Hijacking of a Ruby gem

Pawel Wal

We Rubyists tend to sneer at the NPM crowd every time something bad happens to them (remember left-pad? Or event-stream?). No sneers to be heard this week, however, as we learned that strong_password was hijacked on RubyGems and was loading some very nasty code. Read about it and much more below.

Why is my webpack build slow?

By Sam Saccone

You start a webpack project, it builds decently fast, and then – over time – it ever so slowly deteriorates. Now your frontend builds take forever and everyone is miserable. Here’s how to diagnose what contributed to the slowness.

https://samsaccone.com/posts/why-is-my-webpack-build-slow.html/

Seriously, stop using RSA

By Trail of Bits

Crypto is secure, right? Well… not unless use it wrong. Or very wrong – like in the examples mentioned in this article. It’s a bit on the longer side, but we recommend it for anyone doing any crypto work at all, and especially around RSA.

https://blog.trailofbits.com/2019/07/08/fuck-rsa/

A review of the official Dockerfile best practices: good, bad, and insecure

By Itamar Turner-Trauring

We usually go to the docs for a reference on how to do something. Here’s a review of the practices recommended in the Docker documentation, which might not be so great as we think they are upon closer review.

https://pythonspeed.com/articles/official-docker-best-practices/

10 tips for reviewing code you don’t like

By David Lloyd

Hey, we’re not fans of “listicles” either, but this one’s pure gold. Being respectful in your code reviews is a given for some, unobvious for others – and staying respectful when faced with “bad” code is very hard. Here’s some tips on how to make it easier on you, the reviewer – and on the reviewee as well.

https://developers.redhat.com/blog/2019/07/08/10-tips-for-reviewing-code-you-dont-like/

strong_password v0.0.7 rubygem hijacked

By Tute Costa

Our top story of the week, now updated with a response from the gem author. If you haven’t read it, you really should – and if you haven’t yet audited your Gemfile, you really, really should.

https://withatwist.dev/strong-password-rubygem-hijacked.html

Bonus! Let’s see if anyone gets a buzzword bingo: here’s an IoT e-ink Raspberry Pi smart display programmed with Elixir**.** Seriously though, go read about it, it’s very functional.

Read more:

Software Development

Build Future-Proof Web Apps: Insights from The Codest’s Expert Team

Discover how The Codest excels in creating scalable, interactive web applications with cutting-edge technologies, delivering seamless user experiences across all platforms. Learn how our expertise drives digital transformation and business...

THECODEST

Software Development

Top 10 Latvia-Based Software Development Companies

Learn about Latvia's top software development companies and their innovative solutions in our latest article. Discover how these tech leaders can help elevate your business.

thecodest

Enterprise & Scaleups Solutions

Java Software Development Essentials: A Guide to Outsourcing Successfully

Explore this essential guide on successfully outsourcing Java software development to enhance efficiency, access expertise, and drive project success with The Codest.

thecodest

Software Development

The Ultimate Guide to Outsourcing in Poland

The surge in outsourcing in Poland is driven by economic, educational, and technological advancements, fostering IT growth and a business-friendly climate.

TheCodest