Governance, Security Flaws, and AI Tools
This episode of Remote Ruby opens with stories of exhaustion from a sleepless week. Then, Chris, Andrew, and David spend most of the episode unpacking two big themes: trust and governance in open source, and the growing mess of software security and AI-assisted development. They dig into the new Ruby Central write-up on the RubyGems/Bundler fracture and question whether it actually clarifies the path forward, then pivot into the Axios npm compromise, supply-chain risk, and how fragile modern package ecosystems can feel. Then, they go into a wide-ranging discussion on AI coding, bloated production apps, image-performance headaches, CSS/rendering quirks, and why teams may need to rethink APIs, CLIs, MCPs, and markdown-first docs as agent traffic keeps growing. Hit download now to hear more! Links Judoscale- Remote Ruby listener gift RubyGems Fracture Incident Report Bundler has moved to the RubyGems organization (GitHub) Mitigating the Axios npm supply chain compromise (Microsoft Security blog) Garry Tan X The Missing GitHub Status Page Honeybadger Honeybadger is an application health monitoring tool built by developers for developers. Judoscale Make your deployments bulletproof with autoscaling that just works. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter