Security updates for Wednesday
Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wireshark), SUSE (389-ds, ack, agama-web-ui, amazon-ssm-agent, avahi, dpkg, elemental-register, elemental-system-agent, elemental-toolkit, ggml-devel-9500, go1.25, go1.26, kernel, kubernetes1.23, kubernetes1.24, … ⌘ Read more

Ruby Fights Supply-Chain Attacks With Filter Offering ‘Cooldown’ Before Installing New Packages
Most supply-chain attacks using Ruby’s package hosting site “exploit a narrow window,” according to a new blog post form Ruby core maintainer Hiroshi Shibata.

So its packaging-managing Bundler tool now offers a filter that blocks new version until it’s been public “for at least N … ⌘ Read more

Ruby’s Bundler adds a cooldown feature
Version\
4.0.13 of Ruby’s Bundler
package-manager has added\
dependency cooldowns in order to help mitigate the effect of
supply-chain attacks:

Most supply-chain attacks against RubyGems exploit a narrow window:
an account is compromised, a malicious version ships, and any
bundle install in the minutes that follow resolves
str … ⌘ Read more

Ruby on top (AnimanghayoDraws) [Oshi No Ko] ⌘ Read more

Security updates for Thursday
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, glibc, gnutls, kernel, libexif, mysql8.4, postgresql16, postgresql18, python3.14, ruby:3.3, and ruby:4.0), Debian (krb5, roundcube, starlette, unbound, and varnish), Fedora (kernel, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, perl-Imager, poppler, python-uv-build, rrdtool, rust-astral-tokio-tar, rust-astral_async_http … ⌘ Read more

Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libsndfile), Debian (bind9, evince, firefox-esr, openjpeg2, pdns, and rsync), Fedora (erlang-cowlib, evince, expat, firefox, kernel, mingw-expat, mysql8.0, mysql8.4, nss, opencryptoki, pgadmin4, proftpd, python-django5, python-django6, python-dotenv, rsync, rust-nu, rustup, and strongswan), Oracle (nginx, nginx:1.24, ruby, ruby:3.3, and squid), Slackware (bind and rsync), SUSE (buildah, distribution, distributi … ⌘ Read more

Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, libpng, nginx, nginx:1.24, ruby, and ruby:3.3), Debian (gnutls28 and linux-6.1), Fedora (dnsmasq, kernel, keylime-agent-rust, perl-Net-CIDR-Lite, python-pysam, python-urllib3, rust-cargo-vendor-filterer, rust-ingredients, rust-oo7-cli, rust-rpki, rust-sevctl, and rust-tealdeer), Mageia (bind), Oracle (bind, giflib, gimp:2.8, kernel, libpng, rsync, ruby, and vim), Slackware (haveged and mozilla), SUSE (cockpit, dnsmasq, e … ⌘ Read more

Security updates for Friday
Security updates have been issued by AlmaLinux (container-tools:rhel8, fontforge, freerdp, go-toolset:rhel8, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good, kernel, kernel-rt, libtasn1, mariadb:10.11, mysql:8.4, nginx:1.24, openssh, pcs, python-jinja2, python3.9, ruby:3.1, vim, virt:rhel and virt-devel:rhel, and xmlrpc-c), Debian (libyaml-syck-perl and openssh), Fedora (cockpit, crun, dnsdist, doctl, fido-device-onboard, libcgif, libpng12, libpng15, mbedtls, o … ⌘ Read more

Babe Dylan – Ben & I
Thanks to our friend Ruby for putting us on to the coolest new band of 2026 (SO FAR), Babe Dylan. Only bangers from these two so far, with “ Ben & I” being the stellar new single that just dropped last week, and “ Vape Luv” being the undeniable, certified sleeper hit debut single that’s earned the duo those coveted “industry plant” allegations… Continue reading… ⌘ Read more

Myrlyn 1.0 Released For Package Manager GUI Spawned By SUSE’s Hack Week
Myrlyn 1.0 was released today as the package manager GUI developed by SUSE engineers and started out just over one year ago during a SUSE Hack Week event as a SUSE/Qt package manager program not dependent upon YaST or Ruby… ⌘ Read more

