James Adam @james@ruby.social

I often hear that the increased hosting costs associated with Ruby on Rails' larger than average footprint is more than offset by the increased dev productivity. It follows that Rails salaries being pretty high at the moment is offset by being able to maintain a smaller, more productive team.

Does anyone know of any case studies where someone's actually done the numbers on that?

It "feels right" to me, but I'd be interested to read other's experiences.

Finally a writeup for the http://rubygems.org vuln, CVE-2022-29176. Such a simple mistake. I feel like the take away lessons are:

1. do not query/trust composite columns. Query individual columns.
2. do not trust arbitrary user Strings.

https://greg.molnar.io/blog/rubygems-cve-2022-29176/
#ruby #infosec

P.S.A: Rails have released a new version fixing some issues added on the last security release.

https://rubyonrails.org/2022/5/9/Rails-7-0-3-6-1-6-6-0-5-and-5-2-8-have-been-released

The new stable versions have been pushed to these

- 7.0.3
- 6.1.6
- 6.0.5
- 5.2.8

These are some of the problems I note in my review:

https://ruby.social/@esparta/108211719637031175

As usual, it's recommended to test thoughtfully on your staging environments before proceeding to deploy to production.

In a code review i suggested extracting a well named function. They replied that it does not add any value to introduce a new function. They're right in the worst way, the computer doesn't care and they don't value the readers.

Do you have suggestions on how to respond to that?

RT @RubyInside@twitter.com

What Do You Think of 'Scoped Gems'? https://github.com/rubygems/rfcs/pull/40

🐦🔗: https://twitter.com/RubyInside/status/1521866493826375682

How're you deploying your applications these days?

I've been chucking stuff on k8s for so long at my job I've lost touch with what everyone else is doing.

How do I love Ruby? Let me Enumerable the ways.

Ruby developers on Linux, what's your preferred Ruby?

Figured this would be a good place to soft launch this. I setup a Discord server specifically for the topic of Ruby & InfoSec. The goal of this server is to help answer questions, educate others, highlight other Ruby InfoSec projects, and counter anti-Ruby FUD with information. If you are interested in both Ruby & InfoSec, or just want to help, consider joining. #ruby #infosec
https://discord.gg/CcqkHnuyUK

Have you worked on anything cool lately?

I've been looking at a bunch of sites on neocities.org and it's making me want to make my own site much, much worse^H^H^H^H^Hcooler.

Working on an idempotent db/seeds set up today for an old rails project. So much better than copying from production. Can’t believe I haven’t done it before.

Is there ever a good time to define a custom `!` method on an object? Seems like setting up a footgun for people relying on the truthy/falsiness in a boolean expression.

class Thing; def !; true; end; end
my_thing = Thing.new

do_thing if my_thing# executes
do_thing if !my_thing # executes
do_thing unless my_thing # does not execute

Welcome to the new & returning ruby.social users. Hope we can engage better this time.

Please try to follow up other peers, create your #introduction and pin your toot.

Remember this is not a "new twitter" the idea is kind of different. You can check @feditips to get more insights about how the federation works and how to have a better integrated environments.

P.S. there's no edit feature, but you can delete & redraft as I did with this toot.