Simon Willison’s Weblog

ErlyWeb vs. Ruby on Rails EC2 Performance Showdown. ErlyWeb’s peak response rate beats Rails by 47x, albeit with a hugely simplified benchmark. More interesting than the results is the idea of using EC2 for benchmarking on identical simulated hardware.

# 10th December 2007, 3:27 pm / amazon, benchmarks, ec2, erlang, erlyweb, performance, rails, virtualisation, yarivsadan

Why the h can’t Rails escape HTML automatically? It would be a pretty huge change, but auto-escaping in Rails 2.0 could close up a lot of accidental XSS holes.

# 1st December 2007, 8:34 pm / autoescaping, django, rails, security, xss

BBC Radio Labs: Perl on Rails. BBC engineered built their own Rails clone in Perl to fit in with the BBC’s engineering infrastructure—it’s already running the new programmes guide.

# 1st December 2007, 1 am / bbc, perl, rails

Two Weeks With Django. A Rails developer tries Django but ends up switching back to Rails. I think we could definitely take some steps towards making the initial user experience a bit smoother—currently you have to decide things like how you’ll serve static files and where you’ll keep your templates. Once you’ve got that lot set up it’s mostly plain sailing but it does mean there’s a bit of a bump in the learning curve.

# 15th October 2007, 9:51 pm / django, john-taber, rails

Two months with Ruby on Rails. Good rant—covers both the good and the bad. The first complaint is the lack of XSS protection by default in the template language. Django has the same problem, but the solution was 90% there when I saw Malcolm at OSCON.

# 9th October 2007, 12:23 pm / django, python, rails, ruby, security, xss

Rails 1.2.4: Maintenance release. “Session fixation attacks are mitigated by removing support for URL-based sessions”—I’ve always hated URL-based sessions; I’d be interested to hear if their removal from Rails causes legitimate problems for anyone.

# 5th October 2007, 11:42 pm / rails, security, sessionfixation, sessions

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.

# 4th October 2007, 2:53 pm / dopplr, facebook, fowa, fowa2007, gmail, identitymatcher, matt-biddulph, microformats, openid, plugins, portablesocialnetwork, rails, ruby, socialgraph, twitter

7 reasons I switched back to PHP after 2 years on Rails. After two years working on a Rails rewrite of CD Baby, Derek Sivers scrapped it and instead rewrote the PHP version using Rails-inspired design principles. Derek would still use Rails for a greenfield project though.

# 23rd September 2007, 8:49 am / cdbaby, derek-sivers, php, rails, rewrites

Bust A Name. Smart Ajax powered domain search; you give it some words, it shows you available combinations. It’s still almost impossible to find something that doesn’t suck though.

# 20th August 2007, 3:40 pm / ajax, bustaname, domains, rails

Scale rails from one box to three, four and five. Excellent, concise run-down of what it takes to scale a web application. Most of the advice is easily portable to other frameworks.

# 30th July 2007, 1:40 pm / courtenay, rails, scaling

Disambiguated URLs with Ruby on Rails. Using before_filter to remove trailing slashes and a few lines of lighttpd configuration to kill the www.

# 24th July 2007, 3:18 pm / disambiguated, lighttpd, nowww, rails, rubyonrails, urls

One App, One User Account and Multiple OpenIDs. Dr Nic on allowing many OpenIDs to be associated with a single account.

# 22nd July 2007, 9:42 pm / nicwilliams, openid, rails

Just what web server should be sitting in front of my Rails application? Includes some interesting notes about Varnish, PHK’s high performance, highly configurable front-end caching server (essentially a much more modern version of Squid).

# 17th July 2007, 1:29 pm / jason-hoffman, joyent, nginx, phk, rails, squid, varnish

SELECT * FROM everything, or why databases are awesome. I’m beginning to think that for scalable applications the thinner your ORM is the better—if you even use one at all.

# 22nd June 2007, 12:40 am / blaine-cook, databases, orm, rails, scaling, sql, twitter

Rails and Scaling with Multiple Databases. Ryan Tomayko explains how his team spreads a high traffic Rails application across five separate PostgreSQL databases by giving each client their own schema—similar to how WordPress MU scales.

# 14th April 2007, 2:32 am / postgresql, rails, ryan-tomayko, scaling, wordpress

XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.

# 12th March 2007, 12:34 am / jacques-distler, rails, security, xss

Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names.

# 10th March 2007, 5:41 pm / aol, ficlets, openid, openidconsumer, rails

The No-Shit Guide To Supporting OpenID In Your Applications. Fantastically useful: Dan Webb digs through the API documentation so you don’t have to. The example code is for Rails but the PHP and Python libraries work in much the same way.

# 27th February 2007, 1:56 am / dan-webb, openid, rails

OpenID makes web identities real and appealing. DHH has caught the OpenID bug. Expect to see a flurry of activity around OpenID in the Rails community over the next few weeks.

# 26th February 2007, 10:31 am / dhh, openid, rails

Rails 1.2.1 Impression. I hadn’t seen assert_select before, which lets you unit test generated HTML using CSS selectors; a really neat idea.

# 15th February 2007, 9:14 am / assertselect, css, rails, unittests

A brief update with some numbers for hardware load-balanced mongrels. 4000 requests/second on 48 mongrels behind a hardware load balancer.

# 5th February 2007, 12:38 am / mongrel, rails, scaling