I'm a Rubyist for ~15 years and CTO of a Rails consultancy, Ask Me Anything!

citizen428 profile image Michael Kohl ・1 min read

I started coding on my Commodore 64 around 1991 and via Pascal, C, C++, Perl and PHP found my way to Ruby sometime around 2003/04. It's still one of my favorite languages and I currently serve as the CTO of a Rails consultancy. In the last few years I've also done more Python (mostly for machine learning and data science projects) and JS (there's no escape) and I'm really into Elixir.

I'm pretty active across various programming and FOSS communities and fairly frequently speak at different user groups and lately also at conferences (Deccan RubyConf in India, Ruby X Elixir Conf in Taiwan). Last weekend was my first time speaking at a PyCon (PyCon Thailand in Bangkok to be specific), which I also helped organize.

I'm originally from Austria, but also lived and/or worked in China, Turkey, and Italy. I moved to Bangkok in early 2014 and to everyone's surprise (including my own) I'm still here.


Posted on by:

citizen428 profile

Michael Kohl


I dev @ DEV. Your friendly neighborhood anarcho-cynicalist. ¯\_(ツ)_/¯ and (╯°□°)╯︵ ┻━┻) are my two natural states. Tag mod for #ruby, #fsharp, #ocaml


Editor guide

What are your thoughts about the future of Ruby on Rails and Ruby in general? Does it make sense to transition to Ruby or learn Ruby in 2018/2019, and what are your thoughts about the performance of Ruby? I'm a PHP guy who started delving into Ruby world recently, and I must say the performance difference between PHP and Ruby cli apps is really noticeable, e.g. rails commands are a lot slower than php artisan.


For my thoughts on the current/future situation of Ruby and Rails, please see my answer above, I don't want to repeat all of that here.

If you are looking for a new language to supplement/replace PHP then Python is a great choice. Apart from good web frameworks (Flask, Django etc.) it has a ton of data science and machine learning libraries, can be used for embedded systems programming with MicroPython etc. If your focus is purely on web you could do much worse than looking into Elixir and Phoenix, I think we'll see a lot more demand for that over the next few years.

Re performance: I have very little experience with PHP, but from 5.2 onwards Rails includes Bootsnap by Shopify, which significantly speeds up application load time. As for the "Ruby doesn't scale" trope, I'm honestly getting a bit tired of it. Pure startup time is pretty irrelevant for long running backend applications and I've seen way too many people complain about Ruby's performance as a language when their apps had much bigger performance problems like non-optimized images, non gzipp-ed responses, no CDNs, unindexed/badly indexed databases, not using fragment/russian-doll caching etc. I can recommend Rails Speed by Nate Berkopec if you're ever getting serious about properly optimizing Rails applications.


Thanks for the thorough reply :)


What are your go-to gems?

Both the every-project-needs-these and the little-known-but-great gems?


I'll leave out all the obvious ones that most Rails projects seem to use (e.g. pg, pry, devise, sidekiq). I also generally try to keep the number of gems to a minimum, e.g. by not dragging in an API client gem when all I need is to hit one endpoint.

In no particular order:

  • bundler-audit: Verifies your Bundle against the Ruby Advisory Database. I make this part of our CI pipeline so we can't deploy when we have vulnerable gems.
  • pundit: simple OO authorization
  • fast_jsonapi: JSON serialization. It's quite new and still has a few rough edges, but it's fast indeed and I like that it's rather explicit
  • secureheaders: sane defaults for security headers, by Twitter
  • lograge: less verbose log output in production
  • heroku-deflater: allows to serve your content gzip compressed when hosting on Heroku
  • nakayoshi_fork: Written by Koichi Sasada, this can potentially save quite a bit of memory when running forking servers by making Ruby's GC more copy-on-write friendly.
  • bullet: finds N+1 queries. Can also be used in RSpec so your tests fails when you introduce a new one. Also detects unnecessary eager loads.
  • nullalign: I'm a stickler for data consistency and properly using our RDBMS.
  • methodfinder: my own gem, but I do use it when teaching Ruby.

Thanks for pointing me to secureheaders and also nullalign :-)

I'm a stickler too for having constraints in the DB, you never know where data is going to come from :D

In that case you might also want to check out ActiveRecord::DatabaseValidations.

Thanks. I think this stuff should be the default in a widely used framework like Rails.


I definitely have my eye on nakayoshi_fork.


Any thoughts or experience with RubyMotion? I learned about it before I got a job, and I love the idea of writing native apps in Ruby, but it seems like (free) JS alternatives like React Native or Electron are more popular and probably work better.


No real experience, just a bit of playing around. But with Swift and Kotlin native coding moved more into the OOP+FP realm and JS seems a closer fit for that.

We recently built a non-trivial React Native app for a client and overall the experience was good.


It's allways great to see a rubyist making a living out of it.

Have you done any serious projects in Ruby without Rails?
What would you say are the most exciting gems or technologies in the Ruby ecosystem (I've seen you mentioning Sequel and Hanami)?


