Jim Lindley Notes

Rails 2.1 is almost here, and there are two great resources for learning about it:

Ryan Daigle’s ‘What’s New In Edge Rails’, and Rails contrubutor Chu Yeow’s series: ‘Living on the Edge of Rails’.

Lots of fun stuff for this point release!

And if so, can you help me kick some tires? I've done some work on adding features to the Accessible Form Builder plugin to help use Blueprint grid css classes. It was extracted partially from work done on a a Rails project for Academic Management, my awesome employer.

Accessible Form Builder on GitHub.

I'll be fixing up a few last minute issues with it over the weekend, but it should be fairly beta-ishly usable in it's current state, and I'll publish a tutorial/guide shortly.

This is what it gets you (screenshot):

From this sort of markup (screenshot, sorry - code sample are with the plugin on GitHub):

Let me know: good or wack? What's missing? I'll be at Mountain West Ruby Conf and Rails Conf, say hello if you see me or if you find this plugin useful.

My email address is jim@jimlindley.com for any questions or comments.

Just saw it was tagged in the Rails dev subversion repository. Long time coming but definitely worth it, I’ve been running on edge for 6 months now and Rails 1.2 is hard to go back to when I need to work on older projects.

Official announcement and an overview of changes.

Rails 2.0 Installation

The actual release version is 2.0.1, 2.0.0 had a small issue. EDIT 12/16: the latest version is now 2.0.2. To install it as a gem:

sudo gem install rails

Or inside an existing Rails project:

rake rails:freeze:edge TAG=rel_2-0-2

rake rails:update

Online Resources:

• Rails change log (will be slow today, it’s on the main dev site)
• New Feature Overview
• Free screen casts on Rails 2.0
• Ryan Daigle’s edge Rails posts
• Rails 2.0 PDF ($9)
• Foxy Fixtures (managing inter-related fixtures just got easier)
• Handling deprecations when upgrading to Rails 2.0
• Prototype 1.6C Changes
• Scriptaculous 1.8 Changes

Books with Rails 2 content:

• Prototype and Scriptaculous book ($20 pdf)
• Advanced Rails Recipes ($20 pdf)

It looks like we are a week away from the actual 2.0 release, you can check out the preview release by pulling from the gem from the Rails dev server, or freezing to edge in your project like so:

rake rails:freeze:edge TAG=rel_2-0-0_RC2

Remember, upgrade to the latest version of 1.2.x (1.2.6 at the moment), and check for any deprecation warnings before trying to run 2.0, unless you’ve been running on edge lately.

This release candidate contains many bug fixes but minimal new features over the last release candidate.

Ruby on Rails Security has a great article on cookie-based session storage. This is the default for Rails 2.0, and if you generate a new Rails app it will create a very long random string to use for hashing the cookie to prevent tampering. This seems to be fairly secure, although it’s always safest to switch to a server based session storage mechanism.

If you are converting your pre-2.0 app to use cookie based sessions, you must be careful to pick a very good secret for the hashing function. And ‘good’ means computer generated, very long, very random, and no dictionary words. Rails will now prevent you from using a secret less then 30 characters long.

If you are only storing a minimal amount of information in the session (such as a user id and flash message), cookie session store is an awesome win. Otherwise, you’re probably using it wrong: no sensitive information should be placed in session, and if you need to expire sessions, you must place an expiration time in the session and check that per request and decide if you’ll accept it still.

UPDATE: More info on cooke session store security.

DHH has updated the docs for schema.rb, to reflect the fact that schema.rb is an important file that should be kept into version control. He recommends that production apps be initialized to their schema via this file, and not from migrations.

The rake db:reset task has been changed to reflect this philosophy, it will now run the db:schema:load instead of db:migrate after first dropping then recreating your database.

Migrations, as they build up over time, become increasingly fragile, whereas schema.rb is likely consistent to the current version of your schema and many fewer steps to load. One thing to keep in mind is that schema.rb does not preserve all the same setting that migrations do - character sets, collations, and other database dependent features. If you need those, switch from having a ruby schema.rb to an SQL schema file.

Switch to SQL by uncommenting this line in environment.rb:

# config.active_record.schema_format = :sql

A release candidate for Rails 2.0 has been tagged - see announcement of install directions and other news.

The javascript libraries included with Rails have been bumped up to the latest release versions of each: Prototype 1.6 and Script.acul.ous 1.8. It looks like these are the versions that will make it into the final Rails 2.0 release.

Changeset #8087