00:00:09.280
Good morning everybody. Hello.
00:00:15.040
How's everybody doing? Wonderful.
00:00:20.800
All right. How do we do this? All right. This one's for each of you. What's
00:00:27.119
something you've recently helped out with? in either Ruby or Rails that you're proud of that might surprise
00:00:33.840
people? And we'll start with you, Aaron. Wait, what what was what was the
00:00:39.280
question? What's something that you recently worked on in the last year or two that
00:00:45.200
you're really proud of? Something I've been working Oh, uh, well, I I don't want to tell you because
00:00:51.680
I have a keynote at the end of the day. All right. So, if you all want to know about that,
00:00:57.520
please come to my talk at the end of the day. I'll be talking for at least an hour about all of these things. Actually, I've been working on Oh, I'll
00:01:03.920
tell you. It's fine. It's fine. I've been working on Yeah, just you sh I know I know I'm miked up, but um rafter
00:01:12.320
stuff, parallelism things, which I will go in depth details in my presentation.
00:01:18.880
Yeah. What about you, Hiroshi? Yeah. So
00:01:23.920
I impassed this. So the Ruby core releases spend the six or nine months
00:01:32.000
and spend four or six hours in the release day. So
00:01:39.200
it the too heavy work for the branch maintenance. So I added the automated
00:01:47.920
workflow to release for that with GitHub actions. So after that so we can release
00:01:56.560
only g tag and push it to the github. So the automated work for create the all of
00:02:04.960
packages and create the docker images and update the our official sites. So we
00:02:13.360
can release the new stable versions each two or three months and 1 hours in a
00:02:22.000
release day. So we can use the most best versions of Ruby in the quickly use
00:02:29.840
that. Nice. What about you John? Um
00:02:34.959
I guess like active support JSON I did a pass to optimize it with ATN barrier
00:02:41.280
recently. He's probably in the room unless he's drunk in his hotel room.
00:02:46.400
Um, yeah, people are probably familiar with the work of performance I did on the JSON gem, but then after I started
00:02:53.120
blogging about it, I got an issue saying like, "Oh, you're lying." Like, uh, it's still super slow in my app. And that's I
00:02:59.680
remembered that active support just wraps the entire thing to do like some extra 90s on top. And so,
00:03:06.239
um, I paired with it to to go over all that. So some of the thing it does is like it um it walks the entire tree of
00:03:14.560
objects to see if you can call it like as JSON method on it to try to render it
00:03:19.760
better. Um so that's duplicated work with the generator that also does the
00:03:25.360
same thing. So I just refactor the gem to give you a call back for only when
00:03:30.560
there's an object it doesn't know to handle then it calls back which massively cuts the amount of work. Um it
00:03:37.200
is it also does a thing where it tried to escape HTML entities in your JSON to so that it's safe to include anywhere
00:03:44.480
but uh with we were able to like first find a way to do this much more efficiently and also we realized it's
00:03:51.440
it's only useful if you're going to include it in HTML like if you're doing render JSON it doesn't make sense. So we
00:03:58.080
were able to cut on a lot of things like that. So uh we were able to make um that
00:04:03.439
extra layer that active support put on top of extra nicities. Um we reduce the
00:04:09.120
the override like quite massively. So should get that in race 8.1 when you try
00:04:14.799
the better. Awesome. What do you think has gotten better for Ruby developers in the past
00:04:26.400
Everything. Everything. Can I say everything? Is that it? You can't. That's a word.
00:04:33.199
So, uh, pre-ompiled. No giri. What was that again? Pre-ompiled. Noiri. That comes pre-ompiled.
00:04:39.680
Oh, yeah. Pre-ompiled gems. Yeah, pretty nice. Um, LSPs.
00:04:45.520
I don't use that. I I'm still waiting for Textmade to add LSP support. So,
00:04:51.600
people here use LSPs though, right? Yeah. Yeah. All right. Okay.
00:04:57.680
What? Wait, what's an LSP? It's like a common interface for plug-in
00:05:05.280
for editors. So, it's just like a instead of every single editor having to implement the same feature for each
00:05:11.039
language. Yeah. They just share common interface became the standard. I think it was Microsoft or Yeah.
00:05:16.960
Yeah. They made the they made the standard. Microsoft made the standard. Yeah. I think standard. It's just a JSON
00:05:22.320
thing. Yeah. But otherwise like just I don't know what kind of timeline you're speaking of but like wet has a pretty
00:05:29.039
massive impact. Um the GC improved quite significantly.
00:05:35.919
Yes. What what kind of timeline are we talking about here Robbie? Past few years is what I wrote. Past few years.
00:05:42.400
Yeah. So let's say last 12. Oh.
00:05:49.360
All right. Hiroshi. What do what do you think has gotten better in the last two years?
00:05:55.039
Two years. Yes. I don't know.
00:06:01.600
Yeah. Maintaining a CI and infrastructure.
00:06:07.199
Oh. What do you believe is still harder than
00:06:12.639
you think it should be for developers today? Oh, that's a good question. What is
00:06:19.840
harder than it should be? Every everything is harder than it should be. It's basically the same as the LA. Like
00:06:25.680
everything's gotten better, but everything is also harder than it should be. Why do you think that happens?
00:06:32.000
I I think uh David covered that pretty well in his in his
00:06:37.600
Are are we merchants of complexity? Are we complicit as Ruby developers?
00:06:42.639
I mean, I do like I do make money off of complexity. That's true. Like like
00:06:49.199
Like if it if it weren't for complexity, I don't know if I'd have a job. Yeah, exactly.
