Bye Ruby 2.3, and a backdoor in a popular gem

#444 — April 4, 2019

Read on the Web

Ruby Weekly

Malicious Remote Code Execution Backdoor Discovered in a Popular Gem— Last week, a malicious version (v3.2.0.3) of the bootstrap-sass package was published with a backdoor that could allow third parties to run arbitrary Ruby code passed via cookie. If you are using bootstrap-sass, check the version you’re using and upgrade if appropriate.

Liran Tal

The Missing Ruby Code Formatter— There’s no “one true formatter” but there are several options, where are evaluated here. Bozhidar clearly has a favorite, which makes a lot of sense.

Bozhidar Batsov

Automate Domains, DNS, and SSL Certificates Via DNSimple API— The DNSimple API Ruby client takes domain automation to the next level. Register domains, manage and monitor DNS records, issue free. Let's Encrypt SSL certificates, and get Webhooks for event notifications. Get started with our 3 part mini course.

DNSimple sponsor

Support of Ruby 2.3 Has Ended— Doesn’t it feel like only yesterday that we entered the world of Ruby 2.0? Well, Ruby 2.3 has already reached end-of-life and 2.4 is only in security maintenance mode, so you want to be upgrading all production systems to 2.5 and 2.6 soon.

Anton Paisov

Ruby’s Creed— Bozhidar takes issue with some of the proposed additions to Ruby (sounds like “pumbered narameters”) and their conflict with optimizing for programming happiness.

Bozhidar Batsov

The Status of Ruby Memory Trimming— Phusion’s Hongli Lai recently wrote about memory bloat and now he reflects on measurements made by other people and encourages you to get involved with testing for yourself.

Hongli Lai

Why I Stuck with Windows for 6 Years While Developing Discourse— Discourse is a popular Ruby-based forum system and one of its lead developers reflects on the speed of its test suite (which appears to be incredibly slow on macOS). There are also some clear insights: Habits are hard to break and stop you from growing; don’t be afraid to experiment.

Sam Saffron

💻 Jobs

Sr/Software Engineer - The Age of Privacy Is Here (SF Bay Area)— DataGrail helps customers offer transparency and control of personal data. Rails. Go. CI/CD. Modern stack.

DataGrail

Ruby on Rails Developer at X-Team (Remote)— Join the most energizing community for developers. Work from anywhere with the world's leading brands.

X-Team

Find A Job Through Vettery— Vettery specializes in dev roles and is completely free for job seekers.

Vettery

📘 Articles & Tutorials

Learning by Building A Background Processing System in Ruby— If you’ve ever wondered how libraries like Sidekiq work, this article will take you pretty far down the path to making your own job processor.

Benedikt Deicke

How to Access Production Data in Rails Migrations— This is one of those articles that presents the smart, well-thought-out way to perform a task we’ve all done. If you’re migrating data, do it this way.

Greg Navis

Making Flux Queries in Rails

InfluxData sponsor

Processing a CSV File in Batch with Sidekiq

Cleiviane Costa

Rails 6 Adds ActiveRecord::Relation#reselect— This joins the rewhere and reorder methods as another way to change previously set attributes on queries or scopes.

Abhay Nikam

▶  Rails 6's db:system:change Command— A new command in Rails 6 will make it a little easier to switch database systems. Here’s how it works.

Go Rails

Monitoring Puma with Prometheus and Grafana

Salahutdinov Dmitry

Moving On From Rails and What's Next— A long time committer to Ruby and Rails reluctantly says goodbye..I guess you could say he got Rusty.. Thanks for your work Sean!

Sean Griffin

🔧 Code & Tools

Ruby 2.4.6 Released— This is the final maintenance release of Ruby 2.4 and it’ll only be getting security fixes from here on out. Upgrade to Ruby 2.5 or 2.6 when you can.

ruby-lang

CanCanCan 3.0: The Authorization Library— The most used Ruby authorization framework has some breaking changes and solid new features (including Rails 6 support). can? :read, @you, this_post => true.

Alessandro Rodi

Deploy Only the Parts of Your RoR Apps That Have Changed

Buddy sponsor

Aws::Record: A Data Mapping Abstraction for Amazon DynamoDB— This is still baking, so now’s your chance to help them test it out and create the best API possible.

Amazon Web Services

still_life: Compare Rendered HTML Before and After App Updates— Billed as a “Rails upgrade’s best friend”, this tool is designed for comparing eventual HTML output of an app before and after a Rails upgrade, say.

Akira Matsuda

MerkleTree: A Binary Tree of One-Time Signatures— Wikipedia has more info on what merkle trees are, but they’re used in distributed systems like git, Bitcoin and Ethereum.

Piotr Murach