• Bundler 1.2.4 released - Fixes and speedups, remove unnecessary warning message, but note that you need to install a prerelease version instead of you're trying Ruby 2.0.
• Vocalware - JavaScript/REST Text-to-speech API, now taking beta signups.
• Preview: Vagrant AWS Provider - Coming soon, use the same Vagrant code to provision VirtualBox locally or cloud servers.
• YAML F7U12 - Some of the bad things that can happen when you deserialize arbitrary YAML.
• Firebase Beta is Now Open to All Developers - They promise an automatic scalable real-time backend for your data.
• Haml 4.0 has been released! - Note the version number and check the rele
• ase notes, because there are breaking changes.
Rails Security Monitor by Code Climate - Another response to all the recent security woes.
• Markdown.css - Make your HTML look like text markdown source. Cute but rather pointless.
• Heroku's Ugly Secret - This one is getting a lot of traction with its claims (documented by numbers) that Heroku is horrible for Rails apps these days.

• Comix I/O - Custom editor for xkcd-like comics with HTML markup.
• Did Rails Have a Major Security Flaw Today? - Cute response to the recent spate of upgrades.
• bundler-audit - Utility to check your gemfile for known bad versions.
• Mousetrap-Rails - Javascript keyboard shortcuts in the asset pipeline.

• Haml 4.0.0 - Haml is moving to semantic versioning, and the next version has breaking changes.
• Working With Rails - One of the original Rails community sites is coming back.
• [SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 have been released! - Yes, another round of security patches for Rails. Install them.
• Ruby on Rails Vulnerable to Mass Assignment and SQL Injection - Some details of the latest issue.
• The Ruby Security Newsletter - If you want to know about vulnerabilities across rubyland, you could subscribe to this at $19 per month.
• Avoiding SQL Injection in Rails - The basics, with links to a site that demonstrates all sorts of techniques.
• Twig - Branch management utility for git.
• Hack of the Sexes - Does having a willie make you a better software developer? No. Next question?
• Gemcanary - Looks like the plan here is to keep an eye on gemfiles to locate security issues. Taking beta signups.

Weeks of January 8 - February 10, 2013

• The BestStandardsSupport middleware is obsolete and removed as of 3bccd123.
a712e08e fixes the case of comparing numeric values to string columns, which is a problem with MySQL for the most part.

• Flawless - Trap exceptions and send an email to the responsible developer by using git-blame to find the right person. Python, but I'm sure someone will be along with a Ruby version soon enough.
• Ruby 2.0.0-rc2 is released - The final release candidate.
• 2.0.0.rc.2 Released - Of rubygems, with breaking changes. Probably worth testing if you're hammering on ruby 2.0.
• Postcards from the post-XSS world - A run down on what an attacker can do once they get hold of an XSS vulnerability in your code.
• Rouge - A pure-ruby code highlighter that is compatible with Pygments.
• Sevabot - Bot for Skype with various integrations.

• Rack News - Today's news is a security fix to rack. Upgrade your servers.
• Conditionizr: Javascript utility to detect browser and pixel ratio and conditionally serve JS and CSS files.
• Open Source in your Inbox: Code Triage: Sign up to receive daily open issues that you can work on.
• Securing Rails - Forthcoming ebook from Jeremy McAnally.
• Bootstrap Application Wizard: Bootstrap add-on for multi-step forms.
• Kandan - An open source alternative to HipChat.
• Bootstrap 2.3 released - Last planned release before the mobile-first Bootstrap 3.

• MySQL Madness and Rails - Some implications of the interactions between MySQL and Active Record.
• Better Errors 0.5 - Now with experimental pry support.
• Ruby 1.9.3-p385 is released - Fixing a security issue in RDoc. In most previous versions, if you generate RDoc from a malicious gem and view it in the browser, it can result in malicious JavaScript running when you click a link. So you should either upgrade ruby or upgrade the rdoc gem, and regenerate any documentation, to be safe.
• My Gists - Service to allow tagging and organizing gists.
• Welcome to Topaz - A new Ruby implementation, written in Python. Madness.
• Experience the FulL Versatility of Ruby with RubyMine 5 - New release of JetBrains' Ruby IDE is out.

• Announcing MoSQL - MongoDB to PostgreSQL replication.
• Stately - Symbol font for easy construction of US maps in HTML/CSS. Pretty slick.
• A grab bag of Git tricks - Advanced stuff directed at command-line users.
• Discourse - A new open-source take on a discussion system.
• Wercker - "Continuous delivery made easy", now taking beta signups.

• Exploits found within Core and API - That'd be in the Spree e-commerce code. Upgrade now if you're using it.
• pivotal-slacker - Command-line interface for Pivotal Tracker.
• csv object loading - Looks like using CSV.load in ruby on user-supplied data isn't safe either.
• Meet the New Stack, Same as the Old Stack - A look at some of the choices in building a JavaScript development stack these days.
• Raygun: Hit the Ground Running When You Start Your Next Project - Another opinionated app generator for Rails.
• Gamecrash - learn games programming in one week! - Just in case all the recent security kerfluffle has you ready to jump ship from the web.

Apparently not everyone was busy with sportsball over the weekend.

• Colorsublime - There is apparently no end to color schemes for ST2.
• How can I delete all git branches which are already merged? - A useful tip if you're the cleaning type.
• Publishing your gem - My latest addition to the RubyGems Guides. Corrections/additions welcome.
• Firebug Tips & Tricks - Now organized topically.
• Rails 4, Part 2: What's New in Rails 4 - Engine Yard highlights some significant features.
• Let's figure out a way to start signing RubyGems - Part of an ongoing discussion about gem security.
• Ruby gems are still not safe to use - And another view on the same subject.
• Virtual Tools - Microsoft's latest way of making down level IE available for testing.
• Enabling colors in git command-line interface - We developers do love our colors.
• RMagick 2.13.2 - Looks like RMagick is coming out of hibernation, with a new release that supports the latest Ruby and ImageMagick releases.
• zaru - Filename sanitization utility for Ruby.
• Skeptick - Ruby DSL for building and running ImageMagick commands.
• Ruby Security Document - An official list of things to watch out for.
• GitGutter - Show line-by-line git status in the gutter of ST2.

• How to not rely on Rubygems.org for deployment - Making sure your bundler settings are properly tweaked can minimize the hit.
• Alfred v2 Beta Change Log - Gotta say, the new version of Alfred is really slick.
• Flight - "A lightweight, component-based JavaScript framework from Twitter."
• What The Rails Security Issue Means For Your Startup - A bit alarmist, but useful reading if you haven't thought about consequences to a security exploit before.
• Unsemantic - Extensible CSS grid system that doesn't pretend to be semantic.
• Data Verification - We're not completely out of the woods yet, but the gems being served by rubygems.org are verified uncompromised.
• cloudster - Gem for provisioning an AWS stack.
• Rails is [Fr]agile. Vulnerabilities Will Keep Coming - Don't pass untrusted data to redirect_to either.

For ongoing updates on the rubygems.org situation, see their incident update document on Google Docs.

• Rubygems.org compromised - Yes, it was, by another YAML parsing vulnerability. There's a lot of work going on (including rebuilding the site from scratch) and a lot of speculation. Personally, I wouldn't install any gems (except from trusted sources) until we see a new site and a post-mortem.
• Sublime Text 3 First Look - A few things to know about what's next. Beware that most plugins aren't ported yet.
• jQuery slot machine - CSS 3D - A plugin that you will never actually need.
• Introducing the Firefox OS Boilerplate App - Including some Web Activities, an interesting new notion.

• Is Your Ergonomic Desk Trying to Kill You? - Just what I wanted to read on the day that I started using an under-desk treadmill.
• git-unmerged - Script to show non-common commits between two branches.
• Delorean Ipsum - Yet another cute lorem ipsum generator.
• The New Amazon Elastic Transcoder - Another way to convert media files in the cloud.
• Hello, this is Sequel Pro 1.0 - Official release of this OS X MySQL app.

• [SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! - Yes, another security release. Have fun if you're on down-level Rails.
• Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.3 released - As long as we're on the topic, here's another upgrade you should do
.
• Brython - "Browser Python", just in case you were looking for something to replace JavaScript. Can Bruby be far behind?
• Sublime Text 3 Beta - I look forward to losing some time perusing this in detail.
• MetaBright - Show what you know by answering questions online. Ruby on Rails is one of their topic areas.
• Rails 4 Security for Session Cookies - How to upgrade without invalidating existing sessions.

Weeks of January 21 - January 27, 2013

• af1ef85ad adds support for PostgreSQL range types. The fit between Rails and PostgreSQL just gets better all the time.

• mrd - Gem to run MySQL off a RAM disk on OS/X for faster tests without wear on your SSD.
• CSS Trashman - Online version of CSS-Ratiocinator to generate optimized CSS stylesheets.
• TrackerTracker - Multi-project scrum UI for Pivotal Tracker.
• A Dramatic Reading of "Rails Is Omakase" - Giles Bowkett contributes to the discussion of Rails lack of flexibility.
• RDF.rb 1.0 Release - RubyGem implementing the core RDF concepts, with a lot of add-on notation gems available.
• ./bin/setup - Discussion from Thoughtbot about how they set up new projects.
• Do Not Pass This Way Again - Extensive list of MySQL's edge cases and quirks, with the intent of convincing you to use something else.
• JSON Editor Online - Just what it says, with source code here.
• Screenhero - Collaborative screen sharing (formerly PowWow) that works quite well.
• Inkwell - Gem to add social features (comments, favorites, followers, timelines, etc) to Rails applications.
• PilotSSH - Interesting take on an iPhone SSH application.

• Phusion Passenger 4.0 beta 2: Syscall failure simulation framework, focus on stability - Looks like it's coming right along.
• Building Rich Domain Models in Rails. Separating Persistence. - A new front in the Rails/OO/Pattern wars.
• Dossier - New report engine for Rails applications.
• secureheaders - Gem to apply HTTP security-related headers to all responses.
• RubyMine 5 Beta is Available for Download! - Including RubyMotion support, a CoffeeScript debugger, and more.

• Understand the Favicon - Like pretty much everything else you think you know about web development, it's not that simple.
• The new Rack socket hijacking API - Technical deep dive from Phusion.
• Mutation testing with Mutant - A basic introduction.
• evil.rb - "Don't ever do these.

Server really shouldn't be running around 10 load average.

• Rails 4, Part 1: What's Changed in Rails 4? - A writeup from Engine Yard.
• PartyFoul - Automatically turn Rails exceptions into GitHub issues.
• Open Source Rails Reborn - Application showcase with community input.
• Phusion Passenger 4 Technology Preview: Out-Of-Band-Work - More cool features coming down the pike.
• Inbox Zero for Life - A system using GMail.

• ronin-sql - Ruby DSL for crafting SQL injection strings.
• Maintenance Policy for Ruby on Rails - Worth noting: 3.1 will stop getting non-critical security fixes when 4.0 releases. Ruby 1.8 is coming up on EOL too.
• Postgression - Self-destructing PostgreSQL databases for your testing needs.
• Geeksphone - Firefox OS preview devices are on the horizon.
• mincss - Tool to strip out unused CSS from web pages.
• Announcing Ember! Master Space and Time with JavaScript Book 4 - Another ebook from Noel Rappin.