A handful of things that caught my attention this week.
1. The Evolution of Spinel and Roundhouse
Following on from last week’s mention of Matz’s work on Spinel and Sam Ruby’s Roundhouse, there’s been some interesting movement in how these tools are evolving. Sam Ruby has been particularly prolific, sharing more about the influences behind Roundhouse and how it’s borrowing concepts from Prisma ‒ specifically around how they handle type safety and schema definitions. There’s also some healthy discussion over on the Spinel issue tracker about the boundaries of the “metaprogramming-free” subset. It really feels like we’re watching the foundation of a new way to deploy Ruby being built in real-time.
2. Ruby Concurrency: What Actually Happens
Paolino has written a fantastic, deep-dive article into the mechanics of Ruby concurrency. It’s one of those rare technical posts that manages to be thorough without being impenetrable. He walks through exactly what’s happening at the VM level when you use GVL-bound threads versus Ractors, and it’s a great resource for anyone trying to wrap their head around why their “parallel” code might not be behaving quite the way they expected.
This reminded me about another resource I stumbled on some time ago: Working With…. The site has three short ebooks: Working With Unix Processes, Working With TCP Sockets, and Working With Ruby Threads. These ebooks predate Ractors, so those are not covered, but they’re great primers.
3. Hotwire Dev Tools
If you’re doing a lot of work with Turbo and Stimulus, you’ll definitely want to check out this Hotwire dev tools extension. It’s a browser extension that gives you much better visibility into what’s happening with your Hotwire frames and streams. It’s still early days for the project, but it’s already a significant step up from just tailing your logs and hoping for the best. The developer suggested in the Reddit thread that he might be willing to create a Firefox version if he gets enough requests. So I created this issue :)
4. RoughRb … and Malus
Radan Skorić casually dropped a question in the Ruby on Rails Link Slack last week about whether there was a Ruby equivalent to Rough.js ‒ the library for creating those charming, hand-drawn style graphics. This managed to comprehensively nerd-snipe Julik, who promptly built RoughRb to fill the gap. The project itself is lovely, but the conversation it sparked around the process of porting code was even more interesting. Julik used Claude to do the heavy lifting of the initial translation from JavaScript by forcing it to produce text test cases mapping to SVG paths. This led to a deeper meta-discussion about our new reality of AI-assisted engineering.
The “new equilibrium” we’re finding involves using agents unabashedly for the grunt work, but critically, keeping the human firmly on the hook for the result. As Radan astutely noted, the problems don’t come from using AI; they come from incorrectly assessing your risk tolerance. Using an LLM to quickly translate an isolated drawing library is a fantastic use case, whereas “vibing” core application logic is asking for trouble. It’s just a tool, and it doesn’t absolve you of any responsibilities you had previously.
But there is a darker side to this capability, which brings us to Malus. If you haven’t seen it, Malus is a brilliantly biting piece of performance art by Mike Nolan and Dylan Ayrey that also happens to be a fully functional (and apparently profitable) tool. It uses AI to perform a “clean room” clone of open source software, allowing users to effectively launder code to strip away restrictive licenses without technically violating copyright.
As Mike McQuaid of Homebrew pointed out in a 404 Media piece about the tool, this kind of automated clean room reimplementation fundamentally misunderstands what open source is. It treats open source as a static snapshot of code rather than an ongoing relationship of security patches, bug fixes, and accumulated expertise. By stripping all that away, you’re not liberating code ‒ you’re just instantly generating technical debt. Nolan’s stated goal with Malus was to make developers feel the danger of their current position and realise that a license alone doesn’t protect them from being exploited. It’s a sobering reminder that while the barrier to porting libraries has dropped to near zero, the requirement for actual engineering intuition ‒ and community stewardship ‒ hasn’t gone anywhere.
5. From Blocks to Brackets: Teaching Kids to Code
Tom Forsyth shared a thought-provoking post about the journey of teaching kids to code, specifically the awkward transition from block-based environments like Scratch or Snap! to actual typing. There’s this “missing step” between dragging blocks and managing syntax errors that we haven’t quite nailed yet as an industry. It made me ponder what that transition could look like if we had more tools that acted as a bridge ‒ perhaps something that lets you toggle between blocks and text for the same logic until the muscle memory for brackets and semicolons sets in.
Speaking of Snap! … If you read my post a while back about building Logo in DragonRuby, you might recall my goal was to build an environment that captures the immediate feedback of those block languages, but using real Ruby code. I’d been internally calling my project “Snap” ‒ a nod to the snapping turtle, given Logo’s heritage. Clearly, that name is already taken by a very established, very relevant project in the exact same space, which I was somehow totally unaware of. I suppose I need a new name now.
6. The Ongoing Placeholder Domain(s) Saga
The saga of the placeholder domains continues. If you recall from a couple of weeks ago, infosec researcher Mike Sheward registered the domain deleteduser.com and was immediately flooded with sensitive traffic from enterprise systems that had hardcoded it as a generic placeholder. Well, Mike is still at it.
This week, he shared on Mastodon that simply by owning internaluser.com, he was inexplicably granted admin access to a Medicaid filing platform. He was also sent a meeting invite with the text “CONTAINS CONFIDENTIAL MEETING INFORMATION (SEE BELOW). DO NOT FORWARD.”
And he added yet another domain: dev-user.com. This one has given him admin access to a couple of WordPress sites and (non-prod) SaaS applications.
In total, at least 91 orgs are using these placeholder domains, and Mike has informed all of them.
7. Biomimetic Systems
Finally, John Carlos Baez has a fantastic post on Mathstodon about biomimetic systems. He starts by looking at how termite mounds manage complex cooling without any moving parts. In 1996 Mike Pearce designed a building in Harare that was inspired by these mounds and “uses roughly 90% less energy for climate control than a conventional building of comparable size!” He then goes on to explain why this kind of technology is not more widespread. It’s a great thread and definitely worth a read.