#​593 — March 3, 2022

Read on the Web

Ruby Weekly

The In-Depth Guide to Active Record's load_async in Rails 7 — Concurrency has been a hot topic in the Ruby and Rails space for a while now (especially now we have fibers, ractors, and more at our disposal) and Rails 7 has added another tool to run ActiveRecord queries in the background. But, before you start ‘asyncing all the things’, there are considerations and careful testing to think about. And it must be good, since the creator of load_async even said: “I must concur that this article is excellent, it’s better explained than I could do myself”.

Paweł Urbanek

A Look at Ruby's Fiber Scheduler Functionality — Added in Ruby 3.0, the Fiber Scheduler interface opens up a nice approach for working with asynchronous operations using standard Ruby methods (no frameworks needed), making parallel operations even simpler and gem dependency-free.

Bruno Sutic

Free eBook: Efficient Search in Rails with Postgres — In this eBook, Leigh Halliday explains how to speed up a search query from seconds to milliseconds — walking through using exact matches, similarity matches with trigrams, partial matches with ILIKE, and natural language matches.

pganalyze sponsor

IN BRIEF:

Import Maps Under the Hood in Rails 7Import maps provide a way to import external code into a project without a build tool (no Node or Webpack needed!) and support for them is enabled, by default, in Rails 7.

Paweł Dąbrowski (AppSignal)

Ruby Fibers 101 — Fibers (introduced way back in Ruby 1.9) are now getting some much-deserved extra attention due to the Fiber::SchedulerInterface released in 3.0 – this post provides another look in addition to the post already linked above.

Swaathi Kakarla

Jobs

Senior Rails Engineer @ Nebulab (Remote) — Join our distributed team and build high-volume eCommerce applications in a workplace made by developers for developers.
Nebulab

Fully Remote Senior RoR Engineer at Ticketsolve — We are a Saas ticket platform focusing on new feature development after a re-platforming. Exciting stuff is coming...
Ticketsolve Ltd

Join the World’s Largest Remote Workforce — We offer the freedom of freelance with the security of full-time. Start working remotely with the world’s top clients today.
Toptal

📕 Articles & Tutorials

Adding Super Fast Frontend Search in Rails with Lunr — Create a very responsive search experience by indexing the content being searched in the browser. A clever, if unconventional approach, but it works for specific use cases.

Khash Sajadi (Cloud66)

RubyConf 2021: The Talks You Might Have Missed — RubyConf 2021 took place in Denver late last year and while we’ve linked to a few talks, Shopify has put together a list of summaries and links to interesting talks given by their engineers.

Jennie Lundrigan

▶  Hotwire Modals, with Zero JavaScript — If you don’t like writing any more JavaScript than you have to, Hotwire is refreshing, for sure. (6 minutes.)

Pete Hawkins

Project Management for Software Teams Has Never Been Easier — Shortcut is fast and intuitive project management built for developers. Delight the scrum gods and try it now.

Shortcut (formerly Clubhouse.io) sponsor

Zero-Downtime Migration of a Primary Key From int to bigint — Once you have billions of rows, int starts looking rather limited. While switching to bigint is a tedious task, it’s effective and can avert future problems.

Radan Skoric (Silverfin Engineering)

Don't Waste Your Time on Asset Compilation on Heroku? — Precompiling and uploading assets to a CDN at the CI stage.

Szymon Fiedler

▶  Understanding Proc Objects — An 8-minute video that covers the basics.

Jason Swett

▶  A Chat with Andrew Culver, Creator of Bullet TrainBullet Train is a (paid) boilerplate app for building SaaS apps quickly on Rails. (49 minutes.)

Code with Jason Podcast podcast

🛠 Code & Tools

Thredded 1.0: A Forum Engine for Rails Apps — We first linked to this project 6 years ago but it has now finally hit 1.0 and added Rails 7 and Ruby 3 support. It’s a message board system that works as an engine so you can run it standalone or as part of an existing Rails app, if needed. GitHub repo.

Mazovetskiy, Oliveira, et al.

WahWah 1.3: A Library for Reading Audio Metadata — For reading things like MP3 IDv3 tags, embedded images, and similar metadata in formats including MP3, M4A, OGG, OGA, OPUS, WAV, FLAC, etc. Pure Ruby too, with no dependencies.

Aidewoode

Build Video for Ruby That Just Works

Mux sponsor

Liquid 5.2: Safe, Customer-Facing Template Language for Webapps — Created at Shopify in 2006 (and still heavily maintained by them) Liquid is a popular way to bring flexible, safe templating and customization to end users.

Shopify

Yake 0.5: A DSL for Writing AWS Lambda Handlers in Ruby — The selling point is it uses a Rake-like declarative syntax.

Alexander Mancevice

Glimmer Wordle 1.1.0: Wordle in Ruby with a JRuby and SWT Powered UI
Andy Maleh

Jekyll 4.2.2 Released
Ashwin Maroli

💡 Tip of the Week



Avoiding (potential) malicious activity with binstubs

In the most recent tip, we learned more about binstubs, and specifically, adding to our $PATH variable so that we don't need to run bin/<some_executable> from a repo and can instead run <some_executable> from a repo.

A few folks wrote to us in response to this tip, and correctly said that it only works if you are always in trusted repositories.

Why? A malicious repository could put an executable in the bin directory that overwrites a command we use commonly. For instance, an executable at bin/ls. If we've now set our $PATH variable such that we no longer need to specify bin, then simply running ls may execute whatever malicious code could be in bin/ls.

Why might we have malicious code locally though? Sometimes we clone repos to debug them, sometimes we cd into directories of gems that we don't know everything about, or anything else.

We can still solve for this though! As a reader referenced, this article gives us a clever solution. We can keep all of our trusted repositories in one directory. Then, in that directory, we can make a .git/safe directory (mkdir .git/safe). Then, if we add .git/safe/../../bin to our $PATH, we will only be able to execute any executables in the bin directories in repositories we trust!

Thanks again for feedback on my last tip!

This week’s tip was written by Jemma Issroff.