Ruby Weekly Issue 593: March 3, 2022
source link: https://rubyweekly.com/issues/593
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Ruby Weekly Issue 593
#593 — March 3, 2022
Ruby Weekly
The In-Depth Guide to Active Record's load_async
in Rails 7 — Concurrency has been a hot topic in the Ruby and Rails space for a while now (especially now we have fibers, ractors, and more at our disposal) and Rails 7 has added another tool to run ActiveRecord queries in the background. But, before you start ‘asyncing all the things’, there are considerations and careful testing to think about. And it must be good, since the creator of load_async
even said: “I must concur that this article is excellent, it’s better explained than I could do myself”.
Paweł Urbanek
A Look at Ruby's Fiber Scheduler Functionality — Added in Ruby 3.0, the Fiber Scheduler interface opens up a nice approach for working with asynchronous operations using standard Ruby methods (no frameworks needed), making parallel operations even simpler and gem dependency-free.
Bruno Sutic
Free eBook: Efficient Search in Rails with Postgres — In this eBook, Leigh Halliday explains how to speed up a search query from seconds to milliseconds — walking through using exact matches, similarity matches with trigrams, partial matches with ILIKE, and natural language matches.
pganalyze sponsor
IN BRIEF:
-
The page is in Japanese but the results and awards from the most recent Fukuoka Ruby Awards (which Matz is involved with) came out recently. PicoRuby picked up the top award, with other projects like HexaPDF and Glimmer DSL for LibUI picking up awards too. Congratulations to all.
-
If you use the image_processing gem and pass commands to it from user input, you'll want to update ASAP. input to it, you'll want to update ASAP due to this vulnerability.
Import Maps Under the Hood in Rails 7 — Import maps provide a way to import external code into a project without a build tool (no Node or Webpack needed!) and support for them is enabled, by default, in Rails 7.
Paweł Dąbrowski (AppSignal)
Ruby Fibers 101 — Fibers (introduced way back in Ruby 1.9) are now getting some much-deserved extra attention due to the Fiber::SchedulerInterface released in 3.0 – this post provides another look in addition to the post already linked above.
Swaathi Kakarla
Senior Rails Engineer @ Nebulab (Remote) — Join our distributed team and build high-volume eCommerce applications in a workplace made by developers for developers.
Nebulab
Fully Remote Senior RoR Engineer at Ticketsolve — We are a Saas ticket platform focusing on new feature development after a re-platforming. Exciting stuff is coming...
Ticketsolve Ltd
Join the World’s Largest Remote Workforce — We offer the freedom of freelance with the security of full-time. Start working remotely with the world’s top clients today.
Toptal
📕 Articles & Tutorials
Adding Super Fast Frontend Search in Rails with Lunr — Create a very responsive search experience by indexing the content being searched in the browser. A clever, if unconventional approach, but it works for specific use cases.
Khash Sajadi (Cloud66)
RubyConf 2021: The Talks You Might Have Missed — RubyConf 2021 took place in Denver late last year and while we’ve linked to a few talks, Shopify has put together a list of summaries and links to interesting talks given by their engineers.
Jennie Lundrigan
▶ Hotwire Modals, with Zero JavaScript — If you don’t like writing any more JavaScript than you have to, Hotwire is refreshing, for sure. (6 minutes.)
Pete Hawkins
Project Management for Software Teams Has Never Been Easier — Shortcut is fast and intuitive project management built for developers. Delight the scrum gods and try it now.
Shortcut (formerly Clubhouse.io) sponsor
Zero-Downtime Migration of a Primary Key From int
to bigint
— Once you have billions of rows, int
starts looking rather limited. While switching to bigint
is a tedious task, it’s effective and can avert future problems.
Radan Skoric (Silverfin Engineering)
Don't Waste Your Time on Asset Compilation on Heroku? — Precompiling and uploading assets to a CDN at the CI stage.
Szymon Fiedler
▶ Understanding Proc
Objects — An 8-minute video that covers the basics.
Jason Swett
▶ A Chat with Andrew Culver, Creator of Bullet Train — Bullet Train is a (paid) boilerplate app for building SaaS apps quickly on Rails. (49 minutes.)
Code with Jason Podcast podcast
🛠 Code & Tools
Thredded 1.0: A Forum Engine for Rails Apps — We first linked to this project 6 years ago but it has now finally hit 1.0 and added Rails 7 and Ruby 3 support. It’s a message board system that works as an engine so you can run it standalone or as part of an existing Rails app, if needed. GitHub repo.
Mazovetskiy, Oliveira, et al.
WahWah 1.3: A Library for Reading Audio Metadata — For reading things like MP3 IDv3 tags, embedded images, and similar metadata in formats including MP3, M4A, OGG, OGA, OPUS, WAV, FLAC, etc. Pure Ruby too, with no dependencies.
Aidewoode
Build Video for Ruby That Just Works
Mux sponsor
Liquid 5.2: Safe, Customer-Facing Template Language for Webapps — Created at Shopify in 2006 (and still heavily maintained by them) Liquid is a popular way to bring flexible, safe templating and customization to end users.
Shopify
Yake 0.5: A DSL for Writing AWS Lambda Handlers in Ruby — The selling point is it uses a Rake-like declarative syntax.
Alexander Mancevice
Glimmer Wordle 1.1.0: Wordle in Ruby with a JRuby and SWT Powered UI
Andy Maleh
Jekyll 4.2.2 Released
Ashwin Maroli
💡 Tip of the Week
Avoiding (potential) malicious activity with binstubs
In the most recent tip, we learned more about binstubs, and specifically, adding to our $PATH
variable so that we don't need to run bin/<some_executable>
from a repo and can instead run <some_executable>
from a repo.
A few folks wrote to us in response to this tip, and correctly said that it only works if you are always in trusted repositories.
Why? A malicious repository could put an executable in the bin
directory that overwrites a command we use commonly. For instance, an executable at bin/ls
. If we've now set our $PATH
variable such that we no longer need to specify bin
, then simply running ls
may execute whatever malicious code could be in bin/ls
.
Why might we have malicious code locally though? Sometimes we clone repos to debug them, sometimes we cd
into directories of gems that we don't know everything about, or anything else.
We can still solve for this though! As a reader referenced, this article gives us a clever solution. We can keep all of our trusted repositories in one directory. Then, in that directory, we can make a .git/safe
directory (mkdir .git/safe
). Then, if we add .git/safe/../../bin
to our $PATH
, we will only be able to execute any executables in the bin
directories in repositories we trust!
Thanks again for feedback on my last tip!
This week’s tip was written by Jemma Issroff.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK