71 items tagged “ruby”
2009
juno. An ultra-lightweight Python web framework inspired by Ruby’s Sinatra.
Prawn (via) Really nice PDF generation library for Ruby, used to generate Dopplr’s beautiful end of year reports.
why’s potion. why’s latest project is a small, fast language (JIT to x86/x86-64) which seems to take ideas from Ruby, Lua, Python and who knows where else. Everything is based around objects, closures and mixins, with the delightful inclusion of scoped mixins so you can modify an object only within a certain module (hence avoiding Ruby’s action-at-a-distance problems).
2008
Merb gets merged into Rails 3! Huge news. Of particular interest is the new focus on “framework agnosticism”, whereby Rails will aim to play well with people wishing to use alternative ORMs, template mechanisms and so forth. Rails has previously suffered from a reputation for getting in your way if you deviate from its opinions.
On packaging. James Bennett discusses the problems with setuptools (and ruby gems), and recommends Ian Bicking’s pip as a setuptools replacement.
Reia. The most common complaint I see about Erlang is the syntax. Reia is a Python-style scripting language (with a dash of Ruby) that runs on the Erlang virtual machine. Looks promising.
DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.
Ruby’s Vulnerability Handling Debacle. The critical Ruby vulnerabilities are over a week old now but there’s still no good official patch (the security patches cause segfaults in Rails, leaving the community reliant on unofficial patches from third parties). Max Caceres has three takeaway lessons, the most important of which is to always keep a “last-known-good” branch to apply critical patches to.
Whitespace Sensitivity. Amusingly, Ruby is actually far more sensitive about whitespace than Python is.
Arbitrary code execution vulnerabilities in Ruby (via) Sounds nasty—integer overflows and unsafe allocs leading to memory corruption. Definite DoS and possible code injection as well. Upgrade to Ruby “1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22” ASAP.
Spicing Up Embedded JavaScript. John Resig collects the various ways in which a JavaScript interpreter can be hosted by Python, PHP, Perl, Ruby and Java. There are full JS implementations in PHP, Perl and Java; Ruby and Python both have modules that use an embedded SpiderMonkey.
Maglev has begun to publish glowing performance numbers well in advance of actually running anything at all. They haven't started running the RubySpecs and have no compatibility story today. You can't actually get Maglev yet and run anything on it. It's worse than Vaporware, it's Presentationware.
MagLev recap. Avi Bryant reports on the RailsConf demo of MagLev, a new closed-source Ruby implementation built with Gemstone (Smalltalk) technology that packs some impressive features (transaction based concurrency across multiple VMs) and exciting benchmarks (6-100x faster than the standard Ruby interpreter).
What amazes me is how close Ruby 1.9 bytecode and Python 2.5 bytecode are. Some things translate almost directly. [...] And, really, if that's true (and I vouch that it is truly, truly true,) then how are Python and Ruby still on separate runtimes?
Sneaking Ruby Through Google App Engine (and Other Strictly Python Places). In a characteristic stroke of genius, _why makes a solid initial attempt at compiling Ruby 1.9 source to Python 2.5 bytecode.
Promise and Peril for Alternative Ruby Impls. Charles Nutter’s detailed and opinionated overview of the state of twelve different Ruby implementations (six of which are covered in detail).
god—process and task monitoring done right. I have a long running animosity towards every process monitoring tool currently in existence; I’ll have to put this one through its paces and see if it sucks less.
The Perl community has a long-standing love/hate-affair with making changes that impose "spooky action at a distance". They call it "black magic" and it is generally considered it a last resort. Black Magic that makes GLOBAL changes to things like inheritance is often characterised as being "Octarine" (see disk world novels), because it tends to work ok when there's only one person doing it, but start to mix a few together and KABOOM!
Monkeypatching is Destroying Ruby (via) Deliberately provocative title, but makes a well considered case for restrained use of monkey patching in Ruby. Cultural norms around monkey patching seem to me to be one of the core differences between the Ruby and Python communities.
Windows Live ID Delegated Authentication. Would make life a lot simpler if they just supported OAuth, but at least they include sample code in Python, Ruby and PHP.
RubyForge: Starling. “Starling is a light-weight persistent queue server that speaks the MemCache protocol. It was built to drive Twitter’s backend, and is in production across Twitter’s cluster.”
Is your Rails app XSS safe? SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet.
2007
I definitely like Python 3K's Unicode support better [...] In fact, I think I prefer Ruby 1.8's non-support for Unicode over Ruby 1.9's "support". The problem is one that is all to familiar to Python programmers. You can have a fully unit tested library and have somebody pass you a bad string, and you will fall over.
— Sam Ruby
Ruby 1.9—Right for You? Dave Thomas on the just-released Ruby 1.9. It’s a development release that breaks backwards compatibility in a few minor ways, but new features include the YARV virtual machine (hence significant speed improvements) and unicode support via associating encodings with bytestrings.
stompserver. I think this is the lightweight message queue I’ve been looking for: written in Ruby and EventMachine, easy to set up (thanks to gems), interoperates perfectly with stomp.py.
Two months with Ruby on Rails. Good rant—covers both the good and the bad. The first complaint is the lack of XSS protection by default in the template language. Django has the same problem, but the solution was 90% there when I saw Malcolm at OSCON.
identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.
Programming Nu (via) Interesting new programming language—Lisp style syntax, Ruby style semantics, built in Objective C bridge so you can access Cocoa APIs directly.
The Rubinius Sprint. Sun are throwing a ton of resources at Ruby, because as Tim Bray says, “it’s not fast enough”. Imagine where they’d be if they’d invested this kind of support in Jython five years ago...
Net::SSH revisited (via) Dependency injection (at least in Ruby) officially isn’t cool any more.