Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ruby & You - Rubyconf PT 2014

hone
October 14, 2014

Ruby & You - Rubyconf PT 2014

hone

October 14, 2014
Tweet

More Decks by hone

Other Decks in Programming

Transcript

  1. Top 5 Committers $ git shortlog -s --since=2012 | sort

    -rn | \ head -6 2739 nobu <--- 867 akr 710 svn 635 ko1 596 naruse 448 zzak
  2. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn <--- 635 ko1 596 naruse 448 zzak
  3. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn 635 ko1 596 naruse 448 zzak <---
  4. Metasploit def digit_pattern @digit_pattern ||= rand(10_000).to_s end def multiplier (500_000

    * (1.0/digit_pattern.size)).to_i end def evil_float_string [digit_pattern, digit_pattern * multiplier].join('.') end JSON.parse("[#{evil_float_string}]")
  5. $ ruby repro.rb [BUG] Segmentation fault ruby 2.0.0p247 (2013-06-27 revision

    41674) [x86_64-linux] -- C level backtrace information ---------------------- /../lib/libruby.so.2.0(+0x1ceaa8) [0x7f8787802aa8] /../rubies/ruby-2.0.0-p247/lib/libruby.so.2.0(+0x74e0a) /../lib/libruby.so.2.0(rb_bug+0xb3) [0x7f87876a9af3] /../lib/libruby.so.2.0(+0x14cf66) [0x7f8787780f66]
  6. Affected Versions • Ruby 1.8 after 1.8.6p230 • Ruby 1.9

    prior to 1.9.3p484 • Ruby 2.0 prior to 2.0.0p353 • Ruby 2.1 prior to 2.1.0 preview2 • trunk prior to revision 43780
  7. Solution... All users are recommended to upgrade to • Ruby

    1.9.3p484 • Ruby 2.0.0p353 • Ruby 2.1.0 preview2
  8. What about Ruby 1.8.7? Please note that Ruby 1.8 series

    or any earlier releases are already obsoleted. There is no plan to release new FIXED versions for them.
  9. A Patch in Time Heroku releases two unofficial rubies: 1.

    Ruby 1.9.2p321 2. Ruby 1.8.7p375 github.com/heroku/ruby
  10. To: [email protected], [email protected], [email protected], [email protected], [email protected] At Heroku, we’re still

    maintaining security fixes for customers on 1.8.7 and 1.9.2 while we figure out our end of life process. After discussion on the security list, I’d like to apply these patches to the proper branches upstream so things don’t get out of sync. Here are the commits I’d like to apply: https://github.com/ruby/ruby/pull/457 https://github.com/ruby/ruby/pull/458 -Terence
  11. Getting on Core • Send enough patches • port Ruby

    to non-POSIX platforms • write library brought into stdlib • security backporting
  12. Getting the Source (SVN) Trunk: $ svn co http://svn.ruby-lang.org/repos/ruby/trunk ruby

    Branch: $ svn co \ http://svn.ruby-lang. org/repos/ruby/branches/ruby_2_0_0
  13. Getting the Source (git-svn) $ git clone [email protected]:ruby/ruby.git $ cd

    ruby $ git svn init \ svn+ssh://[email protected] lang.org/ruby/trunk $ mv .git/refs/remotes/origin/trunk \ . git/refs/remotes/git-svn $ git svn rebase
  14. Top 5 (Human) Committers $ git shortlog -s --since=2012 |

    sort -rn | \ head -6 2739 nobu 867 akr 710 svn <--- 635 ko1 596 naruse 448 zzak
  15. Running Tests $ mkdir build $ autoconf $ cd build

    $ ./configure --prefix=~/tmp/xxx --enable-shared \ --with-openssl-dir=/path/to/openssl \ --with-readline-dir=/path/to/readline \ --with-zlib-dir=/path/to/zlib $ make test-all TESTS=-v
  16. Creating a Patch $ diff -pu original/ changed/ \ >

    ruby-changes.patch $ svn diff > ruby-changes.patch $ git diff > ruby-changes.patch
  17. Filing Issues • Bugs are fixed on trunk first •

    Can request backport once committed to trunk • bugs.ruby-lang.org/projects/ruby-trunk/issues/new
  18. Story: Insecure SSL Defaults • Ruby get it’s default from

    OpenSSL • Who’s responsibility is it?
  19. Ruby Core Developer Meetings • Draft an agenda • Pick

    a date (estimate) • Ask Matz • Ask ruby-core
  20. Moving to Git • Backport Tools • Redmine • Version

    Log • Others? • Convince Core • Profit…?
  21. BEGIN { ObjectSpace.count_objects } def count_string before = ObjectSpace.count_objects[:T_STRING] yield

    after = ObjectSpace.count_objects[:T_STRING] puts "Increasing String object is: #{after - before}" end count_string{'a' + 'b'} #=> 3
  22. in Ruby 2.1.3 hash = { "jeremy" => "julius caesar"

    } count_string { 1000.times { hash["jeremy"] } #=> 1000 }
  23. in Ruby 2.2 hash = { "jeremy" => "julius caesar"

    } count_string { 1000.times { hash["jeremy"] } #=> 0 }
  24. Schedule • Sep 13: Ruby 2.2.0.preview1 • Sep 30: Large

    Feature Freeze • Oct 29: Preview 2 Meeting • Nov: Feature Freeze, Ruby 2.2.0.preview2 • Dec: Release Candidate • Dec 25: 2.2.0 Release!
  25. Why Not Static Typing? • It works™ without it •

    It is against duck typing • It will be optional
  26. Why Not Static Typing? • It works™ without it •

    It is against duck typing • It will be optional • DRY