RubyFlow : The Ruby Community Blog

Home   Submit   Sign Up   Log In   leaders   Twitter   RSS Feed  

postmodern — 35 posts

ruby-install 0.4.0 has been released! Added support for installing mruby, the --rubies-dir option for installing into ~/.rvm/rubies/ or ~/.rbenv/versions/, the -j,--jobs option for parallel compilation, and more.
Recently, it was disclosed that libyaml <= 0.1.4 is vulnerable to a heap overflow. libyaml is used by Ruby's Psych YAML parser, which ships with Ruby >= 1.9.2 and was made the default YAML parser in Ruby 1.9.3. Find out if you are vulnerable and how to upgrade libyaml.
chruby 0.3.8 and ruby-install 0.3.3 have been released, containing minor bug fixes. chruby and ruby-install are small, fast and stable alternatives to RVM and rbenv.

There is an overflow in floating point number parsing in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-4164.

All users are recommended to upgrade to Ruby 1.9.3 patchlevel 484, ruby 2.0.0 patchlevel 353 or ruby 2.1.0 preview2.
Since was down for maintenance, you had to download Ruby from a mirror. Luckily, ruby-install 0.3.0 now supports a mirror option:

ruby-install -M ruby 2.0

Also new in 0.3.0, patches can be given as URLs:

ruby-install -p ruby 1.9.3
Released chruby 0.3.6 and ruby-install 0.2.0. chruby is an ultra-minimal Ruby switcher (~90 LoC), that does one thing and one thing only, switches Rubies. ruby-install downloads, compiles and installs any version of Ruby, JRuby, Rubinius or MagLev. ruby-install supports automatically installing into ~/.rubies / /opt/rubies and can install additional dependencies using your system's package manager.
The countdown on has almost reached zero. Once the clock hits zero, the "big announcement" will be made at Ruby Kaigi and posted on the website. Only seven more hours to go!
ruby-install 0.1.0 has been released! Supports MRI, JRuby, Rubinius, installing into /opt/rubies or ~/.rubies, installing arbitrary versions right after they are released, installing build dependencies via the package manager, applying arbitrary patches and passing in arbitrary ./configure options.
kramdown-man 0.1.4 released!
kramdown-man is a markdown to man page converter, using the pure-Ruby kramdown markdown library. kramdown-man seeks to support the majority of markdown syntax and roff tags. Unlike ronn or md2man, kramdown-man does not depend on any C extensions, and supports JRuby.

Kramdown exposes the full Abstract Syntax Tree (AST) of the markdown document. This makes it very easy to write markdown Converters.
chruby 0.3.3 released!
chruby 0.3.3 has been released! This release contains bug fixes and workarounds for using tmux with chruby/, ohmyzsh's bundle exec ruby alias and OSX Mountain Lion's PROMPT_COMMAND. Version 0.3.3 should be available via homebrew shortly.
bundler-audit provides patch-level verification for Bundler. It will check the gem versions in Gemfile.lock against a local database of advisories. Check whether your Rails apps are updated against the recent Rails vulnerabilities!

$ bundle-audit

Additional help importing Ruby/Rails related advisories from OSVDB would be greatly appreciated!
ronin-sql 1.0.0 released!
After six years of development and neglect, ronin-sql has been refactored and version 1.0.0 has finally been released! ronin-sql is a library for encoding/decoding SQL data. It also includes a Ruby Domain Specific Language (DSL) for crafting complex SQL Injections (SQLi). Read More
I finished developing Proof-of-Concept (PoC) exploits for Rails vulnerabilities CVE-2013-0156 and CVE-2013-0155. Read the write up or read the exploits: rails_dos.rb, rails_jsonq.rb, rails_sqli.rb, rails_rce.rb. If you haven't already upgraded Rails, DO IT NOW!
chruby 0.3.0 was released! What's new:

Optional auto-switching when a .ruby-version file is detected.
Auto-detection of Rubies installed into /opt/rubies/ and ~/.rubies.
Added chruby-exec, a convenience utility that switches to a Ruby and runs a command. This is intended for use in crontab or Continuous Integration (CI) servers.
Recently wrote copy/pastable installation instructions for MRI, JRuby and Rubinius on Debian, Ubuntu, RedHat, Fedora and OS X.
chruby is an ultra-minimal alternative to RVM and rbenv. chruby allows one to install rubies into /usr/local/$ruby, /opt/$ruby or ~/.rubies/$ruby, but install gems into ~/.gem/$ruby/$version. Unlike RVM or rbenv, chruby only modifies $PATH, $GEM_HOME and $GEM_PATH, and does not hook cd or rely on shims. chruby is ~80 lines, supports both bash and zsh, and has unit-tests.
Released ffi-extractor 0.1.0, Ruby FFI bindings to libextractor, a library for extracting metadata from a variety of file formats.

