The newest on-line resource for serious Ruby information has gone live.
Ruby Code & Style, an on-line magazine from Artima, has just published issue #1.
Check out the names on the advisory board. It’s a Who’s Who of everybody who’s anybody in the Ruby world.
The premiere issue has three outstanding articles:
First up, Jack Herrington, author of Code Generation in Action (Manning, 2002) and Podcasting Hacks (O’Reilly, 2005), has written Modular Architectures with Ruby
Next, Austin Ziegler gives us Creating Printable Documents with Ruby
And there’s a reprint of Ara Howard’s article, Linux Clustering with Ruby Queue: Small is Beautiful, which first appeared in Linux Journal but deserves repeat attention
A big thanks to the advisory board, and especial to Bill Venners for starting this whole thing.
Posted by james on 11 Oct 2005
EuRuKo 2005, the European Ruby Conference, will be in Munich, Germany, October 15 and 16, 2005.
If you have any means whatsoever to attend, go. It is still fairly small, and the intimate feeling of the conference is something special.
You can see the current agenda here, but last year there were assorted spontaneous talks and discussions as well and it will likely be the same this year.
Posted by james on 10 Oct 2005
The Ruby versions listed below have a vulnerability that allows an arbitrary code to run bypassing the safe level check.
Date published: 2005-10-02
Versions affected:
Stable releases(1.8.x) - Versions 1.8.2 and earlier (fixed on Version 1.8.3)
Old releases(1.6.x) - Versions 1.6.8 and earlier
Development versions(1.9.0) - Versions 2005-09-01 and earlier (fixed on Version 2005-09-02)
Solution:
Users of stable releases (1.8.x) and development versions (1.9.0) should update Ruby to the latest versions listed above.
Users of old releases (1.6.x) should update to the stable releases (1.8.x) or download the latest snapshot for 1.6.x from the URL below, build, and install.
ftp://ftp.ruby-lang.org/pub/ruby/snapshot-1.6.tar.gz
A patch from ruby-1.6.8.tar.gz is also provided at the following location:
ftp://ftp.ruby-lang.org/pub/ruby/1.6/1.6.8-patch1.gz
md5sum: 7a97381d61576e68aec94d60bc4cbbab
A patch from ruby-1.8.2.tar.gz is also provided at the following location:
ftp://ftp.ruby-lang.org/pub/ruby/1.8/1.8.2-patch1.gz
md5sum: 4f32bae4546421a20a9211253da103d3
Description:
The Object Oriented Scripting Language Ruby supports safely executing an
untrusted code with two mechanisms: safe level and taint flag on objects.
A vulnerability has been found that allows bypassing these mechanisms.
By using the vulnerability, arbitrary code can be executed beyond the
restrictions specified in each safe level. Therefore, Ruby has to be
updated on all systems that use safe level to execute untrusted code.
Reference:
JVN#62914675 http://jvn.jp/jp/JVN%2362914675/index.html
(in Japanese)
Acknowledgment:
We thank Dr. Yutaka Oiwa, Research Center for Information Security,
National Institute of Advanced Industrial Science and Technology, who
found the vulnerability that allows bypassing safe level.
Posted by Matz on 03 Oct 2005