Groningen.rb RailsConf 2015 recap

Transcript

1. RailsConf 2015

2. None

3. Prying open the black box • Stack traces are cleaned

   by default in Rails • puts caller gives stack trace without raising • pp instance_values • rails new —dev

4. Prying open the black box • export DISABLE_SPRING=1 • git

   blame abcdef^ FILENAME • bundle open activerecord • gem pristine cleans gems
5. None

6. Speed Science Not about breaking bad

7. Speed Science • https://github.com/htcat/htcat • Disk IO is most of

   the times the problem • https://github.com/schneems/derailed_benchmarks
8. None

9. https://github.com/ko1/allocation_tracer

10. None

11. Processes and threads, sidekiq vs rescue • Pry is awesome

    • Unicorn does a lot of awesome magic • http://thorstenball.com/blog/2014/11/20/unicorn-unix-magic-tricks/ • gem install pry-stack_explorer • gem install pry-byebug • gem install pry-rescue

12. Resque • Uses fork • mitigates the risk of leaking

    memory • avoids the cost of booting rails for each job

13. Sidekiq • Uses threads • Performance, simplicity, support

14. None

15. Aaron Patterson

16. Aaron Patterson • Main focus for the coming year: speed

    • bundle exec is exponential based on amount of installed gems • Difference between controller/integration tests • https://github.com/tmm1/stackprof

17. Implementing a visual CSS testing framework

18. Implementing a visual CSS testing framework • A lot of

    existing packages that do a similar thing: • Huxley, Phantom CSS, GhostStory, Cactus, Needle, CSSCritic, fighting-layout-bugs, sikuli, Mogo, Quixote • Not the right fit, so: Do It Yourself ™ • BugSnag has a separate service that runs screenshot tests and that posts back to pull request with the outcome. • Screenshots are compared between branches
19. None
20. None

21. Your frontend framework is overkill - Server side JavaScript with

    Rails
22. None

23. The World of Rails Security • Rails isn’t fully secure

    by default • html_safe does not make strings safe • CSRF doesn’t apply to GET • CSRF tokens persist per session • By default when a CSRF error occurs, Rails will continue the current action unless explicitly being told not to (fixed in a couple of versions)

24. The World of Rails Security • Server-side session are not

    default • Session cookies are forever by default • No build in account management • No build in authorization framework • link_to not safe by default • etc etc: http://blog.codeclimate.com/blog/2013/03/27/rails-insecure- defaults/
25. None
26. None

27. Takeaways • Rails people like cats