A quick look at how TypeScript conditional types behave with union types.
https://avdi.codes/163761-2/?utm_source=rss&utm_medium=rss&utm_campaign=163761-2
developers in Learning & Belonging cultures, who endorse a “coding is learnable” set of beliefs, experience this moment very differently. Their identity threat was cut in half.
Mastodon: @grimalkina@mastodon.social
Observability is the capability to understand the internal state of a system purely from its outputs. Rather than instrumenting every internal component or requiring deep knowledge of how a system is built, a well-observable system lets you monitor, reason about, and understand what’s happening inside just by examining what comes out. Think of it as the difference between opening up an engine to diagnose a problem versus reading the dashboard.
What is Observability for LLM Applications?
In practice, observability rests on three pillars: logging records discrete events as they happen; metrics track aggregated measurements over time; and tracing follows the flow of a request as it moves…
Hi, it’s Emmanuel Hayford. Let’s explore this week’s changes in the Rails codebase.
Make add_foreign_key(if_not_exists: true) reversible
Inverting add_foreign_key ..., if_not_exists: true produced remove_foreign_key ..., if_not_exists: true:
recorder.inverse_of(:add_foreign_key, [:articles, :authors, if_not_exists: true])
# => [:remove_foreign_key, [:articles, :authors, {if_not_exists: true}], nil]
remove_foreign_key does not understand :if_not_exists, so rolling back such a migration was not the idempotent inverse of the addition. The fix translates :if_not_exists into :if_exists when inverting, exactly as invert_add_check_constraint already does:
# => [:remove_foreign_key,…Over the past year and a half, the Rails Foundation has partnered with Chris Oliver to create a set of tutorials designed to help new developers build a real-world Rails application step by step. Beginning with the original Getting Started Guide, the series guides learners through the core concepts of modern Rails development by building an e-commerce application, adding common features along the way such as user authentication, user and admin settings, and creating wishlists.
Today, the series is complete with the newest tutorial: Product Reviews.
In this tutorial, learners will build on the previous Rails application by adding product reviews. You’ll learn how to:
- Create…
Chris Is Back And Ready To Rant
Chris returns from Greece and catches up with Andrew and David on travel, conferences, movies, and the latest developments in the Rails community. They dig into the newly announced Rails World lineup, the possibilities of Active Search, alternatives to Elasticsearch, extending Action Text and Lexi, a tricky ruby-vips dependency update, and mise’s rapidly expanding machine bootstrap tools. They wrap up with open source funding, RubyConf preparations, rising tech prices, and the massive anticipation surrounding GTA VI. Hit the download button now!
Links
Extralite 3.0.0 Released
I’m pleased to announce the release of Extralite 3.0.0. This release marks the addition of object graph transforms, the transition to modern defaults for opening SQLite databases, and a minor security enhancement.
Extralite is a fast and innovative SQLite wrapper for Ruby with a rich set of features. It provides multiple ways of retrieving data from SQLite databases, makes it possible to use SQLite databases in multi-threaded and multi-fibered Ruby apps, and includes a comprehensive set of tools for managing SQLite databases.
Object Graph Transforms
In the last few years I’ve been transitioning from using an ORM (such as ActiveRecord) as a database abstraction to a more explicit, less…
July 2, 2026 Modern applications rarely consume external data exactly as it arrives. Whether you're integrating with payment gateways, CRMs, ERPs, or third-party APIs, incoming payloads almost always need to be normalized, enriched, or reshaped before they can be processed. A common workflow looks like this: Incoming Payload │ ▼ Transformation Layer │ ▼ Normalized … Continue reading How to Safely and Efficiently Transform Payloads in Ruby and Ruby on Rails Workflows

One of the things that makes our community special is the way people keep showing up for each other.
Recently, a member of our community found themselves unable to attend RubyConf 2026 and generously offered to donate their ticket so that someone else could have the opportunity to join us in Las Vegas.
That act of generosity sparked a bigger idea among another community member.
We know there are Rubyists who would love to attend RubyConf this year but are facing budget constraints. Whether it's competing conference budgets, travel costs, or simply a challenging year financially, we don't want cost to be the only thing standing between someone and the people, ideas, and opportunities waiting…
#807 — July 2, 2026
Ruby Weekly
What Active Rubyists at RubyKaigi Are Using in 2026 — RubyGems's maintainer shares data based upon a survey of RubyKaigi 2026 attendees. It's an interesting sample, as RubyKaigi attendees tend to be active shippers, maintainers, and prominent Rubyists. Ruby 4.0 usage is strong, VS Code dominates, and most are using Claude Code and Docker Compose.
Hiroshi Shibata
💡 On the topic of surveys, the 2026 Ruby on Rails Community Survey closes tomorrow, so take it now if you can.
Rails Experts You Like & Trust, Now Embedded in Your Team 🚀 — Since '17, companies have trusted…
Changelog widgets, like those from Headway and Beamer, are still a popular way to tell your users about updates to your product. What if you could build one yourself?
Perron, the Rails-based SSG, has a library of production-ready custom elements. One of them, the Embed Content component is perfect for this exact use case. It fetches JSON data, renders it as a list, tracks read state and handles all the UI interactions. You just provide the data.
The result will look like this:

Pretty smooth, right?
Most changelog services lock you into their platform. You pay per seat, deal with their branding and accept their feature set. If you want something simpler or more tailored to your product,…
Dependabot Resolves Remaining Bundler 4 Compatibility Issues July 1, 2026 Teams adopting Bundler 4 can breathe a little easier. After several weeks of community reports and investigation, the remaining compatibility issues between Dependabot and Bundler 4 have now been addressed through merged fixes in dependabot-core. The fixes resolve two separate issues that affected projects relying … Continue reading Dependabot Resolves Remaining Bundler 4 Compatibility Issues
https://avdi.codes/162155-2/?utm_source=rss&utm_medium=rss&utm_campaign=162155-2
What you spend your time on is what you practice, and what you practice is what you build skill on. If the work is shifting to supervision, then that’s the craft now. We’re building the machine that builds the machine. And it deserves the same investment in tooling, practice, and professional development that we gave the inner and outer loops before it.
Annie Vella: The Middle Loop
This article shows the compatibility between Sidekiq and Rails across different versions. Even though Rails is not a dependency of Sidekiq, there are compatibility considerations for different combinations given that Sidekiq provides integrations with Rails.
If you need help with Sidekiq’s compatibility with Ruby, check this other article instead.
Rows highlighted in red, below, indicate Rails versions that have reached the end of their security support.
Rails Versions Sidekiq Version 8.x >= 8.0.0 7.x >= 6.5.10 and >= 8.0.6 6.x >= 6.0.0, …Many Rails teams that we have worked with have a version of the same story: a test suite that grew organically, was never quite prioritized, and now sits somewhere between “unreliable” and “actively avoided.” Maybe tests are slow. Maybe they’re flaky. Maybe coverage gaps makes deployments feel like a roll of the dice. Or a manual battle against a behemoth of a beast. It is likely you have heard engineers gripe about the test’s reliability and may be worried that they are sinking time in the application.
Improving your test suite is one of the highest leverage investments a development team can make even though it’s often deprioritized. While the benefits are not always obvious to those…
https://avdi.codes/162086-2/?utm_source=rss&utm_medium=rss&utm_campaign=162086-2
Developer happiness has never been about smiling at your keyboard. It is about clarity. It is about friction being low enough that you are not constantly fighting your own tools. It is about expressiveness so your intent stays visible when you come back six months later. Those principles are not decorative. They are survival strategies.
Obie Fernandez: Ruby Was Ready From the Start
https://avdi.codes/162082-2/?utm_source=rss&utm_medium=rss&utm_campaign=162082-2
Ruby has always encouraged us to think about design as something you live inside, not something you should add later or simply ignore.
Obie Fernandez: Ruby Was Ready From the Start

Evil Martians went from attempting to one-shot AI illustrations to a human-in-the-loop workflow with a dedicated illustrator. When a human owns first and last mile of this process, illustrations are crisp, high-quality and fun. Go BTS of our illustration production.
Evil Martians take huge pride in our blog. Illustrations are there to support the vision. We fantasized that image gen tools are ready for us to one-shot illustrations, but we were wrong. Instead we built a process where blog editor owns the first mile, AI does…
Server Sent Events
Server Sent Events (SSE) allows a server to push data, one way, to a client over a long lived HTTP connection without the client needing to make multiple requests. Even better, the client will automatically reconnect if the connection drops. Here’s a few use cases that SSE is great for:
-
Real-time notifications.
-
Live dashboards.
-
Live edits and rendering of updated content.
-
Progress updates of long running tasks.
Implementing SSE is fairly trivial in Ruby especially when using Rack 3.0.0 middleware and htmx on the front end so let’s explore further by diving into the code!
Quick Start
If you’d prefer to have all of…
With AI seeming to generate more code every day, we need better tools to verify that it hasn't broken something. Maybe mutation testing can help us get there. Markus Schirp chats with us about the mutant gem and mutation testing.
Show Notes
Sponsors
Lots of teams out there are still overpaying for their hosting and getting tripped up by traffic spikes. If you’re on one of those teams, you need a better autoscaler. Judoscale uses better metrics, gives you more control, and reacts faster than any other autoscaler. Learn more at https://judoscale.com/
Hanami 3.0: In full bloom
From the very beginning we set out to make Hanami a different kind of Ruby framework: clear, modular, and built to grow. Today it comes into full bloom. We’re thrilled to share Hanami 3.0 with you!
This release rounds out the framework with three big new features: mailers, internationalization, and Minitest. On top of that, your apps are now faster by default, and your developer experience is sharper, from your logs all the way to your assets.
First-class mailers
Our long lost gem is back! Hanami apps now come with integrated mailers, which feel right at home next to your actions, views, and operations.
Mailer classes describe everything you need to deliver an email:
…
Design Patterns, the Ruby Way (Part 3): Behavioral Patterns in Real Ruby Applications June 30, 2026 In the previous article, we explored how Ruby simplifies many creational and structural design patterns. But some of the most interesting patterns aren't about creating or organizing objects. They're about how objects collaborate. Behavioral patterns define how responsibilities are … Continue reading Design Patterns, the Ruby Way (Part 3): Behavioral Patterns in Real Ruby Applications
https://avdi.codes/161044-2/?utm_source=rss&utm_medium=rss&utm_campaign=161044-2
By default, wins get trumpeted in one setting (blog posts, conference talks, all hands) and costs bubble up in others (SRE team meetings, on call, retros, complainy DMs, grumbling over whiskey).
The result is that both sides may feel like they are being unfairly silenced.
Charity Majors: AI Enthusiasts Are in a Race Against Time, AI Skeptics Are in a Race Against Entropy

An MCP server is a product interface for the age of agents, not an AI feature itself. This post presents a framework for deciding between direct API calls, CLI, Skills, and MCP, detailing the architectural signals, the hidden costs, and the failure modes you should know about before embarking on an MCP quest.
Most MCP servers are not agent architecture, but premature product interfaces. The first hype wave produced too many half-baked implementations because a lot of products simply don't need an MCP server. Instead, sometimes direct API calls are enough. For some, a CLI does the job. For others, a…
We built an automated event aggregation platform, ingesting events from hundreds of partner venues, arts organizations, and ticketing platforms into a single searchable index. Every partner has a different website, a different structure, and a different set of rules for where event data lives.
We could not hand-craft scrapers for each one. So we built a system where an AI generates the scraping rules, validates its own output, and corrects itself when it gets things wrong.
This post covers what we learned: the real challenges of AI-driven scraping, the strategies that worked, and the ones that didn’t. This post does not cover the architecture of the platform or the system design of it.
…504: AI Ethics (with guests!)
Aji is joined by thoughtbot’s own Tess Griffin and Jimmy Thigpen, two members of the recently established AI Ethics Taskforce, to talk about what kind of conversations are going on in the company around AI.
With AI becoming an omnipresent entity in the industry, Tess and Jimmy take a deep dive into how and why the taskforce got started, figuring out what thoughtbot’s stance is around AI in terms of ethics and workflows, and how it relates to their clients.
—
As mentioned in the episode:
Blastoff Rails June 11 - 12, 2026 (past) Albuquerque, New Mexico
Freddy discovers America during the World Cup
Your guests for this episode have been Tess Griffin and Jimmy Thigpen and your…
Ruby 3.4.10 Released
Ruby 3.4.10 has been released.
This release is a regular stable package release contains the version update of bundled gem net-imap. The net-imap.gem update contains some security fixes. Please see the release note of net-imap v0.5.15 for the detailed update of net-imap.gem.
Please see the GitHub releases for further details.
Download
-
https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.10.tar.gz
SIZE: 22476870 SHA1: 5eac73bce00e770e19b50b69032578df9b2bb41c SHA256: ecee2d072a14f2d14347dd56dfd8fe5c3130abf5117bfaacbda0f4ef9cc429ec SHA512: 493c9be80a78a4ddf983620295c79ae9f1c8e4c60da8237e12965fa6f95dda6548b3ff3cd311fe774cc8237e18ad2b2514dd029c46c8f4eabea6613a39d7745b - …

At Gusto, one of our core values is being customer obsessed. That means meeting customers where they are and ensuring they get the right support at the right time.
A few months ago, we needed to ship a system that could seamlessly hand customers off from our AI assistant to a human agent, one that could proactively gauge customers’ needs and escalate in a timely manner, helping maintain trust and a good customer experience. There was a clear opportunity to improve the AI-to-human escalation experience, but the rules and criteria were still evolving across teams.
The old playbook for building machine learning (ML) systems is pretty straightforward: collect data, train a model, then deploy. But…
Getting started with Claude Code, on MacOS, with chruby and rspec
I’ve been writing ruby and rails for nearly 20 years. A couple weeks ago, I had gotten code snippets from copy-paste in a chat window, but I hadn’t even experimented with Claude Code or similar “can write code to your file system” tools.
I know some people are now using LLM’s to write all their code, which I’m not excited about, but I decided I couldn’t hold off any longer, and I had to at least understand how it worked to be able to decide when/where to use it. Everything in here is probably (?) old news for people already way into using LLMs to write code.
I decided that a project to speed up my rspec test suite (using the amazing test-prof for profiling and performance…
Design Patterns, the Ruby Way (Part 2): Modern Creational and Structural Patterns June 28, 2026 In the first article of this series, we explored why Ruby changes the way developers think about design patterns. Features like duck typing, modules, blocks, and delegation often replace the ceremony required in more rigid object-oriented languages. Now it's time … Continue reading Design Patterns, the Ruby Way (Part 2): Modern Creational and Structural Patterns
CVE-2026-49342 (yard): YARD static cache reads raw traversal paths before router sanitization
CVE-2026-44162 (fluent-plugin-s3): fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`
CVE-2026-44163 (fluent-plugin-opentelemetry): fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`
GHSA-6jxj-px6v-747w (crass): Deeply nested CSS blocks and functions can trigger a SystemStackError or excessive memory usage
GHSA-6wmf-3r64-vcwv (crass): Large numeric exponents cause CPU and memory denial of service
GHSA-8vfg-2r28-hvhj (crass): Non-ASCII characters cause superlinear CPU consumption
GHSA-wwpr-jff3-395c (crass): A large number of adjacent CSS comments can trigger a SystemStackError
CVE-2026-44024 (fluentd): Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
CVE-2026-44025 (fluentd): Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
CVE-2026-44160 (fluentd): Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
CVE-2026-44161 (fluentd): Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
Hi, it’s Vipul. This week was heavy on fixes: config parsing, association edge cases, caller-owned state, and more Ractor safety.
Add RFC 9110 compliant Accept header content negotiation opt-in
New opt-in: config.action_dispatch.respect_accept_header_rfc9110. Default: off.
Enable it when you want RFC-compliant media type specificity and quality handling, for example Accept: application/json, */* returning JSON.
If your app relies on old browser-like fallbacks, leave it off until you test real browser Accept headers in your app and CI.
Strip inline comments from unquoted dotenv values
Unquoted dotenv values now strip whitespace-prefixed inline comments before interpolation and command…
Passenger 6.1.6

Version 6.1.6 of the Passenger application server has been released. This release updates the Nginx used in Passenger standalone and also addresses an ABI break in RHEL/Rocky/Alma Nginx packages.
Installing 6.1.6
Please see the installation guide for advice on getting started with Passenger. Coming from a language other than Ruby, Python, Meteor or Node? Even if we didn't write a specific tutorial for your language, we made a generic guide that shows you the steps.
Upgrading to 6.1.6
We strongly advise staying up to date with the latest version.
Check out our upgrade guides for the different platforms:
Please be aware that you can enjoy ente…
I've started moving all of my content over to baweaver.com powered by Bridgetown under github.com/baweaver/portfolio.
Why?
I wanted more control of my content and some of the mechanics around it, and to finally redo my homepage which I had not honestly updated since... 2014?
After years of attempts I landed on a design that I liked, and over vacation I had enough time to get it all put together.
Lemurs?
The current site is focused more on architectural imagery, watercolor, and art deco. Where are the lemurs then?
Well for those I want to make something more special, and I haven't quite figured out how I want to land that yet.
The current idea is a literal…
One of the ways I have been using coding agents these days is to prototype small UI changes in an existing project. I use them as a tool to explore.
In this usage mode, I am not interested in the code. I am interested in how the options look. My objective is to extract ideas from the LLM, choose what I want, and later work on the real change in a different chat.
Ask for a selector to compare
One little trick I discovered recently is that you can simply ask for a selector to compare the options.
The coding agent can implement several UI alternatives and add a small selector that lets you switch between them in the real application.
You can literally ask for it. This is a translation of…
A Rails blog app in a ~500KB binary
#806 — June 25, 2026
Ruby Weekly
Spinel on Rails — When I dug into Spinel, Matz's AOT Ruby compiler, I knew we’d see some interesting use cases, but a webapp wasn't on my radar. This experiment uses Sam’s Roundhouse compiler which converts Rails apps to targets like Rust, TypeScript, and now Spinel. It’s not near the level of "compile any Rails app to a binary", but it’s fun to see a Ruby webapp served in 12MB of RAM!
Sam Ruby
💡 Sam has also been experimenting with Roundhouse compiling to JRuby, where the same emitted app hit ~46k req/sec vs 1k running normally as a Rails app.