00:06:54.639
Also, I I like if if you want to buy some complexity, I'll have my merch table set up in the
00:07:01.199
back. No, but there we still things like
00:07:06.960
setting up your dev environment can be for newcomers, you know, like when you work at a big company, usually you have
00:07:12.720
like something all prepared, but in a smaller companies, it's a bit uh like a readme and you do your steps and then
00:07:18.880
open SSL is not compiling and these sort of things, you know, like everything that is before doing the actual
00:07:25.919
meaningful work all the management. I think that's true. Yeah, there's still room for improvement
00:07:32.240
there. We're going to come back to that topic in a little while. But Hiroshi, you help
00:07:37.360
maintain a lot of tools that nearly everyone in this room has used probably in the last few days if not this morning
00:07:43.599
when they were running a rake task or something. But for those that don't know, you work on things like maintain
00:07:48.720
RBMV, rake, bundler, ruby build. when it comes to working on these types
00:07:54.879
of tools, how do you think about improving these while keeping them stable for us?
00:08:01.280
Yeah, so the difficult question. So,
00:08:09.680
okay. So, uh David said is the keynote. So, uh it's a freedom.
00:08:18.160
So I think we also create the own tools
00:08:24.720
and use it and maintain it every day. So
00:08:29.759
I think that means stable. So uh use our software and fix software and
00:08:38.479
release software every day every week. So
00:08:44.880
I use the the Ruby and the rake and other ecosystem tools. So use it every
00:08:53.519
day and find the problem and fix that and
00:08:59.360
release that the in short terms. So I want to make a stable and
00:09:08.080
to share uh that knowledies and I'm happy to use uh that stable fence the
00:09:14.880
every people and in the world are you typically use when you're using
00:09:19.920
the tools yourself are you usually just running off of like the main branch yourself sorry
00:09:25.200
are you typically running when you're using the tools yourself are you just using the most current version in the
00:09:32.480
main branch on those projects so that you know if things are broken before everybody else would.
00:09:38.240
Scott. Yes. Yes. Yes. That's uh that's a common team when you're a maintainer or something like
00:09:44.160
even uh recently with the core team we were thinking like almost everybody on the core team is running rails edge and
00:09:50.399
so like the pressure to cut releases is is not uh quite where it should be. Yeah. But like so so it's it's not good
00:09:59.680
from that particular perspective, but like there's other benefits obviously. Yeah, it makes sure it makes sure that
00:10:05.200
everything like we make sure it's stable. Yeah, since we're all using we're all using the edge versions all the time.
00:10:10.880
That's like Yeah, there's just Yeah, there's this little teeny trade-off that we probably need to have a calendar reminder.
00:10:18.880
So So everyone in the audience, please use the edge version of things everything. Yeah,
00:10:25.200
I I think R will just be like evergreen software, you know, no more
00:10:31.200
releases. Hershey, what does your workflow look
00:10:36.720
like for working on a tool like rake?
00:10:44.560
When you're working on the rake project, what what when you're like say if you're going to review like a an issue or a
00:10:51.360
poll request, what's that workflow look like? Like what are the steps that you kind of take at a high level for
00:10:57.680
reviewing the code and testing it out and and pushing out a release?
00:11:17.760
There is no specific uh way or technique for that. So uh I use
00:11:26.160
the bas basic GitHub pro. So I disabled the bug report on the GitHub and fix
00:11:33.839
that and push a P request then m that the G tag and push and reset. So, and
00:11:43.839
the I think that the everyday uh use that
00:11:50.640
and is there is there a fairly robust build system that GitHub's running
00:11:56.000
against all the different operating systems in Hey, yeah, we
00:12:01.600
we should talk about that. Build systems. Yeah, GitHub action. Yeah. Well, I mean all the build systems that
00:12:07.839
we run for Ruby core. Oh, that's massive. like
00:12:13.040
yeah when you push a commit to Ruby it starts something like over 100
00:12:18.880
jobs like on GitHub action and that's only because there's some weird system
00:12:24.560
like s 319 or whatever that doesn't so after you m after you merge you get
00:12:32.720
another CI internally that just like right okay so if you send a pull request if you send a pull request to Ruby Ruby
00:12:39.920
we get a bunch So, we run a whole bunch of actions. There's a whole bunch of them. I'm pretty sure I'm not sure how
00:12:45.839
many forests were destroying with the CI, but
00:12:51.839
you get a whole bunch of actions. And then, you know, like normally like you would see on a GitHub pull request, but
00:12:57.360
after we merge those, there's that it's not a it's not a secret build system. It's just a second.
00:13:02.639
It's public. It's public. Yeah. But it's just like a secondary build system that you don't see on GitHub. Yeah. you runs
00:13:08.560
but just like a bunch of servers running in Kohishi's garage. Yeah. Yeah.
00:13:14.399
Making sure making sure that Ruby runs on on Raspberry Pi and I don't
00:13:20.160
all Unix system nobody knows about. Yeah. Yeah. Spark whatever. Yeah. Of course. I this this makes sense
00:13:26.639
though because I think I heard I heard uh 37 signals is going to be deploying to Raspberry Pies all over the world.
