Ruby Proc
I was looking at ruby proc while researching the best way to do mapping in ruby (xml-db and db-xml mappings) and ran across this blog posting on procs. The flexibility of ruby never ceases to amaze me.
http://www.ntecs.de/blog/Tech/Programming/Ruby/RubyMethodNamingConsistency.rdoc
OSCON Slides
Update: Received an email from oreilly listing all the slides from the conference…
I have been meaning to go back and collect the ruby slides from OSCON and finally got around to it.
Dependency Injection: Vitally Important or Totally Irrelevant
Yield to the Block: The power of Blocks in Ruby
I could not find Dave Thomas’ slides on the net in 1 minute or less. But I did find a ruby presentation I did not attend…
10 Things Every Java Programmer Should Know About Ruby
And some ajax stuff too…
Tourette Syndrome
I’m sure it sounds like I have tourette’s syndrome today. I’m trying to configure Windows Server 2003 Terminal Services with a Windows 2000 domain controller.
!@#$%^!
I think it would be easier for me to birth a baby than to configure a microsoft server environment.
Postgres on OSX
I’m finally ramping up for longer term development on OSX. I have been impressed with the platform for the most part. Small things are annoying, like zip corrupting files you are zipping (a friend tells me this is in part due to backward compatibility with OS 9)
I’m doing all my database work with Postgres When I first went about setting up postgres, you basically had to compile it yourself or use something like fink. I was not really happy with those solutions. After coming back from OSCON, I discovered a postgres installer from druware.com. This rocks. Point, Click, Install. In recent years, I have grown tired of building software myself after doing it for so many years on linux.
Now to access postgres from ruby and rails, you need to install the postgres driver for ruby. Change the gcc complier to 3.3 and install the postgres gem. If you have not used used any ruby libraries with compiled C extensions, you must first fix the version of ruby that ships with Tiger. with RubyGems installed, do
precode
deathstar:~ doug$ sudo gem install fixrbconfig; sudo fixrbconfig (only if broken osx ruby)
deathstar:~ doug$ sudo gcc_select 3.3
deathstar:~ doug$ sudo gem install postgres — —with-pgsql-dir=/Library/PostgreSQL8
/code/pre
(You have to tell rubygems where druware installed postgres)
Now you are ready to start doing postgres development with ruby.
If you are using postgres on OSX, the installer from druware is definitely worth checking out.
Dependency Injection: Vitally Important or Totally Irrelevant
by Jim Weirich
Slides at http://onestepback.org/articles/depinj
Is Dependency Injection vitally important in a dynamically typed language
- Short version – no
- Medium version – maybe
- Long version – don’t know
Who are you? Perhaps not who you think you are.
Building a computer controlled coffee maker. When coffee in put – burner should be on. When pot not in or no coffee in put – burner should be off.
Talks about the problem of Concrete classes being tied together and show some solutions in java and ruby (ruby modeled off java code). Push problem out by using interfaces, constructor args, getter/setters, etc but problem is just moved from one place to another.
One solution – factory pattern. But… cumbersome and invasive (examples)
Another solution – Service Locators – invasive, order dependent (examples)
Goes through a typical dependency injection system in ruby: DIY module
Gains: Flexibility and Testability Losses: complexity and indirection
This makes sense in java, but what about ruby?
Based dependency injection example in ruby on how java classes work.
Java classes are hard
- Not objects
- (mostly) source code constructs
- unchangable at runtime
- Class name directly identifies class
Ruby Classes are soft
- Just objects
- Runtime live
- changable at runtime
Is Dependency Injection relevant in dynamic languages – perhaps on very large projects, but the jury is still out.
