Hacker News new | comments | show | ask | jobs | submit login
Rails 4.1.0 released (rubyonrails.org)
417 points by chancancode 904 days ago | hide | past | web | 95 comments | favorite

For those curious as to how things go from Rails 3 to Rails 4.1, I've now built a few Rails 4 and 4.1 apps for clients and here's been my thoughts:

1) Turbolinks comes standard with Rails 4, and you will either love it or hate it. If you do use it, expect your javascript to break at one point or another. The jquery.turbolinks gem helps, but I've still had to debug a bunch of funky behavior with it.

2) Strong parameters takes a while to get used to from the old attr_accessesible way of doing things. That being said, I think it's worth it to learn it. It prevents a lot of conditional attr_accessible :blah, :as => :admin that goes on. The one thing I'd say is if you are going to use strong parameters, you might want to install a gem like Annotate so you can keep track of your attributes in the models. Sure you can just look in Schema.rb, but tabbing back and forth gets to be kind of a pain.

3) Secrets.yml is great, no more worrying about adding your config.secret_token to the .env file when generating every single project.

4) Mail Preview is nice, but for some reason I still seem to use Mailcatcher mostly to view / see how emails render out. Think this is mostly me sticking to my own ways.

5) ActionController::Live still feels pretty half baked. The fact that most examples / tutorials on the web still use the default example of:

    100.times {
      response.stream.write "hello world\n"
      sleep 1
Seems quite telling. It feels like they've given some of the pieces to get live streaming working flawlessly, but we are still missing a few tools here.


The biggest problem I've had is that some gems that we used frequently would break because they weren't Rails 4 ready. We use ActiveAdmin pretty frequently in our client apps, and it's worked for a while, but it's always been on a custom branch and still had some issues that were just recently fixed. YMMV for gems that your app relies on in terms of what will break and what will work.

> Secrets.yml is great

Yes, but I still prefer Figaro[1], which makes it super easy to configure an app on Heroku, especially when the app has multiple environments on Heroku:

    $ rake figaro:heroku[my-app-staging]
    $ rake figaro:heroku[my-app-production]
[1] https://github.com/laserlemon/figaro

I've used figaro but recently switched off in favor of a combo of foreman, dotenv, and heroku-config[1].

- Foreman is great because you'll get parity with how Heroku runs things (they use the same Procfile and read a .env file). Plus, if you have separate workers, then you can easily boot up your app.

- Dotenv is drop-in for Rails and supports .env usage outside of foreman.

- The heroku-config plugin is great because it works throughout your system and can also pull down the current config from Heroku.

[1] https://github.com/ddollar/heroku-config

Yeah we use figaro for local dev and non-heroku production apps to override already sane defaults (extra cruft in config/ and initializers to do that), which the "variables" table can override and is app-admin configurable.

I never understood why you would use YAML for storing settings. In fact, I observed that because of YAML devs are less likely to extract things into configuration settings, especially adding a setting seems to involve a manual server restart. I wrote a gem that's IMO much better:


Settings are configured in Ruby, split into separate files/groups, are easily overwritten per-Rails-env and per-particular-installation, in development environment they are reloaded automatically after a setting is added etc.

I think it's largely a case of cargo-culting a Rails core decision made somewhat arbitrarily before Rails was even released (ie. config/database.yml).

Theoretically I suppose YAML is supposed to be a human-editable data format, but after trying to get translators to translate app strings in YAML format I decided that YAML is worthless as anything except an interchange format, and even there, primarily for Ruby because of its rich semantics.

There's a typo in your README, I think the last exception mentioned should be MissingSettingException rather than MissingGroupException.

Anyone had any luck loading their secrets.yml file into heroku, figaro style?

Does Heroku even support the secrets.yml file at the moment?

> 3) Secrets.yml is great, no more worrying about adding your config.secret_token to the .env file when generating every single project.

How is adding config.secret_token to secrets.yml, which you're going to keep out of version control, so much better than adding config.secret_token to .env, which you're also going to keep out of version control? Both files need to be lugged around.

Secrets.yml is a one-toe-in-the-water solution. I hope next minor release we will just have dotenv in Rails for real.

Secrets.yml is in .gitignore by default, while secret_token.rb is not, right? Most (beginner) programmers don't think to implement something like Foreman which handles their secret tokens / API keys and commit them straight into their code. With it being standard in the Rails app, gems can rely on sending their secret keys into a file they know will not be committed by default.

