Ruby

Karafka framework 2.0 announcement 1

Karafka framework 2.0 announcement

I’m thrilled to announce the new and shiny Karafka 2.0. It is an effect of my work of almost four years. For those who wonder what Karafka is, Karafka is a Ruby and Rails multi-threaded efficient Kafka processing framework. Karafka 2.0 is a major rewrite that brings many new things to the table but removes …

Karafka framework 2.0 announcement Read More »

Reduce your method calls by 99.9% by replacing Thread#pass with Queue#pop 8

Reduce your method calls by 99.9% by replacing Thread#pass with Queue#pop

When doing multi-threaded work in Ruby, there are a couple of ways to control the execution flow within a given thread. In this article, I will be looking at Thread#pass and Queue#pop and how understanding each of them can help you drastically optimize your applications. Thread#pass – what it is and how does it work …

Reduce your method calls by 99.9% by replacing Thread#pass with Queue#pop Read More »

Controlling Elgato Key Light under Ubuntu with Ruby

Recently I’ve acquired Elgato Key Light. It is a WiFi controllable LED lighting panel. The panel uses 160 LEDs to provide up to 2800 lumens of brightness and a color range of 2900-7000K. While you can control it from a mobile device, doing it directly from the shell makes the whole experience way more convenient. …

Controlling Elgato Key Light under Ubuntu with Ruby Read More »

Reading the uncompressed GZIP file size in Ruby without decompression

There are cases where you have a compressed GZIP file for which you want to determine the uncompressed data size without having to extract it. For example, if you work with large text-based documents, you can either display their content directly in the browser or share it as a file upon request depending on the …

Reading the uncompressed GZIP file size in Ruby without decompression Read More »

RubyGems dependency confusion attack side of things

Note: This article is not to deprecate any of the findings and achievements of Alex Birsan. He did great work exploiting specific vulnerabilities and patterns. It is to present the RubyGems side of the story and to reassure you. We actively work to provide a healthy and safe ecosystem for our users. After reading the …

RubyGems dependency confusion attack side of things Read More »

How requiring a gem can mess up your already running application

Introduction Ruby’s dynamic nature is both its advantage and disadvantage. Being able to reopen system classes during runtime, while useful, can also lead to unexpected behaviors. This article presents one such case: how just requiring a gem can mess things up in a completely different area of the application. The bizzare error Recently, after connecting …

How requiring a gem can mess up your already running application Read More »

RubyGems Bitcoin Stealing Malware postmortem 19

RubyGems Bitcoin Stealing Malware postmortem

Introduction On the 7th and 13th of December, there were two malicious packages uploaded to RubyGems. Here’s the postmortem and analysis of the packages’ content. Diffend.io platform that I run closely cooperates with the RubyGems team, providing immediate insights into any gems that have “weird” characteristics. Thanks to that, the gems were yanked relatively fast. …

RubyGems Bitcoin Stealing Malware postmortem Read More »

The hidden cost of a Ruby threads leakage 21

The hidden cost of a Ruby threads leakage

Bug hunting Recently I’ve been working with one small application that would gradually become slower and slower. While there were many reasons for it to happen, I found one of them interesting. To give you a bit of context: the application was a simple single topic legacy Kafka consumer. I rewrote it to Karafka, and …

The hidden cost of a Ruby threads leakage Read More »

Diffend – OSS supply chain security and management platform for Ruby 24

Diffend – OSS supply chain security and management platform for Ruby

I’m incredibly excited to announce a security platform for managing Ruby gems dependencies: diffend.io. This platform is a result of my involvement in Ruby security matters for years. It all started in early 2018 with a tool to review gems versions diffs. While working on it, I’ve noticed that there’s much more that needs to …

Diffend – OSS supply chain security and management platform for Ruby Read More »

Building a Ractor based logger that will work with non-Ractor compatible code

Recently Mike Perham shared a tweet with this comment and a code sample on the Ruby 3.0 Ractors. If this code doesn’t work, how could Rails ever work? Ractor seems fundamentally incompatible with many heavily-used Rails APIs. require ‘logger’ class Rails def self.logger @logger ||= Logger.new(STDOUT) end end Ractor.new do Rails.logger.info “Hello” end.take During the …

Building a Ractor based logger that will work with non-Ractor compatible code Read More »