306


Software Engineer at Nextpoint [Madison, Wisconsin]
http://jobs.rubyinside.com/a/jbb/job-details/805424



Last but not least..
--------------------

SliceCraft: PSD to Modular Haml, Sass, Compass and CoffeeScript for Rails Apps
http://www.slicecraft.com/


  We deliver on time, have expert knowledge on Haml, Sass, Compass &amp;
  CoffeeScript and understand the Rails asset pipeline. How’s that for a
  change? <a href="http://www.slicecraft.com/our-track-record.html">Check out
  our track record too.</a>



================================================================================

You opted in for Ruby Weekly at http://rubyweekly.com/ to get weekly e-mails
about the Ruby programming language.


Our mailing address is: Office 30, Lincoln Way, Fairfield Enterprise Centre,
Louth, Lincs, UK, LN11 9EJ.

You can e-mail the list maintainer directly at rw@peterc.org in case of
problems/questions.