[#45382] [ruby-trunk - Feature #6530][Open] Improve Racc documentation coverage — "zzak (Zachary Scott)" <zachary@...>
5 messages
2012/06/02
[#45431] [ruby-trunk - Bug #6548][Open] Rake doesn't ignore arguments after -- — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
12 messages
2012/06/05
[#45441] [ruby-trunk - Bug #6550][Open] crash 1.9.3 — "mrbrdo (Jan Berdajs)" <mrbrdo@...>
8 messages
2012/06/06
[#45442] 1.8.7 to come this month — Urabe Shyouhei <shyouhei@...>
Hello. As I wrote before I will release a 1.8.7 patchlevel in this month.
5 messages
2012/06/06
[#45474] [ANN] Request for "slide-show" of your feature proposal — Yusuke Endoh <mame@...>
(Japanese later; 日本語が後にあります)
18 messages
2012/06/07
[#46009] Re: [ANN] Request for "slide-show" of your feature proposal
— Aaron Patterson <tenderlove@...>
2012/06/30
On Thu, Jun 07, 2012 at 11:59:12PM +0900, Yusuke Endoh wrote:
[#45483] Re: [ANN] Request for "slide-show" of your feature proposal
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2012/06/07
Is this what you were talking about?
[#46332] Re: [ANN] Request for "slide-show" of your feature proposal
— Roger Pack <rogerdpack2@...>
2012/07/11
> * at most THREE proposals per person
[#45552] [ruby-trunk - Bug #6571][Assigned] Time.mktime Y2K38 problem on 1.9.3p125 i386-mingw32 — "MartinBosslet (Martin Bosslet)" <Martin.Bosslet@...>
10 messages
2012/06/10
[#45563] [ruby-trunk - Bug #6573][Open] Webrick test failures — "bkabrda (Bohuslav Kabrda)" <bkabrda@...>
19 messages
2012/06/11
[#45589] Developers' meeting (7/21) — Yusuke Endoh <mame@...>
Hello, committers
10 messages
2012/06/12
[#45623] Re: Developers' meeting (7/21)
— Yusuke Endoh <mame@...>
2012/06/13
Four seats are now left.
[#45647] [ruby-trunk - Bug #6592][Open] test_call_double(DL::TestDL) fails on ARM HardFP — "vo.x (Vit Ondruch)" <v.ondruch@...>
15 messages
2012/06/14
[#45664] [ruby-trunk - Bug #6596][Open] New method for Arrays : Array#index — "robin850 (Robin Dupret)" <robin.dupret@...>
20 messages
2012/06/15
[#45694] [ruby-trunk - Feature #6602][Open] Tail call optimization: enable by default? — "ko1 (Koichi Sasada)" <redmine@...>
12 messages
2012/06/18
[#45715] [ruby-trunk - Feature #6609][Open] Toplevel as self extended module — "trans (Thomas Sawyer)" <transfire@...>
17 messages
2012/06/19
[#45732] [ruby-trunk - Bug #6614][Open] GC doesn't collect objects bound to (collectable) proc — "rogerdpack (Roger Pack)" <rogerpack2005@...>
9 messages
2012/06/20
[#45735] [ruby-trunk - Bug #6616][Open] MinGW: cannot build extensions or run tests due changes in exec_arg? — "luislavena (Luis Lavena)" <luislavena@...>
9 messages
2012/06/21
[#45749] [ruby-trunk - Bug #6616] MinGW: cannot build extensions or run tests due changes in exec_arg?
— "phasis68 (Heesob Park)" <phasis@...>
2012/06/21
[#45785] How can I contribute? — David Albert <davidbalbert@...>
Hello ruby-core,
6 messages
2012/06/22
[#45798] [ruby-trunk - Bug #6634][Open] Deadlock with join and ConditionVariable — "meh. (meh. I don't care)" <meh@...>
20 messages
2012/06/23
[#45805] [ruby-trunk - Feature #6636][Open] Enumerable#size — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
15 messages
2012/06/23
[#45822] [ruby-trunk - Feature #6641][Open] Hash.auto constructor — "trans (Thomas Sawyer)" <transfire@...>
9 messages
2012/06/25
[#45864] [ruby-trunk - Bug #6647][Open] Exceptions raised in threads should be logged — "headius (Charles Nutter)" <headius@...>
71 messages
2012/06/25
[#45866] [ruby-trunk - Bug #6647] Exceptions raised in threads should be logged
— "rue (Eero Saynatkari)" <redmine@...>
2012/06/25
[#45878] [ruby-trunk - Feature #6649][Open] Add new set_trace_func events "b-call", "b-return" — "ko1 (Koichi Sasada)" <redmine@...>
8 messages
2012/06/26
[#45887] [ruby-trunk - Bug #6650][Open] Fixing win32ole test errors — bosko (Boško Ivanišević) <bosko.ivanisevic@...>
10 messages
2012/06/26
[#45916] [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT' — "stomar (Marcus Stollsteimer)" <redmine@...>
6 messages
2012/06/27
[#45922] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Tanaka Akira <akr@...>
2012/06/28
2012/6/27 stomar (Marcus Stollsteimer) <redmine@ruby-lang.org>:
[#45935] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Marcus Stollsteimer <sto.mar@...>
2012/06/28
Am 28.06.2012 02:29, schrieb Tanaka Akira:
[#45940] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Tanaka Akira <akr@...>
2012/06/28
2012/6/28 Marcus Stollsteimer <sto.mar@web.de>:
[#45925] Commit bit in GitHub mirror? — Luis Lavena <luislavena@...>
Hello,
6 messages
2012/06/28
[#45926] Re: Commit bit in GitHub mirror?
