Footnotes
Chapter 1
3 http://yehudakatz.com/2010/04/21/named-gem-environments-and-bundler/
4 http://docs.rubygems.org/read/chapter/16
5 RVM by Wayne Seguin allows you to easily install, manage and work with multiple Ruby environments from interpreters to sets of gems and it’s a must-have tool for modern Rails developers. http://rvm.beginrescueend.com
6 Comically, the Rails inflection of virus is also wrong. See http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us#Virus
7 http://blog.headius.com/2008/08/qa-what-thread-safe-rails-means.html
8 http://en.wikipedia.org/wiki/Green_threads
9 Yehuda’s take on the subject is essential reading http://yehudakatz.com/2010/08/14/threads-in-ruby-enough-already
10 http://m.onkey.org/2008/10/23/thread-safety-for-your-rails
11 Practically every PHP application ever written has this problem.
Chapter 2
1 Full comments at http://yehudakatz.com/2009/12/26/the-rails-3-router-rack-it-up
2 Examples drawn from Yehuda Katz’s excellent blog post about generic actions in Rails 3 routes at http://yehudakatz.com/2009/12/20/generic-actions-in-rails-3/
3 The respond_to method is full of quirks. Review them in the comments section of http://apidock.com/rails/ActionController/MimeResponds/InstanceMethods/respond_to.
5 In 2008, American presidential candidate John McCain was widely mocked and later defeated, partly because of his ill-advised choice of running mate, the little-known Governor of Alaska, Sarah Palin.
6 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Chapter 3
1 For those interested in REST, the canonical text is Roy Fielding’s dissertation, which you can find at http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. In particular, you’ll probably want to focus on Chapters 5 and 6 of the dissertation, which cover REST and its relation to HTTP. You’ll also find an enormous amount of information, and links to more, on the REST wiki at http://rest.blueoxen.net/cgi-bin/wiki.pl.
2 http://weblog.jamisbuck.org/2007/2/5/nesting-resources
Chapter 4
1 Yehuda Katz has written an excellent description of how to register additional rendering options at http://www.engineyard.com/blog/2010/render-options-in-rails-3/
2 For more information on JSON go to http://www.json.org/.
3 MIME is specified in five RFC documents, so it is much more convenient to point you to a rather good description of MIME provided by Wikipedia at http://en.wikipedia.org/wiki/MIME.
4 For a full list of HTTP status codes, consult the spec at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html.
5 rails plugin install git://github.com/rails/verification.git
6 More information, particularly about web server configuration available at http://rack.rubyforge.org/doc/Rack/Sendfile.html
7 See the official spec at http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html.
8 Heiko Webers has an old, yet still useful write-up about sanitizing filenames at http://www.rorsecurity.info/2007/03/27/working-with-files-in-rails/.
9 See http://www.mnot.net/cache_docs/ for an overview of web caching.
10 Ben Curtis writes up an excellent approach to securing downloads at http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/.
Chapter 5
1 Well, slightly shorter in most cases.
2 Sanitization prevents SQL injection attacks. For more information about SQL injection and Rails see http://www.rorsecurity.info/2007/05/19/sql-injection/.
3 http://activereload.net/2007/5/23/spend-less-time-in-the-database-and-more-time-outdoors
4 Microsoft’s ADO library doesn’t support reporting back the number of affected rows, so update all does not work with the SQLServer adapter.
5 http://github.com/rails/arel/
Chapter 7
1 See http://www.acm.org/ubiquity/views/v7i24_fallacy.html
2 http://en.wikipedia.org/wiki/Insert_(SQL)#Multirow_inserts
3 http://blog.dannorth.net/introducing-bdd
4 http://blog.hasmanythrough.com/articles/2006/02/28/association-goodness
5 To learn more about how the reflection object can be useful, including an explanation on how to establish has_many :through associations via other has_many :through associations, check out the must-read article: http://www.pivotalblabs.com/articles/2007/08/26/ten-things-i-hate-about-proxy-objects-part-i
Chapter 8
1 Check out the excellent http://rubular.com if you need help composing Ruby regular expressions.
2 If you need to validate email addresses try the plugin at http://code.dunae.ca/validates_email_format_of
3 http://ryandaigle.com/articles/2009/8/11/what-s-new-in-edge-rails-independent-model-validators
4 http://github.com/thoughtbot/shoulda
Chapter 9
1 If you are browsing old Rails source code, you might come across callback macros receiving a short string of Ruby code to be evaluated in the binding of the model object. That way of adding callbacks was deprecated in Rails 1.2, because you’re always better off using a block in those situations.
2 I recommend the excellent GeoKit for Rails plugin available at http://geokit.rubyforge.org/.
3 Real-life implementation of the example would also need to modify all finders to include deleted_at is NULL conditions; otherwise, the records marked deleted would continue to show up in the application. That’s not a trivial undertaking, and luckily you don’t need to do it yourself. There’s a Rails plugin named ActsAsParanoid by Rick Olson that does exactly that, and you can find it at http://svn.techno-weenie.net/projects/plugins/acts_as_paranoid.
4 Get AttachmentFu at http://svn.techno-weenie.net/projects/plugins/attachment_fu.
5 https://rails.lighthouseapp.com/projects/8994/tickets/230 contains an interesting discussion about callback execution order.
6 http://en.wikipedia.org/wiki/Open/closed_principle has a good summary.
7 For autogenerated schema information added to the top of your model classes, try Dave Thomas’s annotate models plugin at http://svn.pragprog.com/Public/plugins/
8 http://m.onkey.org/2007/12/9/namespaced-models
9 http://techspot.zzzeek.org/?p=13
10 http://www.domaindrivendesign.org/
11 Actual objects from the NetAddr gem available at http://netaddr.rubyforge.org
12 http://github.com/FooBarWidget/money/
13 I don’t expect this to make sense to you, unless you are familiar with Ruby’s singleton classes, and the ability to evaluate arbitrary strings of Ruby code at runtime. A good place to start is http://whytheluckystiff.net/articles/seeingMetaclassesClearly.html.
14 The qualifier internal is used to differentiate a domain-specific language hosted entirely inside of a general-purpose language, such as Ruby, from one that is completely custom and requires its own parser implementation.
15 Googling BNL will give you tons of links to the Toronto-based band Barenaked Ladies, so you’re better off going directly to the source at http://bnl.jayfields.com.
Chapter 10
2 http://github.com/voxdolo/decent_exposure
3 To learn more about identical functionality now included in a HAML helper visit http://vurl.me/WQH
Chapter 11
1 See http://www.die.net/musings/page_load_time for background information.
2 For an interesting read on how yielding content and contentfor will probably change in Rails 3.1 because of the introduction of content flushing, see http://yehudakatz.com/2010/09/07/automatic-flushing-the-rails-3-1-plan
3 Josh Susser tells you how to cheat and provide default values to non-column model attributes at http://blog.hasmanythrough.com/2007/1/22/using-faux-accessors-to-initialize-values.
4 It’s ancient history by now, but to read up on the “Form field helpers don’t use object accessors at” http://dev.rubyonrails.org/ticket/2322.
5 See https://rails.lighthouseapp.com/projects/8994/tickets/4242-nested-child-only-updates-if-parent-changes for an explanation of the origin of this feature and example code.
6 https://github.com/jnicklas/carrierwave
7 You can examine the source code of the html-scanner yourself by opening up actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb
8 This section is an authorized remix of The Complete Guide to Using I18n in Rails, by Sven Fuchs and Karel Minarik, available at http://guides.rails.info/i18n.html.
9 The translations load path is just a Ruby Array of paths to your translation files that will be loaded automatically and available in your application. You can pick whatever directory and translation file naming scheme makes sense for you.
10 Every string inside Rails is internationalized in this way, see for instance Active Record validation messages in the activerecord/lib/active_record/locale/en.yml file or time and date formats in the activesupport/lib/active_support/locale/en.yml file.
11 http://groups.google.com/group/rails-i18n/browse_thread/thread/14dede2c7dbe9470/80eec34395f64f3c?hl=en
12 http://github.com/joshmh/globalize2/tree/master
13 http://github.com/svenfuchs/routing-filter/tree/master
14 http://github.com/raul/translate_routes/tree/master
15 http://rails-i18n.org/wiki/pages/how-to-encode-the-current-locale-in-the-url
16 http://www.w3.org/International/questions/qa-lang-priorities
17 http://github.com/iain/http_accept_language/tree/master
18 http://github.com/rtomayko/rack-contrib/blob/master/lib/rack/locale.rb
19 http://www.maxmind.com/app/geolitecountry
20 http://github.com/svenfuchs/rails-i18n/tree/master/rails/locale
21 http://www.unicode.org/cldr/data/charts/supplemental/language_plural_rules.html
22 http://github.com/rails/rails/blob/master/actionpack/lib/action_view/locale/en.yml#L51
23 http://github.com/rails/rails/blob/master/activesupport/lib/active_support/locale/en.yml#L15
24 http://github.com/rails/rails/blob/master/activesupport/lib/active_support/locale/en.yml#L18
25 http://github.com/rails/rails/blob/master/actionpack/lib/action_view/locale/en.yml#L83
26 http://github.com/rails/rails/blob/master/actionpack/lib/action_view/locale/en.yml#L2
27 http://github.com/rails/rails/blob/master/activerecord/lib/active_record/locale/en.yml#L43
28 Nowadays most Rails developers use Paperclip (https://github.com/thoughtbot/paperclip) or CarrierWave (https://github.com/jnicklas/carrierwave) to model file attachments. Both are solid, so pick the one that matches your own style preference.
