14 Aug 18:13

Today marks three years of PeepCode Screencasts and the beginning of the fourth. So were running a one-day sale!

Last week I recorded a presentation for the Oxente Rails where I pontificate on some of the things Ive learned about business over the past few years. Heres the presentation video (its about 30 minutes long):

Transcript

Introduction

I am Geoffrey Grosenbach and my company is PeepCode Screencasts.

Thank you for inviting me to speak over video at Oxente Rails today. Its an honor to be asked to speak and Im flattered to be able to speak on what Ive learned about business. Over the last few years Ive frequently been asked to be a paid sponsor for conferences, which seems to imply that people think Im running a business that makes money. But this is the first time Ive been asked to talk about it.

I guess thats not too surprising. Up until a few months ago I was the only person working at PeepCode daily. When people want to learn how to run a successful business, they probably want to hear from someone with dozens of employees and tens of millions of dollars a year in revenue.

But heres the first thing I want to tell you: Maybe thats not the kind of business you want to run. One of you asked How has your professional success improved your personal life? Honestly, its made it more stressful and less predictable than before! Its the difference between driving a motorcycle and riding one as a passenger.

As the owner of a business, youre the one who determines whether or not you keep your job. If you make good decisions, youll profit and the business stays alive. If you make bad decisions, youll see your bank account start to head south. But I can honestly say that I love that part of running a business. The things I do every day matter and have a real effect.

And yet its often unclear what should be done each day. There are a thousand little things that could be done, but they arent equally important. Creating new products, making connections with other businesses, working with subcontractors, advertising.

One of the successful businesspeople I admire is Adam Wiggins, currently co-founder of Heroku.com web hosting. He recently wrote a blog post where he compared video game skills to business skills and I think each of them were profound. The one I want to mention is Planning for an Uncertain Future. In games, in business, and in life, youre better off if you make plans for the future. But the kicker is that you dont know what future you should plan for. So you have two problems right away: guessing what will happen in the future, and then figuring out what you need to do to succeed against it.

I chose my unofficial company title of Senior Visionary with humor, but living up to it has become my daily goal. I encourage you to take the same title, and think of that as your role in your business.

Another thing you might not expect to hear from someone who claims to be a successful businessperson is that Im actually a bit surprised that Ive been able to run a business for this long. PeepCode starts its fourth year this month. Combined with a few years of consulting, Ive worked for my own company longer than Ive worked for any other single company.

Why am I surprised? Growing up I was not very good at board games or video games. Put me against most anyone in Monopoly, Risk, Settlers of Catan, or any other board game and Ill probably lose. At the time I was convinced that mastering these games was equivalent to mastering business in real life.

One of the most successful businesspeople I know personally is a friend from high school. He started a few businesses and has sold at least one for a million dollars. He was the first investor in ICanHasCheezeburger.com, so he is at least a visionary in terms of cat humor. He was fantastic at all kinds of strategy and board games, all the way down to how he operated the snack bar during school sporting events.

Fortunately those skills didnt turn out to be necessary to run a business. I can say that I won the first house poker tournament I entered a few years ago, so maybe theres a lesson. Learn to play poker!

One skill that is important is being able to respond to change. I frequently think back to a quote I saw in a skateboarding video from a few years ago where photographer Grant Brittain talked about the changes he had seen in the sport and business of skateboarding over the past 30 years. He said that everything changes, and if it stops changing, it dies. I think thats part of the stress and unpredictability of running a business: you can almost guarantee that a success one month or one year wont be successful the next year. Your skill as a businessperson isnt about finding one hit and riding it out, its about learning the skill of understanding the present, looking to the future, and making bets about what might happen.

True & False

Giving and receiving business advice is one of the most deceptive practices around. There are so many factors involved in starting and running a business that most people dont really know what initially made their business successful. And I usually suspect anyone who gives business advice because I assume they are holding back their best ideas for themselves. So lets start with two blatant falsehoods. Im limiting myself to Internet-based businesses of non-tangible goods. Software, digital products, websites.

