Simon Willison’s Weblog

Subscribe
Atom feed for ruby

71 items tagged “ruby”

2009

juno. An ultra-lightweight Python web framework inspired by Ruby’s Sinatra.

# 4th February 2009, 10:48 am / python, ruby, sinatra, juno, webframeworks

Prawn (via) Really nice PDF generation library for Ruby, used to generate Dopplr’s beautiful end of year reports.

# 16th January 2009, 4:04 pm / dopplr, ruby, prawn, pdf

why’s potion. why’s latest project is a small, fast language (JIT to x86/x86-64) which seems to take ideas from Ruby, Lua, Python and who knows where else. Everything is based around objects, closures and mixins, with the delightful inclusion of scoped mixins so you can modify an object only within a certain module (hence avoiding Ruby’s action-at-a-distance problems).

# 8th January 2009, 6:37 pm / ruby, whytheluckystiff, potion, programming, languages, jit, lua, mixins, closures

2008

Merb gets merged into Rails 3! Huge news. Of particular interest is the new focus on “framework agnosticism”, whereby Rails will aim to play well with people wishing to use alternative ORMs, template mechanisms and so forth. Rails has previously suffered from a reputation for getting in your way if you deviate from its opinions.

# 23rd December 2008, 8:32 pm / rails, frameworks, merb, rails3, ruby

On packaging. James Bennett discusses the problems with setuptools (and ruby gems), and recommends Ian Bicking’s pip as a setuptools replacement.

# 14th December 2008, 4:57 pm / python, setuptools, pip, ian-bicking, james-bennett, ruby, gems

Reia. The most common complaint I see about Erlang is the syntax. Reia is a Python-style scripting language (with a dash of Ruby) that runs on the Erlang virtual machine. Looks promising.

# 25th September 2008, 6:12 pm / reia, erlang, python, ruby, programming

DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.

# 23rd August 2008, 11:11 am / rails, ruby, rexml, xml, security, dos, billionlaughs

Ruby’s Vulnerability Handling Debacle. The critical Ruby vulnerabilities are over a week old now but there’s still no good official patch (the security patches cause segfaults in Rails, leaving the community reliant on unofficial patches from third parties). Max Caceres has three takeaway lessons, the most important of which is to always keep a “last-known-good” branch to apply critical patches to.

# 2nd July 2008, 10:39 am / ruby, security, open-source, maxcaceres, rails, patches

Whitespace Sensitivity. Amusingly, Ruby is actually far more sensitive about whitespace than Python is.

# 1st July 2008, 2:50 pm / ruby, python, armin-ronacher, whitespace

Arbitrary code execution vulnerabilities in Ruby (via) Sounds nasty—integer overflows and unsafe allocs leading to memory corruption. Definite DoS and possible code injection as well. Upgrade to Ruby “1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22” ASAP.

# 21st June 2008, 8:44 am / ruby, security

Spicing Up Embedded JavaScript. John Resig collects the various ways in which a JavaScript interpreter can be hosted by Python, PHP, Perl, Ruby and Java. There are full JS implementations in PHP, Perl and Java; Ruby and Python both have modules that use an embedded SpiderMonkey.

# 15th June 2008, 11:32 am / javascript, john-resig, spidermonkey, python, java, php, perl, ruby, embedding

Maglev has begun to publish glowing performance numbers well in advance of actually running anything at all. They haven't started running the RubySpecs and have no compatibility story today. You can't actually get Maglev yet and run anything on it. It's worse than Vaporware, it's Presentationware.

Charles Nutter

# 1st June 2008, 11:29 pm / maglev, charles-nutter, ruby

MagLev recap. Avi Bryant reports on the RailsConf demo of MagLev, a new closed-source Ruby implementation built with Gemstone (Smalltalk) technology that packs some impressive features (transaction based concurrency across multiple VMs) and exciting benchmarks (6-100x faster than the standard Ruby interpreter).

# 1st June 2008, 11:26 pm / maglev, avi-bryant, railsconf, smalltalk, ruby, gemstone

What amazes me is how close Ruby 1.9 bytecode and Python 2.5 bytecode are. Some things translate almost directly. [...] And, really, if that's true (and I vouch that it is truly, truly true,) then how are Python and Ruby still on separate runtimes?

Why the lucky stiff

# 5th May 2008, 10:14 pm / python, ruby, whytheluckystiff

Sneaking Ruby Through Google App Engine (and Other Strictly Python Places). In a characteristic stroke of genius, _why makes a solid initial attempt at compiling Ruby 1.9 source to Python 2.5 bytecode.

