Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
RubySec 

CVE-2025-61770 (rack): Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. ## Details While searching for the first boundary, the parser appends incoming data into a shared buffer (`@sbuf.concat(content)`) and scans for the boundary pattern: ```ruby @sbuf.scan_until(@body_regex) ``` If the boundary is not yet found, the parser continues buffering data indefinitely. There is no trimming or size cap on the preamble, allowing attackers to send…
RubySec 

CVE-2025-61771 (rack): Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). ## Details During multipart parsing, file parts are streamed to temporary files, but non-file parts are buffered into memory: ```ruby body = String.new # non-file → in-RAM buffer @mime_parts[mime_index].body << content ``` There is no size limit on these in-memory buffers. As a result, any large text field—while technically valid—will be…
RubySec 

CVE-2025-61772 (rack): Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). ## Details While reading multipart headers, the parser waits for `CRLFCRLF` using: ```ruby @sbuf.scan_until(/(.*?\r )\r /m) ``` If the terminator never appears, it continues appending data (`@sbuf.concat(content)`) indefinitely. There is no limit on accumulated header bytes, so a single malformed part can consume memory proportional to the request body size. ##…
Ryan Bigg Blog 

Hanami for Rails Developers: Part 3: Forms

This blog post is part of a series called “Hanami for Rails Developers”.

In the first two parts of this guide, we covered off the familiar concepts of models and controllers, and saw how Hanami approached these designs. We saw that Hanami split the responsibilities of models between repositories, relations and structs, and we saw that the responsibilities of a controller and its views were split between actions, views and templates.

In this part, we’re going to continue building on our application’s foundation by introducing a form that lets us add further books to our application. In a Rails app, we would handle…

Aha! Engineering Blog 

How we de-risked our editor upgrade

Any seasoned software engineer will tell you that full rewrites are a bad idea. More often than not, they are abandoned after wasting a significant amount of resources on them. This is especially true if what you're pitching for a rewrite is the bac
Evil Martians 

How to add fast, client-side search to Astro static sites

Authors: Ivan Chepurin, Frontend Engineer, and Travis Turner, Tech EditorTopic: Astro.js

Join me on a breathtaking journey as we add a client-side search to an SSG docs-first site, built with Astro!

Building static sites with Astro is a dream (especially for documentation). But what to do when your growing docs need full-text search, but you don’t want to give up that static delight? In this post, see how to bring powerful, fuzzy, and accessible search to Astro-generated sites. (This means no external crawlers and no remote APIs.) We’ll also look at the limits of AI-based and third-party search, demonstrate how to generate a build-time JSON index with Astro’s endpoints, and fine-tune the…

Remote Ruby 

Who Owns RubyGems? Inside the Ruby Central Controversy

In this episode of Remote Ruby, Chris is on paternity leave celebrating the birth of his son, so Andrew brings in Drew Bragg and Rachael Wright-Munn (aka ChaelCodes), to discuss recent controversies surrounding Ruby Central and its alleged takeover of Ruby Gems and Bundler. They dive into the timeline of events, conflicting narratives, communication failures, and the underlying security concerns. They address theories and facts, scrutinize the governance of Ruby Central, and discuss the implications for the Ruby community. The episode emphasizes the importance of asking questions and seeking clarity, while advocating for a balanced and constructive approach to resolving the community's…

justin․searls․co - Digest 

🎙️ Merge Commits podcast - Dead Code: Fear-driven Everything

Direct link to podcast audio file

Jared Norman interviewed me after he wrote about the order in which programmers choose to write their code and I offered this response. In this episode, we touch on this before launching into a more expansive discussion on why the agile movement fizzled out and what we can reclaim from a developer workflow perspective now that we're experiencing our first major market upheaval since then with the rise of coding agents.

Appearing on: Dead Code
Published on: 2025-09-09
Original URL: https://shows.acast.com/dead-code/episodes/fear-driven-everything-with-justin-searls

Comments? Questions? Suggestion of a podcast I should guest on? podcast@searls.co

Julik Tarkhanov 

Delete your old migrations, today

We get attached to code - sometimes to a fault. Old migrations are exactly that. They’re digital hoarding at its finest, cluttering up your codebase with files that serve absolutely no purpose other than to make you feel like you’re preserving some kind of historical record.

But here’s the brutal truth: your old migrations are utterly useless. They’re worse than useless - they’re actively harmful. They’re taking up space, they are confusing (both for you and new developers on the project), and they give you a false sense of security about your database’s evolution.

If your database is out-of-sync with schema.rb you need to solve that problem anyway, and - if anything - the migrations make…

Tosbourn – Belfast based Ruby developers 

Threat Intelligence Issue 2

This is our second threat intelligence post. Each week, if appropriate, we will aim to share some wider industry news that might impact our clients.

What we cover will depend on what has been happening the previous week, this week, for example, is a much shorter update.

Ruby

Some of the folk that previously maintained and operated RubyGems.org have started a new server for hosting gems https://gem.coop.

No action needed unless your team feels they want to migrate away from RubyGems (which is understandable).

Github

Github recently rolled out sign in with Apple. Unless your organisation specifically requires this, I would recommend against employees tying log in to Apple IDs.

They are…

Avo's Publication Feed 

Intelligent Search in Rails with Typesense

Let's learn how to integrate Typesense into a Rails application to achieve intelligent search in Rails that's powerful and performant.
Josh Software 

Voice for Inclusive Efficiency: How AI-Powered Voice Banking is Transforming Financial Inclusion in FinTech

Efficiency vs. Inclusion Efficiency has long been FinTech’s favorite word. Every boardroom conversation, every investor deck, every new product announcement circles back to it—faster, smarter, cheaper. But let’s be honest: efficiency without inclusion is just speed for the few. India today has one of the most celebrated financial inclusion stories in the world. Over eighty … Continue reading Voice for Inclusive Efficiency: How AI-Powered Voice Banking is Transforming Financial Inclusion in FinTech
RailsCarma – Ruby on Rails Development Company specializing in Offshore Development 

Ruby on Rails vs React: Main Differences and Comparison 2025

The need for a user friendly tool that hits the sweet spot between performance and scalability in web development at 5.3 zettabytes of global cross border IP traffic every year September 2025 RoR and React are two technologies that play a great role in building applications these days. Full-stack backend framework RoR was developed by David Heinemeier Hansson in 2004, and is known for its “convention over configuration” and “don’t repeat yourself” (DRY) mantras which allow the developers to write very less code when compared other frameworks. Prior to React, Front-End engineers rendered dynamic in-component trees using complex JavaScript…

naildrivin5.com - David Bryant Copeland's Website 

Building a Sub-command Ruby CLI with just OptionParser

I’ve thought deeply about building CLIs and built a lot of them over the years. I’ve used Rake, Thor, my own gem GLI and many others. After all that, the venerable OptionParser—part of Ruby’s standard library—is the best choice for scripting and sub-command (git-like) CLIs. I want to show you how.

What is a Sub-Command CLI?

At first glance, OptionParser doesn’t seem to support a sub-command CLI, like so (I’ll explain what each part is below):

> bin/test --verbose audit --type Component specs/front_end

Yes, you could configure --verbose and --type TYPE, then figure out that the first thing left over in ARGV was a command, but it gets very cumbersome when things get beyond trivial,…

Ruby News 

Ruby 3.4.7 Released

Ruby 3.4.7 has been released.

