Hey Steve, great of you to ask! Here are some suggestions:
* Streamline the command line. Why rake to migrate, but rails to generate a migration? I know, I know. But new folks to Rails do not know. And it would be better if there was just one tool that does it all.
* Get rid of the global magic functions. users_path is nice and sweet, but where is it defined? Object? Kernel? Why can't I just call a method on my app. Sort of like how engines work: main_app.users_path is IMO better than users_path.
* I guess instance variables in views are a given forever, but I still don't like them. Why can't these be simple methods on objects as well? Simplify, simplify, simplify. Also, deprecate helpers. (Hey, I can dream!)
* I would help if my app was defined as a (singleton) class that I can see and use somewhere. It would be better if this were always a Gem, without me doing anything special. Then I could make all kinds of gem dependencies explicit.
* Fix mailers to allow them to work with async delivery out of the box. (Bringing back queues? Yes please!)
* Make mailers work with Markdown and friends to produce multipart emails out of the box. Write a pretty(ish) plaintext mail, and get HTML formatted for free. (There are gems for this, it would be nice if it were standard)
* Get rid of all hardcoded tokens in source code. Especially the session secret. Require dotenv gem and move all config into ENV. Including the database configuration!
* Fix the log file format. One line per event would be nice. Proper timestamps would be nice. Use standard Ruby loggers with a good format that the rest of the industry understands.
I consult for a number of startups, both at seed stage and with significant revenue. Mostly I do web applications, as opposed to "sites."
I'm seeing more organizations learning towards frameworks like Ember.js and Angular.js. I'm also hearing lots of things like, "When I update the data in this browser, I want the changes to automatically propagate to other browsers."
Among other things, this means I need robust plugins like ember-rails that integrate into the asset pipeline and provide appropriate generators. I also need libraries similar to Socket.io that can notify the browsers when the model changes.
I don't necessarily want these features to be in the Rails 4.1 core. But I suspect that I'll be building more and more apps like this over the next two years, and I'd love to see Rails be a strong competitor on the back end.
It's a super neat gem. Improving error pages is always a good idea, I'm actually really happy with the relatively minor changes we added in 4.0, so I could totally see this or something like it, thanks.
I always wished Exceptions captured variable values so I could log them and not have to reproduce a bug in order to see what happened. To that end, I made https://github.com/ericbeland/exception_details. Perhaps Rails exception logging could include logging variable values at exception-time?
* Improved migration format:
make it possible to create new initial migrations as a project evolves by rebasing. Meaning there's no need to keep or execute the whole migration history every time. On my current project running migrations from starch takes 30mins :(
* Improvement in performance in regarding to JSON generation or other thing is always welcome. following benchmarks can be taken as reference where rails stands currently. Any improvement in the above stats would be awesome http://www.techempower.com/benchmarks/#section=data-r6
+1 for this. My team "rolls up" migrations akin to spring cleaning, because the migration files often have more important information that the db schema, and are easier for team members to learn quickly. I'll contribute $50 if this feature is accepted for Rails 4.1.
In my tests, serialization to a hash before oj writes it out to json is the slowest part. Doing 1000 records (~30 entries each, some with nested entries) to json via OJ and as_json results in less than 20% spent in OJ and the other 80% in generating the hash.
I faced recently scaling/refactoring problems due to way too large models and some kind of callback-hell baked in. instead of just "drag-n-drop" model code to concerns/mixins/..., have a look at https://github.com/cypriss/mutations to extract business logic in a clear way. This was just a life-saver for my team, this should be preferred over "stuff any logic in your models", at least from my point of view.
AMS is currently undergoing a major internal refactoring, possible even a near re-write, but getting it in line with what's up at JSON-API is real important. Also, ember-data is undergoing a major push this month, so while this is in flux, it should improve soon.
As for getting it into core Rails, well, considering it was originally pulled out, I wouldn't hold your breath, as much as I'd prefer that personally.
I would love to see something like Django's Editing Views. Ever since George Brocklehurst described this at Ruby Manor earlier this year I can't get the idea out of my head. If you look at all the security issues and hand wringing over params parsing, roles, attr_accessible and strong attributes, etc, etc, a very large percentage of those issues are greatly improved or in some cases completely nullified by Django's approach to forms. It's actually one of the biggest Rails warts in my opinion.
In essence, the idea there should be an object that knows how to render a form based on an internal object state paired with a deserializer that knows how to read the form in and convert it to an internal object state. This way, by default, the form only recognizes the params that were defined and the risk of leaky params causing security issues is reduced by orders of magnitude.
I'm not sure how you retrofit something like this into Rails since it would be a huge architectural shift, but man it would be sweet to see something official along those lines.
I'm not a Rails developer, I have only done some simple webapps with it, so I have a question.
Does Rails support websockets natively? If not then why? I haven't seen any request for integrating them in this thread.
One of the things I've struggled with on large Rails projects is helping developers understand that they can and should write code is neither model, view, controller, helper or lib. Instead a model ends up with a ton of class methods that are only somewhat related to fetching and storing records. A controller ends up with some crazy query that joins three tables and generates statistics. I would like to see some guidance from Rails on how and where to put these types of things. When I advocate for a service object, I get asked what the parent class would be and where the code would live. Saying no parent class and app/service_objects gets me some questionable looks like I'm not doing it right. Opinionated frameworks are great but I feel like people assume a lack of opinion to mean don't do it.
