Issues » 130

RubyGems, Rails and Devise vulnerabilities Previous issues | Read this issue on the Web
Ruby Weekly Issue 130
January 31, 2013
This Week's Security Updates
RubyGems.org Compromised
I wouldn't normally link to a Hacker News discussion but it's a great source of information. Basically, a gem was pushed to RubyGems.org that took advantage of a YAML-parsing vulnerability to break into some of the site's configuration files, prompting a widespread security alert. (Things have now died down a bit, thankfully.)
Rails 3.0.20, and 2.3.16 Released Due to JSON Vulnerabilities
Fresh security fixes are out for the Rails 3.0.x and 2.3.x branches. If you're on Rails 3.1.x and 3.2.x, you can breathe easy (for now).
How to Apply a Rails Security Patch
There may be reasons you can't upgrade your entire set of Rails gems so you'll instead want to apply a patch. Brian Buchalter shows how it's done.
Security Announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.3 Released
From our Sponsor
Monitor Your Apps' Performance Anytime, Anywhere with New Relic for iPhone
At New Relic, we want to make your life more enjoyable, even when you’re on the go. That’s why we built a New Relic iPhone app, a new way to interact with New Relic. The app is perfect for those on the go who need quickly understand how their applications, servers and key transactions are behaving.
Reading
Threads, Not Just for Optimizations
Jesse Storimer looks at some potentially unexpected ways MRI uses threads. A nice investigation.
We Can Solve The Multiple-'Default'-Stacks Problem With Rails Application Templates
Giles Bowkett picks up on the oft-forgotten Rails 'application templates' feature for rolling out fresh apps with custom setups.
One Way 1.9 Drives Me Nuts
Do you think "if !foo" and "unless foo" are functionally equivalent in Ruby? Ryan Davis explains why, in Ruby 1.9, they're not.
Ruby MRI Source Code Idioms #2: C That Resembles Ruby
Chief MRI spelunker Pat Shaughnessy is back with another look at MRI's C source code, this time picking up on how you can read Ruby's C code with an eye trained solely in Ruby patterns.
Functional Eye for the Ruby Guy
A craftily titled blog post that looks at practical applications of Ruby 2.0's Enumerator::Lazy and refinements features.
Ruby and Random
A look at why relying on 'srand' may not be the best solution and a way to get random numbers more securely.
Padrino Framework 0.11 and 1.0
A slide deck that walks through Padrino and looks at what's coming in versions 0.11 and 1.0.
Building a PaaS in Ruby
ActiveState are building what is essential a 'Heroku-in-a-box' which you can run in a VM or on your own hardware cluster. This article goes behind the scenes and shows off what other tools they're using to do it.
Ruby Speedup: Memoize those Methods
A crafty memoization/caching technique involving using ||= and a multi-line begin/end block.
Rails 4 Security for Session Cookies
Handling Requests Asynchronously in Rails
Refactoring the Deeply-Nested Hash Antipattern
Watching and Listening
DRb Basics: A Free MetaCasts Screencast for Ruby Weekly Readers
MetaCasts is a new screencasting venture recently launched by Mark Bates. No money is changing hands but he kindly agreed to let Ruby Weekly readers watch an episode all about Ruby's DRb library for free. Enjoy.
Rails Is Omakase: A Dramatic Reading
Giles Bowkett presents an amusing 'dramatic reading' of DHH's recent "Rails is Omakase" blog post. Steer clear if you have no time for humor though.
Libraries and Code
Sinatra 1.3.4 Released: Bug Fix Release, 1.4.0 Promised Soon
Wrong: A General Assert Method with Rich Failure Messages
Wrong provides a general assert method that takes a predicate block. Hard to remember matchers be gone. Not new but a piece of gold from the archive.
multirb: Run Ruby Code From A Prompt Across Multiple Ruby Versions
Something I've built to help me with recording my Ruby 2.0 Walkthrough.
Primo: A Better, Configurable, Default ('prime') Rails Stack.
I'm not convinced this is the answer but it's an answer.
split: A Rack-Based A/B Split Testing Framework
Sometimes: Let Ruby Blocks Run.. Sometimes
Jobs
Ruby Infrastructure Engineer
Passionate about Ruby and infrastructure? Zendesk is looking for an engineer to join our most excellent infrastructure team in San Francisco. Solid challenges? Check. Smart colleagues? Check. Great culture? Check.
Software Developer (Amsterdam) - Good in Perl or willing to Learn?
Join the #1 Accommodation website of the world: Booking.com. We need 25 sharp devs to join our big Perl shop in Amsterdam. You don’t need to know Perl, only the willingness to learn. This position is open to worldwide candidates –visa and relocation package included. Join our international team of hackers.
Test Driven JavaScript and Ruby Developer (San Francisco and Santa Monica, CA)
Great people, awesome workplace, and new projects all the time. Work with seasoned pros building products people use and keep your nights/weekends for yourself.
Ruby Developer at HouseTrip (London, UK)
Last but not least..
Euruko 2013: Athens, June 28-29
The venue and date for Europe's primary Ruby conference have now been nailed down and they have a Web site ready to roll. No tickets for sale yet but save those dates.
Published by Cooper Press.
Want to sponsor an issue? See our Q2 2014 media kit.

© 2014 Cooper Press Ltd. Email policy Privacy policy
Office 30, Fairfield Enterprise Centre, Louth, LN11 0LS, UK
Update your email address
or unsubscribe here

ONE e-mail each Thursday. Easy to unsubscribe. No spam — your e-mail address is safe
Published by Cooper Press and curated by Peter Cooper