Ruby on Rails 2.3.7 Released

With the 2.3.6 release hot out of the oven, Nathan Weizenbaum began updating HAML to support it. He uncovered a couple of bugs in the HTML-safety changes backported from Rails 3, so we’re cutting a 2.3.7 release to fix them.

If you use the rails_xss plugin for automatic HTML escaping, you should upgrade to Rails 2.3.7 and the latest rails_xss plugin.

If you don’t use the rails_xss plugin yet, now’s the time to start. It’s baked in to Rails 3.

Update: fixing compatibility with the rails_xss plugin broke HTML-safety for apps that don’t use rails_xss. We’re sorry, all: HTML-safety is meant to be opt-in! The fix is available now in 2.3.8.pre1 and will be released shortly.

Ruby on Rails 2.3.6 Released

We’ve released Ruby on Rails 2.3.6: six months of bug fixes, a handful of new features, and a strong bridge to Rails 3.

We deprecated some obscure and ancient features in Rails 2.3.6 so we could cut them entirely from Rails 3. If your app runs on Rails 2.3.6 without deprecation warnings, you’re in good shape for a smooth sail onward.

This slow-cooked dish is brought to you some 87 committers from our all-volunteer kitchen.

Now, let’s open the goodie bag!

Action Pack

  • Upgrade Rack from 1.0.1 to 1.1.0.
  • XSS prevention: update to match Rails 3 and move to the official plugin at http://github.com/rails/rails_xss.
  • Cookies: convenient cookie jar add-ons to set permanent or signed cookies, or both at once: cookies.permanent.signed[:remember_me] = current_user.id. Read more.
  • Flash: promote alert and notice, the most common flash keys in many apps, to self.alert = '...' and self.notice = '...'. Add redirect_to url, :alert => '...' and :notice => '...'. Read more.
  • i18n: localize the label helper.

Active Record

  • Namespacing: support optional table name prefixes on modules by defining self.table_name_prefix. Read more.
  • Destroy uses optimistic locking.
  • Counter cache: use Post.reset_counters(1234, :comments) to count the number of comments for post 1234 and reset its comments_count cache.
  • PostgreSQL: always use standard-conforming strings, if supported.
  • MySQL: add index length support. Read more.
  • MySQL: add_ and change_column support column positioning using :first => true and :after => :other_column.

Active Support

  • Upgrade i18n from 1.3.3 to 1.3.7.
  • Upgrade TZInfo from 0.3.12 to 0.3.16.
  • Multibyte: speed up string verification and cleaning.
  • JSON: use YAJL for JSON decoding, if available. gem install yajl-ruby
  • Testing: add assert_blank and assert_present. Read more.
  • Core: backport Object#singleton_class from Ruby 1.8.8, deprecating our Object#metaclass.
  • Core: add Object#presence that returns the object if it’s #present? otherwise returns nil. Example: region = params[:state].presence || params[:country].presence || 'US'
  • Core: add Enumerable#exclude? to match include?.
  • Core: rename Array#rand to Array#random_element to avoid collision with Kernel#rand.
  • Core: rename Date# and Time#last_(month|year) to #prev_(month|year) for Ruby 1.9 forward compatibility.

Active Resource

  • JSON: set ActiveResource::Base.include_root_in_json = true to serialize as a hash of model name → attributes instead of a bare attributes hash. Defaults to false.

Action Mailer

  • Upgrade TMail from 1.2.3 to 1.2.7.

Railties

  • Silence RubyGems 1.3.6 deprecation warnings.

Peruse the commit log for the full story.

Community Highlights

It’s that time again, to summarize a few interesting Rails links to highlight some of the best of the community. All of these were initially covered on the Ruby5 Podcast, the twice weekly Ruby newscast.

Rails 3 Content

The next Rails3 Bugmash is taking place May 15th and 16th. If you’ve never contributed to Rails, this is your chance to give back a little and do your part to make Rails 3 the best version ever.

To get a complete picture of routes in Rails 3, Rizwan Reza covered it best in an article over on the Engine Yard blog. If you dig the Engine Yard Rails 3 content, they recently created Rails Dispatch, where they have articles and screencasts published weekly.

