Greg Molnar @GregMolnar Twitter profile

Pinned Tweet

Greg Molnar

2 months

I am getting close to finish this course and decided to open it up for pre-sale. Use the code "PRESALE" during the checkout to receive the discount.

Security for Rails Developers (PRE-SALE)

This course is still in the works, but you can pre-purchase it to show support and put pressure on me to finish it ASAP. If you don't happen to like it once it is released, a full, no questions ask...

gregmolnar.gumroad.com

2

13

41

Last Seen Profiles

@DanaWalker70042

@JanaBrylee4948

@Char61303798

@TweetLeslieG

@VmaniakJ

@DylanDreyerNBC

@titusjoseff

@ALhazMhh

@bokeplokalmalam

@shakked_noy

@Ansem_17

@cukienaknikmati

@makeine_anime

@RadissonREDGla

@bokeplokalmalam

@CJhansford2026

@bokeplokalmalam

@jwustrow

@nomi__owo

@0machao

@stw46

@CDCMOSCARDO_com

@japan_satoru_

@deli_kinkyham

@AlexOworotimi

@Big_kayuz

@ComeSimien

@HobartHears

@yakoutjr

@HumbleISD_SWE

@8emrym

@BangreNisha

@WarrenMillie1

@nick_goldberg

@Awn__SA

@alphynik_draws

Greg Molnar

@GregMolnar

7 months

Do not use UUID for primary keys.

191

42

838

Greg Molnar

@GregMolnar

11 months

Add this to your robots.txt, and thank me later.

19

139

672

Greg Molnar

@GregMolnar

6 months

@Sosowski I can give him a .exe file

4

3

594

Greg Molnar

@GregMolnar

5 months

@mmagonewild Someone is getting knocked out I think.

1

372

Greg Molnar

@GregMolnar

6 months

@adamwathan The one on the side is Tailwind, the one on the otherside is vanilla CSS

3

1

282

Greg Molnar

@GregMolnar

1 year

@MrBeast @CryptoFiend45 Great progress so far. Don't get too big, focus on strength instead, that's better for long-term health.

15

0

266

Greg Molnar

@GregMolnar

11 months

@mmagonewild To his defense, it wasn't just him. Sean fools most with his style and behavior, but in reality he has great eyes for fighting. The way he saw most of the leg kicks in advance was pretty amazing. He was reading Izzy very well.

4

1

240

Greg Molnar

@GregMolnar

11 months

@KanekoaTheGreat He says "Russia's illegal war" Does that mean there is a legal war? I wonder how that works? Is that maybe when Canada and his allies go and attack Afghanistan, Iraq, etc, that's legal, but if someone else attacks someone, that's illegal? Sounds like double standards. How about

23

19

237

Greg Molnar

@GregMolnar

4 months

Rails 8 will have a new, built-in rate limiter. It is built on top of the Kredis limiter type, so you need a redis or valkey database. You can just call the `rate_limit` method in your controller and set the `to`, `within` and you have rate limiting in the controller.

8

19

219

Greg Molnar

@GregMolnar

1 year

@MMAUNCENSORED1 @alexvolkanovski The fans would win for sure.

1

0

213

Greg Molnar

@GregMolnar

2 years

Did you know that you can create a single-file Rails application? You shouldn't unless you are experimenting with something, but here is how it can be done: 🧵 👇

7

41

190

Greg Molnar

@GregMolnar

1 year

@AlexPereiraUFC With all due respect, the decision was questionable and all your knockouts were kinda lucky punches.

53

0

172

Greg Molnar

@GregMolnar

1 year

@ManelKape Never heard of you before.

3

0

156

Greg Molnar

@GregMolnar

4 months

Active Record introduced transaction callbacks recently. This change allows you to have a callback for the whole transaction, rather than to just have callbacks on a record's after_commit event. To make this possible, ActiveRecord::Base.transaction yields a transaction object

3

12

128

Greg Molnar

@GregMolnar

1 year

@yongfook You should speak the truth and mention that your SaaS is a AI driven(GPT-5), NFT-backed, running on the newest blockchain which is operated on green energy. Also, I am sure you wake up at six, hit the gym and take shrooms while intermittent fasting so your business decisions are

6

2

125

Greg Molnar

@GregMolnar

1 year

@theapplehub Abso-fucking-lutely. Don't fall for Apple's claims of it being difficult to make this happen. @FrameworkPuter proved that you can build a slick, great laptop that is repairable.

1

0

115

Greg Molnar

@GregMolnar

5 months

There was a PHP developer guy who wrote me on an online forum about 6 years ago, telling me he feels like his career is kinda stuck and he wants to learn Ruby and Rails and looking for someone he can ask questions from. I ended up helping him(he didn't need much help) and after a

7

120

Greg Molnar

@GregMolnar

1 year

I just want to put this out here: I really appreciate all the work @eileencodes does on Rails.

4

5

120

Greg Molnar

@GregMolnar

1 year

@zebulaun @MrBeast @CryptoFiend45 Big and strong are not the same. Strength is based on 2 things: how much muscle you have and how much of that muscle your nervous system can activate. You can build a lot of muscle by hypertrophy, but you won't necessarily be able to activate most of it. Training for strength and

5

0

115

Greg Molnar

@GregMolnar

1 year

I finally wrote the article about deploying a Rails app with MRSK: I cover how to deploy a Rails app on a VM, and how to run Redis and a Sidekiq worker on the same host.

Deploying a Rails app with MRSK

In this tutorial, I will show you how to use MRSK to deploy a Rails app to a VPS, run Caddy in front of the docker container to handle SSL, use a hosted database server, run Redis on the same...

greg.molnar.io

2

22

111

Greg Molnar

@GregMolnar

1 year

@dhh @yukihiro_matz And there was not much joy writing JavaScript to being with.

3

107

Greg Molnar

@GregMolnar

6 months

@m1guelpf They should worry about the memory of the president first.

1

4

100

Greg Molnar

@GregMolnar

1 year

Did you know that in Ruby, when you iterate with each_with_index, you can specify an offset?

7

19

102

Greg Molnar

@GregMolnar

1 year

@1Marc In a few years, they will not recommend using React at all.

3

1

99

Greg Molnar

@GregMolnar

11 months

Amazing first day at #RailsWorld !

2

3

97

Greg Molnar

@GregMolnar

7 months

@defunkt Insane. The second user on the platform got banned.

0

1

95

Greg Molnar

@GregMolnar

1 year

@t3dotgg Imagine if you would be posting for 3 days straight about DHH. Oh, you just did that, my bad.

1

0

93

Greg Molnar

@GregMolnar

8 months

Rails 8 will rock!

8.0.0 Milestone · rails/rails

Ruby on Rails. Contribute to rails/rails development by creating an account on GitHub.

github.com

3

7

93

Greg Molnar

@GregMolnar

5 months

@dvassallo I think it is a different kind of problem. With the spambots, it is a whack a mole game. You add some protection and it works until they figure out how to circumvent, then rinse and repeat.

9

0

90

Greg Molnar

@GregMolnar

2 months

Thanks to @dhh I watched a few videos from @typecraft_dev and one of them was about zellij. What a game changer it is.

Zellij

A terminal workspace with batteries included

zellij.dev

3

89

Greg Molnar

@GregMolnar

2 years

I wrote about 6 security improvements in Rails 7 #ruby #rubyonrails #infosec

1

13

87

Greg Molnar

@GregMolnar

10 months

@Austen Honestly, would you hire her? Based on this video, even if she had the experience, I am sure other folks would be more fun to work with than her.

9

0

81

Greg Molnar

@GregMolnar

3 months

I am happy to announce that I will be speaking at #RailsWorld in Toronto this September!

10

1

81

Greg Molnar

@GregMolnar

7 months

I am migrating an app from Devise to a custom authentication by the new Rails helpers. It is brutal. Devise does so much out of the box.

13

4

79

Greg Molnar

@GregMolnar

11 months

The post I wrote about Kamal(aka MRSK) got a little dated, but I updated it today. There is no Caddy involved now, thanks to @z0maj , I learned that Traefik can handle SSL certificates too.

Deploying a Rails app with Kamal

In this tutorial, I will show you how to use Kamal to deploy a Rails app to a VPS, get automatic SSL certificates with Traefik, use a hosted database server, run Redis on the same droplet, andrun a...

greg.molnar.io

1

13

76

Greg Molnar

@GregMolnar

5 months

Rails devs, do you ever write any security tests? I mean test cases for authorization for instance like these: "User A can't access User B's account" "User A can't create records in User B's account" etc

62

1

76

Greg Molnar

@GregMolnar

5 months

@hackthebox_eu We are living in an amazing time. When we need to start censoring humor, because jokes are taken seriously.

2

74

Greg Molnar

@GregMolnar

6 months

@oscarswillis He is just like his father. A great trash talker :D

0

69

Greg Molnar

@GregMolnar

11 months

I almost forgot to announce it, but my book is finally ready and can be purchased:

Secure code review for Rails Developers

A book on how to do your best to avoid shipping vulnerable code.

greg.molnar.io

6

12

70

Greg Molnar

@GregMolnar

2 years

I wrote about my 5 most recommended books about Ruby and Rails from the great authors: OtherChrisPine samruby nusco codefolio #ruby #rubyonrails

2

8

67

Greg Molnar

@GregMolnar

10 months

Ruby devs should validate that passwords are not previously exposed in a data breach. To make that easy, you can use use the pwned gem by @philnash

GitHub - philnash/pwned: 😱 An easy, Ruby way to use the Pwned Passwords API.

😱 An easy, Ruby way to use the Pwned Passwords API. - philnash/pwned

github.com

1

10

65

Greg Molnar

@GregMolnar

2 years

This Week in Rails is out! Rails on Docker, Local environment inquirer and more!

Rails on Docker, local? environment inquirer and more!

Hi there, this is Greg, bringing you the latest changes in Rails! Only include all_queries default scopes on reload This pull request changes the current behaviour on reload, which applies all the...

world.hey.com

1

7

63

Greg Molnar

@GregMolnar

2 years

Are you learning Ruby? Do you want to improve your Ruby skills? I collected are a few old but great books you can read for free! 🧵👇

1

10

63

Greg Molnar

@GregMolnar

8 months

We are almost in 2024 and I am still resolving openssl errors while installing Ruby. Amazing.

14

3

62

Greg Molnar

@GregMolnar

6 months

I have 3 small changes you can do to your Rails app and significantly improve its security posture: Setup spektr or brakeman for static code analysis. Run this on your CI to prevent silly mistakes getting into production. Setup "bundle audit" and "yarn audit" or "importmap audit"

2

5

59

Greg Molnar

@GregMolnar

10 months

@tobi @peer_rich Nobody drops tables anymore. They extract the data and sell it on the black market.

6

0

55

Greg Molnar

@GregMolnar

1 year

Rails 7.1 will introduce Object #with . It will be helpful when you need to set the value of an attribute to something temporarily.

1

9

57

Greg Molnar

@GregMolnar

1 year

The latest issue of Rails tricks is out! This time, with a few handy Active Record methods.

Active Record where tricks - Rails Tricks Issue 5

I am bringing you Active Record tricks to find records with missing associations or with associated records only, and to negate your conditions.

greg.molnar.io

5

12

54

Greg Molnar

@GregMolnar

1 year

Maybe you've heard that Turbo got converted into Javascript TypeScript. Here is a nice deep dive into how Turbo works:

Let's Read the Turbo Source: What Happens When You Click a Link?

Let's explore the source code of Hotwire's Turbo library to understand exactly what happens when you click a link.

www.writesoftwarewell.com

1

7

57

Greg Molnar

@GregMolnar

1 year

This Week in Rails is out! Improve custom namespace autoloading, Object #with and more!

This Week in Rails: Improve custom namespace autoloading, Object#with and more!

Hi, this is Greg, bringing you the latest changes in the Rails codebase.Lockdown rails app in production for securityCurrent Dockerfile generated by Rails runs as a non-root user which prevents...

rubyonrails.org

2

9

53

Greg Molnar

@GregMolnar

4 months

Correction! This feature doesn't require Kredis nor redis anymore!