libextractor is a simple library for keyword extraction. libextractor
does not support all formats but supports a simple plugging mechanism
such that you can quickly add extractors for additional formats, even
without recompiling libextractor. libextractor typically ships with a
dozen helper-libraries that can be used to obtain keywords from common
In a fit of Flash-induced rage, I created flv-dl, which allows one to download or play Flash Video (flv) files from their web-pages, directly from the command-line.

flv-dl -o video.flv "URL"
flv-dl -p mplayer "URL"
flv-dl --dump "URL"
RubyGems Tasks
Published a blog post discussing rubygems-tasks and where it draws it's inspiration from.
Released Ore 0.9.1. Contains minor stylistic improvements to the templates. You don't have to use Bundler to create a new RubyGem: gem install ore && mine my_project
Just pushed a pre-release of multi_markdown, feedback welcomed. multi_markdown allows projects to use a wide variety of Markdown libraries, without having to depend on a specific one. AKA multi_json for markdown. Please stop explicitly depending on rdiscount or redcarpet, try multi_markdown instead.
Ore 0.9.0 released
Released Ore 0.9.0. Ore is a flexible RubyGem project generator, supporting Git/Hg/SVN, gemspecs, gemspec.yml, rubygems-tasks, bundler, .rvmrc, RDoc, Markdown, Textile, YARD, RSpec, Test::Unit and installable templates.

$ gem install ore
$ mine my-project --rspec --yard --markdown
rubygems-tasks are agnostic and unobtrusive Rake tasks for building, installing and releasing Ruby Gems. rubygems-tasks are compatible with plain .gemspec files, support Git/Mercurial/SVN, PGP signed tags, package checksums, PGP signed packages, a console task and ANSI coloured output!

require 'rubygems/tasks'
Hexdump 0.2.x
Just released Hexdump 0.2.1. Blog post discusses the new features and performance improvements.
Do you manually git tag your releases? Do you follow Semantic Versioning? Do you prefix your version tags with a v? You don't?!

Learn why Semantic Version Tags are a good idea and how it helps automated tools.
net-http-server is a pure-Ruby, small, Rack-like and Rack-compliant HTTP Server, meant to be a simpler alternative to WEBrick. Blog post gives a walk through of just how simple net-http-server is.
DeploYML is a simple deployment solution for Ruby / Rails projects that uses a single YAML file, Git and ssh. Read more
Mining RubyGems from Ore
The recent discussion about minimal gemspecs inspired me to create Ore, a simple solution for generating and building RubyGems, that uses a single YAML file to describe a project. Source.
Introducing static_paths 0.1.0
static_paths is a library to manage the paths of directories containing static-content within multiple libraries. static_paths makes it simple to register, unregister and search through directories containing static-content needed by your libraries. Get the code.
YARD can easily be extended to recognize and document new meta-programming methods. yard-dm is a new YARD plugin gem, which adds support for documenting the properties/relations of DataMapper models. More on this.
Introducing the new Web Spider Obstacle Course.
Introducing the new Web Spider Obstacle Course (WSOC). WSOC was completely re-written as a Sinatra app, and can easily be used to test the robustness of any Web Spider/Crawler/Scanner. Currently, Spidr uses WSOC as part of it's test suite.
I like to create Ruby projects, and I also like to use Hoe to manage them. With any Ruby project generator, I always hate having to add my usual boilerplate code and Rake tasks. Luckily, Hoe supports using project templates, stored in ~/.hoe_template, with the sow command. For example, here is the Hoe template I use to generate new projects, with RSpec 1.2.9 and YARD 0.5.2 setup.

Install: git clone git:// ~/.hoe_template
Use: sow my_project
Introducing Sketches, a live-programming gem that can spawn editors, watch your edited files and reload them when they change. Sketches is easy to configure and fits right in your .irbrc file.
After hearing lots of people asking howto install Ruby 1.9.1 alongside 1.8, I decided to write this really simple shell script to get the ball rolling. It's hosted as a gist, so feel free to fork and improve upon it.
Hey, ever wanted to load Objects from Ruby files without having to use YAML or define a custom class named like the file? Now you can, with Contextify.