Strollin'
Posted 11 days back at Mike Clark
Ruby Science: You down with OCP?
Posted 12 days back at GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS - HomeYeah, you know me.
We just pushed the latest update to Ruby Science, including five new chapters. Previous purchasers and Prime subscribers can grab the update on Learn.
New chapters this week discuss:
- Using the Single Responsibility Principle to create readable, reusable classes.
- Applying the Open/Closed Principle to reduce churn and prevent breakage while keeping objects easy to change.
- Applying the Dependency Inversion Principle to create flexible, reusable objects.
- Using the Law of Demeter to prevent application dependencies from becoming a tangled mess.
- Choosing Composition Over Inheritance to make simpler, more flexible software.
The book is a work in progress, and is currently 230 pages long. Your purchase gets you access to the current release of the book, all future updates, and the companion example application.
Get your copy of Ruby Science today.
Now Available For Free With Learn Prime
We recently launched a service to help subscribers become better developers, called Learn Prime.
For just $99/month, you get ongoing access to everything we teach, including books like Ruby Science. You’ll even get access to all our in-person and online workshops. Get access to exclusive subscriber content and use the forum to ask thoughtbot your toughest Ruby, Rails, and refactoring questions.
Written by Joe Ferris.
Reducing Churn in Subscription Services
Posted 13 days back at GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS - HomeYou’ve probably heard by now that we’ve launched a learning community for passionate Rails developers called Prime.
Since Prime is a subscription service, one of metrics we’re interested in is churn, defined as the percentage of total customers who cancel. Over the last 30 days, Prime’s churn has been 18%.
Estimates of what a “good” churn is vary. One broad survey of SaaS companies with less than $10M in revenues showed a median churn of 20%, while some blog posts insist that anything over 8% should be panic-inducing.
To gain some perspective and get advice, I reached out to a friend and former podcast guest, Brennan Dunn.
Brennan is creator of a successful SaaS app called Planscope, author of several excellent ebooks, and overall “good at making money on the internet” kind of guy.
Below, you’ll find a recording of our 40-minute chat. In it, we dig into Prime’s current stats (including subscriber count and revenue growth), and Brennan’s suggestions for how to improve the site. What started off as recommendations for reducing churn turned into a broader discussion of how to position the entire service. If you run a subscription service of your own, you’ll likely learn a thing or two from Brennan’s battle-tested advice.
Check it out!
If our discussion left you with further questions for Brennan, leave them in the comments below and perhaps we can convince him to respond.
Episode #368 - May 10th, 2013
Posted 13 days back at Ruby5
Manage access via GitHub organizations, RubyMotion 2.0, Sidekiq Pro 1.0, deprecating `::`, under the hood of Ruby's method dispatch, and the reform gem all in this episode of Ruby5.
Listen to this episode on Ruby5
warden-github-rails
This new gem allows you to leverage GitHub's organization management features for authorization within your Rails app.
This episode is sponsored by New Relic
New Relic is _the_ all-in-one web performance analytics product. It lets you manage and monitor web application performance, from the browser down to the line of code. With Real User Monitoring, New Relic users can see browser response times by geographical location of the user, or by browser type.
RubyMotion 2.0
RubyMotion Goes 2.0 And Gets OS X Support, Templates and Plugins
Sidekiq Pro Goes 1.0
Sidekiq Pro has gone 1.0 and Mike is giving away a free license to celebrate!
Double-Colon Method Calls
A ruby-core discussion has begun over deprecating `::` as a method call operator
How Ruby Method Dispatch Works
James Coglan explains how Ruby's object system works.
Reform
Ditch nested attributes in your Rails forms today for Reform.
New screencast: Improving Performance for Real-time Requests
Posted 13 days back at GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS - HomeWe’re pleased to announce our newest screencast video on Learn, Improving Performance for Real-time Requests.
This video, with thoughtbot CTO Joe Ferris, shows you how to tune performance using a real world example. Starting with an action that takes 3 seconds to respond and performs over 1600 database queries, Joe is able to reduce response time to 300ms and drop database usage to just 5 queries.
This video specifically focuses on what Joe calls ‘real-time requests’. That is, requests that must return all of their data to the user in the request-response cycle, without relying on background jobs or persistent caching.
Prime subscribers get this new video included with their monthly subscription. You can also purchase it individually for $15 or for your whole company for just $49.
