Podcasts about RubyGems

Jamie's Links: https://github.com/github/spec-kit https://owasp.org/ https://bsky.app/profile/gaprogman.com https://dotnetcore.show/ https://gaprogman.github.io/OwaspHeaders.Core/ Mike on LinkedIn Coder Radio on Discord Mike's Oryx Review Alice Alice Jumpstart Offer

In this episode, guest Nate Berkopec joins Chris and Andrew to discuss the current state and cultural controversies surrounding Ruby Gems, Bundler, and open-source projects in general. The conversation dives into the split within the Ruby community, the complexities of maintaining key projects, and the challenges of funding and sustaining open-source work. Nate shares his experiences with Puma and his philosophy on community-driven contributions and project ownership. The episode also explores broader issues such as the feasibility of getting paid for open-source work, the role of corporate sponsorship, and the need for more inclusive participation in maintaining and evolving open-source software. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftNate Berkopec WebsiteNate Berkopec BlueskyNate Berkopec MastodonNate Berkopec XSpeedshopLearning from the RubyGems fiasco with Mike McQuaid (Homebrew) and Justin Searls (YouTube)gem.coopSpinelThe Transition of RubyGems Repository Ownership by Matz (Ruby News)Is turbo in maintenance mode? #1456 (GitHub) Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

This week, we discuss OpenAI's new browser, AI trying to build spreadsheets, and when to use Claude skills. Plus, Coté explores the art of the perfect staycation. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/PnwoFl5JjNo?si=DS2CoIgHVlVU9Y3m) 543 (https://www.youtube.com/live/PnwoFl5JjNo?si=DS2CoIgHVlVU9Y3m) Runner-up Titles Firewire is dead USB, what are you going to do? It's like I tell my son: you know what to do, you chose not to do it. I am just a guest. I don't need helpful An amazing hole. Slides for nobody You closed the loop It's pretty amazing, but does it need to exist? Slackhole Rundown OpenAI Introducing ChatGPT Atlas (https://openai.com/index/introducing-chatgpt-atlas/) OpenAI Is Building a Banker (https://www.bloomberg.com/opinion/newsletters/2025-10-21/openai-is-building-a-banker?srnd=undefined&embedded-checkout=true) OpenAI has five years to turn $13 billion into $1 trillion (https://techcrunch.com/2025/10/14/openai-has-five-years-to-turn-13-billion-into-1-trillion/) AI agents are not amazing, they are slop: says OpenAI cofounder Andrej Karpathy as he strongly disagrees with CEO Sam Altman on AGI timeline - The Times of India (https://timesofindia.indiatimes.com/technology/tech-news/ai-agents-are-not-amazing-they-are-slop-says-openai-cofounder-andrej-karpathy-as-he-strongly-disagrees-with-ceo-sam-altman-on-agi-timeline/articleshow/124720565.cms) OpenAI's ChatGPT will soon allow ‘erotica' for adults in major policy shift (https://www.cnbc.com/2025/10/15/erotica-coming-to-chatgpt-this-year-says-openai-ceo-sam-altman.html) OpenAI Inks Deal With Broadcom to Design Its Own Chips for A.I. (https://www.nytimes.com/2025/10/13/technology/openai-broadcom-chips-deal.html) Claude Skills are awesome, maybe a bigger deal than MCP (https://simonwillison.net/2025/Oct/16/claude-skills/#atom-everything) OpenStack Flamingo pays down technical debt as adoption continues to climb (https://www.networkworld.com/article/4066532/openstack-flamingo-pays-down-technical-debt-as-adoption-continues-to-climb.html) Relevant to your Interests Elon Musk will settle $128 million Twitter execs lawsuit (https://www.theverge.com/news/796239/elon-musk-x-128-million-twitter-exec-lawsuit-settlement) GitHub Will Prioritize Migrating to Azure Over Feature Development (https://thenewstack.io/github-will-prioritize-migrating-to-azure-over-feature-development/) The Discord Hack is Every User's Worst Nightmare (https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/) Cursor-Maker Anysphere Considers Investment Offers at $30 Billion Valuation (https://www.theinformation.com/articles/cursor-maker-anysphere-considers-investment-offers-30-billion-valuation) Rubygems.org AWS Root Access Event – September 2025 (https://rubycentral.org/news/rubygems-org-aws-root-access-event-september-2025/) This Discord Zendesk compromise has gotten more silly (https://x.com/vxunderground/status/1976417029289607223) WP Engine Vs Automattic & Mullenweg Is Back In Play (https://www.searchenginejournal.com/wp-engine-vs-automattic-mullenweg-is-back-in-play/557905/) Windows 11 removes all bypass methods for Microsoft account setup, removing local accounts (https://alternativeto.net/news/2025/10/windows-11-now-blocks-all-microsoft-account-bypasses-during-setup/) Introducing the React Foundation: The New Home for React & React Native (https://engineering.fb.com/2025/10/07/open-source/introducing-the-react-foundation-the-new-home-for-react-react-native/?utm_source=changelog-news) Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog (https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844) DevRel is -Unbelievably- Back (https://dx.tips/devrel-is-back) The Ruby community has a DHH problem (https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-problem) YouTube rolls out its redesigned video player globally (https://www.engadget.com/entertainment/youtube/youtube-rolls-out-its-redesigned-video-player-globally-174609883.html) Oracle stock rises as company confirms Meta cloud deal (https://www.cnbc.com/2025/10/16/oracle-confirms-meta-cloud-deal-.html) Adiós, AirPods (https://www.theatlantic.com/technology/2025/10/apple-airpods-live-translation/684582/?gift=iWa_iB9lkw4UuiWbIbrWGV8Zzu9GF6V5YZpJtnAzcvU&utm_source=copy-link&utm_medium=social&utm_campaign=share) NVIDIA shows off its first Blackwell wafer manufactured in the US (https://www.engadget.com/big-tech/nvidia-shows-off-its-first-blackwell-wafer-manufactured-in-the-us-192836249.html) This Is How Much Anthropic and Cursor Spend On Amazon Web Services (https://www.wheresyoured.at/costs/) Automattic CEO calls Tumblr his 'biggest failure' so far (https://techcrunch.com/2025/10/20/automattic-ceo-calls-tumblr-his-biggest-failure-so-far/) Marc Benioff says Salesforce is saving about $100M a year by using AI tools in its customer service operations (https://www.bloomberg.com/news/articles/2025-10-14/salesforce-says-ai-customer-service-saves-100-million-annually | http://www.techmeme.com/251014/p32#a251014p32) Amazon cloud computing outage disrupts Snapchat, Ring and many other online services (https://apnews.com/article/amazon-east-internet-services-outage-654a12ac9aff0bf4b9dc0e22499d92d7) Amazon Outage Forces Hundreds of Websites Offline for Hours (https://www.nytimes.com/2025/10/20/business/aws-down-internet-outage.html) Today is when Amazon brain drain finally caught up with AWS (https://www.theregister.com/2025/10/20/aws_outage_amazon_brain_drain_corey_quinn/) AWS crash causes $2,000 Smart Beds to overheat and get stuck upright - Dexerto (https://www.dexerto.com/entertainment/aws-crash-causes-2000-smart-beds-to-overheat-and-get-stuck-upright-3272251/) Nonsense Streetlights Are Mysteriously Turning Purple. Here's Why (https://www.scientificamerican.com/article/streetlights-are-mysteriously-turning-purple-heres-why/) Buc-ee's is not America's top convenience store; Midwest chain takes No. 1 spot (https://local12.com/news/nation-world/bucees-not-america-top-convenience-store-satisfaction-ratings-rankings-midwest-chain-kwik-trip-takes-number-one-spot-wawa-sheetz-quicktrip-cincinnati-ohio) French post office rolls out croissant-scented stamp (https://www.ctvnews.ca/world/article/french-post-office-rolls-out-croissant-scented-stamp/) Listener Feedback Jeffrey is looking for college interns. (https://careers.blizzard.com/global/en/job/R025908/2026-US-Summer-Internships-Game-Engineering) Conferences Wiz Wizdom Conferences (https://www.wiz.io/wizdom), NYC November 3-5, London November 17-19 SREDay Amsterdam (https://sreday.com/2025-amsterdam-q4/), Coté speaking, November 7th. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: The PR Guy Who Says the AI Boom Is a Bust (https://overcast.fm/+AAQL2e2DHQo) Matt: Comfort Ear Grip Hooks (https://www.amazon.com.au/dp/B07YVDT3KT) Coté: MSG on popcorn, Claude Skills, Masman Curry, Sora? Photo Credits Header (https://unsplash.com/photos/person-holding-white-and-gray-stone-OV44gxH71DU)

Csaba Okrona lays out exactly what Flow is (then shows you how to engineer your way back to it), a smart vacuum turned against an innocent hacker, Matz and the Ruby core team step up to steward RubyGems, Simon Willison things Claude Skills could be bigger than MCP, and Luke Plant looks at technical debt from a more positive perspective.

Csaba Okrona lays out exactly what Flow is (then shows you how to engineer your way back to it), a smart vacuum turned against an innocent hacker, Matz and the Ruby core team step up to steward RubyGems, Simon Willison things Claude Skills could be bigger than MCP, and Luke Plant looks at technical debt from a more positive perspective.

Csaba Okrona lays out exactly what Flow is (then shows you how to engineer your way back to it), a smart vacuum turned against an innocent hacker, Matz and the Ruby core team step up to steward RubyGems, Simon Willison things Claude Skills could be bigger than MCP, and Luke Plant looks at technical debt from a more positive perspective.

