[#39810] 2.0 feature questionnaire — SASADA Koichi <ko1@...>
I made a questionnaire "What do you want to introduce in 2.0?" in my
2011/10/1 SASADA Koichi <ko1@atdot.net>:
Hi,
On Sun, Oct 2, 2011 at 1:30 AM, Yukihiro Matsumoto <matz@ruby-lang.org> wrote:
Oops, I was mentioned.
See below.
(10/07/2011 02:19 PM), Evan Phoenix wrote:
>> No, it isn't. VM-aware extensions shall obey the MVM-safe APIs.
2011/10/1 SASADA Koichi <ko1@atdot.net>:
On Monday, October 24, 2011 at 10:29 PM, Charles Oliver Nutter wrote:
On Mon, Oct 24, 2011 at 10:29 PM, Charles Oliver Nutter <headius@headius.com
On Tue, Oct 25, 2011 at 3:51 PM, Rocky Bernstein <rockyb@rubyforge.org> wrote:
On Tue, Oct 25, 2011 at 1:51 PM, Rocky Bernstein <rockyb@rubyforge.org>wrote:
On Wed, Oct 26, 2011 at 12:43 AM, Tim Felgentreff <tim@nada1.de> wrote:
[#39823] Discussion results — SASADA Koichi <ko1@...>
Hi,
I did not have the fortune of attending the discussion, but I would
Hi,
Hello Matz,
Hello,
On Mon, Oct 3, 2011 at 8:16 AM, Yusuke Endoh <mame@tsg.ne.jp> wrote:
Hello,
How does String#margin behave when given irregular input?
On Mon, Oct 3, 2011 at 11:05 AM, Jim Freeze <jimfreeze@gmail.com> wrote:
Sent from my iPad
On Mon, Oct 3, 2011 at 1:52 PM, Gmail <jimfreeze@gmail.com> wrote:
On Mon, Oct 3, 2011 at 14:16, Yusuke Endoh <mame@tsg.ne.jp> wrote:
[#39824] Road to 2.0 — SASADA Koichi <ko1@...>
Hi,
Hello,
[#39886] [Ruby 1.9 - Bug #5393][Open] some style fixes in enum.c docs — b t <redmine@...>
[#39888] [Ruby 1.9 - Feature #5394][Open] Anonymous Symbols, Anonymous Methods — Kurt Stephens <ks.ruby@...>
[#39915] [Ruby 1.9 - Feature #5400][Open] Remove flip-flops in 2.0 — Magnus Holm <judofyr@...>
Hello,
[#39918] [Ruby 1.9 - Bug #5401][Open] Ruby 1.9.3 interpreter crash — Conrad Taylor <conradwt@...>
[#39937] redmine 2.0 tracker — SASADA Koichi <ko1@...>
There is no 2.0 tracker (sub-project) in redmine.
[#39957] [Ruby 1.9 - Bug #5407][Open] Cannot build ruby-1.9.3-rc1 with TDM-GCC 4.6.1 on Windows XP SP3 — Heesob Park <phasis@...>
[#39986] problems with Refinements — Shugo Maeda <shugo@...>
Hi,
There are also the group of people that think refinements are just a
Hi,
> Unfortunately, I missed Brian's talk, so we have to wait until the
Hi,
> I am not sure why
On Fri, Oct 7, 2011 at 6:02 AM, Steve Klabnik <steve@steveklabnik.com>wrote:
[#39993] [Ruby 1.9 - Feature #2348] RBTree Should be Added to the Standard Library — David Graham <david.malcom.graham@...>
(2011.10.07 01:50 ), David Graham wrote:
On 07/10/2011, at 1:16 PM, Kenta Murata wrote:
(2011/10/07 1:50), David Graham wrote:
On Thu, Oct 6, 2011 at 6:34 PM, SASADA Koichi <ko1@atdot.net> wrote:
[#40058] Statistical Profiling — Perry Smith <pedzsan@...>
Would it be plausible to somehow, get the (ruby) stack of the running ruby process (or a particular thread), periodically? For example, every 10 seconds.
[#40073] [Ruby 1.9 - Feature #5427][Open] Not complex patch to improve `require` time (load.c) — Yura Sokolov <funny.falcon@...>
[#40117] [Ruby 1.9 - Bug #5437][Open] Using fibers leads to huge memory leak — Robert Pankowecki <robert.pankowecki@...>
[#40138] [Ruby 1.9 - Feature #5444][Open] Object.free — Thomas Sawyer <transfire@...>
[#40172] plans for 2.0. — Carter Cheng <cartercheng@...>
Hello,
2011/10/17 Carter Cheng <cartercheng@gmail.com>:
[#40188] [Ruby 2.0 - Feature #5454] keyword arguments — Yukihiro Matsumoto <matz@...>
This looks very interesting! Would someone be willing to translate to english? I've only got a vague idea of what is being discussed.
Hi,
Hi,
Thanks for the translation!
From the current patch it seems to me that this would raise an ArgumentError, as it does now. Neither name nor age are "keyword arguments". There is no way to define keyword arguments without a default.
On Tue, Oct 18, 2011 at 1:33 AM, Haase, Konstantin <
[#40200] [Ruby 1.9 - Bug #5459][Open] Silence -Wmissing-declarations and -Wold-style-definition warnings in mkmf — Nikolai Weibull <now@...>
[#40203] invoking garbage_collect in gc.c — Carter Cheng <cartercheng@...>
Hello,
[#40259] Counseling — Perry Smith <pedzsan@...>
Ruby and I are back in counseling... Its always the same thing with her. "I'm throwing an Encoding exception!!!"
What's your $LC_CTYPE? What OS are you on?
Hi all,
Gon軋lo Silva wrote:
On Oct 21, 2011, at 9:43 AM, Perry Smith wrote:
To try and cut to the core of the issue: in Ruby 1.8 it was common practice to use the String class to represent both "proper strings" as well as a "bag-o-bytes". In Ruby 1.9, you can only properly use the String class to represent "proper strings". For a "bag-o-bytes" we're left with Array, but there are times when Array is not the right abstraction (e.g. reading data from a socket, identifying a start and stop token, and writing the bytes between to a file on disk). Also, the "BINARY" encoding is not the right abstraction, because you still have an object which will worry about encodings and, due to Ruby always trying to do "the right thing", bugs can be very difficult to track down. Consider:
> What Ruby needs (IMHO), is the equivalent of Obj-C's NSData class. That is,
On Saturday, October 22, 2011 at 12:43 PM, Jon wrote:
[#40271] Can rubygems save us from "binary-compatibility hell"? — Yusuke Endoh <mame@...>
Hello, rubygems developers --
Dne 22.10.2011 4:48, Yusuke Endoh napsal(a):
On Oct 31, 2011, at 2:41 PM, V咜 Ondruch wrote:
Dne 1.11.2011 0:05, Eric Hodel napsal(a):
On Nov 1, 2011, at 2:03 PM, V咜 Ondruch wrote:
Forwarding this again to ruby-core as received a postmaster delivery failure.
Hello,
On Thu, Nov 10, 2011 at 4:38 PM, Yusuke Endoh <mame@tsg.ne.jp> wrote:
Hello,
2011/11/10 Yusuke Endoh <mame@tsg.ne.jp>:
Hello,
[#40281] [Ruby 2.0 - Bug #5470][Open] r33507 and r33508 break the build under MinGW — Luis Lavena <luislavena@...>
[#40284] set_trace_func changed? — Intransition <transfire@...>
Did something change about `set_trace_func` between 1.8.7 and 1.9.3?
[#40290] [ruby-trunk - Feature #5474][Assigned] keyword argument — Yusuke Endoh <mame@...>
More refinement below. I think we're on a good path here.
Hi,
On Wed, Oct 26, 2011 at 2:08 PM, Yukihiro Matsumoto <matz@ruby-lang.org>wrote:
Hi,
On Wed, Oct 26, 2011 at 7:30 PM, Yukihiro Matsumoto <matz@ruby-lang.org> wrote:
Hi,
On Thu, Oct 27, 2011 at 3:16 AM, Nobuyoshi Nakada <nobu@ruby-lang.org> wrote:
Hi,
Hi,
Hi,
See below.
Hi,
> |> It's Python way, and I won't take it.
[#40311] [ruby-trunk - Feature #5478][Open] import Set into core, add syntax — Konstantin Haase <Konstantin.Haase@...>
On 2011-12-04, at 16:15:00, Alexey Muranov wrote:
[#40312] [ruby-trunk - Feature #5479][Open] import StringIO into core, add String#to_io — Konstantin Haase <Konstantin.Haase@...>
On Tue, Oct 25, 2011 at 10:14:54PM +0900, Charles Nutter wrote:
My main request was to add String#to_io, as Aaron described, so this protocol can actually be used. This is the only reason why I proposed moving StringIO to core. We could also add String#to_io as a monkey-patch to String in stringio in the stdlib.
