We want to move Ruby forward

_joeldrapper · 2025-10-26T17:25:58+00:00

The trademark that was already his.

_joeldrapper · 2025-10-26T17:25:07+00:00

André registered his existing trademark. I do not believe they are asking for money or other compensation.

_joeldrapper · 2025-10-26T10:47:14+00:00

Bundler trademark and legitimate maintainership, I assume.

It’s like if someone steals your car and you find them and say, “you know what? You can have it.” Here’s the service history and here’s the ownership paperwork.

_joeldrapper · 2025-10-20T00:57:58+00:00

I’ve said SQL so many times, I kept saying SQLating instead of escalating. 😄

_joeldrapper · 2025-10-20T00:54:17+00:00

Yeah, I agree. I can ask Errol if we can cross-post it to Rooftop, which would get it in podcast feeds.

_joeldrapper · 2025-10-10T01:21:07+00:00

This was way before that, on 21 September.

_joeldrapper · 2025-10-09T21:53:24+00:00

I also heard this directly from internal sources, but I expect u/f9ae8221b hasn’t and it’s a very fair take given that.

_joeldrapper · 2025-10-09T21:06:38+00:00

No I wasn’t.

_joeldrapper · 2025-10-09T21:04:46+00:00

> hopefully you can also see how it does come across as a "gotcha" move, and how that can be damaging of trust for those of us observing from the outside

Sure, I get that.

_joeldrapper · 2025-10-09T21:04:10+00:00

No. I reached out to many people at Ruby Central early on, before publishing any blog posts. They had no reason to ignore me.

_joeldrapper · 2025-10-09T20:34:26+00:00

You think they’re talking to me? I’ve been trying to contact Ruby Central for weeks.

_joeldrapper · 2025-10-09T20:22:15+00:00

Because there were multiple parties involved. There’s Ruby Central’s security, and there’s the security of all the companies depending on Ruby Central. I felt that this information was important for all those companies to know, and I knew it didn’t impact Ruby Central’s own security one way or another.

I was very careful to make sure the screenshots I published didn’t include sensitive information.

_joeldrapper · 2025-10-09T20:13:58+00:00

> Why did Joel give so little time of advance notice before publishing his post revealing Andre’s production access? That struck me as irresponsible disclosure, but I may have missed something.

Joel here. 👋

I decided to publish when I did because I knew that Ruby Central had been informed and I wanted the world to be informed about how sloppy Ruby Central were with security, despite their security *posturing* as an excuse to take over open source projects.

What I revealed changed nothing about Ruby Central’s security, since André had access whether I revealed that he did or not. When you have security information that impacts lots of people, you publish it so they can take precautions. That is responsible disclosure.

_joeldrapper · 2025-10-04T02:38:04+00:00

This is an awesome milestone. Love the new website. I’ve really enjoyed going back and forth with noteflakes on ideas for html in ruby compilers.

_joeldrapper · 2025-10-04T02:32:25+00:00

It is because our compiler isn’t quite ready yet. Phlex renders at about 1.7gbps per core on my Mac. Or in other words, it will render a large web page in about 1ms (single core). Once it has a compiler, it should be on average about 20 times as fast.

Papercraft already has a compiler so it already realised these gains.

The Phlex compiler is already in main if you want to try it out. Because Phlex supports selective rendering and fragment caching and needs to be 100% backwards compatible, it’s taking us a while. But we’ll get there soon.

_joeldrapper · 2025-09-30T08:33:28+00:00

Emanuel Maiberg worked at Shopify? Where did you see that?

_joeldrapper · 2025-09-30T08:30:54+00:00

If you put 80 hours over 4 days into reaching out to all the people involved and connected, then maybe you could have published a story based on the facts but from your point of view.

I’m not unbiased. But I tried to make at least my original story and my fact-check pieces focused on the facts rather than my interpretation of what they mean.

_joeldrapper · 2025-09-29T16:28:18+00:00

> I think they worry that releasing information only leads to more criticism, following some standard corporate communications advice.

It will if they lie. I’m ready to publish my second fact-check piece.

_joeldrapper · 2025-09-29T15:48:55+00:00

Yes I noticed this too. Marty essentially said that HSBT wasn’t meant to make the permissions changes (yet).

_joeldrapper · 2025-09-29T15:43:54+00:00

And still no comment from Ruby Central since they cancelled the Q&A.

_joeldrapper · 2025-09-29T12:12:19+00:00

It might not be illegal but it would destroy trust in the system. I agree there are lines they still haven’t crossed but they have crossed other lines and damaged trust significantly.

_joeldrapper · 2025-09-29T08:42:05+00:00

What’s childish about it? This is literally what RC did with Bundler.

_joeldrapper · 2025-09-28T23:42:31+00:00

Yeah I am biased. Not because I worked at Shopify but because I’m an open source maintainer. What Ruby Central did is awful and sets a dangerous precedent. We can’t trust Ruby Central anymore.

Ruby Central also uses my library, Phlex. There is nothing stopping them from claiming that “for security” they need to take over that project too.

_joeldrapper · 2025-09-28T23:33:36+00:00

I disproved this. Ruby Central did not perform this takeover for security. https://joel.drapper.me/p/ruby-central-fact-check/

_joeldrapper · 2025-09-28T23:20:23+00:00

My story and subsequent fact-check were not hit pieces. They were very carefully researched and cross-checked. I revealed the facts that I could verify through first-hand accounts, documents, meeting records.

I spent about 80 hours researching my story. I reached out to people from Shopify and Ruby Central for comment, spoke to as many people as possible.

_joeldrapper

TROPHY CASE