Is SecureRandom.choose the wrong name for generating randomized strings with Ruby?

I frequently need to generate a short, random string:

  • I need a non-numeric, non-enumerable url ID. e.g.
  • I need to generate a short, human-readable random activation token and I don’t want it to contain similar-looking characters like 1I or O0
  • I want to do something fun with strings of emojis.

I’ve been copy-pasting this snippet around for years:

def random_string(alphabet:, length:) { alphabet.chars[rand(alphabet.chars.size)] }.join

random_string(alphabet: "AaBbCc123", length: 7) 
# => "C113A11", "Abcc3B2", "33cabbC", etc.

random_string(alphabet: "😀😍🙃🤪😎", length: 3)
# => "😍😀😎", "😀🤪🤪", "🙃😎😀", etc.

The gems friendly_id and uniquify can do this too.

There was recently a discussion on Ruby on Rails Link Slack about generating random strings, and I went looking to see if there was a better implementation.

I found SecureRandom.choose, which is built into the Ruby standard library, and as part of the SecureRandom module, should be fairly trustworthy. Looks perfect:

# SecureRandom.choose generates a string that randomly draws from a source array of characters.
# The argument _source_ specifies the array of characters from which to generate the string.
# The argument _n_ specifies the length, in characters, of the string to be generated.
# The result may contain whatever characters are in the source array.
#   require 'securerandom'
#   SecureRandom.choose([*'l'..'r'], 16) #=> "lmrqpoonmmlqlron"
#   SecureRandom.choose([*'0'..'9'], 5)  #=> "27309"

…but there is a problem: SecureRandom.choose is a private method. The choose method is used to implement the public SecureRandom.alphanumeric method, but is not itself exposed publicly. I went back to the initial feature request and found the reason:

I feel the method name, SecureRandom.choose, doesn’t represent the behavior well.

Fair enough. Until the name is figured out, I’ll still be using it:

require 'securerandom'

SecureRandom.send :choose, "😀😍🙃🤪😎".chars, 3
# => "😍😎😍"

Generic advice for managers

From Allison Green’s Ask a Manager: “I Got a Terrible Review on Glassdoor, and I’m Spiraling”:

The reality is, when you’re a manager, not everyone will like working for you. You could be the greatest boss in the world and some people still wouldn’t like you. Partly that’s because being a good manager means giving feedback, addressing problems, and holding people accountable in ways they might not like. If you need to correct someone a lot, or have difficult conversations with them about their work, or say no to something they wanted, it’s human nature that you might not end up being their favorite person. Or you might have a style that doesn’t align well with theirs — maybe you’re very direct and matter-of-fact and that feels brusque to them, or maybe you’re a planner and a devotee of process and they work more spontaneously. That wouldn’t mean either of you is in the wrong; it would just mean you don’t mesh well together.

Sometimes, too, people dislike a job or a manager for reasons that aren’t as much about the manager as they are about other things going on with that person — a dislike of their career path, stressors outside of work, a generally bad fit with the role, or all kinds of things.

Or, frankly, you might be an imperfect manager — most of us are — but that doesn’t mean you’re a horrible one. Managing people is hard, and every manager will get things wrong now and then. Ideally you’ll establish a track record of fairness, transparency, and good judgment so your mistakes are judged within that context … but you still might encounter an employee who judges your mistakes harshly. You’re basically on a stage when you’re the boss; you’re going to be scrutinized by the people under you, and there will be things they take issue with. It’s part of the job, and you’ve got to be okay with that.

Or, yes, you might be a terrible manager! It’s possible. There are lots of terrible managers out there. But I’m skeptical that you’re terrible in the specific ways the review described (mean and intolerant of mistakes), because your detailed explanation of your approach to mistakes sounds pretty healthy and because you sound genuinely thoughtful and caring toward team members. People can delude themselves, of course, and managers aren’t always reliable narrators of their own management styles. But the way you talk about how you operate — and your reaction now — doesn’t seem to line up with that review or with the feedback people have given your boss about you. That doesn’t mean that review is definitely wrong. I obviously can’t say that with certainty. But I don’t think it warrants the self-flagellation you’re doing.

