Mike Dalessio

Congratulations!

YouTube video by Yusuke Endoh Rotating Rigid Body Simulation -- IOCCC 2024 "Solid Body Physics"

I won IOCCC 2024! Here's a 2.5 KB rigid body simulator written in C.

It can simulate the Tippe Top, a top that flips while spinning.

www.youtube.com/watch?v=stPH...

De La Soul's "3 Feet High and Rising" album cover and disc

YouTube video by Ruby Central RailsConf 2025 The Keynote of Keynotes by Aji Slater

Turnaround in record time, the Railsconf 2025 talks have been published! If you missed my keynote in person: here’s your opportunity. Now excuse me while I go binge all the talks I missed. www.youtube.com/watch?v=T-lq...

Rubyists! Here's my Ruby Friend profile, hit me up!

rubyfriends.app/profiles/HVCB

#ruby #rubyfriends

Thank you!

The Supreme Court derives its power from its legitimacy. It earns its legitimacy by explaining its decisions. The endless stream of wholly unexplained orders in favor of the Trump administration is not just indefensible—it's a threat to the court's own long-term power. This reeks of illegitimacy.

thinking about the dems who said we can't abolish ICE as the Department of Education gets wiped off the map

well now I'm going to also call you "Sunshine" 😆

What's the AI oriented Programming language or syntax? Ruby core team will consider that for Ruby 4.0.

We ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers.

The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.

My favorite piece of SQLite trivia is that if you declare a column type to be "floating point" it will end up as an integer.

When I showed @yahonda.bsky.social the docs, he asked "Is that a joke?" and honestly I still don't know the answer! 😅

www.sqlite.org/datatype3.html

I'm blown away by how much code Marco has written in the last year. A complex parser, a linter, a language server, and documentation to go with it all. Does Marco sleep? Is he even human?

so me and @scumbelievable.bsky.social have this term Asimoving for when you’re at some kind of fun enriching valuable IRL experience but you’re just grumpy and wishing you were writing

Over 2,000 senior staff set to leave NASA under agency push The losses could endanger the administration’s plans for landing astronauts on the moon and Mars.

ALL CAPS

THIS IS CATASTROPHIC FOR SPACE SCIENCE AND ASTROPHYSICS ...

GLOBALLY CATASTROPHIC, NOT JUST FOR AMERICANS 🔭🧪

www.politico.com/news/2025/07...

Hundreds of people gathered around computers and round tables, working.

Hundreds of rails devs hacking at #railsconf.

Inspiring!

#railsconf #railsconf2025

I don't mean to be dramatic, I'm not seeing CVEs being filed willy-nilly against my projects. But I am seeing the sharp uptick of security reports, and I am anxious that this will start to overflow into CVE creation as the human checks on CVEs become saturated and overwhelmed.

Well at this point I've started to convince myself that the CVE process is becoming a DDOS attack against maintainer productivity. It's easy to automatically create new reports, but responding and/or disputing them requires real human time. It's awful and easily weaponized.

Thank you for coming to my TED talk

If you use any type of security scanning product like black duck or snyk or tidelift, they're also pulling CVEs from NVD, and so those are even more bad alerts.

So yeah, it's only a problem for systems that accept the bad report, except that that's EVERYBODY who cares about security

And maybe it's not a big deal for some projects, but Nokogiri has literally millions of projects that depend on it.

github.com/sparklemotio...

And every step of the way, people will be asking me "what version is this fixed in?" when there is nothing to be fixed in the first place. Then everybody has to explicitly ignore the alert.

It creates noise in an environment where the signal-to-noise ratio is already low.

It's a pipeline of automated alerts. CVEs get published by NVD. Github then picks them up from NVD and creates GHSAs and sends security notifications to every project that uses it. Then the ruby-advisory-db project pulls from GHSA and creates bundler-audit alerts for every project that uses it.

Man, someone reported a bug in unreleased Nokogiri code. I said "Thanks, I'll take a look."

Then they opened a CVE for the bug. A bug that never appeared in a released version! Without my consent!

Now I am on an adventure to reject the CVEs and have emailed @vuldb.com who is the CNA. #osslife #wtf

document.querySelector("#intercom-modal-container").remove()

iykyk

Let's build together at RailsConf's Hack Spaces on July 9th. I'm Mike Dalessio, maintainer of the sqlite3-ruby gem.

Rubyists! I'll be co-hosting a SQLite "office hours" with all-around good guy @fractaledmind.bsky.social at the final #RailsConf in Philly (on Day 2 of the conf!)

If you've got any questions about using SQLite or deploying it into production, we'd love to help!

Get your ticket here: railsconf.org

AND @flavorjon.es‬, Maintainer of #SQLite Ruby!

I'll be participating in Hack Spaces at the final #RailsConf in Philly (on July 9th, aka Day 2)!

In the morning I'll be with @flavorjon.es to hack on all things SQLite, then in the afternoon join me to hack on Acidic Job.

Get your ticket now: railsconf.org

What I talk about when I talk about IRs

bernsteinbear.com/blog/irs/

Congratulations!