Success! The two duplicates have been removed.
Although, I'm still not convinced that this omniauth-saml advisory needs to exist, since it only references advisories for ruby-saml, which is a dependency. Thoughts?
github.com/github/advis...
Could someone on @securitylab.github.com's GHSA team please look at these PRs to remove duplicate GHSA entries? It's been a week and I'm still waiting.
* github.com/github/advis...
* github.com/github/advis...
Also this one which was contested:
* github.com/github/advis...
#github #ghsa
When is ruby-3.5.0-preview2 scheduled to be released? Apparently the cgi library is going to be partially removed in 3.5.0-preview2, but is still present in 3.5.0-preview1.
bugs.ruby-lang.org/issues/21258
#ruby
Added Ruby 3.4.4 to the ruby-versions database. ruby-install users can now safely upgrade to Ruby 3.4.4.
$ ruby-install -U ruby-3.4.4
www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...
#ruby #ruby_install #rubyinstall
Just added Ruby 3.5.0-preview1 to the ruby-versions database for ruby-install users. You can now safely install Ruby 3.5.0-preview1 and test it.
$ ruby-install -U ruby-3.5.0-preview1
www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...
#ruby #rubyinstall #ruby_install
Added Ruby 3.3.8 to the ruby-versions database for ruby-install users.
$ ruby-install -U ruby-3.3.8
www.ruby-lang.org/en/news/2025...
#ruby #ruby_install #rubyinstall
Added Ruby 3.4.3 to the ruby-versions database for ruby-install users.
$ ruby-install -U ruby-3.4.3
www.ruby-lang.org/en/news/2025...
#ruby #ruby_install #rubyinstall
Where do you (or should you) put the code used for code generation within a library? Obviously cannot put it in `lib/`, because this code is only meant to be used internally to generate the code in `lib/`.
Ronin 2.1.1 and other patch versions have been released!
ronin-rb.dev/blog/2025/02...
#ronin #roninrb #ruby #infosec #securitytools #opensource
hmm, I'll have to look into creating my own feed.
Hashtags > Feeds. The concept of Feeds for a topic on #BlueSky are broken. There's no way to filter out off-topic posts from Feeds and I keep seeing random fan-art accounts show up in the largest CyberSec / InfoSec Feed. If only there was some kind of way to "tag" the posts with relevant keywords...
Er Feeds.
Added Ruby 3.4.2 to the ruby-versions database. It is now safe for ruby-install users to install Ruby 3.4.2.
$ ruby-install -U ruby 3.4.2
www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...
#ruby #ruby_install #rubyinstall
Also a little peeved about how simply mapping a finite set of String values from the DB to a finite set of Symbols is so error prone in ActiveRecord. It should not be this difficult. ಠ_ಠ
Lazy Rails: how do you define String based/backed Enums in ActiveRecord 7.x? Appears that by giving an explicit mapping of Hash{Symbol => String}, this causes an ArgumentError where it incorrectly tries to define the same `enum_value?` method twice.
github.com/ronin-rb/ron...
#activerecord
Is there a way to flag or request that an account be removed from a BlueSky Feed? Just noticed a Sonic the Hedgehog-themed shitpost account in the largest Cyber Security / InfoSec feed. Yay, how about no.
#bluesky
I am still looking for an ERD generating gem that can be used in a gem containing ActiveRecord models. Every single ERD generator assumes you're using it within a proper Rails app with a models/ directory, etc.
Released ruby-install 0.10.1 with a minor fix for homebrew users who also want to compile ruby with jemalloc support.
github.com/postmodern/r...
github.com/postmodern/r...
#ruby #ruby_install #jemalloc #homebrew
Released ruby-install 0.10.0! This release contains many small improvements to usability and better support for building CRuby with jemalloc or YJIT enabled.
$ ruby-install ruby -- --with-jemalloc
$ ruby-install ruby -- --enable-yjit
github.com/postmodern/r...
#ruby #yjit #jemalloc
External being hosted on a different host or in a different environment, possibly by a different cloud provider. I.e. outside of the main app itself.
I assume JWT for authentication? Or is there a Java web service framework also called JWT? :)
I'm curious what other Rubyists/Railists are using for setting up external/backend API servers (aka micro-services or macro-services)? How are you managing authentication between the app and the external API?
#ruby #rails #microservices #macroservices
BlueSky Feature Request: the ability to save or follow searches. It should be easy to monitor certain keywords.
#bluesky #featurerequest
I was going to say dry-rb, but I've definitely found edge-case bugs in it's libraries before (a few are still open). I'm *almost* to zero bugs with ronin-rb, but I'm sure there's probably a few more bugs still lurking in there.
github.com/issues?q=is%...
Metasploit's Exploit API is not the greatest. Checkout ronin-exploits which is simpler and cleaner.
github.com/ronin-rb/ron...
How are people running their tests on GitHub Actions as *non-root* users? I have tests that specifically test when a given directory is writable and not writable. Running the tests as a privileged root user makes *everything* writable and thus breaks some tests.
#githubactions
Finally added Ruby 3.4 to Ronin's CI and am getting bitten by base64 and csv load issues, due to them no longer being "default gems" but now just "bundled gems". Ruby code can still require these files just fine, but Bundler is excluding them. Must we really add these gems to gem's gemspecs?
#ruby
Particularly, I'm looking for technical posts, not "Cyber Security" news about the latest data breach which are the equivalent of tabloid celebrity gossip but for InfoSec.
Ah! That is exactly what I was looking for. Thank you.
Padrino is a different web framework that was originally built on top of Sinatra. I just wish Sinatra had it's own command to generate a simple app directory structure.