Refactor `ActionController::RateLimiting` to use `AS::Cache` by casperisfine · Pull Request #50781...

Given that the limiter implementation provided by Kredis is a simple increment with a limit, all ActiveSupport::Cache already provide that same capability, with a wide range of backing stores, and ...

github.com

Greg Molnar

@GregMolnar

4 months

Rails 8 will have a new, built-in rate limiter. It is built on top of the Kredis limiter type, so you need a redis or valkey database. You can just call the `rate_limit` method in your controller and set the `to`, `within` and you have rate limiting in the controller.

8

19

219

3

5

53

Greg Molnar

@GregMolnar

11 months

During @tenderlove 's talk we learned that there were about 5 Vim users at #RailsWorld including me. It might be worth sharing how I ended up using Vim in the last couple of years. It started when I opened it to give it a try, and I just can't exit since.

12

0

51

Greg Molnar

@GregMolnar

4 months

If you are interested in Thruster, @BrenoGazzola wrote a really good post about it:

Explaining Thruster, a new 37signals gem that speeds up your app

Last month, 37Signals introduced Thruster, a “zero-config” gem that makes your web pages load faster by solving various problems that would otherwise require changes in multiple places in your...

discuss.rubyonrails.org

2

8

49

Greg Molnar

@GregMolnar

3 months

I am so grateful for these companies for supporting Rails World.

0

1

47

Greg Molnar

@GregMolnar

11 months

.env files are added to the default .gitignore on newly generated Rails apps.

Ignore env files (except templates) by dhh · Pull Request #49278 · rails/rails

Help people avoid checking in .env files with potentially sensitive tokens.

github.com

3

5

45

Greg Molnar

@GregMolnar

1 year

@levelsio It would of been better financially to buy a CASIO watch.

1

0

46

Greg Molnar

@GregMolnar

8 months

Nice progress already towards Rails 8!

1

46

Greg Molnar

@GregMolnar

11 months

We are packed!!! #RailsWorld

1

2

47

Greg Molnar

@GregMolnar

10 months

If you deploy your Rails app with Kamal, put this into your .dockerignore to lower the image size.

2

5

46

Greg Molnar

@GregMolnar

2 months

Kamal is amazing and version 2 might give the option to deploy multiple apps on the same host. That will make it even more compelling to indie hackers.

Ruby on Rails

@rails

2 months

Kamal is an imperative deployment tool from @37signals for running your apps with @Docker . Donal McBreen, from the Security, Infrastructure and Performance team at 37signals will run through how it works, what they've learned from v1.0 and the changes they've made for v2.0 - all

0

8

112

6

1

44

Greg Molnar

@GregMolnar

1 year

I don't have a sportscar to show off, but still, thanks @rails for the hair I still have at 40, for the opportunity to have fun building web apps in the past decade and earn a decent living while doing so.

4

0

44

Greg Molnar

@GregMolnar

2 years

This week in Rails is out!

Improved assert_redirected_to, improved error messages and more!

Hi, this is Greg, bringing you the latest changes in the Rails framework.

rubyonrails.org

13

7

44

Greg Molnar

@GregMolnar

6 months

I can't reply but I want to put this out here: you guys rock for all the work you do on Rails and I will be forever grateful.

Eileen M. Uchitelle

@eileencodes

6 months

The only thing more thankless in open source than bug fixes is working on security vulnerabilities. Y'all have no idea the amount of time some of us on Rails Core spend on security.

1

22

359

0

1

43

Greg Molnar

@GregMolnar

10 months

I just released the latest version of textacular with Rails 7.1 support.

GitHub - textacular/textacular: Textacular exposes full text search capabilities from PostgreSQL,...

Textacular exposes full text search capabilities from PostgreSQL, and allows you to declare full text indexes. Textacular will extend ActiveRecord with named_scope methods making searching easy and...

github.com

1

2

44

Greg Molnar

@GregMolnar

4 months

We will have great keynotes at Rails World! Don't forget that tickets will go on sale April 30 at 1pm EDT. Hopefully I will see many of you in Toronto!

