Ruby Weekly Issue 589: February 3, 2022

#589 — February 3, 2022

🔒 A Proposal for a New Ruby Gem Signing Mechanism — A proposal has been made for a new way for signing gems since the currently available approach is ‘unwieldy and little-used’. The aim is to make the signing and verification of gems an ‘everyday experience’ to improve security and reliability for all Rubyists. The resulting discussion is here if you want to have your say.

Roch Lefebvre et al.

'How I Got Ruby Snippets to Run Browser Side in Less Than a Day' — Just two weeks ago we mentioned the proposal to merge WebAssembly support into CRuby, and someone has already taken advantage of it. There’s a live demo too!

Ben Taylor

ButterCMS Melts into Your Ruby App: $ ButterCMS::Post.list() — ButterCMS is your content backend. Enable your marketing team to update website + app content without needing you. Try the #1 rated Headless CMS for Ruby today. Free for 30 days.

ButterCMS sponsor

How Shopify Fixed the Dependency Confusion Vulnerability in 600+ Ruby Apps — The story of how Shopify (big enough to have its own specialized ‘Ruby Conventions team’!) solved a dependency confusion vulnerability in over 600 Ruby applications and created tooling to make their work easier.

Frederik Dudzik (Shopify)

Code Scanning and Ruby: Turning Source Code into a Queryable Database — Github’s CodeQL engine scans code and creates a database schema that can be used to look for vulnerabilities, among other things. They recently added support for Ruby, which you can use on your own repos, too.

Nick Rolfe (GitHub)

IN BRIEF:

As of Bundler 2.3, Bundler will 'lock' its version to the one in your Gemfile.lock.
Gosu, a popular 2D game development library for Ruby, is having a game jam in two weeks, if you want to take part.
The early access program for the next version of RubyMine (a commercial Ruby IDE) is now open.

Jobs

Ruby/Rails Developer (Remote Friendly) in Beautiful Norway — We build startups and do GOOD tech. A digital democracy startup, a renewable energy startup, a green airport taxi startup. Join us <3
Rubynor

Senior Rails Developer @ Wherefour (100% Remote) — Curious how stuff gets made? Come build great software that makes great products.
Wherefour

Find Ruby Jobs Through Hired — Create a profile on Hired to connect with hiring managers at growing startups and Fortune 500 companies. It's free for job-seekers.
Hired

📕 Articles & Tutorials

▶ Inline Editing with Turbo Frames in Rails — A 20-minute screencast demonstrating using Hotwire and Turbo Frames to implement inline editing in Rails apps.

Go Rails

Solving Wordle in Ruby — Not tired of Wordle yet? Dazzle your friends with your Ruby-assisted Wordle superiority.

Kevin Newton

Dynamic User Content in Rails with Liquid Tags — Liquid is a simple and secure template engine, with some advanced features, that is used by Shopify so it’s certainly worth a look.

Matt Swanson

JetBrains RubyMine 2022.1 Early Access Program is Open — Support for new language features in Ruby 3.1, new inspections, UX improvements, and more.

JetBrains sponsor

How to Safely Change the Argument Signature of a Sidekiq Job — If you’re getting warnings as of Sidekiq 6.4, you’ll want to know this.

Zeke Gabrielse

Rails 7's Automatic inverse_of Detection for Associations with Scopes — A potentially handy feature that isn’t enabled by default in Rails 7.

Swaathi Kakarla

Securing AWS S3 Assets with Cross-Account Backups — If you’re using S3 to store your app’s assets, Paweł’s advice could save you some headaches one day.

Paweł Urbanek

🛠 Code & Tools

Paralines: Nicer Output to Console/File from Concurrent Threads — If you’ve got several threads running tasks and you want live output from each without said output tripping over the output from other threads, check out this new solution.

Yuriy Babak

MiniSql: A Minimal, Safe SQL Executor for Postgres and SQLite — Basically makes things nicer if you’re using pg or SQLite. If you get tangled up in the mildly crufty native APIs for those, this could help ease things a bit.

Discourse

Spend Less Time Debugging and More Time Building with Scout APM

Scout APM sponsor

Receipts: Easy Receipts and Invoices for Your Rails Apps — Works with any payment provider and uses Prawn to generate PDFs.

Chris Oliver

redis-rb 4.6: The Ruby Client Library for Redis — The official Ruby client for the Redis data structure server. 4.6 adds the ZRANGESTORE, COPY, ZDIFF, ZUNION, and HRANDFIELD commands amongst other things.

Redis

A Tmux Launcher App Written in mruby — The most interesting part of this, to me, is seeing a complete (but simple) mruby-based app.

Artemiy Solopov

Vanity: A Datastore Agnostic A/B Testing Mechanism for Rails
Assaf Arkin

Rack::Attack 6.6: Rack Middleware for Blocking and Throttling
Rack Project

💡 Tip of the Week

`END`

Before I learned about __END__ (a directive that causes Ruby to cease processing a source code file), whenever I was testing little snippets or scripts which relied on reading data from somewhere, I would keep a test.csv or something similar open while I was writing my code. I would switch between the Ruby file and the CSV (or alternative). Especially for small snippets, it sometimes felt like a cumbersome way to develop.

However, __END__ can often solve this problem. If you put an __END__ in a Ruby file, everything after the __END__ will be accessible as a file in the DATA variable. Let's say we have a file example.rb:

puts "DATA is a #{DATA.class}"
puts DATA.read

__END__
here is some
data, that, i,
have

and we run it:

$ ruby example.rb
DATA is a File
here is some
data, that, i,
have

We've confirmed both the class of DATA and that we can easily access it.

I would not necessarily recommend storing any information past the __END__ in production applications or environments, but I do find it useful for iterating on snippets of code which rely on some data. It's helpful to be able to edit sample data inline while having access to the code that's ingesting the data.

This week’s tip was written by Jemma Issroff.