Securing a Private Gem Server

Posted on Leave a commentPosted in Ruby

RubyGems.org is unquestionably a cornerstone of the Ruby ecosystem.  Almost every open-source gem is published to this central hub.  Furthermore, Ruby’s package management system integrates directly with this site, which makes it unbelievably simple for developers to download the gem dependencies that they need. But, if you write code for an organization, then RubyGems.org has […]

Rails Application Hijacking: Part 2

Posted on Leave a commentPosted in Ruby

In my previous post, I demonstrated how Ruby’s #eval method can be exploited to hijack a Rails application.  Of course, if you knew much of anything about Ruby or Rails, then that post was probably underwhelming.  It was like warning people not to leave the keys in the ignition and the doors unlocked when parking […]

Rails Application Hijacking: Part 1

Posted on Leave a commentPosted in Ruby

Hey everybody!  Check out how crazy easy it is to write a calculator application in Rails!

All I had to do was pass the user’s input into Ruby’s #eval method!  Isn’t Rails teh (sic) awesome? Now that you’ve finished dishing out jumping high-fives to everyone in the room, let’s think through the implications of […]

Hello, Logbert!

Posted on 1 CommentPosted in Ruby

After using Python’s “logging” module for the last few years, I was kinda disappointed with the logging options available in Ruby.  In particular, I was shocked that none of the popular loggers in Ruby support true “Log Factories”.  Therefore, unless developers are using a framework such as Rails, they will need to initialize and configure […]

What the **?

Posted on Leave a commentPosted in Ruby

Oops.  I misspoke in my previous post about Ruby keyword arguments.  There actually is a change in Ruby’s method invocation behavior.  Ruby 2.x supports a new ** operator, which can influence the construction of the keyword arguments Hash. Developers coming from a Python background probably already have a notion about what the ** operator is […]

Ruby Keyword Arguments

Posted on Leave a commentPosted in Ruby

Ruby 2.0.0 was released on February 24, meaning that a long-awaited feature has finally arrived: language-supported keyword arguments!  Sure, you could fake keyword arguments in previous versions of Ruby by doing things like:

But, there was an obvious drawback with this approach: the method definitions were completely opaque! Exactly which keyword arguments did this method […]

Ruby Event Handlers

Posted on Leave a commentPosted in Ruby

After programming in Silverlight / .NET for the past few months, I’ve come to appreciate the beauty of the language’s built-in support for Events.  However, this also reminded me about how useless I’ve found Ruby’s Observable mixin to be.  So, I decided to write a Gem that would add support for .NET-style events to Ruby. […]