How do Ruby developers keep updated on ruby and rubygem security alerts and updates?. I found out about this today:
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
and wonder how developers usually keep up with these types of alerts. Thanks in advance.
For Rails, just register for email updates in the Rails security google group :
https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-security
The Ruby Security Announcements list is specifically for security issues in Ruby and Rubygems.
Also check out the bundler-audit gem to automate this process. It will check your gems for known vulnerabilities and also recommend some improvements regarding the update process in general.
I actually wrote about this a few weeks back. These are the things that I would recommend:
Follow the Ruby and Rails security mailing lists.
Use CVE Reports to get details of security alerts as soon as you can. CVE stands for "Common Vulnerabilities and Exposures" and it's an industry standard reporting mechanism.
Keep your dependencies as up to date as you can. Run bundle outdated to get this information. Keeping your test suite at > 85% is going to make dependency upgrading much easier.
Create a process for your team so you can stay up to date on squashing security issues. I elaborate in the blog post on how to do that.
Use tooling like bundle-audit, AppCanary, Hakiri, or Gemnasium to auto-detect gem security issues. These are easy tools to insert into a CI environment.
I think these two sources should get you that info as soon as it's available. You could also sign up for an account at rubygems.org and add Rails to your RSS feed.
Ruby on Rails on Twitter
Rails core mailing list
Also the Ruby 5 Podcast is a twice weekly resource and only takes 10 minutes of your time per week.
Also, if you find it hard to keep find the time to look for updates or perform the actual update: Use mini habits to e.g. update software every Monday, as I described in the week with a Rails security strategy
Related
I need to create an online shop to sell some e-learning services, mostly online courses.
I'm thinking to start with Spree, so I've installed it and I started playing with the configuration, I'm also starting with Ruby and RoR, and I plan to carry out all my next works on this platform that I really like.
I'm just curious to know if it's a good idea to start with a complete solution like Spree to sell this kind of products. I'd need to change some checkout steps, for example there is no need to deliver the things, since they are services (online courses).
Then I'd like to disable the country selection because the ecommerce will just sell in our country and it's useless to allow this selection.
How can I do it?
Then I'd like to allow users to choose between a one-time payment and a recurring billing solution.
Can you help me to understand what I need to do this?
At a first glance it seems a lot of work (beside the fact that I'm new with the framework and with the language -coming from python, php, c++).
I'm using the latest version of spree from their git repo with rails 3.2.3 (ruby 1.9.3 under RVM).
Yes you can modify the checkout steps have a look at http://guides.spreecommerce.com/checkout.html#checkout-customization on how to do this.
On the payments side good luck! I have been struggling with this for a while now and there doesn't seem to be much out there. I will update this if I am able to find anything solid.
If you are new to ruby on rails I would suggest that you take some time to familiarise your self with ruby on rails first before diving into spree as this will save you alot of time in the long run.
if you are running the latest verison of spree(edge) rather then the latest released version please be careful.
Thanks
Ash
What ruby based forum software would you recommend for integration into an existing rails application and allows single sign-on? I have seen many suggestions in posts for forum software that is no longer maintained (2008 and earlier).
Beast is the most current one I know of, and I'm sure it's the one you are referencing.
The rest is more of a side note, but, when I first got into rails, i asked similar questions, aka, what is the best blog, cms, forum, etc to use? As it turns out, the Rails community as a whole is interested in use cases that fit outside the plug-n-play web apps, so most people will end up rolling their own to fit their needs exactly if they find occasion to build such an app in Rails. The good news is that I think that I remember hearing that beast is like 800 lines of code, so it can't been too burdensome to either upgrade out of 2.2ish rails or just copy over the logic you need for your forum.
Thredded is very actively maintained!
Thredded is a Rails engine, so it is very easy to integrate it into an existing app.
http://github.com/radar/rboard
Rboard is really pretty awesome. :)
I always refer to Ruby Toolbox on what the rails comunity prefers.
Here's a good reference http://ruby-toolbox.com/categories/forum_systems.html
Based on the list there are two projects
Rboard - last commit 25 days ago
altered_beast - last commit 12 months ago
I agree with Jed Schneider, in the end most rails guys will roll out their own to fit the exact needs.
Forem and Discourse look promising:
https://github.com/radar/forem
https://github.com/discourse/discourse
I am currently investigating possible applications of CouchDB on my current project (written in Rails) and would like to get some feedback from people who have actually used these APIs. Which would you recommend and why?
ActiveCouch
CouchFoo
CouchRest
CouchRest-Rails
CouchPotato
The basic layer of CouchRest is probably the best to get started, CouchPotato is the most active for Rails integration, SimplyStored adds some nicities on top of CouchPotato
With Rails 3 use (or at least seriously consider using) CouchRest Model. It appears to be well maintained, since as of this update on 2013/12/19 I see several changes that are only 2 weeks old.
Before considering SimplyStored, you should note that they give this warning on Github:
Development work as stopped as we don't use SimplyStored anymore. Please do not expect any future commits and fixes.
Perhaps someone will pick it up, as it looks very useful.
I am going through the same process. You might find SimplyStored interesting if you haven't already given it a look.
http://github.com/peritor/simply_stored
I have to develop a online product catalog which will eventually developed into a simple online ordering system, I have never developed a web application before. Please recommend an application framework which might be a good choice for this kind of apps.