Alex Maccaw recently used the Rails 3 ActiveModel abstraction to build an ActiveRecord-like in-memory database called Supermodel. You get all of the ActiveRecord goodness, such as validations, callbacks, and observers, but with none of that database headache.

As you may already know, the arel library from Rails 3 gives us a great new syntax for creating queries. Under the covers, arel converts your where conditions into sql is by using something called a PredicateBuilder. Ernie Miller recently put out a plugin called MetaWhere that takes advantage of these PredicateBuilders to give arel even more functionality.

Lastly, if it’s still not clear to you how awesome bundler is, go read Yehuda’s recent post on the topic.

Authorization

Do you ever find the need to access current_user in your models? This is often required when you’re logging model/table changes on a per user basis. There are many hacks to accomplish this, but David Bock has a gem called SentientUser which does this a little cleaner.

Once your websites goes big and you start to worry about malicious user attacks, you may want to take a look at Arto Bendiken and Brendon Murphy’s Rack::Throttle Middleware. Throttle does just want you think it does, allowing you to limit the number of requests a user can ping your site (per second).

Lastly, Ryan Bates released version 1.1 of CanCan, his authorization and permission library that allows you to restrict what your users can do throughout your application.

Service Libraries

You may have heard that the Facbook API is now adopting OAuth2. If you’re ready to jump in, Michael Bleigh released the OAuth2 gem just last week.

Rails makes a great RESTful backend for iPhone applications, and recently Anthony Moralez created APN_on_rails which makes it super easy to do Apple Push Notifications.

There’s no need to reinvent the wheel if your Rails application needs e-commerce, this is where the Spree gem comes in, which recently hit version 0.10.0, containing a bunch of new features.

Testing

Does your Rails application have a monster testing library that takes forever to run? Then it may be time to take a look at Hydra by Nick Gauthier, a distributed testing framework which allows you to run your tests in parallel locally or across remote servers.

Some people think cucumber can be too verbose for integration tests (which clients may never read). If you think cucumber is for vegetarians, then perhaps it’s time to taste some Steak by Luismi Cavalle. Steak is a small library which helps you generate quick and clean acceptance/integration tests using RSpec.

Talking about RSpec, there are some new conventions out there to clean up your old RSpec code. If you haven’t started using “Let”, then it may be time to look through a few of Jon Larkowski’s slides.

Additional Useful Libraries

If you ever find yourself with odd memory issues then it’s probably time to use memprof.com, a new web service by Joe Damato and Ruby Hero Aman Gupta. Memprof allows you to collect memory usage information from a Ruby process and immediately upload and view it using an intuitive web interface.

Rails applications are often full of forms, and sometimes you even need to give your clients the ability to create different types of forms or surveys. This is where the Census gem comes in, providing an admin interface for creating forms, and even the ability to search through the results.

To wrap things up, delayed_job recently hit 2.0, and you’ll want to upgrade if you have an older version. The new version has some performance improvements and adds support for non-ActiveRecord ORMs.

Additional Content

To keep track of Ruby conferences check out Ruby There, a listing of all the upcoming conferences and even when the Call for Proposals are due.

For more news and libraries check out the Ruby5 podcast. If you don’t usually listen to audio, you can just subscribe to the RSS feed which contains a summary of everything covered.

If you have any stories/libraries you’d like to spread the word about, feel free to email ruby5@envylabs.com and we’ll at least get you covered on the podcast. Thanks!

Image Credit: Blue Sky on Rails by ecstaticist, Analog Solutions 606 Mod by Formication, Rainbow by One Good Bumblebee. Orange County Security by henning, remember by tochis, Darwin Was Right About Media Players! by Neeku, remote controls by redjar.

This post has been translated into Belorussian provided by PC

Rails 3.0: Third beta release

We’re marching towards the release candidates with hurried steps, but along the way we stopped by for another beta. This one spins out a few overdue extractions into plugins (see http://github.com/rails/verification and http://github.com/rails/dynamic_form), fixes a security issue with cookies, crosses a few t’s and dots a few i’s. Upgrading from beta 2 is recommended.

