Company Profile

Yesterday, 8/9/2006, Ruby on Rails 1.1.5 was released, followed quickly by 1.1.6 today, and is considered a mandatory upgrade for anyone running a Rails site on a public facing server.

The vulnerability that 1.1.6 fixes is a routing bug that allowed code to be run which is normally only run for development purposes. For the full gory details head here.

Of course, we have immediately patched all of our client sites that were effected. So have no fear Plexus customers, we're watching out for you!

Some background on why only some of our sites built in Rails needed to be "fixed". Sites created in pre 1.1 days were either expected to have rails installed in the vendor directory or just take whatever the latest gem was that is installed on the server. There are a handful of our sites that currently run by using the latest gem, so we didn't have to do anything to have them use the new 1.1.6 gems, once installed. However, all of our latest projects have a directive in their environment setup file that states which version of the gem they should use. (Incidently, this is the version that the project was created with.) These projects required us to change their environment setup file to point to the latest version.

It's great to the Rails community coming together and keeping Rails safe. The speed of the patching is also a good sign for the framework.

MacBooks seem to taking over the office rapidly. As Buck mentioned last Thursday, there was a tax-free weekend in Georgia this past weekend. Travis and I took advantage of these savings as well as education discounts, to pick up new MacBooks. Adam already had one so the numbers are climbing. Colin may get Travis' "old" mini and after that the only hold out (ie: still running Windows) will be The President.

A few months ago I started playing/solving Sudoku puzzles. One of the best sites I've found online is Iron Sudoku. It's a great site... check it out. Plus it's built in Rails too!

(Travis enjoys the sister site, Babble.)

When implementing an RSS feed on this site, we ran into an intersting problem. The feeds worked perfectly on my development machine and on our development server. However, once the site was placed on the live server, the feeds no longer worked.

After searching and trying to debug the issue for quite some time, I noticed I was running Ruby 1.8.2 locally and the server had Ruby 1.8.4. Pulling up IRB on the server, I discovered that 1.8.4 has an RSS library. The RSS namespace I was using on this site (www.plexusweb.com/rss/news) was conflicting with the one built into Ruby. I changed the namespace to be Feeds and all was well with the world again. (www.plexusweb.com/feeds/news)

So just a note of warning. Watch for namespace conflicts!

Adam and I were able to attend the first international Rails Conference this past weekend (June 23rd-26th) in Chicago. It was good to see what everyone in the community was doing and to hear the latest things coming down the pipe from the core development team. The community around Ruby on Rails is growing fast and it was interesting to meet some of the other early adopters.