Wednesday, June 25, 2008

This Week in Rails (June 26, 2008)

Posted by Antonio Cangiano

Welcome to the second edition of This Week in Rails, a weekly report with highlights from the Rails community.

Ruby Vulnerabilities

As previously reported by Jeremy Kemper, serious vulnerabilities have been discovered for the main Ruby implementations. The official advisory suggests an upgrade path, but there have been several reports of segmentation faults when using Rails with the patched Ruby 1.8.5 and 1.8.6 versions. The Phusion team has published a patch for Ruby 1.8.6-p111, but as things stand now, it hasn’t been included by the Ruby core team (yet).

If you are using Rails 2.1, Ruby 1.8.7-p22 seems the way to go. Unfortunately, Ruby 1.8.7 is not compatible with previous versions of Rails. If you decide that it’s time to upgrade your applications to Rails 2.1, this article features some handy tips, while this other one warns you about a few gotchas.

Those of you who’re running a version of Ruby that shipped with Mac OS X should wait for the next Apple’s Software Update.


Rails is opinionated software, but its support for plugins clearly demonstrates a certain openness to diverging opinions on non-core issues. So while most of us mainly use Protoype, it is fairly common to see folks adopting other JavaScript frameworks as well, particularly jQuery.

Last week Jim Neath published a nice overview which compares jQuery with Prototype, and provides information about using jQuery with Rails through the jRails plugin.

Whatever your Ajax framework of choice is, you may be interested in the new Google Ajax Library API to improve the performance of your applications. Thanks to the tutorial Using Google Ajax Libraries API with Ruby on Rails (soon to be incorporated into a plugin) you can start adopting the API with Rails right now.


Rails 2.1 adds named scopes, which greatly simplify writing “find logic” within your Active Record models. It’s an extremely useful feature which is well explained in this write-up aptly titled, Named Scopes Are Awesome (we agree). Checkout also Ryan Bates’ railscasts on the subject: named_scope and Anonymous Scopes. You may also be interested in this week’s railscast about Caching in Rails 2.1.

Three other compelling Active Record related posts were, Smart Model, Dumb Controller, Bulk insertion of data with ActiveRecord and Timestamped Migrations on how to make “classic migrations” an available option (see ticket).

Michael Bleigh published a tutorial about dealing with subdomains in Rails applications through the SubdomainFu plugin (which appears to be flexible and very straightforward to use).

XP programming practices such as Test-Driven Development are very popular within the Rails community, but there are still many developers who see testing as a chore. Josh Nichols wrote an overview called A walk through of test-driven development with shoulda that shows you how easy it is to apply TDD to your Rails projects. In this specific case, he adopted the Shoulda plugin which seamlessly adds some assertions, helpers and macros on top of the Test::Unit framework.


Aside from there are many alternatives for quickly visualizing the documentation of the Rails’ API. Last week a new one was launched: The current version features rapid searches and user annotations. This last feature in particular has the potential to become truly useful.


If you are using Apache and mod_rails, you may want to read this article which provides information about a newly released module called apache-upload-progress.

Finally, Jason Crystal wrote a tutorial for packaging Rails applications for offline use on Mac OS X 10.5.

We’re done for this week. If you’d like to read more updates from the Ruby side of things, please head over to This Week in Ruby.