Ruby Weekly Issue 764: August 28, 2025

#764 — August 28, 2025

Together with

How RubyGems.org Protects Our Community’s Critical OSS Infrastructure — A look behind the curtain at how security operates at RubyGems.org, sharing a look at how they proactively handle incidents (such as this recent incident), and the day-to-day work undertaken to keep the broader ecosystem safe.

Marty Haught (RubyGems)

Friendship Ended with Rack::BodyProxy — A look into a subtle but important shift in how Rack middleware can hook into the end of a request/response lifecycle, thanks to the response_finished feature, now standardized in Rack 3.

Hartley McGuire

⚓ Tech Debt Dragging You Down? Lighten the Load with Bonsai — Do you want to manage upgrades, patch security issues, and reduce tech debt without halting your team’s feature delivery? 🏋️ Bonsai can do the heavy lifting — fixed-cost, monthly service options for Rails apps with an aging codebase.

🌳 Bonsai by FastRuby.io sponsor

Ruby Central's OSS Changelog for August 2025 — Marty Haught reflects on RubyGems.org’s new funding model, the final RailsConf, and shares some news on recent Bundler and RubyGems developments, including “experimental support for Python-style “wheels””.

Ruby Central Team

IN BRIEF:

37signals explains how it runs its Docker registry on-prem using Harbor. Could be of interest to Kamal users.
Wubular is a new Web-based regex tester (akin to Rubular) but that uses a WebAssembly build of Ruby to make it all work – here's a technical explanation of how it works.
⛰️ This year's Rocky Mountain Ruby takes place in Colorado this October 6-7 and the full schedule is now live.
🇺🇸 The San Francisco Ruby Conference, taking place this November 19-20, also has its beautifully designed schedule up.
The Hanami project is wrapping up its recent sponsorship drive – they're still looking for help but now have enough to fund one day a week of paid maintenance.

Using PicoRuby to Play Famicom / NES Music — This slide deck is entirely in Japanese (plus some Ruby code) but I know the topic will be interesting to those willing to go through it. Essentially Katsuhiko wanted to use Ruby to play NES music on an ESP32 device running PicoRuby. The underlying code, with the README in English, is here.

Katsuhiko Kageyama

Ratcheting to Zero: How Incremental Constraints Eliminate Tech Debt — Is eliminating tech debt always slow? Nope! Ratcheting is a powerful way to renovate legacy systems—watch the video.

Test Double sponsor

📄 The Basics of Creating Rails Plugins – Part of the official Rails docs no longer considered a ‘work in progress.’ Ruby on Rails Guides

📄 Shift+Click Selection for Bulk Actions with Stimulus – “Ever needed a ‘bulk actions’ on a list of resources in your Rails app?” Rails Designer

🛠 Code & Tools

🤫 Introducing Top Secret: A Filter for Sensitive Information — Thoughtbot shows off its latest Ruby library designed to filter sensitive information (e.g. credit card numbers, names, and emails) from any text you provide before you send it off to external APIs, LLMs, or the like. GitHub repo.

Steve Polito (Thoughtbot)

rv: A New Kind of Ruby Management Tool — Pining for the Ruby equivalent of Python’s fantastic uv tool, André and folks from RubyGems and rbenv are creating rv, which aims to be a Ruby version and package manager, all in one. It’s early days, but their goals are exciting. GitHub repo.

André Arko

🤖 Everyone Wants to Use AI in Their Rails Apps: We're Already Doing It — We're always looking for ways to use AI to solve real-world problems. Read how we use it to classify millions of images monthly.

SINAPTIA sponsor

iceberg-ruby: Apache Iceberg for Ruby — A new Apache Iceberg client library. With so many great libraries under his belt, I think Andrew Kane is in the running to be the Sindre Sorhus of Ruby!

Andrew Kane

MiniI18n 1.1: Minimalistic Internationalization for Ruby — Simple, flexible and fast i18n library that uses translations stored in JSON or YAML files. v1.1 changelog.

Marc Anguera Insa

Feedjira 4.0 – A popular library for parsing RSS and Atom feeds (v4.0 changelog).
Typhoeus 1.5 – Wraps libcurl to make fast and reliable HTTP requests.
Signet v0.21 – OAuth 1.0 / OAuth 2.0 implementation from Google.
🤖 OpenAI Ruby 0.20 – Official Ruby SDK for the OpenAI API.
RuboCop v1.80 – Ruby static code analyzer and formatter.
Net::LDAP for Ruby 0.20 – Pure Ruby LDAP client library.
Rodauth 2.40 – Advanced auth framework. (Changelog.)
Koala 3.7 – Client library for various Facebook APIs.

📰 Classifieds

🔎 AppSignal gives Ruby devs the insights they need to fix bugs fast and deploy with confidence. Try it free today, no credit card required.

📢 Elsewhere

A roundup of some other interesting stories from across the broader landscape, in case you've missed them:

Ruby's own David Heinemeier Hansson, a.k.a. DHH, has been building out his own Arch-based Linux distro/setup of sorts and has now released Omarchy 2.0 (here's a 30 minute video tour). It's been very popular with developers on social media recently (including people building new machines entirely for Omarchy) looking to try something away from the Apple/Microsoft hegemony.
Sam Rose has put together a fantastic illustrated introduction to 'Big O' algorithmic complexity notation, along with JavaScript examples. If you've ever wondered what O(1), O(log n), etc. mean, this is a great primer.
A thorough look into Postgres logging techniques for performance optimization.
The WebKit team introduces the CSS random() function, now in Safari Technology Preview, and coming to CSS more generally (in some form or another) later on.