Slow Rails applications annoy users and lead to lost revenue. Achieve a competitive advantage by making your application UNCOMFORTABLY FAST. Learn how today!
Troubleshooting Strategies Poster
Posted 14 days back at Nuby on Rails
This article is heavily styled and is best viewed at PeepCode!
7 Strategies Video
Troubleshooting is a skill that transcends programming languages, frameworks, and even time.
My first few years of professional programming were full of frustration. I would frequently run into problems and have no clue about how to solve them. I treated them as unexpected and unwanted interruptions.
Now I know that encountering and fixing problems is part of the developer’s job description. It’s a rare day that ends without unexpected behavior from code, a deployment, or another library.
But with the right plan, these unexpected events can be resolved quickly. Here’s the order of events we use regularly at PeepCode:
- Gather data
- Isolate the fault
- Form a hypothesis
- Read the documentation
- Describe the problem
- Read the code
- Try another angle
Free poster!
Download this free poster, print it out, and hang it on your office wall for easy reference. Works on US Letter or A4. Also available in color.
7 Strategies Poster
Or watch our video for explanations and stories behind these troubleshooting strategies.
Start a PeepCode subscription for $200 or renew for $109! Full access to all videos and our iOS app. Or tell your employer to contact us for a business subscription quote.
Announcing Learn for iPad
Posted 14 days back at GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS - Home
Today we released a new version of Learn to the App Store, which adds the most frequently requested feature, iPad support!
Additionally, this release includes several improvements on both iPhone and iPad. Resources that are available as iBooks can now be viewed in the iBook store, better navigation controls have been added to web resources, and check-offs are now accompanied by sweet audio feedback.
If you would like to add resources to the Trail Maps that the app uses, please contribute to the open source repository on GitHub.
Learn is available for free on the App Store, so try it out today!
Written by Diana Zmuda.
Phusion Passenger 4.0.2 released
Posted 15 days back at Phusion Corporate Blog
Phusion Passenger is software that deploys Ruby and Python web apps, by integrating into Apache and Nginx and turning them into a fully-featured application server. It is very fast, stable and robust and thus used by the likes of New York Times, AirBnB, Symantec, Pixar, etc. It comes with many features that makes your life easier and your application perform better.
We are releasing an emergency release in response to a recently discovered remote code execution vulnerability in Nginx (CVE-2013-2028). Many versions of Nginx 1.3, as well as Nginx 1.4.0, are affected. Phusion Passenger 4.0.2 installs Nginx 1.4.1 by default. There are no other code changes.
Installing 4.0.2
Quick install/upgrade
Phusion Passenger Enterprise users can download the Enterprise version of 4.0.2 from the Customer Area.
Open source users can install the open source version of 4.0.2 with the following commands:
gem install passenger
passenger-install-apache2-module
passenger-install-nginx-module
You can also download the tarball at Google Code. We strongly encourage you to cryptographically verify files after downloading them.
In-depth instructions
In-depth installation and upgrade instructions can be found in the Installation section of the documentation. The documentation has been updated to cover 4.0 changes, including Enterprise features. You can view them online here:
Final
If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.
Phusion server security report
Posted 15 days back at Phusion Corporate BlogExecutive summary: our web host Linode has been compromised and the responsible hacker group appears to claim to have had access to one of the Phusion servers, which prompted us to start a full investigation. Until now, no evidence of third party access has been found, and no tampering of the Phusion Passenger Enterprise files have been found. In spite of this, we are taking precautionary action and we urge customers to verify their Phusion Passenger Enterprise installations through the instructions at the bottom of this message.
Dear users and customers,
About 3 weeks ago, our web host Linode issued several public statements[1][2] claiming that one of their customers was the subject of an attack by a group called HTP. From what we’ve been able to read from HTP[3] a few hours ago, we believe that SwiftIRC and/or nmap was the target Linode was referring to.
In Linode’s initial statement[1], they also mentioned that law officials were aware of the attack and that Linode had found no evidence of other customer data being compromised. We too hadn’t noticed any suspicious activity on our servers and weren’t notified by Linode about being the attacked target which led us to believe that this initial statement held true.