Beam Up is a command-line tool I wanted for some time. Its goal is to make deployments of static sites across various providers simpler from your machine: run one command: beam_up ./output/. ❤️
If you feel generous, head over to the GitHub repo and give it a star! 🌟
Installation and configuration
To install Beam Up, run:
gem install beam_up
Then initialize a configuration file for your chosen provider with:
beam_up init # to start an interactive process, or:
# beam_up init hetzner
This creates a .beam_up.yml file:
provider: netlify
netlify:
api_token: your_token_here
project_id: your_project_id
Ready to beam ⚡
Now you can deploy your static site using the super fun beam_up command:
https://avdi.codes/158216-2/?utm_source=rss&utm_medium=rss&utm_campaign=158216-2
Users don’t experience systems as implementations. They experience them as continuity.
leaflet.pub: UI Is a Conservation Layer
Welcome to Once a Maintainer, where we interview open source maintainers and talk about the work they do.
This week we’re talking to Mike Dalessio, longtime Ruby maintainer (nokogiri, loofah, mechanize to name a few) and member of the Rails Committer team. Mike works on security, infrastructure, and performance at 37signals.
Once a Maintainer is written by the team at Infield, a platform for managing open source software upgrades.
I’d love to get started by hearing how you got into software development. What was your first exposure to writing software?
When I was a kid, I had a friend who lived up the street whose dad bought him a VIC-20, which was like the Commodore 64 predecessor. And we…
https://avdi.codes/158050-2/?utm_source=rss&utm_medium=rss&utm_campaign=158050-2
I think we wrote a brilliant critique of ideology. We should have completely blown [techno-optimist capitalism] out the water, but it of course just carried on. … material reality is more important if it offers to triple your wages. Co-option is easy. … Critique is important. I’m not dissing it. We should do it. But we shouldn’t have any illusions that it will make any difference without our words being turned into action.
wedontagree.net: Technically Radical: On the Unrecognized Potential of Tech Workers and Hackers
https://avdi.codes/157853-2/?utm_source=rss&utm_medium=rss&utm_campaign=157853-2
As much as I fear the fallout of this technology, I fear the fallout of ideological purity even more. Time and again, people fall victim to the transformation of a stance on an issue into a holy cause, a flag to rally behind, a group from which to exclude The Other. Purity is a dangerous idea—historically, more dangerous than technology’s capacity to change labor.
taggart-tech.com: I Used AI. It Worked. I Hated It.
https://avdi.codes/157772-2/?utm_source=rss&utm_medium=rss&utm_campaign=157772-2
the markets can stay irrational longer than you can stay solvent.
Gil Duran: Attack of the Trillionaire
Announcing the RubyConf VIP Raffle
At RubyConf 2026, anyone who buys a ticket before July 1st is entered into a raffle for an exclusive RubyConf VIP experience. What exactly is a RubyConf VIP experience?
Five lucky winners, drawn at random, will:
- Get a ticket for you and a plus-one to the world-famous RubyConf speakers' Dinner, where you'll meet your real-world Ruby Heroes. Get exclusive behind-the-scenes access to the people who make Ruby and make RubyConf while you eat like royalty.
- VIP reserved seating for all keynote talks so you won't miss a thing. No fighting for a free seat or squeezing in the middle of a row of strangers. Walk right up and take a load off.
- A personal "thank you" from the board and staff. Because we…
But that's not all, everyone who enters by buying a ticket by July 1st will receive a limited edition RubyConf 2026 pin! If you were on the fence before, don't let this chance of a lifetime pass you by. When the clock strikes midnight on July 1st (PST), this door will officially be closed. Anyone who buys a ticket after that will…
If you're heading to RubyConf this July, make sure to stop by and meet the team from SmartFinancial.
SmartFinancial is a technology-driven insurance marketplace that helps people find and compare insurance options across all 50 states. Their goal is simple: make buying insurance easier, more transparent, and less frustrating for consumers.
Ruby plays a major role in making that happen.
The SmartFinancial engineering team has been building and operating Ruby on Rails applications for years, and they're excited to be part of the RubyConf community in Las Vegas this July 14–16 at Red Rock Casino Resort. Like many of us, they're coming to learn, share ideas, meet fellow Rubyists, and stay…
https://avdi.codes/157638-2/?utm_source=rss&utm_medium=rss&utm_campaign=157638-2
The fifth obstacle is us. Our cynicism, our exhaustion, our tendency to scroll past the policy debate and doom-post about the inevitable robot apocalypse. Doomerism is a form of political paralysis. If you believe the future is already determined, you don’t organize, you don’t vote, you don’t fight. You wait for the catastrophe and feel validated when it arrives.
JA Westenberg: A Soft-Landing Manual for the Second Gilded Age
Writing effective test cases is as important as writing the business logic in your application. This blog post dives into the simple yet effective ways developers can use when crafting test cases.
