Mastouille

0 message0 participant0 message aujourd’hui

Rad Web HostingHow to Host Your Own <a href="https://mastodon.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mastodon</a> Server on a <a href="https://mastodon.social/tags/VPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPS</a> (5 Minute Quick-Start Guide) This article provides a guide for how to host your own Mastodon server on a VPS.Running your own Mastodon server on a VPS is an excellent way to enjoy an efficient and secure Mastodon experience. What is Mastodon? Mastodon is a <a href="https://mastodon.social/tags/decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#decentralized</a> social media platform that enables users to post ... Continued 👉 <a href="https://blog.radwebhosting.com/how-to-host-your-own-mastodon-server-on-a-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.radwebhosting.com/how-to-host-your-own-mastodon-server-on-a-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social</a> <a href="https://mastodon.social/tags/rubyonrails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubyonrails</a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a> <a href="https://mastodon.social/tags/activitypub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#activitypub</a> <a href="https://mastodon.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosted</a> <a href="https://mastodon.social/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a> <a href="https://mastodon.social/tags/installguide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#installguide</a>

The New OilMalicious <a href="https://mastodon.thenewoil.org/tags/RubyGems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RubyGems</a> pose as <a href="https://mastodon.thenewoil.org/tags/Fastlane" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fastlane</a> to steal 3Telegram API data<a href="https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

alexanderadamDo everybody a favour and block ruby-doc-dot-org wherever you can.<a href="https://mastodon.social/@jamesbritt/114378671981343723" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@jamesbritt/114378671981343723</a>Use any other <a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ruby</a> documentation site that you like.<a href="https://ruby.social/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a> <a href="https://ruby.social/tags/ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ruby</a> <a href="https://ruby.social/tags/rubygem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygem</a> <a href="https://ruby.social/tags/documentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#documentation</a> <a href="https://ruby.social/tags/rubydoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubydoc</a>

Denis DefreyneRubyGems is down :(<a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ruby</a> <a href="https://ruby.social/tags/RubyGems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RubyGems</a>

postmodernIs there a better way to determine if a gem is installed *and* it's C extensions are properly built? Currently I can only think of `ruby -r nokogiri -e ''`. <a href="https://ruby.social/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a>

postmodernIs there any difference between `gem update already-installed-gem` and `gem install already-installed-gem`? Wondering if I can streamline this installation script that checks if a gem is installed and updates it, or installs it if not. <a href="https://ruby.social/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a>

PhylumWe have identified a nascent <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> campaign targeting <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ruby</a>, <a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#python</a> and <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a> <a href="https://infosec.exchange/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a>.Packages collect information about the host machine before shipping details off to a remote server at `81.70.191.194`.Read below for additional details!<a href="https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/</a><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pypi</a> <a href="https://infosec.exchange/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a>

Caitlin CondonHey <a href="https://infosec.exchange/tags/RubyGems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RubyGems</a> users, we hear the frustration you've expressed to the site maintainers about the persistent <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/SafeBrowsing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SafeBrowsing</a> browser warnings on the metasploit-payloads gem page on rubygems.org. Unfortunately Google hasn't responded to the RubyGems team's plea to talk to a human, despite the fact that Metasploit payloads are basically the textbook definition of security research. <a href="https://fiasco.social/@indirect" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@indirect</a> and the <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Metasploit</a> team have an issue open here to provide a forum for community discussion — please feel free to comment: <a href="https://github.com/rapid7/metasploit-payloads/issues/650" rel="nofollow noopener noreferrer" target="_blank">https://github.com/rapid7/metasploit-payloads/issues/650</a>

postmodernOh wow, I wasn't too far off! Some clown flagged the <a href="https://rubygems.org/gems/metasploit-payloads" rel="nofollow noopener noreferrer" target="_blank">metasploit-payloads gem</a> (which has been available on rubygems.org for ages without issue) and got all of <a href="https://rubygems.org" rel="nofollow noopener noreferrer" target="_blank">https://rubygems.org</a> flagged by the Google Safe Browsing List! <a href="https://ruby.social/@indirect@fiasco.social/110351998871595312" rel="nofollow noopener noreferrer" target="_blank">https://ruby.social/@indirect@fiasco.social/110351998871595312</a>Granted the metasploit-payloads gem has far more exotic payloads which might trigger code scanners, but payloads are useless without an exploit. Absolutely no reason why payloads should be flagged as malicious. <a href="https://infosec.exchange/tags/metasploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#metasploit</a> <a href="https://infosec.exchange/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a>

postmodernGrumble. Somehow <a href="https://rubygems.org/" rel="nofollow noopener noreferrer" target="_blank">https://rubygems.org/</a> got flagged by the Google Safe Browsing List. Yet <a href="https://nmpjs.com" rel="nofollow noopener noreferrer" target="_blank">https://nmpjs.com</a> is somehow perfectly fine, despite constantly hosting typo-squated malware packages. <a href="https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Frubygems.org%2F&hl=en-US" rel="nofollow noopener noreferrer" target="_blank">https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Frubygems.org%2F&hl=en-US</a> <a href="https://infosec.exchange/tags/googlesafebrowsing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#googlesafebrowsing</a> <a href="https://infosec.exchange/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a>

Hans-Christoph Steiner<a href="https://social.librem.one/tags/Decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Decentralized</a> <a href="https://social.librem.one/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#software</a> repository systems like <a href="https://social.librem.one/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://social.librem.one/tags/maven" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#maven</a> <a href="https://social.librem.one/tags/rubygems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubygems</a> <a href="https://social.librem.one/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pypi</a> etc have key issues that make them hard to decentralize properly: solid verification is optional, one repo can override packages from another, and the tooling makes it hard to see which repo was actually used. <a href="https://social.librem.one/tags/MavenCentral" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MavenCentral</a> has additional measures which make it more trustworthy, but if devs add repos, those can still override it. <a href="https://social.librem.one/tags/Gradle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gradle</a> verification helps a lot when using Maven repos but does not solve everything 1/2

ITSec News deutschMit der Umstellung auf Multifaktor-Authentifizierung für die Top-Downloads folgt der Ruby-Paketmanger den Vorbildern npm und PyPI. <a href="https://www.heise.de/news/Paketmanager-RubyGems-org-Multifaktor-Authentifzierung-Pflicht-fuer-Top-Pakete-7222593.html" rel="nofollow noopener noreferrer" target="_blank">Paketmanager RubyGems.org: Multifaktor-Authentifzierung Pflicht für Top-Pakete</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#rubygems