Logo

The latest news in the Ruby and Rails community.

Subscribe to our mailing list!

Episode #377

June 11th, 2013

RubyGems paranoia, unexpected chained scopes in Rails 4, Rubberband flamethrowers, Stripe with Rails, and efficient Git pairing.

Stories

Being Paranoid with RubyGems

Fabien Catteau wrote a very interesting post on the discussion board at Gemnasium regarding malicious gems. Fabien goes through a few example scenarios of gems that can exploit your system as soon as you install them, but he also explains how to fetch gems to check them out without installing them. While he admits paranoia isn’t exactly practical, he does offer some recommendations to make the Rubygems infrastructure more secure, for instance by not allowing gems to install native C extensions by default.

Visit site → Permalink

Previous Episodes

Episode #376

Interact with GitHub through Octokit, choosing a European payment gateway, importing and exporting databases with DbSync, pluck values from your tables, using ember-auth with Rails 3 and Authlogic, and field-level access control with Protector all in this episode of Ruby5!

Episode #375

Wiselinks ... Code Smells ... Step by Step Rails ... Wrapping a C library in Ruby ... rack-showme ... ORUCO Streaming

Episode #374

RSpec's New Message Expectation Syntax ... Version Cake ... Login with Amazon ... Sass style guide ... Sass Namespaces ... "Naught" and nice

Episode #373

Confreaks releases all the RailsConf videos, Yehuda extends browsers, JetRockets releases Attrio, and RubyLearning offers a pay-what-you-like training on this episode of Ruby5.

View the archives →

Looking to learn about Ruby? Take a look at the Ruby Path on Code School

This podcast is produced and distributed by Code School. Copyright © 2015 Code School LLC