As is, you need to remember to dig through all your initializers and copy out all the tokens (Devise, Omniauth, etc) and put them in a .env file

That's fair. I can agree it is a nice optimization for the beginner Rails developer.

secrets.yml is not in .gitignore by default

Just checked -- you are right. I was using Rails Composer for one of the apps I checked, which does include it by default.

They also removed database.yml from the default .gitignore ... I don't understand why?

That makes sense, since database.yml is not going to contain any sensitive data anymore (passwords and usernames will be stored in secrets.yml), this file can be safely stored in repository.

I keep secrets in the DB. Only thing in the ENV that matters is DATABASE_URL. I'm surprised more people don't do this.

I like this approach but there is a trade-off - you're an SQL injection away from losing your secrets, as opposed to a RCE or file reading bug when they're stored in .env. SQL injection bugs are more likely.

We use figaro and have a table called variables that overrides the former. Also, we can restart the app from itself and see log files live.

Because secrets.yml is a better solution. A lot of rails developers have been using non-committed YAML files instead of .env anyway.

The environment variable pattern comes to most rails setups from Heroku (whether directly or inspired by it), not from the rails core team.

We've also built and upgraded a few projects on Rails 4.1 recently and it has been very smooth.

On a side note: we avoid ActiveAdmin like the plague for the very reason that you specify here; our experience upgrading it between Rails versions has been terrible. We use our own simpler admin 'scaffolding' instead - https://github.com/SquareMill/generic_admin_controller/tree/...

It depends. For initial work, AA is a quick hack to get something out there fast. It's akin to django admin. Anything more complicated than batch spreadsheet CRUD will benefit from non-AA, custom admin UIs. One thing that we've encountered is we'd like Disqus style comments, but AA's are flat without an ability to delete them. Yeah we had to use a whole raft of crap to get AA working on 4.1rc including pinning sprockets and sass-rails version. Overall, AA has its place but there's never been, nor will there ever be, a perfect tool for all seasons.

RailsAdmin works with Rails 4.1 and is a good replacement for ActiveAdmin. I have RailsAdmin working in https://github.com/starterkits/rails4-starterkit if you need a reference for config.

I've had many more problems with AA in the past. (Like Styling, simple_form) I quite speedily dropped AA in favor of building my own AA backend, which is not that hard... AA consists out of a lot of stuff that you can just as easily put in your Gemfile. like inherited_resources, has_scope, devise, cancan, kaminari in favor of AA's will_paginate, and ransack.

I'm currently happy not to be on AA, it seems it would have held a lot of development back. AA ties you down to a lot of stuff that might break in the future. I think it's a great gem if you're starting with rails or need a quick admin backend of your models (when your site is mostly frontend). If you're looking for a true backend that needs some degree of custimization I woudn't risk it.

> ActionController::Live still feels pretty half baked.

It is very half-baked. I put it into a production system and had tons of headaches.

Me too. Luckily I was monitoring some lengthly database operations, nothing customer-facing.

Sometimes the streaming reply worked, sometimes it hung, sometimes it crashed. After a few days of pain I rewrote it in Node (which is a shame since the rest of the code is in Ruby). Worked 100% first try, no handholding.

I don't care whose fault it is. ActionController::Live should be turned off until it's more stable.

I imagine the Rails team wants to make this more robust but I think there's some bad design decisions in Rack that are preventing ActionController::Live from being as robust as it could.

Yep, cf. "I firmly believe Rack is shackling progress for Ruby on the web." - @tenderlove


it's pretty hard to do something better with the current status of Rack

> you might want to install a gem like Annotate

slaps head I was doing that by hand - lol.

Another alternative is keep a rails console open during development and just type the class name of the Model or Model.column_names

The Enum implementation seems full of caveats.

1. It saves values as integers in the database, meaning that removing properties involves explicit setting, and reordering them requires custom migration code.

2. "Avoid using the same names inside different enums in the same class! Doing so will leave Active Record very confused!"[1]

That's right, we can't use the same enum name to two different fields because ActiveRecord might get confused. That's kind of poor, isn't it?

3. Having to pass a macro that'll return the right integer instead of the symbol itself? Really?

This all seems really unwieldy, especially in the face of Enumerize(https://github.com/brainspec/enumerize). It's got none of these caveats. Is there some strength to the Rails enums that Enumerize doesn't capitalize on, other than size constraints by using Int instead of String?

[1] http://brewhouse.io/blog/2013/12/17/whats-new-in-rails-4-1.h...

Yes it's disappointing, above all considering that a better implementation is achievable in twenty lines of code in a model

My company is still on Rails 3.2. We had been waiting for the first minor release of Rails 4 to give folks a chance to work out issues, so maybe now it's time to look at upgrading.

