Ruby/Rails and its ecosystem continues to prove itself the practical, boring, reliable workhorse option.
My 2c: it is more enjoyable than the Js/Ts ecosystem we have today.
I learned Ruby and Rails through them in the late 2000's; they are still being released as new editions. It has been a while since I bought new books from PragProg, but they used to have a recurring sale of ~40% off around late autumn (thanksgiving?).
[0] https://pragprog.com/titles/ruby5/programming-ruby-3-3-5th-e...
[1] https://pragprog.com/titles/rails8/agile-web-development-wit...
---
I went sniffing around and while I didn't go through all tens of pages, it sure does seem like that's only used for non-Play Store style verification, and thus my assertion seems to stand https://gitlab.com/search?group_id=28397&project_id=36528&se...
This makes it a bit trickier, yeah, though if the developer can get an APK signed with their Play App Signing key, and the app in question is a reproducible build, they can then publish it in F-Droid: https://fdroid.gitlab.io/jekyll-fdroid/docs/Reproducible_Bui...
(and probably they can upload it to their GitHub releases or something so that F-Droid picks it up from there)
In the case of central package managers like rails/npm/cargo/etc., these benefits are very speculative, but there is probably some merit to adopting this approach in distributed ecosystems like go.
> I'll try to get a unicorn 7.x release soon but tests take forever to run on ancient HW and I need to ration releases to keep download counts low in order to stay under the MFA threshold on Rubygems.org
> I don't ever want users viewing me as trustworthy nor liable for anything I do, so no MFA nor sigs from me; just source + docs :>
If I understand correctly - the idea is that the unicorn maintainer does not want to be viewed as trustworthy and is avoiding MFA and signatures because they could build trust that isn't, in this case, wanted.
https://yhbt.net/unicorn-public/20231214230933.M299458@dcvr/
"unicorn is an HTTP server for Rack applications that has done decades of damage to the entire Ruby ecosystem due to its ability to tolerate (and thus encourage) bad code."
Might have something to do with it.
He has only contributed to Ruby via the ruby-core mailing list (he does not use the RubyMine interface which backs ruby-core) and the main Ruby git repo hosted by the Ruby team, never anything on GitHub.
I'm sort of surprised that the RubyGems MFA threshold hasn't been updated (it was 180M total downloads in 2022; my gems combined have > 2.5B downloads, so I was never not going to pass the threshold), but he's under 70M downloads shy and each release gets about 15M downloads or so.
I think that his position is irresponsible in today's threat environment, but given the amount of work that I'm doing for OSS maintenance that's just responding to bloody Dependabot updates…
IFC_LLC•5mo ago
I should have turned to RoR 3 years ago.
infamouscow•5mo ago
ecshafer•5mo ago
IFC_LLC•5mo ago
Funny enough, one of my first articles I've ever written on the internet was about RoR. It's dated 1st of March 2010. Gosh, It's been 15 years. At that moment I used https://rubyforge.org to download RoR, Instant Rails for Windows and Aptana as an IDE. 15 years have gone by, but RoR is here just like PHP is.
So it's getting better and better.
jrochkind1•5mo ago