Ruby on Rails Thursday, July 27, 2017



On Thu, Jul 27, 2017 at 8:10 PM, DHH <da...@loudthinking.com> wrote:
That article is a joke. Of course Rails training is not as much in demand as it was when it was brand new and nobody knew how to work with it. But to think that the change in that has anything to do with the rise of J2EE/Spring?! Come on.

On Wednesday, July 26, 2017 at 10:54:58 PM UTC-5, vedant agarwala wrote:
Hello people,

I was mildly shocked to read this article:

https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1

Wanted to know what you think. 

I kind of agree with the front-end becoming more relevant argument, but projects being started on spring instead of rails. Is it really true, or more importantly, could it be better ?
Rails is already embracing JavaScript and SPAs with webpacker.

This article wrote that java is challenging for new devs. Seriously? Java is easier than Ruby?!

I am a big fan of rails, and personally hate java. But my opinion is quite biased. Rails is the only web framework I've on since I started 5 years ago. So what do you think about the article.

Cheers,
Vedant.

It's drivel. What difference does the market use of a tool make to people learning to code from a standing start. Unis still teach Logo and Fortran (among other esoteric anachronisms).

I've worked at (and set up) a fair share of code-bootcamps. Pandering to the "employers want Java" camp just causes the "employers want .Net" camp to scream louder.
The fact of the matter is, the students need to learn to code. Ruby is a good language for that (as are others), and whether or not it's a saleable skill after 10/12/14 weeks of study is irrelevant. The students on the boot camps are taking the first steps in learning to code - often from having never *ever* tried to code before - and if they get a job at the end of the course that they need to be familar with Java (or any other language) for, at the level they're at, it's a trivial task for them to come up to the same level they are at in whatever language they studied on their boot camp.


 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/08fafaa9-0868-4276-be8c-de93d1d6b604%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails


At enterprise, I observed that they want to save money for maintenance process. 

What I mean to say suppose, we want to upgrade to Rails version from 3 to 4 or 4 to 5, then they want code changes or development activity to be done faster. 

Like in the case of Java they see the benefit of Java backward compatibility feature. 

I think if Rails community is able to solve backward compatibility(while doing upgrade process) with no code changes required by the developers(who will be pulled out of other projects in the enterprise to work on immediate basis) then it will move far ahead in convincing enterprise to use it more and more.

It's the same way Rails community solved the problem of installing gems and their dependencies via Bundler.

I might be wrong with my observation. Will be more than happy to further get enlightened.

Thanks & Regards,
Ankur Gera


On Thu, Jul 27, 2017 at 2:01 PM, Karthikeyan A K <77minds@gmail.com> wrote:

On Thu, Jul 27, 2017 at 11:25 PM, vedant agarwala <vedant@voggle.co> wrote:
Yeah that's an interesting insight- no need for rails training as much now.

And I have moved this discussion to the right group.

Has anyone else read the article: https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1 ? Were you shocked as well.

Regards,
Vedant.

On Thu, Jul 27, 2017 at 8:10 PM, DHH <david@loudthinking.com> wrote:
That article is a joke. Of course Rails training is not as much in demand as it was when it was brand new and nobody knew how to work with it. But to think that the change in that has anything to do with the rise of J2EE/Spring?! Come on.

Anyway, this list is for discussing the implementation of the Rails framework. You can use rubyonrails-talk for general discussions. 


On Wednesday, July 26, 2017 at 10:54:58 PM UTC-5, vedant agarwala wrote:
Hello people,

I was mildly shocked to read this article:

https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1

Wanted to know what you think. 

I kind of agree with the front-end becoming more relevant argument, but projects being started on spring instead of rails. Is it really true, or more importantly, could it be better ?
Rails is already embracing JavaScript and SPAs with webpacker.

This article wrote that java is challenging for new devs. Seriously? Java is easier than Ruby?!

I am a big fan of rails, and personally hate java. But my opinion is quite biased. Rails is the only web framework I've on since I started 5 years ago. So what do you think about the article.

Cheers,
Vedant.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAMSb8QTde101xWNgm9Z6YhWbhFXNLQKbi5No2G%3DGqGymSyjLog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.



--
Karthikeyan A K

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAJR%2B9kYTCt%2B4dKPhwmf4uVC1eMfS5vtGihrYNYWWeKZdko4Qng%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAM4Zu6tcykNP0TjF7muAxMCwQtfXcxnBABn_KrE_qaOE6861ZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails


On Thu, Jul 27, 2017 at 11:25 PM, vedant agarwala <vedant@voggle.co> wrote:
Yeah that's an interesting insight- no need for rails training as much now.

And I have moved this discussion to the right group.

Has anyone else read the article: https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1 ? Were you shocked as well.

Regards,
Vedant.

On Thu, Jul 27, 2017 at 8:10 PM, DHH <david@loudthinking.com> wrote:
That article is a joke. Of course Rails training is not as much in demand as it was when it was brand new and nobody knew how to work with it. But to think that the change in that has anything to do with the rise of J2EE/Spring?! Come on.

Anyway, this list is for discussing the implementation of the Rails framework. You can use rubyonrails-talk for general discussions. 


On Wednesday, July 26, 2017 at 10:54:58 PM UTC-5, vedant agarwala wrote:
Hello people,

I was mildly shocked to read this article:

https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1

Wanted to know what you think. 

I kind of agree with the front-end becoming more relevant argument, but projects being started on spring instead of rails. Is it really true, or more importantly, could it be better ?
Rails is already embracing JavaScript and SPAs with webpacker.

This article wrote that java is challenging for new devs. Seriously? Java is easier than Ruby?!

I am a big fan of rails, and personally hate java. But my opinion is quite biased. Rails is the only web framework I've on since I started 5 years ago. So what do you think about the article.

Cheers,
Vedant.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAMSb8QTde101xWNgm9Z6YhWbhFXNLQKbi5No2G%3DGqGymSyjLog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.



--
Karthikeyan A K

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAJR%2B9kYTCt%2B4dKPhwmf4uVC1eMfS5vtGihrYNYWWeKZdko4Qng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

Yeah that's an interesting insight- no need for rails training as much now.

And I have moved this discussion to the right group.

Has anyone else read the article: https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1 ? Were you shocked as well.

Regards,
Vedant.

On Thu, Jul 27, 2017 at 8:10 PM, DHH <david@loudthinking.com> wrote:
That article is a joke. Of course Rails training is not as much in demand as it was when it was brand new and nobody knew how to work with it. But to think that the change in that has anything to do with the rise of J2EE/Spring?! Come on.

Anyway, this list is for discussing the implementation of the Rails framework. You can use rubyonrails-talk for general discussions. 


On Wednesday, July 26, 2017 at 10:54:58 PM UTC-5, vedant agarwala wrote:
Hello people,

I was mildly shocked to read this article:

https://thenextweb.com/dd/2017/07/26/ruby-rails-major-coding-bootcamp-ditches-due-waning-interest/?amp=1

Wanted to know what you think. 

I kind of agree with the front-end becoming more relevant argument, but projects being started on spring instead of rails. Is it really true, or more importantly, could it be better ?
Rails is already embracing JavaScript and SPAs with webpacker.

This article wrote that java is challenging for new devs. Seriously? Java is easier than Ruby?!

I am a big fan of rails, and personally hate java. But my opinion is quite biased. Rails is the only web framework I've on since I started 5 years ago. So what do you think about the article.

Cheers,
Vedant.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAMSb8QTde101xWNgm9Z6YhWbhFXNLQKbi5No2G%3DGqGymSyjLog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

On 27 July 2017 at 08:23, Indrajeet Mishra
<indrajeetmishra7590@gmail.com> wrote:
> I have a created rails application google oauth login using google ominoauth
> gem, it seems working fine on web.
> Wrap this application in android app using webview but in android app Google
> login not working. it raise error :=> 403 disallowed user_agent.

How can you wrap a rails app in android? Rails does not run under
android does it?

Colin

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLtWwDTRft-do4hgri7w-vF7UrWLrV756Z3iNKCxRMKybA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

On Wed, Jul 26, 2017 at 11:15 PM, <k.stulgys@gmail.com> wrote:

> then seed.rb:
>
> 5.times do
> comment.create([{
> name: Faker::jadajada
> body: Faker::jadajada
> }])
>
> but how do I include blog title as well?