This is a recap of the top 10 posts on Hacker News on October 17, 2025. This podcast was generated by wondercraft.ai (00:30): Migrating from AWS to HetznerOriginal post: https://news.ycombinator.com/item?id=45614922&utm_source=wondercraft_ai(01:50): Meow.cameraOriginal post: https://news.ycombinator.com/item?id=45613047&utm_source=wondercraft_ai(03:11): Andrej Karpathy – It will take a decade to work through the issues with agentsOriginal post: https://news.ycombinator.com/item?id=45619329&utm_source=wondercraft_ai(04:32): Ruby core team takes ownership of RubyGems and BundlerOriginal post: https://news.ycombinator.com/item?id=45615863&utm_source=wondercraft_ai(05:53): The Rapper 50 Cent, Adjusted for InflationOriginal post: https://news.ycombinator.com/item?id=45618790&utm_source=wondercraft_ai(07:13): Amazon's Ring to partner with FlockOriginal post: https://news.ycombinator.com/item?id=45614713&utm_source=wondercraft_ai(08:34): Claude Skills are awesome, maybe a bigger deal than MCPOriginal post: https://news.ycombinator.com/item?id=45619537&utm_source=wondercraft_ai(09:55): Live Stream from the Namib DesertOriginal post: https://news.ycombinator.com/item?id=45615931&utm_source=wondercraft_ai(11:16): 4Chan Lawyer publishes Ofcom correspondenceOriginal post: https://news.ycombinator.com/item?id=45614148&utm_source=wondercraft_ai(12:37): EVs are depreciating faster than gas-powered carsOriginal post: https://news.ycombinator.com/item?id=45615237&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Mike McQuaid and Justin Searls join Jerod in the wake of the RubyGems debacle to discuss what happened, what it says about money in open source, what sustainability really means for our community, making a career out of open source (or not), and more. Bleep!

Post-recording update: As I've been lobbying for (both publicly and behind the scenes), it has been announced that the RubyGems and Bundler client libraries are being transferred to Matz and the Ruby core team. Mike McQuaid (of Homebrew fame) and I scheduled this episode of Hot Fix a week before the Ruby community exploded. Hot Fix is all about getting spicy, but even we were a little wary of the heat in that particular kitchen. The problem Mike brought to the table is the same one he's always on about: open source is not a career. Incidentally, Mike's favorite topic also happens to be relevant to the latest RubyGems controversy—because it all boils down to paying people to work on open source. Not content to miss out on the fun, Jerod from The Changelog asked if he could join and discuss the ongoing Ruby drama as a group. So we decided to team up and do a collab episode—call it Breaking Changelog, I guess? It's nothing if not efficient: record once, edit twice, and syndicate everywhere. If you don't mind swear words, listen to this version. If you don't like swearing, what the fuck are you doing here? (But seriously, you can listen to their edit if you want!) Please send your compliments to podcast@searls.co and your complaints to editors@changelog.com.

Mike McQuaid and Justin Searls join Jerod in the wake of the RubyGems debacle to discuss what happened, what it says about money in open source, what sustainability really means for our community, making a career out of open source (or not), and more. Bleep!

Rewolucje, kontrowersje i wizje przyszłości. W Brew to codzienność. Odpalamy silniki (elektryczne) i zabieramy Was w podróż po najważniejszych wydarzeniach ze świata technologii, które definiują to, jak będziemy pracować, tworzyć i komunikować się w najbliższej przyszłości.W odcinku między innymi:

In this episode of Remote Ruby, Chris is on paternity leave celebrating the birth of his son, so Andrew brings in Drew Bragg and Rachael Wright-Munn (aka ChaelCodes), to discuss recent controversies surrounding Ruby Central and its alleged takeover of Ruby Gems and Bundler. They dive into the timeline of events, conflicting narratives, communication failures, and the underlying security concerns. They address theories and facts, scrutinize the governance of Ruby Central, and discuss the implications for the Ruby community. The episode emphasizes the importance of asking questions and seeking clarity, while advocating for a balanced and constructive approach to resolving the community's issues. Hit download now to hear more! Panelist:Andrew MasonGuests:Drew BraggRachael Wright-MunnSponsors:HoneybadgerJudoscaleLinks:Chris Oliver XAndrew Mason BlueskyJudoscale- Remote Ruby listener giftDrew Bragg WebsiteCode and the Coding Coders who Code it- Drew's PodcastPhilly.rbRachael Wright-Munn (ChaelCodes)- Website Rachael Wright-Munn (ChaelCodes)-TwitchRachael Wright-Munn (ChaelCodes)-BlueskyEllen's first post on the RubyGems controversy  A board member's perspective on the RubyGems controversy  An Update From Ruby Central (Video)  Investigation reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGems - GIGAZINE  Strengthening the Stewardship of RubyGems and Bundler  Martin Emde's post on Bluesky  Reddit post for "An Update from Ruby Central"  Bundler Policies on GitHub  Advocacy for Reduced Rails Usage  Alpha-Omega Project  Ruby Central News Post: Alpha-Omega support   Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

In this episode of C4, Andrew Mason and Rachael Wright-Munn join Drew to unpack recent controversies surrounding Ruby Central and its alleged takeover of Ruby Gems and Bundler. The trio delves into the timeline of events, conflicting narratives, communication failures, and the underlying security concerns. They address theories and facts, scrutinize the governance of Ruby Central, and discuss the implications for the Ruby community. The episode emphasizes the importance of asking questions and seeking clarity, while advocating for a balanced and constructive approach to resolving the community's issues.Sources discussed*:Ellen's first post on the RubyGems controversy  A board member's perspective on the RubyGems controversyAn Update From Ruby Central (Video)Investigation (allegedly) reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGemsStrengthening the Stewardship of RubyGems and BundlerMartin Emde's post on Bluesky Reddit post for "An update from Ruby Central"  Bundler Policies on GitHub  Ruby Central "About" page  Advocacy for Reduced Rails Usage  Alpha-Omega ProjectOrganization & Structure of Open Source Software Development Initiatives - Cyberlaw ClinicRuby Central News Post: Alpha-Omega supportStepSecurity: npm supply chain compromiseSocket: npm supply chain attackPalo Alto Networks Unit 42: npm supply chain attack* Some sources include unverified information being presented as fact. Read with caution.Send us some love. HoneybadgerHoneybadger is an application health monitoring tool built by developers for developers.JudoscaleAutoscaling that actually works. Take control of your cloud hosting.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the show

This week, we dig into the latest DORA report and OpenAI's big product updates. Plus, some hot takes on airline status and the Eurostar. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/urU5sn8Ufl8?si=WNrIuP_uXbhIg4gq) 540 (https://www.youtube.com/live/urU5sn8Ufl8?si=WNrIuP_uXbhIg4gq) Runner-up Titles Just plug in an iPhone Be helpful, not helpless Rundown Announcing the 2025 DORA Report | Google Cloud Blog (https://cloud.google.com/blog/products/ai-machine-learning/announcing-the-2025-dora-report/) OpenAI Agentic Commerce (https://openai.com/index/buy-it-in-chatgpt/) (https://openai.com/sora/) The New Sora App (https://openai.com/sora/) Introducing ChatGPT Pulse (https://openai.com/index/introducing-chatgpt-pulse/) Relevant to your Interests Intel and Apple hold investment talks, no deal in sight - 9to5Mac (https://9to5mac.com/2025/09/24/intel-and-apple-hold-investment-talks-no-deal-in-sight/) Ed Zitron is mad as hell (https://www.ft.com/content/4c8d6420-d088-4660-8973-c4996cd990fb) TikTok will stay: Trump signs executive order to keep app in the US (https://siliconangle.com/2025/09/25/tiktok-will-stay-trump-signs-executive-order-keep-app-us/) 10+ Hidden Features in iOS 26 (https://www.macrumors.com/guide/ios-26-hidden-features/) Splunk .conf25: Forging a Data Foundation for Cisco's AgenticOps Vision (https://futurumgroup.com/insights/splunk-conf25-forging-a-data-foundation-for-ciscos-agenticops-vision/) JFrog SwampUp 2025: The Agentic Development Era Emerges From The Swamp (https://www.forrester.com/blogs/jfrog-swampup-2025-the-agentic-development-era-emerges-from-the-swamp/) RIP, AOL dial-up: Take a walk down memory lane to 5 other now-defunct tech icons that defined millennials' youths (https://www.aol.com/rip-aol-dial-walk-down-063119808.html) Logitech launches MX Master 4 flagship productivity mouse – the best mouse we've tested adds haptic feedback, circular Action Ring shortcuts (https://www.tomshardware.com/peripherals/gaming-mice/logitech-launches-mx-master-4-flagship-productivity-mouse-the-best-mouse-weve-tested-adds-haptic-feedback-circular-action-ring-shortcuts) Charlie Javice Sentenced to 85 Months in Prison for Fraud (https://www.nytimes.com/2025/09/29/business/charlie-javice-sentence.html) Spotify CEO Daniel Ek to step aside (https://www.axios.com/2025/09/30/spotify-ceo-daniel-ek) Cloudscape - Cloudscape Design System (https://cloudscape.design/) Cursor CLI (https://cursor.com/cli) Introducing Claude Sonnet 4.5 (https://www.anthropic.com/news/claude-sonnet-4-5) Cursor CLI (https://cursor.com/cli) Introducing Claude Sonnet 4.5 (https://www.anthropic.com/news/claude-sonnet-4-5) GitHub Copilot CLI is now in public preview (https://github.blog/changelog/2025-09-25-github-copilot-cli-is-now-in-public-preview/) Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover (https://joel.drapper.me/p/rubygems-takeover/) How Ruby Went Off the Rails (https://www.404media.co/how-ruby-went-off-the-rails/) Open source to closed doors: RubyGems control fight erupts (https://www.theregister.com/2025/09/25/open_source_to_closed_doors/) Platform Engineering and AI - Two Buzzwords Finally Meet! | Michael Cote (https://www.youtube.com/watch?v=6jL3xp3LmQw) Nonsense Build-A-Bear Stock Outperforms Nvidia (https://theonion.com/build-a-bear-stock-outperforms-nvidia/) (The Onion) Conferences CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Coté speaking, Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th-16th, London. Use code SDT20 for 20% off. Wiz Wizdom Conferences (https://www.wiz.io/wizdom), NYC November 3-5, London November 17-19 SREDay Amsterdam (https://sreday.com/2025-amsterdam-q4/), Coté speaking, November 7th. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Black Rabbit (https://www.netflix.com/title/81630027) Coté: Sune, Hackney, London (https://www.sune.restaurant). Photo Credits Header (https://unsplash.com/photos/a-eurostar-train-is-shown-in-close-up-KRJNGFKNjJM)