29 If you want to know why it doesn’t work, you’ll have to buy the first book in this series: The Ruby Way ISBN: 0672328844
30 If you’re familiar with Ruby already, you might know that Proc.new is an alternate way to create anonymous blocks of code. I prefer lambda, at least in Ruby 1.9, because of subtle behavior differences. Lambda blocks check the arity of the argument list passed to them when call is invoked, and explicitly calling return in a lambda block works correctly.
Chapter 12
1 The first step to getting the Firebug plugin for Firefox is to visit http://www.getfirebug.com
2 Do be aware that Rails UJS requires JavaScript and HTML5 support in the browser.
3 Error handling code removed for clarity.
4 http://en.wikipedia.org/wiki/Ajax_(programming)
Chapter 13
1 If you are really new to web programming and want a very thorough explanation of how web-based session management works, you may want to read the information available at http://www.technicalinfo.net/papers/WebBasedSessionManagement.html.
2 My fellow cabooser Courtenay wrote a great blog post about cookie session storage at http://blog.caboo.se/articles/2007/2/21/new-controversial-default-rails-session-storage-cookies.
3 If you want to read the whole thread (all 83 messages of it), simply search Google for “Replay attacks with cookie session.” The results should include a link to the topic on the Ruby on Rails: Core Google Group.
Chapter 14
1 http://loudthinking.com/arc/2006_01.html
2 http://github.com/binarylogic/authlogic
3 http://github.com/plataformatec/devise
4 http://www.urbandictionary.com/define.php?term=weon
5 There are problems reported with this extension. Try http://github.com/jerryluk/devise_oauth2_authenticatable instead.
Chapter 15
1 Of course, that only works if you control both applications.
2 Over a period of years some weaknesses have come to light in MD5, and more recently SHA-1. But as of this writing those weaknesses have not led to exploits that are practical for breaching this kind of security.
Chapter 16
1 http://github.com/mikel/mail
2 If you’re willing to depend on Google App Engine, you should investigate the innovative Remail gem at http://github.com/maccman/remail for an easy and powerful REST-based approach to solving the problem.
3 Rob Orsini, author of O’Reilly’s Rails Cookbook recommends getmail, which you can get from http://pyropus.ca/software/getmail.
4 http://github.com/bmabey/email-spec
Chapter 17
1 In his great screencast on the subject, Geoffrey Grosenbach suggests adding another environment mode to your project named development—with—caching, with caching turned on just for experimentation (http://peepcode.com/products/page-action-and-fragment-caching).
2 http://github.com/voxdolo/decent_exposure
3 http://github.com/wycats/moneta
4 See http://http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for more information.
5 Tim Bray wrote one of my favorite blog posts on the topic at http://www.tbray.org/ongoing/When/200x/2008/08/14/Rails-ETags.
6 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19
7 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.4
Chapter 18
1 Confused about the difference between mocks and stubs? Read Martin Fowler’s explanation at http://www.martinfowler.com/articles/mocksArentStubs.html.
2 ActiveRecord scopes are notoriously prone to causing this problem.
3 Pointy-Haired Boss, as per Dilbert comic strips.
4 Well that’s not quite true. Active Record still connects to the database to get the column information for Schedule. However, you could stub that information out as well to remove your dependency on the database completely.
5 http://github.com/thibaudgg/rspactor
6 http://github.com/mynyml/watchr
7 http://github.com/timcharper/spork
8 http://github.com/sandro/specjour
9 http://eigenclass.org/hiki.rb?rcov
10 http://rubyforge.org/projects/seattlerb
Chapter 19
1 See http://www.jroller.com/obie/entry/seo_optimization_of_urls_in for an explanation of how smart use of the to_param method can help your search engine optimization efforts on public-facing websites.
2 Jay Fields has a good blog post about the motivations behind using the various types of code extension at http://blog.jayfields.com/2007/01/class-reopening-hints.html.
3 Alex Young’s http://alexyoung.org/articles/show/40/a_taxonomy_of_rails_plugins covers a variety of different kinds of Rails plugins, including a useful explanation of how to handle passed-in options for runtime-configuration.
Chapter 20
1 http://github.com/collectiveidea/delayed_job
2 http://github.com/defunkt/resque
3 Be careful to escape any characters that have specific meaning to your shell.