Is Ruby on Rails a good choice?
Thanks.
Definitely Ruby on Rails a Good Canditate for developing online e-commerce application , There are many e-commerce application developed in Ruby on Rails , which are successfully running .
Open source e-commerce application spree
Shopify CMS for online store .
Agile web development book has explained the working of rails with an example how to develop a product catalog , which will be more helpful for you.
Many plugins and gems available for payment gateway like the Payment gem .
What more you could need to develop an online store .If your resources are less and the development time should be speedy then rails a good candidate for your requirement.
Finally its your interest and skills set and choose the platform which suits your requirement :)
Hope this helps !
Rails is as a good choice as any other web framework can be.
Here are a few links to help you getting started with it.
The Guides
The Screencasts
The Agile Web Development with Rails book
And for your online ordering feature, you could look at Active Merchant.
Is it necessary to develop it yourself?
There are a number of great drop in solutions for a catalog/shop application. Some offer both the source code for customized deployment, others offer a package including hosting, setup and maintenance. In addition to what's already been mentioned, here are a few more e-commerce solutions that are ready to do.
Keep your hosting solution in mind when deciding how to proceed. A lot more hosts offer PHP than rails.
PHP Based ZenCart (Both)
Django Based Satchmo (Source only)
Rails Shopify (Hosted only)
Do you really want to reinvent the wheel?
If you've never written a web application before do NOT start with something that involves billing. That's a good way to end up in a lot of trouble. Billing is hard to get right, and if you get it wrong you can end up facing huge fines or even in court. In most cases, you have to comply with PCI DSS security standards, and if you fail to do so and information is lost or stolen, you're likely looking at $500,000 in fines.
If you absolutely must do e-commerce, outsource it to PayPal or Google Checkout so that your risk is limited mainly to charging people the wrong amount by accident.
That warning out of the way, Rails is a good place to start if you've never done web development before. It has it's problems, but they'll go unnoticed until you've been working with it for at least two or three years. i.e., they're fairly minor, and are likely to annoy only a very experienced developer with significant project requirements.
Full disclosure: Google is my employer, so obviously I think you should opt for the Google Checkout option.
Anyone have a list of rails plugins that are both stable and give you enough functionality to be worth the extra effort of supporting?
Edit:
I am mostly interested in the best, most complete list of plugins so I can use it the next I'm starting a rails app. I don't currently need a particular plugin.
You can use bort as reference
Plugins Installed
Bort comes with a few commonly used
plugins installed and already setup.
RESTful Authentication
RESTful Authentication is already
setup. The routes are setup, along
with the mailers and observers.
Forgotten password comes setup, so you
don’t have to mess around setting it
up with every project.
The AASM plugin comes pre-installed.
RESTful Authentication is also setup
to use user activation.
User Roles
Bort now comes with Role Requirement
by Tim Harper. A default admin role is
predefined along with a default admin
user. See the migrations for the admin
login details.
Open ID Authentication
Bort, as of 0.3, has Open ID
integrated with RESTful
Authentication. Rejoice!
Will Paginate
We use will_paginate in pretty much
every project we use, so Bort comes
with it pre-installed.
Rspec & Rspec-rails
You should be testing your code, so
Bort comes with Rspec and Rspec-rails
already installed so you’re ready to
roll.
Exception Notifier
You don’t want your applications to
crash and burn so Exception Notifier
is already installed to let you know
when everything goes to shit.
Asset Packager
Packages up your css/javascript so
you’re not sending 143 files down to
the user at the same time. Reduces
load times and saves you bandwidth.
p/s: agree with #eric, specifics
restful_authentication for sign in, sign out, sign up.
paperclip for file uploads.
rspec and shoulda for testing.
Could you be more specific in what you are looking for? There are so many great plugins for so many different tasks, it's hard to guess the right ones for you.
Try resource_controller. http://jamesgolick.com/2007/10/19/introducing-resource_controller-focus-on-what-makes-your-controller-special
It seriously dries up your RESTful controllers. And is the only plausible way of implementing polymorphic actions that I've come across.
Loads of other good stuff too. Give it a try.
I can imagine why you are asking that. I used to work in a project with more than 20 plugins in use. Sure, it speeded up the development early on, but later debugging became difficult. Also, updating to a new version of Rails was a lengthy process.
My advice is that don't start using a plugin before have a reasonable understanding of how it works and of the trade-offs involved. For small plugins you should probably read the source code. For larger ones, see what other people are saying about them, when the plugin was updated the last time, etc.
For scanning popular plugins, see the most popular github projects. Quite a few of them are Rails plugins.
For me, Haml is excellent. It's not for everyone but if it clicks with you you'll love it. Set aside 30 min and give it a shot. It reduces the clutter in my views by about 50%.
It's easy to install using Rails 2.1+'s gem dependencies :
# environment.rb
config.gem 'haml'
Then:
rake gems:install
Ruby Trends is a good place to check what the most popular plugins/gems/books/practices are. It's like StackOverflow (i.e., voting plugins up/down) but is more fine-grained and has the ability to search/filter.
I my rails time I used http://github.com/mbleigh/acts-as-taggable-on/tree/master with success.