 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
“Compress the complexity of modern web apps,” promises Ruby on Rails.
“What’s happened over the past let’s say 10 years, in my experience, is that we’ve sort of all turned into pink elephants — pink elephants tied with a tiny rope of learned helplessness, when it comes to deployment,” says Ruby on Rails creator David Heinemeier Hansson. “The entire industry has cultivated a fear of touching a server! A fear of being responsible for a computer!”
Or, as Hansson put it in a Nov. 7 blog post, “Deploying modern web apps — with all the provisions needed to be fast and secure while easily updateable — has become so hard that many developers don’t dare do it without a PaaS.”
“But that’s ridiculous.”
With the latest version of Ruby on Rails, Hansson hopes to eliminate even the need for caching dependencies like nginx and other proxy services, while continuing his anti-PaaS crusade. “Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable,” Hansson writes. “That’s a job for open source, and Rails 8 is ready to solve it.”
Hansson’s blog post touted all the new features Rails 8 brings to its long-running application framework. There’s a deployment tool with a new feature-loaded proxy, speedy new database-backed adapters for caching and queuing, and a slick new default asset pipeline. Also, there is what Hansson describes as “a complete authentication system generator, which creates an excellent starting point for a session-based, password-resettable, metadata-tracking authentication system.”
But along the way, he’s also trying to remind developers that they really can go it alone, armed only with the power of Rails. And it’s a point he hammered home in a late-September keynote at the Rails World conference in Toronto.
Hansson started by calling out an almost diabolical plan. “You convinced programmers that computers were so fucking hard that they shouldn’t touch them themselves? Bravo….” And then he drew a laugh — and applause — when he said, “The problem, in part, is…” — and then put up the AWS logo.
Hansson conceded that “AWS is amazing” (in a “we humans are capable of this” way). “We humans are capable of putting an entire army of server monkeys behind an API, and they can run real fast… ” But as he sees it, most companies don’t have the same gargantuan traffic spikes as Amazon does around, say, Black Friday. “Most of us don’t live in that context. Most applications, most of the time, do not have a problem that requires constant racking of server monkeys behind an API. And the price we pay — for the insurance policy in case we did — is exceptionally high. Not just monetarily, but complexity-wise…”
“The entire industry has cultivated a fear of touching a server! A fear of being responsible for a computer!”
In Hansson’s telling AWS is, unfortunately, a business where “The incentive for AWS is for you to stay a pink elephant forever. Forever to be petrified of the server. Forever to be petrified of running your own ship.”
“No,” Hansson says dramatically, putting up a picture of a Batman villain. “We’re not going to let the Joker win…!”
So, how exactly will Rails 8 make deployment easier? Partly by shipping with a preconfigured version of the deployment tool Kamal 2, which Hansson describes as “how you’re going to get your application into the cloud, or into your own hardware, or into any container or into anywhere you want to put it…”
In fact, it’s Kamal that allows companies to actually leave the cloud, Hansson says — and Kamal 2 “levels this up substantially. It does auto-SSL, so you don’t even have to know anything about how to provision an SSL certificate — it does it automatically through Let’s Encrypt. It allows multiple applications to run on a single server, so we scale down as well as scaling up…” Hansson’s blog post explains just how easy it is: Kamal “takes a fresh Linux box and turns it into an application or accessory server with just a single kamal setup command. All it needs is the IP addresses for a set of servers with your SSH key deposited, and you’ll be ready to go into production in under two minutes.”
It’s simple and its quick, Hansson writes, partly because Rails already ships with a Dockerfile “for turning your application into a production-ready container image out of the box. All you need to bring is your own container registry account, like Docker Hub or GitHub, for storing the images.” And in his keynote, Hansson noted even that Dockerfile has been upgraded in Rails 8 with a new HTTP/2 proxy (in front of the Puma web server) called Thruster, offering asset caching and compression, plus X-Sendfile acceleration, “installed by default in our lovely default Docker image…”
This all means that the default Rails 8 container “is ready to accept traffic from the internet immediately,” Hansson’s blog post explains. Kamal 2’s proxy also boasts built-in integration for 1Password, Bitwarden, and LastPass.
And in his keynote, Hansson emphasized it’s all part of the larger mission to eliminate dependencies like nginx and other proxies and “things you have to put in front of your application before it’s ready to face the internet.
“The mission for Rails 8 was, the Rails 8 container image that comes out of the default setup should be directly exposable to the internet. It should be fast, it should be secure, it should be easy to use, and it should require no expertise.”
During his keynote, Hansson mocked the argument that a PaaS offers higher security. “‘What about the hacker? He’s going to get me!’ That’s the pink elephant talking,” he quipped.
He put up a slide with the simple instructions for setting up SSH key authentication and a firewall with a nice UI — saying 90% of Linux Box security is essentially just remembering to lock the door.
“We’re not going to let them convince us that servers are so difficult that AWS should have 40% margins.”
Hansson told his audience that the cure for server phobia was Linux. And soon he’d put a slide with the word Authentication, though he cautioned the audience that “Rails 8 is not going to ship with ‘device’. It’s not going to ship with a black box of security.”
Instead, back in last December, Hansson promised “a basic authentication generator that essentially works as a scaffold” to teach Rail developers how to set up security themselves. “It’s going to put you on the path of learning what the fuck is going on…” Hansson told his audience at Rails World. “You actually have to realize that authenticating a user is not worth being a pink elephant for — let alone paying someone else to do it. You should understand the basics of secure passwords. It’s not the difficult.”
Hansson also made a point of saying he’s already proud of how Rails 7 discarded the baggage of the past and simplified the asset pipeline for CSS and JavaScript… But they’ve made it even simpler in Rails 8 with a brand new asset pipeline library called Propshaft. “The database today is so fast that we do not need RAM for most operations. And we should take full advantage of that. And in Rails 8, we have.”
This ultimately means low-latency performance without the need to implement a quick-response database tool like Redis, Hansson says. Instead, Rails 8 ships with its own trio of powerful database-based adapters:
It’s simpler under the hood, too. As Hansson explained on the Changelog podcast, “Rails 8 uses SQLite for literally everything out of the box. We use SQLite for the jobs, the queuing backend, we use SQLite for caching, we use SQLite for the web sockets coordination… And obviously we use SQLite for the main database that your domain models are being persisted into. That’s all of it, which means that the deployment story gets so much better, gets so much simpler.”
And as the podcast continued, Hansson marveled at how quickly a project can now be “full-on ready to go, ready to serve internet traffic. I have everything exposed here as a real IP to the internet. That path has never been shorter. And not only has it never been shorter, the fact that it no longer leans on some commercial subscription that you need — that just warms my heart…”
On the podcast, Hansson said he wants to create a world where “the bare metal deployment scenario looks virtually identical to the cloud deployment scenario.” And he’s proud of the tools they’ve now created. In his keynote he said Solid Queue is already handling 20 million jobs a day for HEY, and “we have another 80 million jobs to run on Basecamp and some of our other systems. We’re going to bring it all onto Solid Queue to run about 100 million jobs a day. It works. It’s good. It’s easier.
“It does not require seven gems, and you can take Redis out of your stack when you shift.”
Enjoy the entire talk here:
