Governance, Security Flaws, and AI Tools

This episode of Remote Ruby opens with stories of exhaustion from a sleepless week. Then, Chris, Andrew, and David spend most of the episode unpacking two big themes: trust and governance in open source, and the growing mess of software security and AI-assisted development. They dig into the new Ruby Central write-up on the RubyGems/Bundler fracture and question whether it actually clarifies the path forward, then pivot into the Axios npm compromise, supply-chain risk, and how fragile modern package ecosystems can feel. Then, they go into a wide-ranging discussion on AI coding, bloated production apps, image-performance headaches, CSS/rendering quirks, and why teams may need to rethink APIs, CLIs, MCPs, and markdown-first docs as agent traffic keeps growing. Hit download now to hear more! 

Links

• Judoscale- Remote Ruby listener gift
• RubyGems Fracture Incident Report 
• Bundler has moved to the RubyGems organization (GitHub)
• Mitigating the Axios npm supply chain compromise (Microsoft Security blog) 
• Garry Tan X
• The Missing GitHub Status Page

Honeybadger
Honeybadger is an application health monitoring tool built by developers for developers.

Judoscale
Make your deployments bulletproof with autoscaling that just works.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

• Chris Oliver X/Twitter
• Andrew Mason X/Twitter
• Jason Charnes X/Twitter