Ruby Vulnerability Fixed In Ubuntu Hardy Heron

It appears that Ubuntu guys pushed the patch to fix the security vulnerability we’re all going crazy over. I just applied the patch this morning and below is the result of my test for Ruby array.

irb(main):001:0> a = []
=> []
irb(main):002:0> a[0x7fffffff] = "A"
IndexError: index 2147483647 too big
from (irb):2:in `[]='
from (irb):2
irb(main):003:0>

Rather than crashing, it just throws IndexError exception. After a short testing, it appears that nothing’s breaking. Very nicely done.

June 27, 2008 | Filed Under News

Leave a Comment 

Ruby’s Big Flaw - Security Vulnerability

Now that everyone’s freaking out about the vulnerability in Ruby, I had to investigate what the deal was. Here are the list of links:

Personally, I’m not too concerned as I’ve been doing “Paranoid Programming” for long long time, and I won’t lose sleep over this (read Zed’s rant before jumping all over me). HOWEVER, it doesn’t mean I’m going to sit here and do nothing. I’m upgrading to the latest patch to avoid any unseen mishaps.

I just wonder what this will do to the future of Ruby. This seems to be a major setback for those promoting Ruby in the Enterprise, since it’s the perception that matters, not the facts. Although I love Ruby as the language, I was always put off by those promoting Ruby as the “perfect” solution to everything. Let’s face it, there’s no such thing as perfectly secure language/platform/OS.

June 24, 2008 | Filed Under Rant

Leave a Comment 

Cell Phone Minute Calculation

Ruby comes with a wonderful method that can be used to calculate your cell phone usage by the minutes. Since every cell providers round to next minute, this little line here is all you need to calculate the billable minutes if the system gives you your usage in seconds.

def usage_in_minutes(usage_in_seconds)
usage_in_seconds.to_f./(60).ceil
end

The key here is “ceil” method. Take a look in the Ruby documentation.

June 18, 2008 | Filed Under Tutorial

Leave a Comment 

Dumb People Looking for Even Dumber People

I keep finding job postings asking for code samples. I originally thought it was a joke, but I think these people are serious.

First of all, I don’t know any company that allows such action as it violates common security policy. Anyone revealing any code to outsider is putting himself/herself in a bad situation. Besides, what does this really accomplish? Are these people that incompetent as an interviewer to weed out bad candidates?

The companies shouldn’t ask for it because it’s ILLEGAL! It’s a violation of copyright law and you’re setting up yourself for a potential lawsuit. If you don’t believe me, just do a quick research on all the successful tech companies fighting law suits everyday. You’ll also find out why Microsoft had to write Windows NT for Alpha processor.

I understand that the Rails community is made up mostly of young and inexperienced people, but I didn’t think the people hiring them would be too.

June 17, 2008 | Filed Under Rant

Leave a Comment 

Things I Hate…

As a CTO and an architect, I reviewed more codes than anyone can take in a lifetime. It’s a real kick in the ass now that I actually have to work on the code I find irritating. Here’s a short list of Rails code that I just can’t stand.

1. One controller apps - the entire app is in one controller with thousands of lines of code.
2. Embedding functions in views rather than putting them in helpers. It’s a modern day spaghetti code.
3. Overly partialed views - putting everything in partials when it really doesn’t need to be that way.
4. Fat controllers - everything’s in controllers, including the business logics.
5. Uncommented code - no, not everything’s obvious

It’s clear that even with a very opinionated framework, you can still write extremely ugly code.

June 17, 2008 | Filed Under Rant

Leave a Comment 

Ruby Metaprogramming Screencast

I’ve always said that watching is much better than reading when it comes to learning. With the use of technologies around us these days, it’s a crime to learn using old outdated medium like the paper. We should be utilizing both hearing and seeing.

When I found out that Pragmatic Bookshelf produced screencasts, I immediately jumped. I got both Erlang and Dave Thomas’ Ruby Metaprogramming screencasts. I’m extremely impressed with the quality of the video as well as the contents. All I can say is that you should try them out for yourself, especially at $5 per episode, there’s really nothing to think about.

I just can’t wait until they produce more of these. In fact, I hope they ditch the book publishing and go all video. Yes, it’s that good.

June 11, 2008 | Filed Under Rant, Review

Leave a Comment 

RailsConf Day 2 and 3

Needless to say, the day 2 and 3 of RailsConf was really really interesting. It was filled with really good contents, although I felt that there were too many tracks - I can’t be in two places at once…:(

Here’s a list of what I learned:

  • FUZED - clustering and scaling Rails apps using Erlang. It’s so awesome that I can’t even begin to describe. Check it out at http://fuzed.rubyforge.org.
  • Rails 2.1 has been released. It has new features, but nothing really to make me jump up and down about.
  • Skynet: Ruby Map/Reduce Framework - Simply amazing! Just google it and be amazed.

I really enjoyed James Lindenbaum’s talk on Mongrel despite the fact that the he couldn’t project anything thanks to the equipment provided to him by the facility. He did his best, but I actually felt angry that something like this would happen.

I’m completely exhausted and will have more things to post now that I have plenty of ammunition for next few weeks.

June 1, 2008 | Filed Under Rant

Leave a Comment