Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×

Ruby On Rails Goes 1.1 255

MrByte420 writes "The Ruby On Rails team today released version 1.1 of the web framework. From the announcement: 'Rails 1.1 boasts more than 500 fixes, tweaks, and features from more than 100 contributors. Most of the updates just make everyday life a little smoother, a little rounder, and a little more joyful.' New features were examined back in February at Scottraymond.net and include Javascript/AJAX integration, enhancements to active record, and enhanced testing suites. Not to mention upgrading this time promises to be a piece of cake."
This discussion has been archived. No new comments can be posted.

Ruby On Rails Goes 1.1

Comments Filter:
    • So if you're currently a Java rich client programmer, with no J2EE experience, how can you get a job as a Ruby coder (other than inventing a site to implement for yourself)?
  • by billstewart ( 78916 ) on Tuesday March 28, 2006 @03:21PM (#15012502) Journal
    Sigh. Rails is joining the list of things that encourage people to use Javascript applications, just as all the AJAX stuff does. So anybody who's using those applications has to toast their security.

    The problem isn't that you can't write secure Javascript code - you can. The problem is that if anybody wants to *use* your nice secure AJAX/RAILS/etc. application, they need to turn Javascript ON in their browser, which means they're vulnerable to maliciously-written Javascript on any other web pages they visit.

    There's no easy way around the problem if you want to run the new cool AJAX applications, and there's a lot you can do with a programming model that makes it easy to distribute functions between the client and the server. For Mozilla users, it's probably possible for somebody to implement per-site permissions for Javascript the way they do for cookies, images, etc. For IE, though, you're just toast.

    • by gregarican ( 694358 ) on Tuesday March 28, 2006 @03:24PM (#15012526) Homepage
      Ever heard of using the Trusted Sites [microsoft.com] list in Internet Explorer? seems to work for me for per-site permissions.
    • If you're already running Firefox, the NoScript extension is a simple way to protect yourself from what you just described. I would also expect other browsers allow you to white-list specific sites (though maybe not as easily as NoScript).

      • Mod parent up; for a small inconvenience (you have to add each site to your whitelist with 2 clicks), NoScript provides a lot of protection. It also shows you how much fricking code is pulled from other domains- scary. The page on which I type this pulls code from:

        slashdot.org
        google-analytics.com
        2mdn.net
        questionmarket.com
        falkag.net
        and good ol' doubleclick.net

        NoScript lets you select which code to run, and which to ignore. Inconvenient but awesome.

        And somewhat on-topic, check out siteadvisor.com
    • For Mozilla users, it's probably possible for somebody to implement per-site permissions for Javascript the way they do for cookies, images, etc. For IE, though, you're just toast.
      IE already impliments settings that allow you to whitelist sites for scripting. So by your meaning, Mozilla is toast.
    • And images expose you to things like the WMF exploit, so let's just go back to the 1980s of web design.
    • by fforw ( 116415 ) on Tuesday March 28, 2006 @03:45PM (#15012690) Homepage
      The noscript firefox extension [noscript.net] lets you forbid execution of javascript/java/flash by default and only enable it again for some sites (whitelist). Internet Explorer has "Trusted Sites" or something.. So all in all that is not that much of a problem..
    • The problem is that if anybody wants to *use* your nice secure AJAX/RAILS/etc. application, they need to turn Javascript ON in their browser

      If that's true, then the Ajax/JavaScript support in Rails is severely broken. Properly written JavaScript degrades gracefully, so that the people who have JavaScript enabled get the benefits of it, but the people who have JavaScript disabled can still use the application.