In questa puntata del Buongiorno esploriamo uno dei casi più scottanti e controversi degli ultimi mesi nella comunità tech: la presa di controllo di RubyGems da parte di Ruby Central sotto l'influenza di Shopify. Tra pressioni aziendali, espulsioni di manutentori storici e il ruolo controverso di figure chiave come David Heinemeier Hansson, questa vicenda ci mostra il fragile equilibrio fra open source, potere economico e indipendenza comunitaria. Cosa succede quando il collante della collaborazione viene messo alla prova da interessi forti e oscuri retroscena? Un viaggio dentro la crisi che sta ridefinendo il futuro del software libero.Scarica CodeRoutine - https://play.google.com/store/apps/details?id=com.edodusi.coderoutine&hl=en-us00:00 Intro03:41 Antefatto e protagonisti06:38 La presa di potere di Ruby Central11:05 Conseguenze13:31 Conclusioni#opensource #ruby #rubycentral #shopify

This week, we cover Oracle's OpenAI deal, the RubyGems drama, and Atlassian buying DX. Plus, does anyone still use widgets? Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/ptnxBcE_6FQ?si=lapKMarRCBFbeAET) 539 (https://www.youtube.com/live/ptnxBcE_6FQ?si=lapKMarRCBFbeAET) Runner-up Titles It's a two knob problem The healthy jaundice of success My homework is to go home Are you enjoying the widgets? I get you on the Ponzi Scheme Hanlon's Razor strikes again Blogging: Hardest form of social media Rundown Oracle Exclusive | Oracle, OpenAI Sign Massive $300 Billion Cloud Computing Deal (https://www.wsj.com/business/openai-oracle-sign-300-billion-computing-deal-among-biggest-in-history-ff27c8fe) Oracle and OpenAI are full of crap (https://bsky.app/profile/edzitron.com/post/3lynpe7zmas2k) OpenAI doesn't have the cash to pay Oracle $300 billion — raising it will test the very limits of private markets (https://sherwood.news/markets/openai-doesnt-have-the-cash-to-pay-oracle-usd300-billion-raising-it-will/) Nvidia stock jumps on $100 billion OpenAI investment as Huang touts 'biggest AI infrastructure project in history (https://finance.yahoo.com/news/nvidia-stock-jumps-on-100-billion-openai-investment-as-huang-touts-biggest-ai-infrastructure-project-in-history-171740509.html) Ruby Central Takes Over RubyGems (https://mjtsai.com/blog/2025/09/23/ruby-central-takes-over-rubygems/) Atlassian Atlassian acquires DX, a developer productivity platform, for $1B (https://techcrunch.com/2025/09/18/atlassian-acquires-dx-a-developer-productivity-platform-for-1b/) Atlassian acquires developer productivity startup DX for $1B (https://siliconangle.com/2025/09/18/atlassian-acquires-developer-productivity-startup-dx-1b/) The AI Shift: Static Software vs. Living AI Systems (https://cloudedjudgement.substack.com/p/clouded-judgement-91925-the-ai-shift) RSS co-creator launches new protocol for AI data licensing (https://techcrunch.com/2025/09/10/rss-co-creator-launches-new-protocol-for-ai-data-licensing/) Nvidia to Invest $5 Billion in Intel, Furthering Trump's Turnaround Plan (https://www.wsj.com/tech/ai/nvidia-intel-5-billion-investment-ad940533?mod=hp_lead_pos1) Relevant to your Interests Tesla Wants Out of the Car Business (https://www.theatlantic.com/technology/archive/2025/09/tesla-elon-musk-master-plan-robotaxi/684122/) Google is shutting down Tables, its Airtable rival | TechCrunch (https://techcrunch.com/2025/09/11/google-is-shutting-down-tables-its-airtable-rival/) Oracle's stock pump, Meta's $600B, Bronny Ellison and Warner Bros, European stereotypes (https://platformonomics.com/2025/09/platformonomics-tgif-99-september-12-2025/) Atlassian goes cloud-only, customers face integration issues (https://www.theregister.com/2025/09/09/atlassian_will_go_cloudonly_customers/) Getting a slice of the Kubernete$ management pie (https://newsletter.cote.io/p/getting-a-slice-of-the-kubernete) Cote on Multicloud (https://cote.io/2025/09/14/i-think-this-means-thing.html) ServiceNow Says Windsurf Gave Its Engineers a 10% Productivity Boost (https://bsky.app/profile/thenewstack.io/post/3lyvqw6lc6522) Most Work is Translation (https://open.substack.com/pub/aparnacd/p/most-work-is-translation?r=2d4o&utm_medium=ios) Microsoft warns users that Windows 10 is in its final days (https://go.theregister.com/feed/www.theregister.com/2025/09/16/windows_10_final_countdown/) How to use Tahoe's new Use Model shortcut to summarize articles (https://cote.io/2025/09/16/how-to-use-tahoes-new.html) Credit scores drop at fastest pace since the Great Recession | CNN Business (https://www.cnn.com/2025/09/16/economy/debt-credit-score-student-loans) Workday to buy AI firm Sana for $1.1 billion as HR software deal-making heats up (https://www.reuters.com/business/workday-buy-ai-firm-sana-11-billion-hr-software-deal-making-heats-up-2025-09-16/) Wasm 3.0 Completed - WebAssembly (https://webassembly.org/news/2025-09-17-wasm-3.0/) Exclusive: AI's ability to displace jobs is advancing quickly, Anthropic CEO says (https://www.axios.com/2025/09/17/anthropic-amodei-ai) From the facepalm community on Reddit: Meta's live AI cooking demo fails spectacularly (https://www.reddit.com/r/facepalm/s/VI8YmDY29p) Meta CTO explains the cause of its embarrassing smart glasses demo failures (https://www.engadget.com/wearables/meta-cto-explains-the-cause-of-its-embarrassing-smart-glasses-demo-failures-123011790.html) New H-1B rules sparked weekend chaos (https://www.morningbrew.com/stories/2025/09/22/new-h-1b-rules-sparked-weekend-chaos) The Man Calling Bullshit on the AI Boom (https://www.readtpa.com/p/the-man-calling-bullshit-on-the-ai?utm_campaign=post&utm_medium=web) Trump's H-1B visa fee isn't just about immigration, it's about fealty (https://www.theverge.com/report/782289/trumps-h-1b-visa-fee-isnt-about-immigration-its-about-fealty) Vivaldi takes a stand: keep browsing human | Vivaldi Browser (https://vivaldi.com/blog/keep-exploring/) Zoom Bets on Agentic AI With AI Companion 3.0 Amid Sluggish Growth (https://diginomica.com/zoom-unveils-ai-companion-30-betting-agentic-ai-drive-enterprise-growth) The Secret Service has dismantled a telecom threat near the UN. It could have disabled cell service in NYC (https://www.pbs.org/newshour/nation/the-secret-service-has-dismantled-a-telecom-threat-near-the-un-it-could-have-disabled-cell-service-in-nyc) Enterprise AI Looks Bleak, But Employee AI Looks Bright (https://www.dbreunig.com/2025/09/15/ai-adoption-at-work-play.html) Obot AI Secures $35M Seed to Build Enterprise MCP Gateway - obot (https://obot.ai/obot-ai-secures-35m-seed-to-build-enterprise-mcp-gateway/) Announcing the 2025 DORA Report | Google Cloud Blog (https://cloud.google.com/blog/products/ai-machine-learning/announcing-the-2025-dora-report/) Conferences Civo Navigate London (https://www.civo.com/navigate/london/2025), Coté speaking, September 30th. Texas Linux Fest (https://2025.texaslinuxfest.org), Austin, October 3rd to 4th. CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Coté speaking, Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th-16th, London. Use code SDT20 for 20% off. Wiz Wizdom Conferences (https://www.wiz.io/wizdom), NYC November 3-5, London November 17-19 SREDay Amsterdam (https://sreday.com/2025-amsterdam-q4/), Coté speaking, November 7th. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Task (https://www.rottentomatoes.com/tv/task) Matt: OpenCore Legacy Patcher (https://dortania.github.io/OpenCore-Legacy-Patcher/) Photo Credits Header (https://unsplash.com/photos/black-ipad-on-white-table-Sw-JgeAosME)

Another lawsuit against OpenAI, this time from xAI. Intel approached Apple about bailing them out. What if crypto was reversable so you could recover fraud. Drama in open source land. And would you like to get paid to train AI on your phone calls? You're in luck! Musk's xAI accuses rival OpenAI of stealing trade secrets (Reuters) Intel Is Seeking an Investment From Apple as Part of Its Comeback Bid (Bloomberg) Spotify to label AI music, filter spam and more in AI policy change (TechCrunch) Stablecoin issuer Circle examines ‘reversible' transactions in departure for crypto (Financial Times) Microsoft embraces OpenAI rival Anthropic to improve Microsoft 365 apps (The Verge) Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover (Joel Drapper) Neon, the No. 2 social app on the Apple App Store, pays users to record their phone calls and sells data to AI firms (TechCrunch) Learn more about your ad choices. Visit megaphone.fm/adchoices

