RubyFlow : The Ruby Community Blog

Home   Submit   Sign Up   Log In   leaders   Twitter   RSS Feed  
 

gravis — 27 posts

http://www.tech-angels.fr

2013 in review  blog.gemnasium.com
Some unexpected stats about ruby projects and gems: 2013 in review @Gemnasium.
Hacking RubyGems servers  blog.gemnasium.com
While I was writing Serving ruby gems, the paranoid way, I gradually became interested in the rubygems API and especially in its implementation in both gem server and geminabox. This is how I started a new journey inside the internals of these two programs.
Read more: http://blog.gemnasium.com/post/63452494107/hacking-rubygems-servers
As I wrote in a previous blog post, there are good reasons to be paranoid with Ruby gems: they may have been hacked and “enhanced” with malicious code. It would be great if we could check every gem that we want to install, including their dependencies. You may think “this is not practical at all”, and you are probably right. But still, I wanted to give this idea a try and learn about the challenges that people will face if they want to review their gems before installation.
Read More
Pkgr is a high-level tool that turns Rails applications into native Debian packages. Unlike fpm and omnibus, which are generic tools mostly used for packaging system software, pkgr is specialized in Rails applications. Read more: https://discuss.gemnasium.com/t/pkgr-make-a-package-out-of-a-rails-app-in-5-minutes/59
Ruby is my everyday programming language to develop web applications. But it is also a powerful scripting language that comes with all "batteries included" for interacting with my Unix system. It is especially suited to write new command-line utilities. For instance, I often use guard to trigger some automatic processing on my files.
Read more: https://discuss.gemnasium.com/t/package-your-ruby-based-tool-the-safe-and-easy-way/44
In the past few months, I have experimented with some Pomodoro applications on my mobile phone. These were great, but I don't actually spend my days staring at my mobile phone. Something was itching me: if the whole point of the technique is to stay focused by avoiding useless context switches, then why should an external device keep stealing my attention just to be more productive? So where do I spend most of my time? In the Unix shell, interacting with the command-line! So I looked for Pomodoro tools that suit my lifestyle and this is how I discovered pomo, a Ruby Pomodoro application for the command-line. Let's check it out!
https://discuss.gemnasium.com/t/weak-dependencies/40
Most software developers tend to write code where objects are given too many responsibilities.
Code with bloated objects is more difficult to test, to understand and to maintain in the long run.
To keep the code small and focused, different strategies can be used to extract behavior.
A new gem, "casting", claims to bring the benefits of both mix-ins and delegation, but without their drawbacks.
Read more: https://discuss.gemnasium.com/t/casting-adding-behavior-to-objects-without-using-extend/34
We all know the unpleasant consequences if we were to accidentally run a malicious version of a Ruby gem. We all know the theory, but we don't feel the actual pain yet. Read more: https://discuss.gemnasium.com/t/being-paranoid-with-ruby-gems/28
A malicious gem could do pretty much everything on the environment that runs its code, from stealing critical data to taking control over the entire operating system. It may only take minutes for the malicious software to access poorly protected files or to exploit its way up, from running as restricted user to escalating to a privileged user.
Read More
Active Admin 0.6 has been released, and contains lots of changes. Here is a sum-up of these changes, to help you choosing to upgrade or not: https://discuss.gemnasium.com/t/activeadmin-0-6-0-is-out/8.
We'd like to hear if anyone had troubles while upgrading to this version.
If you wonder if you should upgrade or not, here's a sum-up of the last security issues fixed in rails 3.2.13 : http://blog.tech-angels.com/post/46249485212/should-you-upgrade-rails-from-3-2-12-to-3-2-13
Tech-Angels just launched an open-source gem to upload just the needed files from your projects: gemnasium-1.0.0.
More info on the blog post or the project readme.
Active Record Identity Map  blog.tech-angels.com
AR Identity Map makes it easier to stub Model dependencies, learn how it helps to test your controllers with ease here
The French government legalized online betting in 2011 and created an Authority (named "ARJEL") in charge of this new market. This authority enforces betting operators to follow a lot of technical rules; one of them being the tracking of all events in secure vaults. This article explains how Ruby was used to save us a lot of time.
Rails STI will be just fine for most cases. Anyway, for large databases, or when attributes vary a lot between models, using table inheritance could be very helpful. Using it with rails is really easy, learn how here.
This post isn't related to ruby, but as hard ruby devs, we couldn't resist to share our experience with this tiny tool.
It's 100% free and life-changing.
In continuation of the capistrano subject, we would like to introduce Webistrano, edited by Peritor. Webistrano is a web interface to the Capistrano tool. It pulls projects from a Git repository (in our case it’s github) and place the files on the web server. Webistrano allows to roll back to an earlier version in case of problem, it also keeps a log of every deployment. Most important, it allows users (our customers) to deploy without any direct access to servers. Read more
We just learned from http://habrahabr.ru/post/144139/ that a nice vulnerability was found in Ruby (Versions TBD soon). Read more
Capistrano-helpers  tech-angels.com
If you're using capistrano, you might find capistrano-helpers useful. See how we're using it here!
Annotate them all!  tech-angels.com
Annotator is gem to document your model attribute.
You might heard of AnnotateModels, which gives you basic column description (title, type etc.) in your model file. With Annotator, in addition to such basic info, you can add comments to the columns.
We've added Maxmind support to geocoder! You can see the pull-request and more details here.
If you're using github repos in you Gemfile, check out this tip :

http://www.tech-angels.com/post/22772521112/gemfile-trick-for-github-repositories
Tech-Angels has just launched TcpSyslog 1.0.0 gem. TcpSyslog is _rails_ logger using syslog with TCP instead of UPD.
TcpSyslog for Rails  tech-angels.fr
Just drop the file in /lib, add a config.logger line in your environment files, and you're ready to go.
Read more
A few tips / reminders to improve IRB : http://www.tech-angels.fr/post/963080350/improve-irb-and-fix-it-on-mac-os-x.
There's also an issue with reverse-search on Mac OS X fixed in this post.
Learn how to use git as a file history manager, and why you should use it in your migrations : Diff joy for your migrations with git.
If you're using Ack (the fancy grep), you won't be able to find anything in your haml views unless you use this tip.