Activity
What do you think about having a built-in linter that comes with Rails?
Raise your hand if you're guilty of making this mistake in the past. 👋😬
That's probably a bug in the UserAgent bot check I would imagine.
If you're building a no build Rails application that makes use of modern browser features (like ONCE Campfire!), you'll definitely want to use this.
Amazing, thanks for sharing!
That would be great to know. Had the same question about OrbStack. 🧐
You can install vim / neovim / etc inside the container. Here's a blog post about it: https://cadu.dev/running-neovim-on-devcontainers/
That's exactly what it's for. 👍
Posted in Rails app to upload and view videos?
Depends on what you need. I assume you want users to be able to upload videos through your application? What other features do you need?
If you don't mind the videos being publicly available, YouTube can work and it's probably your only free option.
We use Bunny.net for video hosting and it's very cheap compared to alternatives like Wistia, Mux, and AWS.
You could also use Rails' built-in ActiveStorage, but with video it helps to use a service that transcodes videos into playlists that can stream at different bitrates.
Bunny has some JavaScript you can use to upload videos from your application that you can read up on. You'll need to generate the signature server-side to keep your API key secret when generating the presigned uploads. This is basically the same way direct uploads work with ActiveStorage to send files directly from the browser to the hosting service instead of uploading to Rails, then uploading again to the hosting service.
Pretty excited about this because it makes Rails development so much easier to start for beginners or for teams using various operating systems.
I also forgot to mention, there is a devcontainer
CLI that you can use outside of VS Code, so you could use Vim or other editors inside the devcontainer. https://github.com/devcontainers/cli
What do you think? Will you use Dev Containers?
Rack Attack is still useful for safelists and blocklists, but the rate limiting / throttling feature is pretty much the same as what's built into Rails now.
The Rails rate limit feature is a bit more friendly since you get all the Rails features, while Rack Attack requires you to write your own Rack responses without any Rails helpers.
Both use the Rails cache store by default, so you won't need to reach for Rack Attack unless you want to setup safelists, blocklists, or another feature.
Posted in Wrapping Up Our URL Shortener Discussion
Glad you enjoyed it Tony!
Shoutout to the folks at Honeybadger for being awesome. 🫡
What have you tried?
Using Rails main, betas, or release candidates are great ways to find bugs and contribute to Rails itself. 🎉
Posted in Today I Learned!
I thought it would be fun to start a thread where we can post the things we've learned recently.
Today I learned that __dir__
returns a full path while File.dirname(__FILE__)
returns a relative path thanks to Xavier's recent commit in Rails: https://github.com/rails/rails/commit/de4d8744744acab2dd9db0683ccf784ea45810b2
Have you used GitHub Action Inputs for any other cool things?
Posted in Rubygems Trusted Publishing Discussion
As more and more vulnerabilities like "xz" with Linux happen, reproducible builds and releasing processes like Trusted Publishing that the Rubygems team has built will be critical. I mean, how many of us actually check the code that is downloaded by bundler to ensure it's secure? Probably very few of us!
Posted in How do I start from the very beginning?
Follow the GoRails Learning Path.
Posted in Tutorial on verifalia gem
Cloudflare as a proxy could help block the malicious user. They can block requests from known bots and present barriers to stop them.
They also run hCaptcha that you can implement in the sign up process to protect from bots. We have a lesson on that here: https://gorails.com/episodes/how-to-usehcaptcha-with-ruby-on-rails
I also like using invisible_captcha which is similar and doesn't require a third-party service (although it's not quite as good).