00:13:33.440
So, we got to make sure that Ruby is Ruby is running on those. Why Why do you run the whole CI suite on
00:13:40.800
your local laptop before you push it to GitHub for all the operating system? I I'm very guilty of not doing that. Uh
00:13:47.200
I know David doesn't like CI, but for me it's a productivity boost because I push
00:13:52.639
to the CI and it does a lot more that what my laptop can do. So, I can do something else in the meantime and I go
00:13:58.320
back to it. What do you typically do with that time? What What are you doing with that time? I I just work on the next thing. I'm always
00:14:04.160
on two three things at the same time. You're not like scrolling Tik Tok or something because I can have like a I can have
00:14:10.399
like a 100 servers doing the manual work while I do something. It's I'm scrolling Tik Tok. Okay, that's
00:14:20.399
uh for you, John. Uh when you're working looking at performance issues, how do
00:14:25.519
you decide what's actually worth improving? Uh
00:14:31.760
first very often I don't look at it because most of the performance work I do is just because it's fun. So
00:14:37.920
if it's not fun then I don't I'm not going to do it. So I do a lot of performance improvement
00:14:42.959
that nobody's ever going to see or notice. Let's be honest like you know even like the JSON thing like unless for
00:14:50.639
you know most people think uh oh we're rendering a lot of JSON so if it's twice
00:14:55.760
faster is better but actually if you look at it like the time is spent before that like it's spend on like your active
00:15:01.360
model serializers or similar to like create a huge tree of objects and then like the serialization to JS and unless
00:15:07.360
it's massive multim megabytes it's going to be one two millconds so all that blogging everybody keep saying was great
00:15:14.079
like not everybody noticed at the very beginning the very first post I say like everything I'm going to talk to like
00:15:19.440
just didn't matter it was just to look good on benchmarks um but no otherwise like if you want to
00:15:26.160
do performance work that really matters is you need to profile your application um globally like not not even just one
00:15:33.519
control action you want to have like aon profiler that gives you like a world
00:15:38.959
view of your thing and you see like okay we're spending 2% in that function and
00:15:44.399
if you can make twice as fast then you just save 1% over your entire architecture. You can only um the
00:15:51.839
performance that matters is from um actual real life benchmark. If you go
00:15:57.040
look at the wget bench uh benchmark suit they really have clearly like the micro
00:16:02.800
benchmark that really don't matter. It's just that someone noticed that something
00:16:08.480
was a bottleneck on a bigger benchmark and so they made a mini one like a to focus on it. But what really matters is
00:16:14.399
the bigger one that are actually like full on rails app or or bigger projects and that's where when you get one two 3%
00:16:20.959
it's good but um if you get uh 10% faster on like tech empower benchmark
00:16:27.199
framework thing it's not going to change anything for anyone except marketing and marketing is important. So
00:16:36.720
uh I don't I got to I I have to push back a little bit though. I think like I I'm going to disagree with you a little
00:16:42.320
bit. Yeah. Go on. Go on. Spicy. Fight me, bro. I do like I do think I I actually do
00:16:48.639
think it's important to speed up things like JSON. I know like not just for marketing purposes, but also like I'm
00:16:54.320
kind of afraid that um maybe we take on this we as in developers take on this
00:17:00.000
like fatalistic perspective that's like, oh, I only improved like this is just a drop in the bucket. But if you have many
00:17:06.079
drops in the bucket, it's like you got a full bucket drop. Yeah, exactly. I I agree. I agree. Tads up. It's just
00:17:12.480
that it's a opportunity cost. Sure. It's like if you have infinite time, I agree with you. I don't have infinite
00:17:19.039
time. So, and I know that if I wasn't doing it this for fun and I was paid to
00:17:25.600
improve someone's application, I wouldn't do the same thing that when I do it for fun.
00:17:30.799
Yeah. I mean, like I say, every day is Friday, but we there's only so many Fridays in the world. Yeah. Exactly.
00:17:36.960
Does anybody know how many Fridays there are eating a week? Yeah. Seven.
00:17:44.960
Kind of following up on that, John. I'm curious like do you when it comes to teams, you thinking you're working on Ruby related things and Rails for for
00:17:53.200
Rails application developers when they're what sort of things do you think they're spending too much time chasing
00:17:58.799
for performance improvements? Do you feel like do you have any advice for people on what they should be focusing on more often than
00:18:05.440
uh Honestly, I don't know because I have this problem. I'm often asked question
00:18:11.679
like that. The problem is like when I get involved on the performance problem is because it's not a usual problem
00:18:17.919
usually. So um I don't know uh I think people focus
00:18:23.679
maybe a bit too much on allocations. There was this old saying in the community that you performance was
00:18:30.000
directly proportional to how much you allocate which was perhaps true a while ago but the GC improved a lot. So no
00:18:36.720
saving an allocation is not always the best solution. Some it still is like if you can do the same thing without
00:18:42.480
allocating it's fine but sometime people just try to have not to allocate an object. Some like the GC is way better
00:18:48.640
now. That's one of the things we could have said in what's improved over the last
00:18:55.120
I said I mentioned the GC. Okay. I forgot you. You're not listening. Stop fighting. Um,
00:19:01.600
Aaron, what's your favorite regular expression?
00:19:08.880
Uh, the the every regular expression that I don't get a security report about
00:19:14.480
is my favorite my favorite regular expression. That's I don't actually know the answer to this. That's why I'm
00:19:20.960
asking it. But are there any places in Rails where you wish we didn't have to rely on regular expressions?
00:19:28.240
everywhere. What do you mean? I don't know. This is This was a
00:19:33.760
question I came up with late last night. Uh I'm trying to find something funny. I'm like, I should probably ask a real question. I can't think I can't think of
00:19:40.480
anything in particular, but it's true. Like it was kind of a flip response, but it's true. Like we we used to get a lot
00:19:47.039
of security reports about regular expressions. Ah, oh my gosh. This is one thing that's improved.
00:19:53.679
So the regular expression time this is oh my gosh. So we would get these we
00:19:59.440
kept getting these security reports that are like oh given this particular input this regular expression is going to take
00:20:05.840
you know like against take a lot of time and it's super annoying because like
00:20:14.080
people just find these regular expressions I'm like do does this actually happen in production really really and they keep but it could and we
00:20:21.760
have like we take these reports seriously so we have to fix all of them
00:20:26.799
uh but one thing that really improved in Ruby is that um first off we got
00:20:31.919
improvements to the regular expression engine itself such that these these like
00:20:37.280
uh very slow regular expressions are way more rare. The other thing the other
00:20:42.400
thing that improved was we got a global timeout on regular expressions. So you can say like oh if a reax takes more
00:20:49.280
than a second or whatever just raise an exception or something like that. So that way we can be like when whenever
00:20:55.679
anyone reports a security issue like that we can be like no sorry no that's an entire class of security
00:21:00.799
vulnerabilities that just went out just went away. Yeah. Yeah. So that's that's a thing that improved
00:21:06.080
and that's probably was like half of the security security report at some point at least at least half. Yes for sure.
00:21:11.919
Who do you recall who worked on that? Uh their handle is make now adjust. Uh
00:21:18.000
yeah that was for the speed improvement and the timeout. I don't remember where it was, but
00:21:23.520
wasn't it make now just did the timeout too? I don't remember. I don't want to say something wrong.
