Issues » 137

New Rails vulnerabilities, Rails 4.0 Tutorial Beta Read this issue on the Web
Ruby ♦ Weekly Issue 137
March 20, 2013
Featured
Rails 3.2.13, 3.1.12 and 2.3.18 Released: New Security Issues
Four new security issues (symbol DoS vulnerability in ActiveRecord, XML parsing vulnerability, and two XSS vulnerabilities) have forced the quick release of some new Rails versions. Careful, though, as 3.2.13 is proving less simple of an upgrade as would be suspected (see item below).
Beware Rails 3.2.13: Performance Regressions and Major Bugs?
The minor security release of 3.2.13 doesn't seem to be as simple as it would appear. Numerous bugs seem to have crept in and GitHub experienced a major issue upon upgrading. The biggest problems are a change in how scopes work and performance issues with asset path resolution.
The Ruby on Rails Tutorial for Rails 4.0 (Beta) Available
A Rails 4.0–compatible version of Michael Hartl's popular 'Ruby on Rails Tutorial' book is now available online. The e-book and screencast versions will be available once Rails 4.0 is officially released, however.
RubyGems.org Gets a Snazzy New Blog Design
From our Sponsor
How Fast Are Your Tests? Try Tddium's Parallel CI For One Month Free
Solano Labs, the maker of Tddium, has integrated major updates to make the product easier to use, and we want to share these awesome changes with you. These changes include Github Sign-In, Pull-Request & Status Integration. Heroku Single Sign-On. Flowdock. BitBucket. Simple Setup Hooks. Our parallel optimizations usually get your build results 10 to 20 times faster. Sign up for a free one-month trial using promo code MarchRubyWeekly and see for yourself. Visit us at http://support.tddium.com and let us know how to make this product work even better for you.
Reading
Understanding Method Lookup in Ruby 2.0
Method lookup has changed a little in Ruby 2.0 with both the introduction of Module#prepend and a number of optimizations made at the VM level. Marc-André Lafortune looks at the bigger picture here.
Ruby delegate.rb Secrets
Jim Gay shows off the 'delegate' library and Delegator class that comes in Ruby's standard library.
Happily Upgrading Ruby On Rails At Production Scale
Envato's marketplace sites recently upgraded from Rails 2.3 to Rails 3.2 with no downtime despite handling 8000 requests per minute. The team shares some of their story.
A Practical Guide to Using Signed Ruby Gems
A three part series of posts on making gems more secure. It starts with a look at a new Bundler feature which can enforce signing policies on gems, but moves on to using signed gems on Heroku and signing your own gems.
Customize Your IRB
Stephen Ball demonstrates how to customize your IRB installation from the prompt and default gems through to things for Rails and command history.
Giles Bowkett's 'Unf**k A Monorail For Great Justice'
Not one to shy away from a controversial title, Ruby's l'enfant terrible, Giles Bowkett, is back with an incisive look at how to get large, monolithic Rails apps back on track. But yes, it costs money.
The Inadequate Guide to Rails Security
Testing Subdomains in Rails with xip.io
Watching and Listening
Ruby Rogues: Patterns of Enterprise Architecture with Martin Fowler
The Rogues sit down with the esteemed Martin Fowler (of Agile fame, not the EastEnders character) to discuss patterns, service layer, and similarly tasty 'serious developer' stuff.
PeepCode Now Has an iOS App
The popular PeepCode screencasting site (to which many of you are subscribed, I'm sure) now has apps for iPhone and iPad users so you can more easily watch their entire video library on the go. I've given it a quick go and it seems pretty good.
Libraries and Code
minitest 4.7.0 Released
The minitest library, as included in the Ruby standard library, has been updated with a key enhancement: the MiniTest::Spec class has been refactored into a more easily extended DSL module. In turn, minitest-spec-rails has had an update which uses this new module to avoid a lot of monkey patching.
Huginn: Build Agents That Perform Automated Tasks for You Online
Think of it as Yahoo! Pipes plus IFTTT on your own server. It's built in Rails and looks pretty impressive.
SitePrism: A Page Object Model DSL for Capybara
SitePrism gives you a simple, clean and semantic DSL for describing your site using the Page Object Model pattern, for use with Capybara in automated acceptance testing.
ActionCost: Counts SQL Queries Per Controller Action in ActiveRecord
Hooks into ActiveRecord (and RecordCache, if used) and counts the number of SQL queries per controller action and per table.
Scorched: An 'Evolutionary Enhancement of Sinatra'
A generic, unopinionated, DRY, light-weight web framework for Ruby.
Jobs
Ruby Developer for Financial Tech Startup (SF Bay Area)
Software startup in stealth mode finds hidden treasures among asset management debris. Can you write Ruby code, create the algorithms, mine the data, and deliver tools to return the treasure to its owner? We explore, map, and match assets with owners.
Software Engineering /Academic Applications Developer at Dartmouth College [Hanover, New Hampshire]
Software Engineer at Nextpoint [Madison, Wisconsin]
Last but not least..
SliceCraft: PSD to Modular Haml, Sass, Compass and CoffeeScript for Rails Apps
We deliver on time, have expert knowledge on Haml, Sass, Compass & CoffeeScript and understand the Rails asset pipeline. How’s that for a change? Check out our track record too.
(Sponsored Item)
Published by Cooper Press.
Want to sponsor an issue? See our media kit.

© 2013 Cooper Press Ltd. Email policy Privacy policy
Office 30, Fairfield Enterprise Centre, Louth, LN11 0LS, UK
Update your email address
or unsubscribe here

ONE e-mail each Thursday. Easy to unsubscribe. No spam — your e-mail address is safe
Published by Cooper Press and curated by Peter Cooper