In fact, yes. I worked as a penetration tester/security consultant a few years back and used quite a bit of Ruby for that. Metasploit uses Ruby as a scripting language, which is one use case a lot of Rubyists are unaware of.

As for most exciting new Ruby gems/technologies, my vote goes to dry-rb (I contributed a bit, mostly to dry-monads). Hyperloop also looks interesting, but I didn't get around to try it yet. Personally I'm also very excited by mruby, which opens up embedded/IoT programming to Rubyists. Truffle Ruby also is very interesting, since it's already beating the target speed for Ruby 3 by a fair bit.


I might meet you at Deccan Ruby Conf this year!

What do you think about Ruby's future? Do you think Crystal/Elixir/Go/other languages will replace it and it'll be like how Perl is today?


I won't be able to make Deccan this year :-( But I have my eyes set on RubyConf India in Goa next January.

As to Ruby's future, I think in some ways it's looking better than it has in a long time. Hanami seems to be the first serious contender to Rails since back in the Merb days, and Sequel, rom-rb, and the dry-rb gems also are excellent additions to the Ruby ecosystem, both within Rails (see e.g. Exploding Rails by Ryan Bigg) or with Sinatra or Roda. On a language level there are some interesting features planned for Ruby 3 (MJIT, guilds etc.) and we're likely to see some of them released before, at least in preliminary versions. We also have TruffleRuby, a rather new and very interesting implementation of Ruby focussed on performance.

On the other hand, sometimes it feels a bit like "too little, too late", as several prominent Rubyists already have left the community over the past few years. It also doesn't help that Python is way ahead in the machine learning/data science game and chances for Ruby to catch up look pretty slim at this point, despite some recent positive developments in SciRuby (not least thanks to Sameer Deshmukh).

Overall this is a great time to be a Rubyist, and given how many project requests our and similar companies are receiving I'd say there's still plenty of Ruby/Rails work out there.


Have you been following the TruffleRuby project very closely? It seems like the Current Status section of the readme has been about the same for a while, so I'm curious where you think the project is?

I'm following as closely as I can, since this could potentially be a game changer for Ruby. Following Benoit's blog is a good way to get the latest info (he doesn't blog frequently though), apart from that you can just follow what happens on GitHub.

You should check out Crystal, it's a similar story, speed of C with syntax of Ruby.

I've been using Crystal on the side for a while, see my posts here:

I also published several Crystal shards, e.g. a Bitcoin RPC client and a bloom filter.

There's a very interesting web framework called Lucky developed by a Thoughtbot employee. I contributed a bit in the very beginning but currently don't have time for that.

Also one should note that while Crystal and Ruby look similar, they're semantically quite different.


What got you interested in Elixir?


Two things:

  1. I've been playing with Erlang since about 2010 and was always interested in its runtime.
  2. Jose Valim was a very prominent figure in the Ruby on Rails community before he started Elixir and I always admired his work. Getting to pair program with him for a bit at Ruby X Elixir Conf Taiwan definitely was a bit of fanboy moment for me.

Congrats on the opportunity with Jose!

Thanks! It was a great way to get introduced to some parts of the Erlang VM.


If we are in a language marketplace and I'm a software developer looking to buy a new language to learn, what would be your sales pitch for Ruby?


I'm not much into selling programming languages, everyone should use what feels enjoyable and productive to them.

That said, Josh Susser described Ruby as "the love child of Lisp and Smalltalk, raised by Perl the eccentric nanny", which I think is a most excellent description since it mentions all the main influences but also hints at the occasional quirkiness that arises from their combination.


For a total beginner, is there a go-to tutorial or course or book you could recommend on Ruby on Rails?


Michael Hartl's Rails Tutorial has been the go to resource for new Rails developers since the Rails 3 days. You also may want to invest in The Rails 5 Way by Obie Fernandez as a reference book. Once you learned the basics, do yourself a favor and read Objects on Rails by Avdi Grim, which while a bit dated is a great read on using proper OOP architecture for your Rails app.


What are the biggest security concerns in a typical Rails app?


Overall Rails has a really decent security story nowadays. If you follow the guide and use bundler-audit to verify your bundle against a CVE database you're off to a great start.

Apart from that, the OWASP Top 10 are not specific to a particular framework, so you should always keep an eye out for them. While it's a bit outdated in parts there's an OWASP Ruby on Rails Cheatsheet which I recommend reading.

We have a Rails template we start all our client work from, so I use that to enforce certain things so people can't just forget about them. For example ApplicationController has before_action :authenticate_user! to enforce Pundit, so people need to explicitly opt out for the actions where they really don't need it. At least it makes them stop and think for a bit ("Do I really NOT need to authenticate this?") which IMHO is good.

I also encourage to make Brakeman a part of your Rails development workflow, either via CI or locally. Static security analysis is not the easiest in a language as dynamic as Ruby, but Brakeman does a good job.