Paid Products:

First, many people who try to start an Internet business are scared by the vocal, apparent majority who refuse to pay for anything online. When people learn what I do, they often say People pay for that? You often see this sentiment expressed on news aggregator sites or in comments on 99 iPhone apps complaining that they should be free. The easy conclusion is that no one should try to start an Internet business that charges for a product. Over the last three years Ive found this to be absolutely false.

There are two things to say here. First, the free product market is completely separate from the paid product market. I havent done a sociological study of this, but as far as I can tell from my business, there is an Internet economy made of people who dont pay for things and theres another entirely separate one made of people and businesses who have no problem with paying for products (an even prefer it).

This isnt a criticism of people who prefer free. I use many services that are free. But building a business on the free product market is very difficult, as has been shown repeatedly by startups that build a huge user base but cant figure out how to profit from it.

Second, charging a price for something changes the way people perceive it. We expect more from products and services we pay for. If I subscribe to a service and it doesnt fulfill my needs, I change to another one. Businesses have budgets that they need to spend on products that cost something. People give gifts and usually want them to have monetary value. People who try your free services might like them so much that they want to upgrade to a paid plan. This creates a responsibility for you, the entrepreneur, but its also a benefit because you know that the people who repeatedly buy your products find them to be useful.

So my advice is: if you are starting a business, build it around a product that you sell directly to people rather than trying to earn money on advertising or other means.

Instant Success:

A second falsehood is that products succeed or fail quickly. We like overnight success stories.

But, as has often been illustrated, inspirational success stories often have more history behind them.

The Flip video camera became the best-selling camera on Amazon.com from the first day it launched in 2007. The company was bought by Cisco earlier this year for almost $600 million. But the company had a long history of near failures or modest successes for the four years previous. They first sold a disposable still camera in 2003. Then they tried a disposable video camera that could be converted to a DVD. Then finally they made the USB-based Flip video camera that became a hit. (ref)

In contrast, one of my first products failed because I abandoned it while it was still popular. In 2002 I wrote a desktop RSS reader for the Mac. There werent many available at the time and mine had some advanced features such as the ability to use regular expressions to monitor a site that didnt yet publish an RSS feed. Cory Doctorow of Boing Boing tried it and wrote back with some feedback. But as a novice, I released one version, bought some advertising on a Mac news site, sold a couple dozen copies, and never touched it again. I have no idea if it could have been more successful because I stopped working on it before it had a chance.

So theres no shame in changing your product or the way you sell it, but stick with it. A business needs at least a few years of fine tuning to build momentum.

Products

So lets talk about products. There are several ways to sell software. You can sell a one-time product, usually a downloadable software application such as TextMate (39) or TaskPaper ($30).

Or you can sell a recurring service, usually on a website. Recurring services I use include Backpack calendar, Highrise address book, Blinksale invoicing, GitHub source code control, Sifter issue tracking, in addition to web hosting, DNS hosting and email hosting.

A third option is a one-time product that is released frequently such as PeepCode screencasts, books, magazines, etc.

Creating a product and fine-tuning it is one of the hardest things youll have to do when starting a business. Here are my personal goals for any product I create

• Sell an investment. By this I mean that your product should help the buyer make more money than was spent to acquire your product. When I sell a PeepCode screencast for $9, the customer should learn information that can be used to earn more than $9. Given the fact that a one-hour screencast takes several weeks to research and produce, I think this is pretty likely.
• Second, sell to businesses instead of consumers. This includes everything from one person businesses to universities, corporations, and even governments. People obviously make money selling to consumers, but Ive chosen to target businesses. This is partly because of point 1 and partly because businesses have budgets set aside for training, education, etc.

The type of product you choose to sell determines what goes into building it. A frequently released product probably requires less initial effort to build the first time. I spent one month on the very first PeepCode screencast. Recently I started a side project with a friend in Seattle. Its a desktop application and we expect to spend several months building the first version. A website or service could be anywhere in that range, all the way up to several years.

