"Living Dangerous" stage 2, summarizing ideas

Discussion in 'Ruby' started by Gregory Brown, Jan 8, 2006.

  1. Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    going quite well.
    I'd like to start drafting up notes for my article, so I've put them
    on a wiki page.

    http://tinyurl.com/alaxa

    Feel free to add sections, tweak definitions, etc etc and add your own cont=
    ent.
    However, please be mindful of the fact that this is intended to be a
    summary of the community consensus, so please do ask here on RubyTalk
    if you have doubts that you're opinion would be at least generally in
    line with that of the community before adding it to the notes on the
    wiki.

    Please do reference any websites you are getting your materials from,
    if you do so.

    keep in mind, the key issues are:

    1. Defining what the open nature of ruby is.
    2. Addressing the concerns of those who find ruby 'dangerous'
    3. Showing the benefits of ruby's openness and dynamicity.
    4. Exposing the potential issues that arise from this, and how to avoid the=
    m

    As usual, I am overwhelmed by the RubyTalk effect, so please keep
    those contributions coming!
    Gregory Brown, Jan 8, 2006
    #1
    1. Advertising

  2. Gregory Brown

    James Britt Guest

    Gregory Brown wrote:
    > Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    > going quite well.
    > I'd like to start drafting up notes for my article, so I've put them
    > on a wiki page.
    >
    > http://tinyurl.com/alaxa
    >
    > Feel free to add sections, tweak definitions, etc etc and add your own content.
    > However, please be mindful of the fact that this is intended to be a
    > summary of the community consensus, so please do ask here on RubyTalk
    > if you have doubts that you're opinion would be at least generally in
    > line with that of the community before adding it to the notes on the
    > wiki.


    If this is a Ruby community thing, would it make more sense to collect
    this info on the RubyGarden wiki?

    James

    --

    http://www.ruby-doc.org - Ruby Help & Documentation
    http://www.artima.com/rubycs/ - Ruby Code & Style: Writers wanted
    http://www.rubystuff.com - The Ruby Store for Ruby Stuff
    http://www.jamesbritt.com - Playing with Better Toys
    http://www.30secondrule.com - Building Better Tools
    James Britt, Jan 8, 2006
    #2
    1. Advertising

  3. Gregory Brown

    Chad Perrin Guest

    On Mon, Jan 09, 2006 at 08:10:04AM +0900, Gregory Brown wrote:
    > Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    > going quite well.
    > I'd like to start drafting up notes for my article, so I've put them
    > on a wiki page.
    >
    > http://tinyurl.com/alaxa


    Is the "living dangerous" (as opposed to "living dangerously")
    intentional for some reason I'm missing?

    --
    Chad Perrin [ CCD CopyWrite | http://ccd.apotheon.org ]

    "Real ugliness is not harsh-looking syntax, but having to
    build programs out of the wrong concepts." - Paul Graham
    Chad Perrin, Jan 8, 2006
    #3
  4. On 1/8/06, James Britt <> wrote:
    > Gregory Brown wrote:
    > > Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    > > going quite well.
    > > I'd like to start drafting up notes for my article, so I've put them
    > > on a wiki page.
    > >
    > > http://tinyurl.com/alaxa
    > >
    > > Feel free to add sections, tweak definitions, etc etc and add your own =

    content.
    > > However, please be mindful of the fact that this is intended to be a
    > > summary of the community consensus, so please do ask here on RubyTalk
    > > if you have doubts that you're opinion would be at least generally in
    > > line with that of the community before adding it to the notes on the
    > > wiki.

    >
    > If this is a Ruby community thing, would it make more sense to collect
    > this info on the RubyGarden wiki?


    good point! We can move it over there, sure.

    new link:
    http://rubygarden.org/ruby?TheOpenNatureOfRuby
    Gregory Brown, Jan 9, 2006
    #4
  5. Gregory Brown

    James Britt Guest

    Chad Perrin wrote:
    > On Mon, Jan 09, 2006 at 08:10:04AM +0900, Gregory Brown wrote:
    >
    >>Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    >>going quite well.
    >>I'd like to start drafting up notes for my article, so I've put them
    >>on a wiki page.
    >>
    >>http://tinyurl.com/alaxa

    >
    >
    > Is the "living dangerous" (as opposed to "living dangerously")
    > intentional for some reason I'm missing?


    I think of it as a play on "Think dangerous."

    James

    "Do you know your last name is an adverb?"
    from the film "Johnny Dangerously"

    --

    http://www.ruby-doc.org - Ruby Help & Documentation
    http://www.artima.com/rubycs/ - Ruby Code & Style: Writers wanted
    http://www.rubystuff.com - The Ruby Store for Ruby Stuff
    http://www.jamesbritt.com - Playing with Better Toys
    http://www.30secondrule.com - Building Better Tools
    James Britt, Jan 9, 2006
    #5
  6. ------=_Part_3221_22500741.1136768616136
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    On 1/9/06, Gregory Brown <> wrote:
    >
    > Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    > going quite well.
    > I'd like to start drafting up notes for my article, so I've put them
    > on a wiki page.
    >
    > http://tinyurl.com/alaxa
    >
    > Feel free to add sections, tweak definitions, etc etc and add your own
    > content.
    > However, please be mindful of the fact that this is intended to be a
    > summary of the community consensus, so please do ask here on RubyTalk
    > if you have doubts that you're opinion would be at least generally in
    > line with that of the community before adding it to the notes on the
    > wiki.
    >
    > Please do reference any websites you are getting your materials from,
    > if you do so.
    >
    > keep in mind, the key issues are:
    >
    > 1. Defining what the open nature of ruby is.



    To me Ruby seems a little schizophrenic. It has the concept of classes as
    object templates, but they are almost like prototypes, mutable after
    creation. So a cross between C++/Java Class style and Javascript/IO
    prototype OO. There is no concept of Interfaces, so no limiting the couplin=
    g
    'surface area' of caller/callee interaction. Its a nice mix because you
    don't 'have' to make use of mutable Objects/Classes, but they are like
    programmer candy if you need them. I'm hoping Ruby 2/Rite goes even further=
    ,
    allowing fully 'custom' OO.


    2. Addressing the concerns of those who find ruby 'dangerous'
    3. Showing the benefits of ruby's openness and dynamicity.
    4. Exposing the potential issues that arise from this, and how to avoid the=
    m

    As usual, I am overwhelmed by the RubyTalk effect, so please keep
    those contributions coming!





    --
    Into RFID? www.rfidnewsupdate.com Simple, fast, news.

    ------=_Part_3221_22500741.1136768616136--
    Lyndon Samson, Jan 9, 2006
    #6
  7. Gregory Brown

    Gene Tani Guest

    James Britt wrote:
    > Chad Perrin wrote:
    > > On Mon, Jan 09, 2006 at 08:10:04AM +0900, Gregory Brown wrote:
    > >
    > >
    > > Is the "living dangerous" (as opposed to "living dangerously")
    > > intentional for some reason I'm missing?

    >
    > I think of it as a play on "Think dangerous."
    >


    who 1st used the D-word, Matz, maybe?

    http://www.rubyist.net/~matz/slides/rc2005/mgp00031.html

    and theOpenNatureOfRuby wiki page is blank, what are entries supposed
    to look like?
    Gene Tani, Jan 9, 2006
    #7
  8. On 1/8/06, James Britt <> wrote:
    > Chad Perrin wrote:
    > > On Mon, Jan 09, 2006 at 08:10:04AM +0900, Gregory Brown wrote:
    > >
    > >>Okay, the thread on "Why Living Dangerous can be A Good Thing" is
    > >>going quite well.
    > >>I'd like to start drafting up notes for my article, so I've put them
    > >>on a wiki page.
    > >>
    > >>http://tinyurl.com/alaxa

    > >
    > >
    > > Is the "living dangerous" (as opposed to "living dangerously")
    > > intentional for some reason I'm missing?

    >
    > I think of it as a play on "Think dangerous."


    It is something of that matter, yes :O)
    Gregory Brown, Jan 9, 2006
    #8
  9. On 1/9/06, Gene Tani <> wrote:

    > and theOpenNatureOfRuby wiki page is blank, what are entries supposed
    > to look like?


    um... no it's not. Are you looking at the tarpit?
    Gregory Brown, Jan 9, 2006
    #9
  10. Gregory Brown

    zimbatm Guest

    Hi,

    I wanted to change the wiki but I'm not sure what I think is right
    really is.

    It seems to me that you forgot two cases where ruby's open nature is an
    inconvenient. Due to ruby's open-class and lack of contraints, it seems
    to me that you can't trust ruby code right away. You can't execute an
    external code in your application in a specific boundary. You can't
    trust it to be "evil" without reviewing it.

    I have two example in mind.

    First example. Imaging you're building a big web application where
    users can submit their templates (eg. blog or wiki hosting) and you're
    using embedded ruby in html. How can you trust that the user won't send
    an "evil" template without reviewing it ? (disregarding javascript XSS
    exploits)

    Second example. You're implementing a remote execution mechanism with
    agents. Like Java's JINI, you want clients to send pieces of code that
    will be executed in the server's environment and then give the result
    back. It's a bit like the client would send blocks to the server. How
    do you avoid the client sending "evil" code that would redefine how the
    server would work ?

    I'm curious how these issues can be solved. I think _why used
    obfuscation for http://tryruby.hobix.com/ but it's not applicable for
    open-source projects. There is also the SAFE variable that limit ruby's
    capabilities. But I think it's only applicable to the whole code, so
    it's not a solution. Finally, you can taint classes to make the
    unmutable but then you loose ruby's dynamicness.

    Cheers,
    zimba.tm
    zimbatm, Jan 9, 2006
    #10
  11. --Apple-Mail-18--401368338
    Content-Transfer-Encoding: 7bit
    Content-Type: text/plain;
    charset=US-ASCII;
    delsp=yes;
    format=flowed

    On Jan 9, 2006, at 5:18 AM, zimbatm wrote:

    > First example. Imaging you're building a big web application where
    > users can submit their templates (eg. blog or wiki hosting) and you're
    > using embedded ruby in html. How can you trust that the user won't
    > send
    > an "evil" template without reviewing it ? (disregarding javascript XSS
    > exploits)


    > Second example. You're implementing a remote execution mechanism with
    > agents. Like Java's JINI, you want clients to send pieces of code that
    > will be executed in the server's environment and then give the result
    > back. It's a bit like the client would send blocks to the server. How
    > do you avoid the client sending "evil" code that would redefine how
    > the
    > server would work ?


    These problems are one and the same: never, ever, ever trust user
    data. (completed web forms, templates, client-side code, etc.)
    Would you really not examine the template if it where embedded PHP or
    something similar? Is it not possible for client-side code to do
    "bad things" in JINI? I argue that this is not the fault of the
    language, but problems inherent to the world the application lives in.

    ~ ryan ~
    --Apple-Mail-18--401368338--
    J. Ryan Sobol, Jan 9, 2006
    #11
  12. Gregory Brown

    Guest

    On Jan 9, 2006, at 5:18 AM, zimbatm wrote:
    > It seems to me that you forgot two cases where ruby's open nature
    > is an
    > inconvenient. Due to ruby's open-class and lack of contraints, it
    > seems
    > to me that you can't trust ruby code right away. You can't execute an
    > external code in your application in a specific boundary. You can't
    > trust it to be "evil" without reviewing it.


    Is this a 'Ruby' issue? Isn't this true of any library/class/etc. that
    you might use in any language?

    Gary Wright
    , Jan 9, 2006
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. salman sheikh

    4 stage register or fifo

    salman sheikh, Feb 18, 2004, in forum: VHDL
    Replies:
    2
    Views:
    517
    salman sheikh
    Feb 19, 2004
  2. Anoops
    Replies:
    1
    Views:
    625
    navneetcertain
    Aug 1, 2013
  3. Brian Folke Seaberg

    Initialization -- One Stage or Two Stage

    Brian Folke Seaberg, Jan 4, 2005, in forum: C++
    Replies:
    4
    Views:
    721
    Howard
    Jan 4, 2005
  4. Mike Orr

    Summarizing data by week

    Mike Orr, Jan 9, 2007, in forum: Python
    Replies:
    3
    Views:
    294
    M.-A. Lemburg
    Jan 11, 2007
  5. Gregory Brown
    Replies:
    101
    Views:
    691
    Jonas Hartmann
    Jan 12, 2006
Loading...

Share This Page