Chris Oliver

That's probably a bug in the UserAgent bot check I would imagine.

https://github.com/rails/rails/blob/v7.2.0/actionpack/lib/action_controller/metal/allow_browser.rb#L88

If you're building a no build Rails application that makes use of modern browser features (like ONCE Campfire!), you'll definitely want to use this.

Amazing, thanks for sharing!

That would be great to know. Had the same question about OrbStack. 🧐

You can install vim / neovim / etc inside the container. Here's a blog post about it: https://cadu.dev/running-neovim-on-devcontainers/

That's exactly what it's for. 👍

Depends on what you need. I assume you want users to be able to upload videos through your application? What other features do you need?

If you don't mind the videos being publicly available, YouTube can work and it's probably your only free option.
We use Bunny.net for video hosting and it's very cheap compared to alternatives like Wistia, Mux, and AWS.

You could also use Rails' built-in ActiveStorage, but with video it helps to use a service that transcodes videos into playlists that can stream at different bitrates.

Bunny has some JavaScript you can use to upload videos from your application that you can read up on. You'll need to generate the signature server-side to keep your API key secret when generating the presigned uploads. This is basically the same way direct uploads work with ActiveStorage to send files directly from the browser to the hosting service instead of uploading to Rails, then uploading again to the hosting service.

Pretty excited about this because it makes Rails development so much easier to start for beginners or for teams using various operating systems.

I also forgot to mention, there is a devcontainer CLI that you can use outside of VS Code, so you could use Vim or other editors inside the devcontainer. https://github.com/devcontainers/cli

What do you think? Will you use Dev Containers?

Rack Attack is still useful for safelists and blocklists, but the rate limiting / throttling feature is pretty much the same as what's built into Rails now.

The Rails rate limit feature is a bit more friendly since you get all the Rails features, while Rack Attack requires you to write your own Rack responses without any Rails helpers.

Both use the Rails cache store by default, so you won't need to reach for Rack Attack unless you want to setup safelists, blocklists, or another feature.

Glad you enjoyed it Tony!

Shoutout to the folks at Honeybadger for being awesome. 🫡

What have you tried?

Using Rails main, betas, or release candidates are great ways to find bugs and contribute to Rails itself. 🎉

I thought it would be fun to start a thread where we can post the things we've learned recently.

Today I learned that __dir__ returns a full path while File.dirname(__FILE__) returns a relative path thanks to Xavier's recent commit in Rails: https://github.com/rails/rails/commit/de4d8744744acab2dd9db0683ccf784ea45810b2

Have you used GitHub Action Inputs for any other cool things?

As more and more vulnerabilities like "xz" with Linux happen, reproducible builds and releasing processes like Trusted Publishing that the Rubygems team has built will be critical. I mean, how many of us actually check the code that is downloaded by bundler to ensure it's secure? Probably very few of us!

Follow the GoRails Learning Path.

Cloudflare as a proxy could help block the malicious user. They can block requests from known bots and present barriers to stop them.

They also run hCaptcha that you can implement in the sign up process to protect from bots. We have a lesson on that here: https://gorails.com/episodes/how-to-usehcaptcha-with-ruby-on-rails

I also like using invisible_captcha which is similar and doesn't require a third-party service (although it's not quite as good).

I don't see this feature used often in Rails apps, but it's super powerful for things like this. An easy way of creating Ruby objects like this allows you to really organize functionality instead of stuffing it all in models.

Keep watching. Nokogiri is just an HTML parser, but you need to write code to interact with it, which is why we create the Scraper class.