RubyFlow : The Ruby Community Blog

Home   Submit   Sign Up   Log In   leaders   Twitter   RSS Feed  

vasinov — 11 posts

I'm excited to announce Security Watch—a security leaderboard of open source Ruby projects on GitHub.

Security Watch lets you quickly look at the most popular open source projects on GitHub to see if any of them have potential CVE or code vulnerabilities. The goal of the project is to raise security awareness in the Ruby world.
I just published an article that covers open source security libraries, web services, and reads that any developer should consider before implementing their next Ruby app.
Hakiri now supports open source projects completely for free. You can test your Ruby code and gems against public vulnerabilities and static code analysis.
I just launched Ruby Facets—a simple tool for analyzing your Gemfile.lock. Simply upload the lock file and see if any of your gems have CVE vulnerabilities in them.
I just published an article on Rails login security. It describes a login flow that uses CAPTCHA in a combination with the Devise lockable module to deliver a painless yet secure sign in experience for your users.
Remember January 2013? A major vulnerability was found in Rails and the whole community got riled up: blog posts, rushed security audits, impromptu email alerts… No one really expected it in the Rails world because Rails was considered so “secure.” Then a new disaster came: RubyGems—the heart of any Ruby project—was compromised; several companies started to consider migrating their projects to Python or Java. This was clearly a serious problem...

I think there is a better way to handle security and here is a high level article about it.
I just released a CLI tool for Rails developers that allows them to quickly check for CVE vulnerabilities in their web stacks.
I just launched Hakiri—a web app that gives you peace of mind about your web projects' security. Just select versions of technologies that you use in your projects and Hakiri will notify you via email when new vulnerabilities are discovered so you can update quickly.

Hakiri currently supports a limited set of technologies like Ruby/Rails, Postgres, Java, etc. I plan to add more soon.
Almanac 0.9 Is Out
I just released an update for Almanac mountable blog engine. Version 0.9 includes a bunch of bug fixes as well as Disqus commenting support. Give it a try!
I just published an article on Machine Learning in Ruby. It uses the JRuby Mahout gem to show how to create a simple recommendation engine.
I just pushed the first public version of Jruby Mahout gem.

Jruby Mahout is a gem that unleashes the power of Apache Mahout in the world of Jruby. Mahout is a superior machine learning library written in Java. It deals with recommendations, clustering and classification machine learning problems at scale. Until now it was difficult to use it in Ruby projects.