What's New in Rails 3 for Refresh Miami
Upcoming SlideShare
Loading in...5
×
 

What's New in Rails 3 for Refresh Miami

on

  • 2,108 views

"What's New in Rails 3," as presented at Refresh Miami on Sept. 16, 2010.

"What's New in Rails 3," as presented at Refresh Miami on Sept. 16, 2010.

http://db.tt/kAG1EeD for keynote and pdf

Statistics

Views

Total Views
2,108
Views on SlideShare
2,108
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • What a great slide! We're looking at message broker solutions right now ... you a top candidate!
    http://www.mediafire.com/download/kx9l74xfsn96454/
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • Merb started as a smaller, simpler Rails. <br /> Merb didn&#x2019;t force you to use some of the libraries that Rails 1 & 2 did. <br /> In December 2008, the Rails and Merb teams announced they were merging and collaborating on Rails 3. <br />
  • <br />
  • <br />
  • ActiveRecord: Arel, ActiveModel <br /> ActionController: CSRF protection, ActionController::Responder <br /> ActionView: XSS Protection, Unobtrusive JavaScript <br /> Railties: No more scripts/* <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • Easily add XML or JSON support to a resource. <br /> Add pagination support for HTML views. <br />
  • <br />
  • For example, visiting http://malicious.site/ could post a message as you on Twitter. <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • Unless you go through the work to disable this, you won&#x2019;t have to worry <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • On a page with 100 AJAX buttons, this could double the size of the page load. <br />
  • The client downloads a driver once per site, instead of on every page load. <br />
  • <br />
  • The most &#x201C;gotcha&#x201D; of the rails changes. <br /> <br /> When upgrading Rails, these scripts would have to be added to or replaced. <br />
  • When new versions are released, you won&#x2019;t have to update any scripts. <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />

What's New in Rails 3 for Refresh Miami What's New in Rails 3 for Refresh Miami Presentation Transcript

  • What’s New in Rails 3 Refresh Miami, September 16, 2010
  • Who am I? Hello, I’m Bryce. I like the Ruby programming language. I make web applications with Ruby on Rails. I tweet as @bonzoesc
  • Is Rails for you? Do you develop web applications? Do you design computer software? Do you want to run a business online? View slide
  • What is Rails? Ruby on Rails® is an open-source web framework that’s optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favoring convention over con guration. - http://rubyonrails.org/ View slide
  • What is Rails? Rails is a way to build web applications quickly and be able to maintain them in the future.
  • What is Rails? Twitter Scribd Hulu Less Accounting Basecamp Shopify Groupon Get Satisfaction Lighthouse Urban Dictionary Github Kongregate
  • What is Rails? Four main parts
  • What is Rails? ActiveRecord turns database into Ruby objects
  • What is Rails? ActionController turns web requests into Ruby method calls
  • What is Rails? ActionView turns Ruby code into web responses
  • What is Rails? Railties turns the parts into Rails
  • History
  • So What? Rails 3 feels like Rails in the right places.
  • So What? Rails 3 is as exible as Merb.
  • The Speci cs
  • ActiveRecord Database interactions
  • ActiveRecord Classic @published = Post.find( :all, :where=>{:published=>true}, :order=>'created_at desc' ) @unpublished = Post.find( :all, :where=>:published=>false}, :order=>'created_at desc' )
  • ActiveRecord Arel @ordered = Post.order('created_at asc') @published = @ordered.where(:published=>true) @unpublished = @ordered.where(:published=>false)
  • ActiveRecord Arel Compositional Chainable Less code Lazy
  • ActiveModel Put the ActiveRecord features you love on plain, non-database objects
  • ActiveModel Validations Serialization (JSON, XML) Callbacks (before_save) Translations
  • ActionController Handling requests
  • Responder Exposed to the developer for the rst time
  • Responder Allows precise yet reusable control of how responses are generated
  • Responder class EpisodesController < ApplicationController   respond_to :html, :xml, :json   def index     @episodes = Episode.all     respond_with @episodes   end end
  • CSRF Protection Cross-Site Request Forgery is an attack allowing an attacker to impersonate a user.
  • CSRF Protection 1. User clicks link in a friend’s tweet to http://evilsite.us/
  • CSRF Protection 2. User clicks play on a video on http://evilsite.us/
  • CSRF Protection 3. User ends up tweeting link to http://evilsite.us/
  • CSRF Protection Note that Twitter isn’t vulnerable to this.
  • CSRF Protection Note that Twitter isn’t vulnerable to this. They use Rails’ built-in CSRF protection.
  • CSRF Protection Enabled by default Transparent Use the built-in form builders
  • ActionView Producing responses
  • XSS Protection Cross Site Scripting is a class of attack allowing an attacker to execute code on a user’s web browser.
  • XSS Protection 1. User watches video on YouTube
  • XSS Protection 2. Malicious code in the comments cause the user to post malicious code in videos they’re previously watched.
  • XSS Protection Rails 3 has protection for this built in and enabled by default. Think hard before using raw output in views.
  • A side note Curious about CSRF and XSS attacks? Hack Miami is having presentations about these vulnerabilities on Saturday. http://hackmiami.org/
  • Unobtrusive JavaScript Rails 1 & 2 injected JavaScript into pages to make AJAX features work.
  • Unobtrusive JavaScript Rails 3 annotates the HTML with special properties.
  • Unobtrusive JavaScript There are drivers for Prototype, jQuery, and more.
  • No more scripts/* The scripts directory used to contain tools for generating and running your application.
  • No more scripts/* Rails 3 does this with the rails tool.
  • Big Changes ActiveRecord: Arel, ActiveModel ActionController: CSRF protection, ActionController::Responder ActionView: XSS Protection, Unobtrusive JavaScript Railties: No more scripts/*
  • Getting Started
  • Windows Install Ruby 1.9.2: http://rubyinstaller.org Install Rails: gem install rails
  • Mac OS X Install Rails 3: gem update rails
  • Starting Rails rails new refresh cd refresh bundle install rails server (you might want to open another terminal)
  • Scaffold rails generate scaffold attendee name:string presenter:boolean (rails g will also work) rake db:migrate
  • View http://localhost:3000/attendees/
  • Now What Of cial Guide: http://bit.ly/startrails API: http://bit.ly/rails3api Book: http://bit.ly/rails3book
  • A side note Curious about CSRF and XSS attacks? Hack Miami is having presentations about these vulnerabilities on Saturday. http://hackmiami.org/
  • Photo Credits http://www. ickr.com/photos/lazytom/320269269/ http://www. ickr.com/photos/andrewmbutler/428388719/ http://www. ickr.com/photos/emdurso/2686817699/ http://www. ickr.com/photos/beleaveme/1871344753/ http://www. ickr.com/photos/beleaveme/4676893419/ http://www. ickr.com/photos/scottobear/186001665/ (pretty smug about Tri-Rail photos in a Rails 3 presentation)
  • Questions