That said, all managers have ways they could improve — things they’re doing that irritate or upset their teams, or make things run less effectively, or allow problems to fester. I can say with confidence that you could be a better manager, because we all could. So one option is to take this as an impetus to do a real inventory of the way you manage, figure out where you could improve, and lean into doing that work.

GoodJob 1.4: JRuby compatibility and more

GoodJob version 1.4 is released. GoodJob is a multithreaded, Postgres-based, ActiveJob backend for Ruby on Rails. If you’re new to GoodJob, read the introductory blog post .

GoodJob’s v1.4 release adds support for:

  • JRuby
  • MRI 3.0
  • Rails 6.1
  • Postgres 12+

And includes additional improvements to the Web Dashboard.

Version 1.4’s release comes three months after v1.3 and five months after GoodJob’s initial v1.0 release.

JRuby compatibility

GoodJob 1.4 adds compatibility for Ruby on Rails applications running under JRuby. GoodJob’s multithreading is built on top of ConcurrentRuby, which provides consistent behavior and guarantees on all four of the main Ruby interpreters (MRI/CRuby, JRuby, Rubinius, TruffleRuby).

A minor downside of JRuby is that JRuby’s database adapter, activerecord-jdbc-adapter, does not support Postgres LISTEN, which means GoodJob must rely on polling for new jobs under JRuby.

Broader compatibility and improvements

In addition to JRuby, GoodJob 1.4 adds compatibility for MRI 3.0, Rails 6.1, and Postgres 12+.

GoodJob 1.4 also includes improved filtering for the Web Dashboard,.

What’s next

The next version of GoodJob will add support for daemonization.


Code, documentation, and curiosity-based contributions are welcome! Check out the GoodJob Backlog , comment on or open a Github Issue, or make a Pull Request.

I also have a GitHub Sponsors Profile if you’re able to support GoodJob and me monetarily. It helps me stay in touch and send you project updates too.

Maimonides' levels of charity

This has been kicking around in my “to blog” bucket since July, 2008 when I had many more posts on Charity. I originally copied this from, and Wikipedia has a version of these too.

Maimonides organized the different levels of tzedakah (charity) into a list from the least to the most honorable.

8. When donations are given grudgingly.

7. When one gives less than he should, but does so cheerfully.

6. When one gives directly to the poor upon being asked.

5. When one gives directly to the poor without being asked.

4. When the recipient is aware of the donor’s identity, but the donor does not know the identity of the recipient.

3. When the donor is aware of the recipient’s identity, but the recipient is unaware of the source.

2. When the donor and recipient are unknown to each other.

1. The highest form of charity is to help sustain a person before they become impoverished by offering a substantial gift in a dignified manner, or by extending a suitable loan, or by helping them find employment or establish themselves in business so as to make it unnecessary for them to become dependent on others.

To be critical, 8 and 1 are most meaningful to me, and the gradations between the others aren’t particularly strong, though I think 4 and 3 could swap places.

If you can hook them for a day, you can hook them for two

I think this essay has come to mind more often than any other in the past decade of my work as a developer, and sometimes distressingly, in life. From Tim Rogers “who killed videogames? (a ghost story)” :

One click in one of these social games will take the user to the Real-World Money-Costing In-Game-Currency-Unit-Buying Shop. Here, the player will see that the game indeed offers him an option for paying $100 for something which is not real: an in-game currency with which to buy things in the game.

At the time he makes the conscious decision to wait for his energy to refill, the player likely already knows that “micro”-transactions exist which have $100 price-tags. Now he learns how much energy costs — usually, it’s nowhere near $100, or even $10.

Do players buy energy? What sorts of players buy energy? The short answer is: actual idiots. The long answer is: people who don’t understand why they have so much real-world money.

In social games, energy doesn’t exist to be bought. It exists as an engagement-regulating filter. The player attaches to it some vague notion of “value”. Backward-like, he comes to associate waiting an hour in the real world before coming back to the game with “working” and “earning” the “value” of the thing the game is giving him for “free”.

