@bascule @jamesgolick I believe we have different definitions of “looks innocuous”.
-
-
-
@freeatnet@jamesgolick point being, do you read the source code of every gem you use? probably not -
@bascule@freeatnet that's why a private internal company gem server that only we can push to is appealing -
@jamesgolick@freeatnet seems good bro -
@bascule@freeatnet can't tell if you're agreeing or being obnoxious - End of conversation
New conversation -
-
-
@bascule He did a talk at Boulder Ruby awhile back (probably 8 months ago), included that gem as an example :-). -
@jtimberman yeah saw his lightning talk at MWRC last year
End of conversation
New conversation -
-
-
-
@0xabad1dea@jcran I think you're in a different league than the average Rubyist
End of conversation
New conversation -
-
-
@bascule@jamesgolick Not if you are running Windows. -
@williamsjoe@jamesgolick or Node.js!
End of conversation
New conversation -
-
-
@bascule extconf.rb is a major hole. You shouldn't need to run arbitrary code just to run a compiler. -
@postmodern_mod3 what if people put malicious code in their gemspecs? -
@bascule@postmodern_mod3 the attacker will just comp themselves
End of conversation
New conversation -
-
-
@bascule 2. Flood http://rubygems.org with gems that have similar names to popular gems (e.g. replace '_' w/ '-') 3. Profit!!!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule https://www.google.com/search?q=be_truthy+site:rubygems.org … interesting :) should look for Gemfiles with this in itThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.