This is a recap of the top 10 posts on Hacker News on September 19, 2025. This podcast was generated by wondercraft.ai (00:30): Trump to impose $100k fee for H-1B worker visas, White House saysOriginal post: https://news.ycombinator.com/item?id=45305845&utm_source=wondercraft_ai(01:53): Help us raise $200k to free JavaScript from OracleOriginal post: https://news.ycombinator.com/item?id=45297066&utm_source=wondercraft_ai(03:16): Ruby Central's Attack on RubyGems [pdf]Original post: https://news.ycombinator.com/item?id=45299170&utm_source=wondercraft_ai(04:39): I regret building this $3000 Pi AI clusterOriginal post: https://news.ycombinator.com/item?id=45302065&utm_source=wondercraft_ai(06:02): Ask HN: Has anyone else been unemployed for over two years?Original post: https://news.ycombinator.com/item?id=45306539&utm_source=wondercraft_ai(07:25): Ants that seem to defy biology – They lay eggs that hatch into another speciesOriginal post: https://news.ycombinator.com/item?id=45300865&utm_source=wondercraft_ai(08:48): NostrOriginal post: https://news.ycombinator.com/item?id=45298336&utm_source=wondercraft_ai(10:11): Disney+ cancellation page crashes as customers rush to quitOriginal post: https://news.ycombinator.com/item?id=45308558&utm_source=wondercraft_ai(11:34): Internal emails reveal Ticketmaster helped scalpers jack up prices, FTC saysOriginal post: https://news.ycombinator.com/item?id=45305042&utm_source=wondercraft_ai(12:57): Trevor Milton's Nikola case dropped by SEC following Trump pardonOriginal post: https://news.ycombinator.com/item?id=45302220&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

In this episode of Remote Ruby, Andrew and Chris dive into a range of Rails-related updates, development workflows, and tech frustrations, all while preparing for RailsConf and Rails World. Chris dives into the evolution of Ruby Gems toward Python-style wheels and secure precompiled binaries, while Andrew breaks down the value of namespacing and modularization in Rails apps. They also reflect on accessibility, QA, component architecture, and how LLMs are changing the game for solo devs, Plus, a surprise visit from J**** C******adds some comic relief and candid takes on sabbaticals, Rails World, and a podcast competition. Hit download now! LinksJudoscale- Remote Ruby listener giftOn Rails PodcastAndrew's referral link for SnipdRails World 2025Ruby Gems and bundler ReleasesPython WheelsFluxAdam Wathan (YouTube) Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

If you like what you hear, please subscribe, leave us a review and tell a friend!

Episode OverviewMarty Haught joins Robby to discuss the sustainability of open-source projects, the challenges of maintaining RubyGems, and why the metaphor of technical debt may not fully capture how software ages. Instead, he suggests thinking of it as drift—the natural misalignment of software with its evolving purpose over time.They also dig into security challenges in package management, including how Ruby Central worked with Trail of Bits to audit RubyGems. Marty also shares insights on the EU Cyber Resilience Act and how it might affect open-source maintainers worldwide. Finally, they explore how companies can support open-source sustainability through corporate sponsorships and individual contributions.Topics Discussed[00:01:00] The two pillars of maintainable software: good tests and readability.[00:02:40] From Perl to Ruby: How readability changed Marty's approach to programming.[00:07:20] Is technical debt the right metaphor? Why "drift" might be a better fit.[00:11:00] What does it take to maintain RubyGems? Marty's role at Ruby Central.[00:14:00] Security in package management: How RubyGems handles vulnerabilities.[00:16:40] The role of external audits: Partnering with Trail of Bits for security improvements.[00:20:40] EU Cyber Resilience Act: How new regulations might affect open-source projects.[00:26:00] Funding open source: Why corporate sponsorships are becoming essential.[00:33:40] Advocating for technical debt work in teams: How to make a compelling case.[00:38:20] Processes in distributed teams: Balancing structure with flexibility.Key TakeawaysTechnical debt is often misunderstood. The real issue may not be shortcuts taken in the past, but the way software naturally drifts from its original purpose.Security in package management is a growing concern. Open-source ecosystems like RubyGems require continuous investment to remain secure.Open source needs sustainable funding. Relying on volunteers is not a long-term solution—companies need to contribute via corporate sponsorships.Advocating for code improvements requires strategy. Engineers should frame technical debt discussions around business impact, not just code quality.Resources MentionedMarty Haught on LinkedInMarty Haught on TwitterRuby CentralRubyGemsAuditing the Ruby Ecosystem's Central Package Repository – Trail of BitsEU Cyber Resilience Act OverviewWhat the EU's New Software Legislation Means for Developers (GitHub Blog)Ruby Central Open Source Program – Get InvolvedCorporate Sponsors ProgramGive and Take by Adam GrantConnect with MartyLinkedInTwitterBlueSkyThanks to Our Sponsor!Need a smoother way to share your team's inbox? Jelly's got you covered!

In this episode, Jason and Chris welcome back Marty Haught, a long-time leader in the Ruby community, to discuss his history and continued involvement with Ruby Central. Marty shares his journey from joining the Ruby Central board in 2012 to his recent role as interim open source lead. The conversation dives into the origins of RubyGems, the evolution of RailsConf and RubyConf, and the challenges of managing these vital aspects of the Ruby ecosystem. Marty also talks about his plans for sustaining RubyGems' future and the infamous "Marty dinner" tradition at conferences. Hit download now to hear more! Jason Charnes X/Twitter Chris Oliver X/Twitter Andrew Mason X/Twitter

In this episode of Maintainable, our host Robby Russell sits down with Martin Emde, a sage in the Ruby community and the current Director of Open Source at Ruby Central. Together, they weave through the intricacies of maintainable software, legacy code, and the unwavering power of the Ruby ecosystem. Martin, with his wealth of experience, shares tales from the trenches of open-source software development, focusing on RubyGems and Bundler, and how they've evolved to face the challenges of modern software needs.Martin addresses the elephant in the room - complexity in software. He muses on the natural progression of software projects from simplicity to complexity, drawing parallels to the growth of living organisms. It's not about fighting complexity, but embracing it with open arms, ensuring the software remains adaptable and maintainable. This conversation sheds light on the importance of testing, documentation, and community support in navigating the seas of complex software development.Diving deeper, they discuss the essence of technical debt, not as a villain in our stories but as a necessary step in the rapid evolution of technology. Martin's perspective on technical debt as a tool for progress rather than an obstacle is refreshing, encouraging developers to approach their work with more kindness and understanding.The discussion also highlights Ruby Central's pivotal role in nurturing the Ruby community, emphasizing the importance of contributions, whether code, conversation, or financial support. Martin's call to action for developers to engage with open-source projects, to adopt gems in need, and to provide support where possible, is a heartwarming reminder of the collective effort required to sustain the vibrant Ruby ecosystem.For those curious minds eager to dive into the world of Ruby, contribute to its growth, or simply enjoy a captivating discussion on software development, this episode is a delightful journey through the challenges and joys of maintaining open-source software. Don't miss out on the gems of wisdom shared in this episode, and be sure to check out the useful links below for more information on how you can contribute to the Ruby community.Book Recommendation:Project Hail Marry by Andy WeirHelpful Links:BundlerRuby CentralAdopt a GemMartin on GithubMartin's websiteThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and soon, other frameworks. It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications. Keep your coding cool and error-free, one line at a time! Check them out! Subscribe to Maintainable on:Apple PodcastsOvercastSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

Today's episode features a detailed discussion about the upcoming RailsConf 2024, itsprogramming, and significant updates in the Ruby community, particularly regardingRuby Central's contributions. Jason, Chris, and Andrew dive into a conversation withguest, Ufuk Kayserilioglu, Engineering Manager at Shopify's Ruby Infrastructure Team,who recently joined the board of Ruby Central and co-chairs RailsConf 2024. Ufukshares insights on the planned enhancements for the conference to make it morepractical and focused on Rails. He also highlights the formation of the Ruby DeveloperExperience team at Shopify, aimed at improving developer experiences within the Rubyecosystem. The conversation further dives into the financial support for Ruby's opensource projects, such as RubyGems.org and the efforts to sustain and secure Ruby'sinfrastructure. The conversation wraps up with details on RailsConf, an open invitationfor community interaction, and a teaser for special experiences awaiting in-personattendees. Press download now to hear more!Honeybadger Honeybadger is an application health monitoring tool built by developers for developers.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Senior Developer Jenny Shen from Shopify joins me to discuss RubyGems. In this episode, we unravel the intricate mechanics of dependency resolution within RubyGems, exploring topics such as compact indexes and more. Our discussion extends to the paramount issue of security, where we examine the proactive measures undertaken by the RubyGems team to fortify gems for every Ruby programmer.  PubGrub version solving algorithmThe New Rubygems Index Format by Andre ArkoTrusted Publishing on RubyGems.org

