I just bought my ticket, and
I also want to give away a ticket to someone that has never been to any Ruby conferences before to have a first experience. There is another condition, you will write a short blogpost about your experience and if they shoot video testimonials like last year, you will be willing to share how your first Ruby conference went.
If you would like it, reply to this tweet, or DM me and I will do a raffle in a month or so to pick a winner.
https://ruby.social/@friendlyrb/114109696775750644

Who's ready for Friendly.rb '25?

- 🎟️ Tickets available
- 🎤 You may submit your Call for Paper
- 🏔️ Activity announced
- 😱 The first batch of speakers announced
- 💪 Sponsorship opportunities available
- 🎲 Surprises in progress

Adrian prepared an update video with all the details you need to make a decision.

See you in September ✌️

https://friendlyrb.com
https://youtu.be/aeH1O4Txyec

I published more details on our website at goodenoughtesting.com. There, you can see what others are saying about the workshop and explore the articles and news section to understand my plans for it

https://goodenoughtesting.com

When I picked Rails as a new tool to learn over a decade ago, I watched the famous "Build a blog in 15 minutes" video from David.
There is a similar video for Rails 8 now, covering deployment too!

https://www.youtube.com/watch?v=X_Hw9P1iZfQ

New assert helpers, custom autocomplete values for hidden fields and more!
This Week in Rails is out!

https://rubyonrails.org/2024/11/15/this-week-in-rails

Did you know that you can define aliases with Kamal? It is great for often used commands like hopping into a Rails console:

@postmodern Thanks for sharing!

What is a better way to celebrate the release of Rails 8 than watching my Rails World talk about the "State of security in Rails 8"?

https://www.youtube.com/watch?v=Z3DgOix0rIg

Greg talking about OWSAP - Top 10 for Rails Developers
@gregmolnar at #friendlyrb

@gregmolnar inviting us to subscribe to This Week in Rails
#friendlyrb

@joeldrapper
> Because leaving it up to humans to remember never to render a link to a user-supplied hypertext reference is bonkers naive.

I think It isn't naive and keeping humans aware of the importance of security is important. And pointing out a few things where they can shoot themself in the leg helps with that. Many Rails devs already think that they don't need to care about security, the framework handles everything, but that will never be the case.

@joeldrapper Why would ERB protect you from something which is valid according to the HTML specification? "javascript" is a valid URL scheme and the developer should consider that fact when passing user controller value to the href tag.
A CSP is also not a silver bullet. It is easy to misconfigure it which allows it to be bypassed.