Blogs



Circuit breakers and Ruby in 2025: don't break your launch—Martian Chronicles, Evil Martians’ team blog
Take a deep dive into what circuit breakers are, why you might need them, and the options you have in Ruby.It’s 4 AM. Your team calls …the app is down. Time to wake up, grab a coffee, and investigate. You uncover a trail of fails: the payment proc...

Marshal madness: A brief history of Ruby deserialization exploits -The Trail of Bits Blog
Documenting the evolution of exploitation techniques serves a crucial purpose in security engineering: it helps us understand not just individual vulnerabilities but the systemic patterns that resist conventional fixes. The story of deserializatio...


Rails CVE-2025-55193 and CVE-2025-24293 | Greg Molnar
We had two news Rails CVE published recently and both of them looks interesting from an exploitation stand point so I wanted to explore what could be achieved with them.
Let’s look into CVE-2025-55193 first. It is an ANSI escape injection vulnera...

Unlocking Ractors: generic instance variables | byroot’s blog
In two previous posts, I explained that one of the big blockers for Ractors’ viability is that while they’re supposed to run fully in parallel, in many cases, they’d perform worse than a single thread because there were numerous codepaths in the R...

Consider Thruster with Puma on Heroku | Island94.org
To briefly catch you up to speed if you haven’t been minutely tracking Ruby on Rails performance errata: the Puma webserver has some mildly surprising behavior with the order in which it processes and prioritizes requests that are pipelined throug...

Achieving Multitenancy in a Rails App Using CurrentAttributes | Hashrocket
While working with a legacy BBj PRO/5 database for a client, we needed to set up a new CMS with multitenancy requirements. We were dealing with a slew of foreign tables representing the PRO/5 data, and each of the tables had a column for designati...