      Can anybody who's used this new part of Rails comment on this? Does it really generate Ja

      • Out of the box, rails doesn't add any javascript at all. The fact that when you do use the javascript generation, the fact that it's so closely tied to prototype .js is my main problem. Got a method or attribute called "extend"? Too bad, prototype owns it. Nice use of namespaces, fellas.
      • Ajax components don't degrade quite as gracefully as standard JS does. There just isn't any getting around this for Ajax apps. Rails does include degrade functionality for Ajax though. The difference is that the developer must add checks for this functionality. You will also need to add Ajax and non-ajax versions of pages for this to work. An Ajax page will only contain the html of the element that gets updated. A non-ajax page will contain all of the html for that page (at least that which is not in
        • Ajax components don't degrade quite as gracefully as standard JS does. There just isn't any getting around this for Ajax apps.

          No, you're mistaking common practice for inherent flaw. There's nothing general to Ajax that precludes graceful degradation; Ajax is standard JavaScript, and the techniques used for graceful degradation are just the same for Ajax as they are for any other JavaScript.

          Rails does include degrade functionality for Ajax though. The difference is that the developer must add chec

      • That depends on the developer. Rails is just a framework of APIs. Using respond_to, you can give a response based on what's enabled in the browser.
    • The easy way around the problem is per-site JavaScript permissions. Internet Explorer has allowed you to set up your browser like that for ages, I'm surprised Firefox isn't the same way.

      Still, there's a plugin for it [noscript.net]...
    • First let me say that I'm the lead developer of Echo2 [nextapp.com], which absolutely requires JavaScript in order to function, so please take that into account as a bias if you desire.

      I disagree with the statement "JavaScript is insecure". Implementations may be insecure, but the specification itself has no such problem. There have certainly been security holes discovered in JavaScript implementations. There have been equally dangerous security holes discovered in other aspects of the browser.

      My other question to the
    • Or, use respond_to and deliver content through AJAX or non-AJAX through the same action.

      Despite that, I think it's time to get over it--scripting is a part of the World Wide Web. The whining about JavaScript reminds me of the whining about PDFs that always occurred on Slashdot a few years ago, which thankfully has mostly disappeared. Everyone stupidly assumed because Acrobat was slow, PDF was slow. Nope, Acrobat was slow because it loaded all its plugins on every startup, which Adobe stopped doing in the
    • Bill, don't forget eating cookies causes browser cavities as well!!
    • while javascript can be potentially dangerous, a properly secured system will prevent most malicious javascript from doing any serious harm. of course, there are always new flaws that may allow access to admin level items, this is no different from any other network service running on a computer though.
  • Rails is Great (Score:5, Interesting)

    by nashjobs ( 964268 ) on Tuesday March 28, 2006 @03:21PM (#15012505)
    It allowed me to develop this job website [nashjobs.com] in 2 1/2 months spare time with 400 unit/functional tests. I was a Java programmer, and now there's no going back ;-)

    Any other former Java programmers relate?

    • Re:Rails is Great (Score:2, Insightful)

      by Anonymous Coward
      I am still a java developer until someone starts to pay me to do rails fulltime. But, yes, I am doing rails in all my consulting and side work now...as well as all my personal apps. So, java still pays the bills but ruby/rails is the way of the future for me.

      I equate it to the java transition that happened some years back....i have to still do java until the industry starts to realize the power of rails, just as I had to do C until they started to use Java.
    • I see your site says beta, are you a former google employee?? ;)
    • Re:Rails is Great (Score:3, Interesting)

      by catch23 ( 97972 )
      One thing I like about Rails (or Ruby in general) is that you can have a relatively short turn-around time since Ruby is interpreted. In the old Java & Hibernate world, I'd have to run xdoclet for every new field in the database, re-compile with javac every time I added more functional code (either in the model or controller), or reload tomcat every now and then.

      However with Ruby + Rails + Ruby & Rails Eclipse plugins, I almost never need to sit around for more than 2 seconds to see my generated ou
  • by RunFatBoy.net ( 960072 ) * on Tuesday March 28, 2006 @03:21PM (#15012506)
    Along with the API documentation, I found the book "Agile Web Development with Rails" highly beneficial. For a while there, it was the only definitive, concise source of Rails examples.