As a software developer, you have an incredible resources available to you, namely your mind and your time. A non-technical businessperson would need to hire a developer at expensive hourly rates, but you have those skills already. Areas you may need to invest real money into might be legal, accounting, and artistic/UI. Which leads to people.

People

In 1975, Fred Brooks wrote a book titled The Mythical Man-Month. One of the lesser known essays from that book suggests that software teams work like a surgical team. The surgeon performs the critical actions during surgery, but is assisted by specialists. The surgeon could prepare the patient for surgery, or reach over and grab a scalpel, or monitor vital signs, but this would be a waste of time. Instead, the surgeon focuses on what a surgeon does best.

In my experience, this is the first part of scaling a business. You could do the accounting, the front end web design, and the legal paperwork to get the business started, but it would be a waste of your time. My lawyer costs close to $300/hour, but he does great work and does it much more quickly than I could. My accountant helps me save thousands of dollars a year by figuring out when to pay taxes on time and how to do it. I have several outsourced assistants that transcribe audio, do research, reply to support emails, and other tasks. Post a job on your blog, or use a service like ODesk.com.

Business Partner:

Another person that you should think about is a business partner. This is a friend who has an interest in the success of the business and can complement your skills. I started PeepCode on my own and I think it would have gone much more smoothly if I had found someone to start it with. On the other hand, it could have been worse, too! A business partner should be someone you know well because youll be making many important decisions together.

Ideally, it would be a person who understands the technical side of the business but who skills that you dont: business management, artistic, usability, financial.

Running a business involves both macro-decisions (such as what product to create or what to call the business) and micro-decisions (such as what shade of pink to use for the logo or what to work on today).

Paul Graham recently wrote an essay contrasting the daily schedule of managers vs. creative individuals. Managers and businesspeople might do 20 different things in a day and have no problem adding another thing to their schedule. Creators need at least a half day or even a full day to build momentum. If youre the only one working on the business, youll have to do both. So split your week into alternating days of managing and making, or get a business partner who can do the managing so you can focus on creating.

The Rest of Life

One more thing before I address some questions. Dont forget about the rest of your life.

I work very hard on PeepCode, but I limit myself to about 10 hours a day maximum. If youre always at the computer, you miss out on other ways of thinking. A nap can be useful in the middle of the day both to recharge your body and to let your subconscious mind focus on a problem.

Get exercise. I interviewed a brain researcher who observed that the mind is less active when the body is sedentary. And not just weight lifting eitheryou need to get your heart rate up. I run or bike a few times a week and I notice a huge difference when I do it.

Conclusion

In conclusion,

• Charge a fair price for your product.
• Stick with it for at least a year, maybe a few years.
• Choose a type of product that matches the time, effort, and money that you want to invest.
• Surround yourself with specialists.
• Start the business with one other person that you know well.
• Work reasonable hours and get exercise.

Questions

A few questions that were sent in previously.

How did you decide to start making money with screencasts, something that nobody (or almost nobody) used to do before PeepCode?

The most straightforward answer is that I wanted to buy quality screencasts on technical topics and no one else was doing it. I made a product that I wanted to use myself.

I knew that screencasts were popular. You have the original Build a Rails Blog in 10 Minutes screencast. Other people were posting screencasts to their blogs in those early days but they would often mumble into the microphone and they werent very well presented.

I knew that screencasts could make money. At MacWorld a few years ago, Lynda.com had one of the biggest booths on the entire show floor. They produce top notch screencasts on Adobe Photoshop, After Effects, and other visual applications. And they run a profitable business doing it.

So the last step was just experimentation. I literally started out with just a blog, a link to a third-party shopping cart, and a video I had spent a month on. It was nowhere near to the visual quality of the screencasts we make today, but people loved the content and they bought enough copies to tell me that I should keep doing it.

Since then, several other publishers have gotten into the screencasting business. Ryan Bates started his excellent RailsCasts blog with a huge following (I was the first paying advertiser on his site for its first year).

So you have to start with an idea and try it. Hypothesis, experimentation, evaluation.

