RubyEnRails 2009 Day 1

Below is a small round up of day 1 of the RubyEnRails 2009 Amsterdam Event.

Edwin Vlieg: Advanced Rails Testing

The event was supposed to start with Yehuda but he got lost in Amsterdam :)
Edwin showed some basic testing principles focusing on Unit Testing (RSpec) and Integration Testing with Cucumber. He pointed out that although they acknowledge the importance of testing , they are not actually using TDD / BDD. The key point of the presentation was Testing is good, but don’t go overboard.

We are not using TDD / BDD either. The concept is nice, people that use it are going to heaven, but we haven’t been able to use it efficiently all the time. We use it when it’s easy to set the requirements in advance, but this is not always the case.

Yehuda Katz: Merging Merb Into Rails

Yehuda described the process of merging Merb into Rails the past 10 months and by going through the initial goals and what was really accomplished. In a few words: Modularity, Speed, Abstraction.

We asked Yehuda how they manage through the different (strong) opinions inside the Merb and Rails core members. We have a small team and we sometime hit dead ends, so it would be interesting to know how they cope. He said that they also have their fair share of disagreements but Jeremy acts as the voice of reason. So I guess it’s good to have diplomat on the team.

Yehuda implied that they are ready with Rails 3 , he didn’t give a date though (Jeremy did)

Jonathan Weiss: Rails Security

A very interesting talk about the various security issues a web developer has to deal with and how he can protect his application.

In short:

• No one needs to know what version of Rails you are running or what web server you are running. Mask it whenever possible.
• XSS vulnerabilities. Manual escaping is a pain (and risky). Rails 3 html escapes by default but until then there are some plugins you can use like rails_xss.
• CSRF. Protect from forgery is build into Rails, you just don’t have to remove it. (oops!)
• Mass assignment. Always whitelist your model attribute assignment (attr_accessible)

Unfortunately Jonathan run out of time and he skipped the DOS slides.

Stijn Mathysen: JQuery for Rails

Stijn gave some examples of how to write unobtrusive javascript and integrate jQuery in your application. Nothing fancy, though.

Bart ten Brinke: Tuning your Rails Application

Bart ten Brinke from RailsDoctors showcased some techniques for measuring and monitoring an applications’ performance. Those include some commercial services like New Relic RPM or Scout as well as his home grown request-log-analyzer.

We run request-log-analyzer against a segment of our production.log (actually 1 day) during the presentation, but it didn’t tell us something we didn’t already know. Out of 900k requests in a single day about 50% is spent on a single action that lists the products of a specific category. It would be helpful to be able to dig deeper into parameters because in our case the category id makes a difference.

Jeremy Kemper: What’s hot in Rails 3

Jeremy started by doing a small summary of the relation between Ruby and Rails until today. The bottom line was that Rails, by being popular, created a fence between dedicated hardcore ruby developers and new comers. Jeremy believes Rails 3 will help fill the gap between the Ruby and the Rails community.

Jeremy presented a summary of Rails 3 new features. Arel is one, but also speed and modularity. Rails 3 will be 1.8.7 compatible but it will prefer 1.9.2 for deployment.

The $ 1M question was when he Rails 3 is finally coming out. As Jeremy said, they were hoping for a holiday gift to the community, but we should expect the new rails to be shipped in the first quarter of 2010 along with ruby 1.9.2

On an off topic note, the event was greatly organized and most things went smoothly, except maybe the wifi part which required lot of mumbo jumbo to set it up and most people didn’t make it anyway. (no iphone setup also).