This release includes an update to the uri gem addressing CVE-2025-61594, along with other bug fixes. Please refer to the release notes on GitHub for further details.

We recommend updating your version of the uri gem. This release has been made for the convenience of those who wish to continue using it as a default gem.

Release Schedule

We intend to release the latest stable Ruby version (currently Ruby 3.4) every two months following the most recent release. Ruby 3.4.8 is scheduled for December and 3.4.9 for February.

If a change arises that significantly affects users, a release may occur earlier than planned, and the subsequent schedule may shift…

DotRuby - Things we have to say. 

Improving Turbo Frame UX with the busy Attribute

Turbo Frames don’t just swap content — they also tell you when they’re working. The busy attribute appears during a load, and with a little CSS you can turn it into spinners, skeletons, or subtle fades. In this post I’ll show simple patterns to hook into busy and give users clear feedback while they wait.
Rémi Mercier 

Lost in Minitest? Start here!

I have a confession to make: I have never used Minitest in the seven years I’ve been a professional programmer.

I’ve always used the other framework.

But earlier this year, I started working with a client whose application relied solely on Q&A instead of automated tests. In an effort to bring the team peace of mind during releases, I started adding tests to the most critical parts of the application.

Lured by the promise of speed and wide adoption, I suggested we try Minitest.

As I started working on writing my first tests, I hit an unexpected roadblock.

Minitest (lack of) onboarding

After writing several hundred tests, I can confidently say that Minitest’s biggest weakness is its…

Evil Martians 

Martian Summer: blog, talks, open source, and ready for SFRuby in Nov

Author: Travis Turner, Tech EditorTopic: Developer Community

Open source, talks around the world and prepping SFRuby for Nov 2025. Catch up Evil Martians' blog, open source, podcast, and get ready as we head for SFRuby Conference in San Francisco.

Summer has ended! In this post, we recap Martian posts, talks, open source + more you might have missed.

RubySec 

CVE-2025-61594 (uri): CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221

In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. This vulnerability has been assigned the CVE identifier CVE-2025-61594. We recommend upgrading the uri gem. ## Details When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Please update URI gem to version 0.12.5, 0.13.3, 1.0.4 or later. ## Affected versions uri gem versions < 0.12.5, 0.13.0 to 0.13.2 and 1.0.0 to 1.0.3. ## Credits Thanks to junfuchong (chongfujun) for discovering this issue. Also thanks to nobu for additional fixes of this…
Planet Argon Blog 

Untangling a Slow Rails App: The Framework We Use Every Time

Untangling a Slow Rails App: The Framework We Use Every Time

Struggling with a slow Rails app? Learn our five-step framework to identify, analyze, and fix performance bottlenecks without just throwing more hardware at it.

Continue Reading

Rails Designer 

Announcing Forge — self-hosted community software

Go straight to the site: forge.railsdesigner.com.


Announcing Forge: a minimal, self-hosted community app with channels, threads, and more. Pay once, no monthly fees, and customize everything you need.

Forge is a forum-like (think Slack/Discord) platform to build your paid community. You provide a Stripe payment link, and after payment your new member gets an invite link to your community. It has all the typical community features, like: channel-based organization, threads, user profiles and moderation tools.

It is, of course, built with the latest Rails (including the new rich-text editor Lexxy!) and as vanilla as possible. The only extra gems added are: Courrier, Rails Icons, Perron

Designed…

Julik Tarkhanov 

Actually doing things in user’s time zone

My previous article about timezones turned out to be useful for quite a few folks, which makes me happy. One candle lights another.

Ben Sheldon asked about then actually doing something with those converted times. How do you actually send a newsletter every morning on every working day, regardless of what the user’s time zone is?

There are a number of approaches to this - once you know the UTC time of the delivery. I will cover a few of them, including the one I prefer. Let’s wind the clocks!


I am currently available for contract work. Hire meto help make your Rails app better!


Approach 1: Anything can be done in Postgres

Remember how I told you that you…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 151

The one where Hanami 2.0 is released, get tickets with a good discount for SF Ruby 2025, and the one where you can see how vector search can be implemented in Rails.
The Bike Shed 

477: Change Management

Time to plan an upgrade as Joël and Aji talk about the hurdles involved with various change management in their projects.

The pair lay out some different approaches to protecting your data when planning a migration, the risks of code and data changes, the elements that will and won’t be affect in the process, and Joël gives his experience on a tough migration project and what he learnt from it.

If you’ve not used Merge before you can learn more about it here.

Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.

Your hosts for this episode have been thoughtbot’s own Joël Quenneville and Aji…

If you…

Ruby News 

CVE-2025-61594: URI Credential Leakage Bypass previous fixes

We published security advisory for CVE-2025-61594.

CVE-2025-61594: URI Credential Leakage Bypass over CVE-2025-27221

In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.

This vulnerability has been assigned the CVE identifier CVE-2025-61594. We recommend upgrading the uri gem.

Details

When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure.

Please update URI gem to version 0.12.5, 0.13.3, 1.0.4 or later.

Affected versions

  • uri gem versions < 0.12.5, 0.13.0 to 0.13.2 and 1.0.0 to 1.0.3.

Credits

Fullstack Ruby 

Buckle Up, There’s a New Gem Server in Town: gem.coop

Assuming you haven’t been living under a rock these past few weeks, the Ruby community has been embroiled in quite a bit of drama. I won’t recap it here…there are plenty of other sources to go (Joel Drapper for one), and I also have my own pointed take on the matter on my personal blog. But here on Fullstack Ruby I like to maintain a positive, can-do attitude, and to that end, let’s talk about some very exciting developments!

Most Rubyists are familiar with rubygems.org and the reason that you see source "https://rubygems.org" at the top of every Gemfile is so Bundler can download and install gems from the rubygems server.

What I, and I suspect most of you, never considered is that source

Island94.org 

Notes from building a “who is doing what right now on our website?” presence feature with Action Cable

A screenshot of my application with little presence indicators decorating content

I recently was heads down building a “presence” feature for the case and communications management part of my startup’s admin dashboard. The idea being that our internal staff can see what their colleagues are working on, better collaboarate together as a team of overlapping responsibility, and reduce duplicative work.

The follow is more my notes than a cohesive narrative. But maybe you’ll get something out of it.

Big props

In building this feature, I got a lot of value from:

Island94.org 

Serializing ViewComponent for Active Job and Turbo Broadcast Later

I recently started using ViewComponent. I’ve been gradually removing non-omikase libraries from my Rails applications over the past decade, but ViewComponent is alright. I was strongly motivated by Boring Rails’ “Hotwire components that refresh themselves”, cause matching up all the dom ids and stream targets between views/partials and… wherever you put your Stream and Broadcast renderers is a pain.

You might also know me as the GoodJob author. So of course I wanted to have my Hotwire components refresh themselves later and move stream broadcast rendering into a background job. I to simply call MessagesComponent.add_message(message) and broadcasts an update later to…

RailsCarma – Ruby on Rails Development Company specializing in Offshore Development 

Top 20 Most Famous Companies’ Websites Built with Ruby on Rails

In an ever-changing industry such as web development, many will argue that RoR is one example of how elegant design with a collection of programming best practices can encourage productivity. Created in 2004 by David Heinemeier Hansson, RoR transformed the way developers create scalable and maintainable applications using a “convention over configuration” approach. Fast-forward again to September 2025, and RoR is still one of the favorites for fueling several such iconic websites globally, whether e-commerce giants, social platforms, or enterprise tools. Though we’ve seen the advent of new frameworks like Next. Due to the speed of development…

RailsCarma – Ruby on Rails Development Company specializing in Offshore Development 

Why RailsCarma Is the Right Ruby on Rails Consulting Partner for Businesses

Fast Forward to Sept. 2025: In the high-speed, digital economy of September 2025, businesses in virtually every industry are competing effectively using various new forms of dynamic and adaptive web content-centered strategies to rapidly grow their prospects/customers and user experiences. Founded in 2004, Ruby on Rails (RoR), a powerful open source framework, is still particularly appreciated for its potential to enable quick and scalable application development. By following the “convention over configuration” paradigm and sticking to its “don’t repeat yourself” (DRY) policy, RoR makes it easy for developers to create complex web apps…

Julik Tarkhanov 

The little Random that could

Sometimes, after a few pints in a respectable gathering of Rubyists, someone will ask me “what is the most undervalued module in the Ruby standard library?”

There are many possible answers, of course, and some favoritism is to be expected. Piotr Szotkowski, who untimely passed away this summer, did a wonderful talk on the topic a wee while back.

My personal answer to that question, however, would be Random. To me, Random is a unsung hero of a very large slice of the work we need to do in web application, especially so when we need things to be deterministic and testable. So, let’s examine this little jewel a bit closer.


I am currently available for contract work. Hire meto…

André Arko 

Announcing gem.coop, a community gem server

The team behind the last ten years of rubygems.org, including @deivid-rodriguez, @duckinator, @martinemde, @segiddins, @simi, and myself, is very pleased to announce a new gem server for the Ruby community: gem.coop.

The new server’s governance policies are being prepared in coordination with Mike McQuaid of Homebrew, and will be released later this week.

The current versions of RubyGems and Bundler work with this new server already, and any Ruby developer is welcome to switch to using this new server immediately.

We have exciting plans to add new features and functionality in the coming days. Join us!

Hotwire Weekly 

Week 40 - How does Turbo listen for Turbo Streams, detect Safari and iOS version, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another, sligthy shorter, issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

How does Turbo listen for Turbo Streams? - Sid Krishnan explains how Turbo automatically detects and applies Turbo Stream updates when a response includes <turbo-stream> tags.

How to elegantly update other UI when a Turbo Frame is updated - Radan Skorić shares a Rails trick to update UI elements outside a Turbo Frame from a frame update. His turbo_aware_content_for helper switches between content_for and a matching Turbo Stream replacement to keep extra frame content in sync.

How to detect Safari and iOS versions with ease in 2025 - Evgeniy Valyaev

Posts on Kevin Murphy 

Frequently Played October 2025

Frequently Played 🔗

I tend to listen to the same songs or albums on repeat that are evocative of how I’m feeling or what’s going on with me. Here is what I’m currently listening to over, and over, and over, and over, again.

Halloween 🔗

‘Tis the season.

Full Lyrics

Well I think I saw you for the flash of a moment
Your broken heart and the body that holds it
I lost your scent in the flash of the party
The big bright lights, baby, constantly haunt me
I’ve never been right, have you ever been lied to?
I think I just saw the same scars upon you
Is this a disguise? Or a masquerade for me?

Quiet 🔗

I’ve been listening to a lot of Siamese Dream.

Full Lyrics

Behind me the grace of falling snow
Cover up everything…

Noteflakes 

Hanami on Papercraft

Lately I’ve been really excited about Papercraft and the possibilities it brings to developing web apps with Ruby. Frankly, the more I use it, the more I see how simple and joyful it can be to write beautiful HTML templates in plain Ruby.

Now that the Papercraft website is up, I’d like to concentrate on making it easier for everyone to use Papercraft in their apps, whatever their web framework. So this is exactly what I set out to do this weekend. First on my list: Hanami, an established Ruby web framework with a substantial following.

Since I never used Hanami, I decided to follow the Getting Started guide and then started to peek under the hood to see how I could replace the ERB…

Drifting Ruby Screencasts 

Omarchy

Omarchy is an omakase distribution based on Arch Linux and the tiling window manager Hyprland. It ships with just about everything a modern software developer needs to be productive immediately.
danielabaron.me RSS Feed 

Switching From Ruby to SQL Schema in Rails

How to switch from Rails default schema.rb to a SQL-based structure.sql schema dump mid-project without breaking your existing setup.
Tim Riley 

Continuations, 2025/40: Popping off

  • The big achievement this week: I released Hanami 2.3 beta1!

    It had been a while since we cut a release (a lot of work had gone into setting up our sponsorship and preparing our upcoming site), so I’m very happy to have this out.

    This release included contributions from a whopping nineteen contributors! This is one of the surest signs of our growing success, and I’m very thankful for everyone’s help!

  • This was also a whopping week for the Hanami Discord, which as Kyle aptly put it, is popping off. A slew of new people have joined (both old friends and new!) and are sharing ideas and questions. It’s exciting to see! And since a lot of the chat happens while I’m still asleep in Australia, I’m…

Ryan Bigg Blog 

Hanami for Rails Developers: Part 1: Models

This blog post is part of a series called “Hanami for Rails Developers”.

There’s plenty of writing out there for why you should use Hanami, and so this post won’t cover that. If you want those thoughts, see my Hanami 2.0 thoughts and my earlier thoughts on Hanami posts.

This post covers off how to get started with Hanami, with a focus on those who are familiar with Rails and the MVC structure it provides. I’m unashamedly going to crib parts of this from the Hanami Getting Started Guide, but explain them in a different way.

With a Rails app, you’ll be familiar with the Model-View-Controller pattern. Hanami has adopted this pattern…

Ryan Bigg Blog 

Hanami for Rails Developers: Part 2: Controllers

This blog post is part of a series called “Hanami for Rails Developers”.

In the first part we saw how to interact with a database by using Hanami’s repositories and relations. In this part, we continue that by serving that data out through routes of our Hanami application.

To get started here, we can run the Hanami server (and its asset compilation step) by running:

hanami dev

This will run a server on localhost:2300 and once you come back to the browser to figure out why your muscle-memory’d localhost:3000 didn’t work, change that 3000 to a 2300.

Routing

In a Hanami application, you can find the routes in the familiar location…

Stories by Ali Sepehri on Medium 

What I Learned from Digging into the SolidCache Gem

This article isn’t specifically about Solid Cache or encouraging you to use it. Recently, I read the source code of the solid_cache gem and learned some interesting things that I’m going to share here. As a disclaimer: what you read is based on my understanding and might differ from the actual reasoning behind certain decisions.

Solid Cache is a database-backed cache storage system. In simple words, it lets you use your hard disk instead of RAM for caching. Solid Cache was introduced at the RailsWorld 2023 Conference’s Keynote, and Donal McBreen, the main contributor, provided more details about it. I highly recommend watching the presentation if you want to understand the reasoning behind…

Before…

Rails Blocks - Component Updates 

4 New Rails UI Components sets Released

Added dock navigation, navbar, sidebar, and toast notifications.

Components in this release:

View full changelog →

Ruby on Rails: Compress the complexity of modern web apps 

Virtual columns, real bugfixes

Hi, it’s Claudio Baccigalupo. Let’s explore this week’s changes in the Rails codebase.

Bump PostgreSQL client version to 18

The PostgreSQL client version in the devcontainer now points to the latest release of PostgreSQL, which is great because…

Support virtual generated columns on PostgreSQL 18+

PostgreSQL 18 supports virtual (not persisted) columns, which can be added in Rails migrations with stored: false. For instance:

create_table :users do |t|
    t.string :name
    t.virtual :lower_name,  type: :string,  as: "LOWER(name)", stored: false
    t.virtual :name_length, type: :integer, as: "LENGTH(name)"
end

Fix Enumerable#sole when element is a tuple

Restores the original behavior…

Ruby Central 

Weekly Update — Friday, October 3

Weekly Update — Friday, October 3

Thanks for holding us to a regular cadence. I’m liking being able to share with you all regularly.

Today’s Friday update is brief, as we shared a comprehensive status on Tuesday, and much of that work is still in motion. Here’s where things stand:

Production services (rubygems.org operations)

  • We remain on track to finalize and execute operator agreements on the schedule we set.
  • Service is stable; publishing and installing gems continue as normal with on-call coverage active.

Code & repositories (Ruby Gems/Bundler and rubygems.org source)

  • A narrow set of elevated permissions remains under the temporary procedural hold while roles are confirmed and least-privilege + MFA are verified. This matches…
Noteflakes 

Papercraft Update: New Version, New Website

I’ve been working quite a bit on Papercraft these last few weeks. Yesterday I released Papercraft version 2.16, and here are some of the notable changes introduced since the last update:

  • Emit DOCTYPE for html tag by default. Before this change, you needed to use the html5 tag to include the DOCTYPE at the top of the generated markup. Now you can just use html. This is important since this way you avoid quirks mode.
  • Do not content of style and script tags. This makes it easier to write inline CSS and Javascript.
  • Add Papercraft.markdown_doc convenience method which returns a Kramdown::Document instance for further processing of Markdown content.
  • Add support for rendering of…

New Papercraft Website

I’ve also been working on a website for Papercraft and it’s finally online. Check it out:

papercraft.noteflakes.com

Like the noteflakes.com website, which you’re currently reading, the Papercraft website is made using Syntropy. All of the documentation pages are written using Markdown. Let’s look at some examples of how Papercraft is used on its…

Remote Ruby 

Blastoff Rails with Travis Dockter

In this episode of Remote Ruby, Chris and Andrew chat with Travis Dockter, the founder of a brand-new Ruby conference, Blastoff Rails. They dive deep into Travis’s journey from business school to bootcamp, his love for conferences, and why he decided to organize one of his own in Albuquerque, New Mexico. From planning venues and sponsors to shaping a unique conference philosophy, Travis shares both the behind-the-scenes challenges and the excitement of creating a new community space for Rails developers.

Links



Honeybadger
Honeybadger is an application health…
Hanami 

Announcing Hanami 2.3 beta1

After getting set up for sponsorship (we still want to hear from you!), we’re back with a new Hanami release. Today we’re pleased to announce the first beta of Hanami 2.3.

Rack 3 support

This one goes up to eleven three.

With this release, we introduce Rack 3 support to Hanami!

We now support Rack versions 2 and 3, so you can use whichever version suits your situation. We still encourage you to upgrade Rack when you can, and we’re happy that Hanami is no longer a blocker on this path.

To upgrade your app to Rack 3, update your Hanami gems to this beta release, then bundle update rack. You should also check out the Rack 3 upgrade guide. Most changes will…

André Arko 

jj part 2: commands & revsets

Now, let’s take a look at the most common jj commands, with a special focus on the way arguments are generally consistent and switches don’t hide totally different additional commands.

jj log

The log command is the biggest consumer of revsets, which are passed using -r or --revisions. With @, which is the jj version of HEAD, you can build a revset for exactly the commits you want to see. The git operator .. is supported, allowing you to log commits after A and up to B with -r A..B, but that’s just the start. Here’s a quick list of some useful revsets to give you the flavor:

  • @- the parent of the current commit
  • kv+ the first child of the change named kv
  • ..A & ..B changes in the intersection…
Awesome Ruby Newsletter 

💎 Issue 489 - On DHH’s “As I Remember London”

Ruby Weekly 

The Ruby Association wants your grant proposals

#​769 — October 2, 2025

Read on the Web

Ruby Weekly

The Ruby Association's Call For Grant Proposals — Each year, the Ruby Association, chaired by Ruby’s creator Matz, puts out a call for proposals for Ruby related projects that they can give a grant (of 750,000 Yen - roughly $5000) to assist further development. The deadline for this run is October 6, next Monday.

Ruby Association

Tuple - What Core Contributors Use to Pair on Ruby and Rails — 4 out of the 10 top contributors to Ruby use Tuple to pair on code. Tired of verbally steering on Zoom? Discerning developers choose Tuple.

Tuple sponsor

justin․searls․co - Digest 

📄 Is Sora the future of fiction?

I made this yesterday by typing a few words and uploading a couple of pictures to Sora:

When Sora 2 was announced on Tuesday, I immediately saw it as exactly what I've wanted from AI ever since I first saw Stable Diffusion in the Summer of 2022. For years, I've fantasized about breaking free from the extremely limited vocabulary of stock video libraries (as a Descript subscriber, I've long had access to Storyblocks' library). Stitching together stock content to make explainer videos like this one is fun, but the novelty wears off as you quickly burn through all three clips for "child throws spaghetti at family member." Stock video is great if you only talk about mundane household and…

Rails Designer 

Visual loading states for Turbo Frames
with CSS only

When you use Turbo Frames on your page you can set an initial loading state. Something like Loading…. This text then will then be replaced once the request’s body is injected into the frame element. That works great for loading parts of your app asynchronous.

But what if you have a turbo frame element permanently on your page? For example for an overlay or modal component? And what if it is a bit slow? By default it will show nothing (except the progressbar at the top after ~500ms) until the resource is loaded. This makes for a poor UX. Ideally you want to give feedback, even if it is a “loading” text, right away. This is better and tells the user something is happening.

See this GIF:

justin․searls․co - Digest 

✂️ My Top 10 Sora Clips on Day One

Your browser does not support the video tag.

We have fun here.

The Rails Tech Debt Blog 

Rails Versions You Shouldn’t Be Using Anymore (and Why)

Ruby on Rails has always moved at a steady, thoughtful pace: each new version brings not only features and performance improvements but also important security hardening. But with every release cycle, older versions reach the end of their lifespan. When a version is officially End-of-Life (EOL), it no longer receives bug fixes or security patches — leaving applications increasingly vulnerable as new threats emerge.

In this post we will talk about why continuing to use EOL Rails versions can be dangerous, and how ignoring upgrade timelines can put your business at risk — not just technically, but legally and contractually.

Rails Maintenance Policy

The Rails core team has a clear mainten…

John Nunemaker 

Self-Made is a Myth Podcast

I'm never one to turn down being on a podcast, especially since acquiring Fireside.fm, a podcast host. So yesterday, I hopped on a call with Tim Campsall to chat about running Box Out and Very Good. And the crazy thing is it's already out on Youtube. I wasn't in my home office so my background was bleak and my audio was subpar but still a great conversation.

Highlights

  • Shortest path between builders and users is critical.
  • Hire “batteries included” people who are self-driven.
  • I’m not really good at anything specific. I’m just good at being glue.
  • Measure progress (time tracking) and celebrate wins to avoid burnout.
  • Design products to save people time. Design your business to free your own time.
  • Peop…
Evil Martians 

Contract shock therapy: the way to API-first documentation bliss

Authors: Yuri Mikhin, Frontend Engineer, and Travis Turner, Tech EditorTopics: DX, TypeScript, Vite, React, Agile Software Development

Learn how to build a dedicated API documentation repository that becomes your team's single source of truth, enabling true contract-first development.

