Simon Willison’s Weblog

Items tagged ruby

Filters: ruby ×


Merb gets merged into Rails 3! Huge news. Of particular interest is the new focus on “framework agnosticism”, whereby Rails will aim to play well with people wishing to use alternative ORMs, template mechanisms and so forth. Rails has previously suffered from a reputation for getting in your way if you deviate from its opinions. # 23rd December 2008, 8:32 pm

On packaging. James Bennett discusses the problems with setuptools (and ruby gems), and recommends Ian Bicking’s pip as a setuptools replacement. # 14th December 2008, 4:57 pm

Reia. The most common complaint I see about Erlang is the syntax. Reia is a Python-style scripting language (with a dash of Ruby) that runs on the Erlang virtual machine. Looks promising. # 25th September 2008, 6:12 pm

DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming. # 23rd August 2008, 11:11 am

Ruby’s Vulnerability Handling Debacle. The critical Ruby vulnerabilities are over a week old now but there’s still no good official patch (the security patches cause segfaults in Rails, leaving the community reliant on unofficial patches from third parties). Max Caceres has three takeaway lessons, the most important of which is to always keep a “last-known-good” branch to apply critical patches to. # 2nd July 2008, 10:39 am

Whitespace Sensitivity. Amusingly, Ruby is actually far more sensitive about whitespace than Python is. # 1st July 2008, 2:50 pm

Arbitrary code execution vulnerabilities in Ruby (via) Sounds nasty—integer overflows and unsafe allocs leading to memory corruption. Definite DoS and possible code injection as well. Upgrade to Ruby “1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22” ASAP. # 21st June 2008, 8:44 am

Spicing Up Embedded JavaScript. John Resig collects the various ways in which a JavaScript interpreter can be hosted by Python, PHP, Perl, Ruby and Java. There are full JS implementations in PHP, Perl and Java; Ruby and Python both have modules that use an embedded SpiderMonkey. # 15th June 2008, 11:32 am

Maglev has begun to publish glowing performance numbers well in advance of actually running anything at all. They haven’t started running the RubySpecs and have no compatibility story today. You can’t actually get Maglev yet and run anything on it. It’s worse than Vaporware, it’s Presentationware.

Charles Nutter # 1st June 2008, 11:29 pm

MagLev recap. Avi Bryant reports on the RailsConf demo of MagLev, a new closed-source Ruby implementation built with Gemstone (Smalltalk) technology that packs some impressive features (transaction based concurrency across multiple VMs) and exciting benchmarks (6-100x faster than the standard Ruby interpreter). # 1st June 2008, 11:26 pm

What amazes me is how close Ruby 1.9 bytecode and Python 2.5 bytecode are. Some things translate almost directly. [...] And, really, if that’s true (and I vouch that it is truly, truly true,) then how are Python and Ruby still on separate runtimes?

Why the lucky stiff # 5th May 2008, 10:14 pm

Sneaking Ruby Through Google App Engine (and Other Strictly Python Places). In a characteristic stroke of genius, _why makes a solid initial attempt at compiling Ruby 1.9 source to Python 2.5 bytecode. # 5th May 2008, 10:13 pm

Promise and Peril for Alternative Ruby Impls. Charles Nutter’s detailed and opinionated overview of the state of twelve different Ruby implementations (six of which are covered in detail). # 27th April 2008, 2:18 pm

god—process and task monitoring done right. I have a long running animosity towards every process monitoring tool currently in existence; I’ll have to put this one through its paces and see if it sucks less. # 29th March 2008, 10:20 pm

The Perl community has a long-standing love/hate-affair with making changes that impose “spooky action at a distance”. They call it “black magic” and it is generally considered it a last resort. Black Magic that makes GLOBAL changes to things like inheritance is often characterised as being “Octarine” (see disk world novels), because it tends to work ok when there’s only one person doing it, but start to mix a few together and KABOOM!

Adam Kennedy # 22nd March 2008, 12:28 am

Monkeypatching is Destroying Ruby (via) Deliberately provocative title, but makes a well considered case for restrained use of monkey patching in Ruby. Cultural norms around monkey patching seem to me to be one of the core differences between the Ruby and Python communities. # 22nd March 2008, 12:27 am

Windows Live ID Delegated Authentication. Would make life a lot simpler if they just supported OAuth, but at least they include sample code in Python, Ruby and PHP. # 8th March 2008, 3:19 pm

RubyForge: Starling. “Starling is a light-weight persistent queue server that speaks the MemCache protocol. It was built to drive Twitter’s backend, and is in production across Twitter’s cluster.” # 11th January 2008, 9:47 pm

Is your Rails app XSS safe? SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet. # 10th January 2008, 6:46 pm

I definitely like Python 3K’s Unicode support better [...] In fact, I think I prefer Ruby 1.8’s non-support for Unicode over Ruby 1.9’s “support”. The problem is one that is all to familiar to Python programmers. You can have a fully unit tested library and have somebody pass you a bad string, and you will fall over.

Sam Ruby # 28th December 2007, 7:05 pm

Ruby 1.9—Right for You? Dave Thomas on the just-released Ruby 1.9. It’s a development release that breaks backwards compatibility in a few minor ways, but new features include the YARV virtual machine (hence significant speed improvements) and unicode support via associating encodings with bytestrings. # 26th December 2007, 12:09 pm

stompserver. I think this is the lightweight message queue I’ve been looking for: written in Ruby and EventMachine, easy to set up (thanks to gems), interoperates perfectly with stomp.py. # 14th December 2007, 4:40 pm

Two months with Ruby on Rails. Good rant—covers both the good and the bad. The first complaint is the lack of XSS protection by default in the template language. Django has the same problem, but the solution was 90% there when I saw Malcolm at OSCON. # 9th October 2007, 12:23 pm

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin. # 4th October 2007, 2:53 pm

Programming Nu (via) Interesting new programming language—Lisp style syntax, Ruby style semantics, built in Objective C bridge so you can access Cocoa APIs directly. # 1st October 2007, 9:49 pm

The Rubinius Sprint. Sun are throwing a ton of resources at Ruby, because as Tim Bray says, “it’s not fast enough”. Imagine where they’d be if they’d invested this kind of support in Jython five years ago... # 21st September 2007, 11:32 pm

Net::SSH revisited (via) Dependency injection (at least in Ruby) officially isn’t cool any more. # 1st August 2007, 10:42 am

The recent announcement that Mozilla’s next JavaScript engine, Tamarin, will also be a container for functionality written in Python and Ruby (and, one assumes, beyond) is proof that JavaScript is the new Parrot.

Aaron Straup Cope # 29th July 2007, 9:17 pm

lwqueue. Lightweight cross-language message queue system, written in Perl with client libraries in Perl, Python and Ruby. # 16th July 2007, 10:04 am

The CSS Redundancy Checker. A tool for checking your markup for outdated CSS rules that don’t match any of your HTML. We were discussing the need for something similar to this at Torchbox a few weeks ago. # 6th July 2007, 12:02 pm