ruby
- Engineering
- Last Updated: May 14, 2024
- Richard Schneeman
Debugging is an important skill to develop as you work your way up to more complex projects. Seasoned engineers have a sixth sense for squashing bugs and have built up an impressive collection of tools that help them diagnose and fix bugs. I'm a member of Heroku’s Ruby team and creator of CodeTriage and today we’ll look at the tools that I used on a journey to fix a gnarly bug in Sprockets. Sprockets is an asset packaging system written in Ruby that lies at the heart of Rails’ asset processing pipeline. At the end of the post, you will…
- Engineering
- Last Updated: March 29, 2024
- Jonan Scheffler
The Ruby committers have again continued their annual holiday tradition of gifting us a new Ruby version: Ruby 2.6 was released today, including the long awaited Just-In-Time (JIT) compiler that the Ruby team has been working on for more than a year. Just-In-Time compilation requires Ruby to spin up a compiler process on startup, and we're proud to say that this feature is supported today on Heroku thanks to the diligent efforts of our very own Richard Schneeman. We'd also like to thank fellow Herokai Nobuyoshi Nakada for his effort making sure the new JIT works well with all of…
- Engineering
- Last Updated: June 03, 2024
- Richard Schneeman
Rails applications that use ActiveRecord objects in their cache may experience an issue where the entries cannot be invalidated if all of these conditions are true: They are using Rails 5.2+ They have configured config.active_record.cache_versioning = true They are using a cache that is not maintained by Rails, such as dalli_store (2.7.8 or prior) In this post, we discuss the background to a change in the way that cache keys work with Rails, why this change introduced an API incompatibility with 3rd party cache stores, and finally how you can find out if your app is at risk and how…
- Engineering
- Last Updated: June 19, 2018
- Richard Schneeman
All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760. How do I know if I'm affected? Rails applications are vulnerable if they have this setting enabled in their application: # config/environments/production.rb config.assets.compile = true # setting to true makes your app vulnerable Note: The default value of this setting that ships with Rails in production.rb is false. By default, Rails apps running in production mode are not vulnerable to this exploit. How do I fix it? To remediate this vulnerability, applications can either change…
- Engineering
- Last Updated: June 03, 2024
- Charlie Gleason
How to blend a rock-solid CMS and API with the absolute best in front-end tooling, built as a single project and hosted seamlessly on Heroku. Rails is an incredible framework, but modern web development has moved to the front-end, meaning sometimes you don’t need all the bulk of the asset pipeline and the templating system. In Rails 5 you can now create an API-only Rails app, meaning you can build your front-end however you like—using Create React App, for example. It’s no longer 100% omakase. And for projects that don’t need CMS-like capabilities, Rails and that works pretty great straight away. Create…
- Engineering
- Last Updated: June 03, 2024
- Richard Schneeman
Rails 5.2 was just released last month with a major new feature: Active Storage. Active Storage provides file uploads and attachments for Active Record models with a variety of backing services (like AWS S3). While libraries like Paperclip exist to do similar work, this is the first time that such a feature has been shipped with Rails. At Heroku, we consider cloud storage a best practice, so we've ensured that it works on our platform. In this post, we'll share how we prepared for the release of Rails 5.2, and how you can deploy an app today using the new…
- Engineering
- Last Updated: June 03, 2024
- Etienne Stalmans
At Heroku we consistently monitor vulnerability feeds for new issues. Once a new vulnerability drops, we jump into action to triage and determine how our platform and customers may be affected. Part of this process involves evaluating possible attack scenarios not included in the original vulnerability report. We also spend time looking for "adjacent" and similar bugs in other products. The following Ruby vulnerability was identified during this process. Vulnerability Triage A vulnerability, CVE-2017-8817, was identified in libcurl. The FTP function contained an out of bounds read when processing wildcards. As soon as the vulnerability was made public, we went…
- Engineering
- Last Updated: December 13, 2017
- Caleb Hearth
Jekyll, the static website generator written in Ruby and popularized by GitHub, is a great candidate for being run on Heroku. Originally built to run on GitHub Pages, running Jekyll on Heroku allows you to take advantage of Jekyll’s powerful plugin system to do more than convert Markdown to HTML. On my blog, I have plugins to download my Goodreads current and recently read books and to generate Open Graph images for posts. That said, it’s not straightforward to get up and running on Heroku without using jekyll serve to do the heavy lifting. jekyll serve uses Ruby’s built-in, single…
- Engineering
- Last Updated: May 30, 2024
- Jeff Dickey
Over the past decade, millions of developers have interacted with the Heroku CLI. In those 10 years, the CLI has gone through many changes. We've changed languages several times; redesigned the plugin architecture; and improved test coverage and the test framework. What follows is the story of our team's journey to build and maintain the Heroku CLI from the early days of Heroku to today. Ruby (CLI v1-v3) Go/Node (CLI v4) Go/Node (CLI v5) Pure Node (CLI v6) What's Next? Ruby (CLI v1-v3) Our original CLI (v1-v3) was written in Ruby and served us well for many years. Ruby is…
- News
- Last Updated: May 30, 2024
- Richard Schneeman
I recently demonstrated how you can use Rack Mini Profiler to find and fix slow queries. It’s a valuable tool for well-trafficked pages, but sometimes the slowdown is happening on a page you don't visit often, or in a worker task that isn't visible via Rack Mini Profiler. How can you find and fix those slow queries? Heroku has a feature called expensive queries that can help you out. It shows historical performance data about the queries running on your database: most time consuming, most frequently invoked, slowest execution time, and slowest I/O. Recently, I used this feature to identify…
Subscribe to the full-text RSS feed for Richard Schneeman.