Learn how to build a dedicated API documentation repository that becomes your team's single source of truth, enabling true contract-first development. We'll focus on the frontend tech stack approach and demonstrate exactly how I set up a contract-first environment.

Alchemists: Articles 

Hanami Containers

Cover
Hanami Containers

This article assumes you have familiarity with Hanami and want to dive deeper into how dependencies work, are organized, and managed via containers. At a high level, containers allow you to define your dependencies once (and optionally memoize them) so you can quickly reference and use them throughout your application.

There are two primary categories to be aware of when thinking about containers in Hanami: Injectables and Providers. For example, here’s a quick and dirty way to see the differences:

# demo/app/aspects/demo.rb

module Demo
  module Aspects
    class Demo
    end
  end
end

# demo/config/providers/demo.rb

Hanami.app.register_provider :demo do
  st…

With the above, we have a Demo application that has a core Demo component and a demo

Radan Skorić's website 

How to elegantly update other UI when a Turbo Frame is updated

Turbo Frames are great for carving out a part of the UI and having it update via normal server interaction. If all that needs to be updated is this specific part of the UI and nothing else then standard Turbo Frames usage is all you need. It’s great for localised changes. However, sometimes you also need to update some other part of UI: for example a menu, a counter, a title or some other piec...
RailsCarma – Ruby on Rails Development Company specializing in Offshore Development 

How Much Does It Cost to Hire a Ruby on Rails Developer in 2025?

In today’s progressive tech world, if you want to be a frontrunner, you have no choice but Ruby on Rails for building web applications. It is a complete package that comes built with rich features like viewer-friendly design, effective environment, code readability, and many others. With companies going digital more quickly during AI advancements and remote work becoming the norm, businesses continue to hire Ruby on Rails developers to leverage these benefits. While the job market is settling down and looks more mature, Rails developers are still very much in demand.

The cost to hire has been somewhat flattened as offshore options and AI-driven…

At RailsCarma – niche provider of Ruby on Rails development services focusing on Offshore Development that ensures we work in line with customers’ business needs, where it has been a long-standing solution for successful project deliveries…

Ruby Magic by AppSignal 

How to Read Code from the Showcase Ruby on Rails Engine

Reading a lot of code from very senior engineers is probably one of the best ways to level up as a Ruby on Rails developer. By doing so, we can learn new tips and techniques that we can reuse in our jobs. Thanks to open source, we can read code written by the best developers from all over the world, and for free!

However, reading code from a Ruby gem or a Rails engine for the first time without being guided can be daunting. There are so many files; how do we even know where to start?

In this three-part series, we are going to read the source code from the Showcase Rails engine.

We will learn about:

  • The main files in a Rails engine
  • How to read source code without getting lost

In this first…

justin․searls․co - Digest 

✂️ Will code for 🙌's

Your browser does not support the video tag.

It's true, you catch more bugs with honey than vinegar.

Clipped from my conversation with José Valim about how little we know about the future of coding agents (and, as in the case of this video, also their present).

RailsNotes, the Ruby on Rails guides you wished you had. 

Run RSpec specs in parallel (with the parallel_rspec gem)

Run RSpec in parallel and speedup your specs by 2x-4x locally using the handy parallel_rspec gem.
Ruby Central 

Our Stewardship: Where We Are, What’s Changing and How We’ll Engage

Our Stewardship: Where We Are, What’s Changing and How We’ll Engage

Dear Rubyists,

Thank you for giving me this opportunity to share with you. We take our stewardship of the Ruby Gems ecosystem seriously. Our mission is clear: keep the language and the infrastructure you rely on stable, safe, and trustworthy. Before we get to what the next steps will be, here is a quick recap from the video that we shared last week.

Moving parts:

  • We recognize there is confusion between some of the moving parts in this conversation, and we would like to add some clarity around that.
  • The rubygems client and bundler source code both live in the rubygems/rubygems Github monorepo 
  • Similarly, the source code for the rubygems.org service lives in the rubygems/rubygems.org Github repo
  • La…
Fullstack Ruby 

Little Content Tricks for Your Bridgetown Website

Well my Ruby friends, a new day has dawned with the release of the Ruby web framework Bridgetown 2, and that means I can start to enjoy the fruits of our labor by sharing useful code examples and architectural explanations here on Fullstack Ruby. Yay! 🎉

(BTW…how cool is this custom artwork by Adrian Valenzuela??)

Greetings from River City

Now onto today’s little batch of snippets.

Swapping Video Links with Embeds

On a Bridgetown client project, we wanted to be able to drop in links to the client’s many videos hosted on Vimeo. I didn’t want to have to deal with the hassle of grabbing <iframe> tags for every single video, so my first inclination was to write a helper method and use those calls in the markup…

Felipe Vogel 

A catalog of coding challenges

To many developers, “coding challenge” evokes technical interview trauma.

But there are many kinds of coding challenges, not all of them dehumanizing. I’ve been making a list of of them over the…

Planet Argon Blog 

The Case for Generalism in Tech

The Case for Generalism in Tech

Is it smarter to specialize or stay flexible? Discover why generalist developers may have the edge in today’s fast-moving tech world.

Continue Reading

Tosbourn – Belfast based Ruby developers 

Threat Intelligence Issue 1

This is our first threat intelligence post. Each week, if appropriate, we will aim to share some wider industry news that might impact our clients.

We will be covering; Ruby, JavaScript, Postgres, Heroku, Render, Cloudflare, and Github, as well as wider geo-political points.

Ruby

The Ruby community has never looked more uneasy. No issues that require immediate attention, but worth knowing there is a lot of energy being spent on several topics, and there are a lot of folk disenfrancised with the language.

DHH has went, pardon the pun, off the Rails. The Ruby Community has a DHH Problem explains the core issues with DHH (creator of Rails) making xenophobic claims about London. This has…

Evil Martians 

How to detect Safari and iOS versions with ease in 2025

Authors: Evgeniy Valyaev, Frontend Engineer, and Travis Turner, Tech EditorTopics: iOS, JavaScript, CSS, TypeScript

Read how to accurately detect Safari and iOS versions using WebKit feature checks, behavioral tests, and selective UA hints to gate features safely and avoid breaking UX.

Why is accurately detecting the version of Safari and iOS you're dealing with so important for modern web development? The reasons are seriously many: applying fixes/enhancements only where needed, preventing confusion for users on other browsers, displaying the right prompts for actions or installations, enabling or disabling features, providing accurate analytics, and support users with tailored instructions,…

The Bike Shed 

476: Green Flags for Code

Joël and Sally sit down to discuss their green and red flags when it comes to PR review.

Joël breaks down the different ways humans review code vs AI, how they both break down large projects into smaller digestible PRs and clarifying your reasoning for certain decisions, as well as discussing the most common red flags they’ve encountered when looking over code.

Take a break from coding to brush up on your Roman History.

Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.

Your hosts for this episode have been thoughtbot’s own Joël Quenneville and Sally Hall.

