This Week in Rails (September 10, 2008)

Welcome to the fifth edition of This Week in Rails, a weekly report with highlights from the Rails community. Antonio Cangiano (the original author) has been pretty busy, so I figured I’d step in this week.

As you probably already know, Rails 2.0.4 and Rails 2.1.1 were released this week. Both are mostly bug fixes, but checkout the changelog if you want all the details.

If your Rails app has alot of heavy duty SQL Queries you may want to take a look at a plugin by Fernando Blat called Query memcached. This plugin overwrites Rails default query cache functionality, storing all database queries in memcached for use by sequential requests.

Have you ever implemented an advanced search page for a Rails application? If yes, you may have ended up with bloated controller code. One solution to the problem is Searchgasm by Binary Logic which helps you do object based searching, and keep your search code clean and simple.

Ryan Daigle told us about some great new features in Rails Edge, including Connection Pooling, Shallow Routes, and Mailer Layouts. We should be getting a Rails 2.2 beta any day now, so stay tuned for that.

If you have any Java friends who use Apache Derby who are looking to try out JRuby, Michael Galpin wrote up an introduction to Rails using JRuby and Derby.

Last week Mark Imbriaco from 37 Signals put together a great blog entry and screencast which shows how they use HAProxy in their server setup. If you’re not familiar with the benefits of using HAProxy over the apache round robin load balancer, you need to watch his screencast.

Perhaps you’ve started using jQuery instead of Prototype for Rails. You might have used a plugin for this (ex. jQuery on Rails), but if you started from scratch you might have run into that problem with sending authenticity tokens with your AJAX requests. Lawrence Pit posted the jQuery code you’ll need to take care of this.

Neverblock is a library that allows you to use Ruby Fibers to write non-blocking concurrent code. This project recently released a non-blocking PostgreSQL adapter, a non-blocking MySQL adapter, and most recently got their Fiber library running on Ruby 1.8 with Rails with some amazing benchmarks! It’s still a very young project, but it’s one more step towards a safely multi-threaded Rails stack.

Lastly, I’ve got some events to tell you about. Ruby DCamp is taking place October 11th-12th in Arlington, VA, the Rails Summit Latin America is taking place October 15th and 16 in Sao Paulo, Brazil, and the South Carolina Ruby Conference is on October 18th in Columbia, SC.

Thanks for reading! If you would have rather listened to this information (with slightly more detail), you should check out the Rails Envy Podcast #46 which came out today. It’s no mistake that it’s covering the same material (I help with the podcast).

Guides Hackfest

I’m pleased to finally announce the Rails Guides Hackfests. And we got really exciting prizes too! There is a list of guides available at Lighthouse You can select one of those, update the ticket and start writing the guide straight away.

For each completed guide, the author will receive all of the following prizes :

You can find more details at

Special thanks to GitHub, Newrelic & Caboose documentation project for making the hackfest a lot more exciting!

Rails 2.0.4: Maintenance release

Thanks to Git it’s been a lot easier to maintain older branches of the code base, so we’ve taken the opportunity to backport a bunch of bug fixes to the 2.0 branch and here’s the release for that.

The only major issue is that we’ve fixed the REXML DoS vulnerability with a monkey patch that ships in the box. So if you’re on 2.0 and haven’t dealt with the issue already, you can upgrade to 2.0.4 and get it fixed.

You can install with: gem install rails --version 2.0.4

See all the changes

UPDATE: The actual 2.0.4 gem didn’t get published yesterday due to a bug in the release script. It’s been fixed and 2.0.4 is actually available on the main gem repository. Sorry about that!

Tell your Rails story

I’ve been receiving some very moving stories about how people came to be Rails programmers from incredibly diverse backgrounds over the years. I even talked to a taxi driver once who was taking me to the airport that was doing Rails. Or the guys who were looking to quit programming who started enjoying it again with Rails.

All these are powerful stories that I’d love if we could share with the world. So let’s try to do that! If you have a great story about how you came to Rails, then please send it to david at loudthinking dot com with the subject “My Rails story”. I’ll filter all those into a folder and we’ll find a way to publish them.

Juggernaut: Server-side push for Rails

Juggernaut is a combination of a small Ruby server, a Flash bridge, and a plugin that makes it easy to do server-side push systems in Rails. I played with this idea with Rich Killmer a few years ago and even made a small demo system to present at a conference, but never made it to the finish line of something releasable. So it’s fantastic to see that the guys behind Juggernaut did.

DoS Vulnerabilities in REXML

The ruby-security team have published an advisory about a DoS bug affecting REXML users. Almost all rails applications will be affected by this vulnerability and you’re strongly advised to take the mitigating steps recommended in the advisory. If you’re not sure whether your application could be affected, you should upgrade.

The announcement contains details describing the monkeypatch solution, but to summarise:

Versions 1.2.6 and earlier

  1. Copy the fix file into RAILS_ROOT/lib
  2. Require the file from environment.rb
    require ‘rexml-expansion-fix’

Versions 2.0.0 and later

Copy the fix file into RAILS_ROOT/config/initializers, it will be required automatically.

This fix is also available as a gem, to install it run:

gem install rexml-expansion-fix

Then add require ‘rexml-expansion-fix’ to your environment.rb file. The manual fix and the gem are identical, if you have applied one you do not need to apply the other.