    Even if you're skeptical of the Rails hype, I encourage any developer worth their salt to sit down with it for a weekend. The whole concept of convention over configuration can be a bit mind bending, especially if you're use to Java's XML hell. It's always beneficial to force your brain to adapt to new languages; it encourage contrarian thinking when considering new solutions.

    Jim http://www.runfatboy.net/ [runfatboy.net] -- Exercise for Web 2.0.
    • Agreed, no online tutorial did it for me, just made me look away. Then I read "Getting Real" from 37signals (look it up, a pdf book, cheap and worth it but I'm not their advertising co and it's easy enough to look up). That made me get Agile Dev w/ Rails after 3 bookstores to find it(It's not catalogued with Ruby books since it doesn't say Ruby in the title, so be careful!) and sat down and went through the first bunch of chapters pretty quick.

      The thing I like especially is the unit testing, still getting m
    • Ruby is a pretty nice tool, I do think it has far too much hype however. The hype is almost as bad as AJAX.
    • One of the things I really liked about Ruby was the RubyGems project. It's sorta similar to Maven in the Java world in that it will go out and fetch additional package dependencies for software. I think Java really needs some kind of semi-centralized repository of open source packages so that one does not have to go through the trouble of reconfiguring packages all the time. My current project at work uses over 30 lgpl licensed projects and it's one big pain in the butt to upgrade these packages all the
  • Web an API junkyard (Score:3, Interesting)

    by amightywind ( 691887 ) on Tuesday March 28, 2006 @03:24PM (#15012522) Journal

    This posting only serves to remind me what an API junkyard web programming has become. Let's see, we need server side Ruby to transmit and execute Javascript that manipulates a DOM to emit HTMP, gracefully degrading features for anachronistic browers. Zowie!

    • I couldn't agree more. You know what the saddest part is? The applet could have saved us years ago. Only if Sun wasn't so incompetent and MS wans't full of such evil bastards.

      • I agree. I am a little surprised the applet hasn't come back into style. It certainly provides a rich interface and is nowhere near as contorted as some of these 'frameworks'. It would have been nice if several languages could have supported Java bytecode output. Kawa scheme does. I don't know of any others. Another thing I have been puzzled about is why Sun never freed the Hotjava browser. In the old days, I used to like it. It certainly ran applets cleanly.

    • by Overly Critical Guy ( 663429 ) on Tuesday March 28, 2006 @06:04PM (#15013693)
      Aaaaaand how is that different from desktop development? Actually, how is that different from any other development?

      Yeah, shocker, APIs call other APIs to call other APIs. That's how software works.

      All you did was describe the basic model of server code delivering client code. Which is the future.
  • ... May this be yet another nail in the coffin of the life-sucking tedium that is J2EE.

    • Re:Kudos to RoR... (Score:3, Insightful)

      by ievans ( 133543 )
      If you're using J2EE/Java EE for simple data-driven web sites a la RoR, then you're probably not the target developer for the Java EE platform. I have nothing against these web frameworks and the people who love them, I should add. It's just that the average /.er doesn't see the need for the features that are at the core of enterprise Java, and therefore they dismiss the platform as being too heavyweight. Sure, for small-scale development. The same mentality pops up in discussions on whether, e.g. MySQL nee
      • I was just going to suggest that the parent has deved a website used by more than 2 people. You've put it much more eliquently, I especially like the build a dog house vs. build a skyscraper comparison. I'd add, that Java is far more widely known. I can walk away from my code and KNOW somebody will be able to pick up where I left off, customers tend to like that kind of thing.
      • Re:Kudos to RoR... (Score:5, Insightful)

        by helix_r ( 134185 ) on Tuesday March 28, 2006 @04:11PM (#15012907)

        The fact of the matter is that the vast majority of web-apps are actually in-house apps that have a fairly small number of concurrent users.

        Sadly, thousands of dev groups all over the world are slaving away very hard at j2ee simply because, well, its a good thing to have on one's resume or because consultants can bill mega-hours by building a "scalable enterprise application".