If you would like to support the…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 150

The one where Rails 8.0.3 is released, where San Francisco Ruby Conference started ticket sales, and the Ruby Central situation is in the spotlight.
justin․searls․co - Digest 

🎙️ Breaking Change podcast v44.0.1 - José Valim: It's a time for builders

Direct link to podcast audio file

If you know who José Valim is, then you know he probably made a mistake by joining me for our third installment of 🔥Hotfix🔥. The inventor of the Elixir programming language is at it again with his colleagues at Dashbit and they've got a new product called Tidewave. It's a coding agent with a twist: it has such a deep level of integration with your web framework that it can get the executable feedback it needs to tackle the entire feature development lifecycle.

I do eventually let him plug the tool (and our conversation genuinely makes me want to try it—I logged a todo and everything!), but to be on Hotfix you gotta bring a thorny problem to the…

The Rails Tech Debt Blog 

Rails and Ruby Compatibility in 2025: Which Setups Will Be Unsupported After October 1st?

Rails 7.1 has been a dependable workhorse since its release in 2023. But on October 1, 2025, Rails 7.1.x will lose official security support. That means no more patches for new vulnerabilities, no more backports, and no safety net if a zero-day exploit lands in your stack.

If you’re running Rails 7.1, your risk level depends heavily on which Ruby version you pair it with. Some Rails and Ruby combinations will be doubly unsupported after October 1st, creating “dangerous pairings” that should be upgraded immediately.

In this post, we’ll break down:

  • Which Ruby on Rails setups will lose support after October 1, 2025.
  • Why those combinations are risky.
  • How to quickly check your…

The State of Rails…

Hotwire Weekly 

Week 39 - Components without gems, Rails Views Performance, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Hotwire Caching Problem - Amanda Klusmeyer published a blog post on the Flagrant blog about a bug where session-based tab state clashes with Turbo’s navigation cache.

How to install the Bridge Components library - Joe Masilotti published a new video in which he's showing how to install his bridge-components library in a Rails application, alongside the iOS and Android Hotwire Native apps.

View Components Over Turbo Streams with Hotwire - Juan Ferrari shows how to render ViewComponents directly in Turbo Streams, replacing partials.

Rails Views Performance Matters: Can …

André Arko 

stupid jj tricks

This post was originally given as a talk for JJ Con. The slides are also available.

Welcome to “stupid jj tricks”. Today, I’ll be taking you on a tour through many different jj configurations that I have collected while scouring the internet. Some of what I’ll show is original research or construction created by me personally, but a lot of these things are sourced from blog post, gists, GitHub issues, Reddit posts, Discord messages, and more.

To kick things off, let me introduce myself. My name is André Arko, and I’m probably best known for spending the last 15 years maintaining the Ruby language dependency manager, Bundler. In the jj world, though, my claim to fame is completely…

Julik Tarkhanov 

The boss of it all

The recent Ruby Central tragedy has me in shambles, honestly. It cuts deep at the very spot where I am feeling the most insecurity and the most disenfranchisement.

The crux of the issue is creative control. Writing software is a creative endeavor, and we are just now barely getting to the understanding that even though free software promises open source, it does not promise open governance or shared ownership. Something made by a person is their creation, and in the world of pervasive corporate grift and endless growth-at-any-cost it remains one of the few, and - to my view - purest - forms of being attached to what you produce. Having creative control and exercising it is the ultimate…

justin․searls․co - Digest 

📄 Why I'm not rushing to take sides in the RubyGems fiasco

We are in the midst of a Ruby drama for the ages. I'm sure a bunch of people figured we were all too old for this shit, but apparently we are not.

This debate has been eating at me ever since the news first broke, but I've tried to keep the peace by staying out of it. Unlike most discourse about what's going on, my discomfort stems less from the issue at hand—what Ruby Central did, how they did it, and how poorly it was communicated—and more to do with how one-sided the public discussion has been. Beneath the surface of this story are the consequences of a decade-old conflict that was never fully resolved. Then and now, one side—Andre Arko and many people associated with him—has availed…

André Arko 

jj part 1: what is it

I’ve been working on a blog post about migrating to jj for two months now. Rather than finish my ultimate opus and smother all of you in eight thousand words, I finally realized I could ship incrementally and post as I finish each section. Here’s part 1: what is jj and how do I start using it?

pls, I just want to use jj with GitHub

Sure, you can do that. Convert an existing git repo with jj git init --colocate or clone a repo with jj git clone. Work in the repo like usual, but with no add needed, changes are staged automatically.

Commit with jj commit, mark what you want to push with jj bookmark set NAME, and then push it with jj git push. If you make any additional changes to that branch,…

Noteflakes 

Words Can Hurt: A Plea to the Ruby Community

I’ve been watching the recent drama within the Ruby community slowly devolve in the last few days into name-calling and virtue-signalling, and frankly just plain silliness. I won’t repeat here the details of the disagreement, and I won’t link to any posts written about what’s happened.

It is clear to me that some of this has to do with business interests of the different parties involved, some of this has to do with political views, and some of this apparently also has to with a clash of personalities. But what really troubles me is not the details of the disagreements themselves, however strongly each of us may feel about them, but rather how people have come to treat each other over…

RubySec 

CVE-2025-59830 (rack): Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

## Summary `Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended. ## Details The issue arises because `Rack::QueryParser#check_query_string` counts only `&` characters when determining the number of parameters, but the default separator regex `DEFAULT_SEP = /[&;] */n` splits on both `&` and `;`. This mismatch means that queries using `;` separators were not included in the parameter count, allowing `params_limit` to be bypassed. Other safeguards (`bytesize_limit` and…
Ruby on Rails: Compress the complexity of modern web apps 

Redirect source location logging, filterable engine routes, and more!

Happy Friday! After three weeks of conferencing, this is Greg, bringing you the news about the latest changes in your favorite framework. It was a busy week with a lot of changes, let’s dive in.

Rails Version 8.0.3 has been released!
A new version of Rails has been released. Read the CHANGELOG for the list of changes.

Deprecate usage of custom ActiveJob serializers without public #klass methods
With this change, custom Active Job serializers must have a public #klass method, the previous behavior is deprecated.

Make engine routes filterable in bin/rails routes, improve engine formatting
This pull request adds engine route filtering and better formatting in bin/rails routes.

Make all…

Charles Oliver Nutter 

JRuby and Leyden: Even Better Startup

At the end of my post on JRuby and JDK 25 startup time features, I teased a bit of the unreleased improvements from Project Leyden. It turns out the latest commits improve startup time even more, so it seems worth posting a quick follow-up!

Project Leyden is LIT

Of the many OpenJDK projects I follow, Leyden has been near the top as far as activity and interest. In the past month, there’s been 527 commits to all branches… over 15 commits per day. And this doesn’t include commits being done by contributors on their own repositories. It’s exciting to watch!

After my recent post, Aleksey Shipilëv reached out to me on Bluesky:

Aleksey Shipilëv Bluesky post about recent Leyden improvements

If you know Aleksey, you know to listen when he makes a…

Tim Riley 

Continuations, 2025/39: Momentum building

Tim Riley 

Per-slice sessions in Hanami

One of the things I do in Hanami-land is provide support. I love doing this because it helps me understand all the contours of our framework as it meets the real world. Bringing your questions is seriously one of the most helpful things you can do for Hanami right now. (At this moment, Aaron would be telling you to join our Discord!)

A question that came up this week was about how to have separate Rack cookie sessions per slice

You can achieve this by using the session middleware inside each slice in your routes:

# config/routes.rb

module MyApp
  class Routes < Hanami::Routes
    slice :main, at: "/main" do
      use Rack::Session::Cookie,
        key: "my_app.session.main",
        s…
Julik Tarkhanov 

Scheduling things in user’s time zone

Doing something at a time convenient for the user is a recurring (sic!) challenge with web applications. And the more users you have across a multitude of time zones, the more pressing it becomes to do it well.

