Bookmarks

This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope approaches.

In two previous posts, I explained that one of the big blockers for Ractors’ viability is that while they’re supposed to run fully in parallel, in many cases, they’d perform worse than a single thread because there were numerous codepaths in the Ruby virtual machine and runtime that were still protected by the global VM lock.

A detailed analysis of a critical security incident where improper payload parsing in a Shopify webhook handler resulted in complete database deletion, and the lessons learned for preventing similar issues.

Some thoughts after working with React for 10 years.

🚀 Go Faster. Go Typed. Contribute to web-infra-dev/rslint development by creating an account on GitHub.

Rspack launches Rslint, a fast TypeScript-first linter built on typescript-go, joining in on the trend of toolchains creating their own linters.

Porffor can run on Lambda now!

A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.

The framework for building & shipping MCP applications.

The TypeScript MCP framework. Contribute to basementstudio/xmcp development by creating an account on GitHub.

AI Gateway is now generally available, providing a single interface to access hundreds of AI models with transparent pricing and built-in observability.

Automatic, fast, powerful mocking for your stories

The free vibe coding. Contribute to robertpiosik/CodeWebChat development by creating an account on GitHub.

Designed for software engineers, a 100% free and open-source tool for AI-assisted pair programming. With its simple, non-agentic approach, CWC provides unmatched accuracy, speed and cost efficiency. Built by an independent developer for VS Code and its derivatives (Cursor, Windsurf, VSCodium, etc.).

Claude-Flow v2.0.0 Alpha represents a leap in AI-powered development orchestration. Built from the ground up with enterprise-grade architecture, advanced swarm intelligence, and seamless Claude Cod...

Codefather protects your codebase by controlling who can change what. Set authorization levels, lock down files, and enforce your rules—offline via CLI or online with GitHub Actions. - DoneDeal0/co...

DeepWiki provides up-to-date documentation you can talk to, for every repo in the world. Think Deep Research for GitHub - powered by Devin.

Access any file on your computer with ⌘-K in your terminal - mieubrisse/cmdk

Custom subagents to use with Claude Code. Contribute to iannuttall/claude-agents development by creating an account on GitHub.

Background coding agent and real-time web interface - ishaan1013/shadow

I think, at this stage of AI, it is a common courtesy to disclose this. In a perfect world, AI assistance would produce equal or higher quality work than any human. That isn't the world we live...

A Ruby DSL for creating Claude Code hooks. Contribute to gabriel-dehan/claude_hooks development by creating an account on GitHub.

Markdown has become the formatting language of AI. We should make it easier for folks to format any return as markdown.

llms.txt is an emerging standard for making content such as docs available for direct consumption by AIs. We’re proposing a convention to include such content directly in HTML responses.

Hyprnote is an open-source AI notetaker built for compliance and privacy. Take and organize meeting notes entirely on your device with no data leaving your control. Imagine Granola AI, but runs all locally on your device.