"Ruby on Rails: Up and Running," by Bruce A. Tate and Curt Hibbs

Pros: Concise, Clear, Well Organized
Cons: Insufficient
Rating: 2 out of 5

“Ruby on Rails: Up and Running,” is an overview of the Rails web development framework. There is a caveat up front that the book is not intended to replace the reference manual or google search. The goal is to get developers unfamiliar with the framework started quickly. I might rewrite that statement as, “This book will provide you enough information to decide you want to use Rails, but not enough to actually do so.”

The challenge of a book like this is in deciding what to leave out. (And if you think that it’s easy, give it a try.) Done right, this kind of book is like a roadmap to a larger subject. Done wrong, it’s frustratingly incomplete, as though the meat of the discussion has been elided in favor of a brief comment on the side of the page: “I have a truly marvelous demonstration of this proposition which this margin is too narrow to contain.” This is my gripe – the book reads as though the authors died tragically in a duel just a day or two before they’d planned to finish revising the manuscript.

Many of the concepts in the book are conveyed by examples. Good examples are wonderful for communicating about software, but they either need to stand on their own, self-explanatory and complete, or should be accompanied by some instructive text. In too many cases, they were neither.

For example, the section on schema migrations shows an example of creating a database. The great thing about migrations is the ability to move back and forth between various versions of the database schema automatically. However, there’s no explanation of what command and arguments to use to go back to a prior version of the database schema. Given that this is the benefit of the feature, it’s a strange omission.

Similarly, the book used a few examples to explain validation: validates_presence_of, validates_format_of, and validations_length_of. The section even notes that there are several kinds of validation — without giving a list of the options available. I would cheerfully have foregone the half page screenshot of Rails’ web documentation on page 14 – yes, I know what API documentation looks like in a browser window, thank you – to have a half page table of available validation options on page 35.

Generally my dissatisfaction is with the omissions; the content that’s present in the book is good. Only one error stood out enough to catch my eye, and it was a minor point in a footnote. The author noted the necessity of properly escaping HTML output. This is true, as it prevents attackers from inserting HTML into text rendered by the web site. This helps prevent cross site scripting attacks, among other things. The footnote, however, explains that this is to prevent SQL injection attacks. An SQL injection attack uses bogus input, such as to a web form, to force the database to run a query desired by the attacker. I don’t follow the author’s reasoning that escaping HTML characters in the output to a user’s browser will prevent an attack delivered as input to the database.

The latter chapters of the book did improve. The chapters on views and AJAX were more satisfying and seemed more complete than those on active records, but overall, I just didn’t get enough out of this book. I understand the goal was to create a short book to quickly get people up and running, not a complete reference. Yet, when I started working on my own project with Rails, I found it was other books and online references that I used to get up and running. The book was enough to convince me that I wanted to give Rails a try, but for the cost of a technical book, that’s not enough.