        If people were honest about their motivations and real scalability requirements, it would be clear that j2ee fits a niche market and that more rapid, easier-to-use dev frameworks like RoR fill mainstream needs.

        • Re:Kudos to RoR... (Score:2, Informative)

          by ievans ( 133543 )
          No offense, but the oft-repeated anecdote about hundreds of poor schlups being forced to code horrendously overweight J2EE-apps while consultants wheel-away wheelbarrows full of cash doesn't ring true to me. What organization has this kind of money and time, especially since the downturn and what with offshoring development and all? Where are these companies?

          I also question your use of the term "mainstream." One person's niche technology is the next person's mainstream one. There are different market segmen
          • Re:Kudos to RoR... (Score:3, Interesting)

            by 21chrisp ( 757902 )
            Just because companies shouldn't be wasting money doesn't mean they don't do it.

            Java is ubiquitous in the corporate market. It is the Jack-of-All-Trades. It's what CTOs look for on a resume because they think Mr. Java can do ANYTHING, and Mr. Ruby might be able to learn Java after a year or so, but would be limited in what he could do until then.

            I still can't fathom why people think Ruby lacks transaction, security, and connectivity. My experience with it is that it's highly reliable and connects t
      • With that being said, Java EE 5 will make enterprise Java developer's lives much easier. EJBs, everyone's favorite whipping boy, are a lot easier to code now.

        Bwuaah hah aha hahahaha. Let's see, we go from EJB's are evil [onjava.com] to a lot easier to code now. Sure, after getting burned and poked in the fires of hell by Sun's concept of a business layer, just getting slow roasted on a spit is prefered.

  • by AgNO3 ( 878843 ) on Tuesday March 28, 2006 @03:42PM (#15012667) Homepage
    http://developer.apple.com/tools/rubyonrails.html [apple.com] Found that link on the ruby on rails site and it was the best description for a non techie like me that I could find in fast.
  • I'm not a Ruby developer, the most I've done is just skimmed over some Ruby tutorials. I like the ease and simplicity of the Ruby syntax.

    Is it possible to make stand-alone, executable apps in Ruby? What about GUI?
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Tuesday March 28, 2006 @04:43PM (#15013119)
    You know a thing is superhyped when v1.1 is mentioned on slashdot.
    Mind you RoR is cool compared to j2EE. Then again, it's allmost as if C is cool when compared to J2EE. J2EE sucks big time for server side web - even the Java Gurus agree on that. End of discussion, no news here.
    But RoR isn't the end all of ssi frameworks. Django is at least as good (I'd say better and cleaner than RoR) and Zope has been around since the ninties and still is years ahead of the rest. People with an overview over the technologies generally agree on that. I had a story submission (rejected) on that the other week. Check out the linked webcast, it's a very interessting analysis of a set of technologies and solutions:

    |||||
    Nasa/JPL Web Framework Shootout

    In an educative and entertaining webcast [nasa.gov], Sean Kelly, a Nasa/JPL software engineer, goes into the details of a project based comparsion between a set of web application frameworks and servers. Including the much hyped Ruby on Rails [rubyonrails.org] and Django [djangoproject.com]. Various Java technologies, Ruby on Rails, Django, TurboGears [turbogears.org] and Zope [zope.org] are covered. Details and traits of each are mentioned. For people involved with web developement there are not to many suprises though, yet the presentation and Kellys commenting are fun to watch.
    In a nutshell: EJB [sun.com], Hibernate [hibernate.org] and various other Java [sun.com] flavours fail spectacularly, Zope scores a clear victory with Django, RoR and TurboGears relatively close behind. Development speed, error-gotchas, the need for hand-tweaking and the requirement of handwritten SQL and available documentation go into the measuring. As does an overall tongue-in-check "fun-factor". The details are interessting though. TurboGears 'error-driven' developement gets a positive review, RoRs automated controller generation aswell and Zope gets a complete rundown on it's astounding set of features. In the end long-time Java developer Kelly convinces us that - no matter what we do - we really, positively, don't want to use EJB [softwarereality.com] or Hibernate for this kind of stuff. Very entertaining and informative indeed.
    |||||
    • Depends on which part of J2EE, Servlets are fine, JSPs are fine, EJB2 sucks big time, no discussion about that. While JSF and EJB3 is very good.
    • Zope is awesome for the things that zope already does. Extending it involves crawling pretty far into the zope system though.
    • by ubernostrum ( 219442 ) on Tuesday March 28, 2006 @07:59PM (#15014560) Homepage