00:21:29.520
But only it provides after the Ruby 3.2. Yeah, 3.2. So if you're not up to 3.2,
00:21:35.120
please upgrade to 3.2 because we're not fixing those regular expression problems anymore. So
00:21:45.679
Jean, you've worked in Ruby internals and in Rails internals. Is there something that you've worked you've
00:21:51.120
needed to work around enough times that that's made you think if we were starting this fresh maybe
00:21:57.919
we'd approach this very differently now? Oh, there's so many that I cannot even
00:22:03.600
come up with an example. Um, it just
00:22:11.520
Well, I guess I could talk about like a frozen string literal for example. Like
00:22:16.720
it's something I'm trying to not strong arm because I respect him. So I'm trying
00:22:22.000
to do it diplomatically, but I'm trying to get Matts to flip the switch on. Hold on. I want to ask the audience a
00:22:28.480
question. Can we do that? Yeah. Yeah. Go ahead. Go ahead. How many Okay. In in the audience here, how many of you put frozen string
00:22:34.480
literal true at the top of your scripts? Raise your hand. Or else. But who knows what that means?
00:22:41.039
Okay. Who knows what that mean? Wait, no. Okay, we all know what it means, right? Yeah. Okay, good. So,
00:22:48.640
wouldn't it be nice if we didn't have to put that at the top of our scripts?
00:22:56.320
Thank So yeah, I I I built a migration plan for that, but no, it's it's waiting on deciding which
00:23:03.520
version of Ruby is going to flip the switch and it's a hard decision to make, but
00:23:08.720
I'm going to keep trying to whisper to Matts, but we'll see how it goes. So yeah, that's something I wish was done
00:23:14.400
differently because then the migration is complicated. It's really just on um
00:23:19.760
I I hope I'm I'm answering the question correctly, but like it's really on the
00:23:24.799
once a mistake was made, it can be extremely costly to to fix and we don't
00:23:30.799
take lightly breaking people's stuff. It's just really like I suppose we'll talk more about that, but
00:23:37.440
it's really about like what's the cost of not changing? What's the cost of changing? What's the like you need to do
00:23:44.240
your pros and cons and no matter what you do, someone's going to not be happy
00:23:49.360
and let you know? Yeah, they will. It's about minimizing our suffering.
00:23:57.280
Do you feel like you've had to develop some thicker skin to to handle?
00:24:02.640
Uh, I've developed the appearance of a thicker skin. So people I I hope that
00:24:08.080
I'm deterring some people from expressing their opinion because they're scared of me,
00:24:13.840
but deep down it it it still hurts. Yeah. Okay. What about What about you, Aaron? How do
00:24:20.400
you think about that? Uh just Well, my my the way that I cope
00:24:27.200
was to quit reading email. You were hard to get in touch for this.
00:24:33.600
Yeah. Um carrier pigeon. Yes. Yeah. Hershy, what about any of the projects
00:24:40.000
that you're working on? Do you feel like you've had to work around some legacy aspects to the code that you
00:24:46.799
wish if you could start it over you would reapproach it differently?
00:24:57.200
Okay. Uh I have a lot of things. So
00:25:02.559
the toad extract the base 64 gem.
00:25:08.400
Oh B 64 gem rewrite it. Yes. Uh no no no no. Uh
00:25:15.120
just throw it away. Divide to your standard rivaries. Yeah. Now so B 64 rivies extracted by from the
00:25:24.400
Ruby core packages. Oh wow. Okay. So, so you would put the B 64 gem back in.
00:25:30.480
Yeah. Yeah. Yeah. So, the for uh everyone needed to
00:25:37.440
add the B 64 rival into the your application gem file. So, it's a very
00:25:43.600
annoying. No, it's it's true because yeah, when when the gem was extracted, the reaction
00:25:48.960
to everyone was like, "Okay, so I either need to add a new dependency to my gemspec or I could use string pack because you
00:25:56.159
have a going to say, can't you just do string pack?" And 99% of the gem I've seen, I've chosen to get rid of the dependencies,
00:26:02.559
which brings the question of like what the gem is is even for. But that begs
00:26:07.919
also begs the question, shouldn't it be like string 64? 64?
00:26:14.240
Maybe not. I don't know. I'm personally waiting for base 65.
00:26:24.480
Aaron, can you recall a change in Rails that felt really risky to ship, but you're really glad it went through?
00:26:33.279
No. Um, risky to ship. Risky to ship, but
00:26:38.799
glad. Glad I did. I mean uh adequate records.
00:26:44.400
Yeah. Yeah. Sure. Actually, yeah, that was that's true. Adequate record speeding up speeding up active record
00:26:50.559
internals. It's it's hard doing that type of rewriting or also the also the
00:26:57.120
router. I wrote I rewrote the Rails router many years ago and probably 10
00:27:03.520
years ago and last night was the first time anybody said, "Oh, you did a good
00:27:09.360
job on that. And I was like, "Oh my goodness, wow."
00:27:15.440
But I mean, I guess it felt risky at the time, but it was like I suppose it
00:27:20.640
worked out well because nobody noticed really. So like that's I think that's like the best outcome is you do something and
00:27:28.480
stuff is better but no one notices. But it's every big change is risky
00:27:35.760
because you know we have a we have a test suite but you always have blind spot in that test suite.
00:27:41.200
Yes. So that's that's why it helps um having an actual day job because usually they
00:27:46.400
have a code base so you can use that like leverage that for uh as an extra test. I know that like um when I was on
00:27:53.279
the Rubian release team at Shopify like the I used to do a lot of testing of Ruby against the monolith and you always
00:28:00.080
find something that wasn't called by the Ruby testuite uh just because of the amount of this and that it's also a bit
00:28:06.480
of a call for the community like um if you have just a bit of free time like just try like try to find a way to build
00:28:13.600
a nightly CI to report um compatibility issues with your dependencies prior to
00:28:19.760
release because on this has released. It's a mess to deal with. But if uh I do a performance change and one week later
00:28:26.640
someone tell me, "Oh, it broke that." And actually it happened last night. I uh last week I optimized um active job
00:28:32.640
serialization like the argument serialization and just last night I got uh someone from Shopify opened an issue
00:28:39.679
saying like, "Oh, it broke like active job unicity thing." And then Mike Pam chimed in and saying, "Oh, it's also
00:28:45.600
break psychic thing." So okay, I revert. No. Um but maybe the release would have
00:28:51.600
been in 6 months and um dealing rein 6 months later is more complicated right
00:28:56.880
so um I'm a bit of a broken record on this but like your dependencies are your code
00:29:03.039
too like it's not just because someone else wrote it that it's not your code so it's on you to
00:29:09.919
do a bit of work to just show up and say like hey
00:29:15.120
maybe you're missing a test here or whatever Yeah. Yeah. Actually, I have I have a good answer for for this question. Um
00:29:23.279
I made an optimization in Ruby for the triple dot. Yeah, like triple dot syntax. So if you do
00:29:29.760
like, you know, defaf whatever and you put triple dot in and then you pass
00:29:34.880
triple dot somewhere else, it used to allocate like a bunch of objects. It would allocate an array and a hash blah
00:29:40.399
blah blah and then pass it on to the next thing. So I made an optimization to fix basically eliminate those eliminate
00:29:46.799
those allocations. But the problem is internally to C Ruby we have a lot of like caches inline caches and stuff and
00:29:55.679
um like if you mess up because of the these caches it's possible to like mess
00:30:02.000
up the parameters. So the parameter passing could possibly be messed up. So this is like a lot of pressure because
00:30:08.399
can you imagine you're writing like you're writing your code it seems fine it worked fine in the previous versions
00:30:14.159
and all of a sudden like parameter passing is messed up like
00:30:19.279
your mind would explode and um I made this I made this change
00:30:26.399
ran it against the C Ruby C Ruby test I got all the C Ruby tests passing and then uh fortunately like the the only
00:30:34.240
way I could possibly make this change is because I was able to run against all of our code at work. So we're able to run
00:30:40.960
we're able to run our test suite against edge like edge Ruby as well as edge rails. So like I ran it against all of
00:30:49.039
our code at work. There were tons and tons of failures and all that meant is that we were missing like we were
00:30:54.399
missing test cases in the C Ruby like in the C Ruby codebase. So we just extract that to extract that to a test case,
00:31:01.440
upstream that to upstream that to C Ruby and we could we could like fix it. But
00:31:06.480
um if it weren't for that, I would absolutely not have had the confidence to ship this like ship this particular
00:31:13.440
optimization and honestly like probably all of your apps would be broken if I had.
00:31:18.480
Yeah. So yeah, that was that was risky.
00:31:24.320
But nobody's noticed, right? Triple D. Yeah,
00:31:29.360
I'm curious for the audience, how many people here are have set up something to run their test suite against like a
00:31:35.360
weekly build of the like Rails Edge or main.
00:31:40.960
Oh, come on. No, you don't count. Three. Okay. All right. We need to do
00:31:46.960
more. Yes. Please, please test your apps against Edge Ruby and Edge Rails. Please.
00:31:53.200
Maybe someone should write a blog post about how to set that up. It's in the works, but it's been in the
00:31:58.880
work for three months. So, yeah. Hiroshi, uh, similar question. Are there any risky changes that you've
00:32:07.760
you've worked on in the tools that you maintain that you're really glad that were shipped, but were kind of nervous
00:32:13.039
about? Sorry. How do I translate this? Uh
00:32:30.960
disc change. Yes, this change. This key change.
00:32:39.840
Uh uh I remember that. So the next version
00:32:45.519
of net HTTP client. So I removed the default uh content
00:32:52.399
type. Oh, for that client. So it maybe broken your
00:32:58.080
application or not. Please try the next preview version of
00:33:04.960
the Ruby 3.05 with your rails application. So if it break for for the
00:33:14.240
by the net ATP client please ping me uh immediately so I will rev that.
00:33:23.120
I see I actually have another answer that is
00:33:28.480
awful but I want to Is it okay if I bring up YAML? Oh yeah, go. Yeah, yeah, go. I mean
00:33:42.559
That's so few hands. Okay. Um, so I think one of the most dangerous changes.
00:33:48.880
I guess it was it was dangerous. It wasn't dangerous. It's just it it created a lot of I I know what you think
00:33:54.559
of it's not that it was dangerous is that it created a lot of busy work for a lot
00:33:59.679
of people, a lot of but it was a necessary change. So, okay. Okay. So, another like I I don't we probably didn't cover this, but
00:34:06.159
I'm on the I'm on the Rails security team. John is also on the Rails security. You're on Ruby security team.
00:34:11.760
Yes. And um I don't know if I made this clear earlier, but security sucks. It's not
00:34:18.560
fun. And we like what we want to do though is when we're getting when we keep getting classes of bugs like for
00:34:25.440
example the regular expression bug what we'd rather do rather than fix each one of those individually is try to find try
00:34:31.440
to find some sort of way that we can just eliminate that particular that particular security vulnerability as a
00:34:37.839
as a class of vulnerabilities. Otherwise we're just going to be fielding these problems for the rest of our lives. So
00:34:44.560
one of them was um YAML security issues like if you load if
00:34:50.399
you load YAML like you could end up with an object that can somehow mess with
00:34:55.679
your mess with your application. So many years ago I implemented a method called
00:35:01.280
safe load on YAML where you would like if you call safe load it's safe it's
00:35:07.520
it only deserialize non safe object. it only deserializes certain safe objects.
00:35:12.880
So you you don't run into these you don't run into these security problems. The the issue is that there's tons of
00:35:18.960
code out there that's already calling just yaml.load. So they're not calling the safe the safe version of it. So like
00:35:27.119
in order to fix this, you'd have to chase down every single library and ask them to change load to safe load. So
00:35:33.280
that doesn't solve new code because as a developer you don't read the entire list
00:35:38.720
of methods on YAML you just you see vase load it works like Marshall load or whatever you don't think about it.
00:35:44.240
So you you don't stop the bleeding just by adding a new API. Exactly. Yes. So I made the very tough
00:35:51.440
decision of in a major release I said okay we're going to switch load is now safe load. So, if you've loaded YAML and
00:35:59.359
it blew up, I apologize, but at the same time, it's like, you're welcome. Yeah, you're welcome.
00:36:05.680
Uh, so that was like that was a really risky it was a really risky change that did like it broke people's apps for
00:36:12.079
sure. I'm sure it did. I'm sorry. Not that. I had no idea how much code I had to update, man.
00:36:19.760
Uh, but that was that was a very risky change to make and then but I just did it. Yeah, but it's it's a right code
00:36:26.160
because like what we touched on before it's like it's it's cost benefits risk
00:36:32.880
and the more you wait the harder it's going to be. Um nobody or actually some
00:36:38.720
people probably do but there's insane people everywhere but um nobody likes
00:36:44.240
breaking APIs just for the sake of it. There's always a reason behind it. No, after that it's a judgment call from the
00:36:50.480
maintainer. Is it like is it really worth the cost? Is the cost really worth the
00:36:55.680
benefit brings? And that's where most u maintainers will disagree because
00:37:00.800
everyone is going to have a different threshold there. Um right. Okay. It's not nice because I'm
00:37:07.440
not the maintainer of the gem but like recently for example there was rack 3.2 2 that was released like a few weeks
00:37:13.520
ago. And um as you're probably aware as CR developer, you know, when you uh fail
00:37:19.599
validation, you want to respond with like 429. So um you have those symbols.
00:37:25.119
So you respond with um unprocessable entity and rags 3.2 say like oh
00:37:32.000
unprocessable entity is wrong because in the HTTP specs they say unprocessable content. So, we're going to deprecate in
00:37:39.040
processible entity and force you to use content instead. And I'm like, who cares? I'm sorry, but like add the new
00:37:47.040
alias, keep it forever. We're talking about one line of code in the thing. It's not worth duplicating. Dude, I didn't know this.
00:37:53.200
So, you should have told me what I what I did is like I'm not a rack maintainer, so I cannot do anything
00:37:58.560
about that, but I'm a Rails maintainer. So, in Rails, you can continue to say
00:38:04.079
unprocessable content uh entity forever. And it's three lines of code in Rails
00:38:09.280
and it save probably like hundreds of hours of busy work for Rails developers.
00:38:14.880
Okay. And in addition, I considered that a bug
00:38:22.400
and so I backported it on older reservations because and that's again I'm not blaming
00:38:28.960
anyone. Everyone have their own scale on like what's important to change or not. But I think deep down it's about
00:38:34.880
empathy. It's like when you you you press that one keystroke, you commit that one thing. Just try to imagine like
00:38:41.599
the pain all your users going to go through. Erin, you were talking about that example with the ammo where making
00:38:49.359
eventually having load be safe load. Would you have reapproached that differently now? Would you have do you
00:38:56.320
like replicate load just entirely and just have like a safe load and a non-safe
00:39:01.359
load people have to opt into? No, I wouldn't have I would not approach it differently. Um,
00:39:08.240
like the way I approached it, I I introduced like I introduced the safe load like the safe load API so people
00:39:13.760
could switch to that one. But the problem is it's not safe like you're not safe by default. you're not like there's
00:39:21.760
tons of code out there that is calling the unsafe API and they may be the
00:39:27.839
people who wrote that code or that not the people who wrote that code the code that code itself may be um vulnerable to
00:39:34.640
security issues and they don't know it. So if you got that exception like if if
00:39:40.240
if the change switching out load for safe load broke your code then it's quite possible that you were vulnerable
00:39:48.079
to a security issue. So in this particular case, no, I I would not have done it differently. And I I mean
00:39:55.440
despite the complaints I got, you know what? I was arguing with
00:40:00.720
someone just on like the orange side just a week ago that was complaining about that change, too.
00:40:06.400
And the guy was like, "Oh yeah, I had to change five lines of code in my app." And I was like, "Dude, I changed like
00:40:11.520
500 lines of code across 200 different gems, so just
00:40:18.160
chill out. Hiroshi, when I was preparing for this,
00:40:23.520
I had a delightful conversation with uh your friend and attendee, Masa, and he
00:40:28.800
mentioned that something that you're a big advocate for is supporting Windows
00:40:36.079
in in 2025. And so can you tell us more about that? Why is why is Windows
00:40:43.040
important? Yes. perspective the Ruby it don't have the official Ruby
00:40:49.040
packages so we we have only Ruby install too so but Ruby 2 only supports the Ming
00:40:58.000
perform is that is not native Windows so I think so if we
00:41:07.839
we could uh so sorry uh we do the fury support windows So uh we can expand the
00:41:16.160
ro of Ruby and Rails users. So uh please raise up your hand if you use
00:41:24.319
the Windows in with a production or main developer environment.
00:41:29.599
Yeah, raise your hand if you're using Windows in production demo one production.
00:41:35.520
Thank you. Wow, a couple people. That's very brave. No.
00:41:43.599
Yeah. So, we we can welcome the more users and programmers and some progress
00:41:50.480
with Windows users. I I can I appreciate that. I think the
00:41:55.520
something you know we Yes, we can get a Linux machine and a Mac machine, but the have to require for someone that's just
00:42:02.160
curious and starting to program or interested in Ruby and they're like, "Oh, I got to get a different operating system to just test out this Ruby thing
00:42:09.440
I saw on the internet." So I think I I can see how that's important and maybe a little bit of a
00:42:16.240
a blind spot for us. I think at time it definitely a blind spot, but it's also a major cost. Like it's the problem
00:42:22.480
is it's always hard to justify because me like I push a change to Ruby and I see that all my CI is green except on
00:42:29.040
Windows. Yes. Yes. And and Windows is so different and I don't I guess I have a gaming PC but I
00:42:36.160
have no plan to try to turn it into a development environment. And even if I did, I don't know anything about the
00:42:41.200
Windows tooling. So, it's just like the extra cost and I I totally agree that
00:42:46.400
the benefit is good. I would love like lots of people have Windows laptops and they want to get into it. So, it's
00:42:51.920
great. Uh, and they should be able to, but it's there's really like a economics
00:42:57.440
thing of like Windows already takes a disproportionate amount of time for the number of user it
00:43:05.599
has. Mhm. But maybe we it would have more users if we improved it. But
00:43:10.880
there's also that recently there's WSL or something like it's much easier to run Linux programs on Windows than it
00:43:17.839
was before in way like a Linux subsystem. I think actually Microsoft that basically it's a bit like
00:43:24.560
some I don't know to describe it because I'm not a user of it but it's some sort of like very light VM that is able to
00:43:30.400
like light Linux subive sim on Windows. So you I think that would be the preferred way nowadays. Uh of course
00:43:37.200
there's probably old tutorials and stuff but if you're writing a tutorial on to do rails on Windows today you should
00:43:42.319
probably step one get the WSL thing so that you actually use the same tool chain the same everything than everyone
00:43:48.560
else. I' like I'd be curious what the like what the Python community does about stuff like this because I feel
00:43:54.960
like Python they have very good they have incredibly good uh Windows support from because
00:44:00.240
historically they've been doing it a lot and and they have probably more uh core
00:44:05.440
team members working from Windows and also Microsoft got very involved with Python before they fired everyone.
00:44:13.680
Um so it's a bit easier for them but it's a chicken and egg problem right it's if
00:44:20.319
you have Windows users you get Windows contribution and support improve but then if the project is not good on
00:44:25.920
Windows then you don't get those so Microsoft uh if you want to sponsor
00:44:38.079
Hiroshi um what do you think is still hard for someone trying to get their
00:44:43.440
local Ruby environment set up before they can even type rails new.
00:44:48.480
Yeah. So it's yeah it's difficult for the new users. So I always get the
00:44:56.000
installation error or bend install error or gem install error with Ruby gems and
00:45:02.240
Ruby build and Ruby core uh back cards. So I think the it caused by C lang. So
00:45:12.000
Cain of C lang is like compiler and rinka and
00:45:17.839
something is uh hard over hard for the beginners. So in last month is so the
00:45:27.359
GCC 15 is broke the all of versions
00:45:32.720
versions. So we can uh build the C extension with the past versions. So
00:45:41.920
But the newcomer or beginners uh didn't
00:45:47.680
uh understand why uh they can't build the CX extension. So
00:45:54.880
uh it's a Ruby is back. Ruby is unstable as he they said. So
00:46:01.839
I think so if we can rewrite the open SSL and they
00:46:10.560
live to reite with the Ruby langes. So it uh reduces the build of error of Ruby
00:46:20.079
copes. H but on the on the problem of uh Rubyc
00:46:25.359
extension I guess the problem is like users have wly different environments so
00:46:30.720
it works on some not on others. Uh we were talking about that the other day. I
00:46:35.839
think it would be awesome if even me I ship a bunch of C extension and I don't want to do the pre-ompile gem thing
00:46:41.599
because it's very complicated and my my gems are small enough that they compile in a few seconds. So it's hard to justify putting all that work. Um but I
00:46:49.119
still occasionally get like oh it doesn't compile on my machine and then you have to do like okay what can you possibly have on your machine that
00:46:54.800
doesn't work. So I think it would be awesome if uh Ruby gems I don't know who would do it probably Ruby gems would
00:47:00.640
just me as a C extension maintainer I just push the source version and it just
00:47:05.920
auto magically I don't know you do it get me pre-ompiled gems for everyone
00:47:11.040
else you know so that only me have to compile the gem
00:47:16.319
that would be awesome. Yes, I agree. As a Z maintainer gem, I 100% yes.
00:47:25.119
So if someone wants to build that Mike, Mike, are you?
00:47:30.400
Mike, are you in the audience? Thank you, Mike. Aaron, once someone types in Rails New,
00:47:38.960
what parts of Rails do you think tend to surprise and confuse beginners?
00:47:44.400
When's the last time you typed Rails new? the other the other day.
00:47:50.160
Um, what? But nothing surprises me anymore. I'm not new. I'm not new.
00:47:56.000
I I get that. Do you think Do we think we've made the the setup
00:48:02.720
configuration process simple enough for beginners? I mean, I think it's I think it's pretty simple. I do I do think it's very simple
00:48:08.800
to do to just do Rails new and get an app up and running. I I think probably the biggest um I mean we already covered
00:48:15.760
it but I think the biggest like point of failure is when we install the gems doing like a bundle install because
00:48:22.160
that's like the time when stuff blows up right that's the thing like us on the
00:48:28.960
Rails core team we can't control how your system is configured
00:48:34.079
and because we can't control that and we don't know it when a gem gets installed it also
00:48:39.200
doesn't so that's like where it's going to blow up And then as soon as that happens, a new user is going to be like, I don't know what's I I don't know
00:48:45.440
what's up here. So I 100% agree with John. If we could have somebody like if
00:48:51.599
I could push a gem and it's just pre-ompiled, that would solve Yeah. a lot of stuff. Another answer to your
00:48:58.800
question I think is just um rails is a mass maybe no problem but it comes with
00:49:05.200
a lot of things that um not everybody use nowadays because it just covers so much more that like there's so much more
00:49:11.520
possible choices and like for new users they probably just want to start with your Mac and see where it's at. But for
00:49:17.680
slightly more um seasoned people they they know they have their their use. So
00:49:24.079
they all maintains like a long list of skip this, skip that, add this.
