I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Deep dive into Ruby's require - RubyConf Taiwan 2023Hiroshi SHIBATA
Ā
Since Ruby's bundled and default gems change every year with each release, some versions may suddenly happen LoadError at require when running bundle exec or bin/rails, for example matrix or net-smtp.
In this presentation, I will introduce the details of the functionality that extends Ruby's require to provide guidance to users on what they can do to load them. And I will also show how $LOAD_PATH is build behind Ruby and Rails by Bundler.
The Future of library dependency manageement of RubyHiroshi SHIBATA
Ā
The document discusses the integration of package ecosystems in Ruby. It covers RubyGems and Bundler, which are used to manage library dependencies in Ruby projects. The document outlines challenges with bundler integration and the roadmap for improvements in RubyGems 4.0, Bundler 2.1, and features coming in Ruby 3.0 like pattern matching and gamification of standard libraries.
The secret of Release story discusses how Ruby is released and distributed to the world. It covers:
1. The Ruby core team which maintains and releases Ruby.
2. The release cycle and process which aims to release every Christmas with preview releases and backporting of fixes.
3. The *.ruby-lang.org domains which are controlled by Matz and host official Ruby resources like documentation, packages, and repositories.
4. Tools for installing Ruby from source like rbenv and ruby-build.
5. Experimental Ruby snap packages which package Ruby as self-contained binaries.
6. Plans to migrate the source code repository from Subversion to Git hosted on git.ruby-lang.org.
The document discusses how the Ruby programming language is developed and released. It describes the Ruby core team and committers, release cycles, backporting fixes, testing on various platforms via Ruby CI, packaging and distributing releases, handling security issues, and the *.ruby-lang.org domains. It also discusses moving the source code repository from Subversion to Git and migrating development tools and processes.
This document contains information about a NodeWay project. It discusses:
- The author's background including 7 years in IT, 3 years at SoftServe, and as an Application Architect.
- An agenda for a presentation on NodeWay in the author's project and dreams, including discussions of Node.js, installation, project architecture, statistics, code health goals, and the development process.
- Details on the project which included 2 years of development by 10 scrum teams, 59 modules, 3,200 JavaScript files, and 200,000 lines of code. It discusses improving code health from a starting point of over 1,800 violations and 28.3% test coverage.
Go After 4 Years in Production - QCon 2015Travis Reeder
Ā
Being one of the first companies (Iron.io) to use Go in production, the first to publicly hire Go developers and organizers of the largest Go meetup in the world, Travis has a unique perspective on the language and the community around it. Since we started using it, it has become one of the fastest growing languages and is being used in almost all startups (and non-startups) in some way or another. After making the switch from Ruby to Go - thereās plenty to be said after 4 years. A discussion on performance, memory, concurrency, reliability, and deployment are key to exploring Go and itās value in Production. See how itās worked for Iron.io, strategies for finding talent and explore the community.
1. The first step of package management integration discusses integrating Bundler into RubyGems to provide bundled gems as the default package management solution.
2. What's happened in Ruby 2.6 discusses updates to RubyGems 3 and Bundler 2 that dropped support for older Ruby versions and integrated Bundler fully into Ruby 2.6 as the default package manager.
3. BugMash after releasing Ruby 2.6 summarizes issues that came up after Ruby 2.6's release regarding path injection problems with LOAD_PATH, invalid gemspec generation by the installer, and Bundler version switching on Heroku.
The document discusses software as a service (SAAS) and why the company Viridian chose to use the Ruby on Rails web application framework. It notes that Rails allows for lower entry costs than other options due to reduced server maintenance needs and flexibility. It also summarizes some key advantages of Rails like its convention over configuration approach and support for modern technologies. The document provides resources for learning Rails including dev environments, tutorials, and open source projects to review.
This document discusses using the mruby programming language as middleware code. Some key points:
- mruby allows embedding Ruby code into middleware applications like web servers. This provides a powerful programming environment for Rubyists to write middleware code.
- ngx_mruby is an example of using mruby with the nginx web server. It allows placing Ruby code handlers and variables in the nginx configuration file.
- Advantages of mruby include producing a single binary without separate Ruby files, and ability to embed Ruby runtime and code directly into middleware applications like web servers.
- The document demonstrates sample ngx_mruby code for content handlers, variables, and initialization/worker scripts. It
This document introduces mruby, a lightweight implementation of the Ruby programming language designed for embedded systems. It discusses how mruby compiles Ruby code to bytecode that can run on embedded devices with limited memory and processing power. Key points include mruby's small memory footprint, ability to dynamically link libraries, and benefits for cross-platform development and testing of embedded software. Examples of mruby usage include user interfaces, networking applications, and initialization scripts.