What exactly are you trying to accomplish? "include" where?

--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yDY4P748-dFuhgXZvA6AN2gU%3DgCiXMmDLfX%3DUM7KtO7gw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

I have a created rails application google oauth login using google ominoauth gem, it seems working fine on web.
Wrap this application in android app using webview but in android app Google login not working. it raise error :=> 403 disallowed user_agent.

please go through the link to get more details.

https://stackoverflow.com/questions/43152411/google-oauth2-in-embedded-browser-web-view

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/17118391-bf81-407c-a002-41aa4c2408fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails Wednesday, July 26, 2017

This is close to what I want, I think.

Where does the "@mailer_name = caller_locations(1,1)[0].label " go?  In a controller?  In a view?

What I really want is to not have to modify the source modules that are invoking the rendering but, instead, have the _header.html.erb source module dynamically say "I got invoked by root.html.erb".

Things get a bit more dicey, I think, if the sequence is
  root.html.erb
  appllication.html.erb     (authomagically invoked)
  root.html.erb

Thoughts?
 



On Thursday, July 27, 2017 at 12:23:37 AM UTC-6, Phil wrote:

> On Jul 26, 2017, at 8:58 PM, Ralph Shnelvar <ral...@dos32.com> wrote:
>
> Is the a convenient programatic way for a partial to know what view (controller?) is causing it to be rendered?
>
> For debugging purposes I want the partial to render the name of the view causing the partial to be rendered..
>
> Ralph


I've done stuff stuff like this to pass in, to say, a mailer view to know how it is being called.  Some variation of that might work for you:

@mailer_name = caller_locations(1,1)[0].label

Hope that helps.


Phil

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/f5292800-17ef-499f-8be8-e6b34cb2fab8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

> On Jul 26, 2017, at 8:58 PM, Ralph Shnelvar <ralphs@dos32.com> wrote:
>
> Is the a convenient programatic way for a partial to know what view (controller?) is causing it to be rendered?
>
> For debugging purposes I want the partial to render the name of the view causing the partial to be rendered..
>
> Ralph


I've done stuff stuff like this to pass in, to say, a mailer view to know how it is being called. Some variation of that might work for you:

@mailer_name = caller_locations(1,1)[0].label

Hope that helps.


Phil

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/E97512B7-C3C2-466F-BD88-ED860C63B3E1%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

Hi, how do I push fake data with faker when I have:

blog
title:string 

and

comment
name:string
body:text_field

comments belongs_to :blog

then seed.rb:

5.times do
  comment.create([{
    name: Faker::jadajada
    body: Faker::jadajada
}])

but how do I include blog title as well? There should be some kind of nesting?







--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/fbfd0b3d-fabb-433d-a505-1dd8bf76868a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

On Wednesday, July 26, 2017 at 3:24:19 PM UTC+1, Jason FB wrote:

>
> The exception we see is simply ActionController::InvalidAuthenticityToken on normal logins to our website. Upon careful examination of the authenticity_token sent by the form and the session's _csrf_token (we are using active_record_store as our session_store setting), they just don't match. Upon direct examination, I can conclude only that they are completely different tokens, but I don't know why. 


First off, it's normal for those values not to match on rails >= 4.2 ( because of csrf token masking), but that doesn't apply here

One case I've seen is race conditions creating the session: if the browser requests 2 pages at roughly the same time, before the session has been set, then both of those responses will contain a different session cookie, and one of those pages will be using the wrong one. When using the cookie session store this race condition can also happen at the point that the csrf token is first set (I believe this won't happen until you first render a page with a form)

Can you confirm from your logs whether that is a plausible explanation?

Fred

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/aa959aef-d190-4a70-9ff8-72c577e3c3e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

I think rack-mini-profiler should fit the bill. It shows the queries you executed and layouts you rendered.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAA6WWt-zJGO3vzqTrW%2Bgm5wSEKp2yka3daXku3FQBf06wc4guQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

Is the a convenient programatic way for a partial to know what view (controller?) is causing it to be rendered?

For debugging purposes I want the partial to render the name of the view causing the partial to be rendered..