This isn’t exactly a truthful impression. The impression the player should take away — and gets confused about — is that in social games, time is a currency. Time is what you use to buy energy. Energy is a currency for purchasing in-game money, and some less-abstract in-game currencies (the premium in-game currency which the player must use real money to purchase) and more-abstract in-game currencies (namely virality and chance) can be used to purchase energy directly.

Energy’s multiple conversion rates into multiple in-game currencies mystify the idea of time as a currency.

The old idiom “time is money” has many meanings, you see.

“Energy” is a money that literally directly represents time.

…It’s a compulsion trap.

Dying on management mountain

From First, break all the rules:

Managers were encouraged to focus on complex initiatives like reengineering or learning organizations, without spending time on the basics. The stages on the mountain reveal that if the employee doesn’t know what is expected of him as an individual (Base Camp), then you shouldn’t ask him to get excited about playing on a team (Camp 2). If he feels as though he is in the wrong role (Camp 1), don’t pander to him by telling him how important his innovative ideas are to the company’s reengineering efforts (Camp 3). If he doesn’t know what his manager thinks of him as an individual (Camp 1), don’t confuse him by challenging him to become part of the new “learning organization” (Camp 3). Don’t helicopter in at seventeen thousand feet, because sooner or later you and your people will die on the mountain.

And a quote about performing the performance:

A manager has got to remember that he is on stage every day. His people are watching him. Everything he does, everything he says, and the way he says it, sends off clues to his employees. These clues affect performance. So never forget you are on that stage.

Triangular eating

I have been practicing triangular eating after reading this blog post from The School Lunch Project in 2010:

Triangular Eating (sankaku-tabe)

(ex.) Main dish → Rice or Bread or Pasta →Soup →Main dish → Rice or Bread or Pasta → Soup….

In Japan, we usually learn how to eat food in triangular patterns when we were little kids. We usually learn it preschool age to elementary school age. When we start school lunch, it is the time to learn how to eat. It is kind of Japanese food culture, so teacher don’t go too strict nowadays. Kids don’t have to eat in triangular way, but many Japanese do triangular eating because we learn when school lunch time.

I would like to tell about the triangular way of eating. So, you have to make sure it is in triangular order. This is good practice in learning know how to eat a balanced meal by yourself. I think you can arrange this as square, pentagon and so on. Please go ahead add a salad or a side dish. As time goes by, if I have meat or fish, I automatically want to eat rice, then I start to want to eat vegetables. Isn’t it nice?

Also, triangular way could be give you rhythm and let your mouth reset. You can imagine wine and cheese. It is work well for harmony too.

Better by our own standards

This book review in the New Yorker of Charles King’s “Gods of the Upper Air” has been kicking about my brain for a long while, especially in regards to the phrase “variations within groups are greater than variations between groups” concretely in my work on accessibility, diversity, equity and inclusion.

The evidence proved, Boas said, “the plasticity of human types.” It also showed that variations within groups are greater than variations between groups.

Boas devoted his life to showing people that the science they were relying on was bad science. “He believed the world must be made safe for differences,” Ruth Benedict wrote when Boas died.

It’s true that Boas and Benedict spoke of “relativity,” and that at the end of “Patterns of Culture” Benedict refers to “coexisting and equally valid patterns of life which mankind has created for itself from the raw materials of existence.” But everything else in Benedict’s book contradicts the assertion that all cultures are “equally valid.” The whole point is to judge which practices, others’ or our own, seem to produce the kind of society we want. The anthropological mirror has a moral purpose.

The term “culture” is responsible for some of the confusion. We think that to call something part of a group’s culture is to excuse it from judgment. We say, That’s just the lens through which people in that society view the world. It’s not for us to tell them what to think. Our ways are not better, only different. What it all boils down to (to paraphrase Montaigne) is: We wear pants; they do not. That would be relativism.

But to say that a belief or a practice is culture-relative is not to place it beyond judgment. The whole force of Boasian anthropology is the demonstration that racial prejudice is cultural. The belief that some races are superior and some inferior is learned; it has no basis in biology. It is therefore subject to criticism.

Boas spent his entire life telling people that intolerance is wrong. King says that cultural anthropology pushes us to expand our notion of the human. That may be so, but it has nothing to do with relativism. King’s anthropologists are prescriptivists. They are constantly telling us to unlearn one way of living in order to learn a way that is better by our own standards.