Anyone have major issues going from 3.2 -> 4? I've heard horror stories about 2 -> 3, but I didn't pick up Rails myself until 3.x so I don't have firsthand experience.

The biggest change I see is attr_accessible to strong_parameters. Does that mean I need to go through and rewrite all our models and controllers before we can update?

It went comparatively smooth for us. 2 to 3 was a nightmare, 3 to 4 wasn't too awful. Some of the things that bit us:

* Strong parameters means you're going to have to figure out what everything needs for params or break down and call permit! where acceptable. If anyone got crazy with attribute metaprogramming bullshittery, you're in for fun.

* The deep_munge part of strong parameters has some strong opinions about how it should do its job. The code is there to prevent attacks where unusual user input is handed directly to ActiveRecord and interpreted by it. One special case to look out for is that it will rewrite a (JSON-supplied) empty array into nil, which makes life fun if your API happens to put some semantic meaning on nil vs. empty arrays.

* The new restrictions on routing verbs are good stuff, but I can almost guarantee that something was getting away with using the wrong verb before.

* XML parameter parsing has been extracted to a plugin. For some reason XML generation wasn't, but if people are sending you XML data you'll need this: https://github.com/rails/actionpack-xml_parser

That's all I can think of off the top of my head.

In response to this:

> Does that mean I need to go through and rewrite all our models and controllers before we can update?

Not really, no. As a first step we rewrote all of our attr_accessible usage into model class-level constants we could run through strong_parameters. Eventually those moved out of the model, but it was good enough to get going. Example:

# Rails 3.2

class Foo < ActiveRecord::Base

  attr_accessible :name, :bar, :whatever

  attr_accessible :name, :bar, :whatever, :approved, :as => :admin

# Rails 4.0

class Foo < ActiveRecord::Base

  UPDATEABLE_ATTRIBUTES = [:name, :bar, :whatever]


3.2 -> 4 is an order of magnitude easier than 2 -> 3.

The upgrade guide is pretty solid, and I imagine it mostly applies for Rails 4.1 as well: http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#u...

I spent most of my time updating app config. For several of my 3.2 apps, I started using strong_parameters, so it wasn't a leap for me. Another app I have on 4.0 is using the https://github.com/rails/protected_attributes to retain the existing attr_accessible behavior until I get time to update.

Hope that helps!

It does not, you can actually pull in a gem[1] to use attr_accessible just fine with Rails 4. If you want to transition to strong_parameters, you can include the gem in your Rails 3 project and begin migrating to it, though that's a tough sell on most Rails codebases I've seen as it requires you to update every action in your app.

I have not personally migrated any of my code to Rails 4 from 3.2 yet but the transition will be far smoother than 2.3->3 was.

[1] - https://github.com/rails/protected_attributes

The railsdiff website is also a very handy little tool for quickly seeing the differences in config between versions:


Railsdiff.org just shows you what's changed in the generated app files, not the actual libraries.

Also be wary of your projects Gems, we just finished a 3.2 to 4.0 upgrade and though rails itself was pretty easy, there were quite a few problems with things such as Solr, Formtastic plugins (some FormTag internals changed in rails4, which broke some stuff).

So yea, the biggest problem was upgrading to Rails4 and getting the Gems to work- many of which had large structural changes in the Rails4 versions. For instance, Devise changed how they handle tokens in the Mailers, etc.

We have a very large App and it took us about 2 months part-time work to migrate fully to Rails4 - of that I'd say about 70-75% of the work was a combination of rewriting strong_parameters/attr_accessible stuff and updating/monkey patching Gems to get them working. But we did go really far, we removed all the stuff that generated deprecated warnings and removed all the "migration helper gems" like "protected_attributes". So if your project doesnt depend on many gems it could be really easy especially if you dont care about using the helper gems like protected_attributes until you get around to rewriting things.

Part of the motivation why we adopted a lib/hacks/ convention

Extracted here:


It's a way smoother upgrade - exactly as you mentioned really the only major change is from attr_accessible to strong parameters however you can still include the protected attributes gem for a quicker/easier upgrade path (https://github.com/rails/protected_attributes)

I'm not 100% sure, but I believe you can upgrade without a lot of rewriting by using the protected_attributes gem (https://github.com/rails/protected_attributes).

You are correct that attr_accessible is gone in favor of strong parameters.

Google fu yields http://stackoverflow.com/questions/17371334/how-is-attr-acce...