Was it an extra challenge to convince people to buy something digital? Non concrete?

I knew that some people would never pay for digital products, so my goal wasnt to convince them to pay for a digital product.

If your business depends on convincing people to do something they dont want to do, it will fail. Think of any popular or successful business. Its probably because they help people do something they already want to do.

My goal was to find out if there were people who wanted what I wanted and could make a mental calculation to figure out that its actually a better investment of their time and money to pay $9 for a screencast that will save them days of hunting for that information. It turns out that there are a lot of those people.

One of my favorite books is Information Anxiety by Richard Saul Wurman, founder of the TED conferences. He talks about the flood of information available to us and the value of consuming a filtered stream of information that tells us just what we need to know. Theres actually a value in filtering the available information, reducing it down to the essentials in a format that can be consumed quickly. Thats what Im offering.

Even now, you can probably find some leaked PeepCode products on BitTorrent if you spend enough time hunting. But many people have told me that they discovered PeepCode there and later came to buy it at my site, so I call that a win.

What were the biggest mistakes you commited at PeepCode? What did you learn with them?

Thats a great question. Mistake: a wrong or misguided action, sometimes because of inexperience. My whole experience has been a process of going from inexperience to learning how things should be done!

I started PeepCode with blog software and a third party shopping cart that took a 20% fee. Theres no way I could run the business now if I still used that system. But it helped me start and I dont regret it.

I put a lot of time, money, and development into building a PDF publishing system, but it turns out that people want video from PeepCode. The publishing system is really great for publishing on code-related topics. Authors write in Textile or Markdown, like a blog article. But other than a few titles that sold really well, it turns out to be better for me to take the same content and publish video instead.

I waited way too long to buy decent software. A quality video editing suite was US$1,300 at the time and seemed like a lot of money, so I edited by cutting and pasting into the Quicktime Player for the first year of PeepCode. Since then Ive bought over $5,000 of software for editing, effects and compression. It has been worth every penny. But when youre starting, youre worried about spending too much money and dont want to go nuts with every piece of hardware and software that catches your eye. For example, I bought a MacBook Air which is horrible machine for video editing (even though many developers use it daily for coding).

Some mistakes may still be in process! Last month I signed a contract to distribute some PeepCode content through a third-party publisher. I have no idea if this will turn out to be a good idea or a bad one. But I can cancel on short notice, without which I wouldnt have signed it. So like many other ideas, its a hypothesis and Im testing it against the real world.

What did you use to do before becoming an entrepreneur? And why did you decide to become one?

My university degree is in Philosophy. Ive hacked on computers since I was 10 years old and worked at a startup writing software in Java and old-school ASP while I was still at the university. Afterward I worked at a few other startups writing Perl, taught computer-related topics at an American school in Taiwan, and worked as a Rails freelancer and workshop instructor.

I wanted to become an entrepreneur because I thought I could run a business better than the other businesses I had worked for. Most of them made horrible mistakes and still survived in some form. So I thought if I could operate a business without making mistakes of that magnitude, I could do well.

I also wanted to see if my ideas were worthwhile or not.

What is the current statistics for Brasil and Latin America regarding PeepCode products?

Last year Brasil was the 6th highest purchaser of PeepCode products. So far this year it has been overtaken by France, Sweden, and Holland, but the year isnt over yet!

About half of PeepCode products are bought in the USA, a quarter go to other English speaking countries like the UK, Canada, and Australia. The rest is split between 100 other countries led by Germany, France, Sweden, Holland, and Brasil.

Weve published translations of a few PDFs but people were mostly interested in the English versions.

---

PeepCode Screencasts Learn Ruby on Rails and Javascript! Hour-long screencasts for $9.

16 May 01:25

On Thursday I presented remotely at RubyFest about MacRuby. I put together a 30 minute video and short demo app.

Download MacRuby Presentation at RubyFest, 46 MB

Im also putting the final tweaks on a MacRuby screencast at PeepCode, prepared by Alex Vollmer with technical review by Laurent Sansonetti. Look for it on Monday!