Ralph

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/e1777685-61f0-4b40-acd9-48141bb2eb35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

On Wed, Jul 26, 2017 at 11:38 AM, Walter Lee Davis <waltd@wdstudio.com> wrote:
> Not since several versions ago. They heard your displeasure and did something about it.

Well in that case -- nnnnevermind 😀

Still, I prefer the flexibility of having a proxy in front of Unicorn or
Puma since I can strip out nonsense requests like "/phpmyadmin"
before they pollute my Rails logs (among other things).

Setting that up is a whole new learning though, and may not be all
that helpful for anyone who's already happy with Passenger.

--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yCkXQhE9uG3o9oMOEtoFG3dd%3DV14LaC%3DTn%2BE%2BBrjJQxnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

> On Jul 26, 2017, at 1:35 PM, Ralph Shnelvar <ralphs@dos32.com> wrote:
>
> Hassan:
>
> 1) Does Passenger dump that sensitive data in development?
>
> 2 How hard is it to remove Passenger? What are the downsides to removing it?

You have to replace it with *something* -- Unicorn, Puma, basically another app server. Rails won't do much besides talk to Rack, to reach the outside world, you need something that implements call() and writes out headers and body to stdout.

Walter

>
> Ralph
>
>
> On Wednesday, July 26, 2017 at 11:29:28 AM UTC-6, Hassan Schroeder wrote:
> On Wed, Jul 26, 2017 at 7:57 AM, Ralph Shnelvar <ral...@dos32.com> wrote:
> > I think Passenger is running
>
> Yep, looks like.
>
> > I've read overviews about Passenger ... but I still don't get what it does.
> > Does it sit between Apache (httpd) and Rails? What does it do that Apache
> > (httpd) doesn't do?
>
> Apache httpd handles different kinds of requests and responses
> through modules -- static file serving, directory listing, proxy via
> http, ajp, etc. Passenger provides a rack interface which is what
> Rails uses to talk to the outside world (and which is provided by
> webrick, puma, unicorn, thin, etc.).
>
> I'm not a Passenger fan after discovering that any startup error in
> production dumps a page full of sensitive data out for anyone to
> see, which seems utterly braindead...
>
> --
> Hassan Schroeder ------------------------ hassan.s...@gmail.com
> twitter: @hassan
> Consulting Availability : Silicon Valley or remote
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/0109da1d-823a-4928-9e2c-4fac111d1bbb%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/5BAF4D2A-D0D0-4F67-BEDA-6989CB0F1EBE%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

Not since several versions ago. They heard your displeasure and did something about it.

Walter

> On Jul 26, 2017, at 1:28 PM, Hassan Schroeder <hassan.schroeder@gmail.com> wrote:
>
> I'm not a Passenger fan after discovering that any startup error in
> production dumps a page full of sensitive data out for anyone to
> see, which seems utterly braindead...

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/20B29F30-9976-4626-95BE-FA01290D347E%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

Hassan:

1) Does Passenger dump that sensitive data in development?

2 How hard is it to remove Passenger?  What are the downsides to removing it?

Ralph


On Wednesday, July 26, 2017 at 11:29:28 AM UTC-6, Hassan Schroeder wrote:
On Wed, Jul 26, 2017 at 7:57 AM, Ralph Shnelvar <ral...@dos32.com> wrote:
> I think Passenger is running

Yep, looks like.

> I've read overviews about Passenger ... but I still don't get what it does.
> Does it sit between Apache (httpd)  and Rails?  What does it do that Apache
> (httpd) doesn't do?

Apache httpd handles different kinds of requests and responses
through modules -- static file serving, directory listing, proxy via
http, ajp, etc. Passenger provides a rack interface which is what
Rails uses to talk to the outside world (and which is provided by
webrick, puma, unicorn, thin, etc.).

I'm not a Passenger fan after discovering that any startup error in
production dumps a page full of sensitive data out for anyone to
see, which seems utterly braindead...

--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/0109da1d-823a-4928-9e2c-4fac111d1bbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

On Wed, Jul 26, 2017 at 7:57 AM, Ralph Shnelvar <ralphs@dos32.com> wrote:
> I think Passenger is running

Yep, looks like.