Depending on how your test suite is set up (if you have one) there may need to be some sweeping changes there. When we migrated we had to switch from our should syntax to the expect s syntax.

I can't remember anything else that was super crazy.

I'm working on an update too, and am biting the bullet and rewriting the strong_parameters/attr_accessible parts.

But, you can in theory use the Protected Attributes gem to aid migration with less rewrite.[1]

[1] http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.ht...

I recently upgraded a 3.2 application to 4.0. At a high level, the necessary refactoring to make 4.0 work wasn't bad. It was upgrading gem dependencies, and sometimes switching out deprecated gems, that was a much bigger pain.

My co-founder wrote a book on exactly this. In case you're interested: https://leanpub.com/upgradetorails4

I don't have much to say about any of the new functionality, but Spring seems like a very poor name for anything new related to programming.

I agree with you, Spring is already well known in Java circles (and .NET to some extent).

And that's why it doesn't matter at all in the Ruby / Rails community ;)

And a nightmare for people in both the Java and Rails community when seeking jobs.

Still Google/search kind of flattens the namespace a bit. Now you're going to get lots and lots of Java Spring framework hits on any Ruby Spring google searches.

Agreed. I'm a big Ruby fan, but some of the community naming choices are just annoying. In addition to spring: rack, sequel, devise, unicorn, faraday... I could keep going.

Spring rails reloader gem. Solved.

Exactly. Except they could have used Springloader or something as a shorthand for it (rather than Spring) and it wouldn't have been as much of an issue.

It reminds me of when Wordpress gave one of their milestone releases the code-name Django. They actually changed it to "Rheinhardt" after the initial release because of the confusion it was causing.

In this case it's even worse. Giving a component of a web framework the same name as a different, in a sense competing, framework is just plain silly.

Having mailer previews built in is pretty awesome. I pretty much use a gem for that on every project nowadays.

The variants thing is interesting ... I'm assuming its an alternative to rendering a responsive/mobile-first view (on a view-by-view basis). I'm sure there are plenty of use-cases but I don't like the prospect of having to update yet-another-set-of-layouts-and-views.

Responsive views only go so far. Trying to shrink an app designed for a desktop browser down to a 4" phone is a fool's errand. Much easier to go with different templates in that case.

> Trying to shrink an app designed for a desktop browser down to a 4" phone is a fool's errand

That's why, when you design a responsive website, you're supposed to think / work out mobile first.

Hoping to detect all mobile devices out there based on their http request is no wiser.

You end up with a LOT of hidden or visible markup, redundant on both mobile and desktop.

After working on responsive websites for about 2 years now, I feel that variants is the way to go with Mobile designs.

You flesh out something lightweight for mobile and then another for tablet + desktop + whatever.

Otherwise your mobile display is needlessly large.

I guess you can mix responsive layouts with variant templates anyway, right? Just place your responsive markup in a partial and reference it in.

Upgrading from 4.0 to 4.1

  1013 runs, 351 assertions, 6 failures, 832 errors, 0 skips
Ouch. Still, it's great to see development on Rails continue. It really hits a great sweet spot for small to mid-sized apps.

Edit: Actually easier than I thought; about 10 minutes to figure out the cause and remove a surplus gem, and we're all green. Cool.

I think there's some pretty substantial ActiveRecord changes under the hood in Rails 4.1, so likely one of your gems are fighting with it and borking your test suite.

What is great for large-sized apps?

Interesting and complex question, that.

Larger apps end up being more SOA than monolithic, I suppose. Rails can usually play a part in these, but in my experience it's usually a win to start fragmenting an app into services once it gets beyond a certain size and complexity.

We've been using Rails 4.1 release candidates for a couple of projects. It's worth the upgrade from 3.2.

Here's a Rails 4.1.0 starter kit that's production ready and full featured: https://github.com/starterkits/rails4-starterkit

This looks pretty nice, but do people actually use these for production apps? I'm not criticising, I'm legitimately curious .

Yeah, it's "production ready" in the sense that the starterkit project was pulled from a couple of production apps and properly configured with a nice selection of gems.

Most starter kit apps help get developers up and running in a development environment but leave a big gap between dev and production. Sometimes this is good, but a lot of web apps are very similar.

I got tired of rewriting authentication systems, configuring gems, and repeating the same tasks for each project. Even if you use Devise and similar gems, you still have to do a lot of work to create a good UX and integrate OAuth. And then you have to dig through each gem's documentation to make sure it's configured properly for a production environment.

The rails4-starterkit is basically my dumping ground for tips, tricks, and production tuning settings for Rails 4.1. You'll still need to make adjustments for your own app, but it's a much better starting point for cranking out weekend or freelance projects.

