A Fresh Cup is Mike Gunderloy's software development weblog, covering Ruby on Rails and whatever else I find interesting in the universe of software. I'm a full-time software developer: most of my time in recent years has been spent writing Rails, though I've dabbled in many other things and like most people who have been writing code for decades I can learn new stuff as needed.

Currently I'm unemployed and starting to look around for my next opportunity as a senior manager, team lead, or lead developer. Drop me a comment if you're interested or email MikeG1 [at] larkfarm.com.


A Fresh Cup

Notes on Rails and other development


Double Shot #594

Hope you enjoyed turkey day. Lots of stuff piled up over the long weekend:

Rails 2.3.5 Unofficial Release Notes

Rails 2.3.5 is out but the official release notes have not yet appeared. So I thought it might be useful to share my own notes on what's new in this version. This list is only the highlights, but it should give you an overview.

An XSS vulnerability in strip_tags is fixed.

Rails 2.3.5 supports the xss_safe plugin, which gives you the XSS escaping features that will be the default in Rails 3.0.

There are a bunch of Ruby 1.9 compatibility fixes, including changes to MessageVerifier#secure_compare (which was tweaked in 2.3.4 to fix a timing vulnerability), the -c and -c options to the rails command, Time#beginning_of_day, and String#strip.

The nested attributes bits get some attention, including fixes to avoid trying to validate records that are marked for destruction and allowing fields_for on a nested attribute to accept a collection to use. The :_delete option in nested attributes has been renamed to :_destroy, and the old name is deprecated. You can also declare that there are a maximum number of nested records: accepts_nested_attributes_for :orders, :limit => 4

The MySQL adapter is updated to allow the use of stored procedures.

Building or creating objects on a has_one association is now more consistent with the way it works on a has_many: record creation from the association is scoped if a hash is used. has_one :account, :conditions => {:enabled => true} will create an enabled account with @company.create_account or @company.build_account.

Rails is tested with newer versions of Rack (1.0.1), the MySQL adapter (2.8.1), Mocha (0.9.8), and the sqlite3-ruby adapter (1.2.5). sqlite 2 is only supported if you're using Ruby 1.8.x.

A problem that prevented the debugger from going into IRB mode has been fixed.

If you're using Rails 2.3.x, you should upgrade to this version as soon as possible, to get the security fixes that it contains. If you're using Rails 2.2, there's a separate patch available. Rails versions older than 2.2 are no longer supported with security patches, and should be retired/upgraded as soon as possible.


Double Shot #593

There's a new version of Rails out...and a reason to upgrade.

Double Shot #592

Happy Turkey Day (in the USA, anyhow). I have no idea why my heap of links exploded today.
  • memory-profiler - Experimental memory profiling tool for Firefox. Looks like I'd have to build Firefox from source to wire it up, though.
  • Static Sites with Mustache - More fun with HTML generation.
  • capybara - Integration testing tool for Rack applications, aiming to replace webrat.
  • InvoiceDude - Free online invoicing application.
  • Thunderbird 3.0 release candidate now available for download - I'm thinking about going back to t-bird. We'll see.
  • Looking for a Job? Let GitHub Help - Sort of hard to see this as being within GitHub's core competency, but I'll certainly take whatever edge it can give me.
  • jQTouch - jQuery plugin for iPhone mobile web development.
  • Sakila Sample Database - I never knew MySQL had this; it's a sample with all sorts of objects to play with.
  • Rubinius 1.0.0RC1 Released! - A milestone indeed.
  • Starter - Code generator for jQuery plugins.
  • Cloud Cloud Maybe - Rap video about cloud computing.
  • effigy - New take on templates for Rails (and other) applications, applying Ruby transforms to pure HTML template files.
  • pancake - Tool for making rack applications with reusable middleware stacks. Looks very promising.
  • webmock - Library for stubbing HTTP requests.
  • partioprint - Adds partial names as comments in generated view HTML to make it easier to debug complex front end issues.
  • Ruleby - Rules engine for Ruby.
  • CSS3 Sideways Google - Just a little bit of amusement.
  • rack-esi - Edge Side Include implementation as rack middleware.
  • Rubyists I'm thankful for this year - A short list from Wynn Netherland. Personally, I'm thankful for every single reader of this blog.
  • Thursday

    Rails CMS Alternatives

    I've got a client who wants to integrate a CMS into an existing Rails application. As a result, I've started in on an evaluation of what's out there, to help us make the buy-vs-build decision. Here's the list of potential software that I came up with:

    Rails CMS alternatives

    Active projects:

    adva-cms BrowserCMS Goldberg Kete Radiant Refinery Seed Static Station Typus Zena

    Inactive projects:

    Ansuz CMS Comatose Geego
    • repo: None - versions available by download
    • site: http://www.geegocms.com/
    • "Manage content with style"
    • Last update: 2007?
    • Dedicated CMS built on top of Rails

    Dead projects:

    Rubricks Widgetfinger
    • site: http://widgetfinger.com
    • Thoughtbot site that allowed generating brochureware right in the browser.
    • Scheduled to go offline 12/21/2009


    Blog engines

    Static page generators


    I've also put this list online as a gist. I'll keep that version up to date with corrections and additions.