OSCON 2005 – MetaProgramming
presenation by Glenn Vanderburg
What is meta programming? It’s Programming your programming language
Rubyist have been discovering metaprogramming. Ruby style and idioms are still changing and adapting
Ruby good for metaprogramming b/c
- Dynamic and reflexive – everything is open – blocks allow writing new control structures – most declarations are executable statements – only slightly less malleable than lisp (no macros) – unobtrusive
Examples…
attr_reader, attr_writer, and attr_accessor.
if written in ruby attr_reader would be written like (actually written in C )
precode
class Module
def attr_reader(*syms)
syms.each do |sym|
class_eval %{ def #{sym}
@#{sym}
end
}
end
end
/code/pre
Speaker goes through several implementations over time of different ways different people did metaprogramming with ruby.
How to think about metaprogramming
- Definiting new constructs for your programming Language
- so what do the constructs to? whatever you domain needs it to do.
Another way to think about metaprogramming is a new set of conceptual tools for eliminating duplication (and other smells) from your code.
And another way to think about it is how rails does it – almost as if you can talk you code – PersonTable has_a :name
Most DSLs also deal with other things ou don’t usually find in general-purpose languages
- Context dependence
- commands and sentences
- Units
- Large vocabularies
- Heirachy
Contexts – context for a new set of statements – a new scope (not in 1.8, but in 1.9)
precode
Struct.new(“Interval”, :start, :end) do
def length
@start – @end
end
end
/code/pre
Backend code looks like if you wanted to add it to 1.8
precode
class Struct
initialize(*args, block)
struct_class = #define struct using args
struct_class_class_eval(block) if block_given?
end
end
/code/pre
Another example of context from Systir system testing tool
precode
add_user {
name “Charles”
password “secret”
priviliges normal
}
/code/pre
Commands and Sentences
Multipart complex statements
ex. field(autoinc, :reg_id, pk)
Overall, it’s just a methodcall – the first parameter – the type – is a method call
precode
def autoinc
return FieldType::AutoInc.instance
end
/code/pre
Units
Domain specific – general purpose language deals with scalars – programs must maintain their knowledge
ex 3.days.from_now
Watch out for operator overloading
precode
class Numeric
def days
self * 60
end
end
/code/pre
Large Vocabularies
override method_missing
Usage:
Roman.XXII
Roman.CCIX
precode
class Roman
def self.missing_method(method_id)
str = method_id.id2name
roman_to_int(str)
end
def roman_to_int(string)
…
end
end
/code/pre
Resources:
http://www.vanderburg.org/Speaking/Stuff/oscon05.pdf
http://hypermetrics.com/rubyhacker/coralbook/
OCON2005 – The Latest and craftiest attacks and penetration Techniques and tools
by Nitesh Dhanjani
Closed source tools not good for monitoring your own networks. Lots of times they give false positives and there is no way to verify whether the positive is correct or not.
- Methodology
- finding vulnerabilities using Google.com
- Using the Nessus framework
- Web application vulnerabilities
- Other useful AP tools
Attack and penetration methodology
- Discovery (whois, traceroute, search engines, etc)
- Scanning (ping sweeping, port scanning – find the live computers and scan)
- Enumeration (service Identification, banner grabbing)
- Exploiting known vulnerabilities (research on internet)
- Installing rootkits/cleaning logs (ador on linux)
Googling for Vulnerabilities
- Find private information that inadvertently have been made public
- Stealth: find info on google – does not tell site you are looking at them (especially w/ google cache)
- looking for patterns /*/admin
- looking for error messages
- find vnc desktops “VNC Desktop” inurl:5800 – no username – only passwords – user password generators to crack
- Webcams – /view/view.shtml axis /ViewerFrame?Mode=Motion /home/homeJ.html sample/LvAppl/ etc
Go to oreilly.net and search for his name for article on how to do this.
The Nessus Framework
- utomated vulnerability scanner
- Opensource
- Client Server Arch
- Extend (write plugins) using NASL (Nessus Attack Scripting Language)
Writing a simple NASL Plugin
Web application serves /src/passwd.inc
This file contains username and passwords
the plugin will scan for this vulnerability and report it as a security whole (severe)
precode
if(description)
BLOCK
script_category (ACT_GATHER_INFO)
script_family (english:“CGI abuses”)
script_copyright(english:“foo bar baz”)
include (“http_func.inc”);
port = get_http_port(default:80)
if (… vunerability…)
report it
end
/code/pre
SQL Injection
causes: Dynamic SQL and lack of input validation
Authors preference for SQL injection prevention are stored procedures.
