Issue 132 - February 14, 2013
Featured
The Rails codebase is undergoing some serious security testing lately and so releases for critical vulnerabilities are popping up a lot. This week's releases tackle issues with serialized attributes and attr_protected circumvention.
The popular template language gets a major update including SCSS, Less and CoffeeScript filters, better HTML5 support, hyphenated data attributes, and lots of fixes. Be careful when upgrading, however, as Haml 4.0 does not support Rails versions under 3.0 or Ruby versions before 1.8.7.
Thought you were avoiding the security hassles by only using Sinatra or similar Rack-based systems? You have some updates to do as well.
From our Sponsor
Fall in love again. We have announced February as Date-a-Nerd month and to celebrate, we're sending one lucky winner on the date of a lifetime to New York City! Enjoy airfare, two nights at a boutique hotel, a Broadway show, and fine dining each night, all on us.
Reading
Pat Shaughnessy interviews Laurent Sansonetti, the creator of RubyMotion and former lead of MacRuby, about how the RubyMotion project started and what's involved with its development.
Aaron 'tenderlove' Patterson dissects the attack vector used in the recent YAML based Rails exploit.
"If you want to parse Ruby, I wish you luck - there isn't any documentation or a formal grammar that fully describes the language," says Thomas Figg.
Joel Oliveira of Thoughtbot looks at Griddler, a Rails engine that provides an endpoint for the SendGrid Parse API which allows you to easily handle inbound e-mails.
A collection of command line tips and time-saving snippets. None are Ruby specific but cover things Rails app admins are likely to do.
Thomas Hollstegge of Zweitag digs into the recent JSON parsing hole.
Watching and Listening
It's a little blurry, but Ruby legend Jim Weirich performs a live programming exercise, doing a code kata for a Roman Numerals Calculator. He gives some great tips about TDD, complexity, and refactoring that anyone could apply in their daily programming.
Zachary Scott is a core committer to MRI and in this recent talk at BostonRB, he looks at the ethos of open source before diving into how the Ruby contribution process works and how you can submit documentation patches of your own.
In the latest public episode of RailsCasts, Ryan Bates demonstrates how to add a 'user activity feed' to a Rails application using the public_activity gem.
Libraries and Code
The final release of Ruby 2.0 on Sunday, February 24 inches ever closer with RC2 following a month after RC1. RC2 vs RC1 is mostly documentation improvements and bug fixes, although the CSV library's potentially dangerous load and dump methods were also removed.
RSpec's 'should_receive' doesn't check whether or not an object responds to the mocked method which can hide code that isn't working. BetterReceive solves that.
I can't vouch for this as I haven't tried it, but it's an interesting idea.
Jobs
FreeAgent are looking for a talented full-stack web app engineer to come and join their amazing team on their mission to democratize small business accounting.
Are you looking for an amazing team working on a top 200 site and genuinely interesting problems to solve? Envato is looking for people with experience building, testing and maintaining large scale webapps.
Seeking smart, kind folks who want to make the world a little better through bad-ass development.
Last but not least..
Each year at RailsConf, Code School gives awards to Rubyists who've been nominated by their peers. Head over and nominate your chosen Rubyist for RailsConf 2013 now.
Code Climate is accepting reservations to try out its Rails app security monitoring service.
You opted in to Ruby Weekly at RubyWeekly.com to get weekly e-mails about the Ruby programming language. Reading this as a non-subscriber? Click here to subscribe.
To unsubscribe, click here or e-mail the list maintainer directly at rw@peterc.org. To change your e-mail address, click here.
Address: Office 30, Lincoln Way, Fairfield Enterprise Centre, Louth, Lincs, UK, LN11 0LS