— Urabe Shyouhei <shyouhei@...>
2012/06/28
Hello, this is svn -> git gateway admin.
[#45958] [ruby-trunk - Feature #6668][Open] Multiple assignment should not return an Array object — "headius (Charles Nutter)" <headius@...>
7 messages
2012/06/29
[#47584] [ruby-trunk - Feature #6668] Multiple assignment should not return an Array object
— "headius (Charles Nutter)" <headius@...>
2012/09/19
[#45960] [ruby-trunk - Feature #6669][Open] A method like Hash#map but returns hash — "yhara (Yutaka HARA)" <redmine@...>
18 messages
2012/06/29
[#45983] [ruby-trunk - Bug #6675][Open] Raise exception when convert encoding of a character from GBK to UTF — "mghomn (Justin Peal)" <yujianbin@...>
5 messages
2012/06/30
[#46020] [ruby-trunk - Feature #6678][Open] Precedence of ^ operator — "trans (Thomas Sawyer)" <transfire@...>
6 messages
2012/06/30
[#46021] [ruby-trunk - Feature #6679][Open] Default Ruby source file encoding to utf-8 — "claytrump (Clay Trump)" <clay.trump@...>
21 messages
2012/06/30
[#46080] [ruby-trunk - Feature #6679][Assigned] Default Ruby source file encoding to utf-8
— "mame (Yusuke Endoh)" <mame@...>
2012/07/01
[#46653] [ruby-trunk - Feature #6679] Default Ruby source file encoding to utf-8
— "mame (Yusuke Endoh)" <mame@...>
2012/07/23
[ruby-core:45532] Re: [ruby-trunk - Feature #6492][Open] Inflate all HTTP Content-Encoding: deflate, gzip, x-gzip responses by default
From:
Eric Wong <normalperson@...>
Date:
2012-06-09 05:03:19 UTC
List:
ruby-core #45532
Eric Hodel <drbrain@segment7.net> wrote:
> On Jun 8, 2012, at 5:28 PM, Eric Wong <normalperson@yhbt.net> wrote:
>
> > I like Net::HTTP being able to inflate compressed responses.
> >
> > However, I think doing this by default is exploitable by an evil server.
> > A server could compress a huge file of zeroes to trigger an
> > out-of-memory conditions in existing code that uses Net::HTTP.
> Net::HTTP#get does this by default already, this patch (and #6494)
> make this the default for all requests.
I've always considered Net::HTTP#get (or anything where slurping is done
blindly) dangerous when talking to untrusted servers regardless of gzip.
> If you aren't using the API to handle a compressed 100MB request
> (Net::HTTPResponse#read_body with a block) you probably can't handle
> an raw 100MB response, so what is the difference besides bandwidth
> cost of the server?
With your patch, I'm getting 16M chunks from read_body. Maybe on newer
systems, 16M is "safe" to slurp in memory. I think it's too big, but I
may also be a dinosaur :)
Also, HTTP servers may blindly send Content-Encoding:gzip data
regardless of whether the client requested with Accept-Encoding:gzip or
not. I seem to recall reading of a major website that forces gzip on
visitors regardless of their Accept-Encoding:.
------------------------------ 8< -----------------------------
require 'uri'
require 'net/http'
# feel free to use this URL for testing
uri = URI('http://yhbt.net/x')
Net::HTTP.start(uri.host, uri.port) do |http|
request = Net::HTTP::Get.new(uri.request_uri)
request["Accept-Encoding"] = "gzip"
http.request request do |response|
response.read_body do |chunk|
p [ chunk.bytesize ]
end
end
end
------------------------------ 8< -----------------------------
I only used "gzip -9" to generate this test example, I'm not sure if
there are ways to use zlib to compress even more aggressively.
Achieving bzip2-level compression ratios would be very scary :)
dd if=/dev/zero bs=1M count=1000 | bzip2 -c -9 | wc -c
=> 753