As always, you can install the latest beta with gem install rails --pre.

We’ll see you again soon for the release candidate.

Rails 3.0: Second beta release

It took longer than we thought, but then again, what doesn’t? This is the second beta release of Rails 3.0 and hopefully our last stop before a release candidate. There are still a handful of known regressions (see the list at the end), but we’ve made huge strides since the last release and so have auxiliary tools like Bundler.

You can find all the detailed changes in the the CHANGELOGs for each framework: Action Mailer, Action Pack, Active Record, Active Resource, Active Model, Active Support, Rails.

Please install beta 2 and try it out with new and existing applications. (gem install rails --prerelease after you make sure you’re on Ruby Gems 1.3.6 with gem update --system).

You can use Jeremy McAnally’s excellent rails_upgrade plugin to take a 2.3.x app to 3.0 (and get his update book too). There are already a good number of Rails 3 applications live in the wild.

Thanks a million to everyone who’s been working on this. Rails 3 is a mighty big barn and it’s been a joy seeing the community come together to raise it.

Note that Ruby 1.8.7 p248 and p249 has marshaling bugs that crash both Rails 2.3.x and Rails 3.0.0. Ruby 1.9.1 outright segfaults on Rails 3.0.0, so if you want to use Rails 3 with 1.9.x, jump on 1.9.2 trunk for smooth sailing.

Known regressions: Rails crashes unless configuration.action_controller.session is set, config.thread_safe does not work, Unable to run a RJS partial from an HTML template, Backtrace silencers oftem remove application lines from test failures backtraces, Active Record double escapes error_messages_for

Ruby Hero Awards 2010

Ruby Heroes

It’s that time again to take a moment to think about those people who have impacted Ruby community but have not received the recognition they deserve. We have given away twelve awards in the past two years at Railsconf, and this year we are preparing to give away six more.

But we need your help.

So, if you know someone who has contributed to our community this year please take a moment to show some gratitude by nominating them on RubyHeroes.com. A month from now the Ruby Heroes from last year will look at the nominations and decide who should receive the awards (this way there’s no popularity contest). However, your nominations do matter, so please take a moment and spread the gratitude.

The winners will be announced live on stage at Railsconf 2010, and posted here shortly there after.

Rails and the Enterprise

If you have been in the Rails community for a little while, you have more than likely noticed the love/hate relationship that is entertained by the community vis-à-vis the Enterprise. Some people hate the enterprise and publicly tell it to go f*ck itself (49:39), on the other hand, these same people are also proud to mention that some major players in the industry use Ruby and Rails.

The truth is that even though Ruby and Rails could still be more Enterprise ready, it is already a great combo that big corporations can start using today, and lots of then already do! Let's look at the state of Rails and the Enterprise.

So where are we at?

  • First things first, Rails was not designed for the enterprise or for the enterprise's needs. It was extracted from a successful startup project and has grown with the contribution of people using Rails daily. But Rails is also based on Ruby which became very popular and started to be used in different places, including NASA, for instance.
  • 37signals still does NOT need "Enterprise features" and therefore don't expect any 37signals engineers to write an Oracle Adapter or a SOAP layer for ActiveResource and push for their adoption.
  • Rails is far more than a framework used by 37signals. It is an Open Source project with code being contributed daily by people on other projects. Most of the code does not directly benefit 37signals.
  • The Enterprise is evolving: economic crisis, a new generation of developers, new management, insane deadlines. Ruby and Rails have quickly become very attractive for the Enterprise and having big companies acting as startups is often something a lot of managers dream of. As a matter of fact, here is a quote from Sony Computer Entertainment America's President & CEO, Jack Tretton: "Be like a multi-billion dollar company on the outside, and act like a startup on the inside". This change has taken a while because the Enterprise is a big mammoth (or insert another of your favorite gigantic, slow-starting animal here), but it's happening.
  • Communication with/in big companies is not as straight forward as when dealing with startups who need/thrive for the outside attention and who don't have all the red tape of a PR department, etc. Here is a simple example: I work for Sony Playstation. My job description mentioned Redis, MongoDB, EventMachine and many other technologies I did not know Sony was using in production. I did not realize that my default production stack would be built on Ruby 1.9. Communicating when you're a part of a big company is more challenging than when you are a team of 5 engineers working on a cool project, and therefore a lot of people don't know what technologies are being used by Company X or Company Y.
  • Rails is used by lots of big companies. It might not be obvious and you might have to look at the job offers but people like AT&T, Sony and many others are always looking for talented Ruby developers. And, even though Java and .NET are still ruling the Enterprise kingdom, dynamic languages are slowly but surely catching up. Rubyists are climbing the social ladder and are now in positions to push the language they love.