NOTE: The full tutorial screencast is now available here: PeepCode Meet MacRuby

---

PeepCode Screencasts Learn Ruby on Rails and Javascript! Hour-long screencasts for $9.

06 Dec 00:34

And with my handheld portable all-purpose lightweight doohickey I fuse thoughts and try not to be too picky. Buck65

Im personally offended that you enjoy the software you work with ;)al3x

Update: Full 60-minute screencast now available at PeepCode!

A few weeks ago I decided to try out Emacs. I wasnt especially dissatisfied with TextMate but felt that I had neglected to educate myself about a major part of computer science history. Somewhat like a DJ who has never heard Grandmaster Flash (who purportedly invented much of the hardware used to create music with multiple turntables). I felt that I needed to try out one of the classic text editors still used by many today.

My history with text editors over the last 10 years goes something like:

• BBEdit
• vim (for about 6 months)
• Smultron
• TextMate

Screencast

Ive assembled a short screencast of my initial impressions:

Initial Impressions

The Good Stuff

Heres a short list of what Im enjoying about it so far:

• Efficiently keyboard driven. No need to use the mouse at all.
• Window splits for viewing multiple files (and shells) at once.
• Powerful editing.
• The ease with which one can work with dozens of files without getting confused.
• Super customizable.
• Easy to keep settings, snippets, plugins, etc. synchronized between desktop and laptop with Git.
• Quality plugins from the community.
• The aha moment when parts of code make more sense given the fact that Emacs was used by Matz, Ryan Davis, Nathan Weizenbaum, etc. to author them.
• That unidentifiable elitist feeling you get from using a tool thats too difficult or awkward for most people.

The Awkward Bits

• No GUI for preferences.
• Mac OS X integration is just barely good enough to get by. For example, I cant get Hide Others to work except by using the mouse.
• Its assumed that youll do most work from within Emacs itself rather than piping text to it.
• Crashes when trying to switch color themes. This may be a problem with the color theme plugin Im using.
• Its difficult to think about content and files instead of icons and buttons.

Getting Started

Installing, learning, and configuring Emacs is unfortunately not easy. Im working on a PeepCode screencast with Phil Hagelberg that I hope to finish within the next few weeks. In the meantime, here are some resources I used to get started on Mac OS X:

• Install from Git mirror of the source
• See the nextstep/INSTALL file for Mac installation instructions.
• Phil Hagelbergs starter kitTremendously useful.
• My current configUse at your own risk. Yes, I use a huge font size.

Useful Plugins

• yasnippet.elTextMate-style tab trigger snippets with mirroring, defaults, etc.
• textmate.elProvides tremendously useful keyboard shortcuts for TextMate switchers. Ive modified it to work with my setup.
• magitGit integration.

See Also

• Full 60-minute screencast now available at PeepCode!
• Alex Payne on the flight to old text editors
• Phil Hagelberg on learning emacsPlus links to other blog articles about recent adopters

And a word from our sponsor

New hot-selling PeepCode Screencast authored by Lars Pind.

---

PeepCode Screencasts Learn Ruby on Rails and Javascript! Hour-long screencasts for $9.

09 Feb 11:05

Some of the biggest changes in Rails 3 involve how Rails expects plugins to behave.

Dependencies

If your plugin has dependencies, make it a gem and have your users install it using the Gemfile. This will ensure that Bundler properly calculates the dependencies alongside any other dependencies the users app has.

If You Override Something, Require It

If you need to override ActionController, ActiveRecord or other Rails frameworks, require them first, then override. Instead of assuming that Rails will require your gem plugin at a correct time, assume that the user will require your plugin extremely early.

This gives you the opportunity to hook in earlier to the initialization process, but it also means that you should explicitly require the dependencies you need.