A few hours ago however, a statement released by HTP was brought to our attention wherein they claimed otherwise[3]. In particular, the statement appears to claim that HTP has had root access to one of the Phusion servers and this immediately prompted us to start a new investigation of our own. Up to this point, we have found no evidence that they have had access to our data, but we are checking our systems several times over to minimize the possibility of having missed a potential attack vector on the first few passes. We have also contacted Linode to get a clarification on their first statement[1] in light of new events that seem to point to nmap’s server to have indeed been compromised. Pending this response, we didn’t want to take any risks in waiting to notify our customers of the current situation.
The absence of evidence after all doesn’t necessarily mean that the server has not been accessed: even though we feel we have taken all the necessary steps to ensure maximum security on our servers, we remain scrutinous of our systems’ integrity at all times. There are after all a myriad of components that comprise a server, and each of them could be a potential attack vector as long as fault free software is something developers in general can only hope to aspire to. More specifically, as long as erring is human, we can only hope to minimize these chances rather than believing we can prevent them completely 100% of the time. Zero day exploits can always occur at any time and the best thing we can do is to be as transparent about this to our customers as we can. To that end, we’d like to notify our customers that we are moving our services to another web host and will be reinstalling our servers as a precaution.
If HTP has indeed compromised our systems without us being able to tell, then we would be interested in learning how and would encourage them to contact us (info@phusion.nl). We value security and transparency over pride and are extremely committed towards serving our customers. It is also the reason why we are informing our customers about this in an open manner several hours after seeing HTP’s claim despite not being able to verify this claim to be accurate ourselves.
We would also like to take this opportunity to encourage all Phusion Passenger users – that is, open source users and Enterprise customers alike – to make use of the PGP digital signatures that we employed since February this year.[4] Checking the signature of your Phusion Passenger download against the corresponding key helps minimize the chances of the downloaded software being tampered with. We have already manually reviewed the Phusion Passenger Enterprise source code and have found no evidence of suspicious activity. For your own safety however, we would always recommend you to take proper caution when downloading and installing software from the internet. The PGP digital signatures are provided to aid in that aspect and we would highly recommend you to use this at all times.
Having said this, if our servers actually were accessed, then it’s possible that the attackers temporarily inserted compromised gems and tarballs and removed them later. We therefore urge our Enterprise customers to verify the integrity of their Phusion Passenger Enterprise installations. Instructions can be found at the end of this message.
In any case, Phusion has not, does not and will not store customer creditcard information on any of its servers. All credit card information is stored on servers of third party, PCI-DSS compliant payment gateways, e.g. FastSpring and Paypal. Phusion also does not store customer passwords in plain text; all customer passwords are stored in BCrypt format.
The open source version of Phusion Passenger is hosted on another server, namely GitHub, and we have also found no suspicious activity in its repository.
We understand that after reading all this, you might have concerns with regards to your own server’s integrity. Even though we have found no evidence of suspicious activity on our own servers or in Phusion Passenger’s code base, we feel that we should still encourage you to remain scrutinous of your own servers’ integrity and take the steps you deem necessary in maximizing its security.
Needless to say, we remain committed in being transparent towards our customers and will continue in keeping them up to date of any of our findings concerning this matter. If you have any questions, please feel encouraged to contact support@phusion.nl.
With warm regards,
Hongli Lai
Ninh Bui
References:
- https://blog.linode.com/2013/04/12/security-notice-linode-manager-password-reset/
- https://blog.linode.com/2013/04/16/security-incident-update/
- http://straylig.ht/zines/HTP5/0x02_Linode.txt
- http://www.modrails.com/documentation/Users%20guide%20Apache.html#_cryptographic_verification_of_installation_files
Instructions for verifying Phusion Passenger Enterprise installations
We have generated SHA-1 hashes of all Phusion Passenger Enterprise files inside the gems and tarballs. You can use these hashes to verify your installed Phusion Passenger files. If anything is amiss or if you require further assistance, please contact support@phusion.nl.
- Install GnuPG. Debian users can
apt-get install gnupg, OS X users can use GPG Tools: https://gpgtools.org/ - Login to the Customer Area: https://www.phusionpassenger.com/orders
- Scroll down to the “Files” section.
- Download the “sha1sums.txt” and “sha1sums.txt.asc” files that pertain to the version of Phusion Passenger Enterprise that you’re currently running. Ensure that both files are in the same directory.
