Rails Icon


Ruby on Rails (Rails) is a web application framework written in Ruby.
93 Stories
All Topics

Ruby changelog.com/posts

CanCanCan picks up where CanCan left off

Ryan Bates' unfortunate burnout-induced hiatus from open source left his projects unmaintaned. CanCan — the much beloved authorization gem for Ruby on Rails — was no exception.

CanCan may be dead, but long live CanCanCan!

This repo is a continuation of the dead CanCan project. Our mission is to keep CanCan alive and moving forward, with maintenance fixes and new features. Pull Requests are welcome!

This is what I love about open source. Great ideas aren't bound to their creators. All it takes is one person who cares enough to pick up the torch and run with it.

Rails changelog.com/posts

Rails 4.1 to get a Spring in its step

A lot of focus lately has been put on improving Rails’ speed in dev mode. John Leighton’s Spring gem is a result of some of that focus. It preloads your Rails application and keeps it running in the background so you don’t need to boot it every time you run a test, rake task, or migration.

As of this commit Spring will be installed by default on newly generated Rails 4.1 apps.

Rails changelog.com/posts

View Rails debug messages in the browser console with Rconsole

Using log messages in Rails can be a huge timesaver when you are debugging. With Rconsole you can save even more time by having those messages appear in the browser console. Rconsole is a fairly new gem with a lot of potential.

Installation is super simple. First add it to your Gemfile:

group :development do
  gem 'rconsole', '~> 0.1.0'

Then run bundle install. Add to your layout view:

javascript_include_tag(:rconsole) if Rails.env.development?

To use Rconsole simply add rconsole.log messages where you would normally insert logger.debug, etc.

def show
  rconsole.log 'Hello, Changeloggers!'

Now your browser will display your messages:

Rconsole output

In addition to debugging, Rconsole is particularly useful when working with students or new rubyists to show the connection between what's happening in the controller and the view.

The entire code base is open source and available on GitHub.

Ruby changelog.com/posts

A startup template for Ruby on Rails 4 applications

Way back in January, I wrote a blog post called “Rails has two default stacks”. In it, I discussed how people like to customize the defaults that Ruby on Rails gives you. Your company might prefer Postgres/HAML/RSpec, for example, over the default MySQL/ERB/MiniTest.

There’s an under-used feature of Rails that allows you to automate the creation of your own stack: templates. Check it:

$ rails --help

  rails new APP_PATH [options]


-r, [--ruby=PATH]              # Path to the Ruby binary of your choice
                               # Default: /opt/rubies/ruby-2.0.0-p195/bin/ruby
-m, [--template=TEMPLATE]      # Path to some application template (can be a filesystem path or URL)

Application template? Yep. There’s very little documentation on this feature, unfortunately. There is a work in progress Rails Guide that gives some answers, but it’s not done yet.

Anyway, the TL;DR is this: you can write a little script to help initialize a Rails app just the way you want to. And Rails startup template is exactly that.

Here’s some of the things it gives you out of the box:

  1. Adds analytics-ruby, simple_form, uuidtools, rspec, guard-rspec, and bourbon gems, as well as a few more.
  2. Creates a new git repository, and optionally a new one on GitHub
  3. Sets up foreman for easy environment variable and background service config.
  4. Removes include_tree . from your application.css, since the author prefers to require things manually.

There are some other features, as well.

Check it out on GitHub and vote it up on Hacker News.

JavaScript changelog.com/posts

Create beautiful JavaScript charts with one line of Ruby using Chartkick

So many web apps need to visualize data for their users that a high quality charting library is a huge boon for developers. Andrew Kane’s Chartkick might be just the library for Ruby developers.

Chartkick sample

Chartkick works with Rails 3.1+ and makes adding beautiful charts to your web app as easy as a one liner. Create a simple line chart like this:

<%= line_chart User.group_by_day(:created_at).count %>

Or one with multiple series of data like this:

<%= line_chart @goals.map { |goal| 
    :name => goal.name, 
    :data => goal.feats.group_by_week(:created_at).count 
} %>

A pie chart is as easy as:

<%= pie_chart Goal.group("name").count %>

Chartkick is mostly a JavaScript library with Ruby helpers to generate the required markup that the JavaScript turns into charts. It requires either Google Charts or Highcharts to work, but it doesn’t require Ruby! If you want to use the JavaScript bits from another language, check out Chartkick.js instead.