On Wed, Oct 26, 2011 at 02:22:21AM +0900, Haase, Konstantin wrote:
[#40314] [ANN] 2011 Call for grant proposals — Shugo Maeda <shugo@...>
Hello,
Hello,
> Ruby reference manual for you, me and everyoneApplicant: Yutaka Hara
[#40316] [ruby-trunk - Feature #5481][Open] Gemifying Ruby standard library — Hiroshi Nakamura <nakahiro@...>
On Tue, Oct 25, 2011 at 14:45, Intransition <transfire@gmail.com> wrote:
[#40322] [ruby-trunk - Feature #5482][Open] Rubinius as basis for Ruby 2.0 — Thomas Sawyer <transfire@...>
Come back when all 1.9 features and callcc are implemented :-)
(2011/10/25 12:46), Yusuke Endoh wrote:
On Mon, Oct 24, 2011 at 9:58 PM, SASADA Koichi <ko1@atdot.net> wrote:
On Tue, Oct 25, 2011 at 11:45 PM, Tim Felgentreff <tim@nada1.de> wrote:
[#40356] JIT development for MRI — Carter Cheng <cartercheng@...>
Hello,
Hello Charlie,
Hi,
Dear Koichi SASADA,
I noticed that you used context threading in YARV. Do you have some analysis
Thanks for reference.
Thanks Koichi.
On Wed, Oct 26, 2011 at 6:43 PM, Carter Cheng <cartercheng@gmail.com> wrote:
Hi Carter,
Thanks Koichi. How do profiling based approaches differ from trace recording
[#40412] [ruby-trunk - Bug #5486][Open] rb_stat() doesn’t respect input encoding — Nikolai Weibull <now@...>
On Fri, Oct 28, 2011 at 07:28, Usaku NAKAMURA <redmine@ruby-lang.org> wrote:
On Fri, Oct 28, 2011 at 08:14, Nikolai Weibull <now@bitwi.se> wrote:
On Sun, Mar 11, 2012 at 22:41, Nobuyoshi Nakada <nobu@ruby-lang.org> wrote:
Hello,
2012/3/15 U.Nakamura <usa@garbagecollect.jp>:
[#40427] cfp consistency error — Aaron Patterson <tenderlove@...>
Hi, I'm getting a cfp consistency error when I use trunk ruby. Here is
[#40453] Test case format — Jon <jon.forums@...>
I see no mention of a required (or preferred) test case format after reviewing:
2011/10/27 Jon <jon.forums@gmail.com>:
[#40489] [ruby-trunk - Bug #5497][Open] Math.log10(10_000) error on HP-UX/PA — The Written Word Inc <bugs-ruby@...>
[#40492] [ruby-trunk - Feature #5505][Open] BasicObject#__extend__ — Thomas Sawyer <transfire@...>
[#40527] [ANN] Ruby 1.9.3-p0 is out — "Yuki Sonoda (Yugui)" <yugui@...>
-----BEGIN PGP SIGNED MESSAGE-----
Hello,
On Sun, Oct 30, 2011 at 11:11 PM, Luis Lavena <luislavena@gmail.com> wrote:
On Sun, Oct 30, 2011 at 11:20 AM, Yugui <yugui@yugui.jp> wrote:
> On Sun, Oct 30, 2011 at 11:20 AM, Yugui <yugui@yugui.jp> wrote:
[#40562] [ruby-trunk - Bug #5525][Open] UDPSocket#bind(ip, port) fails under IPv6 => Errno::EAFNOSUPPORT — Iñaki Baz Castillo <ibc@...>
[#40571] [ruby-trunk - Bug #5529][Open] Bus error with Fibers on OSX Lion — Dave Thomas <dave@...>
[#40586] [ruby-trunk - Feature #5531][Open] deep_value for dealing with nested hashes — Kyle Peyton <kylepeyton@...>
[ruby-core:40389] [ruby-trunk - Feature #5481] Gemifying Ruby standard library
Issue #5481 has been updated by Martin Bosslet.
I really like the proposal. Just wanted to add one thought - if we add yet more power to the gem infrastructure, we should probably revisit the idea of offering code-signed gems. The theory exists [1], we could build on that. This might be slightly off-topic, so I apologize in advance, but I still feel it is relevant, especially when gemifying stdlib, please let me explain why.
If the stdlib gets gemified we will have even more gem downloads than today. I'm not talking about the bundled gems that would be accessed locally when building Ruby for the first time (wrt to this proposal), rather about "updating" and adding gems to an existing installation. Updating will be a crucial task in production - people would certainly show interest in being able to stay up to date as fast as possible regarding security fixes, performance improvements etc.
Currently, these gem downloads are entirely unprotected, so just imagine a production deployment that connects to the outside world using a company proxy. The guy operating the company proxy could have a lot of fun serving "customized" gems that do all sorts of evil - nobody would notice. Serving the gems over an non-secure channel is definitely a risk. This might not seem such a big deal at first glance, but just think about discussing your architecture with a bank or other high security environments. Those people constantly give us the "<<May we use Javascript?>> <<No. Not secure.>>" talk, so I could very well imagine that this is an issue when it comes to adopting Ruby in these environments. These people are often very conservative in their views, and even if they are still coding VB 6 GUIs and have no idea what they are talking about, still (in my own experience) they will readily accept *signed* Java applets... That's why I think offering signed gems would be helpful in
sending a signal to those "enterprisy" clients, if not only to take away their arguments.
What we often find in these situations are SHA-1 checksums or similar features published on the download site. If the site is served over http this has effectively *zero* additional security. An attacker would simply man-in-the-middle the HTML of the site, too, handing you a different hash. In addition, even when sent over https, let's face it, nobody really compares these hashes manually.
I see two relatively simple options for mitigation: either secure the transport channel on the transport layer using TLS or secure the payload itself and therefore sign the gem. I prefer the second solution because it "persists" the security of the gem, the signature is tightly coupled with the gem itself and persists once downloaded, so that for example local gem cache servers would still be an option (they wouldn't be in the TLS case, unless effectively re-signing the gems).
Please note that a code signature will of course not guarantee that the code is free of bugs or not malicious. The only security it will provide is that one can be sure that the gem itself has not been modified after the holder of the code signing certificate applied the signature. Not more, not less. This narrows your trust decision down to asking yourself the question whether you want to trust the certificate holder to have validated the code to do what it is supposed to do. The person signing the gem is the last person who was able to alter the code. After applying the signature, the gem is effectively sealed. So you would have to base your trust on two things. Whether you trust this person to not have altered the code in malicious ways and whether you trust that person to have validated the code to ensure its proper functionality. Although far from perfect, in my eyes this is still a major improvement over having no guarantee at all.
A problem with code signing gems is that nobody is to keen on buying a "real" code signing certificate to sign their code, but on the other hand nobody would be keen on trusting a self-signed certificate either. This is probably one of the major issues why code signing is a rarely used feature. Now since gems are stored in a centralized repository, a solution could be to not require the *authors* to sign a gem but to sign a gem on the RubyGems server immediately after uploading, using a certificate that is exclusively issued to RubyGems. Solving the problem of trusting one dedicated certificate is easy, there are several options that would still need to be discussed, but it is certainly doable. However, this would put the burden of managing this certificate and securing access to it on the shoulders of the RubyGems maintainers.
I would also suggest to keep this entirely optional. To be honest, as with all things security, this will possibly affect usability, additional configuration will likely be necessary to use the feature. So you will have to assess your individual risks - you might very well come to the conclusion that a feature like this is overkill in your individual situation. You should of course still have the option to ignore this entirely, much like today.
I talked briefly about the idea with Eric Hodel and Hiroshi Nakamura. Eric told me that similar ideas in this direction exist. I would really appreciate to hear opinions on this. If you feel that this would be indeed a good option, I would suggest to open a new issue for further discussion.
[1] http://docs.rubygems.org/read/chapter/21
----------------------------------------
Feature #5481: Gemifying Ruby standard library
http://redmine.ruby-lang.org/issues/5481
Author: Hiroshi Nakamura
Status: Open
Priority: Normal
Assignee:
Category: lib
Target version: 2.0
=begin
Up-to-date summary of this proposal is at ((<URL:https://redmine.ruby-lang.org/projects/ruby/wiki/StdlibGem>))
== Motivation
* ruby's release cycle is slow for some standard libraries;
* ex. security fix for WEBrick, xmlrpc and Zlib.
* ex. API iteration for net/http, OpenSSL, json, psych, RDoc, minitest and rake.
* There's already the feature called 'default gems' in ruby and some stdlibs are already using it:
* rake, rdoc, minitest, json, io-console, bigdecimal
* And some gems are already doing out-of-band releases.
* When releasing we should give independence equally to all stdlibs, but in a consistent and controllable way.
== Proposal
* Allow out-of-band stdlib releases.
* We are not proposing changes to ruby's release management, the release manager would decide when they release ruby and stdlib.
* Allow more stdlibs to be installed as a 'default gem'
* Register these gems on RubyGems.org
* Introduce a new mechanism: controlling supported ruby version so that we can avoid installing unexpected version of stdlib gems.
For example, a WEBrick gem for ruby 2.0.1 (released from ruby_2_0_1 branch) should not be installed for ruby 2.0.0 (released from ruby_2_0_0 branch) unless we know it works for both 2.0.0 and 2.0.1.
Note:
* Moving stdlibs repository location is not a target of this proposal. The implementation details of stdlib gems should hide this from ruby committers.
* ruby_1_9_3 is not a target of this proposal. The change should be introduced from 2.0.0 release.
...Some more details of the proposal and discussion topics are going to follow as comments.
=end
--
http://redmine.ruby-lang.org