Ruby on Rails Creator Says AI Coding Tools Still Can’t Match Most Junior Programmers
AI still can’t produce code as well as most junior programmers he’s worked with, David Heinemeier Hansson, the creator of Ruby on Rails and co-founder of 37 Signals, said on a recent podcast [video link], which is why he continues to write most of his code by hand. Hansson compared AI’s current coding … ⌘ Read more

Ruby 4.0 Released With Ruby Box Experimental Feature, ZJIT Compiler
The past several years we have seen new releases of the Ruby programming language implementation for Christmas (25 December). This year is no different with Ruby 4.0 having been released this morning… ⌘ Read more

Is Ruby Still a ‘Serious’ Programming Language?
Wired published an article by California-based writer/programmer Sheon Han arguing that Ruby “is not a serious programming language.”

Han believes that the world of programming has “moved on”, and “everything Ruby does, another language now does better, leaving it without a distinct niche.

Ruby is easy on the eyes. Its syntax is simple, free of semicolons or brackets. More s … ⌘ Read more

Ruby Rhod energy, feline style ⌘ Read more

Stack Overflow Co-Founder to DHH: You Should be Afraid of Me
Jeff Atwood (co-founder of Stack Overflow & Discourse), appears to make a public threat against Omarchy & Ruby on Rails founder, DHH. ⌘ Read more

New mango variety to hit shelves after years of development
The Ruby Gold mango has been produced in commercial quantities for the first time and sellers say they are sure it will be a winner with consumers. ⌘ Read more

DHH Talks to Lunduke
David Heinemeier Hansson (aka “DHH”, the creator of Ruby on Rails & Omarchy Linux), talks with Lunduke about Linux “selling out”, what a “distro” is, & the attacks from activists within Open Source. ⌘ Read more

Ruby Solved My Problem
Comments ⌘ Read more

When Your Hash Becomes a String: Hunting a Ruby Million-to-One Memory Bug
Comments ⌘ Read more

A Soiree into Symbols in Ruby
Comments ⌘ Read more

Frozen String Literals: Past, Present, Future?
Comments ⌘ Read more

Ruby Stability at Scale
Comments ⌘ Read more

Tag proposal: conflicts
Given that we’ve recently been flooded with posts about conflicts in relation to Ruby Central, DHH, Omarchy, Rust in Linux, and now Freedesktop, can we have a tag for this kind of thing? I accept that it’s important and on topic but I’d like to be able to take a break. ⌘ Read more

Technology for Humans: Conversation with Ruby Central’s executive director, Shan Cureton
Comments ⌘ Read more

Ruby Butler: It’s Time to Rethink RubyGems and Bundler
Comments ⌘ Read more

Some Smalltalk about Ruby Loops
Comments ⌘ Read more

Ruby Central Statement on RubyGems & Bundler [moving to ruby GH namespace]
Comments ⌘ Read more

The Transition of RubyGems Repository Ownership
Comments ⌘ Read more

Ruby Core Takes Ownership of Rubygems and Bundler
Comments ⌘ Read more

The Ruby community has a DHH problem
Comments ⌘ Read more

How View Caching In Rails Works (2020)
Comments ⌘ Read more

Dear Rubyists: Shopify Isn’t Your Enemy
Comments ⌘ Read more

Leftist Activists Demand Removal of Ruby on Rails Founder, DHH
CEO of Shopify calls the activists “divisive clowns” who act in “bad faith”. ⌘ Read more

** Make awk rawk **
A friend online recently replied to something I wrote about awk by saying:

[…] it’s a danged shame [awk] didn’t continue to evolve the way Ruby, Python, PHP have evolved over the decades.

