James Adam @james@ruby.social
- Elsewhere
- http://lazyatom.com
- Github
- https://github.com/lazyatom
- Support ruby.social
- https://www.patreon.com/rubysocial
Admin
Loving Ruby since 2002. or 2001. I really ought to figure it out.
I’m the admin for this instance - if you have any questions or problems, let me know!
Joined Aug 2018
James Adam
boosted
So what's the state of VSCode Intellisense, but for ruby gems? Can it automatically scan the RI index of all installed gems, or do projects have to generate their own API index file for VSCode?
James Adam
boosted
RT @euruko@twitter.com
We're now accepting applications for diversity/scholarship tickets! These are mostly virtual tickets but we do also have some in-person tickets available too. (1/3) https://2022.euruko.org/tickets/
James Adam
boosted
It's only fitting that Bridgetown, which is open source, have a presence on ruby.social, which uses an open sourse platform written in Ruby (Mastodon 
). Rubies all the way down! 
😁
@bridgetown welcome! Bring your friends!
James Adam
boosted
We were still learning about the security issue for rubygems when yet another vulnerability was discovered: CVE-2022-29218
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-2jmx-8mh8-pm8w
This time Maciel also got another excellent piece of Impact Analysis:
But big Mensfeld didn't stop there, he actually created a tool (a gem in the whole extent of the word) to help you figure out if your bundle was compromised:
https://rubygems.org/gems/bundler-integrity
Please boost this toot for visibility.
James Adam
boosted
I often hear that the increased hosting costs associated with Ruby on Rails' larger than average footprint is more than offset by the increased dev productivity. It follows that Rails salaries being pretty high at the moment is offset by being able to maintain a smaller, more productive team.
Does anyone know of any case studies where someone's actually done the numbers on that?
It "feels right" to me, but I'd be interested to read other's experiences.
James Adam
boosted
Finally a writeup for the http://rubygems.org vuln, CVE-2022-29176. Such a simple mistake. I feel like the take away lessons are:
1. do not query/trust composite columns. Query individual columns.
2. do not trust arbitrary user Strings.
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
#ruby #infosec
James Adam
boosted
P.S.A: Rails have released a new version fixing some issues added on the last security release.
https://rubyonrails.org/2022/5/9/Rails-7-0-3-6-1-6-6-0-5-and-5-2-8-have-been-released
The new stable versions have been pushed to these
- 7.0.3
- 6.1.6
- 6.0.5
- 5.2.8
These are some of the problems I note in my review:
https://ruby.social/@esparta/108211719637031175
As usual, it's recommended to test thoughtfully on your staging environments before proceeding to deploy to production.
James Adam
boosted
In a code review i suggested extracting a well named function. They replied that it does not add any value to introduce a new function. They're right in the worst way, the computer doesn't care and they don't value the readers.
Do you have suggestions on how to respond to that?
@bcgoss might a well named local variable be a good compromise?
I think you've identified the important aspect though -- they need to value the comprehensibility of code.
Perhaps you can find some other examples in your codebase where a single-call function helps make another nearby expression much easier to understand.
@jsrn client stuff is Capistrano, but all my personal projects go via Dokku
James Adam
boosted
RT @RubyInside@twitter.com
What Do You Think of 'Scoped Gems'? https://github.com/rubygems/rfcs/pull/40
🐦🔗: https://twitter.com/RubyInside/status/1521866493826375682
@andy_twosticks @postmodern I did consider that, e.g.
hasha.select { |k,v| hashb.has_key?(k) && hashb[k] == v }
I think they're about as nice as each other, I don't mind an incline `rescue`.
The main gotchas to avoid with `[]` are making sure you don't accidentally get a default value, but `has_key?` should avoid that 👍️
@andy_twosticks @postmodern you also probably want to avoid using `hashb[k]` in a boolean expression in case the actual value is `false` 😄
For example:
hasha = {a: true, b: false}
hashb = {b: false, c: true}
hasha.select { |k,v| hashb[k] && hashb[k] == v }
# => {}, but it should be {b: false}
Instead, I'd suggest using `fetch`:
hasha.select { |k,v| hashb.fetch(k) == v rescue false }
James Adam
boosted
How're you deploying your applications these days?
I've been chucking stuff on k8s for so long at my job I've lost touch with what everyone else is doing.
James Adam
boosted
How do I love Ruby? Let me Enumerable the ways.
@robbyrussell I see you lurkin'
@jsrn @johnpettigrew I think I'd go for this approach too -- wrap whatever might raise the `Net::ReadTimeout` in a method that you control, and raises a custom exception, and then `rescue_from` that custom one and display your nice message. That way you only have a single point to maintain if anything changes in whatever might raise `Net::ReadTimeout`, and you can choose nice descriptive names for your custom exception and method.
James Adam
boosted
Ruby developers on Linux, what's your preferred Ruby?
James Adam
boosted
Figured this would be a good place to soft launch this. I setup a Discord server specifically for the topic of Ruby & InfoSec. The goal of this server is to help answer questions, educate others, highlight other Ruby InfoSec projects, and counter anti-Ruby FUD with information. If you are interested in both Ruby & InfoSec, or just want to help, consider joining. #ruby #infosec
https://discord.gg/CcqkHnuyUK
- Elsewhere
- http://lazyatom.com
- Github
- https://github.com/lazyatom
- Support ruby.social
- https://www.patreon.com/rubysocial
Admin
Loving Ruby since 2002. or 2001. I really ought to figure it out.
I’m the admin for this instance - if you have any questions or problems, let me know!
Joined Aug 2018
