Your SlideShare is downloading. ×
What's New in Rails 3 for Refresh Miami
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

What's New in Rails 3 for Refresh Miami

1,726

Published on

"What's New in Rails 3," as presented at Refresh Miami on Sept. 16, 2010. …

"What's New in Rails 3," as presented at Refresh Miami on Sept. 16, 2010.

http://db.tt/kAG1EeD for keynote and pdf

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • What a great slide! We're looking at message broker solutions right now ... you a top candidate!
    http://www.mediafire.com/download/kx9l74xfsn96454/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,726
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide











  • Merb started as a smaller, simpler Rails.
    Merb didn’t force you to use some of the libraries that Rails 1 & 2 did.
    In December 2008, the Rails and Merb teams announced they were merging and collaborating on Rails 3.


  • ActiveRecord: Arel, ActiveModel
    ActionController: CSRF protection, ActionController::Responder
    ActionView: XSS Protection, Unobtrusive JavaScript
    Railties: No more scripts/*








  • Easily add XML or JSON support to a resource.
    Add pagination support for HTML views.

  • For example, visiting http://malicious.site/ could post a message as you on Twitter.





  • Unless you go through the work to disable this, you won’t have to worry






  • On a page with 100 AJAX buttons, this could double the size of the page load.
  • The client downloads a driver once per site, instead of on every page load.

  • The most “gotcha” of the rails changes.

    When upgrading Rails, these scripts would have to be added to or replaced.
  • When new versions are released, you won’t have to update any scripts.











  • Transcript

    • 1. What’s New in Rails 3 Refresh Miami, September 16, 2010
    • 2. Who am I? Hello, I’m Bryce. I like the Ruby programming language. I make web applications with Ruby on Rails. I tweet as @bonzoesc
    • 3. Is Rails for you? Do you develop web applications? Do you design computer software? Do you want to run a business online?
    • 4. What is Rails? Ruby on Rails® is an open-source web framework that’s optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favoring convention over con guration. - http://rubyonrails.org/
    • 5. What is Rails? Rails is a way to build web applications quickly and be able to maintain them in the future.
    • 6. What is Rails? Twitter Scribd Hulu Less Accounting Basecamp Shopify Groupon Get Satisfaction Lighthouse Urban Dictionary Github Kongregate
    • 7. What is Rails? Four main parts
    • 8. What is Rails? ActiveRecord turns database into Ruby objects
    • 9. What is Rails? ActionController turns web requests into Ruby method calls
    • 10. What is Rails? ActionView turns Ruby code into web responses
    • 11. What is Rails? Railties turns the parts into Rails
    • 12. History
    • 13. So What? Rails 3 feels like Rails in the right places.
    • 14. So What? Rails 3 is as exible as Merb.
    • 15. The Speci cs
    • 16. ActiveRecord Database interactions
    • 17. ActiveRecord Classic @published = Post.find( :all, :where=>{:published=>true}, :order=>'created_at desc' ) @unpublished = Post.find( :all, :where=>:published=>false}, :order=>'created_at desc' )
    • 18. ActiveRecord Arel @ordered = Post.order('created_at asc') @published = @ordered.where(:published=>true) @unpublished = @ordered.where(:published=>false)
    • 19. ActiveRecord Arel Compositional Chainable Less code Lazy
    • 20. ActiveModel Put the ActiveRecord features you love on plain, non-database objects
    • 21. ActiveModel Validations Serialization (JSON, XML) Callbacks (before_save) Translations
    • 22. ActionController Handling requests
    • 23. Responder Exposed to the developer for the rst time
    • 24. Responder Allows precise yet reusable control of how responses are generated
    • 25. Responder class EpisodesController < ApplicationController   respond_to :html, :xml, :json   def index     @episodes = Episode.all     respond_with @episodes   end end
    • 26. CSRF Protection Cross-Site Request Forgery is an attack allowing an attacker to impersonate a user.
    • 27. CSRF Protection 1. User clicks link in a friend’s tweet to http://evilsite.us/
    • 28. CSRF Protection 2. User clicks play on a video on http://evilsite.us/
    • 29. CSRF Protection 3. User ends up tweeting link to http://evilsite.us/
    • 30. CSRF Protection Note that Twitter isn’t vulnerable to this.
    • 31. CSRF Protection Note that Twitter isn’t vulnerable to this. They use Rails’ built-in CSRF protection.
    • 32. CSRF Protection Enabled by default Transparent Use the built-in form builders
    • 33. ActionView Producing responses
    • 34. XSS Protection Cross Site Scripting is a class of attack allowing an attacker to execute code on a user’s web browser.
    • 35. XSS Protection 1. User watches video on YouTube
    • 36. XSS Protection 2. Malicious code in the comments cause the user to post malicious code in videos they’re previously watched.
    • 37. XSS Protection Rails 3 has protection for this built in and enabled by default. Think hard before using raw output in views.
    • 38. A side note Curious about CSRF and XSS attacks? Hack Miami is having presentations about these vulnerabilities on Saturday. http://hackmiami.org/
    • 39. Unobtrusive JavaScript Rails 1 & 2 injected JavaScript into pages to make AJAX features work.
    • 40. Unobtrusive JavaScript Rails 3 annotates the HTML with special properties.
    • 41. Unobtrusive JavaScript There are drivers for Prototype, jQuery, and more.
    • 42. No more scripts/* The scripts directory used to contain tools for generating and running your application.
    • 43. No more scripts/* Rails 3 does this with the rails tool.
    • 44. Big Changes ActiveRecord: Arel, ActiveModel ActionController: CSRF protection, ActionController::Responder ActionView: XSS Protection, Unobtrusive JavaScript Railties: No more scripts/*
    • 45. Getting Started
    • 46. Windows Install Ruby 1.9.2: http://rubyinstaller.org Install Rails: gem install rails
    • 47. Mac OS X Install Rails 3: gem update rails
    • 48. Starting Rails rails new refresh cd refresh bundle install rails server (you might want to open another terminal)
    • 49. Scaffold rails generate scaffold attendee name:string presenter:boolean (rails g will also work) rake db:migrate
    • 50. View http://localhost:3000/attendees/
    • 51. Now What Of cial Guide: http://bit.ly/startrails API: http://bit.ly/rails3api Book: http://bit.ly/rails3book
    • 52. A side note Curious about CSRF and XSS attacks? Hack Miami is having presentations about these vulnerabilities on Saturday. http://hackmiami.org/
    • 53. Photo Credits http://www. ickr.com/photos/lazytom/320269269/ http://www. ickr.com/photos/andrewmbutler/428388719/ http://www. ickr.com/photos/emdurso/2686817699/ http://www. ickr.com/photos/beleaveme/1871344753/ http://www. ickr.com/photos/beleaveme/4676893419/ http://www. ickr.com/photos/scottobear/186001665/ (pretty smug about Tri-Rail photos in a Rails 3 presentation)
    • 54. Questions

    ×