- Import the Phusion Software Signing PGP key: http://www.modrails.com/documentation/Users%20guide%20Apache.html#_importing_the_phusion_software_signing_key Name: Phusion Software Signing (software-signing@phusion.nl) Short key ID: 0x0A212A8C Long key ID: 0x2AC745A50A212A8C Fingerprint: D5F0 8514 2693 9232 F437 AB72 2AC7 45A5 0A21 2A8C
- Set this key to trusted: gpg –edit-key software-signing@phusion.nl Then in the GPG prompt, type: trust Choose: 5 = I trust ultimately In the GPG prompt, type: save
- Verify the downloaded sha1sums.txt against its signature: gpg –verify sha1sums.txt.asc You should see: Good signature from “Phusion Software Signing software-signing@phusion.nl“
- Copy sha1sums.txt to your server.
- On your server, find out where the Phusion Passenger files are by running: passenger-config –root
- Run: cd
- Run: sha1sum -c /path-to/sha1sums.txt –quiet
HTML Emails
Posted 15 days back at entp hoth blog - HomeHowdy!
It’s been a while since our last blog post, but today I have something exciting for you: HTML emails are now the default in Tender. This means that emails to your users will look cleaner, AND you can use Markdown to create nice looking responses (or echo templates):
We’ve also improved the notifications for staff:
Autoresponders have been upgraded as well, go try to create one!
You can find more information about how to customize your email templates on our knowledge base article.
Cheers!
Episode #367 - May 7th, 2013
Posted 16 days back at Ruby5
We Adequackly cover RailsConf and free Rails 4 videos, Phusion Passenger 4.0.1, a Better STI approach, logging your Mail, and setting up a Rails 4 Server, all while releasing the Jekyll on this episode of Ruby5.
Listen to this episode on Ruby5
This episode is sponsored by Top Ruby Jobs
If you're looking for a top Ruby job or for top Ruby talent, then you should check out Top Ruby Jobs. Top Ruby Jobs is a website dedicated to the best jobs available in the Ruby community.
RailsConf videos on Justin.tv
The RailsConf 2013 live stream videos are being split apart and reposted on the Confreaks Justin.tv channel. So, if you missed the conference, or want to rewatch that talk you liked so much, check it out.
Free Rails 4 training videos posted
If you missed the Ruby Heroes awards at RailsConf, you might not have heard that Code School released their entire set of ten videos from the new Rails 4 course for free, thanks to Viddler.
Ensure mock interfaces with Adequack
Iilya Zayats recently released Adequack, a gem which helps to ensure that your unit test mock interfaces stay up-to-date with your production code. It tests against an expected remote object interface and maintains that your method calls contain the proper number of arguments.
How to Setup a Production Server for Rails 4
If you're looking to setup a new Rails 4 server from scratch, Rob McLarty put together a very detailed blog post covering setting up an OS, users, web server, app server, and more.
Better Single-Table Inheritance
Last week, Nathan Long put his thoughts on a better way to do ActiveRecord Single Table Inheritance, or STI. In short, he believes that your STI (and supporting) tables should map very similarly to how you already likely do inheritance in your Ruby classes.
Phusion Passenger 4.0.1 Final Released
After a lengthy beta and elease candidate process, the good people at Phusion have released Passenger 4.0.1. This updates both the open source and enterprise version of the application server and adds support for multiple Ruby versions, Rack 1.5 and the new socket hijacking API, and more.
Log your ActionMailer with mail-logger
Josh McArthur recently created and released mail-logger, a gem which hooks into the mail gem's callbacks to automatically log out deliveries to a log file which is separate from your application log. This could be useful for auditing your application or just double-checking your mail host.
Jekyll version 1.0 has been released
After roughly a year on hiatus, the Jekyll core team has released Jekyll version 1.0. This new release adds documentation, new subcommands like new, build, serve, and import, draft content, timezone support, and more.
Recovering Lost Post Data
Posted 16 days back at Jay Fields ThoughtsI recently typed out a long, thoughtful response in a textarea. I clicked submit, like I've done millions of times, and I got the dreaded "session expired" error message. This happens very, very rarely, but it's devastating when it does. Creating long & thoughtful responses isn't something that comes naturally for me. I crossed my fingers and clicked back. No luck, web 2.0 dynamically created text boxes ensured Chrome had no chance to preserve my editing state.
My first reaction was: I guess I'm not responding after all. Then it occurred to me, DevTools must have my data somewhere, right? Lucky for me, the answer was yes.
There might be easier ways, this is what worked for me:
- open DevTools
- go to the "Network" tab.