# 5th May 2008, 10:13 pm / bytecode, ruby, python, whytheluckystiff, googleappengine

Promise and Peril for Alternative Ruby Impls. Charles Nutter’s detailed and opinionated overview of the state of twelve different Ruby implementations (six of which are covered in detail).

# 27th April 2008, 2:18 pm / ruby, charles-nutter, jruby, rubinius, ironruby, macruby

god—process and task monitoring done right. I have a long running animosity towards every process monitoring tool currently in existence; I’ll have to put this one through its paces and see if it sucks less.

# 29th March 2008, 10:20 pm / processes, monitoring, ruby, god, sysadmin

The Perl community has a long-standing love/hate-affair with making changes that impose "spooky action at a distance". They call it "black magic" and it is generally considered it a last resort. Black Magic that makes GLOBAL changes to things like inheritance is often characterised as being "Octarine" (see disk world novels), because it tends to work ok when there's only one person doing it, but start to mix a few together and KABOOM!

Adam Kennedy

# 22nd March 2008, 12:28 am / monkeypatching, magic, adam-kennedy, blackmagic, perl, ruby

Monkeypatching is Destroying Ruby (via) Deliberately provocative title, but makes a well considered case for restrained use of monkey patching in Ruby. Cultural norms around monkey patching seem to me to be one of the core differences between the Ruby and Python communities.

# 22nd March 2008, 12:27 am / ruby, python, ian-bicking, monkeypatching

Windows Live ID Delegated Authentication. Would make life a lot simpler if they just supported OAuth, but at least they include sample code in Python, Ruby and PHP.

# 8th March 2008, 3:19 pm / python, ruby, php, microsoft, live, oauth, liveid

RubyForge: Starling. “Starling is a light-weight persistent queue server that speaks the MemCache protocol. It was built to drive Twitter’s backend, and is in production across Twitter’s cluster.”

# 11th January 2008, 9:47 pm / memcached, twitter, ruby, messaging, queue, starling, blaine-cook, rubyforge, message-queues

Is your Rails app XSS safe? SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet.

# 10th January 2008, 6:46 pm / xss, safeerb, rails, ruby, security

2007

I definitely like Python 3K's Unicode support better [...] In fact, I think I prefer Ruby 1.8's non-support for Unicode over Ruby 1.9's "support". The problem is one that is all to familiar to Python programmers. You can have a fully unit tested library and have somebody pass you a bad string, and you will fall over.

Sam Ruby

# 28th December 2007, 7:05 pm / ruby, sam-ruby, unicode, python, unittesting, ruby19, rubi18

Ruby 1.9—Right for You? Dave Thomas on the just-released Ruby 1.9. It’s a development release that breaks backwards compatibility in a few minor ways, but new features include the YARV virtual machine (hence significant speed improvements) and unicode support via associating encodings with bytestrings.

# 26th December 2007, 12:09 pm / bytestrings, dave-thomas, ruby, rubi19, yarv, performance, unicode

stompserver. I think this is the lightweight message queue I’ve been looking for: written in Ruby and EventMachine, easy to set up (thanks to gems), interoperates perfectly with stomp.py.

# 14th December 2007, 4:40 pm / python, ruby, stomp, messaging, message-queues, eventmachine, lightweight, gems

Two months with Ruby on Rails. Good rant—covers both the good and the bad. The first complaint is the lack of XSS protection by default in the template language. Django has the same problem, but the solution was 90% there when I saw Malcolm at OSCON.

# 9th October 2007, 12:23 pm / rails, django, python, ruby, xss, security

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.

# 4th October 2007, 2:53 pm / identitymatcher, plugins, microformats, matt-biddulph, facebook, gmail, dopplr, openid, portablesocialnetwork, rails, ruby, socialgraph, twitter, fowa, fowa2007

Programming Nu (via) Interesting new programming language—Lisp style syntax, Ruby style semantics, built in Objective C bridge so you can access Cocoa APIs directly.

# 1st October 2007, 9:49 pm / nu, programming, lisp, ruby, objectivec, cocoa

The Rubinius Sprint. Sun are throwing a ton of resources at Ruby, because as Tim Bray says, “it’s not fast enough”. Imagine where they’d be if they’d invested this kind of support in Jython five years ago...

# 21st September 2007, 11:32 pm / sourgrapes, python, jython, ruby, sun, tim-bray, rubinius, open-source, java

Net::SSH revisited (via) Dependency injection (at least in Ruby) officially isn’t cool any more.

# 1st August 2007, 10:42 am / assaf-arkin, ruby, ssh, dependencyinjection, jamis-buck