3

42

Greg Molnar

@GregMolnar

3 months

I just noticed that @rosapolis will talk about "Invalid bytesequence in UTF-8" at @friendlyrb . I am surely not the only one having PTSD from that error message.

4

5

42

Greg Molnar

@GregMolnar

11 months

I would like to thank all the sponsors, @AmandaBPerino , the Rails Foundation and all the participants for Rails World. It was a great experience and I can’t wait the next one.

1

41

Greg Molnar

@GregMolnar

6 months

Password-based authentication is still the most widespread on the internet, so here are a few recommendations to keep in mind for it: - Require users to create a strong password. I would recommend a length of 12-64 characters. - Allow any character types your database field can

6

7

40

Greg Molnar

@GregMolnar

5 months

How would you refactor this Rails code?

16

1

39

Greg Molnar

@GregMolnar

3 months

It looks like Kamal 2 will be a gamechanger. Especially for indie devs or bootstrappers.

DHH

@dhh

3 months

@plattenschieber Kamal 2 will ship with Let's Encrypt and multi-app-per-server support out of the box. No Traefik needed.

1

3

30

2

38

Greg Molnar

@GregMolnar

2 years

Rails 7.1 will introduce 'regroup' to Active Record and folks seem to be confused about it. It will not regroup on the already grouped result, it is just syntax sugar to replace the previous 'group' call:

1

8

37

Greg Molnar

@GregMolnar

1 year

This Week in Rails is out! With composite primary keys improvements and more! Written by @morgoth85

Composite primary keys improvements and more

Hi, it’s Wojtek with this week’s changes in the Rails codebase. Allow specifying WHERE clauses with column-tuple syntax. Querying through Active Record where now accepts a tuple syntax which accepts,...

world.hey.com

2

5

37

Greg Molnar

@GregMolnar

2 years

Rails 7.1 will come with a default of using all processor cores available in production: You can still override this if needed by setting the WEB_CONCURRENCY environmental variable per host, or change the config in puma.rb globally.

Use puma worker count equal to processor count in production by dhh · Pull Request #46838 ·...

Use all the processor performance of the host by default in production.

github.com

1

4

37

Greg Molnar

@GregMolnar

10 months

@InsiderPhD There is a typo. you probably meant vim.

4

0

36

Greg Molnar

@GregMolnar

11 months

The user retention in Vim is excellent. When a newcomer opens it, they can't quit.

2

37

Greg Molnar

@GregMolnar

2 years

We reached the final issue in 20222 of This Week in Rails! I'd like to thank to my fellow editors: @siaw23 , @four54 , @morgoth85 and @_zzak and to all contributors to Rails!

This Year in Rails, a summary of 2022!

Hey! This is Emmanuel, Greg and Wojciech, bringing you the summary of what happened with Rails in the past year. It was a busy year with 3131 commits from 491 contributors and 31 releases! We...

world.hey.com

3

2

33

Greg Molnar

@GregMolnar

2 years

This Week in Rails is out! With a bugfix and improvements, written by me this week.

This Week in Rails: A bugfix and improvements!

Hi there, This is Greg, bringing you the latest changes in Rails. Fix Enumerable#many? to handle all block parameters Before this fix, Enumerable#many? didn't forward the block parameters to the...

world.hey.com

0

7

35

Greg Molnar

@GregMolnar

2 years

@etagwerker @dhh I know it is cool to shit on DHH without even reading the article, so probably you missed this part. Do you think that it is wrong to "give everyone a fair chance to advance in the world on the merit of their talent and content of their character"?

6

0

34

Greg Molnar

@GregMolnar

1 year

I think we can all agree now it is a loud minority who is interested in the DHH drama. Maybe it is time to move on and spend time on more important things. And it isn't because they left for mastodon, they are all on Twitter as well, some in a stealthier mode, some openly.

5

2

35

Greg Molnar

@GregMolnar

3 months

I know what I am doing for the rest of my day!

3

0

35

Greg Molnar

@GregMolnar

1 year

@MAKHACHEVMMA You are better at picking your opponents :)

6

0

35

Greg Molnar

@GregMolnar

11 months

@iammemeloper If you have a hammer, you think everything is a nail.