1. The document discusses security topics related to Ruby including defining vulnerabilities, triage policies, and the RubyGems.org workflow.
2. It describes how vulnerabilities are reported and coordinated between developers, and outlines the process of code fixes, releases, and disclosure.
3. Recent attacks on RubyGems.org are reviewed, highlighting account hijacking and typo squatting issues. Solutions discussed include not reusing passwords, using strong unique passwords, and enabling two-factor authentication.
Youāve taken your first steps into Node.js. Youāve learned how to initialize your projects, youāve played with some dependencies, and youāre ready to get into some serious Node work. In this session, weāll dive further into Node as a framework. Weāll learn how to master Nodeās inherently asynchronous nature, take advantage of Nodeās events and streams capabilities, and learn about sophisticated Node deployments at scale. Participants will leave with a richer understanding of what Node has to offer and higher confidence in dealing with some of Nodeās more difficult concepts.
RailsConf 2022 - Upgrading Rails: The Dual Boot Waymtoppa
Ā
Upgrading Rails is easy, right? Sure, as long as you are upgrading your patch version. A Rails upgrade for a big application is not a trivial project: It took GitHub a year and a half to upgrade from Rails 3.2 to 5.2.
While upgrades have become easier with every new Rails version, your application has only become more complicated with every new dependency you added.
In this workshop you will learn a proven Rails upgrade process for major and minor version changes of Rails. You will leave this workshop with a roadmap to upgrade your Rails application.
(java2days) Is the Future of Java Cloudy?Steve Poole
Ā
This document discusses how Java can remain relevant in the future by evolving to meet new demands and competing technologies. It provides the results of several microbenchmarks comparing Java to other languages like Node, Swift, Go, Python and Ruby. The benchmarks show Java performing competitively in most cases. The document argues that Java's strengths like being type safe, garbage collected, and able to run on all platforms position it well for cloud, data analytics and machine learning workloads. It outlines IBM's plans to invest in Java and related open source projects to accelerate innovation and ensure Java remains the platform of choice.
https://www.learntek.org/cucumber-testing/
https://www.learntek.org/
Learntek is global online training provider on Big Data Analytics, Hadoop, Machine Learning, Deep Learning, IOT, AI, Cloud Technology, DEVOPS, Digital Marketing and other IT and Management courses.
It's a Jungle Out There ā IoT and MRubymatustomlein
Ā
This document discusses the Internet of Things (IoT) and challenges in developing applications for embedded devices that are part of the IoT. It introduces MRuby, a lightweight Ruby interpreter that can run on embedded devices and overcomes some of the challenges. MRuby allows developing applications using Ruby syntax and deploying them to many different embedded devices. It has very low memory usage and can be integrated into C applications. The document argues that MRuby is well-suited for developing IoT applications where logic runs both on devices and in the cloud.
The document discusses the strategy for building and testing the programming language Hiroshi. It covers:
1. The Ruby Core team which maintains the language and includes over 80 volunteers.
2. The testing strategy for Ruby which involves testing at different levels from the interpreter to libraries. Extensive tests are run on Linux, Windows and macOS.
3. The CI environments used for Ruby development including GitHub Actions, Travis CI and AppVeyor, as well as internal VM clusters. Test results are collected on Ruby CI and discussed on Slack.
Similar to Introduction of Cybersecurity with OSS at Code Europe 2024 (20)
How to develop the Standard Libraries of Ruby?Hiroshi SHIBATA
Ā
I maintain the RubyGems, Bundler and the standard libraries of the Ruby language. So, I've been extract many of the standard libraries to default gems and GitHub at Ruby 3.0. But the some of libraries still remains in only Ruby repository. I will describe these situation.
Dependency Resolution with Standard LibrariesHiroshi SHIBATA
Ā
The document discusses the roadmap for RubyGems and Bundler integration with Ruby 3.0. Key points include:
1) RubyGems 3.1 and Bundler 2.1 were recently released with improvements like lazily loading default gems.
2) Future versions will continue merging the projects, with RubyGems 3.2/Bundler 2.2 integrating into Ruby 2.8.
3) Ruby 3.0 will focus on "gemifying" standard libraries by extracting them to default gems, though some may be excluded.
4) This will require addressing issues around dependency and version resolution for the new default gems.