Chartkick is MIT licensed and hosted on GitHub.

Ruby changelog.com/posts

fast_blank: String#blank? in C

Sam Saffron is part of the team doing Discourse, an open-source Rails-based discussion platform. He’s been kicking all kinds of ass all over Ruby-land lately, but I wanted to share a specific bit of that with you. It’s a new gem, fast_blank.

Basically, due to these awesome-looking flame graphs that Sam added to his MiniProfiler gem. Here’s what it does: it samples stack traces while your app runs, and then lays them all next to each other so you can see where they’re especially deep. He has a demo here, which you can click around and check out what was going on on Discourse’s home page before Sam started working on making it faster.

Anyway, so what’s this has to do with fast_blank? Well, Sam noticed that a ton of time in Discourse’s code was being spent in String#blank?, a method which was added to Rails by _why the lucky stiff way back in the day. Sam attempted to fix it, but making it 100% compatible, yet fast, was difficult.

This lead him to notice that Ruby and Rails have different implementations of #blank?, he decided to fix the issue in Discourse by writing a #blank? in C so that it was super fast.

To use fast_blank, just add it to your Gemfile:

gem 'fast_blank'

That’s it! Your String#blank? will be faster.

Actually, that’s not quite it. Over on GitHub, Sam told me that it’s not up on Rubygems yet, but will be in a few days. For now, you need to clone it down and use Bundler’s :github option:

gem 'fast_blank', github: "SamSaffron/fast_blank"

That’s it.

Now, you may be wondering why I’m making such a big deal out of all of this. Well, this is pretty much an absolutely model open source interaction between a bunch of different projects.

  1. A performance issue was found. Rather than wonder or speculate, measurements were taken.
  2. A new tool was developed to help make sense of the measurements.
  3. Attempting to fix performance in the main project itself, with a pull request.
  4. Recognizing that there was a lot going on here, so fixing it from himself via a patch.
  5. Sharing the fix with everyone until the details in the main projects could be sorted out.

Obviously, this isn’t the end of this story. What will happen next? Will Rails and MRI end up with the same implementation? Can we make it work in Ruby as fast as the C version? Will fast_blank just replace the implementation of #blank? in MRI?

I guess you’ll have to stay tuned to find out. ;)

Ruby changelog.com/posts

Spring: pre-load your Rails apps

When you’re working on a big app, Rails’ startup time can be slow. It’s a hard problem, and there’s been a lot of work done in Ruby and Rails to help solve this pain.

Rails Core member Jon Leighton has a new gem that helps solve this problem: it’s called spring. Basically, Spring is in the same ‘genre’ of gems as Spork and Zeus: it loads your app up and keeps it running in the background, so the next time you run your tests, things are fast.

Using spring is easy:

$  cat >> Gemfile
gem "spring"
$ bundle
$ spring testunit

This boots up your app, runs the tests, and keeps the app running in the background. You can see that your app is running with spring status:

$ spring status
Spring is running:

26150 spring server | rails-3-2 | started 3 secs ago
26155 spring app    | rails-3-2 | started 3 secs ago | test mode 

Now, adding spring before every command is a lot of effort, so similar to bundle, spring can generate binstubs that take care of this for you:

$ spring binstub testunit
$ bin/testunit


If you haven’t used Spring before, check out the README. If you were using earlier versions of Spring, Jon just released 0.8, so check out the CHANGELOG for details on what’s new.

Ruby changelog.com/posts

s3_multipart: Multi-part file uploads straight to S3 for Rails

There’s some things that every web application needs, and some they don’t need very often. File uploads are closer to the first category than the second; thinking back, most of my apps needed to upload files. If you need to upload big files, it’s kind of a problem: if you’re building a twelve-factor style app on something like Heroku, your web workers should have pretty short timeouts, since most of your requests are served quickly. But your file uploads take a long time. What to do?

Enter s3_multipart. From the README:

The S3 Multipart gem brings direct multipart uploading to S3 to Rails. Data is piped from the client straight to Amazon S3 and a server-side callback is run when the upload is complete.