It is actually not that hard, but it does have a few fiddly bits which can be challenging to put together. So, let’s do some time traveling.


I am currently available for contract work. Hire meto help make your Rails app better!


What makes time zones so tricky?

Time zones are tricky because they change over time. There is a global UTC clock, which has leap seconds – that’s already a bit tricky, but not that tricky. Timezones are tricky because they are d…

Remote Ruby 

Rails World 2025 Recap

In this episode, Chris and Andrew reflect on their recent trip to Rails World 2025 in Amsterdam, sharing travel adventures, highlights from the conference, and insights into major Rails announcements. From slide-heavy talks to new features like ReActionView, Action Push, Kamal Geo Proxy, Hotwire Native, and Action Text Lexxy, they explore how the Rails ecosystem continues to push developer experience forward. Hit download now to hear more!

Links


Honeybadger
Honeybadger is an application health monitoring tool built by developers…
Passenger - Phusion Blog 

Passenger 6.1.0

Passenger 6.1.0

Version 6.1.0 of the Passenger application server has been released. This release adds rpm packages for EL10 (RHEL, Rocky, Alma), as well as Debian 13 Trixie. Compatibility with Rack 2&3 is also improved.

Passenger 6 introduced Generic Language Support, or: the ability to support any and all arbitrary apps.

Rack Compatibility

Pass enger should now be compatible with both Rack 2 and Rack 3 apps when installed via a Gemfile.

Updates & improvements

  • [Ruby] Fix compatibility with Rackup while maintaining compatibility with Rack 3. Closes GH-2602.
  • A C++14 compiler is now required to compile Passenger.
  • Add rpm packages for EL10 (RHEL, Rocky, Alma).
  • [Standalone] Fixes security update checker with…

Installing 6.1.0

Please see the installation guide for advice on getting started with Passenger. Coming from a language…

Awesome Ruby Newsletter 

💎 Issue 488 - Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover

Ruby Weekly 

A troubling week for RubyGems and Bundler

#​768 — September 25, 2025

Read on the Web

The top item in today's issue focuses on a complex issue that has arisen around the RubyGems and Bundler projects. These matters are of importance to Ruby's packaging ecosystem but skip to our 'In Brief' section if the inner workings and ownership of these projects aren't of interest to you.
__
Peter Cooper, your editor

Ruby Weekly

Ruby Central and the Bundler and RubyGems Takeover

Last Friday, Ellen Dash, a long-time RubyGems maintainer, posted a PDF titled 'Ruby Central's Attack on RubyGems' explaining how the RubyGems GitHub organization was renamed, a new maintainer was…

Rails Designer 

Components in Rails without gems

Quite often I work with various clients that don’t, or want, or can’t use a third-party library like ViewComponent or similar. That leaves me with partials. Which, granted, often brings me really far early on. But then I hit a wall with maintainability and clean code (mostly too much logic in views which really triggers me). When you read up about this topic, you will often find things like helpers mentioned. The global scope of helpers is my biggest gripe with them. I only reach for one if a helper can truly be used throughout parts of the app.

In this article I want to lay out the various techniques I use for apps I started myself and for others that need more than vanilla Rails partials…

Hi, we're Arkency 

Rails 8 upgrade story: duplicate keys sneaking into our JSON responses

Rails 8 upgrade story: duplicate keys sneaking into our JSON responses

The upgrade from Rails 7.2.2.2 to 8.0.2.1 went surprisingly smoothly.
After deployment, we didn’t notice any new exceptions, and the application seemed stable.
At least at first…

First reports

After a while, we started receiving complaints from an external application consuming our JSON API.
Identifiers that were supposed to be strings suddenly started arriving as integers. 🤔

We rolled back the changes and began debugging.

The suspicious line

It turned out the problem originated in the code responsible for serializing an ActiveRecord object.
We had something like this:

attributes.merge(id: public_id)

The intention was…

André Arko 

Bundler belongs to the Ruby community

I’ve spent 15 years of my life working on Bundler. When I introduce myself, people say “oh, the Bundler guy?”, and I am forced to agree.

I didn’t come up with the original idea for Bundler (that was Yehuda). I also didn’t work on the first six months worth of prototypes. That was all Carl and Yehuda together, back when “Carlhuda” was a super-prolific author of Ruby libraries, including most of the work to modularize Rails for version 3.

I joined the team at a pivotal moment, in February 2010, as the 0.9 prototype was starting to be re-written yet another time into the shape that would finally be released as 1.0. By the time Carl, Yehuda, and I released version 1.0 together in August 2010,…

Charles Oliver Nutter 

JRuby and JDK 25: Startup Time with AOTCache

JDK 25 is the newest LTS release since JDK 21, and it ships with a gaggle of amazing VM-level features. This post will cover one of the most important improvements for command-line ecosystems like JRuby’s: the AOTCache (ahead-of-time cache) and its ability to pre-optimize code for future runs.

We’ll explore how AOTCache can speed up your JRuby workflow, starting with a discussion of JRuby startup time challenges and finishing with “coming soon” features that didn’t quite make it into the JDK 25 release.

The Challenge of Fast Startup on the JVM

It’s worth taking a quick look at why startup time has been such a difficult challenge for JRuby, and how we’ve worked to improve it over the…

Noteflakes 

My Thoughts on Euruko

I’ve just got back home from Euruko last night. The conference ended on Friday, but I decided to stay two more nights in Portugal and visit Porto. In between walking all over the city, eating great food and enjoying the dancing and music making in the street, I’ve also had time to think about all the wonderful people I met at the conference (and even some I’ve met and talked to by chance on the streets of Viana do Castelo and Porto), and the incredible experiences I’ve had at Euruko.

First, I’d like to express my deep appreciation for the organizers, headed by Henrique. This was my first ever programming conference that I go to, so I had no idea how it was going to go. But it was obvious…

André Arko 

Adventures in CPU contention

Recently on this blog, I wrote about in-memory filesystems in Rust, and concluded that I wasn’t able to detect a difference between any form of in-memory filesystem and using a regular SSD on macOS. I also asked anyone who found a counterexample to please let me know.

Last week, David Barsky of ERSC sent me an extremely compelling counter-example, and I spent several days running benchmarks to understand it better.

The top level summary is that the test suite for the jj VCS exhibits an absolutely huge difference between running on an SSD and running against a ramdisk. In my first reproduction attempt, I found the SSD took 239 seconds, while the ramdisk took just 37 seconds. That’s bananas!…

katafrakt’s garden 

My OCaml-flavoured Elixir style

Recently I’m finding myself leaning towards writing some Elixir code in a bit different way than the community standard. I call it, perhaps unjustly and a bit tongue-in-cheek, “OCaml-flavoured Elixir”. Now, I don’t really write OCaml well (or: at all), but I spent last 3 years working with a frontend written in ReScript. And I think in recent months it started to affect how I think about the Elixir code.

But to start the conversation, let me show you what I actually mean:

def close_ticket(ticket_id, actor_id) do
  fetch_ticket = fn ->
    Repo.get(Ticket, ticket_id)
    |> Result.wrap_not_nil(:ticket_not_found)
  end

  fetch_user = fn ->
    Repo.get(User, actor_id)
    |> Result.wrap_no…
Planet Argon Blog 

"Tidy First" by Kent Beck - Asking the Right Questions About Software Change

"Tidy First" by Kent Beck - Asking the Right Questions About Software Change

Kent Beck’s "Tidy First?" isn’t just a book about refactoring—it’s a guide to making change less painful by starting small.