> I've read overviews about Passenger ... but I still don't get what it does.
> Does it sit between Apache (httpd) and Rails? What does it do that Apache
> (httpd) doesn't do?

Apache httpd handles different kinds of requests and responses
through modules -- static file serving, directory listing, proxy via
http, ajp, etc. Passenger provides a rack interface which is what
Rails uses to talk to the outside world (and which is provided by
webrick, puma, unicorn, thin, etc.).

I'm not a Passenger fan after discovering that any startup error in
production dumps a page full of sensitive data out for anyone to
see, which seems utterly braindead...

--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yDcQ_xgTmX3BNgbzRR%2B0WbE9iheSfVUePqpd8Kmnc0%2BNQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

> On Jul 26, 2017, at 10:24 AM, Jason FB <tech@datatravels.com> wrote:
>
> https://stackoverflow.com/questions/45329731/csrf-tokens-to-not-match-what-is-in-session-rails-4-1
>
>
> We are seeing an unfortunate and likely browser-based CSRF token authenticity problem in our Rails 4.1 app. We are posting it here to ask the community if others are seeing it too.
>
> Please be aware that most error reporting tools — like Honeybadger — automatically suppress ActionController::InvalidAuthenticityToken, so you don't normally see the problem in your error reporting tool unless you go out of your way to see it.
>
> Here's the problem, and this is NOT a development issue — it is a production issue that has yet to be diagnosed.
>
> The exception we see is simply ActionController::InvalidAuthenticityToken on normal logins to our website. Upon careful examination of the authenticity_token sent by the form and the session's _csrf_token (we are using active_record_store as our session_store setting), they just don't match. Upon direct examination, I can conclude only that they are completely different tokens, but I don't know why.
>
> This is not a simple newbie developer question, please DO NOT answer with basic answers about how the CSRF token needs to be passed from the client to the server, or how to skip forgery protection on my controllers. I am not interested hearing from anyone with either of those two answers: You don't know what you're talking about and you don't understand the depth and complexity of the issue. I am only interested in hearing from people with high-traffic websites who have can confirm this is happening on a non-insignificant number of visitors (and strangely seems to affect certain browsers more often than other browsers.)
>
> We see this problem broadly, maybe about 1-2% of our high traffic website. I see it only in Production, I am unable to reproduce it in development whatsoever.
>
> I see it on IE 11 and Edge browsers most (you will note Rails 4.1 was released before IE 11 and Edge), but also on Chrome on Android and occasionally mobile Safari too.
>

I had a similar issue with tokens, and we narrowed it down to people opening a login page and leaving that page open long enough for the token to become stale. There may be a setting to allow this to be longer, but in our case, we had to work around the issue in the controller. (Worked for us because we had another layer of security surrounding the page itself, don't recommend our solution for anyone else.)

Walter

>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/249c094c-8049-4061-8ba3-b8c38ef1ae1d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/C1679021-C282-453E-90C9-7B5A3207FD27%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.

Ruby on Rails

I think Passenger is running

The following is what I see before I invoked Firefox
ralph-data@ralph-data:~$ date
Wed Jul 26 08:27:49 MDT 2017
ralph
-data@ralph-data:~$ passenger -v
Phusion Passenger 5.1.1
ralph
-data@ralph-data:~$ sudo passenger-status
[sudo] password for ralph-data:
Version : 5.1.1
Date    : 2017-07-26 08:28:50 -0600
Instance: 6eCdJWUs (Apache/2.4.18 (Ubuntu) Phusion_Passenger/5.1.1)

----------- General information -----------
Max pool size : 6
App groups    : 0
Processes     : 0
Requests in top-level queue : 0

----------- Application groups -----------


And once I start Firefox I see
ralph-data@ralph-data:~$ sudo passenger-status
Version : 5.1.1
Date    : 2017-07-26 08:31:25 -0600
Instance: 6eCdJWUs (Apache/2.4.18 (Ubuntu) Phusion_Passenger/5.1.1)

----------- General information -----------
Max pool size : 6
App groups    : 1
Processes     : 4
Requests in top-level queue : 0

----------- Application groups -----------
/home/ralph-data (development):
 
