Best Ruby on Rails books

Five best Ruby on Rails books overview with links and covers 
17 July 2017   2668
Ruby on Rails

Framework written in the Ruby programming language.

Despite the popularity of digital learning methods, such as screencasts, interactive guides, in-browser coding and free and paid courses, books are still on of the most popular learning approaches. Many coders start their way in developing with books. There are a lot of books for Ruby developers available on the market. Let's take a good look on the best Ruby and Ruby on Rails books.

Ruby on Rails Tutorial by Michael Hartl

Ruby on Rails Tutorial by Michael Hartl
Ruby on Rails Tutorial by Michael Hartl

This book will be good for beginners and for experienced specialists as well. Very convenient navigation, easy to read material, tons of examples make it a desk book for every Ruby\RoR developer. Russian version can be found here. You can have more information in our review

Demystifying Rails

Demystifying Rails
Demystifying Rails

It is written for experienced web coders who want not just to get familiar with Rails, but to understand how all this stuff works together. As someone can suggest, this is not a newbie tutorial, but a solid materiel for skilled developers. Book is a part of a 301 course at Launch School.  See our article for more information.

Ruby

Dynamic, open source programming language with a focus on simplicity and productivity, it has an elegant syntax that is natural to read and easy to write.

Eloquent Ruby

Eloquent Ruby
Eloquent Ruby

Eloquent Ruby is written by Russ Olsen. Book is based on the tutorial formula, each chapter is a guideline. Big amount of explanations and examples. Will suit greatly a middle-level Ruby on Rails coder, who would like to improve his skills.

Everyday Rails Testing with RSpec

Everyday Rails Testing with RSpec
Everyday Rails Testing with RSpec

This book includes advanced coverage for RSpec 3 and Rails 4.1. Written by Aaron Sumner, it is designed for skilled coders and written in an easy-to-follow way with plenty of practical examples.

Confident Ruby

Confident Ruby
Confident Ruby

Name suits this book greatly. Suitable for intermediate developers. With step-by-step instructions, this book will teach you to see the whole picture instead of small piece of code. 

What Ruby on Rails book you like the most? 

What Ruby on Rail book do you prefer? Maybe you are already read some of them? Please, share your thoughts with the community. Also, after the voting, you will be able to see what people like the most. Your opinion is very valuable for the Hype.Codes team.

Ruby on Rails Tutorial by Michael Hartl
0% (0 votes)
Demystifying Rails
0% (0 votes)
Eloquent Ruby
0% (0 votes)
Everyday Rails Testing with RSpec
0% (0 votes)
Confident Ruby
0% (0 votes)
Total votes: 0

Backdoor to be Found in Bootstrap-sass Ruby Gem

Backdoor has been added to the 3.2.0.3, published March 26 in the RubyGems repository and issue is resolved in release 3.2.0.4, proposed on April 3rd
05 April 2019   447

Backdoor (CVE-2019-10842) was detected in the popular Ruby-library bootstrap-sass (Bootstrap 3 option with Sass support), which has about 28 million downloads, allowing attackers to execute their code on servers running projects using bootstrap-sass . The backdoor has been added to release 3.2.0.3, published March 26 in the RubyGems repository. The issue is resolved in release 3.2.0.4, proposed on April 3rd.

The backdoor was hiddenly added to the lib/active-controller/middleware.rb, in which the code for calling eval appeared with the value passed through the cookie"___ cfduid =". For an attack, it was enough to send a request to the server, setting thecookie "___cfduid" and pass as an argument the commands encoded in Base64 format. The name of the cookie "___cfduid" was chosen for camouflage under thecookie "__cfduid", set by CDN Cloudflare and characterized by the presence of two underscores instead of three.

It is noteworthy that the malicious code was published only in the final package published in the RubyGems repository, but was not included in the source code in the Git repository. The source code of the library remained correct and did not arouse suspicion among developers, which underscores the importance of using repeatable builds and implementing a process to verify the compliance of published packages with reference sources. Apparently, the attack was carried out through the seizure of the account parameters to RubyGems from one of the two library maintainers (officially the leakage of account data has not yet been confirmed).

The attackers showed prudence and built the backdoor not into the latest 3.4.x branch, the latest release of which has more than 217,000 downloads, but as an update for the previous 3.2.x branch, relying on the fact that corrective update of dependency will not cause suspicion. A rough estimate of the 1670 repositories on GitHub use bootstrap-sass as a dependency and applications associated with these repositories can potentially be compromised. Developers are advised to trace the use of the bootstrap-sass library among indirect dependencies and check whether the automatic upgrade to the backdoor version has been performed. Judging by the statistics of the RubyGems package, the backdoor package was downloaded about 1,500 times.

Information about a possible backdoor was published in the bug tracking system a few hours after placing the problematic release 3.2.0.3, after which the maintainers removed the problematic release from RubyGems about an hour later and changed their login passwords, but did not take into account that the removed versions could remain for several days on the mirrors. On April 3, an additional release 3.2.0.4 was created, completely analogous to version 3.2.0.2, which made it possible to get rid of the version with backdoor without switching to a new branch 3.4.