Lightnews — Scholar-powered news

Joel Drapper 🇬🇧🇺🇦

@joel.drapper.me

2.1K followers 970 following 2.4K posts

I’m a Ruby/TypeScript/CSS engineer at @plane.com and based in the UK. https://joel.drapper.me I’m building a Ruby/SQLite serverlesslessness framework. I also maintain @phlex.fun. Signal: joeldrapper.01

joel.drapper.me

Posts Media Videos Starter Packs

Pinned

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 13d

My team at Plane is hiring experienced full stack engineers. We use Rails, Postgres, Phlex, Vite, TypeScript and Svelte. I don’t have a full job description yet, but drop me a DM if you want to know more.

1 16 37

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 1h

Another design mistake IMO is significant whitespace. Using schemas also helps with those kinds of problems.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 1h

YAML is weird. And not in a good way

That’s why I maintain Ruby Schema, a collection of config schemas for the Ruby community.

Our i18n schema prevents this boolean problem, helping the YAML LSP show errors.

github.com/yippee-fun/r...

Lucian Ghinda @lucianghinda.com · 4h

Ruby on Rails uses the gem psych to load the YAML files for locales transforming values like Yes/No, yes/no, YES/NO, On/Off, on/off, ON/OFF to be converted to booleans as defined in YAML v1.1

1 1 3

Reposted by Joel Drapper 🇬🇧🇺🇦

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 13d

1 16 37

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 1d

It’s getting very difficult to contort any sort of story that could explain good faith from Ruby Central at this point.

3 17

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 1d

4. It hasn’t explained to the community what kind of pressure it was under to perform this takeover or who were pressuring them.

5. It hasn’t rescheduled the Q&A that was promised to the community.

6. It has refused to come to the table and negotiate with the maintainers and/or community members.

1 2 20

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 1d

As of right now:

1. Ruby Central is *still* in possession of the GitHub organisation and gems that it stole.

2. It hasn’t published any kind of justification for this.

3. It has threatened an ex employee for responsibly disclosing that it left him with root access to live production systems.

1 6 34

Reposted by Joel Drapper 🇬🇧🇺🇦

puppy @duckinator.bsky.social · 3d

What if gem hosts had NPM-like scopes & your Gemfile could be:

source "https://gem.example"
gem "@duckinator/jim"

OR:

gem "https://gem.example/duckinator/jim"

... what if a PoC patch was 25 lines, and a 1-line kludge meant you can test it against a production server?

github.com/gem-coop/gem...

A screenshot of running `bundle install` against various Gemfiles.

It shows that, with my patch, you can use scoped packages similar to what NPM provides, if you're using GitHub Packages.

1 4 24

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

Who would ever contract for Ruby Central in the future after this obvious smear campaign against a former employee?

I’ve never seen a postmortem like it. Incredibly unprofessional.

If I was trying to destroy RC’s reputation to justify a takeover by another org, this is what I’d be doing.

Ufuk Kayserilioglu @ufuk.dev · 5d

We just publicly posted about the Rubygems.org AWS root-access security incident from September 2025, what occurred, what we verified, and the actions we’ve taken to strengthen our security processes.

Ruby Central @rubycentral.org · 5d

Here’s a note from our Executive Director regarding our recent security incident.
rubycentral.org/news/rubygem...

1 18

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

Except the article is not true and you can test it yourself with any LLM.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

Even Qwen 2.5:0.5b (an even smaller 298MB previous-generation model) noticed the "no", despite giving me an overall pretty incoherent sounding answer. What can you expect from a model that‘s smaller than the Slack mac app?

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

Claude, Mistral and ChatGPT got it. Even Qwen 3:0.6b (a tiny 523MB model) *clearly* understands the difference.

1 1

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

We need both. We need LLMs that can follow plain language instructions and we need calculators that can do math.

LLMs are bad a math just like humans are. So we need LLMs to be able to use calculators.

1 1

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

I can’t read that because it’s gated. But this doesn’t make sense. “No” will be statistically significant for any reasonable set of training data. Also you can use any of the big LLM models today and see that they clearly respond to “no”.

3 2

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

It sounds like you’re comparing LLMs to computer programs. But they’re not meant to stand in for computer programs. They’re meant to do work that otherwise has to be done by humans.

Humans also don’t listen and often give bullshit answers. But they can do things traditional computer programs can’t.

2 2

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 3d

Tidewave solves this in theory by running in the browser.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

That makes sense. Even BasicObject.

My personal preference is to produce predicate methods that return either true or false.

But I’m more careful when consuming.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

Agreed. I just think there are several better names for a top type than bool.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

I agree they are, but there is a different sense in which they’re not. There is a set of expectations about and methods I can call on a union of true/false that I can’t call on any object.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

Also, `foo` may be as true as `true` but `!foo` is not necessarily the same as `!true`. There’s something to be said of the expectation that the value is strictly a boolean and will behave like true or false do, even when applying operators like `!@`.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

`:foo` isn’t the unit type `true` though. If you expect your function to return either false or true, you would be surprised if it returns :foo.

bool seems like a strange name for object/any type.

Reposted by Joel Drapper 🇬🇧🇺🇦

Mike Perham :sidekiq: @getajobmike.ruby.social.ap.brid.gy · 4d

Periodic reminder: @rubycentral is smearing Andre in public so they can justify their hostile takeover of the rubygems/rubygems repo after the fact.

An actual community-focused organization would have followed the RFC process which was already in progress.

1 13 30

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

Maybe the fault lies with the guy donating six figures to Ruby Central who decides to withdraw it when they intentionally invite a white supremacist to speak?

This is below you, Irina.

2 6

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 4d

That *IS* a supply chain attack. A malicious maintainer is exactly how XZ was lost to Jia Tan. Kicking all the other maintainers out is a malicious act.

There were agreed rules in place about how maintainers can be added and removed.

Joel Drapper 🇬🇧🇺🇦 @joel.drapper.me · 5d

They do need to make things right first.

Reposted by Joel Drapper 🇬🇧🇺🇦

eric shamow @botmatrix.myatproto.social · 5d

Without regard to the factuality of anything on either side of this, this is ABSOLUTELY the correct on-call response to the scenario André is describing:

"Given Marty’s claims, the sudden permission deletions made no sense. Worried about the possibility of

1/

André Arko @indirect.io · 5d

Ruby Central said some really concerning things today. I don’t think they’re representing the situation accurately. andre.arko.net/2025/10/09/t...

The RubyGems “security incident”

Ruby Central posted an extremely concerning “Incident Response Timeline” today, in which they make a number of exaggerated or purely misleading claims. Here’s my effort to set the record straight. Fir...

andre.arko.net

1 4 14