      In an educative and entertaining webcast, Sean Kelly, a Nasa/JPL software engineer, goes into the details of a project based comparsion between a set of web application frameworks and servers. Including the much hyped Ruby on Rails and Django. Various Java technologies, Ruby on Rails, Django, TurboGears and Zope are covered.

      Except he got more than a few things wrong. To pick one example, he seems to be under the impression that Django doesn't support i18n/l10n when, in fact, we ship all the core Django applications with support for twenty-odd languages, and Django uses an extensible gettext-based system to make it easy to translate third-party apps and add new languages. We even include an i18n JavaScript library to make translation strings available to JS code. Our admin app even has a setting that chooses which language to render a page with based on the incoming Accept-Language header.

      Moral of the story: nice video, but the guy hasn't necessarily done his homework.

  • by grimsweep ( 578372 ) on Tuesday March 28, 2006 @05:11PM (#15013307)
    I'm still waiting for C# on Cinderblocks.
  • We're dying to use Ruby on Rails. Developers in my group talk about it almost daily. Unfortunately the lack of solid Oracle database support is a showstopper. I'm inquiring about whether we might allocate funding to sponsor development of a stable, complete Oracle driver; my employer has a history of funding open source projects.
  • What I missed in rails most is proper support -- and that includes decent scaffold generation support -- for what is the most frequent case in nearly every non-trivial database application: many-to-many relationships. Thsi means showing an antry from tableA and in the same screen a scrollable/pageable list of entries from tableB which are connected through a join table with options for inserting or deleting tableB entries from/into the join table (and tableB, if necessary). From the release notes it seems t
    • What I missed in rails most is proper support -- and that includes decent scaffold generation support -- for what is the most frequent case in nearly every non-trivial database application: many-to-many relationships.

      Many-to-many relationships? Rails may or may not have them (been a while since I last played with it), but Django [djangoproject.com] most certainly does [djangoproject.com]. We don't have "scaffolding" (though somebody's submitted a patch to do something similar), but we do give you a ready-to-go administrative interface built

  • I've been dabbling with Rails and Ruby for a couple of months now, and I don't want to get into a big debate on whether it's more efficient, more popular, or whatever semi-quantifiable metric you want to apply to it...

    The bottom line for me right now is that I'm having fun with it. I've been really looking forward to the little extra time I've put aside each day to work with Rails; although I think that a lot of the fun I'm having is just pleasure at using Ruby.
  • by JoeRails ( 964349 ) on Tuesday March 28, 2006 @08:41PM (#15014773)
    Who's using Rails? Check out the Rails wiki site [rubyonrails.org] for hundreds of example sites

    And if you want a free cPanel/SSH account to download the new Rails version in to see what the craziness is all about - check out www.HostingRails.com [hostingrails.com]

    I think its safe to say that Ruby on Rails is the fastest growing Web 2.0-friendly framework - and for good reason. I mean c'mon - the average developer can pick up a few Rails tutorials and have a working demo app (w/ CRUD scaffold action and such) on their local box in a few minutes. Throw in some easily-incorporated Prototype [conio.net] and Scriptaculous [aculo.us] effects, and this developer is the new cool kid on the block.

    Crazy

    ~JoeRails

It is easier to change the specification to fit the program than vice versa.

Working...