- look for the row with the method POST.
- If you don't see a POST row, try refreshing the page. With any luck you'll get a repost confirmation dialog, giving you some hope that your data is still around. (You'll want to allow the data repost)
- click on the POST row, and scroll down till you see "Form Data". If you've gotten this far, hopefully you'll find your data in clear text and able to be copied.
Use a Google Map as the background of your webpage
Posted 16 days back at The Chris O Show - HomeEver want to fill up the screen with a Google Map and make it the background? We wanted to do that for the picture page on HitMeUp. Here’s an example of what I’m talking about: https://hitmeup.co/hits/et
Turns out it’s pretty easy to do.
Let’s say you have basic markup like this:
<script src="https://gist.github.com/thechrisoshow/964d05d45902079f7f52.js?file=map.html"></script>And the standard javascript like:
<script src="https://gist.github.com/thechrisoshow/964d05d45902079f7f52.js?file=application.js"></script>Then what you want to do is absolutely position the map, and pin it to the top/left/right/bottom sides. The container div is where you put everything that you want to float on top of the map.
<script src="https://gist.github.com/thechrisoshow/964d05d45902079f7f52.js?file=application.css"></script>And boom – you’ve got a Google Map in the background that looks like:
Episode 47: Two hours per minute
Posted 17 days back at GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS - HomeEpisode 47: Two hours per minute:
In this episode, recorded at RailsConf 2013, Ben Orenstein is joined by Ryan Bates of RailsCasts. Ben and Ryan discuss Ryan’s transition to working on RailsCasts full time, staying up to date on the latest technology, how his coding style has changed, maintaining his open source, the process of producing RailsCasts, why he doesn’t speak at conferences, the latest technology he is excited about, and much more
Phusion Passenger 4.0.1 final release
Posted 17 days back at Phusion Corporate Blog
Phusion Passenger is software that deploys Ruby and Python web apps, by integrating into Apache and Nginx and turning them into a fully-featured application server. It is very fast, stable and robust and thus used by the likes of New York Times, AirBnB, Symantec, Pixar, etc. It comes with many features that makes your life easier and your application perform better.
After a period of being in beta, we’re proud to announce the first stable release of the Phusion Passenger 4 series. The 4.x series is a huge improvement over the 3.x series: during the development of 4.0, we’ve introduced a myriad of changes which we’ve covered in past beta preview articles:
- Support for multiple Ruby versions, support for Python WSGI, multithreading, evented core similar to Nginx and Node.js, real-time response buffering, improved zero-copy architecture, better error diagnostics.
- JRuby and Rubinius support.
- Out-of-Band Work.
- Support for the Rack socket hijacking API.
- Improved stability and test suite.
- Ruby 2.0 support.
The beta period took a while because we wanted to ensure that the first stable release is indeed rock solid. People tend to say that one should skip “x.0.0″ releases and wait until “x.0.1″ for the first bug fixes. But we’re confident enough about the stability of the 4.x series that we gave this first release the version number 4.0.1.
Changes in 4.0.1
Compared to 4.0.0 RC 6, the following changes have been introduced:
- Fixed a crasher bug in the Deployment Error Resistance feature.
- Fixed a bug in PassengerDefaultUser and PassengerDefaultGroup.
- Fixed a bug which could cause application processes to exit before they’ve finished their request.
- Fixed some small file descriptor leaks.
- Bumped the preferred Nginx version to 1.4.0.
- Editing the Phusion Passenger Standalone Nginx config template is no longer discouraged.
- Improved documentation.
Installing and testing 4.0.1
Quick install/upgrade
Phusion Passenger Enterprise users can download the Enterprise version of 4.0.1 from the Customer Area.
Open source users can install the open source version of 4.0.1 with the following commands:
gem install passenger
passenger-install-apache2-module
passenger-install-nginx-module
You can also download the tarball at Google Code. All our gems and tarballs can be cryptographically verified.
In-depth instructions
In-depth installation and upgrade instructions can be found in the Installation section of the documentation. The documentation has been updated to cover 4.0 changes, including Enterprise features. You can view them online here:
Final
We would like to thank everybody who has helped with testing the betas and release candidates so far, and we would like to thank our Enterprise customers. We couldn’t have done it without you!
4.0.1 is just the beginning though. We have many excited changes on the pipeline. Want to stay up to date? Fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.