Multipart uploading allows files to be split into many chunks and uploaded in parallel or succession (or both). This can result in dramatically increased upload speeds for the client and allows for the pausing and resuming of uploads.

Neat, eh? The README has more details of how to use the gem. It’s a bit complex: you need to set up CORS on your S3 bucket, run some generators, write some JavaScript.

The gem is still young, and looking for contributions. This is a tough problem, and having an easy way to solve it is great!

Ruby changelog.com/posts

New security releases for Rails: Rails 3.2.12, 3.1.11, and 2.3.17

This year has been a rocky start for Rails, with a bunch of security upgrades that have been important to perform. The end result is a more secure Rails for us all, however, so while it’s annoying, it’s worth it.

How do I upgrade?

You need to do two things:

  1. Upgrade your Rails. Make sure to get 3.2.12, 3.1.11, or 2.3.17.
  2. Upgrade your JSON gem. Make sure you get 1.7.7, 1.6.8, 1.5.5.

Most of this can be done by changing your Gemfile to look like this:

gem “rails”, “3.2.12”

And then running bundle update rails. This will probably update your JSON gem as well, but to be sure, check your Gemfile.lock.

Run cat Gemfile.lock | grep “rails” and cat Gemfile.lock | grep “json”, if you see lines that look like rails (= 3.1.12) and json (1.7.7), then you’re good to go.

What are the vulnerabilities?

First, there is one fix in the 3.x series: CVE-2013-0276.

If you’re using attr_protected to blacklist items for mass assignment, a poor regex could allow someone to assign those attributes anyway. If you’re using attr_accessible to whitelist items, you’re fine.

This is also a good time to plug strong_parameters. Released as a gem for Rails 3.x, it will replace attr_accessible as the default security solution for Rails 4. If you’re starting a new Rails 3.x app today, you should default to using it, as it’s a much better solution.

If you’re on Rails 2.3 or 3.0, you have CVE-2013-0277.

If you serialize attributes into the database, they can be deserialized via YAML, with the same implications as the previous YAML vulnerabilities.

Finally, the JSON gem has CVE-2013-0269.

The JSON gem can be made to symbolize user input, which can cause a denial of service attack, since symbols are not garbage collected.

For More

You might also want to see the official release announcement, which includes hashes of the gemfiles.

Discuss at Hacker News if you have questions or thoughts to share.

Ruby changelog.com/posts

Better Rails development with better_errors!

If you are anything like me (a Rails developer that enjoys good design), you will be glad to know that there is a project out there to make the default error pages for Rails development much cleaner! The standard features are simple, and pretty much just a polished version of what Rails offers out of the box:

  • Full stack trace.
  • Source code inspection, with highlighting.

As a bonus, if you install the extra dependency, you get access to the following features:

  • REPL
  • Local/instance variable inspection.

Installing it couldn’t be easier. While the project is usable outside of Rails, let’s assume you are using Rails/Bundler:

group :development do
  gem "better_errors"
  gem "binding_of_caller" # Optional, only for the advanced features

That’s it! Checkout the project on GitHub or view the README.

Ruby changelog.com/posts

Roll your own crowdfunding with Selfstarter

For those of you that follow The Industry Radio Show, you’ll know that we’ve talked quite a bit about Kickstarter and the self-propelled crowdfunding movement they’ve helped foster. In the same vein, there’s this neat open source project built on Ruby on Rails (at the time of this post v3.2.8), nicely titled Selfstarter.

Selfstarter is an open source starting point for building out your own ad-hoc crowdfunding site. After getting rejected by Kickstarter, the fine folks at Lockitron decided to follow in the footsteps of App.net and make their own crowdfunding site for Lockitron.

Selfstarter is a starting point, so you’re going to have to make some additions to tailor it for your project.

Ruby changelog.com/posts

Sextant - view your Rails routes without waiting on Rake

When given the option, I’ll always opt for text mode when completing a task. In Rails that usually means Rake. There’s a point in most Rails apps, however, when the time to boot Rails just to rake -T is painful. So when Richard Schneeman got tired of waiting on Rails to run rake routes, he created Sextant, a gem that lists your routes in development mode right in your browser.


Since your web server is presumably already booted, there’s no startup tax to see your routes. Check out Richard’s blog post or the source on GitHub for more.

0:00 / 0:00