Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
Island94.org 

Conflicted and commingled

More than a decade ago, I was seated on the jury of a civil trial for “complex litigation”. I’ll try to keep this quick, but the case does come to mind more frequently than I would have imagined at the time.

In this trial, the plaintiff. a pharmaceutical company. was suing the defendant, a chemistry professor, for fraud. The chemistry professor, as part of his day job at a university, would create a bunch of novel molecules (put a carbon there, or an extra hydrogen here) that the university would test for various interesting bio-medical properties, and then license them to pharmaceutical companies for commercialization.

In this specific instance, the pharmaceutical…

Hotwire Weekly 

Week 43 - Swift SDK for Android, Liquid Glass Tab Bar, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


❤️ Sponsors

Rails Blocks is a growing library of 250+ beautiful, simple and accessible Rails UI components to you build modern, delightful apps faster. Sponsor

Visit railsblocks.com and make your Rails app more delightful today Visit railsblocks.com and make your Rails app more delightful today

No more reinventing the wheel, just copy-paste the Stimulus controllers, and the component into your codebase, and save hundreds of hours of dev time. Use code HotwireWeekly to get 40% off and start building with Rails Blocks.

Thank you to Rails Blocks for sponsoring this issue of Hotwire Weekly!


📚 Articles, Tutorials, and Videos

Debugging Hotwire Native -…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v45 - Developer Strap-on

Direct link to podcast audio file

This may be the version 45 release of Breaking Change, but when you factor in its Hotfixes and Feature Release entries, this is somehow the 50th episode of the show!

Why? Why are we still doing this to ourselves? Write in your answer and how you feel about yourself as a result to podcast@searls.co. Seriously, I need some new material.

The web runs on links, so have some:

Tim Riley 

Continuations, 2025/43: Countdown continues

André Arko 

We want to move Ruby forward

On September 9, without warning, Ruby Central kicked out the maintainers who have cared for Bundler and RubyGems for over a decade. Ruby Central made these changes against the established project policies, while ignoring all objections from the maintainers’ team. At the time, Ruby Central claimed these changes were “temporary". However,

  • None of the “temporary” changes made by Ruby Central have been undone, more than six weeks later.
  • Ruby Central still has not communicated with the removed maintainers about restoring any permissions.
  • Ruby Central still has not offered “operator agreements” or “contributor agreements” to any of the removed maintainers.
  • The Ruby Together merger agreement
justin․searls․co - Digest 

📸 The new Developer Strap delivers 20 Gbps to M2 Vision Pro

Like many other Vision Pro sickos, I was far more excited about this week's announcement of a newly-updated Developer Strap than I was about last week's news of the M5 Vision Pro itself.

Why? The original strap allowed you to connect your Vision Pro to a Mac, but at unacceptably slow USB 2.0 (480 Mbps) speeds. This still achieved much lower latency connection than WiFi, but the image quality when running Mac Virtual Display over the USB connection was rendered far too blurry to be worthwhile. The new strap, however, offers a massively-upgraded 20 Gbps connection speed. I rushed to order one at the news, because, in theory, those speeds ought to offer the absolute best experience…

While Apple's support…

Ruby Central 

Source of Truth Update – Friday, October 24, 2025

We appreciate the community’s patience and grace as we briefly paused our regular cadence of weekly updates. Out of respect for last week’s announcement from Matz and its importance to the community, we held this Q&A until today. For this week’s update, we’re sharing a collection of all the questions that have been presented to Ruby Central over the past several weeks. To respect privacy and consent, we are not attributing where individual questions originated, but in the spirit of transparency and equitable communication, we are including them all here. 

Many of the questions we received overlapped or touched on similar themes, so we’ve organized them into groups. This makes it easier to…

Ruby on Rails: Compress the complexity of modern web apps 

Rails 8.1 released!

Hi, Emmanuel Hayford here. This one will be quick!

Two days ago, Rails 8.1 was released! Rails 8.1 comes with a lot of rad features. Among them are Active Job Continuations, Structured Event Reporting, Local CI, Markdown Rendering, and a ton more! You can read details about this release or check the release notes. If you want to see the commits that make up 8.1, you can check them out.

Enjoy your weekend!

You can view the whole list of changes here. We had 40 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.

Hongli Lai 

Clear Kubernetes namespace contents before deleting the namespace, or else

Our Kubernetes platform test suite creates namespaces with their corresponding contents, then deletes everything during cleanup. We noticed a strange problem: namespace deletion would sometimes get stuck indefinitely. The root cause was surprising — we had to clear the contents before deleting the namespace! We also learned that getting stuck isn’t the only issue that can occur if we don’t do this.

This was counterintuitive because Kubernetes automatically deletes a namespace’s contents when you delete the namespace itself. So why does the order matter? Here’s what can go wrong if you delete the namespace first (or simultaneously with its contents):

  1. When you initiate namespace…

Awesome Ruby Newsletter 

💎 Issue 492 - Ruby Core Takes Ownership of Rubygems and Bundler

Charles Oliver Nutter 

Warbled Sidekiq: Zero-install Executable for JVM

In my previous post, I showed how to use Warbler to package a simple image-processing tool as an executable jar. This post will demonstrate how to “warble” a larger project: the Sidekiq background job server!

Warbling Sidekiq

Sidekiq is one of the most successful packaged software projects in the Ruby world. It provides high-scale background job processing for Ruby applications atop Redis, and it has been commercially successful via enterprise features and support arrangements. It also happens to work great with JRuby and takes advantage of our excellent parallel threading capabilities.

Seems like a perfect use case for Warbler!

The Easy Way

The easiest way to set up a new warbler…

lucas.dohmen.io 

Optimizing Webfonts

Fonts are a critical part of web performance: Custom fonts can cause significant layout shifts, and their file size can be quite enormous. The fastest option is to bypass them completely by using web-safe fonts. However, a custom font can provide a lot of personality to a website, so many web designers consider them indispensable. So how can we make a font as small as possible to reduce its impact on web performance?

Typefaces

Let’s use Fixel, the font I’m using on this website, as an example. Fixel comes in three variants:

  • A display variant for headings
  • A text variant for continuous text
  • A variable font

Both the text and display typeface come in 9 weights in both italic and…

Ruby Weekly 

Matz addresses the RubyGems situation

#​772 — October 23, 2025

Read on the Web

Ruby Weekly

The Ruby Core Team Takes Ownership of the RubyGems Repo — After several weeks of confusion, the RubyGems/Ruby Central situation reaches a conclusion with ownership of the RubyGems and Bundler repos shifting to the Ruby core team. Ruby Central will, however, continue to manage and govern the projects jointly with the Ruby core team. On X, Rich Kilmer, one of RubyGems' co-creators has celebrated this outcome.

Yukihiro Matsumoto a.k.a. Matz

💡 Ruby Central has also issued a statement on this new development.

Track Every Key with Memetria K/V — Visualize…

Avo's Publication Feed 

Quickly clear the Rails cache in development

Sometimes you just need to quickly clear the cache when working in your development environment. Here's a quick snippet to make that easier.
Avo's Publication Feed 

Log SQL queries in the Rails console

When debug queries in the console I often want to see the raw DB queries being made. Here's a quick little piece of code which will make those queries visible in the console.
Ruby News 

Ruby 3.3.10 Released

Ruby 3.3.10 has been released.

This release includes an update to the uri gem addressing CVE-2025-61594, along with other bug fixes. Please refer to the release notes on GitHub for further details.

We recommend updating your version of the uri gem. This release has been made for the convenience of those who wish to continue using it as a default gem.

Download

Rails Designer 

Announcing Attractive.js, a new JavaScript-free JavaScript library

After last week’s introduction of Perron, I am now announcing another little “OSS present”: a JavaScript-free JavaScript library. 🎁 Say what?

👉 If you want to check out the repo and star ⭐ it, that would make my day! 😊

Attractive.js lets you add interactivity to your site using only HTML attributes (hence the name attribute active). No JavaScript code required. Just add ⁠data-action and, optionally, data-target attributes to your elements, and… done! Something like this:

<button data-action="addClass#bg-black" data-target="#door">
  Paint it black
</button>

<p id="door">
  Paint me black
</p>

Or if you want to toggle a CSS class, you write: data-action="toggleClass#bg-black". Or toggle…

Aha! Engineering Blog 

Streaming AI responses and the incomplete JSON problem

Modern LLM providers can stream their responses. This is great for user experience — instead of a loading spinner, users see the response being generated in real time. They can also call external functions (also called "tools"): search your database
Evil Martians 

Why we're excited about the SF Ruby conference

Author: Travis Turner, Tech EditorTopic: Developer Community

SF Ruby and Evil Martians are excited to invite you to our premier event: the San Francisco Ruby Conference.

You still have time to grab your late bird SF Ruby ticket! Come say hello to Evil Martians in real life and join the creative, generous, and unapologetically mischievous Ruby community at SF Ruby!

Ruby on Rails: Compress the complexity of modern web apps 

Rails 8.1: Job continuations, structured events, local CI

Rails 8.1 represents the work of over 500 contributors across 2500 commits since our last major release. After some weeks of people trying the betas and releases candidates, we are excited to share the final release.

This release shows the stability of Rails, with applications like Shopify and HEY running it in production already for months.

Here are a few of the highlights:

Active Job Continuations

Long-running jobs can now be broken into discrete steps that allow execution to continue from the last completed step rather than the beginning after a restart. This is especially helpful when doing deploys with Kamal, which will only give job-running containers thirty seconds to shut down…

Robby on Rails 

Who Keeps the Lights On?

Every so often, someone in the Ruby community will ask,
“So… what does Planet Argon actually do these days?”

Fair question.

We’re not a startup factory.
We don’t parachute in to build a shiny MVP, disappear, and leave you with a maintenance headache.
Most of our work begins after the launch party.

We get the call when the freelancer moves on.
When the agency shifts its focus.
When the last in-house developer, the one who knows every corner of the codebase, decides it’s time to retire.

It’s rarely a crisis.
It’s usually a quiet realization…
“This system runs part of our business. We can’t afford for it to fail… but we don’t need a full-time team to babysit it.”

That’s where we come in.

The Rails Tech Debt Blog 

Rails 8.1 new API: `Rails.event.notify(…)`

Rails 8.1 is set to bring a new API, Rails.event.notify(...), that will help make it simple to publish structured events that are immediately consumable by monitoring and Application Performance Monitoring (APM) platforms like Datadog, AppSignal, New Relic, or Honeycomb.

In this post, we’ll look at how it works, why it matters, and how to prepare your app for data-hungry observability tools.

The Problem: Rails AS::Notifications and Scattered Instrumentation

If you’ve ever tried to add observability to a Rails app, you’ve probably touched ActiveSupport::Notifications API. It offers flexibility, but requires boilerplate code and can be inconsistent across projects.

Many applications…

Charles Oliver Nutter 

Packaging Ruby Apps with Warbler: Executable JAR Files

Warbler is the JRuby ecosystem’s tool for packaging up Ruby apps with all dependencies in a single deployable file. We’ve just released an update, so let’s explore how to use Warbler to create all-in-one packaged Ruby apps!

Application Packaging for the Java World

The Java world has been creating distributable, “run anywhere” packages since Java was first released in 1996. Java source code is compiled to bytecode, stored in .class files and then archived together with metadata in JAR files (Java ARchive) that can be run as command-line executable files or as deployable web applications. A JAR file is just a zip file, laid out in a specific way to contain the code and resources your…

justin․searls․co - Digest 

🎙️ Merge Commits podcast - The Ruby AI Podcast: The TLDR of AI Dev

Direct link to podcast audio file

Joe Leo and Valentino Stoll sat with me to talk about why I quit speaking and an exciting year of iteration on AI development workflows.

Appearing on: The Ruby AI Podcast
Published on: 2025-10-25
Original URL: https://www.therubyaipodcast.com/2388930/episodes/18044989-the-tldr-of-ai-dev-real-workflows-with-justin-searls

Comments? Questions? Suggestion of a podcast I should guest on? podcast@searls.co

Planet Argon Blog 

Rails World 2025 and Large Applications Lessons

Rails World 2025 and Large Applications Lessons

Our developer, Sergiu Truta, reflects on Rails World 2025—what’s new, what’s next, and how Rails continues to evolve with its community.

Continue Reading

Notes to self 

devise-otp 2.0 released

The OTP plugin for Devise I help to maintain goes 2.0 this week. Here is what’s new and how to upgrade.

What’s new

We tried to address a couple of things in this release, mainly support for lockable strategy, improving locale files, and fixing Hotwire and Remember me support. On top we refactored some code, cleaned up ERB views, and added Rubocop and linting.

Most of these things are self-descriptive but it might be important to note that the devise-otp shares failed login counter with lockable for now. In a way, a login failure is a login failure at the end of the day.

We also have some breaking changes that warrant the big version bump. Laney Stroup refactored browser persistance to…

Tosbourn – Belfast based Ruby developers 

Threat Intelligence Issue 3

This is our third threat intelligence post. Each week, if appropriate, we will aim to share some wider industry news that might impact our clients. We didn’t have one last week because there was nothing of major importance.

This issue will be covering; Ruby, and some wider points.

Ruby

Last week, a PR into Rails main means that the CVE information in the stock bin/bundler-audit will be kept up to date, meaning it is more useful, and avoids false positives.

Matz has written about the transition of RubyGems stewardship from Ruby Central to the Ruby core team. This will hopefully stabilise some of the discontent in the Ruby community.

Wider / Misc notes

AWS had a major outage, impacting…

Short Ruby Newsletter 

Short Ruby Newsletter - edition 153

The one where Rails announced 8.1.0RC1, Hanami announced v2.3.beta2 and Ruby Core assumes stewardship for RubyGems and Bundler
The Bike Shed 

479: Hardly Strictly Remotely In-Person

Aji and Sally set out to crack the problems surrounding remote working as they share their thoughts on the various aspect of working from home.

Together they discuss their time at the recent thoughtbot summit in Amsterdam, how they felt about working in-person again, what they took away from the experience, the best remote solutions they’ve found to recreate that in-person feeling, and what friction points about remote working still linger for them both.

Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.

Sign up for thoughtbot’s open summit at the end of the month.

Your hosts for this…

justin․searls․co - Digest 

✉️ The Generative Creativity Spectrum

This is a copy of the Searls of Wisdom newsletter delivered to subscribers on October 18, 2025.

It's me, your friend Justin, coming at you with my takes on September, which are arriving so late in October that I'm already thinking about November. To keep things simple, I'll just try to focus on the present moment for once.

Below is what I apparently put out this month. I'm sure I did other shit too, but none of it had permalinks:

The Rails Tech Debt Blog 

Rails 8.1 new API: `Rails.event.notify(…)`

Rails 8.1 is set to bring a new API, Rails.event.notify(...), that will help make it simple to publish structured events that are immediately consumable by monitoring and Application Performance Monitoring (APM) platforms like Datadog, AppSignal, New Relic, or Honeycomb.

In this post, we’ll look at how it works, why it matters, and how to prepare your app for data-hungry observability tools.

The Problem: Rails AS::Notifications and Scattered Instrumentation

If you’ve ever tried to add observability to a Rails app, you’ve probably touched ActiveSupport::Notifications API. It offers flexibility, but requires boilerplate code and can be inconsistent across projects.