00:49:29.359
Uh but for in between some people like just I think there might be like a brand new
00:49:37.040
interactive where it ask you a few questions perhaps because like the list of possibilities pretty long mostly just for discovering them
00:49:43.440
actually. It's not necessarily would be like the green path, but it would be for things like, hey, do you want this? Do you want that? But it's that's not
00:49:50.720
that's like for people who already did it a few times. Yeah. Rail like Rails nude dash
00:49:55.920
interactive. Give me the menu. Give me the menu. Yes.
00:50:02.960
Jean, two years ago on this very stage, like you were probably sitting right there.
00:50:08.480
I asked you what your favorite color was. My favorite? Your favorite color? Oh. and you said, and I quote, "Blue, I
00:50:16.480
guess, I don't know." And ever since then, a lot of us left
00:50:23.440
Rails World 2023 wondering, "Does John even like the color blue?"
00:50:28.800
And in fact, recently, as 3 weeks ago, I was reading a really surprisingly long
00:50:34.559
thread on the Byroot subreddit where there was a big debate whether you
00:50:40.480
might have changed your mind. So, can you set the record straight for us now? Uh, I'm still guessing.
00:50:46.160
Okay. Hiroshi, what's your favorite color?
00:50:53.440
Popper. Popper. Purple. Popper. It's a good color. We're not interested,
00:50:59.599
Aaron. I know. Um, Erin, if the Rails team were starting
00:51:06.240
from scratch today, what's something you think might get left out? Oh, that's easy. System tests as we as
00:51:13.839
we as I heard yesterday.
00:51:19.520
What would get Yeah, I don't know. I don't know. Probably that. Okay. What about you, Johnny? You haven't
00:51:25.760
he took the easy one. Um
00:51:31.839
something we didn't quite remove but I I made not quite as a default in the past
00:51:37.200
is uh you know serialized columns in active record. So for the longest time active record
00:51:43.839
had this thing where you could just actually I think it was implicit in the very old version and then after that you
00:51:49.839
had to like serialize the name of the colon and then you can put whatever you want in there and it's going to go through YAML. Ah yeah
00:51:55.839
going to go through YAML and dump your database and then the problem is Yammer's going to be happy to say like
00:52:01.440
it used to be happy to say about anything and then it was made safe. Um and the problem is even even if you only
00:52:08.960
say safe stuff it mean like YL is going to store literally like the instance
00:52:14.079
variable of the object in a specific order whatever. So if you store something that come from a gem and you upgrade or even your own code and you
00:52:20.480
change the internal representation then you want a world of hurt like I remember at chify like a long time ago someone
00:52:27.599
created a string subass subclass that was called safe string or whatever and this ended up serializing YAML in like
00:52:34.960
very old records and I suspect I would need to ask uh some people but I suspect
00:52:40.880
like we still have this alias just to be able to disalize some old YAML. Um so
00:52:45.920
that was a bad idea and I think uh rails became a bit more strict on this sort of
00:52:51.920
thing like there's lots of lesson land there that I think uh yeah we do
00:52:57.040
differently and uh whenever you past something in a database you know you need to know that you might
00:53:04.079
need to read it in 20 years so be very careful what you write in there but like this is okay so one of I'm
00:53:12.000
working on a change for active record And one of the like one of the risks for it is I'm make I'm making the change and
00:53:18.559
it's a change to internal like the internals um uh just the way that we represent active record objects
00:53:24.640
internally. But because people call like marshall.dump or yaml.dump dump or
00:53:30.079
whatever. It means that it could possibly break your code because you have been serializing that that is
00:53:37.520
that's exactly the discussion I'm having right now on GitHub since last night with the psychic and other folks is that
00:53:44.880
um that's what it's called like law or whatever like um which is a law that
00:53:51.359
says that whatever the API docs whatever what you states every observable
00:53:56.640
property of your program is going to end up being relied on by common. So for example, I'm pretty sure whoever wrote
00:54:02.800
the first version of active job argument serializer never expected like never claimed that the the format would be
00:54:10.480
stable. But then it was stable and so people used it as like a key to do unicity and
00:54:16.880
stuff like that. And now I'm like okay I can make it way faster or maybe I need to change maybe one day I will need to
00:54:22.559
change it but I can't because some people rely on it. So for now I reed the thing but then no I need to find a path
00:54:28.400
forward who would allow everyone to to move on and and like the world marshall like another thing I don't like is rails
00:54:34.880
cache by default use marshall which mean whatever you put in there is is susceptible to the same thing I said
00:54:40.559
about yl it's like the internal representation and and that there's a bunch of of very important performance
00:54:48.559
improvements we could do we we just just don't know to do them safely I have an idea what if In every like
00:54:55.920
every version of Rails we release, we just add a different like instance variable or something like variable.
00:55:03.119
That's what go does you know like um you know in Ruby um ashes are ordered
00:55:08.720
in some language they just nonspecified in Go they specifically use randomness
00:55:14.000
to ensure you cannot possibly rely on an order even an accidental one.
00:55:20.000
Love it. I I absolutely hate go, but this is a this is a nice one.
00:55:27.760
Hiroshi, what's one part of the Ruby ecosystem that you believe needs more contributors right now?
00:55:34.559
Windots as so in the background. So, so only two
00:55:42.800
people to maintain uh Windows perform in the Ruby core team now. So, I add noan
00:55:50.559
And if you have a knowledge of the windows especially the file system or
00:55:57.520
parallelism and other roy uh knowledge. So please uh join and
00:56:04.880
contribute to the uh windows support for the ruby. So we very welcome to you.
00:56:12.559
I saw one person in the audience volunteered. Yeah. Yeah.
00:56:17.599
Please come up after introduce sitting next to him. Please hold him. So yeah, don't let him leave.
00:56:23.280
All right. Well, we're kind of coming up on our time here. Um
00:56:28.480
I want to say a big thanks to each of you for taking time to come up here and speak with us all today. We're really
00:56:34.079
lucky to have you here at Rails World. We're really lucky to have you be part of this community and for all your
00:56:39.200
contributions. We really we love it. We love you. We appreciate it. Thank you for coming and talking shop with us
00:56:44.960
today. Big Rails World. Thank you.