Continue Reading

justin․searls․co - Digest 

📄 How to automatically add chapters to your podcast

A frequent request from listeners of my Breaking Change podcast has been for chapter support. At one point, I tried to manually incorporate this into my (extremely light) editing workflow, but it was fiddly and error-prone to do manually.

That is, until yesterday, when I had the thought, "what if I had a script that could detect each time the audio switched from mono to stereo?"

See, like most podcasts, I record my voice in mono, but the music jingles (or "stingers") are all in stereo. And because each mono segment is punctuated by a stereo stinger, the resulting timestamps would indicate exactly where the chapter markers ought to go.

So, an hour later, some new shovelware was born! I call…

Closer to Code 

When Responsibility and Power Collide: Lessons from the RubyGems Crisis

The Ruby community experienced significant turbulence in September 2025 when Ruby Central forcibly took control of the RubyGems GitHub organization, removing long-standing maintainers without warning. As someone who has worked extensively on RubyGems security - first independently and later with Mend.io - protecting our ecosystem from supply chain attacks and handling vulnerability reports, I found myself caught between understanding the business necessities and being deeply disappointed by the execution.

I should clarify: I'm not affiliated with Ruby Central, but I've been working behind the scenes to keep RubyGems secure for years. Most people don't realize the constant vigilance…

Evil Martians 

Flaky tests, be gone: long-lasting relief for chronic CI retry irritation!

Authors: Artur Petrov, Backend Engineer, and Travis Turner, Tech EditorTopics: Rails, DX, Continuous Integration, Ruby, JavaScript

Flaky tests got you down? The Evil Martians formula stops chronic CI retry irritation! Clinically proven on ClickFunnels' massive test suite and dozens of developers!

Every developer knows this pain: your test suite passes locally but fails on CI. You click "Retry" and hold your breath. It passes! But was it a real fix or just luck? Well now, no luck needed! We've helped dozens of developers from ClickFunnels, a leading sales funnel platform, go from flaky tests with ~80% success rates to 100%* reliability across their massive test suite (9k+ unit, 1k+ feature…

RoRvsWild's blog 

The Complete Guide to Dev Containers in Ruby on Rails

Dev Containers are a lightweight, semi-standardized way to provision robust development environments for applications. They can be run locally, or in a cloud environment like Github Codespaces.

Rails itself provides dev container images and features, and even a tool to create a Rails application without any prerequisites on your machine besides Docker being installed (rails-new). Additionally, you can pass --devcontainer to rails new when starting out with a greenfield Rails app.

So let’s go and see what it’s all about.

What Are Dev Containers?

In a nutshell, dev containers provide a standardized way to define portable, reproducible development environments using (Docker) containers. To…

The Bike Shed 

475: Invisible Mentorship

Sally and Aji discuss their experiences with invisible mentorship when it comes to code review.

Together they question when is the right time to have conversations with your team in a bid to chase improvement, the importance of understanding your co-workers perspectives, as well as the best ways to initiate a mentoring moment.

Check out some of the things mentioned in this episode - The Coding Train - Sarah Mel’s Livable Code

Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.

Your hosts for this episode have been thoughtbot’s own Sally Hall and Aji Slater

If you would like to support the…

Ruby on Rails: Compress the complexity of modern web apps 

Rails Version 8.0.3 has been released!

Hi everyone,

I am happy to announce that Rails 8.0.3 has been released.

CHANGES since 8.0.2

To see a summary of changes, please read the release on GitHub:

8.0.3 CHANGELOG To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as…

Robby on Rails 

Talking Shop with Ruby & Rails Maintainers at Rails World 2025

As the opening keynote on Day 2 of Rails World 2025, I had the chance to host a panel with three people who’ve been shaping the direction of both Ruby and Rails from deep within the internals.

We covered a lot in an hour:

  • What they’ve been working on behind the scenes
  • Which areas of Ruby and Rails could use more community support
  • The evolving release process for the language
  • Why Hiroshi’s focused on improving the experience for developers on Windows
  • How security fixes are coordinated across multiple versions
  • Performance work related to YJIT and ZJIT
  • JSON parsing performance and…

There’s even a moment where Aaron and Jean get into a friendly disagreement about performance and priorities. If you enjoy technical nuance and sharp perspectives, you’ll appreciate that exchange.

And yes… I asked Aaron about his favorite Regular…

SINAPTIA 

Rails views performance matters: can `render` slow you down?

Classic performance optimization strategies in a Ruby on Rails application involve moving slow or expensive logic to background jobs, looking at slow queries and adding missing indexes, or tracking and fixing N+1 query issues. The view layer, most of the time overlooked, should also be a target for performance improvements. In this post, we will do a quick recap of the different rendering strategies in Rails, benchmark them to set the base, and analyze them to decide when to use them (or when not to).

Rendering strategies in Rails

In Rails, we can render a template in many ways. To illustrate the different rendering strategies, we’re going to use a simple Rails 8 app, like the one in the…

Greg Molnar 

Ruby Triathlon 2025

September is conferencing season for me, and this year, I decided to do the Ruby Triathlon, so I attended Rails World in Amsterdam, FriendlyRb in Bucharest, and EuRuKo in Viana do Castelo.

justin․searls․co - Digest 

🎙️ Breaking Change podcast v44 - Can't get it up

Direct link to podcast audio file

Hey, look! Breaking Change now has chapter support for each segment! More on how I did that while still upholding my commitment to laziness later.

I didn't get a good job connecting this version's release to what I was referencing, so to be clear I was referring to my heart rate as opposed to any other bodily functions. The other ones are getting up just fine, thank you. Get your head out of the gutter.

Thanks for all the great e-mails the last couple weeks! Throw yours on the pile at podcast@searls.co. Hopefully Fastmail won't lose it.

For the folks who pronounce URLs like Earls:

Avo's Publication Feed 

Rails API Authentication with the auth generator

Let's learn how to add API authentication with the Rails 8 auth generator: exploring the different approaches and integrating it with a frontend application.
Hotwire Weekly 

Week 38 - Rails World 2025 recordings, Lexxy File Validations, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another, slightly delayed, issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

Rails World 2025 talk recordings - The Rails Foundation published the recordings for Rails World 2025. Here are direct links to the Hotwire-adjection talks:

Hotwire Native is extremely future proof - Dennis Paagman explains how iOS 26's…

Tim Riley 

Continuations, 2025/38: Tutorial style

  • A light week for me. My usual Hanami Friday was spent at a work retreat. As no small consolation, I got to visit beautiful Hamilton Island and spend a good amount of time in the ocean.

  • I did start the week by finishing and posting my Rodauth tutorial: Rodauth, meet Hanami. I hadn’t written a tutorial-style post in a long time, and I really enjoyed putting this one together! I hope it’s a valuable resource to Hanami users looking for authentication in their apps.

    I hope to share more material like this in the future. It squarely addresses “Help our users be more successful with Hanami” from our 2025 goals. While I’m happy to bootstrap this, I also think posts like this are perfect…

Greg Molnar 

On RubyCentral and Rubygems

I finally had a little time to look more into the Rubygems drama. I don’t know anything else than what you can publicly read and it looks like that information is also hard to trust.