Stephanie shares her task of retiring a small, internally-used link-shortening app. She describes the process as both celebratory and a bit mournful. Meanwhile, Joël discusses his deep dive into ActiveRecord, particularly in the context of debugging. He explores the complexities of ActiveRecord querying schemas and the additional latency this introduces. Together, the hosts discuss the nuances of package management systems and their implications for developers. They touch upon the differences between system packages and language packages, sharing personal experiences with tools like Homebrew, RubyGems, and Docker. Transcript: JOËL: Hello and welcome to another episode of The Bike Shed, a weekly podcast from your friends at thoughtbot about developing great software. I'm Joël Quenneville. STEPHANIE: And I'm Stephanie Minn. And together, we're here to share a bit of what we've learned along the way. JOËL: So, Stephanie, what's new in your world? STEPHANIE: So, this week, I got to have some fun working on some internal thoughtbot work. And what I focused on was retiring one of our just, like, small internal self-hosted on Heroku apps in favor of going with a third-party service for this functionality. We basically had a tiny, little app that we used as a link-shortening service. So, if you've ever seen a tbot.io short link out in the world, we were using our just, like, an in-house app to do that, you know, but for various reasons, we wanted to...just it wasn't worth maintaining anymore. So, we wanted to just use a purchased service. But today, I got to just, like, do the little bit of, like, tidying up, you know, in preparation to archive a repo and kind of delete the app from Heroku, and I hadn't done that before. So, it felt a little bit celebratory and a little bit mournful even [laughs] to, you know, retire something like that. And I was pairing with another thoughtbot developer, and we used a pairing app called Tuple. And you can just send, like, fun reactions to each other. Like, you could send, like, a fire emoji [laughs] or something if that's what you're feeling. And so, I sent some, like, confetti when we clicked the, "I understand what deleting this app means on GitHub." But I joked that "Actually, I feel like what I really needed was a, like, a salute kind of like thank you for your service [laughs] type of reaction." JOËL: I love those moments when you're kind of you're hitting those kind of milestone-y moments, and then you get to send a reaction. I should do that more often in Tuple. Those are fun. STEPHANIE: They are fun. There's also a, like, table flip reaction, too, is one that I really enjoy [laughs], you know, you just have to manifest that energy somehow. And then, after we kind of sent out an email to the company saying like, "Oh yeah, we're not using our app anymore for link shortening," someone had a great suggestion to make our archived repo public instead of private. I kind of liked it as a way of, like, memorializing this application and let community members see, you know, real code in a real...the application that we used here at thoughtbot. So, hopefully, if not me, then someone else will be able to do that and maybe publish a little blog post about that. JOËL: That's exciting. So, it's not currently public, the repo, but it might be at some point in the future. STEPHANIE: Yeah, that's right. JOËL: We'll definitely have to mention it on a future episode if that happens so that people following along with the story can go check out the code. STEPHANIE: So, Joël, what's new in your world? JOËL: I've been doing a deep dive into how ActiveRecord works. Particularly, I am debugging some pretty significant slowdowns in querying ActiveRecord models that are backed not by a regular Postgres database but instead a Snowflake data warehouse via an ODBC connection. So, there's a bunch of moving pieces going on here, and it would just take forever to make any queries. And sure, the actual reported query time is longer than for a local Postgres database, but then there's this sort of mystery extra waiting time, and I couldn't figure out why is it taking so much longer than the actual sort of recorded query time. And I started digging into all of this, and it turns out that in addition to executing queries to pull actual data in, ActiveRecord needs to, at various points, query the schema of your data store to pull things like names of tables and what are the indexes and primary keys and things like that. STEPHANIE: Wow. That sounds really cool and something that I have never needed to do before. I'm curious if you noticed...you said that it takes, I guess, longer to query Snowflake than it would a more common Postgres database. Were you noticing this performance slowness locally or on production? JOËL: Both places. So, the nice thing is I can reproduce it locally, and locally, I mean running the Rails app locally. I'm still talking to a remote Snowflake data warehouse, which is fine. I can reproduce that slowness locally, which has made it much easier to experiment and try things. And so, from there, it's really just been a bit of a detective case trying to, I guess, narrow the possibility space and try to understand what are the parts that trigger slowness. So, I'm printing timestamps in different places. I've got different things that get measured. I've not done, like, a profiling tool to generate a flame graph or anything like that. That might have been something cool to try. I just did old-school print statements in a couple of places where I, like, time before, time after, print the delta, and that's gotten me pretty far. STEPHANIE: That's pretty cool. What do you think will be an outcome of this? Because I remember you saying you're digging a little bit into ActiveRecord internals. So, based on, like, what you're exploring, what do you think you could do as a developer to increase some of the performance there? JOËL: I think probably what this ends up being is finding that the Snowflake adapter that I'm using for ActiveRecord maybe has some sort of small bug in it or some implementation that's a little bit too naive that needs to be fine-tuned. And so, probably what ends up happening here is that this finishes as, like, an open-source pull request to the Snowflake Adapter gem. STEPHANIE: Yeah, that's where I thought maybe that might go. And that's pretty cool, too, and to, you know, just be investigating something on your app and being able to make a contribution that it benefits the community. JOËL: And that's what's so great about open source because not only am I able to get the source to go source diving through all of this, because I absolutely need to do that, but also, then if I make a fix, I can push that fix back out to the community, and everybody gets to benefit. STEPHANIE: Cool. Well, that's another thing that I look forward to hearing more on the development of [laughs] later if it pans out that way. JOËL: One thing that has been interesting with this Snowflake work is that there are a lot of moving parts and multiple different packages that I need to install to get this all to work. So, I mentioned that I might be doing a pull request against the Snowflake Adapter for ActiveRecord, but all of this talks through a sort of lower-level technology protocol called ODBC, which is a sort of generic protocol for speaking to data stores, and that actually has two different pieces. I had to install two different packages. There is a sort of low-level executable that I had to install on my local dev machine and that I have to install on our servers. And on my Mac, I'm installing that via Homebrew, which is a system package. And then to get Ruby bindings for that, there is a Ruby gem that I install that allows Ruby code to talk to ODBC, and that's installed via RubyGems or Bundler. And that got me thinking about sort of these two separate ecosystems that I tend to work with every day. We've got sort of the system packages and the, I don't know what you want to call them, language packages maybe, things like RubyGems, but that could also be NPM or whatever your language of choice is, and realizing that we kind of have things split into two different zones, and sometimes we need both and wondering a little bit about why is that difference necessary. STEPHANIE: Yeah, I don't have an answer to that [laughs] question right now, but I can say that that was an area that really tripped me up, I think, when I was first a fledgling developer. And I was really confused about where all of these dependencies were coming from and going through, you know, setting up my first project and being, like, asked to install Postgres on my machine but then also Bundler, which then also installs more dependencies [laughs]. The lines between those ecosystems were not super clear to me. And, you know, even now, like, I find myself really just kind of, like, learning what I need to know to get by [laughs] with my day-to-day work. But I do like what you said about these are kind of the two main layers that you're working with in terms of package management. And it's really helpful to have that knowledge so you can troubleshoot when there is an issue at one or the other. JOËL: And you mentioned Postgres. That's another one that's interesting because there are components in both of those ecosystems. Postgres itself is typically installed via a system package manager, so something like Homebrew on a Mac or apt-get on a Linux machine. But then, if you're interacting with Postgres in a Ruby app, you're probably also installing the pg gem, which are Ruby's bindings for Postgres to allow Ruby to talk to Postgres, and that lives in the package ecosystem on RubyGems. STEPHANIE: Yeah, I've certainly been in the position of, you know, again, as consultants, we oftentimes are also setting up new laptops entirely [laughs] like client laptops and such and bundling and the pg gem is installed. And then at least I have, you know, I have to give thanks to the very clear error message that [laughs] tells me that I don't have Postgres installed on my machine. Because when I mentioned, you know, troubleshooting earlier, I've certainly been in positions where it was really unclear what was going on in terms of the interaction between what I guess we're calling the Ruby package ecosystem and our system level one. JOËL: Especially for things like the pg gem, which need to compile against some existing libraries, those always get interesting where sometimes they'll fail to compile because there's a path to some C compiler that's not set correctly or something like that. For me, typically, that means I need to update the macOS command line tools or the Xcode command line tools; I forget what the name of that package is. And, usually, that does the trick. That might happen if I've upgraded my OS version recently and haven't downloaded the latest version of the command line tools. STEPHANIE: Yeah. Speaking of OS versions, I have a bit of a story to share about using...I've never said this name out loud, but I am pretty sure that it would just be pronounced as wkhtmltopdf [laughs]. For some reason, whenever I see words like that in my brain, I want to, like, make it into a pronounceable thing [laughs]. JOËL: Right, just insert some vowels in there. STEPHANIE: Yeah, wkhtmltopdf [laughs]. Anyway, that was being used in an app to generate PDF invoices or something. It's a pretty old tool. It's a CLI tool, and it's, as far as I can tell, it's been around for a long time but was recently no longer maintained. And so, as I was working on this app, I was running into a bug where that library was causing some issues with the PDF that was generated. So, I had to go down this route of actually finding a Ruby gem that would figure out which package binary to use, you know, based off of my system. And that worked great locally, and I was like, okay, cool, I fixed the issue. And then, once I pushed my change, it turns out that it did not work on CI because CI was running on Ubuntu. And I guess the binary didn't work with the latest version of Ubuntu that was running on CI, so there was just so many incompatibilities there. And I was wanting to fix this bug. But the next step I took was looking into community-provided packages because there just simply weren't any, like, up-to-date binaries that would likely work with these new operating systems. And I kind of stopped at that point because I just wasn't really sure, like, how trustworthy were these community packages. That was an ecosystem I didn't know enough about. In particular, I was having to install some using apt from, you know, just, like, some Linux community. But yeah, I think I normally have a little bit more experience and confidence in terms of the Ruby package ecosystem and can tell, like, what gems are popular, which ones are trustworthy. There are different heuristics I have for evaluating what dependency to pull in. But here I ended up just kind of bailing out of that endeavor because I just didn't have enough time to go down that rabbit hole. JOËL: It is interesting that learning how to evaluate packages is a skill you have to learn that varies from package community to package community. I know that when I used to be very involved with Elm, we would often have people who would come to the Elm community from the JavaScript community who were used to evaluating NPM packages. And one of the metrics that was very popular in the JavaScript community is just stars on GitHub. That's a really important metric. And that wasn't really much of a thing in the Elm community. And so, people would come and be like, "Wait, how do I know which package is good? I don't see any stars on GitHub." And then, it turns out that there are other metrics that people would use. And similarly, you know, in Ruby, there are different ways that you might use to evaluate Ruby gems that may or may not involve stars on GitHub. It might be something entirely different. STEPHANIE: Yeah. Speaking of that, I wanted to plug a website that I have used before called the Ruby Toolbox, and that gives some suggestions for open-source Ruby libraries of various categories. So, if you're looking for, like, a JSON parser, it has some of the more popular ones. If you're looking for, you know, it stores them by category, and I think it is also based on things like stars and forks like that, so that's a good one to know. JOËL: You could probably also look at something like download numbers to see what's popular, although sometimes it's sort of, like, an emergent gem that's more popular. Some of that almost you just need to be a little bit in the community, like, hearing, you know, maybe listening to podcasts like this one, subscribing to Ruby newsletters, going to conferences, things like that, and to realize, okay, maybe, you know, we had sort of an old staple for JSON parsing, but there's a new thing that's twice as fast. And this is sort of becoming the new standard, and the community is shifting towards that. You might not know that just by looking at raw stats. So, there's a human component to it as well. STEPHANIE: Yeah, absolutely. I think an extension of knowing how to evaluate different package systems is this question of like, how much does an average developer need to know about package management? [laughs] JOËL: Yeah, a little bit to a medium amount, and then if you're writing your own packages, you probably need to know a little bit more. But there are some things that are really maybe best left to the maintainers of package managers. Package managers are actually pretty complex pieces of software in terms of all of the dependency management and making sure that when you say, "Oh, I've got Rails, and this other gem, and this other gem, and it's going to find the exact versions of all those gems that play nicely together," that's non-trivial. As a sort of working developer, you don't need to know all of the algorithms or the graph theory or any of that that underlies a package manager to be able to be productive in your career. And even as a package developer, you probably don't need to really know a whole lot of that. STEPHANIE: Yeah, that makes sense. I actually had referred to our internal at thoughtbot here, our kind of, like, expectations for skill levels for developers. And I would say for an average developer, we kind of just expect a basic understanding of these more complex parts of our toolchain, I think, specifically, like, command line tools and package management. And I think I'd mentioned earlier that, for me, it is a very need-to-know basis. And so, yeah, when I was going down that little bit of exploration around why wkhtmltopdf [chuckles] wasn't working [chuckles], it was a bit of a twisty and turning journey where I, you know, wasn't really sure where to go. I was getting very obtuse error messages, and, you know, I had to dive deep into all these forums [laughs] for all the various platforms [laughs] about why libraries weren't working. And I think what I did come away with was that like, oh, like, even though I'm mostly working on my local machine for development, there was some amount of knowledge I needed to have about the systems that my CI and, you know, production servers are running on. The project I was working on happened to have, like, a Docker file for those environments, and, you know, kind of knowing how to configure them to install the packages I needed to install and just knowing a little bit about the different ways of doing that on systems outside of my usual daily workflows. JOËL: And I think that gets back to some of the interesting distinctions between what we might call language packages versus system packages is that language packages more or less work the same across all operating systems. They might have a build step that's slightly different or something like that, but system packages might be pretty different between different operating systems. So, development, for me, is a Mac, and I'm probably installing system packages via something like Homebrew. If I then want that Rails app to run on CI or some Linux server somewhere, I can't use Homebrew to install things there. It's going to be a slightly different package ecosystem. And so, now I need to find something that will install Postgres for Linux, something that will install, I guess, wkhtmltopdf [laughs] for Linux. And so, when I'm building that Docker file, that might be a little bit different for Mac versus for...or I guess when you run a Docker file, you're running a containerized system. So, the goal there is to make this system the same everywhere for everyone. But when you're setting that up, typically, it's more of a Linux-like system. And so running inside the Docker container versus outside on the native Mac might involve a totally different set of packages and a different package tool. As opposed to something like Bundler, you've got your gem file; you bundle install. It doesn't matter if you're on Linux or macOS. STEPHANIE: Yes, I think you're right. I think we kind of answered our own question at the top of the show [laughs] about differences and what do you need to know about them. And I also like how you pointed out, oh yeah, like, Docker is supposed to [laughs], you know, make sure that we're all developing in the same system, essentially. But, you know, sometimes you have different use cases for it. And, yeah, when you were talking about installing an application on your native Mac and using Homebrew, but even, you know, not everyone even uses Homebrew, right? You can install manually [laughs] through whatever official installer that application might provide. So, there's just so many different ways of doing something. And I had the thought that it's too bad that we both [chuckles] develop on Mac because it could be really interesting to get a Linux user's perspective in here. JOËL: You mentioned not installing via Homebrew. A kind of glaring example of that in my personal setup is that I use Postgres.app to manage Postgres on my machine rather than using Homebrew. I've just...over the years, the Homebrew version every time I upgrade my operating system or something, it's just such a pain to update, and I've lost too many hours to it, and Postgres.app just works, and so I've switched to that. Most other things, I'll use the Homebrew version, but Postgres it's now Postgres.app. It's not even a command line install, and it works fine for me. STEPHANIE: Nice. Yeah. That's interesting. That's a good tip. I'll have to look into that next time because I have also certainly had to just install so many [laughs] various versions of Postgres and figure out what's going on with them every time I upgrade my OS. I'm with you, though, in terms of the packages world I'm looking for, it works [laughs]. JOËL: So, you'd mentioned earlier that packages is sort of an area that's a bit of a need-to-know basis for you. Are there, like, particular moments in your career that you remember like, oh, that's the moment where I needed to, like, take some time and learn a little bit of the next level of packages? STEPHANIE: That's a great question. I think the very beginnings of understanding how package versions work when you have multiple projects on your machine; I just remember that being really confusing for me. When I started out, like, you know, as soon as I cloned my second repo [laughs], and was very confused about, like, I'm sure I went through the process of not installing gems using Bundler, and then just having so much chaos [laughs] wrecked in my development environment and, you know, having to ask someone, "I don't understand how this works. Like, why is it saying I have multiple versions of this library or whatever?" JOËL: Have you ever sudo gem installed a gem? STEPHANIE: Oh yeah, I definitely have. I can't [laughs], like, even give a good reason for why I have done it, but I probably was just, like, pulling my hair out, and that's what Stack Overflow told me to do. I don't know if I can recommend that, but it is [chuckles] one thing to do when you just are kind of totally stuck. JOËL: There was a time where I think that that was in the READMEs for most projects. STEPHANIE: Yeah, that's a really good point. JOËL: So, that's probably why a lot of people end up doing that, but then it tends to install it for your system Ruby rather than for...because if you're using something like Rbenv or RVM or ASDF to manage multiple Ruby versions, those end up being what's using or even Homebrew to manage your Ruby. It wouldn't be installing it for those versions of Ruby. It would be installing it for the one that shipped with your Mac. I actually...you know what? I don't even know if Mac still ships with Ruby. It used to. It used to ship with a really old version of Ruby, and so the advice was like, "Hey, every repo tells you to install it with sudo; don't do that. It will mess you up." STEPHANIE: Huh. I think Mac still does ship with Ruby, but don't quote me on that [laughter]. And I think that's really funny that, like, yeah, people were just writing those instructions in READMEs. And I'm glad that we've collectively [laughs] figured out that difference and want to, hopefully, not let other developers fall into that trap [laughs]. Do you have a particular memory or experience when you had to kind of level up your knowledge about the package ecosystem? JOËL: I think one sort of moment where I really had to level up is when I started really needing to understand how install paths worked, especially when you have, let's say, multiple versions of a gem installed because you have different projects. And you want to know, like, how does it know which one it's using? And then you see, oh, there are different paths that point to different directories with the installs. Or when you might have an executable you've installed via Homebrew, and it's like, oh yeah, so I've got this, like, command that I run on my shell, but actually that points to a very particular path, you know, in my Homebrew directory. But maybe it could also point to some, like, pre-installed system binaries or some other custom things I've done. So, there was a time where I had to really learn about how the path shell variable worked on a machine in order to really understand how the packages I installed were sometimes showing up when I invoked a binary and sometimes not. STEPHANIE: Yeah, that is another really great example that I have memories of [laughs] being really frustrated by, especially if...because, you know, we had talked earlier about all the different ways that you can install applications on your system, and you don't always know where they end up [laughs]. JOËL: And this particular memory is tied to debugging Postgres because, you know, you're installing Postgres, and some paths aren't working. Or maybe you try to update Postgres and now it's like, oh, but, like, I'm still loading the wrong one. And why does PSQL not do the thing that I think it does? And so, that forced me to learn a little bit about, like, under the hood, what happens when I type brew install PostgreSQL? And how does that mesh with the way my shell interprets commands and things like that? So, it was maybe a little bit of a painful experience but eye-opening and definitely then led to me, I think, being able to debug my setup much more effectively in the future. STEPHANIE: Yeah. I like that you also pointed out how it was interacting with your shell because that's, like, another can of worms, right? [laughs] In terms of just the complexity of how these things are talking to each other. JOËL: And for those of our listeners who are not familiar with this, there is a shell command that you can use called which, W-H-I-C-H. And you can prefix that in front of another command, and it will tell you the path that it's using for that binary. So, in my case, if I'm looking like, why is this PSQL behaving weirdly or seems to be using the old version, I can type 'which space psql', and it'll say, "Oh, it's going to this path." And I can look at it and be like, oh, it's using my system install of Postgres. It's not using the Homebrew one. Or, oh, maybe it's using the Homebrew install, not my Postgres.app version. I need to, like, tinker with the paths a little bit. So, that has definitely helped me debug my package system more than once. STEPHANIE: Yeah, that's a really good tip. I can recall just totally uninstalling everything [laughs] and reinstalling and fingers crossed it would figure out a route to the right thing [laughs]. JOËL: You know what? That works. It's not the, like, most precise solution but resetting your environment when all else fails it's not a bad solution. So, we've been talking a lot about what it's like to interact with a package ecosystem as developers, as users of packages, but what if you're a package developer? Sometimes, there's a very clear-cut place where to publish, and sometimes it's a little bit grayer. So, I could see, you know, I'm developing a database, and I want that to be on operating systems, probably should be a system-level package rather than a Ruby gem. But what if I'm building some kind of command line tool, and I write it in Ruby because I like writing Ruby? Should I publish that as a gem, or should I publish that as some kind of system package that's installed via Homebrew? Any opinions or heuristics that you would use to choose where to publish on one side or the other? STEPHANIE: As not a package developer [laughs], I can only answer from that point of view. That is interesting because if you publish on a, you know, like, a system repository, then yeah, like, you might get a lot more people using your tool out there because you're not just targeting a specific language's community. But I don't know if I have always enjoyed downloading various things to my system's OS. I think that actually, like, is a bit complicated for me or, like, I try to avoid it if I can because if something can be categorized or, like, containerized in a way that, like, feels right for my mental model, you know, if it's written in Ruby or something really related to things I use Ruby in, it could be nice to have that installed in my, like, systems RubyGems. But I would be really interested to hear if other people have opinions about where they might want to publish a package and what kind of developers they're hoping to find to use their tool. JOËL: I like the heuristic that you mentioned here, the idea of who the audience is because, yeah, as a Ruby developer who already has a Ruby setup, it might be easier for me to install something via a gem. But if I'm not a Ruby developer who wants to use the packages maybe a little bit more generic, you know, let's say, I don't know, it's some sort of command line tool for interacting with GitHub or something like that. And, like, it happens to be written in Ruby, but you don't particularly care about that as a user of this. Maybe you don't have Ruby installed and now you've got to, like, juggle, like, oh, what is RubyGems, and Bundler, and all this stuff? And I've definitely felt that occasionally downloading packages sort of like, oh, this is a Python package. And you're going to need to, like, set up all this stuff. And it's maybe designed for a Python audience. And so, it's like, oh, you're going to set up a virtual environment and all these things. I'm like, I just want your command line tools. I don't want to install a whole language. And so, sometimes there can be some frustration there. STEPHANIE: Yeah, that is very true. Before you even said that, I was like, oh, I've definitely wanted to download a command line tool and be like, first install [laughs] Python. And I'm like, nope, I'm bailing out of this. JOËL: On the other hand, as a developer, it can be a lot harder to write something that's a bit more cross-platform and managing all that. And I've had to deal a little bit with this for thoughtbot's Parity tool, which is a command-line tool for working with Heroku. It allows you to basically run commands on either staging or production by giving you a staging command and a production command for common Heroku CLI tasks, which makes it really nice if you're working and you're having to do some local, some development, some staging, and some production things all from your command line. It initially started as a gem, and we thought, you know what? This is mostly command line, and it's not just Rubyists who use Heroku. Let's try to put this on Homebrew. But then it depends on Ruby because it's written in Ruby. And now we had to make sure that we marked Ruby as a dependency in Homebrew, which meant that Homebrew would then also pull in Ruby as a dependency. And that got a little bit messy. For a while, we even experimented with sort of briefly available technology called Traveling Ruby that allowed you to embed Ruby in your binary, and you could compile against that. That had some drawbacks. So, we ended up rolling that back as well. And eventually, just for maintenance ease, we went back to making this a Ruby gem and saying, "Look, you install it via RubyGems." It does mean that we're targeting more of the Ruby community. It's going to be a little bit harder for other people to install, but it is easier for us to maintain. STEPHANIE: That's really interesting. I didn't know that history about Parity. It's a tool that I have used recently and really enjoyed. But yeah, I think I remember someone having some issues between installing it as a gem and installing it via Homebrew and some conflicts there as well. So, I can also see how trying to decide or maybe going down one path and then realizing, oh, like, maybe we want to try something else is certainly not trivial. JOËL: I think, in me, I have a little bit of the idealist and the pragmatist that fight. The idealist says, "Hey, if it's not, like, aimed for Ruby developers as a, like, you can pull this into your codebase, if it's just command line tools and the fact that it's written in Ruby is an implementation detail, that should be a system package. Do not distribute binaries via RubyGems." That's the idealist in me. The pragmatist says, "Oh, that's a lot of work and not always worth it for both the maintainers and sometimes for the users, and so it's totally okay to ship binaries as RubyGems." STEPHANIE: I was totally thinking that I'm sure that you've been in that position of being a user and trying to download a system package and then seeing it start to download, like, another language. And you're like, wait, what? [laughter] That's not what I want. JOËL: So, you and I have shared some of our heuristics in the way we approach this problem. Now, I'm curious to hear from the audience. What are some heuristics that you use to decide whether your package is better shipped on RubyGems versus, let's say, Homebrew? Or maybe as a user, what do you prefer to consume? STEPHANIE: Yes. And speaking of getting listener feedback, we're also looking for some listener questions. We're hoping to do a bit of a grab-bag episode where we answer your questions. So, if you have anything that you're wanting to hear me and Joël's thoughts on, write us at hosts@bikeshed.fm. JOËL: On that note, shall we wrap up? STEPHANIE: Let's wrap up. Show notes for this episode can be found at bikeshed.fm. JOËL: This show has been produced and edited by Mandy Moore. STEPHANIE: If you enjoyed listening, one really easy way to support the show is to leave us a quick rating or even a review in iTunes. It really helps other folks find the show. JOËL: If you have any feedback for this or any of our other episodes, you can reach us @_bikeshed, or you can reach me @joelquen on Twitter. STEPHANIE: Or reach both of us at hosts@bikeshed.fm via email. JOËL: Thanks so much for listening to The Bike Shed, and we'll see you next week. ALL: Byeeeeeeee!!!!!!! AD: Did you know thoughtbot has a referral program? If you introduce us to someone looking for a design or development partner, we will compensate you if they decide to work with us. More info on our website at: tbot.io/referral. Or you can email us at referrals@thoughtbot.com with any questions.