There is also Blind SQL Injection. Does not rely on verbose SQL error messages. Attempt to fetch database data. Check out Absinthe ( http://0×90.org/ )
Cross Site Scripting (XSS)
- Occurrs when a webapplication does not html output encode user supplied data
- Example http://example.com/cgi-bin/welcome?cgi?text=lt;scriptgt;alert(document.cookie);lt;/scriptgt;
- Replace above example with any JS Code (steal cookies, hijack users sessions)
Burp Proxy
- Java based HTTP web proxy
- Alter http GET and POST requests on the fly
- get it from http://
Other tools -
- Metasploit (point, click,root) Framework for developing and testing exploit code – http://metasploit.com
- Wikto: automated google and webserver vulnerability scanning (and much more)
- http://sensepost.com/research/wikto/
- Ettercap Network MITM attacks, content filtering, sniffing, etc http://ettercap.sourceforge.net/
- Whax – live linux distro – Most AP tools/exploits included – http://iwhax.{com/net/org}?
- good book is Network Security Tools – O’Reilly
Update Doh! Guess what – typo does not escape the content of a blog post. So when I posted the straight text, I started getting javascript popups with my session id an name from the above javascript code – updated to escape with lt gt symbols.
Customizing Mac OSX using opensource
by Jordan Hubbard + Kevin Van Vechten
recompiling software which come pre-built w/ osx
Darwin is the os core of osx. Includes kernel, IOKit families, and BSD commands and libraries.
Darwin source – developer.apple.com/darwin || darwinsource.opendarwing.org
.tar.gz snapshots organized by release.
OpenDarwin – community run site w/ standard opensource tools (bugzilla, cvs, irc, etc)
Webkit – webkit.opendarwind.org. Based on khtml/kjs
can progress live
DarwinPorts – similar to FreeBSD ports system. 2,500+ ports. Easy customization wiht “Variants”
Fink – Based on debian packages. 5K+ ports – offers pre-built packages.
Building Darwin
- know objective
- only replace system when necessary
- beware of software updates (have to re-apply mods)
- make backups
Potential Problems
- Default compiler problems (different gcc version)
- environment variables
- build aliases
- no private headers
- no static libraries
user __gcc_select__ to change and report compiler versions
environment variables (where system looks for some things)
- SRCROOT (src files)
- OBJROOT (object files)
- SYSROOT (debug bin)
- DSTROOT (final bin)
Variables (compile)
- MACOSX_DEPLOYMENT_TARGET (10.4)
- RC_RELEASE (Tiger)
- UNAME_RELEASE (8.0)
- RC_ARCH (ppci386)
- RC_ProjectName (name of project being built)
And many more compile time variables
Missing header files – private headers (ex. /usr/local/streams/streams.h /usr/local/lib/libkld.a)
No internal tools /usrl/local/kextool? – for building kernel modules
DarwinBuild – handles all the above incompatibilities
precode
- darwinbuild -init AC46 (ac46 is engineering build number)
- darwinbuild project_name
- darwinbuild bash
/code/pre
This will download sources build (missed point in which you could patch source) and install new binary
OSCON 2005 – Yield to the Block: The power of Blocks in Ruby
with Matz (ruby’s father)
Interesting presentation. Valuable information, but slides moved really quickly.
One of ruby’s biggest strengths is blocks.
Increasing in popularity. 65 attendees at rubyconf in 2004 – over 200 pre-registrations for rubyconf in 2005. Reflects growing popularity of ruby.
Why? Hacker preference and killer application
Rails brought ruby to the limelight.
Blocks are unique and powerful in ruby. You can think of blocks as high order function
Martin Fowler reference is a good intoduction to closures and blocks.
