Meeting notes 2012/05
39 views
Skip to first unread message
Jesse Hallett
May 1, 2012, 11:45:02 PM5/1/12
to pdx...@googlegroups.com
PDXRuby 2012/05
## Hangman
Setting the $SAFE global variable to a large number, like 4, allows a program to sandbox untrusted code. This prevents untrusted code from performing IO or manipulating code outside of the sandbox. A global variable set at the beginning of a lambda body is unset after the lambda exits, allowing safe execution to be scoped to the lambda itself.
Even at $SAFE level 4, you can reassign local variables outside of the sandox or create and throw new subclasses of Exception. However you cannot redefine methods.
Unlike local variables, global variables cannot be reassigned at $SAFE=4.
If you set $SAFE to 4 outside of a lambda then your whole program becomes subject to is high safe level and you cannot escape.
When told that they are not supposed to break out of a sandbox, Markus, Matt, and Reid can wreak much havoc. They managed to put together an exploit that could log input form anyone accessing the same sandbox. Do not do your math homework on a machine that Markus has access to.
## DCI (Data Context and Interaction), Keith Swallow
DCI is a set of conventions for creating reusable code that involves combining dumb data objects with role that add behavior. In Ruby roles can be implemented as modules. Individual objects can be extended with these modules.
Keeping logic in roles helps to prevent bloated model classes. You can keep your roles lean, and only add roles to model instances when you really need the corresponding behavior.
A potential problem is that DCI roles depend heavily on duck-typing - which could cause problems if roles are used in contexts that they are not exactly designed for.
Check out the Wikipedia entry on DCI for more information. There is also a paper in which the whole idea started.
Brian Ford recommends a book called "Object Design: Roles, Responsibilities, and Collaborations". Once you explore DCI you will start asking yourself questions like, "why does a Person know how to save itself?" Another book that Brian recommends is "Smalltalk: Best Practice Patterns". The author is working on a followup book targeted at Ruby.
Sam Livingston-Gray recommends "Objects on Rails", which is available on the web for free. He is also concerned that in DCI modules are written as though they can apply to multiple classes; but in practice they are targeted specifically at one class. You can address this by using Ruby's open class feature to namespace roles inside the classes that they target. But is can put you in a corner if you find that you want to apply a role to more classes later.
Markus has a theory on Rails model bloat as being related to a phenomenon observed in a study, which suggested that heavy, difficult to move objects in a physical work area tend to attract clutter. The SQL tables that ActiveRecord models are tied to are like those heavy, difficult to move objects.
## Heroku assets messed up sometimes
Jesse Cooke says that assets in his Heroku apps are messed up sometimes - for example Compass variables are sometimes not set correctly. What's up with that?
If you have a manifest.yml file in your app then Heroku assumes that your stuff is already compiled - so it won't compile stuff for you.
Jesse's apps are running on the Bamboo stack, which does not run requests through Varnish. So that's not the problem.
## Miscellaneous
Be really careful about requests to external services when running tests. For example, requests to a production Redis database on another server. Unlike your ActiveRecord database adapter, external service requests will generally not automatically switch over to a test server. Not only do these requests slow down your tests, but they can have interesting effects on your production data.
There is a new tool for making desktop apps called Freight Train.
## Who's hiring?
CrowdCompass is looking for a Ruby developer. They don't know which developer thay are looking for yet. Could it be you?
Paydici is looking Ruby developers. They need people to work at all levels of their application stack.
Gee, a lot of people are looking for web / Rails developer. Is anyone out there looking for people to work on non-web Ruby code?
Chuck Vose
May 1, 2012, 11:58:42 PM5/1/12
to pdx...@googlegroups.com
Thank you so much for these notes! I'm so glad I get to read them even
when I'm traveling on business!
-Chuck
> --
> You received this message because you are subscribed to the Google Groups
> "pdxruby" group.
> To post to this group, send email to pdx...@googlegroups.com.
> To unsubscribe from this group, send email to
> pdxruby+u...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pdxruby?hl=en.
when I'm traveling on business!
-Chuck
> You received this message because you are subscribed to the Google Groups
> "pdxruby" group.
> To post to this group, send email to pdx...@googlegroups.com.
> To unsubscribe from this group, send email to
> pdxruby+u...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pdxruby?hl=en.
Tyler Hunt
May 2, 2012, 12:13:45 AM5/2/12
to pdx...@googlegroups.com
On May 1, 2012, at 8:45 PM, Jesse Hallett wrote:
> Jesse's apps are running on the Bamboo stack, which does not run requests through Varnish.
Just a minor point of clarification here: it's the Cedar stack which doesn't have a caching proxy, and Bamboo which uses Varnish.
> Jesse's apps are running on the Bamboo stack, which does not run requests through Varnish.
This doesn't help resolve the issue, but hopefully it does help head off any additional confusion.
Tyler
Sam Goldstein
May 2, 2012, 12:25:50 AM5/2/12
to pdx...@googlegroups.com
Awesome notes Jesse. Thanks!
Gee, a lot of people are looking for web / Rails developer. Is anyone out there looking for people to work on non-web Ruby code?
New Relic is still looking for an engineer to work on newrelic_rpm gem team. I'd say this qualifies as non-web.
~sam
~sam
Bob Lehman
May 2, 2012, 2:04:19 AM5/2/12
to pdx...@googlegroups.com
On Tue, 2012-05-01 at 23:58 -0400, Chuck Vose wrote:
> Freight Train
I was unable to attend - is there a URL for Freight Train? I googled up
but came up with an app that does UK shipping rates.
Thanks
--Bob
--
Bob Lehman
Email: bleh...@comcast.net
Mobile: (503)888-1471
> Freight Train
I was unable to attend - is there a URL for Freight Train? I googled up
but came up with an app that does UK shipping rates.
Thanks
--Bob
--
Bob Lehman
Email: bleh...@comcast.net
Mobile: (503)888-1471
Jesse Cooke
May 2, 2012, 2:09:13 AM5/2/12
to pdx...@googlegroups.com
On Tue, May 1, 2012 at 11:04 PM, Bob Lehman <bleh...@comcast.net> wrote:
On Tue, 2012-05-01 at 23:58 -0400, Chuck Vose wrote:
> Freight Train
I was unable to attend - is there a URL for Freight Train? I googled up
but came up with an app that does UK shipping rates.
Thanks
--Bob
--
Bob Lehman
Email: bleh...@comcast.net
Mobile: (503)888-1471
Reply all
Reply to author
Forward
0 new messages