Build, Debug & Prosper

Transcript

1. None

2. start

3. por favor, levantem as mãos se você não entender Inglês?

4. BUILD, DEBUG & PROSPER @jainrishi15

5. @joshsoftware

6. INDIA

7. Facts about INDIA • 7th largest country by area in

   world.! • 2nd most populous country at 1.2 billion people! • Chess was invented in India! • Value of “pi” was first calculated by Indian mathematician Budhayana.! • Exports software to 90 countries.

8. GEMS

9. Guess the number of ruby gems per rubyist ?

10. 0.57

11. http://carie-lyndene.com/wp-content/uploads/2014/05/Why1.jpg

12. POSSIBLE REASONS:

13. COMPLICATED https://www.flickr.com/photos/bandinisonfire/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD- ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J

14. COMPLICATED https://www.flickr.com/photos/bandinisonfire/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD- ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J CALIBRE

15. COMPLICATED https://www.flickr.com/photos/bandinisonfire/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD- ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J CALIBRE BUSY

16. COMPLICATED https://www.flickr.com/photos/bandinisonfire/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD- ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J CALIBRE LAZY BUSY

17. COMPLICATED https://www.flickr.com/photos/bandinisonfire/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD- ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J CALIBRE TRIVIAL BUSY LAZY

18. adorable_cat

19. Lets build a gem…

20. but what?

21. STEPS: • NAMING! • CODE! • RELEASE

22. NAMING CONVENTIONS: • UNDERSCORES! • DASHES

23. UNDERSCORES “_” GEM NAME MODULE/CLASS require statement hello_world HelloWorld hello_world

24. DASHES “-” GEM NAME MODULE/CLASS require statement rails-hello_world Rails::HelloWorld rails/hello_world

25. GEM NAME AVAILABILITY

26. 1. rubygems.org

27. 2. command line gem query --remote rails! ! *** REMOTE

    GEMS *** ! aa-rails4 (0.6.0) aaronchi-jrails (0.5.1) aavkontakte-rails3 (0.1.9) abcjs-rails (1.11) access-granted-rails (0.1.0) activerecord-import-rails4 (0.5.0)

28. 3. command line gem query --remote —name-matches ‘^rails$’! ! !

    *** REMOTE GEMS *** ! ! rails (4.1.5)

29. require 'net_explore/version'! require 'os'!

30. require 'net_explore/version'! require 'os'! module NetExplore! ! ! end

31. require 'net_explore/version'! require 'os'! module NetExplore! def self.open_url url! !

    ! #open page on mac OS! ! ! ! ! #open page on linux! ! ! #raise an error! end! ! end

32. require 'net_explore/version'! require 'os'! module NetExplore! def self.open_url url! !

    ! if OS.mac?! system("open #{url}")! ! ! elsif OS.linux?! system("xdg-open #{url}")! ! ! else! raise 'Operating system type not supported ... please file the issue on gitub page with your OS name and I will try to include it in next release.'! ! ! end! ! end! end

33. VERSIONING https://www.flickr.com/photos/tedmurphy/3830352762/in/photolist-6QtyqS-5j3YPP-7gHBkt-4cv4sL-84rU3Y-aKQcDM-8deAE1-4RYoX-73jMXx-e4QTGi-5H4JMW-6P34yq-bDEUiF-oet3bA-ovVDkY-otVG51-oeudaQ-otVUfo-ovWc6S-ovGy26-ovZGS1- ovVK2Y-oeJ8b2-owdb92-oub6gd-oxXS5a-ovZQr9-oeJkL2-oeHteb-owdhUM-oeH9kv-ovZPvS-oeHihQ-ovW9gx-owbkQ7-oubrkG-8bfvsK-99tWTS-7MGoit-4R5wJi-ovWErd-otWdej-oesGSV-5P3X3w-ovYL2k-oeH7rm-ovXKx6-otWW9G-ovWjxA-oeJfXz

34. SCENARIO: • INITIAL CLASS IS RELEASED! • MORE FEATURES ADDED

    TO CLASS! • BUG FIXES IN EXISTING METHODS! • CHANGES WHICH BREAK EARLIER CODE

35. Incremental Versioning: • INITIAL CLASS IS RELEASED • MORE FEATURES

    ADDED TO CLASS! • BUG FIXES IN EXISTING METHODS • CHANGES WHICH BREAK EARLIER CODE VERSION1 VERSION2 VERSION3 VERSION4

36. SEMANTIC VERSIONING: x.y.z patch: 0.0.x! minor: 0.x.0! major: x.0.0

37. Semantic Versioning: • INITIAL CLASS IS RELEASED VERSION 0.0.1 VERSION

    0.1.0 VERSION 0.1.1 VERSION 1.0.0 • MORE FEATURES ADDED TO CLASS • BUG FIXES IN EXISTING METHODS • CHANGES WHICH BREAK EARLIER CODE

38. • OPTIMISTIC! • PESSIMISTIC Semantic Versioning:

39. Optimistic Versioning: gem ‘you gem name’, ‘>= 0.1.0’

40. Pessimistic Versioning: gem ‘you gem name’, ‘>= 0.1.0’, ‘< 1.0’

41. ~ >

42. gem ‘rails’, ‘~> 3.0.3’

43. Releasing a gem gem push gem name-0.0.1.gem

44. 30 JAN ?

45. 30 JAN, 2013 ?

46. HACKED ..!!! RUBYGEMS

47. AFTER EFFECTS: • SIGNING RUBY GEMS! • APP-STORE TYPE MODEL!

    • BUY CERTIFICATES

48. SIGNING GEMS

49. Build a public certificate and a private pem file.

50. How to sign gems?

51. Step1: Create Certificates $ gem cert --build [email protected]! PUBLIC CERT

    PRIVATE CERT

52. Step2: Update gem with certs cd /path/to/your/gem! mkdir certs! cp

    ~/.ssh/gem-public_cert.pem certs/ yourhandle.pem! git add certs/yourhandle.pem!

53. Step2: Update gem with certs s.cert_chain = ['certs/yourhandle.pem']! s.signing_key =File.expand_path("~/.ssh/

    gem-private_key.pem")

54. Step3: Update cert list gem cert --add certs/yourhandle.pem

55. Step4: Build gem gem build gem name.gemspec gem install gemname-version.gem

    -P HighSecurity!

56. gem install gemname- version.gem -P HighSecurity!

57. Security Policies: • No security: Signed packages are treated like

    unsigned packages. • Low security: Checks expiry of certificate. • Medium Security: Validation + inclusion in cert chain. • High Security: Medium security + un- signed gems restriction.

58. Problem with signing ruby gems ? SCALABILITY

59. Chain of certificates rubygems Varis Joffrey Ned Stark Tyron Khaleesi

60. Why to sign gems at all?

61. Scenario(hypothetical): • You have a problem.! • Solution found on

    stack overflow (some gem)! • gem install gem-name

62. Vulnerability on gem installation: • Read/Write files on your system.!

    • Connect to remote server.! • Grab Passwords! • Own all your ruby gems.

63. examples: • awesome_rails_flash_messages! • better_date_to_s! • be_truthy by @benjamin_smith

64. gem fetch net_explore! ! Fetching: net_explore-0.0.1.gem (100%) Downloaded net_explore-0.0.1 !

65. gem unpack net_explore-0.0.1.gem! ! Unpacked gem: ‘path-to-net_explore-0.0.1’

66. “Don’t trust gems blindly ..!!!”

67. THANK YOU! @jainrishi15