Lack of assertions in the test cases
We all have written controller test cases in the past. It could be rspecs, minitests, or any other framework. Consider we have an UsersController and the code look like this:
# app/controllers/users_controller.rb
class UsersController < ApplicationController
def create
@user = User.new(user_params)
if @user.save
# Sending welcome email
UserMailer.welcome_email(@user).deliver_later
# Creating default settings for user
Use…
Evil Martians benchmarked five WebSocket servers for Node.js: Socket.io, uWebSockets.js, and AnyCable (OSS and Pro). How we caught our own load generator lying, and how to make WebSocket benchmark numbers honest.
I compared five ways to run WebSockets on Node.js: default Socket.io, Socket.io with Connection State Recovery, uWebSockets.js, AnyCable OSS, and AnyCable Pro. In this post, I share how a banned laptop, a lying load generator, and a stubborn throughput disparity taught me that the hardest part of benchmarking is getting…
GHSA-g9g8-vgvw-g3vf (nokogiri): Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument type
Blue Ridge Ruby made a comeback in 2026 and Jeremy Smith joins the podcast to talk about how it went
Show Notes
Sponsors
Lots of teams out there are still overpaying for their hosting and getting tripped up by traffic spikes. If you’re on one of those teams, you need a better autoscaler. Judoscale uses better metrics, gives you more control, and reacts faster than any other autoscaler. Learn more at https://judoscale.com/
Founding a Company in Germany: €9,600, 152 Days, and I Still Can’t Send an Invoice
I started founding my second company in Germany in late January. It is now late June.
In that time, the state, two courts, a notary, a law firm, a tax firm, and software vendors have all found a way to bill me. Every single one of them, on time.
I have spent more than 9,600 euros to start a company: a little over 7,600 in fees and bills, plus 2,000 in share capital frozen in an account I am not allowed to touch. And after five months, here is what I have to show for it:
I have not been able to send a single invoice of my own.
Not one.
The work is happening. The clients are real. The one thing the state exists to let me do, bill them cleanly, is the one thing I still can’t.
The timeline
…Some time ago, we migrated our work application from Rails 6 to Rails 8 in one big jump and adopted several new features that came with this version. One of those was a Procfile that defined the necessary processes to run the application in local environments, which is executed when you run bin/dev. If you look at the code of this file, you will find the real responsible party for executing all these processes: foreman (unless you modified the original file).
The first problem we started encountering was that all process outputs were mixed into a single stream, making it take us a long time to realize that, for example, JavaScript compilation had failed, which is why we weren’t seeing the…
How Ruby Itself Uses Dependabot: A Look Behind MRI's Dependency Management June 23, 2026 When people think about Dependabot, they usually picture a Rails application keeping its gems up to date. But Ruby itself—the MRI interpreter—also relies on Dependabot to automate dependency updates. Its configuration offers an interesting glimpse into how the Ruby core team … Continue reading How Ruby Itself Uses Dependabot: A Look Behind MRI’s Dependency Management
This week I made a refactor to remove a job (ActiveJob::Base) that was used only in recurring.yml, and call a class method directly instead.
Sometimes it is ok to have a job, but sometimes using the method can help you write a little less code. And these days it is just a prompt away.
The example
I was working on a follow-up flow for users who had not updated their profile in over a year. The recurring task only needed to fan out work: find eligible users and enqueue one job per user.
Instead of scheduling a job in recurring.yml, like this…
follow_up_main_info_review:
class: "User::ScheduleMainInfoReviewFollowUpsJob"
schedule: "every day at 09:00"
With a thin wrapper job like this…
…4.0.15 Released
RubyGems 4.0.15 includes enhancements and bug fixes and Bundler 4.0.15 includes enhancements and bug fixes.
To update to the latest RubyGems you can run:
gem update --system [--pre]
To update to the latest Bundler you can run:
gem install bundler [--pre]
bundle update --bundler=4.0.15
RubyGems Release Notes
Enhancements:
- Rubygems: Fix Gem::Request for PQC support, adding integration connection tests. Pull request #9615 by junaruga
- Reduce peak memory usage of full index loading and bundle install. Pull request #9618 by hsbt
- Installs bundler 4.0.15 as a default gem.
Bug fixes:
- Forward security policy to old-format gems. Pull request #9611 by hsbt
Bundler Release Notes
…How to Write a Claude Code Skill
We have been spending time teaching Claude Code how to help us upgrade Rails applications. Along the way we learned that the most reusable piece of that effort is not the prompt we type, it is the skill we wrote once and now load on demand.
If you keep pasting the same checklist or procedure into a chat, a skill is probably what you want. This post walks through writing your first skill from scratch and keeping it lean, so it triggers when you want and costs almost nothing when you don’t.
What Is a Skill?
A skill is a folder with a SKILL.md file inside it. The file has two parts: YAML front matter that tells Claude when to use the skill, and Markdown instructions that tell Claude what…
Somewhere in the mid-aughts eXtreme Programming (XP) practices became widely-discussed in software. From that time forward, a strange chasm emerged in the discourse.
I would stumble across large pockets of programmers discussing—with full confidence—the fact that “nobody is actually doing TDD”, “pairing all the time is a myth”, “no one can actually succeed with those practices, it’s just hype”. Meanwhile, I was writing all my code test-first, spending nearly all of my time pair-programming, and by all accounts succeeding greatly. Not to mention enjoying coding more than ever.
It was like living in parallel universes. In my universe, XP practices were a welcome way of life, making…
This is a short post to show the compatibility between JRuby and Ruby on Rails across different versions. JRuby is an implementation of Ruby that runs on the JVM, so picking a version means lining up four things at once:
- JRuby release
- Ruby version
- Minimum Java version
- Rails version
JRuby tracks a specific CRuby (MRI) language level per release, and Rails support on JRuby is delivered through the activerecord-jdbc-adapter gem, whose version number mirrors the Rails version it targets. The Rails versions listed below are the ones that both run on that JRuby line’s Ruby language level and have a matching adapter release.
JRuby Version Ruby Compatibility …503: Seeing the Graph for the Trees
Aji and Joël join forces to discuss graph and tree structures, and their connection to the emergent properties, attributes and qualities you can find from a largely connected group of data.
Joël dives into their recent graphs and tree work through a contracting system, whilst Aji looks back at when he previously tried to serialise a graph or tree to a database.
—
Watch Joël’s Blue Ridge Ruby talk here, or Matheus’ Ruby Internal talk from last year here.
There’s still time to secure your place at thoughtbot’s upcoming UK meet ups over the next month.
London Tech Leader Meetup - Tuesday June 23rd
Brighton Tech Leader Meetup - Wednesday June 24th
Brighton Ruby - Thursday June 25th…
Your hosts for this episode have…
CVE-2026-54904 (concurrent-ruby): Concurrent Ruby - `AtomicReference#update` livelocks when the stored value is `Float::NAN`
CVE-2026-54905 (concurrent-ruby): Concurrent Ruby - `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
CVE-2026-54906 (concurrent-ruby): Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
CVE-2026-54592 (oj): Oj - Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
https://avdi.codes/156725-2/?utm_source=rss&utm_medium=rss&utm_campaign=156725-2
Certain shifts in software history feel like freedom because they remove familiar signals of control. In reality, they relocate rigor closer to where truth lives. They make it harder to fake progress.
leaflet.pub: Relocating Rigor
The fourth edition of Rails World is fast approaching with just over three months to go, so it’s time to meet the speakers who will join us this year in Austin, TX.
But first: Thank you to everyone who applied this year. When we opened the CFP, three of the nine topics were AI-related, but in the end half of all submissions were in these three categories. Not at all surprising considering the year we are having, but there are only 20 speaking slots, and still a lot happening in Rails outside of (or maybe adjacent to) AI, so finding the right balance took a little more work this year. (Big shout out to the content committee for their patience, discernment, and endless review cycles!)
With…
CVE-2026-54297 (faraday): Faraday - Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
GHSA-mqq5-j7w8-2hgh (alchemy_cms): AlchemyCMS - Unauthenticated nested page API leaks restricted and unpublished content
Can Ruby Next Help You Upgrade an Application Gradually? June 21, 2026 Upgrading a Ruby application is rarely as simple as changing the version number. Dependencies, deployment pipelines, CI environments, and legacy code often mean that a runtime upgrade becomes a project of its own. As a result, many teams postpone adopting newer Ruby language … Continue reading Can Ruby Next Help You Upgrade an Application Gradually?
GHSA-5prr-v3j2-97mh (nokogiri): Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
GHSA-5v8h-3h3q-446p (nokogiri): Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
GHSA-8678-w3jw-xfc2 (nokogiri): Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
GHSA-9cv2-cfxc-v4v2 (nokogiri): Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
GHSA-p67v-3w7g-wjg7 (nokogiri): Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
GHSA-phwj-rprq-35pp (nokogiri): Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
GHSA-wfpw-mmfh-qq69 (nokogiri): Nokogiri: Possible Use-After-Free in XInclude Processing
GHSA-wjv4-x9w8-wm3h (nokogiri): Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
https://avdi.codes/155720-2/?utm_source=rss&utm_medium=rss&utm_campaign=155720-2
We organized around nouns, not verbs. Users, lists, tasks, comments, each owned by exactly one service. Operations were almost entirely CRUD. Communication happened through exactly two mechanisms: a standardized REST/JSON convention that every service spoke natively and exclusively, and a message bus that broadcast every mutation. That was it. No service-to-service RPC. No custom protocols. No internal APIs that only two services knew about.