Today on Elixir Wizards, Wojtek Mach of HexPM and Amal Hussein, engineering leader and former NPM team member, join Owen Bickford to compare notes on package management in Elixir vs. JavaScript. This lively conversation covers everything from best practices for dependency management to API design, SemVer (semantic versioning), and the dark ages of web development before package managers existed. The guests debate philosophical differences between the JavaScript and Elixir communities. They highlight the JavaScript ecosystem's maturity and identify potential areas of improvement, contrasted against Elixir's emphasis on minimal dependencies. Both guests encourage engineers to publish packages, even small ones, as a learning opportunity. Topics discussed in this episode: Leveraging community packages rather than reinventing the wheel Vetting packages carefully before adopting them as dependencies Evaluating security, performance, and bundle size when assessing packages Managing transitive dependencies pulled in by packages Why semantic versioning is difficult to consistently enforce Designing APIs with extensibility and backward compatibility in mind Using tools like deprecations to avoid breaking changes in new releases JavaScript's preference for code reuse over minimization The Elixir community's minimal dependencies and avoidance of tech debt Challenges in early package management, such as global dependency Learning from tools like Ruby Gems and Bundler to improve experience How log files provide visibility into dependency management actions How lock files pin dependency versions for consistency Publishing packages democratizes access and provides learning opportunities Linting to enforce standards and prevent certain bugs Primitive-focused packages provide flexibility over highly opinionated ones Suggestions for improving documentation and guides Benefits of collaboration between programming language communities Links mentioned in this episode: Node.js https://github.com/nodejs npm JavaScript Package Manager  https://github.com/npm JS Party Podcast https://changelog.com/jsparty Dashbit https://dashbit.co/ HexPM Package Manager for Erlang https://hex.pm/ HTTP Client for Elixir https://github.com/wojtekmach/req Ecto Database-Wrapper for Elixir https://github.com/elixir-ecto (Not an ORM) XState Actor-Based State Management for JavaScript https://xstate.js.org/docs/ Supply Chain Protection for JavaScript, Python, and Go  https://socket.dev/ MixAudit https://github.com/mirego/mixaudit NimbleTOTP Library for 2FA https://hexdocs.pm/nimbletotp/NimbleTOTP.html Microsoft Azure https://github.com/Azure Patch Package https://www.npmjs.com/package/patch-package Ruby Bundler to manage Gem dependencies https://github.com/rubygems/bundler npm-shrinkwrap https://docs.npmjs.com/cli/v10/commands/npm-shrinkwrap SemVer Semantic Versioner for NPM https://www.npmjs.com/package/semver Spec-ulation Keynote - Rich Hickey https://www.youtube.com/watch?v=oyLBGkS5ICk Amal's favorite Linter https://eslint.org/ Elixir Mint Functional HTTP Client for Elixir https://github.com/elixir-mint Tailwind Open Source CSS Framework https://tailwindcss.com/ WebauthnComponents https://hex.pm/packages/webauthn_components Special Guests: Amal Hussein and Wojtek Mach.

