Blog

Thoughts, tutorials, and insights on web development

How RubyGems Protects Us From Supply Chain Attacks (And Why Every Ruby Developer Should Care)
September 1, 20256 min read

What happens behind the scenes during gem install: automated scanning, risk scoring, retroactive scanning, incident response — and why companies should support RubyGems critical infrastructure.

Ruby
RubyGems
Security
Supply Chain
DevSecOps
Blocking Unsafe Code: Security Audits in GitHub Actions
September 1, 20256 min read

Step-by-step guide to integrating bundler-audit, license_finder, and OSV Scanner into CI/CD pipelines — with YAML examples that block deployments until issues are fixed.

GitHub Actions
Ruby
Security
Supply Chain
DevSecOps
Retiring Rack::BodyProxy: Post-Response Hooks with rack.response_finished
September 1, 20253 min read

Why Rack::BodyProxy is fading out, how rack.response_finished delivers accurate post-response hooks with fewer allocations, and a step-by-step migration path for your middleware.

Rack
Rails
Middleware
Performance
Spec
Database Schema Evolution: Safe DB Evolution Principles in Rails
September 1, 202510–12 min read

Forward-only migrations, expand–contract pattern, online DDL, dual-write models, monitoring, and disaster recovery — a practical guide to evolving Rails database schemas without downtime.

Rails
PostgreSQL
Migrations
Zero Downtime
DevOps
Feature Flags (Feature Toggles) in Simple Terms
May 3, 20258 min read

Learn how feature flags work, why they're needed, and how to implement them in your applications. Discover how to enable safe releases, quick rollbacks, A/B testing, and flexible configuration without code changes.

Feature Flags
DevOps
AWS
A/B Testing
Software Development
Keycloak and Identity Federation: A Comprehensive Guide
September 8, 202421 min read

A comprehensive guide to Keycloak and identity federation, covering modern IAM, authentication functions, user experience, and security benefits.

Keycloak
Identity Federation
IAM
Authentication
Security