See the full issue archive.
Subscribe to Ruby Weekly here.
Issue 132 - February 14, 2013
The Rails codebase is undergoing some serious security testing lately and so releases for critical vulnerabilities are popping up a lot. This week's releases tackle issues with serialized attributes and attr_protected circumvention.
The popular template language gets a major update including SCSS, Less and CoffeeScript filters, better HTML5 support, hyphenated data attributes, and lots of fixes. Be careful when upgrading, however, as Haml 4.0 does not support Rails versions under 3.0 or Ruby versions before 1.8.7.
Thought you were avoiding the security hassles by only using Sinatra or similar Rack-based systems? You have some updates to do as well.
Fall in love again. We have announced February as Date-a-Nerd month and to celebrate, we're sending one lucky winner on the date of a lifetime to New York City! Enjoy airfare, two nights at a boutique hotel, a Broadway show, and fine dining each night, all on us.
Pat Shaughnessy interviews Laurent Sansonetti, the creator of RubyMotion and former lead of MacRuby, about how the RubyMotion project started and what's involved with its development.
Aaron 'tenderlove' Patterson dissects the attack vector used in the recent YAML based Rails exploit.
"If you want to parse Ruby, I wish you luck - there isn't any documentation or a formal grammar that fully describes the language," says Thomas Figg.
Joel Oliveira of Thoughtbot looks at Griddler, a Rails engine that provides an endpoint for the SendGrid Parse API which allows you to easily handle inbound e-mails.
A collection of command line tips and time-saving snippets. None are Ruby specific but cover things Rails app admins are likely to do.
Thomas Hollstegge of Zweitag digs into the recent JSON parsing hole.
It's a little blurry, but Ruby legend Jim Weirich performs a live programming exercise, doing a code kata for a Roman Numerals Calculator. He gives some great tips about TDD, complexity, and refactoring that anyone could apply in their daily programming.
Zachary Scott is a core committer to MRI and in this recent talk at BostonRB, he looks at the ethos of open source before diving into how the Ruby contribution process works and how you can submit documentation patches of your own.
In the latest public episode of RailsCasts, Ryan Bates demonstrates how to add a 'user activity feed' to a Rails application using the public_activity gem.
The final release of Ruby 2.0 on Sunday, February 24 inches ever closer with RC2 following a month after RC1. RC2 vs RC1 is mostly documentation improvements and bug fixes, although the CSV library's potentially dangerous load and dump methods were also removed.
RSpec's 'should_receive' doesn't check whether or not an object responds to the mocked method which can hide code that isn't working. BetterReceive solves that.
I can't vouch for this as I haven't tried it, but it's an interesting idea.
FreeAgent are looking for a talented full-stack web app engineer to come and join their amazing team on their mission to democratize small business accounting.
Are you looking for an amazing team working on a top 200 site and genuinely interesting problems to solve? Envato is looking for people with experience building, testing and maintaining large scale webapps.
Seeking smart, kind folks who want to make the world a little better through bad-ass development.
Each year at RailsConf, Code School gives awards to Rubyists who've been nominated by their peers. Head over and nominate your chosen Rubyist for RailsConf 2013 now.
Code Climate is accepting reservations to try out its Rails app security monitoring service.
Address: Office 30, Lincoln Way, Fairfield Enterprise Centre, Louth, Lincs, UK, LN11 0LS