Most of the rest of the presentation were code examples which Matz went over very quickly.
Quote from Matz
You (the audience) should have better japanese than I have english.
OSCON 2005 – Thursday Keynote
Arrived about 15 minutes late…
Transforming Software Architecture into Internetwork Architecture
- Not tied to any platform
- Extensible
- Generic – general purpose
- Federated
- Identifier, Formats, and Protocol Standards
Internetwork Architecture of Global trade mirrors Internet/Sofware architecture. Standard containers and standard port protocol.
DHH
Secrets behind Ruby on Rails (same talk given at FOSCON)
Ruby on rails is an integrated stack of integrated frameworks. Ships with O/R mapper, MVC controller, etc. In other words a bunch of stuff that makes web developers happy!
Has had ~100k downloads in the last year.
Has created an ecosystem of people either partly or fully earning a living from developing w/ Rails.
250+ professionals from 36 countries. More than 5K+ weblog posts says Technorati. First book already has 6K+ orders. 7 more books coming. Definite interest and buzz around Rails.
Why is rails interesting?
- convention over configuration (no xml situps – how many time do you have to tell the computer to do the same thing?)
- As long as you follow the rails conventions, you don’t really have to do any configuration. But if you need to step out of the convention, rails supports it.
precode
class Post ActiveRecord::Base
belongs_to :weblog
has_many :comments
has_one :author, :class = Person
end
/code/pre
For example, there is no Author object in the database, so you can override the default and map it to Person (has_one line above)
- Change is instant. Goal for rails was instant changes. Make a code or db change, refresh webbrowser, and you see your changes. No redeployment, no re-compilation, just save and referesh browser.
- This is built in functionality of Ruby, not Rails. Ruby has Introspection, Open Classes, and you can execute code in class definitions.
- Rails ships as a complete, integrated, and familiar stack. Gives you everything you need out of the box. Might seem like that reduces your freedom and flexibility but actually gives you more. Kinda like Apple computer. You buy the way they do things from hardware to software. Everything works and works well. That eliminates many of the problems with OS such as windows or linux and allows you to run and solve problems. (may have paraphrased the Apple computer comparison from last night FOSCON)
- Flexibility is overrated. Too many technologies are chasing technologies as if flexibility were free. Rails trumps flexibility and you get alot in return. Constraints are liberating. Don’t have to worry about all that infastructure and can solve problems.
HP w/ Linux (more vendor wind…)
and more wind, and more wind, and more wind touting how important opensource software is and how cool linux is. Thank you Mr. Obvious. Now talking about how much HP does for opensource. Thank you, that’s very valuable but I don’t think it earns you a spot as a keynote speaker.
Computational Origami
Origami is the japanese art of paperfolding. Decorative abstract stapes. The modern extenstion is sculptural art achieved by folding paper, usually folded from one piece of paper.
Showing picture of origami folded from one piece of paper – incredible. One sheet, no cuts, only folding. Wow!
So what changed in the world of origami that change the old way of using several sheets of paper to the artsy form of today? Mathmatics.
Can model on computer and translate to paper. Take a stickfigure, measure all the lengths and construct a set of equasions. Then can solve for the crease pattern. Has a program called TreeMaker available for download that aids with this.
Applications in the real world
Space telescopes, automotive applications to name a few. Speaker designed a lense for a sattelite/space telescope. Needed to compact it to put it into space. How did they get it on the shuttle? Origami creases to reduce size.
Airbags – used to design how an airbag flattens inside the steering wheel of a car.
Mitchell Baker Chief lizard wrangler
Portland U. Now distributes mozilla/firefox downloads – bouncer – distributes load for mozilla/firefox downloads. Portland U. is the “hub” for all the downloads.
Started a commercial (for profit) mozilla arm to pay ongoing development, be able to accept money from online ads, etc.
Lastly, Dick ? from Identity20.com (perhaps .org) was speaking. Very good speaker about and good presentation about the next generation of identity management and why stuff like Passport did not work.