What's New In Ruby: April 2013 edition

Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper's fantastic Ruby Weekly selections, along with other items picked up around the web.

Dashing - The exceptionally handsome dashboard framework.

Dashing is a Sinatra based framework that lets you build beautiful dashboards.

Key features:
  • Use premade widgets, or fully create your own with scss, html, and coffeescript.
  • Widgets harness the power of data bindings to keep things DRY and simple. Powered by batman.js.
  • Use the API to push data to your dashboards, or make use of a simple ruby DSL for fetching data.
  • Drag & Drop interface for re-arranging your widgets.
  • Host your dashboards on Heroku in less than 30 seconds.
This project was created at Shopify for displaying custom dashboards on TVs around the office.

Rails' Insecure Defaults: 13 Security Gotchas You Should Know About

Secure defaults are critical to building secure systems. If a developer must take explicit action to enforce secure behavior, eventually even an experienced developer will forget to do so. For this reason, security experts say:

“Insecure by default is insecure.”

Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.

However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as well as inspire changes to Rails itself.

Ruby 2.0 Works Hard So You Can Be Lazy

Ruby 2.0’s new lazy enumerator feature seems like magic. In case you haven’t tried it yet, it allows you to iterate over an infinite series of values and take just the values you want. It brings the functional programming concept of lazy evaluation to Ruby – at least for enumerations.

GemLou.pe: View the full dependency tree for any ruby gem.

Avoid bloat! Keep that Gemfile slim. See how many dependencies a gem has *before* adding it to your project.
For instance, try the bookmarklet on the devise gem.

Is My Twitter Password Secure?

It's a scary world right now, guys. Your Twitter password can cause the Dow Jones to drop nearly 150 points and compel dozens of blogs to write breathless posts about the future of online journalism. You should be worried.

In order to help everyone out a little, we've created an algorithm that will examine your password and tell you if it's secure enough. Spoiler alert: it isn't.

Established 2005 · Databasically © 2016