Articles

Ruby on Rails 2.3.4: Security Fixes

Ruby on Rails 2.3.4 released, this release fixes bugs and introduces a few minor features. Due to the inclusion of two security fixes, all users of the 2.3 series are recommended to upgrade as soon as possible.

Security Fixes

2.3.4 contains fixes for two security issues which were reported to us. For more details see the security announcements:

RMagick (from source) on Snow Leopard

After the release of 10.5, I published an article about building RMagick from source on Leopard. I won’t rehash the why, you can read the original article for that. My clean install necessitated updating the RMagick script, so here’s what worked for me to install from source on Snow Leopard! For the impatient, here’s the download link: rmagick-build.sh

Snow Leopard Ruby Development Environment Checklist / Gotchas

I’m probably a bit late to the party with this article, but I’m a bit of a chicken so I thought I’d wait for the dust to settle a bit before installing Snow Leopard on the MacBook Pro I use for Ruby development.

Rails Envy Podcast – Episode #090 – 09/03/2009

Episode #090. I’m joined today by Dan Benjamin and we have quite a fun time. You may know Dan from his compiling Ruby, Rails, and MySQL guides, cork’d, and most recently Playgrounder. Dan’s going to be hosting the podcast for a little while now and I’m thrilled to have him as a co-host.

Installing the Ruby driver for DB2 on Mac OS X Snow Leopard

Now that Mac OS X 10.6 is out, it’s time to leave the world of 32 bit computing behind. The pre-installed Ruby interpreter will run in 64 bit mode by default, so you may need to pay attention when installing some C-based gems. The ibm_db Ruby gem for DB2 can easily be installed or updated to the latest available version by following these simple steps:

That’s Not a Memory Leak, It’s Bloat

Our Rails customers often run into memory issues. The most frequent cause these days is what we in Support dub ‘bloated mongrels.’

To be fair, bloat has absolutely nothing to do with mongrel itself, which is a solid and fine piece of work. You can run into this problem just as easily with thin, passenger, etc. Changing to a different server will not save you, as the root cause is not the server, but the code the server is running for you.

Easy partials

Following code has been tested with Rails 2.3 .

Traditional way of rendering partials.

 
render :partial => 'comments/comment', :locals => { :comment => comment, :show_article_title => false}

Above code can also be written as 

 
render 'comments/comment', :comment => comment, :show_article_title => false

One more example.

Ruby on Rails Security

Recently I've been made aware of people inside US Government organizations using my Ruby on Rails Security presentation as an excuse to limit Ruby on Rails adoption and projects inside those organizations.

They mandate that applications in Rails should be redone in Java because of the issues I covered.

Double Shot #532

Life goes on after Snow Leopard.

set passenger RailsMaxPoolSize / PassengerMaxPoolSize to actually work + how many instances of passenger to have for rails

Passenger seems to ignore trying to set PassengerMaxPoolSize in vhosts.

To set the maximum number of instances for passenger for Rails, set it in a file called passenger.conf and then do this:

Interesting Ruby Tidbits That Don’t Need Separate Posts #25 | Rails Fire

Interesting Ruby Tidbits That Don’t Need Separate Posts #25

blueprint.pngA handful of random Ruby links, articles, and resources to end off the week..

jruby.png

Is It JRuby? - Track which gems work on JRuby

Is it JRuby? is a "fork" of Brightbox's Is It Ruby 1.9 that focuses on JRuby. As with the Ruby 1.9 site, Is It JRuby lets you track gems, allowing you to mark them as either working or not working with JRuby (yet) or to track reports from others. Remember that since these sites are community driven, the reports should never be taken as gospel and simply used as guidelines.

Ruby Enterprise Edition's 3rd Sponsorship Campaign

The Phusion guys (behind the awesome Passenger / mod_rails) are looking for contributions to their third sponsorship campaign for Ruby Enterprise Edition. If you're not already aware, Ruby Enterprise Edition (aka REE) is a specially patched/adapted version of the MRI (Matz's Ruby Interpreter) that uses less memory, has a tweaked garbage collector and memory allocator, and several other performance enhancements. The target this time is $9000 and they have about $6000 left to go.

As an aside, Mike Perham's article, Memory-hungry Ruby daemons, demonstrates how REE can prove useful in reducing memory use on long-running daemons.

MacRuby - Changing the Ruby Ecosystem?

In MacRuby, Changing the Ruby Ecosystem, Matt Aimonetti writes about how MacRuby - the Apple sponsored, open source, Objective C driven Ruby implementation - fits into the Ruby ecosystem and, ultimately, how the big developments coming along could change it. Key points include MacRuby's rubyspec compliance, that MacRuby doesn't require OS X, and MacRuby's potentially explosive performance.

rupho.png

Beginner's iPhone Programming Workshop for Rubyists

Dan Grigsby of leading iPhone development Web site Mobile Orchard is putting on an iPhone programming workshop in Toronto on July 9-10, just as FutureRuby kicks off. If you're going to FutureRuby and fancy learning about iPhone development from a great teacher, this is a great chance. Even if you're not going to FutureRuby but are interested in the topic, check it out.

Sketches - When Your Code Changes, It Gets Reloaded!

It's easier to steal their already fine description, so.. Sketches allows you to create and edit Ruby code from the comfort of your editor, while having it safely reloaded in IRB whenever changes to the code are saved. As the name implies, this could prove pretty handy for basic "sketching" and prototyping of lightweight code.

Engine Yard Takes Over Ruby 1.8.6 Maintenance

With both Ruby 1.8.7 and Ruby 1.9.1, poor old Ruby 1.8.6 has been left in the dust support-wise. Despite this, it's still the most popular Ruby implementation out there and a lot of people depend on it. Given this, hosting company Engine Yard's team of engineers have decided to take over the legacy maintenance duties. Hats off to them!

Images: