Rubyland
581 FOLLOWERS
A Rubyland Blog news, opinion, tutorials, about ruby, aggregated.
Rubyland
1h ago
Originally appeared on Ruby Central.
RailsConf always boasts an exciting variety of talks that highlight the creativity and interdisciplinary nature of the Ruby community. I thought it would be fun to curate a series highlighting our speakers' stories and their experiences in tech. Read on for today’s speaker spotlight…
Title of Talk
Crafting Rails Plugins
Speaker
Chris Oliver
How Did you get into Ruby?
I started with Rails in college working for a professor and then built my senior project in Rails.
What’s your favorite part about working on Open Source Software?
It's amazing how much you can ..read more
Rubyland
4h ago
Originally appeared on RichStone Input Output.
ConcreteAPI is a project inspired by AbstractAPI.com.
AbstractAPI offers a set of utility APIs so you as the developer do not have to build a bunch of stuff that someone else already has a solution for. According to AbstractAPI, the most popular APIs are email address and phone validation APIs, Geolocation API and data enrichment API.
The goals of the ConcreteAPI project are:
Instead of having those APIs, landing pages and docs scattered all over, have everything in one place using a great doc generation platform.
Have SDKs for different languag ..read more
Rubyland
8h ago
Originally appeared on Julia Evans.
A new thing I’ve been trying while writing this Git zine is doing a bunch of polls on Mastodon to learn about:
which git commands/workflows people use (like “do you use merge or rebase more?” or “do you put your current git branch in your shell prompt?”)
what kinds of problems people run into with git (like “have you lost work because of a git problem in the last year or two?”)
which terminology people find confusing (like “how confident do you feel that you know what HEAD means in git?”)
how people think about various git concepts (“how do you think about ..read more
Rubyland
1d ago
Originally appeared on Rémi Mercier.
Let me tell you about what my day looks like in a team with no standards, no conventions, and no processes in place.
Every time I work on a new API endpoint, I wonder about:
Which routing syntax should I pick from the four pre-existing syntaxes used in the file?
Should I shallow nest my controller action as per SomeController or shouldn’t I shallow nest as per AnotherController?
What about resource fetching? In a callback? Memoized perhaps?
Am I to authorize the parent resource or the actual resource through Pundit? Why are there custom methods in our poli ..read more
Rubyland
1d ago
Originally appeared on Hi, we're Arkency.
Do you tune out Ruby deprecation warnings?
Looking into deprecation warnings is an essential habit to maintain an up-to-date tech stack. Thanks to the explicit configuration of ActiveSupport::Deprecation in the environment-specific configuration files, it’s quite common to handle deprecation warnings coming from Rails. However, I rarely see projects configured properly to handle deprecation warnings coming from Ruby itself. As we always want to keep both Rails and Ruby up-to-date, it’s crucial to handle both types of deprecation warnings.
How does Rail ..read more
Rubyland
1d ago
Originally appeared on The Ruby on Rails Podcast.
RailsConf is coming up fast! The program committee has released the schedule and keynote speakers. Ufuk Kayserilioglu joins the show to talk about the program and Ruby Central
Show Notes
Kevin's blog post about RailsConf https://kevinjmurphy.com/posts/tracks-not-at-railsconf-2024/
RailsConf website & registration https://railsconf.org/
If you have comments about this episode, send an email to . You can include a text comment or attach a file from Voice Memos or Google Recorder and we’ll respond to some of them on a future show.
Sponsors
H ..read more
Rubyland
1d ago
Originally appeared on http://blog.segiddins.me/.
Welcome to my sixth update as Ruby Central’s security engineer in residence, sponsored by AWS.
My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.
Fixing a common source of ONCALL pages
As I mentioned last week, I had found that by far our most expensive query was for reverse dependencies of a gem. I shipped my fix last weekend, and it sure made a difference.
Fixing N+1 Queries
Unfortunately, most of my week was spent on RubyGems.org operational issues. I h ..read more
Rubyland
2d ago
Originally appeared on RubySec.
### Impact The vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj) wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. ### Patches Upgrade to [3.0.7](https://rubygems.org/gems/carrierwave ..read more
Rubyland
2d ago
Originally appeared on Ruby Central.
Hello! Welcome to the March newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.
In February, Ruby Central's open-source work was supported by Shopify, AWS, the German Sovereign Tech Fund (STF), as well as Ruby Central memberships from 29 other companies, including Zendesk and Ruby Shield sponsor and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 174 members. Thanks to all of our members for making everything that we ..read more