# in your_lib.rbrequire "active_record" require "your_lib/extensions" ActiveRecord::Base.class_eval { include YourLib::Extensions }

Use a Railtie, But Only if You Need To

Even though you can expect your gem to load very early, you might still need to hook into a later part of the initialization process. If you do, inherit from Rails::Railties. Inside of a Railtie, you can declare a block that Rails should run when it runs Rakefiles, specify initialization blocks, add a subscriber to the notification system, and specify generators to load.

class TestingFu < Rails::Railtie  # This creates a config.my_plugin in the user's Application  railtie_name :testing_fu  rake_task do    load "testing_fu/tasks.rake"   end  # specify the default generators for test frameworks  config.generators.test_framework :testing_fu  # you can also specify :before or :after to ensure that  # your initializer block runs before or after another  # initializer block  initializer :setup_my_plugin do |app|    # in here, I have access to the user's application,    # which gives me access to app.config  endend

Make sure to require any railties that you intend to extend. For instance, if you want to run an initializer before one defined in ActionController, require action_controller/railtie

That said, dont use a Railtie if your code does not need to hook into any part of the Rails lifecycle. When possible, simply create a standard Ruby library, requiring the parts of Rails you need to override.

Engines

Engines in plugins (vendor/plugins) work as they did in Rails 2. In a gem, youll need to provide a Rails::Engine subclass:

# lib/my_engine.rbmodule MyEngine  class Engine < ::Rails::Engine    engine_name :my_engine  endend

Place your app directory next to the lib directory and Rails will pick it up. You can read the documentation for Railte, Engine, Plugin and Application, all in just one place, here: https://gist.github.com/e139fa787aa882c0aa9c

Start a Conversation at railsplugins.org

In order to make this process easier, Engine Yard has put together railsplugins.org. If youre a plugin author, please submit your plugins to that site. You can tell users whether or not you expect your plugins to work on Rails 3, whether or not your users can run them in threadsafe mode, and whether they run on JRuby.

Once youve put a plugin up there, users can say that they either agree that your plugin runs or disagree, with a comment about what is broken. You can reply to any such comments, and the user can change his mind if he just made a mistake. When you submit a new version, the site creates a whole new page, so comments about things not working on a previous version dont clutter up the current version (users can still get at the old versions if they wish).

If we do this right, the Rails community will have a strong sense of what works on Rails 3 and what doesnt. Have at it!

15 Jan 12:12

RailsBridge has organized a Rails 3 Bugmash on January 16th and 17th. The idea is to try and upgrade your apps and favourite plugins/gems to work with Rails 3 and make the upgrade path as smooth as possible for everyone else by documenting the process and fixing the bugs you encounter. Rails core team and others will be around in #railsbridge to help out the participants during the bugmash. Check the RailsBridge announcement for more details.

30 Nov 19:58

Rails 2.3.5 was released over the weekend which provides several bug-fixes and one security fix. It should be fully compatible with all prior 2.3.x releases and can be easily upgraded to with gem update rails. The most interesting bits can be summarized in three points.

Improved compatibility with Ruby 1.9

There were a few small bugs preventing full compatibility with Ruby 1.9. However, we wouldnt be surprised you were already running Rails 2.3.X successfully before these bugs were fixed (they were small).

RailsXss plugin availability

As you may have heard, in Rails 3 we are now automatically escaping all string content in erb (where as before you needed to use h() to escape). If you want to have this functionality today you can install Kozs RailsXss plugin in Rails 2.3.5.

Fixes for the Nokogiri backend for XmlMini

With Rails 2.3 we were given the ability to switch out the default XML parser from REXML to other faster parsers like Nokogiri. There were a few issues with using Nokogiri which are now resolved, so if your application is parsing lots of xml you may want to switch to this faster XML parser.

And thats the gist of it

Feel free to browse through the commit history if youd like to see what else has been fixed (but its mostly small stuff).

25 Dec 03:53

With technical review by jQTouch author David Kaneda!

jQTouch makes programming for mobile browsers fun! Simple HTML, CSS, and jQuery Javascript combine to make it easy to build applications for WebKit-based mobile browsers like the iPhone/iPod Touch, Android, and Palm webOS.

The framework is sparsely documented, but after watching this 70 minute screencast youll have a firm understanding of how applications are built and how to extend and customize them.