I'm not sure what concrete steps rails can take, but maybe app/lib for application specific code and lib/ for more generic libraries. Or maybe something less confusing.
app/concerns is a perfect example of the problem I'm trying to communicate. If I want to extract code out into a concern, everyone is perfectly ok with it because Rails has "blessed" the concern pattern by providing a parent object to inherit from and a directory where concerns should be placed. As soon as Rails weighs in with an opinion, everyone is onboard.
I think the message I would like to see communicated is that we as developers are free to create app/foo if we feel like foo is a good idea. Technically there's nothing stopping it. Culturally, it's almost unheard of.
I brought up lib/ because structurally it is a free for all. Nobody looks twice if I create lib/foo and add some code there. The problem is that I don't want to put app specific code into lib. I'm not sure if app/lib is a good idea, but I feel like it would communicate the idea that it is OK to write app specific code that doesn't fit into anything Rails has approved.
Anyway, I realize my concern is very much a culture issue. That culture has its pros and cons, and if we didn't have the strong opinion to stick to MVC, we would probably end up with a ton of spaghetti code in app/lib. I just wish we could strike the right balance.
Another vote for async mailers please - also sending more than one mail at once would be nice.
Sorting out secret_token.rb would be good - not sure what would work, ENV variable, auto-generating a file in production if not there, but there must be a better solution which lets you work both on Heroku and let's people avoid having secrets stored in version control by default.
Also, I know this has been a really thorny issue in the past, but the thing I add first to every single app I make is authorisation and authentication. Usually I use devise and cancan, but it'd be great to just have default rails generators for this - they could be very basic, just covering the most basic use-cases, and would obviously have to be optional. Not everyone would use them, but it would at least help a lot of beginners avoid mistakes like this:
and it would also provide guidelines for people on how to approach those topics - at present they'll tend to google a solution. That would help to emphasise that you need both of these things separately, and give us a baseline from which more complex bespoke solutions could easily be built.
I concur that something needs to happen on queues/background jobs. Right now I've always gotta go setup Resque/Redis to make basic background stuff happen and keep the app snappy. Its not a huge pain, but it seems best-practice for lots of types of tasks.
Rather than a gem for both, what I'd personally prefer is generators, because it makes all the code explicit - I always end up customising them to some extent (particularly devise, usually I use their generator then customise), and it'd be nice to expose things like the mailers that devise sets up for password reset etc (again something almost every app requires). Will be interested to see what the Rails team comes up with though.
Thanks for asking Steve! I think Rails is already very complete. I would like to see an included state machine, rails-api integration, commands (baby-zeus) integration and GitLab secret storage (https://github.com/gitlabhq/gitlabhq/pull/4040). But I realize these are all very controversial. The most important thing is the core-team stays happy, so no problem if these can't make it.
With baby-zeus I mean https://github.com/rails/commands. The secret_token is indeed hard, other people proposed the dotEnv gem which makes sense as well. Or maybe link a whole directory to a shared dir?
Thanks for putting this together Steve. Your work, and those of the Rails contributors is amazing stuff. I know this past year has been a pain from a security perspective but as a framework matures and adds n+ features, it is an inevitable outcome.
For me, my wish list would be:
- Down with helpers. Or, at least the ability to arbitrarily set them. Maybe push presenter as alternatives?
- Some native performance tuning/testing/reporting would be awesome. Gems like rack-mini-profiler and ruby-prof are great, but a near-native tool, opinionated at that, would be awesome.
- I personally love the decorator pattern that gems like Spree use. Unfortunately (and maybe this is my own failing), eval'ing filters/callbacks is a big pain.
- As mentioned in another comment, the env specific configuration provided by figaro is awesome and should be native in Rails. Specifically, it might be a welcome alternative to the secret_token issue.
- Most deployment tools (Capistrano/Mina) enforce a different folder structure. It might be helpful to include some of them by default, or provide configurable options/symlinks that will work out of the box.
I have a lot more items on my list but those are the top items that I can think of at the moment.
I'm sure you know that I'm a big fan of presenters, maintaining one of the most popular gems that implements them, but they've generally been deemed a bit too heavy of a pattern in the past. What do you mean by 'arbitrarily set them'?
There were performance tests, but nobody used them, so we pulled them out to a gem in 4.0.
Can you give me an example of the eval problem? Not familliar with it.
I'm still new to rails but I would really like to see:
- Something like spring ( https://github.com/jonleighton/spring ) built in because I use a low end machine and it still takes 5-6 seconds just to see a page refresh with live reloading enabled in my browser with nearly an empty project in terms of complexity. It would be nice to have it somehow work for tests and near instant code reloads for development.
Random question on queues:
Will they be just as good (easy to use / efficient) as resque?
I haven't used Rails 4.0 much yet, but I know that I really dislike the default HTML generated with the Rails 3.2 scaffolding generators. The markup is kinda ugly, too verbose and the use of form_for just bothers me. I always use simple_form myself and form_for just feels old and like a bad default.
We don't currently have any C extensions distributed with Rails proper for maximum portability. For example, if this were included by default, Rails would no longer work on JRuby, and a _lot_ of people use Rails with JRuby.
More realistically, commenting it by default would be IHMO a good idea.
It's a very nice gem for some use cases but a terrible default.
Regarding point 2), I don't think it is very agnostic though.
Because ActiveSupport::Testcase is extension of Minitest. Thus, rspec won't be able to use all helpers of AS. I am fully aware of there are rspec-rails with equivalent matchers.
Sadly, majority of commercial companies are now using rspec/rspec-rails for the dev job, this makes AS::TS a second-class citizen. So if we could not abstractify AS::TS, my vote is to extract it to a separate gem and let user choose the test framework they want.