Understanding the Enterprise's needs

It's kind of hard to define "the Enterprise's needs", however I can testify that the needs and requirements of a so called "Enterprise app" are slightly different than those encountered when you work on a startup app. What the Enterprise needs/wants:
  • reliability
  • support
  • performance
  • advantage over the competition
  • integration and transition path

Reliability

I think that it was proven many many times that Rails scales and can be very reliable as long as you know what you are doing. We are not talking anymore about a buzz framework that just got realized and that cool kids play with but rather, a stable platform used by some of the most popular web applications out there.

Support

This point is something the Rails community can be proud of. We have lots of forums, blogs, books, local meetings, conferences... Yes, Rails is OpenSource and you can't buy yearly support from the core team but you will find all the help you need out there. (If you can't, feel free to contact me and I'll direct you to people who can help, and if you are new to Rails, take a look at http://railsbridge.org/)

Performance

Based on my own experience, the level of performance we have using Ruby and Rails is more than enough for the Enterprise world. This is especially true with Ruby 1.9 greatly improving performance and Rails3 optimizations. If you really need part of your code to run as fast as C code, writing a C extension for Ruby is actually quite easy and will solve your speed issues.

Advantage over the competition

Rails comes with certain ways to do things, conventions that will get you up and running in much less time. Ruby as a language is natural, intuitive and easy to maintain. By choosing the right tools for your project, you will definitely be able to get more done in less time and increase your business value faster. Let's not forget the strong value of testing in the community that will push your team to write tested code and more than likely improve the overall code quality of your products.

Integration and transition path

This is probably the part that is the most challenging when you live in the Enterprise and look into using Ruby & Rails. I was recently talking to someone from Google who used to do a lot of Ruby before joining the Mountain View-based company. We were talking about how he loves Ruby but had such a hard time integrating with existing Enterprise solutions. He mentioned how he got frustrated by the lack of great XML tools, bad/complicated SOAP libraries and a few others I can't remember. The truth is that when my friend was using Ruby this all was true. REXML and soap4r are useful but might not perform that well. Luckily as the community has grown, new tools have come up and today Nokogiri (developed and maintained by AT&T engineer's Aaron Patterson) can easily be used instead of REXML and many libraries are known to be better than soap4r such as savon, handsoap and others. The other good news is that major IT companies such as Apple, Microsoft and Sun(RIP) have adopted Ruby and you can now write your code in Ruby and use native libraries from other languages such as Java, .NET or Objective-C. The transition path can be done smoothly without having to commit to a total rewrite.

Database-wise, Oracle is still a viable option for Rails developers thanks to the Oracle ActiveRecord adapter (by R.Simanovskis). Note that your DBA might curse you for not doing optimized queries using bind variables and all the Oracle Magic spells, in which case you can use Sequel, a great ORM supporting Oracle, and some of its unique features.

Deployment-wise, you can deploy on IIS, Tomcat, Glassfish, Apache, Nginx, or almost anything mainstream you are already using. Using Passenger, deployment is as easy as deploying a PHP app and you also get a series of great tools such as Capistrano, Vlad etc...

So basically, thanks to passionate Rubyists working 'for the man' such as Aaron Patterson, Raimonds Simanovskis and others, using Ruby in the Enterprise is much much easier. Ruby and Rails were not initially designed with the Enterprise in mind but with time, the integration has become smoother and both parties can now enjoy reciprocal benefits.