This screencast covers:

• jQTouch Intro
• Architecture
• Markup
• Forms
• Styling
• Javascript Behavior
• Full Strength Ajax
• Offline Caching

See the graphic below for a full list of chapters and sub-sections.

Available to PeepCode Unlimited Subscribers or alone for only US$9!

09 Nov 16:49

by Geoffrey Grosenbach

Two years in the making, its the PeepCode screencast on jQuery, the popular Javascript framework for developing web applications.

jQuery stormed out of the gate and quickly won the hearts of developers. Its design and implementation make it easy for you to accomplish basic tasks. Extendability is built in with its plugin architecture (youll write one in this screencast). You can organize code around native Javascript objects (youll do that, too!).

Researching and producing this screencast converted the author from a jQuery skeptic to a believer. If you want to understand the fundamentals in an easy, fun way with the high production values, motion graphics, and straight-to-the-point depth of PeepCode, this is the screencast for you!

In addition, youll learn about the Pomodoro time managment technique by building a simple time-tracking application.

Topics covered in this tutorial include:

• jQuery Core Concepts
• Browser Tools
• Brief Javascript Primer
• The Mighty Dollar Function
• Selectors
• Implementing a Pomodoro Task Management Application
• Design and Write a Plugin
• Event Handling and live()
• Using extend()
• Understanding the this keyword
• Using the debugger
• Code Organization with Javascript Objects
• Basic Animation
• Using Timers

Future screencasts will cover Ajax and Test-Driven Development.

With thanks to Paul Ardeleanu and Carlos Rodriguez.

15 Oct 23:49

PeepCode has teamed up with Gregg Pollack, Jason Seifer, and David A. Black of Envycasts to provide you with their current library of screencasts!

Jump into the future of Ruby with this two part series on the distinguishing new features of Ruby 1.9. Topics covered in this 41-minute screencast include:

• Hashes
• Arrays
• Symbols
• Enumerators
• Enumerable
• RubyGems

Part II completes the series and is available now.

Available to PeepCode Unlimited subscribers, or with your PeepCode credits, or as a single purchase for only US$9!

02 Oct 10:04
Ok, people. I’ve been playing with Edge in dev for a while now and since the Rails team has been so kind as to tag the pre-release, I figured what the hell, right? Let’s throw it in prod and see what happens! Well, lucky for me I’ve been keeping my source pretty current, killing off any deprecated practices from the original code base (just found a stray “end_form_tag”, OMG!) and trying to pay attention to the new warnings.

So far the only gotchas were, I was using the MySQL plugin and not the gem. I’ve since configured my Site5 account to use gems so that’s not a problem and I had a few outdated conventions that I fixed. I’m hoping that I got everything, I mean, after all, my tests passed so everything should be fine! If you guys come across anything out of the ordinary, any error, anything I’d love it if you’d please let me know

Also, I’ve got 6 pounce invites if anyone still is looking for those. :)

02 Oct 07:27
“The gospel is not a tranquilizer for worried weaklings to help them sleep at night. “It is not a mass of dead dogmas, deep frozen in some ancient cathedral to be carried as a burden through life and thawed out five minutes before death. “The gospel is not a list of religious rules and regulations to be [...]

02 Oct 03:00
David Heinemeier Hansson gives the Rails community its birthday and Christmas presents all at once with the announcement of a preview release of Rails 2.0: Behold, behold, Rails 2.0 is almost here. But before we can slap on the final stamp, were going to pass through a couple of trial release phases. The first is this [...]

10 Jan 09:52

A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.

We already have a fix for it. Releases for every active branches are to follow this announce. But for a meantime, we recommend you to avoid looking at your WEBrick logs, until you update your WEBrick process.

Detailed description

Terminal escape sequences are used to allow various forms of interaction between a terminal and a inside process. The problem is that those sequences are not intended to be issued by untrusted sources; such as network inputs. So if a remote attacker could inject escape sequences into WEBrick logs, and a victim happen to consult them through his/her terminal, the attacker could take advantages of various weaknesses in terminal emulators.

