by HELLO EVERYONE!!! It’s September 19th 2025 and you are reading the 79th edition of the Codeminer42’s tech news report. Let’s check out what the tech world showed us this week!
Ruby Central’s Attack on RubyGems – by Ellen Dash
BREAKING NEWS! Ellen Dash (@duckinator), a decade-long RubyGems maintainer, resigns from Ruby Central after a hostile takeover from September 9-19, 2025, where Marty Haught unilaterally altered GitHub permissions, added himself as owner, and revoked access for all admins on RubyGems, Bundler, and RubyGems.org. Wow… Check it out!
Goodbye, RubyGems – by André Arko
André Arko announces the disbanding of the RubyGems team, as detailed by teammate Ellen, and wishes luck to those maintaining Ruby’s package management.
Improvements to routing, Active Storage configs, time tracking, and more – by Emmanuel Hayford
Recent updates to Rails include fixes for URL generation in engines mounted at root, generalization of the :rich_text_area Capybara selector, and displaying engine routes in /rails/info/routes. Active Storage now allows full configuration of analyzers and variant processors, and time attribute dirty tracking was improved to handle timezone conversions correctly. Rate limiting options were enhanced to support method names for :by and :with.
Application vs. Database: Where Should Permissions Live? – by Fabien Martinet
The article discusses the debate over whether permissions should be managed at the application level or within the database, using PostgreSQL’s Row Level Security (RLS) as an example. It highlights that application-level checks are prone to errors and inconsistencies, while RLS offers stronger safety and consistency by enforcing permissions at the database level. However, RLS introduces challenges in debugging, performance, and operational workflows, requiring adjustments in development practices. The article also explores trade-offs, such as safety versus transparency check it out!
Java 25 Launch Stream
The Java 25 Launch Stream live event hosted by Oracle’s Java DevRel team on September 16, 2025, celebrating the release of Java 25. It features discussions on new features, changes from Java 21, and future developments, with guests from the JDK team, industry, and community.
ctrl/tinycolor and 40+ NPM Packages Compromised – by StepSecurity
The @ctrl/tinycolor package, with over 2 million weekly downloads, was compromised along with 40+ other NPM packages in a supply chain attack named "Shai-Hulud." The malware self-propagates, harvests cloud credentials using TruffleHog, and establishes persistence via GitHub Actions backdoors. It targets Linux/macOS developers, focusing on AWS, GCP, Azure, and GitHub credentials, and exfiltrates data to public repositories.
Rodauth, meet Hanami – by Tim Riley
The article discusses integrating Rodauth, a lightweight and configurable authentication framework, into a Hanami application. It details the setup process, including configuring Rodauth routes and features like email/password sign-in and account verification. The author highlights Rodauth’s flexibility, allowing customization of URLs, redirects, and UI copy, and explains database preparation and Hanami integration. Check it out!
A postmortem of three recent issues – by Anthropic
Between August and early September, three infrastructure bugs intermittently degraded Claude’s response quality, affecting users across platforms like Amazon Bedrock and Google Cloud’s Vertex AI. The issues included a context window routing error, output corruption, and a miscompilation in the XLA:TPU compiler, with fixes deployed by mid-September. The bugs were challenging to detect due to overlapping symptoms and privacy constraints limiting access to user interactions. Anthropic is improving evaluations, adding continuous monitoring, and enhancing debugging tools to prevent future incidents.
11 System Design Concepts Explained, Simply – by Neo Kim and Dr. Ashish Bamania
The article outlines 11 essential system design concepts, including scalability, throughput, concurrency, and more, crucial for designing systems that handle large-scale operations. It explains techniques like caching, sharding, and load balancing to reduce latency and improve performance. It encourages applying these concepts to understand and improve real-world systems.
Fetch streams are great, but not for measuring upload/download progress – by Jake Archibald
Jake Archibald discusses fetch streams, noting their support for streaming responses in browsers but highlighting their unsuitability for measuring upload or download progress due to inaccuracies, especially with compressed data. He explains that request streams, used for uploads, also fail to accurately measure progress as they track data collection by the courier (fetch) rather than delivery. He suggests using XHR for progress events currently, while mentioning a future API under development by Luke Warlow from Igalia to add progress events to fetch.
PostgreSQL partitioning, logical replication and other Q&A about PostgreSQL Superpowers – by Oskar Dudycz
The article discusses a webinar on PostgreSQL’s advanced features, including partitioning for efficient data storage, logical replication for real-time data streaming, and the use of plugins like Timescale and PostGIS. It addresses unanswered questions from the webinar, focusing on partitioning strategies, such as handling large numbers of partitions and managing "hot" partitions, and details on logical replication using Write-Ahead Log. Examples include SQL commands for creating partitions and managing replication slots, highlighting PostgreSQL’s capabilities for time-series data and change data capture.
How to implement the Outbox pattern in Go and Postgres – by Alex Pliutau
The Outbox pattern addresses inconsistencies in event-driven systems where database updates and message publishing may fail independently, ensuring atomicity by saving messages in an "outbox" table within the same transaction. A background process, called a Message Dispatcher or Relay, periodically publishes these messages to a broker and updates their status, guaranteeing at-least-once delivery. The article provides a Go and Postgres implementation example, including schemas and code for creating orders and processing outbox messages. It also mentions an alternative using Postgres logical replication for lower latency, leveraging the Write-Ahead Log.
—
And that’s all for this week! Wish you all a great weekend and happy coding!
We want to work with you. Check out our Services page!