Ruby Summer of Code

Rails participated in Google’s summer of code program for the first time last year. We got four great projects and three long-term contributors from the effort, including Josh Peek and José Valim, who’ve both joined Rails core, and Emilio Tagua, who revitalized Arel and integrated it with Active Record.

We applied again this year but didn’t make the cut, so we moped for a day then thought, why not make this happen ourselves. So here we are kicking off the first Ruby summer of code together with Engine Yard and Ruby Central.

Head over to rubysoc.org to get started and start following @rubysoc for news.

We’re following Google’s example closely:

  • students are paid a $5000 stipend to work full-time during their summer break
  • a group of Ruby gurus volunteer their time as mentors
  • mentors vote on student proposals based on usefulness, benefit to the Ruby community, and history of motivated open source contribution

We’re looking for full- and half-summer sponsors as well as individual donations. We’ll fund as many students as we can. Donate this week and our own Aaron aka tenderlove will match it! Aaron tapped out, you dogs :-) Thanks Aaron! Now Chad and Kelly Fowler are matching! Donate now!

Ruby gurus, consider mentoring a student this summer. Volunteering to guide the next generation of Ruby developers is a challenging and rewarding effort.

Students: start your engines! Check out our ideas list and start brainstorming. Applications begin on April 5!

Ruby and Rails Conferences 2010

There are an incredible amount of Ruby & Rails conferences coming up in the next 6 months. See below to find one in your neck of the woods.

MountainWest RubyConf

March 11-12 – MountainWest RubyConf in Salt Lake City, UT, USA

Cost: 100 USD

Rails Camp New England

March 12-15 – Rails Camp New England in West Greenwich, RI, USA

Cost: 150 USD

RubyConf India

March 20-21 – RubyConf India in Bangalore, India

Cost: 1000 INR

Scottish Ruby Conference

March 26-27 – Scottish Ruby Conference in Edinburgh, Scotland

Cost: 195 GBP

Ruby Nation

April 9-10 – Ruby Nation in Reston, VA, US

Cost: 259 USD

RailsCamp Canberra

April 16-19 – RailsCamp Canberra in Canberra Australia

Cost: 210 AUD

Great Lakes Ruby Bash

April 17 – Great Lakes Ruby Bash in Lansing, MI, USA

Cost: ?

RubyConf Taiwan

April 25 – RubyConf Taiwan in Taipei, Taiwan

Cost: 400 TWD

ArrrrCamp #3

April 30 – ArrrrCamp #3 in Ghent, Belgium

Cost: Free

Red Dirt RubyConf

May 6-7 – Red Dirt RubyConf in Oklahoma City, OK, USA

Cost: ?

Frozen Rails

May 7 – Frozen Rails in Helsinki, Finland

Cost: 99 EUR

Nordic Ruby

May 21-23 – Nordic Ruby in Gothenburg, Sweden

Cost: ?

GoRuCo

May 22 – GoRuCo in New York, NY

Cost: ?

Euruko

May 29-30 – Euruko in Krakow, Poland

Cost: ?

RailsWayCon

May 31-June 2 – RailsWayCon in Berlin, Germany

Cost: 699 EUR

RailsConf

June 7-10 – RailsConf in Baltimore, MD, USA

Cost: $695

Ruby Midwest

July 16-17 – Ruby Midwest in Kansas City, MO

Cost: $75

RS on Rails

August 21 – RS on Rails in Porto Alegre, Brazil

Cost: R60

Lone Star Ruby Conference

August 26-28 – Lone Star Ruby Conference in Austin, TX, USA

Cost: ?

Ruby Kaigi

August 27-29 – Ruby Kaigi in Tsukuba, Ibaraki, Japan

Cost: ?


If I missed any (or have any information wrong) feel free to leave a comment and I’ll add it to the post. FYI, I’m purposely only showing conferences in the next 6 months. I’ll do another post in 6 months to show additional ones.