And WEBrick fails to filter those terminal escape sequences.

Example:

% xterm -e ruby -rwebrick -e 'WEBrick::HTTPServer.new(:Port=>8080).start' &% wget http://localhost:8080/%1b%5d%32%3b%6f%77%6e%65%64%07%0a

Watch out for the window title of xterm.

Affected versions

• Ruby 1.8.6 patchlevel 383 and all prior versions
• Ruby 1.8.7 patchlevel 248 and all prior versions
• Development versions of Ruby 1.8 (1.8.8dev)
• Ruby 1.9.1 patchlevel 376 and all prior versions
• Development versions of Ruby 1.9 (1.9.2dev)

Solutions

• Fixes for 1.8.6, 1.8.7, and 1.9.1 are to follow this announce.
  • Update 1.8.7 pl. 249 was released to fix this issue. 1.8.7 users are encouraged to upgrade.
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p249.tar.gz
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p249.tar.bz2
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p249.zip
  • Update 1.9.1 pl. 378 was released to fix this issue. 1.9.1 users are encouraged to upgrade.
    • ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.gz
    • ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.bz2
    • ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.zip
  • Update 1.8.6 pl. 388 was released to fix this issue. 1.8.6 users are encouraged to upgrade.
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p388.tar.gz
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p388.tar.bz2
    • ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p388.zip
• For development versions, please update to the most recent revision for each development branch.

Credit

Credit to Giovanni "evilaliv3" Pellerano, Alessandro "jekil" Tanasi, and Francesco "ascii" Ongaro for discovering this vulnerability.

07 Dec 05:06

Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.

CVE-2009-4124

<!-- RDLabel: "CVE-2009-4124" -->

The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.

I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.

Other fixes

<!-- RDLabel: "Other fixes" -->

In addition, 1.9.1-p376 includes > 100 bug fixes.

• Irb extension commands had been broken. It was fixed.
• Ripper had not been able to parse some Ruby codes. It was fixed.
• Fixed build failures on AIX.
• Some bug fixes of Matrix.
• Can load gems which is installed in an user's home directory.
• Some method became returning a string with a correct encoding.

See the ChangeLog for more detail.

• <URL:http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1/ChangeLog>

Location

<!-- RDLabel: "Location" -->

• <URL:http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.bz2><dl>
  SIZE:
  <!-- RDLabel: "SIZE:" -->
  7293106 bytes
  MD5:
  <!-- RDLabel: "MD5:" -->
  e019ae9c643c5efe91be49e29781fb94
  SHA256:
  <!-- RDLabel: "SHA256:" -->
  79164e647e23bb7c705195e0075ce6020c30dd5ec4f8c8a12a100fe0eb0d6783
  </dl>
• <URL:http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.gz><dl>
  SIZE:
  <!-- RDLabel: "SIZE:" -->
  9073007 bytes
  MD5:
  <!-- RDLabel: "MD5:" -->
  ebb20550a11e7f1a2fbd6fdec2a3e0a3
  SHA256:
  <!-- RDLabel: "SHA256:" -->
  58b8fc1645283fcf3d5be195dffcaf55b7c85cbc210074273b57b835409b21ca
  </dl>
• <URL:http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.zip><dl>
  SIZE:
  <!-- RDLabel: "SIZE:" -->
  10337871 bytes
  MD5:
  <!-- RDLabel: "MD5:" -->
  d4d5e62f65cb92a281f1569a7f25371b
  SHA256:
  <!-- RDLabel: "SHA256:" -->
  486d3efdab269040ce7142964ba3a4e0d46f0a5b812136bcac7e5bafc726c14e
  </dl>

03 Dec 20:22

MountainWest RubyConf 2010 will be held March 11 and 12, 2010, in Salt Lake City, UT, USA.

http://mtnwestrubyconf.org

Talk proposals are being accepted right this very minute!

Submit yours here.

But dont delay! The submission deadline is midnight (MST) on December 31st, 2009.