App root: /home/ralph-data
 
Requests in queue: 0
 
* PID: 2602    Sessions: 0       Processed: 22      Uptime: 11s
    CPU
: 7%      Memory  : 79M     Last used: 8s ago
 
* PID: 2614    Sessions: 0       Processed: 1       Uptime: 8s
    CPU
: 4%      Memory  : 60M     Last used: 8s ago
 
* PID: 2623    Sessions: 0       Processed: 1       Uptime: 8s
    CPU
: 4%      Memory  : 52M     Last used: 8s ago
 
* PID: 2632    Sessions: 0       Processed: 0       Uptime: 8s
    CPU
: 0%      Memory  : 2M      Last used: 8s ago

ralph
-data@ralph-data:~$

And this is what I have in /etc/apache2/sites-enabled/ralph-data.com.conf
# Shnelvar
# See https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
# Turning on
#   LoadModule ssl_module modules/mod_ssl.so
#  appears to break Apache
# This was fixed by running a2enmod ssl.
# The running of a2enmod ssl appears to make the line below unnecessary
# LoadModule ssl_module modules/mod_ssl.so

# Listen 443
<VirtualHost *:443>
 
# See https://www.maketecheasier.com/apache-server-ssl-support/
 
# DocumentRoot /var/www/html
 
DocumentRoot /home/ralph-data/public

 
# Shnelvar:
 
#   See https://www.phusionpassenger.com/library/deploy/apache/deploy/ruby/
 
PassengerRuby /home/ralph-data/.rbenv/versions/2.4.1/bin/ruby

 
ServerName ralph-data.com:443
 
ServerAlias www.ralph-data.com:443
 
SSLEngine on

 
# Shnelvar: SSL Certiticate
 
SSLCertificateFile /etc/ssl/private/ralph-data_com.crt

 
# Shnelvar: Pivate key
 
SSLCertificateKeyFile /etc/ssl/private/myserver.key

 
# Shnelvar:
 
#   See https://www.phusionpassenger.com/library/deploy/apache/deploy/ruby/
 
# Relax Apache security settings
 
<Directory /home/ralph-data/public>
   
RailsEnv development
   
Allow from all
   
Options -MultiViews
   
# Uncomment this if you're on Apache > 2.4:
   
Require all granted
 
</Directory>
  ServerAlias ralph-data.com
ServerAlias www.ralph-data.com
</
VirtualHost>

This is what I get when I want to see the Apache httpd version
ralph-data@ralph-data:~$ sudo apachectl -V
[sudo] password for ralph-data:
Server version: Apache/2.4.18 (Ubuntu)
Server built:   2017-06-26T11:58:04
Server's Module Magic Number: 20120211:52
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"
ralph-data@ralph-data:~$


Thanks for asking.  It's a good review of what I've done. :-)

I've read overviews about Passenger ... but I still don't get what it does.  Does it sit between Apache (httpd)  and Rails?  What does it do that Apache (httpd) doesn't do?

Ralph




On Wednesday, July 26, 2017 at 7:16:39 AM UTC-6, Hassan Schroeder wrote:
On Wed, Jul 26, 2017 at 2:53 AM, Ralph Shnelvar <ral...@dos32.com> wrote:

>> First, "Apache" is the name of an organization; "Apache httpd" is a
>> web server (which many people erroneously refer to as "Apache").
>>
> Lordy, you're even more of a pedant than I am.  :-)

It's a losing battle, but the ASF (Apache Software Foundation)
hosts/sponsors hundreds of OSS projects (e.g. Apache Tomcat,
Apache Commons) and it can get confusing when people use
"Apache" without any qualifier. But moving on...

>  I installed the system myself.

Do you remember configuring httpd for something called
"Passenger"? If not, what kind of configuration was done to
access your Rails app?

> So I use the environment variable RALPH_SUPPRESS_HTTPS as a proxy for
> whether I'm using webrick or Apache httpd

You can get the command used to start the server (last shell
command) from the environment with "printenv _" e.g.

  puts "started with #{`printenv _`}"

Try putting the above line at the bottom of config/environment.rb
and starting your app both ways to confirm.

--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/cf862433-0c25-4755-addc-c9ba9736340a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.