The latest news in the Ruby and Rails community.

Subscribe to our mailing list!

Episode #342

February 5th, 2013

This episode is all about keeping your valuable gems under lock and key: gem signing, gem stockpiling, gem exploits! Also (and less thematic, but not less important) ...

Stories

Anatomy of an Exploit

After two highly publicized security vulnerabilities involving YAML and Rails, Richard Schneeman — a ruby developer at Heroku — wrote up an explanation of how exploits happen, and how to report them. He also does a quick recap on how YAML works, how it creates Ruby Objects and how it was used as an attack vector before the vulnerabilities were patched.

Visit site → Permalink

Previous Episodes

Episode #341

Hold on to your butts! RubyGems got pwned. What else is going on this half of this week? Well, a new way to interrogate your arrays, some wise words about random numbers in Ruby, a multi-line memoization technique, asynchronous requests with Thin, and oh, by the way, your CSS is garbage.

Episode #340

Devise security, secure cookie security, JSON Parser security.. do you see a theme? Then there's Mutant, Von, Garelic, Dossier, Split, Inkwell, Social Stream, Faster Rails, and Rails resources.

Episode #339

PartyFoul gem opens GitHub issues for Rails exceptions … GitHub code search improvements … Curly template language … Rails path matching with JavaScript … Twitter’s SecureHeaders gems … Custom RSpec example groups … punch and pie.

Episode #338

Stretch your ElasticSearch, Profile your Ruby Threads, Sort your Nested Trees, Ruby in JavaScript, SoundCloud from Terminal while graphing your Hubtime.

View the archives →

Looking to learn about Ruby? Take a look at the Ruby Path on Code School

This podcast is produced and distributed by Code School. Copyright © 2015 Code School LLC