This week, Samuel Giddins and I discuss life on call as a developer, the upcoming RubyConf,  the pitfalls of online communications, Sam's beginnings as a developer, software supply chain security, and the difference between "amicable" and "amiable."  Sam will be at the Ruby Gems and Bundler open space at RubyConf in San Diego on Monday, November 13th 2023.Samuel Giddins' SiteSamuel Giddins on Hachyderm.ioRubyGems BlogRubyConf

Allen Wyma talks with Ian Ker-Seymer about his work on rb-sys which easily allows you to integrate Ruby with Rust. Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! Twitter: @rustaceanfm Discord: Rustacean Station Github: @rustacean-station Email: hello@rustacean-station.org Timestamps [@00:00] - Guest introduction: Ian Ker-Seymer - Staff Software Engineer at Shopify [@02:04] - The connection between Liquid and Shopify [@06:19] - The nenefits of using WebAssembly [@11:14] - Exploring the languages in Shopify's stack, including Ruby [@14:24] - Rust's practical use cases [@16:44] - How Rust became part of Shopify's stack [@19:14] - Deep dive into rb-sys [@24:17] - RubyGems and Bundler: insights and considerations [@36:41] - Integrating Rust into the stack [@40:52] - Addressing challenges with Windows compilation [@47:46] - Spotlight on rb-sys: why it's worth exploring Credits Intro Theme: Aerocity Audio Editing: Plangora Hosting Infrastructure: Jon Gjengset Show Notes: Plangora Hosts: Allen Wyma

Ruby Central head of open source André Arko talks Bundler, Ruby Gems, supporting the community, and more.André Arko will be speaking at RubyConf 2023 this year Support Bundler/RubyGems open source work via Ruby CentralFollow us on Mastodon: Rooftop Ruby Collin Joel Show art created by JD Davis.

On today's episode of Remote Ruby, the conversation begins with Jason, Chris and Andrew discussing their experiences with podcasting and how they started. Then, the conversation takes a shift to discussing using the latest version of RubyGems in Bundler, the addition of a new feature called, gem exec, that allows for easy running of executables from gems that may or may not be installed, and more about GemX.  Twitter's new algorithm is mentioned, along with someone who leaked Twitter's source code on GitHub. Chris talks about some frustrating experiences with his Rails for Beginner's Course that he's releasing very soon which will be free, and some plans to expand the curriculum. There's a discussion on the challenges of teaching and learning programming, the process of recording tutorials, and Chris shares some tips and tricks for Ruby programming. Ruby is magic, so go make some magic and press download to hear much more! [00:03:18] The guys catch up on what's been happening with work, and Andrew tells us he tried the new gem exec stuff in RubyGems, he explains the new feature, and there's a discussion about the advantages of the new feature and how it works, which ends with a bit of confusion. [00:10:03] Andrew brings up an example and mentions a gem called GemX that people are using.[00:12:09] We hear about a gem Andrew wrote that was printed out a like business card with cool texts in the terminal and how he was inspired by someone in the Node community.[00:14:04] Jason brings up Twitter releasing “The algorithm,” and how someone leaked Twitter's source code on GitHub. [00:17:52] In Chris's world, he tells us how he's been re-recording his Rails for Beginner's Course and his frustrating experience with trying to use Digital Ocean Spaces for image uploading, as well as frustrations with CORS configuration and policy instructions.[00:28:41] Chris and Andrew discuss the challenges of teaching and learning programming, specifically Ruby on Rails. [00:32:15] Chris mentions the upcoming release of a new Rails for Beginner's Course, which will include six hours of Ruby content, and plans to expand the curriculum to include more topics like HTML, CSS, and JavaScript.[00:33:35] Andrew and Chris discuss the process of recording tutorials, which can be time consuming and difficult to balance between explaining concepts and providing practical examples. [00:37:06] Listen here for some tips and tricks from Chris for Ruby programming, including using simple delegator and modules on individual instances of a class. He also talks about a blog post on Thoughtbot and about The Gilded Rose Code Kata. [00:42:28] Jason chimes in saying he's just been writing maintenance task and talks about his struggles with abstractions.Panelists:Jason CharnesChris OliverAndrew MasonSponsor:HoneybadgerLinks:Jason Charnes TwitterChris Oliver TwitterAndrew Mason TwitterGemX GoRails[Experimental] Add gem exec command to run executables from gems that may or may not be installed #6309Evaluating Alternative Decorator Implementations in Ruby (Dan Croak-Thoughtbot)Refactoring: The Gilded Rose-Rubies in the RoughRuby Radar TwitterRuby for All Podcast

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

VIDEO of the Week Crashing Laptop Computers With Janet Jackson RealTek SoC flaw affects many millions of IoT devices 46 Million RPS - requests per second Chrome's 5th 0-Day of 2022 Apple: Not to be left behind... RubyGems to require MFA Closing The Loop: Domain Name Ownership Closing The Loop: Growing in Cybersecurity The Bumblebee Loader We invite you to read our show notes at https://www.grc.com/sn/SN-885-Notes.pdf Hosts: Leo Laporte and Steve Gibson Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT barracuda.com/securitynow Melissa.com/twit

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it's not when you start to think about it. What problems does 2FA solve? How common are these attacks? What are the second and third order effects of mandating 2FA? This episode should have something for everyone on all sides of this discussion to violently disagree with. Show Notes PyPI announcement NPM expired domains Morten Linderud Tweet Congratulations: We Now Have Opinions on Your Open Source Contributions

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues. References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw201

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues. References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw201

Uppföljning/uppvärmning Lite prylfilosoferande, och undrande över Skypes vara och icke vara Grillevlande Poddredigeringsfilosofi Christian starstruck: superspeciell gäst: Jezper Söderlund! Fredrik på skärmoffensiv, i alla fall tillfälligt. Vild diskussion av skärmars placering och fönsterhantering utbryter En kortis om Android auto Ämnen Livet med Tesla, är det enklare och bättre än livet med Polestar? Spoiler: nja Playdate - en mysig liten maskin M1 - vilken trevlig processor det är ändå. Med en utvikning om telefoner, deras datatrafik, och att skilja på jobb och fritid Bloggar, vad ska man egentligen bygga dem på? Quest-rapporten. Det är svårt att komma över användandetröskeln Länkar Jezper En podd om teknik Slashat Sista avsnittet av En podd om teknik Första sista avsnittet av En podd om teknik - uppdelat på massor av avsnitt med start här Första sista avsnittet av En podd om teknik på Youtube Sizeup - app Jezper använder för att placera fönster Mosaic - app Jezper använder för att placera fönster Förra avsnittet Playdate Hades The forgotten city Spelen som följer med Playdate QWOP - löparspelet där du styr benmuskler Zipper - spel av Bennett Foddy, skaparen till QWOP Teenage engineering Playdatehögtalaren med pennfack Johan Flat file-CMS Ruby Ruby gems - Rubys pakethanteringssystem Fredriks bloggmotor Hugo deepedition.com femte.se Bear Panda - Bears nya Markdowneditor Winfs Quest 2 Tales from the galaxy's edge Vanishing Grace - det “Firewatch-aktiga” spelet Lone echo Eleven table tennis Deisim - gudaspelet Ghost giant Moss Vader: Immortal Tetris effect Inside Presentationen om ljuddesignen i Inside Limbo Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-315-en-skarm-som-inte-ar-upplyst-i-ett-land-som-aldrig-ar-ljust.html

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/yanking-rubygems-big-ip-auth-bypass-and-a-priceline-account-takeover.html A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs. [00:01:55] rubygems CVE-2022-29176 explained [00:06:09] Multiple bugs chained to takeover Facebook Accounts which uses Gmail [00:15:16] [curl] curl removes wrong file on error [CVE-2022-27778] [00:18:33] [Priceline] Account takeover via Google OneTap [00:22:14] F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive [00:29:02] The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… [00:30:20] Hunting evasive vulnerabilities The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Where does the word "radio" come from? RubyGems supply chain rip-and-replace bug. A weird, weird, weird, weird, weird GoogleDocs bug. Colonial Pipeline back in the cybersecurity news. What about built-in password managers? Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

[00:03:05] Chris tells us more about the bug he was trying to fix, working on Stripe tax support, Stripe payment element and addresses, and he fills us in on a JavaScript tool that Shopify for formatting addresses in different countries that makes Andrew sweat.[00:07:28] As a follow up from last week's episode, Andrew defines “Posterized.”[00:08:06] The guys chat about WebAssembly stuff.[00:11:49] Andrew talks about playing around with mruby, and Chris tells us about what he did with a Raspberry Pi.[00:16:07] Jason tells us he's been reading the mruby docs and about how you take embedded Ruby and run it.[00:17:34] A previous episode is brought up with guest Terence Lee, where they talked quite a bit about mruby. [00:18:19] Chris brings up Ruby 3.2.0, some of the changes that are happening with it, especially rewriting it in Rust. Also, Ruby will be 30 years old next year! [00:26:04] Andrew tells us about a conversation he had with Drew Bragg recently because he offered to help him with automatic releases on his Ruby Gem, and he explains Release Please.[00:31:12] What does Andrew think about getting PR's on an open source project? [00:33:51] Andrew fills us in on how he used Semantic Commit and Conventional Commit messages everywhere, and a setting they changed in Ruby gems.Panelists:Jason CharnesChris OliverAndrew MasonSponsor:HoneybadgerLinks:Ruby Radar NewsletterRuby Radar TwitterTry Ruby PlaygroundPosterizedmrubyRemote Ruby podcast-Episode 27: Joined by Terence LeeRuby 3.2.0 Preview 1 ReleasedAdd release-please action for releasing to RubyGems #14 Release Please Action-GitHubRelease Please-GitHub

stdout.fm 38번째 로그에서는 RubyGems strong_password 해킹 사건, 소프트웨어 환멸감, Zoom MacOS 클라이언트 등에 대해서 이야기를 나눴습니다. stdout.fm are creating…