I'm also open sourcing my node starter kits, but they're much earlier on in development and better node projects already exist.

I never heard of it before, and the url is timing out for me now (I was gonna say HN effect, but that's a github.com, uh oh. Anyway).

I thought the Rails 'starter kit' was `rails new my_app_name`

Interesting, I looked through it, and his other repos, and he seems to be a really solid rails guy. Looks like a promising kit, especially considering how much of a pita setting up CanCan with Rails 4 can be.

Thanks ch4s3. I released the starter kit after bashing my head in on a few configuration tasks with various gems. I haven't looked far and wide, but I think it's one of the more complete Rails 4 starter apps. I needed it for my own projects, but hopefully it can save some other devs configuration time.

If you know of other solid starter app projects, I'm happy to fork them and make them discoverable in https://github.com/starterkits. It's meant to be a community project. I just haven't had any time to promote it.

Neat. The problem with templates in general they lose an ability to hack on and recreate them because they depend on code generation and manual tweaks that have already been done (and lost). As such, I'm refactoring https://github.com/steakknife/rails41rc_plus_hacks_and_threa... into generators that will add the right things to a bare Rails app. So if you need omniauth + devise + cancan but not X, it's a `rails g` away. Rails has an amazing app generator DSL built-in.

I totally agree. Generators are the way to go. I just haven't had time to make them for starterkit.

Open an issue or pull request when you get your generators working, and I'll happily link to your project. Always good to give people options.

Hi. This looks great. I'm new to rails and this looks like it will be fun to mess around with tomorrow and learn what the commons gems etc are. Seriously - Thanks very much for making this. Anything I should know as a noob or shall I just dive in and have a play around?

You should be able to just dive in. Rails is pretty friendly that way. The starterkit app is just a basic Rails 4.1 app with all the gems. So anything you find in Rails 4.1 tutorials should work just fine.

If you run into any issues, just open an issue on the project and I'll do what I can to help.

I'll let you know if I find anything cool, I'm following you on github now.

Check out https://github.com/CanCanCommunity/cancancan, the continuation of the cancan gem.

Oh nice. I'll switch over to CanCanCan.

I've updated the ‘Learn Ruby on Rails’ book for Rails 4.1:


Also, there are 5 starter apps for Rails 4.1 from Rails Composer:


You'd think the new enum support could use.. you know.. ENUMS. http://www.postgresql.org/docs/9.3/static/datatype-enum.html

the rails team is waiting for a patch to do it

With support for databases not supporting enums.

More info on Secrets.yml VS Figaro here http://collectiveidea.com/blog/archives/2013/12/18/the-marri...

The only thing I noticed, aside from secrets file and cookies etc that is outline in the notes, is that SimpleForm stopped working. Since project I was upgrading was small, I just removed it, but that is not option for bigger projects.

I am _stupidly_ excited for Variants. No more .hidden-xs, visible-xs markup for me. I can taste the savings! :D

A massive thank you to the Rails team for their time and commitment towards making the best web framework on the web even better!

Am I the only one who thinks the `Module.concerning` thing is silly?

Concerns never did anything for reducing real complexity in the first place, except improve code geography, and now we don't even have to bother with that. Yay.

Mailer previews will literally shave hours of time off of my email testing workflow — no more mail-to-a-test-account-and-wait garbage. And that's one of the minor features.

letter_opener[1] is really useful to avoid the test account + wait situation. Well, now you can just use mailer previews, I guess :)

[1]: https://github.com/ryanb/letter_opener

Also Mailcatcher, which runs a local SMTP server with a nice email-client-style web UI: http://mailcatcher.me

premailer is also useful. Even with the new Rails 4.1 email previews (available in development env), sometimes it's useful to be able to preview in production. https://github.com/fphilipe/premailer-rails

How will it 'preview' the sent mail? E-mail clients behave differently when it comes to layout. When I'm doing such testing, I still verify the mail in at least the top 90% tier e-mail clients (web and desktop).

You're supposed to do the initial testing on the 'preview' and then actually test on real email clients.

Colors, fontsizes, margins, etc. on preview to get it right - then email clients to perfect it.

Unless you really need to be checking network deliver that much, mailers have long been testable, getting the last email sent from ActionMailer::Base.deliveries.last

But you can just use 'letter_opener' and pow: Emails open up instantly on the browser to preview.

Is SQLLite fixed for Windows 7 or Windows 8 x64? This was the reason why i uninstalled Rails 4...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact