This is our first threat intelligence post. Each week, if appropriate, we will aim to share some wider industry news that might impact our clients.
We will be covering; Ruby, JavaScript, Postgres, Heroku, Render, Cloudflare, and Github, as well as wider geo-political points.
Ruby
The Ruby community has never looked more uneasy. No issues that require immediate attention, but worth knowing there is a lot of energy being spent on several topics, and there are a lot of folk disenfrancised with the language.
DHH has went, pardon the pun, off the Rails. The Ruby Community has a DHH Problem explains the core issues with DHH (creator of Rails) making xenophobic claims about London. This has lead to an open letter to remove DHH from Rails via a hard fork.
Ruby, Bundler, and RubyGems are separate entities in the Ruby eco-system, and some recent changes covered well by The Register have opened up some wounds in the community. I would suggesting reading the above article and also Justin Searls’ opinions.
JavaScript
Speaking of people going off the Rails, the CEO of Vercel has been sharing pictures of him and Israeli Prime Minister Benjamin Netanyahu. Droplet Drift covered the issues well.
We would recommend anyone using Vercel consider if their CEO’s actions aligns with their values.
Postgres
Postgres 18 has been released, with some great new features, if those features would benefit your product, it might be worth starting to consider what an upgrade path would look like.
Heroku
Nothing too major to worry about with Heroku this week.
Standard and Performance Tier apps will be using Router 2.0, this is part of Heroku’s efforts to move away from their old routing.
Rails apps now have a Puma-related timeout set by default. If you use Puma and run on Heroku, you should check the 95 seconds is a fair value for your application.
Render
If you care about Render’s IP addresses, you should know they’re adding some new ones, but this will mainly be for if you’re allow-listing based on IP.
Cloudflare
Cloudflare has been going heavy on AI, and recently announced their own cryptocurrency to help with AI driven transactions. This feels like a departure from their core value, worth keeping an eye on.
Something else to keep an eye on is that over the next year Cloudflare will open all features to everyone, I suggest keeping an eye on what you can start to get “for free” if you’re already using Cloudflare.
Github
Github are improving their token management, this is in response to recent NPM supply chain attacks. If you heavily rely on Github tokens, make sure you’re following best practice here.
Wider / Misc notes
People are using SVGs to do email phishing. Hack Read has a good writeup. If you haven’t ran a phishing test in your organisation recently, now might be a good time to update some training.
People are also using Chrome extensions to try and backdoor their way into systems. It might be time to have a review of what extensions you team is allowed in install and are there any that make sense to remove.
About this post
Knowing some of the wider issues within your application’s ecosystem can help you plan for the future and act appropriately.
One of the roles we perform for some of our clients is being that trusted source of knowing some of the wider ecosystem challenges.
For years we have been doing this in various ways. Formal quarterly briefings, ad hoc “heads-up” emails, or silently adjusting the roadmap to accommodate wider context changes.
Since most of our clients share common attributes, we mostly do Ruby development, mostly deploy to a couple of vendors, etc. etc. it makes sense to share this knowledge in one place so that others may benefit from it.
If you’ve found this post useful, but don’t have availability on your team to consider it more, please do get in touch as we might be able to help.
Some disclaimers
This is for general information, and just because we share something doesn’t mean we agree or disagree with it, it just means it is a thing to be aware of.
This post doesn’t claim to be a summary of absolutely everything that has happened, we are human and we will miss things, or forget to write about things we’ve seen.
To our clients
We will never share here something specific to one client, and this doesn’t replace whatever we are currently doing for you, and don’t worry, we are compiling this in our personal time!
What is threat intelligence
Threat intelligence is evidence-based knowledge that provides context, indicators, and action-oriented advice on both existing and emerging threats to your systems.
The point of the intelligence is to help businesses make more informed decisions about their roadmap and future plans.