Articles

Double Shot #533

Time to update Rails in your production applications. (Update: Looks like Rails 2.3.4 may not be compatible with Ruby 1.9. Proceed with caution).

Rails form helper security vulnerability

A vulnerability has been found in the Rails form helpers that allows an attacker to inject arbitrary HTML into pages.  This opens up an unpatched Rails app to potential cross site scripting attacks (XSS), which could result in stolen session cookies and other such scenarios.

UUID over the wire

Need to use Active Resource on a remote object that has a UUID?

Last time I checked, Active Resource still overwrites the id with a to_i version of the uuid... this makes "123ABCDE456" turn into 123... not what we want.

But Hyperactive Resource (HyRes) works just fine.

UUID created by the remote system
Does the remote API create the UUID for you? If so - you're laughing.

Ruby on Rails 2.3.4: Security Fixes

We’ve released Ruby on Rails 2.3.4, this release fixes bugs and introduces a few minor features. Due to the inclusion of two security fixes, all users of the 2.3 series are recommended to upgrade as soon as possible.

Security Fixes

2.3.4 contains fixes for two security issues which were reported to us. For more details see the security announcements:

Timing Weakness in Ruby on Rails

There is a weakness in the code Ruby on Rails uses to verify message
digests in the cookie store. Because it uses a non-constant time algorithm to
verify the signatures an attacker may be able to determine when a forged
signature is partially correct. By repeating this process they may be able to successfully forge a digest.

XSS Vulnerability in Ruby on Rails

There is a vulnerability in the escaping code for the form helpers in
Ruby on Rails. Attackers who can inject deliberately malformed unicode
strings into the form helpers can defeat the escaping checks and inject
arbitrary HTML.

Circle of death

debt circle

Rails Magazine Issue #4 - Free Download

A new edition of Rails Magazine (#4 – “The Future of Rails”) is now available as a free pdf (32 pages) at http://railsmagazine.com/issues/4

Inside:

Exclusive coverage of Ruby Kaigi 2009, possibly the largest Ruby conference in the world.

Technical articles:
- Background Processing with delayed_job
- Generating PDF with ODF templates
- Oracle Tips and Tricks
- Feel the Radiance with Radiant CMS

OT: Windy City Rails

I’ll be at Windy City Rails on the 12th. I’d love to meet up w/ other Chicago Rubyists / readers of this blog at breakfast. Drop me an e-mail at f.mischa@gmail.com

Ruby on Rails 2.3.4: Security Fixes

Ruby on Rails 2.3.4 released, this release fixes bugs and introduces a few minor features. Due to the inclusion of two security fixes, all users of the 2.3 series are recommended to upgrade as soon as possible.

Security Fixes

2.3.4 contains fixes for two security issues which were reported to us. For more details see the security announcements:

Articles | Rails Fire

Articles

SimplyStored and CouchDB

Yesterday I gave a presentation about CouchDB and SimplyStored, our convenience Ruby library, at the Ruby User Group Berlin.

There is a recording of the presentation at ustream.tv.

Get Started with Rails 3 and RVM

Presentation I gave at the Spokane Ruby User Group. Wednesday March 3rd, 2010.

"Humility must accompany all our actions, must be with us everywhere; for as soon as we glory in our..."

“Humility must accompany all our actions, must be with us everywhere; for as soon as we glory in our good works they are of no further value to our advancement in virtue.” - St. Augustine

Move EC2 AMIs between regions

Today I spent some time figuring out how to move EBS-backed AMIs between different EC2 regions. To save you the effort, here’s a quick summary:

  • create a volume from the snapshot backing the AMI

My 7 Principles of Shipping

So! Two days ago, Alex and I launched our Get Off Your Butt And Launch Your First Paying Product online course!

If you were one of the 546 brilliant and thrify people on my Advance Discount List, you would have received a hefty ($100) discount by now, right to your inbox. If you didn’t, well, now’s a great time to sign up.

But enough with the selling. I gotta PREACH!

Behind all big ideas are tiny sumo wrestlers and gigantic...

Behind all big ideas are tiny sumo wrestlers and gigantic lightbulbs—CSS3 animated ones at that.

Chapter 7 update

As a couple different readers noted, there was a mistake in the flow of Chapter 7 of the Ruby on Rails Tutorial book: the error messages shown in Figure 7.5 didn't actually appear in the tutorial as written, since there was no call to @user.save in the create action to generate them.

March Madness!

Okay, so maybe madness is a strong word, but March is here, and Ruby and Rails events are back in full swing! We’ll be all over the globe talking Ruby, Rails, and for a special treat, Cloud Computing. If you’ll be in any of the areas we’re visiting, be sure to get in touch—we’d love to meet you!

MountainWest RubyConf

March 11-12 | Salt Lake City, UT

In-depth JRuby Q&A: What Makes JRuby Tick in 2010?

JRuby is undoubtedly the most mature of the alternative Ruby implementations. Supporting Ruby 1.8.7 and 1.9.1 (mostly!) and JIT compilation, JRuby is already in use in mission critical Ruby apps and runs scarily fast on the JVM. In this interview with JRuby core member, Charles Nutter, we dig deep into what makes JRuby tick.

mapsite:inakinney - inakinney

buy minocycline expiration date minocycline without prescription

differin online without prescription differin without prescription

buy cheap ranitidine ranitidine without prescription

maxalt without prescription prescription generic maxalt

order viagra maintaining an erection viagra prescriptions

Articles | Rails Fire

Articles

Hijack: Get A Live IRB Prompt For Any Existing Ruby Process

jackSometimes taking an app down for debugging purposes is just not an option.

Getting ready to rumble

Getting ready to rumble

I’m super pumped about participating in the Rails Rumble again this weekend.

Live blogging BizConf Day 2

Obie Fernandez and Roy Singham

Day 1 of BizConf was phenomenal and I’m going to try and keep up the live blogging for day 2. I missed the lightning talks last night but heard great things from everyone who went. I’ve got my camera charged up today so I’ll try and get some pictures of the presenters as well.

Fixing ActiveRecord::Base.all and making it friendlier to named_scope

Search feature of this blog is powered by following named_scope.

named_scope :search, lambda { |search_term|
   { :conditions => ["title LIKE :search_term or body LIKE :search_term", { :search_term => "%#{search_term}%"} ]  }
}

I want to search for all sinatra related articles.

New Poster: Folk Psychology Conference

Folk Psychology Conference Poster

Well, it may be holiday time for many people, but it hasn’t been for us. We’ve been up to (and past) our eyeballs in work, particularly graphic design work, for the past several months. One of the items we’ve been working on is this.

Rescue exit

While debugging an unrelated problem in Nanite I've stumbled over this feature in Ruby:

You can rescue the call to Kernel.exit.

Calling exit will just raise a SystemExit exception that can catched as any other. 

#!/usr/bin/env ruby

begin
  exit
rescue SystemExit => e
  puts "somebody wanted to #{e}"
end

puts "after exiting"

This is clearly documented in the RDoc but still I was surprised.

ActiveJquery - Without git

If you pull the files, and install them without using rails plugin code, there
is a "install" script that copies things into the right place.

The file will be in: #{projectroot}/vendor/plugins/activejquery

So for me, its in the following directory:
/Users/gwest/mymrp2/vendor/plugins/activejquery

As you can see it, actually copies a few files into the right place in your project.

directory = File.dirname(__FILE__)
copy_files("/public/css", "/public/css", directory)

Registration Now Open for Essential Javascript

Registration is now open for Essential Javascript with jQuery, a one-day, action-packed, fun-filled workshop for everyone that wants to learn how to integrate Javascript into their .NET, Rails, PHP, or straight-HTML web applications.

We’ve secured a great location right in the heart of Chicago’s downtown (right across the street from the Sears Tower, in fact).

If you’ve been wanting to learn Javascript, our friendly, inclusive workshop is the place for you.

Upgrading an Existing App - shortened git commands into one

Update Rails and gem

First, you'll need to update Rails and Ruby gem to the desired version. Briefly:

$ sudo gem install rubygems-update
$ sudo update_rubygems

and:

$ gem install rails
OR
$ gem install rails --version "=2.2.2"

Preparing your SCM

If you're using a SCM with powerful (and easy) branching such as Git now might be a good time to make a new branch of your app that you can use to keep your upgrade work separate from the main branch. When your upgrade is finished you can m…

Be Nice and Have Fun

Yet again, we’re experiencing a firestorm that will shake things up and change the Ruby community in a big way. But like anything else, the best thing we can do is remember that the sky is not falling, and that all internet drama is ephemeral at best.

Sure, we’ll all dearly miss a valued community member who inspired many of us. But thanks to distributed revision control systems, we’ll be able to commemorate _why through his works, currently being mirrored on github .

64-bit | Rails Fire

64-bit

Upgrading to Snow Leopard

Last Friday, Apple released their new OS version: Snow Leopard.
Upgrading to SL is very easy and even gives you back quite a lot of HD space.
However a few things have changed in the OS and you need to understand what is going on so you won't get frustrated with the updating process and won't be wasting time fighting with the system.

Snow Leopard

Syndicate content