I had exactly this thought while working on my slightly unhinged“lets see if I can implement a basic scheme using awk by writing an assembler and VM in awk,” skwak. Which eventually lead me to start noodling on how to layer in some modern niceties into awk, without breaking awk’s portability.
… ⌘ Read more

@lyse@lyse.isobeef.org @kat@yarn.girlonthemoon.xyz I spent so much time in the past figuring out if something is a dict or a list in YAML, for example.

What are the types in this example?

items:
- part_no:   A4786
  descrip:   Water Bucket (Filled)
  price:     1.47
  quantity:  4
- part_no:   E1628
  descrip:   High Heeled "Ruby" Slippers
  size:      8
  price:     133.7
  quantity:  1

items is a dict containing … a list of two other dicts? Right?

It is quite hard for me to grasp the structure of YAML docs. 😢

The big advantage of YAML (and JSON and TOML) is that it’s much easier to write code for those formats, than it is with XML. json.loads() and you’re done.

Ruby Gem Naming: The Art of Delightful Obscurity
Comments ⌘ Read more

@prologic@twtxt.net interesting that ruby is so low on the list, i find it the easiest to learn! hell i struggle with python more than ruby and i’ve been told that python is like ruby but better lol. maybe it’s just my weird brain!

@movq@www.uninformativ.de help yeah i struggle so hard with this stuff! it’s why wordier languages like ruby come easier to me

One of the nicest things about Go is the language itself, comparing Go to other popular languages in terms of the complexity to learn to be proficient in:

• Go: 25 keywords (Stack Overflow); CSP-style concurrency (goroutines & channels)
  
• Python 2: 30 keywords (TutorialsPoint); GIL-bound threads & multiprocessing (Wikipedia)
  
• Python 3: 35 keywords (Initial Commit); GIL-bound threads, asyncio & multiprocessing (Wikipedia, DEV Community)
  
• Java: 50 keywords (Stack Overflow); threads + java.util.concurrent (Wikipedia)
  
• C++: 82 keywords (Stack Overflow); std::thread, atomics & futures (en.cppreference.com)
  
• JavaScript: 38 keywords (Stack Overflow); single-threaded event loop & async/await, Web Workers (Wikipedia)
  
• Ruby: 42 keywords (Stack Overflow); GIL-bound threads (MRI), fibers & processes (Wikipedia)
  

@lyse@lyse.isobeef.org that’s alright haha! i don’t expect anyone to listen/watch in full or with full attention bc it’s so long lmao

the thing with PHP for me is that i… feel like it hits a kind of simplicity that i can understand? it’s so plain but can be very powerful. i quite like that. as much as i can learn something infinitely more powerful, PHP hits a comfortable thing where i can handle things like backend sqlite DBs AND how a page is rendered, without requiring a complex frontend with its own quirks (like ruby on rails, which as much as i know and love it, can be heavy).

but i totally get you! PHP security is very scary. i’m always worried that i’m messing something up. it’s why the PHP application i’m working on i have dockerized by default for a small but extra layer of protection

i’ll try to not get discouraged tysm for your advice

Demystifying Ruby (2/3): Objects, Objects everywhere
Comments ⌘ Read more

Demystifying Ruby (1/3): It’s all about threads
Comments ⌘ Read more

Zache: A Simple Ruby In-Memory Cache
Comments ⌘ Read more

Coding agent in 94 lines of Ruby
Comments ⌘ Read more

ZJIT has been merged into Ruby
Comments ⌘ Read more

Announcing Ivar: Ruby’s Missing Instance Variable Typo Warnings
Comments ⌘ Read more

Smaller, faster serialization for Ruby apps and beyond
Comments ⌘ Read more

@andros@twtxt.andros.dev@andros@twtxt.andros.dev i know MVC but i don’t know model view view model what does this mean…. i am learning PHP (and a tiny bit of perl scripting) as a mainly ruby girl so mayhaps i am improving but my focus is SERVERS

How We Fell Out of Love with Next.js and Back in Love with Ruby on Rails & Inertia.js - Hardcover Blog
Comments ⌘ Read more

Contributions to ruby/spec by Ruby implementation
Comments ⌘ Read more