The five ideals explained

I previously posted the The Three Ways from The Phoenix Project. Here are the Five Ideals from The Unicorn Project, by way of Gene Kim’s IT Revolution blog:

The First Ideal: Locality and Simplicity

We need to design things so that we have locality in our systems and the organizations that build them. We need simplicity in everything we do. This ideal relates to the degree to which a development team can make local code changes in a single location without impacting various teams. The last place we want complexity is internally, whether it’s in our code, in our organization, or in our processes.

The Second Ideal: Focus, Flow, and Joy

The Second Ideal is all about how our daily work feels. Is our work marked by boredom and waiting for other people to get things done on our behalf? Do we blindly work on small pieces of the whole, only seeing the outcomes of our work during deployment when everything blows up, leading to firefighting, punishment, and burnout? Or do we work in small batches, ideally single-piece flow, getting fast and continual feedback on our work? These are the conditions that allow for focus and flow, challenge, learning, discovery, mastering our domain, and even joy. This is what being a developer means.

The Third Ideal: Improvement of Daily Work

The Third Ideal addresses paying down technical debt and improving architecture. When technical debt is treated as a priority and paid down and architecture is continuously improved and modernized, teams can work with flow, delivering better value sooner, safer, and happier. And the business ultimately wins when developers can deliver on enterprise performance goals.

The Fourth Ideal: Psychological Safety

Psychological safety is one of the top predictors of team performance. When team members feel safe to talk about problems, problems can not only be fixed but prevented. Solving problems requires honesty, and honesty requires an absence of fear. In knowledge work, psychological safety should be treated with the same importance as physical safety is in manufacturing.

The Fifth Ideal: Customer Focus

Customer focus relates to the difference between core and context as defined by Geoffrey Moore. Core is what customers are willing and able to pay for, the bread and butter of your business. Context is what they don’t care about, what it took to get them that product, including all the backend systems of an organization like HR and marketing and development. It’s critical to look at these Context systems as essential, as mission critical, and fund them appropriately. Context should never kill core.

And a shorter version that’s less engineer focused from “DevOps: A Primer For The Business Leader”:

  • Locality and Simplicity: alleviate dependencies between teams and components.
  • Focus, Flow, and Joy: the smooth flow of work that enables focus and joy.
  • Improvement of Daily Work: continuously improve and pay down technical debt.
  • Psychological Safety: a top predictor of team performance; enables improvement.
  • Customer Focus: optimize for customer value, not for a role-based silo.

The furthest to go in efforts to reach their full humanity

Tawana “Honeycomb” Petty writing in a “Mama Lila Cabbil Tribute: Pushing Us Toward Deeper Thought, Still”, published in Riverwise Magazine.

Through my organizing and teaching, I have asked that anti-racist circles step away from performative testimonials of privilege for whites and lack of privilege for Black and Brown people. I have asked that all allies move from ally-ship towards co-liberation, with the belief that we can only make systemic change if we understand our liberation is tied up with one another’s. My historical and current analysis of this moment pushes me to interrogate the notion that (most) white people “benefit” from their forced relationship with white supremacy.

I have asked that white allies (aspiring co-liberators) seek to understand the impact that the myth of white superiority and the system of white supremacy has had on their own communities. I have asked them to deal with school shootings in their communities, opioid abuse, domestic violence, and rising incidents of suicide. I have asked them if they truly believe what they say when they testify to their privilege.

For many, this way of thinking may not appear to answer the questions that plague Black and Brown people in America. However, I am of the mindset that a dehumanized being cannot see another as fully human. I am of the mindset that the white children who are shooting up schools have fallen victim to trying to live up to the myth of white superiority.

White men, even in progressive circles, are taught they are superior to white women, Black women, and every other living being on the planet. What would it mean for the anti-racism movement to teach white men that they have the furthest to go in efforts to reach their full humanity? What would it look like if they don’t enter spaces acting inherently superior (privileged), but rather with a lot of work to do to shed the legacy of violence that comes with their perception of superiority?