0

32

Greg Molnar

@GregMolnar

2 years

This Week in Rails is out! Disable enum methods generation, a concurrency fix and more!

Disable enum methods generation, a concurrency fix and more!

Hi there, This is Greg, bringing you the latest changes in Rails. Make sure that concurrent map usage is thread-safe This pull request changes the way a cache miss is handled. It makes it thread-safe...

world.hey.com

1

9

33

Greg Molnar

@GregMolnar

2 years

Since there isn't enough drama on Twitter and in the Ruby world, let's add some oil to the fire :D Rspec or Minitest? And don't forget your reason to prefer one over the other.

26

3

33

Greg Molnar

@GregMolnar

4 months

This is crazy. Rails is sooooo back! See you all in Toronto!

Ruby on Rails

@rails

4 months

#RailsWorld is now sold out. We can't wait to welcome you to Toronto! If there are any unclaimed or returned tickets from sponsors, we will release a second, smaller batch later in the year.

15

12

130

5

0

33

Greg Molnar

@GregMolnar

2 years

I am not affiliated with Portswigger, but @Burp_Suite is such a great tool, everyone should try it out:

0

3

32

Greg Molnar

@GregMolnar

2 years

@GergelyOrosz I second this. I live in Spain and many sites forces me to use a spanish version, even though they have an english one. And I know this must be news to them, but believe or not, there are people living on countries without speaking the local language :).

2

0

33

Greg Molnar

@GregMolnar

11 months

@devagrawal09 Let's talk in a few years, young padawan :)

2

0

31

Greg Molnar

@GregMolnar

4 months

ActiveRecord::Base #pluck will accept hash values in Rails 8. Currently, if you want to pluck from a table of an association, you would need to specify the column name as a string: Post.joins(:comments).pluck("", "", "comments.body")

1

32

Greg Molnar

@GregMolnar

9 months

If you are on Ruby 3.3+ and on Rails edge, you can enable YJIT in an initializer and it will be enabled for newly generated Rails apps by default:

Enable YJIT by default if running Ruby 3.3+ by byroot · Pull Request #49947 · rails/rails

There was many public reports of 15-25% latency improvements for Rails apps that did enable Ruby 3.2 YJIT, and in 3.3 it's even better. Following ruby/ruby#8705, in Ruby 3.3 YJIT is paused ...

github.com

0

2

32

Greg Molnar

@GregMolnar

4 months

An interesting new feature is coming in the next release of Rails: assertionless test reporting. You might wonder what an "assertionless test" is and why would someone even write one. These tests can pop up by accident. Consider the following code snippet: If the active scope

2

6

32

Greg Molnar

@GregMolnar

11 months

See you next year!

0

2

32

Greg Molnar

@GregMolnar

5 months

I wrote a little post about how can a little Ruby help with brute-forcing 2FA codes Credit for the open graph image goes to @igor_alexandrov

Brute-forcing 2FA with Ruby

I was doing a challenge on Hack The Box(since it is still active, I don’t want to point out which one it was) and I solved it with a little Ruby script. The challenge was to bypass 2FA protection. At...

greg.molnar.io

2

10

32

Greg Molnar

@GregMolnar

1 year

This Week in Rails is out! A new conference, new Action Mailer callbacks and more!

A new conference, new Action Mailer callbacks and more!

Hi, it’s Greg, bringing you the latest news about Ruby on Rails.

rubyonrails.org

0

1

32

Greg Molnar

@GregMolnar

11 months

The truth hurts so much :D

4

0

31

Greg Molnar

@GregMolnar

1 year

@_swanson @t3dotgg Wow, you managed to watch that video??? I gave up after a few minutes. The way he talks and twitches hurt my eyes. And as you pointed out he doesn't seem to know what he is talking about with the cloud exit(at least in the part I managed to see).

1

0

30

Greg Molnar

@GregMolnar

1 year

Did you know that when you are working on and old Rails app, and migrations are not versioned, you can run "rails db:schema:load" to load the schema instead of migrations? As a sidenote, I am starting a newsletter to share similar things in more detail: