Juggernaut: Server-side push for Rails

Juggernaut is a combination of a small Ruby server, a Flash bridge, and a plugin that makes it easy to do server-side push systems in Rails. I played with this idea with Rich Killmer a few years ago and even made a small demo system to present at a conference, but never made it to the finish line of something releasable. So it’s fantastic to see that the guys behind Juggernaut did.

DoS Vulnerabilities in REXML

The ruby-security team have published an advisory about a DoS bug affecting REXML users. Almost all rails applications will be affected by this vulnerability and you’re strongly advised to take the mitigating steps recommended in the advisory. If you’re not sure whether your application could be affected, you should upgrade.

The announcement contains details describing the monkeypatch solution, but to summarise:

Versions 1.2.6 and earlier

  1. Copy the fix file into RAILS_ROOT/lib
  2. Require the file from environment.rb
    require ‘rexml-expansion-fix’

Versions 2.0.0 and later

Copy the fix file into RAILS_ROOT/config/initializers, it will be required automatically.

This fix is also available as a gem, to install it run:

gem install rexml-expansion-fix

Then add require ‘rexml-expansion-fix’ to your environment.rb file. The manual fix and the gem are identical, if you have applied one you do not need to apply the other.

Josh Peek officially joins the Rails core

Josh Peek has been a defacto Rails core committer for a while, but for some reason we’ve never actually made the appointment official. So here it goes: Josh Peek is the latest Rails core team member. Three cheers hurray!

Josh has been working on a Google Summer of Code project to bring thread safety to Rails and is just about ready to wrap it up. Rails 2.2 will be thread safe thanks to the work that Josh has put into it.

Of more importance, though, is the significant effort put into making things faster and cleaner as part of that push. The actual thread safety won’t really matter much to most people, but it’ll surely look nice on your enterprisey check list of Features Your Framework Must Have To Get Play Around Here.

In any case, please welcome Josh!

Hackfest

And once again, hackfest is back. Only this time, it’s better than ever, thanks to Git

The idea is quite simple. You get 5000 points for each of your patches that get merged to the core. The person with the highest points at the end of the month wins.

August hackfest is already on and almost 3 more weeks to go, so hack on for the first prize – a free pass to RailsConf Europe ( special thanks goes to O’Reilly for the prize )

If you’ve never contributed to Rails before, now is a good time. This railscast is a nice head start.

Thanks to all those who have contributed to Rails, making it better and better.

Bratwurst on Rails at RailsConf Europe

From the Bratwurst on Rails team:

Fellow Rubyists from Berlin cordially invite all participants of RailsConf Europe to a barbecue in good old German tradition. The event is an opportunity to socialize and meet the conference participants in a relaxed atmosphere, and to make your name or brand known amongst them. Members of the Berlin Ruby Usergroup will take care of your stomach, and drinks will be available at fair prices.

The venue will be in the heart of Berlin, close to the conference venue. Entry will be free, as will the food. (If you’re interested in sponsoring, have a look at our sponsoring packages and feel free to contact the organisation board via sponsoring@bratwurst-on-rails.com). Your bratwurst awaits you!

It’s happening September 1st.

This Week in Rails (July 26, 2008)

Welcome to the fourth edition of This Week in Rails, a weekly (and occasionally fortnightly) report with highlights from the Rails community.

David broke the news of the availability of confirmed and scheduled talks at RailsConf Europe which will be taking place this coming September. As you can see there will be a lot of exciting material this year, too.

The e-book Ruby on Rails 2.1 – What’s New is now available in 7 languages: English, Portuguese, Japanese, Simplified and Traditional Chinese, Italian and Korean. A Spanish version is coming as well. Olé!

A couple of weeks ago I took a close look at three Rails 2.1 database related bugs. On the same day, Phusion Passenger 2.0.2 was released. This edition backports a few bug fixes, including one for a small memory leak, and as such it’s highly recommended for anyone using Passenger 2 (aka mod_rails).

Kawaii is a web-based utility like script/console. The output of the inserted expression is visually appealing when compared to the one we’re used to in the shell. Speaking of shiny things, version 2 of the Open Flash Chart plugin was released. This page shows a few wicked cool, professional looking charts (and their code) that can be generated with it.

The article Mulling Over Our Ruby On Rails Full Text Search Options discusses a few possible options for performing full text searches in Rails applications. When it comes to Sphinx, there are then two prominent plugins: UltraSphinx and ThinkingSphinx. Rein Henrichs from Hashrocket, compares the two approaches in his post titled A Thinking Man’s Sphinx.

The team behind Rails-Doc.org added a few more functionalities, including the ability to document the API for multiple versions of Rails.

Other noteworthy articles were the following:

Ryan Bates was interviewed by FiveRuns and his insightful answers are reported in Rails TakeFive: Five Questions with Ryan Bates. He also published a couple of new railscasts on Liquid safe templates and on Session Based Models.

Rails Envy podcast number 39 was published this week. Check out also their hilarious video about Outdated HTML. And if you haven’t done so already, don’t miss the funniest voicemail and remix the Rails community has heard to date: We ain’t got no RSpec.

If you’d like to read more updates from the Ruby side of things, please head over to This Week in Ruby.

Internationalization in edge Rails and more

There won’t be a Living on the Edge this week, but you won’t be starved for info because the Rails community is keeping up.

Ryan Daigle has been keeping up with some of the changes on edge Rails and has done a few awesome explanatory posts on them:

Perhaps even more noteworthy is the introduction of I18n (internationalization) support to Rails core. Sven Fuchs explains the technical details and API as well as the history of Rails and I18n. I18n support is scheduled to be fully stable in the Rails 2.2 release. Have an interest in internationalization in Rails? Lend a hand with your ideas, feedback, and patches at the Google Group.