We didn’t choose this approach because we loved distributed systems. We chose it because it enforced replaceability. When a service became too heavy—too much conceptual mass—we didn’t refactor it. We deleted it and replaced it with something simpler.…
CVE-2026-12515 (katello): katello - missing repository authorization in content_uploads exposes cross-product content existence
CVE-2026-55518 (avo): Avo - Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
Hi, it’s zzak. This week was full of changes, so let’s pull into the station and take a look.
Last Rails World GA tickets available
Heads up: there are now just 100 General Admission tickets available for Rails World 2026. Don’t miss your chance to join the Rails community in Austin this September for two days of talks, code, connection and music.
Rails Foundation documentation guides
The documentation project reworked the Multiple Databases guide, now ready for community review, and reorganized the Internationalization guide from beginner-friendly setup through advanced topics.
Allow query log tags to be configured per connection pool
Database configurations can now override query log…
Navigating Subscription Overhauls and Payments
Chris, Andrew, and David catch up after a missed week of recording and quickly dive into the kind of deeply practical Rails work that only comes from real production pain. Andrew shares the massive subscription and billing migration happening at Podia, including Stripe edge cases, legacy plan preservation, and stress-test tooling built from live scenarios. Chris then goes deep on a Hatchbox email cancellation flow that turns into a Rails internals rabbit hole around Action Mailer callbacks, mail delivery cancellation, and a tiny Rails PR born from production debugging. Hit download now to hear more!
Links
I wrote recently about Syntropy, a new Ruby web framework I’m working on (it runs this site). Syntropy’s design is based around the idea of file-based routing, which means that the source files for route handlers (i.e. controllers) that make up the app are organized and named according to the app’s URL namespace. I also discussed the way Syntropy loads the different source files (referred to as modules), and I’d like to discuss this a bit more in detail.
Code Organization in Ruby on Rails
Now, if you’re a Rails developer, you know that Rails’ approach to code organization is based on auto-loading of the different source files that make up the app, performed by the Zeitwerk gem.…
Continuations 2026/24: Clearing the decks
This edition’s a bit late—please grant me an amnesty, as I don’t want to break my streak! So here we’ll focus on last week’s work, and in a few days’s time, I’ll bring you up to the present.
The focus last week was clearing the decks so we could make ship a 3.0 release candidate for Hanami.
Sean merged another nice batch of performance improvements for Hanami Action, as well as an attachments-related fix for Mailer. Thanks Sean!
Paweł got in on the action too, with a website update for our generated README, plus sourcing our gems from our gem.coop namespaces if you elect gem.coop as your gem source in new apps. I also tweaked and merged his documentation for undecorated view exposures.…
Merged (another!) nice fix from Jane Sandberg: Do not create duplicate routes when running the…
Herb and ReActionView: A Glimpse Into the Future of Rails Views June 18, 2026 For years, Rails developers have enjoyed one of the simplest and most productive ways to build web applications: write HTML with ERB, let Action View render the templates, and move on. While the Ruby language, the parser, and the tooling ecosystem … Continue reading Herb and ReActionView: A Glimpse Into the Future of Rails Views
Comsol Customer Service
I’ve had a Comsol 3-in-1 wireless charger sitting on my desk for ages. It has a hardcore 2010s tech aesthetic, with its white plastic and chrome combination. I use it to charge my phone, watch and earbuds all at once. Or at least I did, until it stopped being able to charge the phone. It could still charge a watch and the earbuds, but I used it most for charging the phone.
The device still turned on, but it would flash a solid white light for about a second, then off again, then repeat. I didn’t know what caused this, and googling for the manual turned up no results. But I did find the support email! So I contacted them and asked what it meant and if they had the manual.
They then asked…
CVE-2026-54901 (oj): Oj- Use-After-Free in 'Oj::Parser' array_class/hash_class GC Marking
No Node
The Asset Pipeline has had many changes over the years, from not needing NodeJS when using Sprockets, to supporting NodeJS to manage JS dependencies through npm packages, to requiring NodeJS by default with Webpacker, and to not needing NodeJS by default again with ImportMaps.
ImportMaps is a good way to not have NodeJS as a dependency of the application, but it has many limitations (like the lack of TypeScript support) and it requires a lot of work to migrate to it when upgrading older applications.
In this blog post, we will see how to use Bun to remove the need to install NodeJS system-wide, how to use the standalone binary to not require an installation step, and at the same time keep…
Before and after (image) sliders are great for product showcases, before/after transformations, renovation projects or photo editing results. They’re engaging, interactive, and honestly just fun to use.
Ever thought of building one from scratch? Not complicated at all! In this article, I want to show how to build a simple, reusable Stimulus controller that does just all that. This is how the end result will look like:

As always, the code can be found on GitHub.
It is simple, really
The beauty of this controller is its simplicity. You need three things:
- a wrapper element;
- two images (before and after), and;
- a slider.
That’s it. Here’s it in HTML:
<div data-controller="compare">
<img da…
