5:00 Play Subscribe with or Intro song by Falseta

Episode #342 - February 5th, 2013

9c5541e591a62dd93a2fd2d45b5732dd.jpg?s=18&r=pg&d=http%3a%2f%2fwww.gravatar.com%2favatar%2f8ebf4339f7c8cd73b53d1d1d3eba7c35 Olivier Lacan F9141ae01a35b1a39d349f18efcf1fe0.jpg?s=18&r=pg&d=http%3a%2f%2fwww.gravatar.com%2favatar%2f8ebf4339f7c8cd73b53d1d1d3eba7c35 Jay McGavren

This episode is all about keeping your valuable gems under lock and key: gem signing, gem stockpiling, gem exploits! Also (and less thematic, but not less important) we have Homebrew testing, receiving e-mail with your app, and rails style guides.

Subscribe to our mailing list!

This episode is sponsored by Top Ruby Jobs. Everyone deserves to love their job (and it's probably in Ruby).

  • TopRubyJobs
  • Signing Gems
  • Gem Signing Docs
  • Deployment Dependencies
  • YAML Exploits
  • Homebrew
  • Griddler
  • Styleguide Rails
  • Ruby5

Anatomy of an Exploit Jump to Story

After two highly publicized security vulnerabilities involving YAML and Rails, Richard Schneeman — a ruby developer at Heroku — wrote up an explanation of how exploits happen, and how to report them. He also does a quick recap on how YAML works, how it creates Ruby Objects and how it was used as an attack vector before the vulnerabilities were patched.

July 22nd, 2014

Get your mind in the Gutter, agree that Programming is Not Math, be a RubyCritic, master Vim Plugins for Ruby, review 3 Ways to Create Classes in Ruby, and take a trip to RailsPacific.

July 18th, 2014

Take a peek into your app, think about accessibility, write polyglot web apps, learn Rails, say goodbye to 1.8.7 and 1.9.2 support

July 15th, 2014

In this episode we cover fun with iBeacons and PunchClock, visually starting a Rails app with Prelang, a Ruby Queue Pop method with Timeout, text translations from the command line with Termit and Diving into the Rails request handling.

July 11th, 2014

Time Travel Movies explained in git, a free online book to learn programming, better controllers with adequate_exposure, Avdi's Sinatra testing adventure, Engine Yard's App Server Arena, and the Informant Heroku add-on all in this episode of the Ruby5!