Many applications…

Gusto Engineering - Medium 

4 Rules for Efficiency: Designing the Systems That Help You Work at Your Best

This post is part of our Engineering Productivity Series, where engineers and leaders from Gusto share the practices and mindsets that help us do our best work, sustainably! Read the first installment where Wouter offers us practical productivity habits.

In this second installment, Asaf explores how efficiency isn’t about working faster, but about understanding your own way of thinking, focusing, and creating — and designing your work around it.

A cozy, modern home office setup featuring a wooden desk with dual monitors — one vertical displaying code and the other horizontal showing a design program. A sleek mechanical keyboard, small control pad, and wireless mouse rest neatly on the desk. A black and gray ergonomic gaming chair sits in front, while two wooden speakers, a candle, and framed sunset photos on floating shelves add warmth and personality to the minimalist workspace. The soft lighting creates an inviting, focused atmosphere

A Boeing cockpit looks different from an Airbus cockpit.

Both can fly thousands of miles safely, but the layout — the buttons, screens, and controls — are completely unique.

Side-by-side comparison of two airplane cockpits — the Airbus cockpit on the left with sleek, modern glass displays and side-stick controls, and the Boeing cockpit on the right featuring more analog-style instruments, control yokes, and a busier panel layout.A Boeing cockpit looks different from an Airbus cockpit.

That’s how I think…

Ruby on Rails: Compress the complexity of modern web apps 

Bound SQL literals in CTEs, new tutorial and more!

Hi, it’s Vipul!. Let’s explore this week’s changes in the Rails codebase.

Rails 8.1.0.rc1 was released! Rails 8.1.0 is right around the corner! Try out the latest release candidate and report any bugs you find!

The newest add-on tutorial is now live on the Rails tutorials page!
In this guide, you learn how to add Wishlist functionality to the e-commerce demo app you already started. Find this tutorial and more on the Rails tutorials page: https://rubyonrails.org/docs/tutorials

Add support for bound SQL literals in CTEs
When creating a SQL literal with bind value parameters, Arel.sql returns an instance of Arel::Nodes::BoundSqlLiteral, which is not currently supported by #build_with_expre…

Notes to self 

InvoicePrinter 2.5 with QR images and Ruby 3.4 support

Today I released a new version of InvoicePrinter, my Ruby library for generating PDF invoices. Here’s what’s new.

New features

I finally implemented last feature I had in mind, QR code images. I decided not to add dependencies and keep it as a simple image, although we could consider a built-in feature later on.

To add a QR code, simply point to your QR image path:

invoice = InvoicePrinter::Document.new(
  number: 'NO. 202500000001',
  provider_name: 'John White',
  provider_lines: provider_address,
  purchaser_name: 'Will Black',
  purchaser_lines: purchaser_address,
  issue_date: '10/20/2025',
  due_date: '11/03/2025',
  total: '$ 900',
  bank_account_number: '156546546465',
  descrip…

The QR code will always appear bottom…

Noteflakes 

Papercraft 3.0 Released

I have just released Papercraft version 3.0. This release includes a new API for rendering templates, improved XML support and an improved API for the Papercraft::Template wrapper class. Below is a discussion of the changes in this version, as well as what’s coming in the near future.

A New Rendering API

Papercraft 2.0 was all about embracing lambdas as the basic building block for HTML templates. Papercraft 2.0 introduced automatic compilation of Papercraft templates into an optimized form that provides best-in-class performance. The two most important operations on templates were #render and #apply:

# Papercraft 2.0:
Greet = ->(name) { h1 "Hello, #{name}!" }
Greet.render("world") #=>…
Avo's Publication Feed 

Open Graph Image Generation in Rails

Let's learn how to add the ability to automatically generate Open Graph images using Ruby to make our web pages more attractive on social media.
John Hawthorn 

Searching Ruby's documentation

The official Ruby docs are at https://docs.ruby-lang.org/en/. This documentation (and any documentation built with rdoc 6.15.0 or greater) now can be searched using a query parameter. Check it out!

https://docs.ruby-lang.org/en/master/?q=String%23gsub

I added this to RDoc because I was fed up with accidentally ending up on a horrible 3rd party website I won’t name with 8+ year stale docs that Google inexplicably prioritizes.

If you use Kagi Search you can now search !rb String#gsub and it will take you directly to the result.

I appreciate that Kagi’s “bangs” are open source and accept contributions, but you don’t need to sign up for a service to have this ability. It seems a bit odd…

Rémi Mercier 

More Minitest::Spec shenanigans

While I already covered the basics of Minitest::Spec, I forgot to discuss a few aspects of the spec flavor. This post serves as a complement to the previous one and digs a bit deeper into some extra Minitest::Spec shenanigans.

let over @ivar

So far, in my setup, I only used ivars to store a User accessible in my test examples:

  class UserTest < Minitest::Spec
    before do
      @user = User.new(first_name: "buffy", last_name: "summers")
    end

    it "returns the capitalized full name" do
      expect(@user.full_name).must_equal "Buffy Summers"
    end
  end

However, Minitest::Spec allows me to use the let(:user) method instead of @user.

If you use RSpec, this will look very…

Remote Ruby 

Chris Is Back, Ruby Drama, Projects, and Parenthood

In this episode of Remote Ruby, Chris and Andrew catch up with Chris discussing the arrival of a new baby and the challenges of balancing work and parenting. Then, they dive into the complexities of dealing with OpenSSL 3.6 issues on their development environments, exploring various debugging attempts and ultimately finding a workaround. The conversation also touches on the ongoing drama within the Ruby community, expressing concerns about its impact and the need for unity. Additionally, they share thoughts on shows/series they’ve been watching and reflect on the joys and frustrations of nostalgic activities like building with Legos. The episode wraps up with a teaser about forthcoming…

Hotwire Weekly 

Week 42 - Two Years of Hotwire Weekly!

Hotwire Weekly Logo

Celebrating 2 Years of Hotwire Weekly! 🎉

This issue marks two years of Hotwire Weekly! Every week since launch, we’ve shared the latest news, tutorials, and projects from the Hotwire community.

Thank you for following along and supporting the newsletter!


❤️ Sponsors

Rails Blocks is a growing library of 250+ beautiful, simple and accessible Rails UI components to you build modern, delightful apps faster. Sponsor

Visit railsblocks.com and make your Rails app more delightful today Visit railsblocks.com and make your Rails app more delightful today

No more reinventing the wheel, just copy-paste the Stimulus controllers, and the component into your codebase, and save hundreds of hours of dev time. Use code HotwireWeekly to get 40% off and sta…

Tim Riley 

Continuations, 2025/42: Easy breezy

  • Big code accomplishment from me this week: completing the work I started last week, to make Hanami Action’s config.formats clearer and more flexible. I’m quite happy with where we ended up. Users can register their own custom formats and specify the exact media types they want at each stage of the request handling process: from checking the request’s Accept and Content-Type, to setting the default Content-Type on the response. I think this solves the only major hitch we’ve seen in Hanami Action usage over the last couple of years.

  • Review/merged a few nice things: showing friendlier relative paths in MissingActionError (thanks Kyle!), passing HANAMI_ENV to the reloading dev server (thank…

Write Software, Well 

Active Storage Internals: How has_one_attached DSL Works

Active Storage Internals: How has_one_attached DSL Works

People usually read fiction before going to bed. I have a strange habit of reading the Rails source code at night. Not because it puts me to sleep, but for some reason I find the process of opening the Rails codebase, picking some feature, and just reading Ruby for an hour or two strangely calming. It lets me forget everything and just get in the flow for a few hours.

Anyways, after I published the post on Active Storage Domain Model, I stayed up until 2 am last night reading the Active Storage codebase to figure out how the has_one_attached method worked. It uses a couple of interesting patterns, and thought I'd share everything I learned. So since it's a rainy Saturday, I've been writing…

Peter Zhu 

Open Source is the Most Fragile and Most Resilient Ecosystem

Some of my thoughts on the lessons we can learn from the RubyGems situation and how we can move forward.
Island94.org 

Rails 103 Early Hints could be better, maybe doesn’t matter

I recently went on a brief deep dive into 103 Early Hints because I looked at a Shakapacker PR for adding 103 Early Hints support. Here’s what I learned.

Briefly, 103 Early Hints is a status code for an HTTP response that happens before a regular HTTP response with content like HTML. The frontrunning response hints to the browser what additional assets (javascript, css) the browser will have to load when it renders the subsequent HTTP response with all the content. The idea being that the browser could load those resources while waiting for the full content response to be transmitted, and thus load and render the complete page with all its assets faster overall.

If…

justin․searls․co - Digest 

🎙️ Breaking Change podcast v44.0.2 - Mike McQuaid: If you don't like it, Quit

Direct link to podcast audio file

Post-recording update: As I've been lobbying for (both publicly and behind the scenes), it has been announced that the RubyGems and Bundler client libraries are being transferred to Matz and the Ruby core team.

Mike McQuaid (of Homebrew fame) and I scheduled this episode of Hot Fix a week before the Ruby community exploded. Hot Fix is all about getting spicy, but even we were a little wary of the heat in that particular kitchen. The problem Mike brought to the table is the same one he's always on about: open source is not a career. Incidentally, Mike's favorite topic also happens to be relevant to the latest RubyGems controversy—because it all boils…

Not content to miss out on the…

Ruby Central 

Ruby Central Statement on RubyGems & Bundler

Earlier today, the Ruby core team announced the transfer of repository ownership for RubyGems and Bundler to the Ruby core team. This decision reflects our shared commitment to the long-term stability and growth of the Ruby ecosystem.

While repository ownership has moved, Ruby Central will continue to share management and governance responsibilities for RubyGems and Bundler in close collaboration with the Ruby core team. We remain deeply committed to strengthening security, performance, and the developer experience through ongoing investments, grants, and active development.

  • Ruby Central will continue to own and operate rubygems.org for the community.
  • RubyGems and Bundler remain open source…
Ruby News 

The Transition of RubyGems Repository Ownership

Dear Ruby community,

RubyGems and Bundler are essential official clients for rubygems.org and the Ruby ecosystem, bundled with the Ruby language for many years and functioning as part of the standard library.

Despite this crucial role, RubyGems and Bundler have historically been developed outside the Ruby organization on GitHub, unlike other major components of the Ruby ecosystem.

To provide the community with long-term stability and continuity, the Ruby core team, led by Matz, has decided to assume stewardship of these projects from Ruby Central. We will continue their development in close collaboration with Ruby Central and the broader community.

We want to emphasize the following…

Hanami 

Announcing Hanami 2.3 beta2

Two weeks after beta1, it’s time for 2.3 beta2!

This will be our last beta, and we’re aiming for the full 2.3 release in two weeks. Read on to see what’s new.

hanami run command

You can now can run your own scripts and code snippets with the hanami run command!

$ bundle exec hanami run my_script.rb
$ bundle exec hanami run 'Hanami.app["repos.commit_repo"].all.count'

Improved action formats config

Our previous approach to action formats config (config.formats in action classes or config.actions.formats in app or slice classes) made it too hard to configure and use your own custom formats. We’ve now overhauled this config and…

This is an important…

André Arko 

jj part 4: configuration

Just like git, jj offers tiers of configuration that layer on top of one another. Every setting can be set for a single repo, for the current user, or globally for the entire system. Just like git, jj offers the ability to create aliases, either as shortcuts or by building up existing commands and options into new completely new commands.

Completely unlike git, jj also allows configuring revset aliases and default templates, extending or replacing built-in functionality. Let’s look at the ways it’s possible to customize jj via configurations. We’ll cover basic config, custom revsets, custom templates, and custom command aliases.

config basics

Let’s start with some configuration basics. You…

Alexandre's Blog 

What's new Alex?

A quick update about the blog and where I'm at
Awesome Ruby Newsletter 

💎 Issue 491 - Rubygems.org AWS Root Access Event – September 2025

Write Software, Well 

Active Storage Domain Model: Blobs and Attachments

Active Storage Domain Model: Blobs and Attachments

Active Storage is a wonderful library for managing file uploads in Rails. But terms like blob and attachment are easy to mix up, and that confusion can remain even after you’ve been using Active Storage regularly. I’ve run into that myself. I’ve used Active Storage for a long time in several projects, without ever really understanding how models, blobs and attachments worked together.

So I decided to read up and really understand the whole system, and what follows is my understanding of the Active Storage domain model. Once you understand their roles, it becomes easier to reason about file uploads, deletions, and reuse. This understanding is really useful as your app grows over time and you…

Ruby Weekly 

Reminisicing about Ruby's neighbor Perl

#​771 — October 16, 2025

Read on the Web

Ruby Weekly

Lost in Minitest? Start Here! — I’m a big Minitest fan, but RSpec is still the most common testing framework in most survey results I see. Remi’s article will help, though, if you want to make the move to an option that comes with Ruby’s standard library and is the default solution in Rails.

Remi Mercier

💡 If you still prefer spec-style tests, Remi followed up with a look at Minitest::Spec, a way to get spec-style syntax in Minitest.

❤️ Giving Back After 17 Years in Rails — After building 50+ Rails products, we’re giving back with a free 30-min tech…

Rails Designer 

Introducing Perron: Rails-based static site generator

I am excited to introduce Perron, an OSS Rails-based static site generator (SSG). This one has been in the making for years. Not that the actual building took years—it was just a few hours every week over the last months—but conceptually I have been thinking about this for a long time.

Want to check it out right away? Check out and ⭐ the repo or explore the docs. 👈

So… another static site generator? In 2025? While there are already hundreds (thousands?) of similar tools out there? Why?!

Good question! For one, because I can. 🤷 But more importantly all of the existing (great!) SSG, including those written in Ruby, do not match the framework I built my products in, which happens to be…

All about coding 

How to Use Pattern Matching to Locate Elements in a Hash Array

Having the following structure of a Hash that includes an Array of Hashes, for example, and you want the email of a moderator:
system = {  users: [    { username: 'alice', role: 'admin', email: 'alice@example.com' },    { username: 'bob', role: 'user', email: 'bob@example.com' },    { username: 'charlie', role: 'moderator', email: 'charlie@example.com' }  ]}moderator = system[:users].find { |u| u[:role] == 'moderator' }email = moderator[:email] puts email # charlie@example.com

Now here is doing the same thing in Ruby using pattern matching:

system = {  users: [    { username: 'alice', role: 'admin', email: 'alice@example.com' },    { username: 'bob', role: 'user', email: 'bob@example.com' },  …
Planet Argon Blog 

Red Flags That Signal Growing Technical Debt: What FastRuby Has Learned from Client Projects

Red Flags That Signal Growing Technical Debt: What FastRuby Has Learned from Client Projects

Our friends at FastRuby share how to spot the quiet warning signs of growing technical debt and how to address it strategically instead of reactively.

Continue Reading

Evil Martians 

Debug AI fast with this open source library to visualize agent traces

Authors: Gleb Stroganov, Product Designer, and Travis Turner, Tech EditorTopics: AI, AI integration

Debugging AI agents shouldn’t mean digging through endless JSON. AgentPrism, an open-source React component library by Evil Martians, turns raw OpenTelemetry traces into clear visualizations, instantly revealing loops, errors, and cost spikes. Built with Quotient AI, AgentPrism helps teams ship reliable, production-grade AI systems up to 5x faster.

AI agents fail silently, loop endlessly, skip steps, and give wrong answers. If you're debugging them by parsing JSON logs at midnight, you're suffering needlessly. At Evil Martians, we've built enough AI agents to intimately know this pain: 4-hour…

Alchemists: Articles 

Git Commit Empty

Cover
Git Commit Empty

Sometimes, when working in a feature branch, you’ll find yourself wishing you could segment your work without having to create and maintain multiple feature branches. Thankfully, Git has a nifty way of handling this use case via empty commits. Example:

git commit --allow-empty --no-verify --message "----- End of API Work -----"

The above can broken down as follows:

  • --allow-empty: Makes empty commit creation possible.

  • --no-verify: Bypasses Git Hooks since empty commits will most likely trip up your lint checks.

  • --message: Specifies the commit subject. The five dashes (-) on each side of the message makes for a nice — and clear — visual que when reviewing…

When creating an empty commit, you’ll only have the commit message (subject) which, as shown above, is: "----- End of…

justin․searls․co - Digest 

🔗 Good coding agent advice

I'm two weeks behind on the newsletter, so I was trying to be responsible by resisting the urge to document the success I've had with my current coding agent setup. My self-restraint has paid off, as Peter Steinberger essentially wrote the exact post I was planning to write.

There's lots of good nuggets in here, and it's uncanny how many I agree with:

  1. I also use Codex CLI (well, this fork) on a $200 ChatGPT Pro plan. Claude Code was an epiphany, but their models are overrated for the task, whereas GPT 5's variants are more adherent and diligent across the board. OpenAI's usage limits are virtually infinite by comparison, too
  2. I run 3-6 agents in parallel (usually up to 3 per project and up…
Ruby Magic by AppSignal 

Render a Component Preview In Showcase for Ruby on Rails

In part one of this series, we walked through how to use Showcase in a Rails app.

It's now time to read some Ruby code written by experienced Rails developers. To do this without getting lost, we'll choose one feature of the showcase engine and analyze how it works: rendering a preview of a component.

Let's get started!

About Showcase's Button Component Preview

If we visit http://localhost:3000/docs/showcase/previews/components/button in the browser, we should see the complete documentation for a button component:

Showcase button documentation

According to the showcase documentation, this view is generated by the following code in the test/dummy application:

<%#…
All about coding 

Ruby on Rails: Loading Locales with Yes, No, On, and Off

Ruby on Rails uses the gem psych to load the YAML files for locales.

If you have something like this in your en.yml file:

en:  terms:    yes: Yes    no: No    switch_on: On    switch_off: Off    accept: true    reject: false

And then you will try to load them via Rails console like this:

I18n.locale = :en # make sure you have set a default localeI18n.backend.send(:translations)[:en][:terms]# => {true => true, false => false, switch_on: true, switch_off: false, accept: true, reject: false}

Notice there that there is no key yes, no and more so all values Yes, No, On Off, true, false were converted to TrueClass or FalseClass in Ruby.

That for me was quite interesting so I dig deeper to understand…

The Code Gardener 

Vision, Mission, Values

Vision, Mission, Values

There seems to be a lot of confusion about vision and mission statements, what each is for, and how they should be structured. I honestly could not find a canonical definition for either. So, I wrote my own. Values are equally as important, so I've included them here, too.

Vision

A vision statement should be an inspirational postcard from an aspirational future. It should be brief. It should paint a picture. And it should make you wish you were there!

A great example is Microsoft's 1980s vision statement:

A computer on every desk and in every home, running Microsoft software.

Mission

A mission statement describes an organization's reason for being. These statements often take the structure of,…

Ryan Bigg Blog 

Hanami for Rails Developers: Part 4: Associations

In the first three parts of this guide, we set about building up a way that works with a table called books to display these records through some controller actions, and to allow us to create more and edit them in forms.

In this part, we’re going to cover how we can set up an association to books called reviews. We’ll create a new table for this, and work out how to display reviews next to books on the books.show page. In this part, we’ll be spending a lot of time working back on our repositories and relations.

Creating the table

To get started, we first need to create a table called reviews.…

Saeloun Blog 

Lexxy - The next generation rich text editor for Rails

What is Lexxy?

Lexxy is a new rich text editor for Action Text, developed by Basecamp. It is built on top of Lexical.

Lexical is a fast, robust, flexible framework for building text editors, developed by Meta (and used in WhatsApp and Facebook apps).

Lexxy makes it easy to write and format rich text content. It is designed to work smoothly with Action Text and Active Storage, so users can add images, videos, and other files directly in the editor.

Motivation for Lexxy

Lexxy was created because Trix didn’t meet Basecamp’s expectations or support all the features they wanted to offer. With Lexxy, the team now has a strong foundation to build on.

Let’s see which features Lexxy…

Rémi Mercier 

What is Minitest::Spec?

In my previous post, I talked a lot about how Minitest comes in various syntax flavors. One flavor I did not cover much is Minitest’s spec extension.

Before I dive in with a dedicated post about assertions, I want to cover this RSpec-style way of writing tests.

Minitest syntax flavors: a recap

As I wrote in my previous post, Minitest comes in multiple flavors:

  • plain Minitest: def test_this_method
  • Rails’ style: test "this method"
  • and a spec system called Minitest::Spec: it "tests this method"

Each flavor changes the syntax we use to define our test files and our test examples. The changes in the DSL are minimal, in the sense that they all look familiar to Ruby developers.

Assert…

Josh Software 

Your First MCP Server: A Complete Beginner’s Guide

If you’ve been exploring the Model Context Protocol (MCP) ecosystem and want to set up your first MCP server, you’re in the right place.This guide will take you from “Zero to MCP hero” – even if you’ve never touched MCP before. We’ll set up an MCP server, connect it to a client using MCP Inspector, and run it interactively. … Continue reading Your First MCP Server: A Complete Beginner’s Guide
Short Ruby Newsletter 

Short Ruby Newsletter - edition 152

The one where Falcon is powering Shopify at scale, where we find out about Herb Linter will support fix and where we found about Ruby 3.4.7 release.
The Bike Shed 

478: ADHD at work

Aji and Sally sit down to discuss their struggles with ADHD and the systems they have in place to stay focused at work.

They each share the note taking systems and tools they use to navigate a normal working day, how they came to fully understand and manage their ADHD, and Sally reminds us all why it’s very important to use a slash in your Slack reminders.

This episode of the Bike Shed has been sponsored by Judoscale - Autoscale the Right Way, check the link for your free gift!

Try out the reminder app Aji mentioned in this episode to help keep yourself on track.

Your hosts for this episode have been thoughtbot’s own Sally Hall and Aji Slater

If you would like to support…

Blogs on Noel Rappin Writes Here 

Ruby And Its Neighbors: Perl

Ruby takes a large part of its inspiration from two older languages:

  • Perl for general syntax and design philosophy
  • Smalltalk for Object-Oriented structure

I’ve been in kind of a writers block, for all kinds of reasons, personal and professional. I started to think about an article that I could write that would get my fingers typing, and drifted into what I could do for another “Better Know A Ruby Thing”, started thinking about String literals, wondered how I would answer the question of why Ruby has so many ways to write String literals.

The answer to that is that most of them were inherited from Perl.

In fact, a lot of Ruby’s more unusual syntax was taken from Perl.

And then I realized…

Posts on Kevin Murphy 

Tilt-back Amp Stand

Current Setup 🔗

I have a Boss Katana-50 MkII combo guitar amp. This is far from unique, but it serves my needs. It more than serves my needs, given I pretty much use it as a pedal platform.

My amp on the floor, with my pedalboard in front of it

You could argue that this is redundant given the built-in features of the Katana, and you wouldn’t be wrong. But it’s more fun for me to tweak knobs and dials that I can more easily see than play with presets. Or, even worse, have to connect it to my computer. I’m trying to get away from the computer!

Anyway, it works great for my use case, with one minor problem. I’m guessing it might sound a little…more like it’s supposed to…if the speaker wasn’t pointed at my feet.

I had an opportunity to reunite with my…

Robby on Rails 

Architecture for Contraction

We’ve spent the last decade optimizing for scale. How do we handle more traffic? More users? More engineers? The assumptions were baked in: Growth is coming. Prepare accordingly.

So we split things apart. We mapped services to teams. We built for the org chart we were about to have.

Then 2023 happened. And 2024. And now 2025.

Turns out, the future isn’t always bigger.

The Question Nobody’s Asking

What if your team gets smaller? Not as a failure scenario. As a design constraint.

What if you architect with the assumption that in three years, you’ll have less capacity than you do today? Less engineers. Less time. Less runway to maintain complexity.

How would that change what you build…

Gusto Engineering - Medium 

Productivity Habits

Goal review sheet on a table showing a calendar style grid with a checklist for progress

Have you ever felt completely stuck on a task, unsure of how to move forward? In the fast-paced world of work, it’s easy to get bogged down by blockers and context switching. This blog post details actionable productivity habits. These aren’t just concepts to grasp, but practical strategies to implement consistently until they become ingrained. By adopting these habits, you can overcome common challenges and significantly boost your work efficiency.

Stay unblocked

Proactively address challenges and adapt your approach to consistently overcome blockers and ensure continuous progress.

When I’m working on a task, I often feel blocked, sometimes by design decisions or other external factors, but I…

The Rails Tech Debt Blog 

Rails 8.1 Local CI as First-Class Support

DHH unveiled Rails 8.1 during his keynote at Rails World 2025, releasing the first beta live on stage. This new version brings a suite of tools aimed at making Rails apps simpler to build, maintain, and collaborate on. With a strong focus on developer experience and consistent workflows, Rails 8.1 helps teams sidestep common frustrations and work together more smoothly.

Continuous Integration (CI) is a cornerstone of modern Rails development. It’s a common pain for developers to run tests with slightly different commands on their own machines, while CI servers like GitHub Actions or CircleCI use their own scripts; they might also have different versions of bundler or a specific gem…

John Nunemaker 

What makes you different

Something that's been on my mind lately: Why is a customer going to choose my product? There's tens to hundreds or even thousands (looking at you CRM's) of every app for every problem. Why would someone choose mine?

Price? I'm a firm believer in charging a price that works for the customer and for you. Competing on price is a race to the bottom. If this is where you are at, you've already lost.

Features? Maybe but that's a grind and a bit whack-a-mole. Having all the features someone could ever want waters down a product. Honestly, it makes products confusing. How do you build work flow and create value for the customer when the customer is anyone and the work flow is anything?

Something…

justin․searls․co - Digest 

📸 ✅ Active on weekends

A recruiter sent me this screenshot of some kind of GitHub profile scraper. Aside from naming me as a "top 1%" JavaScript developer (which I'm not sure is a compliment or a threat…), I just couldn't get over the "active on weekends" checkmark.

Lady, on weekends I charge double. 🤌

Avo's Publication Feed 

Adding Breadcrumbs to a Rails Application

Let's learn how to add breadcrumbs to a Rails application to improve our users experience and SEO at the same time.
RailsCarma – Ruby on Rails Development Company specializing in Offshore Development 

How to Raise and Rescue Exceptions in Ruby

Exceptions are a fundamental part of programming in Ruby, allowing developers to handle errors gracefully and ensure robust, fault-tolerant applications. Ruby’s exception-handling mechanism is intuitive yet powerful, enabling developers to raise errors when something goes wrong and rescue them to prevent application crashes. In this 2000-word guide, we’ll explore how to raise and rescue exceptions in Ruby, covering the basics, advanced techniques, best practices, and real-world examples.

What Are Exceptions in Ruby?

Exceptions in Ruby are objects that represent errors or unexpected conditions during program execution. When an error occurs—such…

André Arko 

jj part 3: workflows

Now that you hopefully have an idea of how to operate jj, let’s look at the commands you need to get work done in jj. One great aspect of jj layering on top of git repos is that the git repo is still there underneath, and you can use any git command exactly like you usually would if there’s anything missing from your jj workflows.

submit a pull request

The flow to create and send a PR will probably look pretty familiar: use jj git clone to get a copy of the repo, make your changes, use jj commit to create your new commits. When you’re ready, use jj bookmark set NAME to give your changes a name and jj git push to create a new branch on the remote. Use GitHub.com or gh pr create --head NAME

If you amend the commits in your PR, you can force-push the…

Hotwire Weekly 

Week 41 - Preventing edit conflicts, presence feature with Action Cable, and more!

Hotwire Weekly Logo

Welcome to Hotwire Weekly!

Welcome to another issue of Hotwire Weekly! Happy reading! 🚀✨


📚 Articles, Tutorials, and Videos

🧰 Libraries and Tools

Create a Kanban board with Rails and Hotwire - Rails Designer builds a drag-and-drop Kanban UI using Stimulus + SortableJS + Rails Request.js, backed by a model structure and minimal controller logic.

Preventing edit conflicts in Rails with Turbo and Stimulus - Nicolás Galdámez on the Unagi Blog shows how to lock records when a user begins editing, broadcast lock status across clients with Turbo Streams, and unlock automatically using Stimulus listeners on navigation or page unload.

Improving Turbo Frame UX with the busy Attribute - Victor Cobos

Tim Riley 

Continuations, 2025/41: Longstanding issues

  • A good week for Hanami 2.3 prep. My goal is to release beta2 in a week, so before then I wanted to address a few of the longstanding issues that would be best served by some extra community testing time.

    The first was this router performance improvement by Kyle. A small amount of code, but a lot of great discussion along the way, and ultimately a big impact on our runtime router performance and we took an inadvertent hit while addressing some behavioural bugs for Hanami 2.2.

  • Second major thing was clarifying and improving the flexibility of configuring formats for Actions.  This should make it much easier to have format configuration in a parent action class (or in app config) while…

Noteflakes 

Papercraft update: IRB Support, Bug Fixes, More Speed

This week I was away on a little trip to Paris to attend a Paris.rb meetup and meet some friends, so I was less productive, but still got some stuff done, and still managed to do some work on Papercraft. Here’s what’s changed:

Using Papercraft in IRB

Up until now, perhaps the biggest limitation of Papercraft was that you couldn’t use it in an IRB session. That was because Papercraft always compiles your templates, and for that it needs access to the templates’ source code. But if you’re defining a template in IRB, where is that source code?

Then, while taking the train to Paris, it occurred to me that maybe IRB keeps the lines of code you input into it somewhere, and maybe it would be…

RubySec 

CVE-2025-61780 (rack): Rack has a Possible Information Disclosure Vulnerability

## Summary A possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. ## Details When `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a "redirect" response to the proxy, prompting it to reissue a new internal request that was **not subject to the proxy's access…
RubySec 

CVE-2025-61919 (rack): Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

## Summary `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. ## Details When handling non-multipart form submissions, Rack’s request parser performs: ```ruby form_vars = get_header(RACK_INPUT).read ``` Since `read` is called with no argument, the entire request body is loaded into a Ruby `String`. This occurs before query parameter parsing or enforcement of any `params_limit`. As a result,…
RubySec 

CVE-2025-61921 (sinatra): Sinatra is vulnerable to ReDoS through ETag header value generation

### Summary There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response and you are using Ruby < 3.2. ### Details Carefully crafted input can cause `If-Match` and `If-None-Match` header parsing in Sinatra to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is typically involved in generating the `ETag` header value. Any applications that use the `etag` method when generating a response are impacted if they are using Ruby below version 3.2. ### Resources * https://github.com/sinatra/sinatra/issues/2120 (report) *…
André Arko 

Announcing rv 0.2

With the help of many new contributors, and after many late nights wrestling with make, we are happy to (slightly belatedly) announce the 0.2 release of rv!

This version dramatically expands support for Rubies, shells, and architectures.

Rubies: we have added Ruby 3.3, as well as re-compiled all Ruby 3.3 and 3.4 versions with YJIT. On Linux, YJIT increases our glibc minimum version to 2.35 or higher. That means most distro releases from 2022 or later should work, but please let us know if you run into any problems.

Shells: we have added support for bash, fish, and nushell in addition to zsh.

Architectures: we have added Ruby compiled for macOS on x86, in addition to Apple Silicon, and added…

Jardo.dev: Blog 

Announcing Burg.rb

In July, I wrote a short tutorial called Code Reloading for Rack Apps. It laid out all the pieces required to get Rails-like code reloading in Rack app using Zeitwerk. Today, I'm announcing that I've put the main pieces of that in a gem!

At the moment Burg.rb (pronounced 🍔🐝) has no documentation, but if you follow the tutorial I'm sure you'll figure out how to use it. I'm using Burg.rb in an app that's deployed in the wild right now. My plan is to continue extracts the more framework-y bits of that app into Burg as they stabilize.

I hope that in its current state, Burg serves as a decent reference for getting code reloading working in a Rack app. If I have time at some point, I might even…

Charles Oliver Nutter 

Updating Deprecations with Version Information

Java 9 added the ability to mark a @Deprecated annotation with a “since” version, so we figured it was worth updating JRuby.

Deprecation in Java

Deprecation is the process of marking a feature as “no longer supported” or “on its way out”, usually in a programmatic way so users can see warnings at build time. Nearly all languages and ecosystems have some way to mark features, APIs, or libraries as deprecated.

In Java 1.4 and earlier, this was done via the @deprecated directive (note lower-case “d”) in JavaDoc, which was great for documentation users but required extra processing by source-level tools and was not visible to any tools at runtime.

Java 1.5 introduced a new annotation java.l…

Ruby Central 

Source of Truth Update – Friday, October 10, 2025

Yesterday, we released our Security Incident Report,  a comprehensive review of the September AWS root-access event. The report reflects both independent and internal analysis, outlining what occurred, what was verified, and the actions we’ve taken to strengthen our systems and practices.

You can read the full report here → Rubygems.org AWS Root Access Event – September 2025

The findings confirm that this was a procedural lapse in credential management for production hosting after a person was discharged.

Where We Are Now

All RubyGems.org services remain stable, secure, and operational.

The triggering event revealed weaknesses in credential management practices, which we have corrected. All…

Julia Evans 

Notes on switching to Helix from vim

Hello! Earlier this summer I was talking to a friend about how much I love using fish, and how I love that I don’t have to configure it. They said that they feel the same way about the helix text editor, and so I decided to give it a try.

I’ve been using it for 3 months now and here are a few notes.

why helix: language servers

I think what motivated me to try Helix is that I’ve been trying to get a working language server setup (so I can do things like “go to definition”) and getting a setup that feels good in Vim or Neovim just felt like too much work.

After using Vim/Neovim for 20 years, I’ve tried both “build my own custom configuration from scratch” and “use someone else’s pre-buld…

Ruby on Rails: Compress the complexity of modern web apps 

RemoteIp trusts link-local IP ranges, and has_secure_token expiration gets config

Hi, it’s zzak. Let’s explore this week’s changes in the Rails codebase.

New documentation PR is up for community review
The Rails Initialization Guide covers how Rails boots up, including the internal method calls, file load order, and how to hook into the initialization process. If you want to help by reviewing, find the PR here: https://github.com/rails/rails/pull/55862

Add link-local IP ranges to RemoteIp default proxies
This PR updates the RemoteIp middleware to include the following link-local addresses as trusted proxies: 169.254.0.0/16 for IPv4 and fe80::/10 for IPv6.

Don’t ignore X-Forwarded-For IPs with ports attached (again)
A change originally requested over 4 years ago lands…

All about coding 

Avoid Microsecond Pitfalls When Comparing Times in Tests

If microsecond precision is not required when testing Time, DateTime, or ActiveSupport::TimeWithZone, use iso8601 to assert equality between different times. There are two ways to avoid test failures caused by execution delays:
  1. Use time.iso8601

  2. Use time.to_fs(:iso8601)

Comparing two DateTime values

For example, to compare two DateTime values maybe you can try to write it like this:

def test_question_answered_at_the_same_as_survey   assert_equal question.answered_at, survey.answered_atenddescribe 'question#answered_at'   it 'is the same as survey' do        expect(question.answered_at).to eq(survey.answered_at)   endend

This approach can cause issues if there are microsecond delays when saving…

André Arko 

The RubyGems “security incident”

Ruby Central posted an extremely concerning “Incident Response Timeline” today, in which they make a number of exaggerated or purely misleading claims. Here’s my effort to set the record straight.

First, and most importantly: I was a primary operator of RubyGems.org, securely and successfully, for over ten years. Ruby Central does not accuse me of any harms or damages in their post, in fact stating “we have no evidence to indicate that any RubyGems.org data was copied or retained by unauthorized parties, including Mr. Arko.”

The actions I took during a time of great confusion and uncertainty (created by Ruby Central!) were careful, specific, and aimed to defend both Ruby Central the…

Robby on Rails 

Organizations, Like Code, Deserve Refactoring

I’ve been thinking about what happens when open source organizations hit their breaking point… when funding dries up, relationships fracture, and everyone’s scrambling to make sense of what went wrong.

It turns out, the patterns look familiar.

The Organic Growth Problem

Open source projects rarely start with governance documents. They start with people solving problems. Infrastructure gets donated. Roles emerge organically. Someone’s AWS account becomes the infrastructure. Someone’s time becomes the bottleneck. Someone’s relationships become the organization.

This works remarkably well… right up until it doesn’t.

The moment you try to formalize what’s been organic, you discover all the…

The Rails Tech Debt Blog 

Why Fixed-Cost Maintenance Beats “As-Needed” Upgrades

Maintaining a Ruby on Rails application often slips down the priority list. Everything seems fine, until suddenly it isn’t. A gem update breaks a feature, a security flaw makes headlines, or your app refuses to deploy after a server upgrade. When that happens, teams scramble to find help, often at the worst possible time. This “as-needed” upgrading approach may appear cost-effective in the short term, but it leads to stress, downtime, and unpredictable expenses.

But there is a smarter path forward: fixed-cost monthly maintenance. In this post, you’ll see why investing in a maintenance retainer is better than reactive upgrades, and how our service delivers value month after month.

The…

Rémi Mercier 

Marketing Haikus

Just a list of haikus, mostly written when I was working dying of boredom in marketing. Making fun as a tool to push through.

2016

PH sends crazy traffic
A scream splits the office
Forgot the sign-up form on my website

---

Outbound marketing is dead
They love data now
Who wants my huge billboard

---

Growth hacker they say
Hottest job right now
Crunch data in excel

---

PR agency nowadays
Is 2.0
Starts its tweets with a handle

---

Beta launch due
Bug riddled
Push to prod anyway

---

SEO course today
Teacher says
Meta keywords rock

---

Tweet about…

Awesome Ruby Newsletter 

💎 Issue 490 - Buckle Up, There’s a New Gem Server in Town: gem.coop

justin․searls․co - Digest 

🔗 People jumped to conclusions about this RubyGems thing

[TL;DR, Ruby Central has alleged that after he was notified that the board had voted to remove his production access to RubyGems.org, André Arko accessed the Ruby Central AWS account without authorization and proceeded to change the root password. 👇]

For context, last week I wrote a post bringing to light a number of things André Arko had said and done in the past as a way to provide some context. Context that might explain why any of the principal actors involved in the RubyGems maintainer crisis (summarized well up to that point by Emanuel Maiberg) would take such otherwise inexplicable actions and then fail to even attempt to explain them.

Today, Jean shed some light on Shopify's…

Ruby Weekly 

There's a new gem server in town

#​770 — October 9, 2025

Read on the Web

Ruby Weekly

Buckle Up, There’s a New Gem Server in Town: gem․coop — The recent, tense situation around RubyGems and Ruby Central has led to the launch of a new public gem server called gem.coop, a project led by several RubyGems developers and with support from Homebrew’s Mike McQuaid. It doesn’t support gem pushes yet but mirrors all public gems from RubyGems.org.

Jared White

🗣️ Unsurprisingly, this news led to an extensive discussion on Hacker News.

🚨 Rails 7.1 Hit EOL On 10/1. Plan Your Upgrade With Our AI 🤖No more security updates for Rails 7.1. Get a…

Ruby Central 

Rubygems.org AWS Root Access Event – September 2025

Rubygems.org AWS Root Access Event – September 2025

As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we’ve taken to strengthen our security processes.

On September 30th, a blog post raised concerns that a former maintainer continued to have access to the RubyGems.org production environment after administrative access was removed from several accounts earlier that month. We want to share the outcome of our investigation including: what happened, the extent of what we verified, what we got wrong, and the actions we have taken to strengthen our security…

Island94.org 

Hanami and loading code, faster

I’ll be giving a talk in November in at SF Ruby Conference (tickets on sale now!). My talk is speeding up your application’s development cycle by taking a critical eye at your application’s development boot. Which all boils down to do less. In Ruby, the easiest, though not the simplest, is to load less code. So yeah, autoloading.

To expand my horizons and hopefully give a better talk, I branched out beyond my experience with Ruby on Rails to talk to Tim Riley about Hanami and how it handles code loading during development.

The following are my notes; it’s not a critical review of Hanami, and it only looks into a very narrow topic: code loading and development…

byroot’s blog 

Dear Rubyists: Shopify Isn’t Your Enemy

I’ve been meaning to write a post about my perspective on Open Source and corporate entities. I already got the rough outline of it; however, I’m suffering from writer’s block, but more importantly, the whole post is a praise of how Shopify engages with Open Source communities. Hence, given the current climate, I don’t think I could publish it without addressing the elephant in the room first anyway.

So here it is, I am deeply convinced that contrary to what has been alleged recently, Shopify has nothing but good intentions toward Ruby and its community.

It is healthy to be skeptical toward corporations, I certainly am, but I believe Shopify is currently receiving undue distrust…

Rails Designer 

Create a Kanban board with Rails and Hotwire

This one has been in my “articles backlog” for a long time. But for whatever reason it kept getting pushed back. I’ve built drag & drop features multiple times in the past, but recently I helped a new client with some custom UI work and a kanban-like feature was on the list. So I assessed again what resources for such a feature for Rails and Hotwire are out there on the internet, and concluded that there is a place for another article as my approach is really clean, I think.

This is the feature I want to build in this article:

The solution is using three key components to make life easier:

  • SortableJS—my go-to library for drag and drop features, just helps with a few niceties…
RubySec 

CVE-2025-61770 (rack): Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. ## Details While searching for the first boundary, the parser appends incoming data into a shared buffer (`@sbuf.concat(content)`) and scans for the boundary pattern: ```ruby @sbuf.scan_until(@body_regex) ``` If the boundary is not yet found, the parser continues buffering data indefinitely. There is no trimming or size cap on the preamble, allowing attackers to send…
RubySec 

CVE-2025-61771 (rack): Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). ## Details During multipart parsing, file parts are streamed to temporary files, but non-file parts are buffered into memory: ```ruby body = String.new # non-file → in-RAM buffer @mime_parts[mime_index].body << content ``` There is no size limit on these in-memory buffers. As a result, any large text field—while technically valid—will be…
RubySec 

CVE-2025-61772 (rack): Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

## Summary `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). ## Details While reading multipart headers, the parser waits for `CRLFCRLF` using: ```ruby @sbuf.scan_until(/(.*?\r )\r /m) ``` If the terminator never appears, it continues appending data (`@sbuf.concat(content)`) indefinitely. There is no limit on accumulated header bytes, so a single malformed part can consume memory proportional to the request body size. ##…
Ryan Bigg Blog 

Hanami for Rails Developers: Part 3: Forms

This blog post is part of a series called “Hanami for Rails Developers”.

In the first two parts of this guide, we covered off the familiar concepts of models and controllers, and saw how Hanami approached these designs. We saw that Hanami split the responsibilities of models between repositories, relations and structs, and we saw that the responsibilities of a controller and its views were split between actions, views and templates.

In this part, we’re going to continue building on our application’s foundation by introducing a form that lets us add further books to our application. In a Rails app, we would handle…

Aha! Engineering Blog 

How we de-risked our editor upgrade

Any seasoned software engineer will tell you that full rewrites are a bad idea. More often than not, they are abandoned after wasting a significant amount of resources on them. This is especially true if what you're pitching for a rewrite is the bac
Evil Martians 

How to add fast, client-side search to Astro static sites

Authors: Ivan Chepurin, Frontend Engineer, and Travis Turner, Tech EditorTopic: Astro.js

Join me on a breathtaking journey as we add a client-side search to an SSG docs-first site, built with Astro!

Building static sites with Astro is a dream (especially for documentation). But what to do when your growing docs need full-text search, but you don’t want to give up that static delight? In this post, see how to bring powerful, fuzzy, and accessible search to Astro-generated sites. (This means no external crawlers and no remote APIs.) We’ll also look at the limits of AI-based and third-party search, demonstrate how to generate a build-time JSON index with Astro’s endpoints, and fine-tune the…

Remote Ruby 

Who Owns RubyGems? Inside the Ruby Central Controversy

In this episode of Remote Ruby, Chris is on paternity leave celebrating the birth of his son, so Andrew brings in Drew Bragg and Rachael Wright-Munn (aka ChaelCodes), to discuss recent controversies surrounding Ruby Central and its alleged takeover of Ruby Gems and Bundler. They dive into the timeline of events, conflicting narratives, communication failures, and the underlying security concerns. They address theories and facts, scrutinize the governance of Ruby Central, and discuss the implications for the Ruby community. The episode emphasizes the importance of asking questions and seeking clarity, while advocating for a balanced and constructive approach to resolving the community's…

justin․searls․co - Digest 

🎙️ Merge Commits podcast - Dead Code: Fear-driven Everything

Direct link to podcast audio file

Jared Norman interviewed me after he wrote about the order in which programmers choose to write their code and I offered this response. In this episode, we touch on this before launching into a more expansive discussion on why the agile movement fizzled out and what we can reclaim from a developer workflow perspective now that we're experiencing our first major market upheaval since then with the rise of coding agents.

Appearing on: Dead Code
Published on: 2025-09-09
Original URL: https://shows.acast.com/dead-code/episodes/fear-driven-everything-with-justin-searls

Comments? Questions? Suggestion of a podcast I should guest on? podcast@searls.co