Rescuing Ruby Greg Brockman Stripe CTO @thegdb begin ruby rescue ?? end 

Ruby’s niche is being eaten from all directions (and not just because of better runtimes). 

“Highly productive web language which can also be systems code in a pinch”? ! (Python’s web libraries are getting quite good.) 

“A good place to write prototyping code before writing in a ‘serious’ language like C++”? ! (Go is making it easy to write “serious” code, so prototyping languages are becoming less compelling.) 

“Home of the most innovative web frameworks”? ! (Node.js is where the next generation of web frameworks, such as Meteor, are being written.) 

Source: modulecounts.com 

So, what can we do to reverse the trend and prevent Ruby becoming another Perl? ! This talk proposes one possible set of (occasionally radical) changes, but what’s most important is that we as a community don’t just sit idly by. ! All examples are just isolated illustrations — I don’t mean to point fingers. 

First, expand the set of use cases. 

Change 1: Find areas of rapid development, and create libraries to make Ruby the default language. 

No content

No content

No content

Change 2: Create a standard SOA toolkit. 

All we need: 

# Thrift IDL: # # namespace rb Example.Thrift # # service ExampleInterface { # string example(1: string arg); # } ! class ExampleServer < Chalk::Thrift::Server::Base interface Example::Thrift::ExampleInterface set :port, 1337 ! def example(arg) 'hi' end end 

Change 3: Invest more time in Bundler. 

Run `bundle install` to install missing gems. How much time do we spend staring at this: The Bundler API is great, but there’s a lot of work to be done on the implementation. 

Second, catch up on the ground we’ve lost. 

Change 4: Add standard ways of doing standard tasks (logging, config, etc). Just having this for Rails isn’t enough. 

No content

loop do begin break if @stopping || @network_is_down run_once [...] rescue Exception => e puts e.class.name puts e.message puts e.backtrace end end Right now the path of least resistance looks like this: 

class MyClass include Chalk::Log ! # Prints: # # Saying something: what="hello" def hello log.info('Saying something', what: 'hello') end end 

Change 5: Stop monkey-patching the language. (Refinements aren’t enough.) 

Right::AWS: ! ! ! ! ! ! Rails 3: Example via http://yehudakatz.com/2010/11/30/ruby-2-0-refinements-in-practice/ class String def camelize() self.dup.split(/_/).map{ |word| word.capitalize }.join('') end end ! ! ! class String def camelize(first_letter = :upper) case first_letter when :upper then ActiveSupport::Inflector.camelize(self, true) when :lower then ActiveSupport::Inflector.camelize(self, false) end end end 

Change 6: Write static analyzers. 

Go Oracle: ! ▶ Found a call path from root to (*github.com/stripe-ctf/ octopus/harness.Harness).querier ! ▶ (*github.com/stripe-ctf/octopus/harness.Harness).querier ▶ static method call from (*github.com/stripe-ctf/octopus/harness.Harness).Start ▶ static method call from (*github.com/stripe-ctf/octopus/director.Director).Start ▶ static method call from github.com/stripe-ctf/octopus.main func (h *Harness) querier() { […] } 

While it’s impossible to get 100% coverage, we can write tools for all the sane cases. (If your analyzer can’t understand it, a human probably can’t either.) ! Proof-of-concept: https://github.com/gdb/ruby-static- checker 

Change 7: Favor explictness over implicitness, and straightforward over clever. 

def method_missing(*m) regex = m.first.to_s.match(/^find_(all_)?(country_| countries_)?by_(.+)/) super unless regex ! countries = self.find_by($3, m[1], $2) $1 ? countries : countries.last end ! […] ! def find_by(attribute, value, obj = nil) self.find_all_by(attribute.downcase, value).map do | country| obj.nil? ? country : self.new(country.last) end end 

“Be liberal in what you accept, and conservative in what you send” ! — RFC 1122 ! Good for internet protocols. Less good for the application layer. --- :hello: world (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156) 

Change 8: Take ownership over your users’ security. 

No content

Third, build tooling and applications that other languages can’t replicate. 

Imagine being able to connect to your production code and drop into exceptioned contexts, extract a runnable core dump, or gather statistics. 

Greg Brockman Stripe CTO // @thegdb