The document discusses the roadmap for integrating RubyGems and Bundler, including gemifying standard Ruby libraries for Ruby 3. Key points include:
1) RubyGems and Bundler repositories and teams have been merged into a monorepo to more closely integrate the projects.
2) The roadmap includes releasing RubyGems and Bundler versions simultaneously and potentially bumping to RubyGems 4.0 synchronized with Ruby 3.
3) Standard libraries will be extracted to default gems for Ruby 3, aiming to publish all to default gems except those using internal APIs.
4) Issues around dependency resolution and versioning of default gems need to be addressed in the integration.
The Future of library dependency management of RubyHiroshi SHIBATA
Ā
The document discusses the integration of package management in Ruby. It provides an overview of RubyGems and Bundler, the two main tools for managing library dependencies in Ruby. It also outlines the roadmap for further integrating RubyGems and Bundler, including merging RubyGems 3.2 into Ruby 2.8 and moving Bundler's canonical repository to RubyGems.org. Additionally, it discusses challenges around dependency resolution compatibility and activation of default gems between different versions of RubyGems and Bundler.
The document discusses integrating the Bundler dependency manager into the Ruby programming language core. It covers the benefits of integrating Bundler, such as allowing developers to manage library dependencies directly within Ruby projects. It also discusses challenges faced in integrating Bundler, like ensuring Bundler test suites work properly within the Ruby core codebase. The author details steps taken to start merging Bundler code into Ruby, including adding a "make test-bundler" command to run Bundler tests during development.
RubyGems is the package manager for Ruby libraries. Hiroshi Shibata discussed recent changes to RubyGems 3 and 4, as well as integration efforts between RubyGems and Bundler. Key points included making the conservative option default in RubyGems 4, installing gems to the user directory by default, and resolving incompatibilities between dependency resolvers in RubyGems and Bundler. The team is working to merge code bases and integrate command line interfaces.
Hiroshi Shibata gave a presentation on Ruby, RubyGems, and Bundler. He discussed his work on the Ruby core team maintaining Ruby versions like 2.6. He then covered updates to RubyGems including version 3 and the upcoming version 4. Finally, he talked about Bundler 2 and efforts to better integrate RubyGems and Bundler.
1. The document discusses RubyGems, Bundler, and rbenv/ruby-build. It provides an overview of each tool's purpose and history.
2. RubyGems is the package manager for Ruby libraries. Bundler is a tool for managing dependencies of Ruby applications. Rbenv/ruby-build allow managing multiple Ruby versions and building Ruby.
3. The document outlines plans to further integrate RubyGems and Bundler, but notes Bundler 2 has not yet been released, which is needed for full integration. Security improvements have also been made to RubyGems.
The document discusses changes and new features in RubyGems 3 and 4, the package manager for the Ruby programming language. Some key points:
- RubyGems 3 removes deprecated methods and support for older Ruby versions. It adds warnings for deprecated methods and allows direct use of the release toolchain.
- RubyGems 4 will have incompatible changes like upgrading the dependency resolver, making conservative installation the default, changing the behavior of default installation, and making user installation the default.
- Other topics discussed include deprecation handling, code search tools for RubyGems code, testing changes on all Ruby versions, removing deprecated code, and pre-releasing RubyGems updates.
The document summarizes the key points about RubyGems 3 & 4 from Hiroshi SHIBATA's presentation at RubyKaigi 2018. It discusses RubyGems 2.7, including support for older Ruby versions. It then covers plans for RubyGems 3.0, such as removing deprecated code, and RubyGems 4.0, which may include non-backwards compatible changes.
This document discusses plans for standard Ruby libraries and gemification. It introduces the classifications of standard, default, and bundled libraries. It outlines pros and cons of extracting libraries to gems. The author details their work transferring reserved gems on Rubygems and overriding standard libraries. They propose promoting all standard libraries to default gems and removing Rubygems dependencies from default gems for Ruby 3.0 to reduce package size. Integrating Bundler into the Ruby core by Ruby 3.0 is also discussed.
The secret of programming language development and futureHiroshi SHIBATA
Ā
Ruby 2.4 introduced several improvements including optimizing hash tables, adding binding.irb to allow dropping into the IRB console from any point in code, unifying Fixnum and Bignum into a single Integer class, and improving support for Unicode case mappings.
Gemification plan of Standard Library on RubyHiroshi SHIBATA
Ā
The document discusses plans to extract standard Ruby libraries into gems to improve maintenance. It notes libraries have been extracted as default or bundled gems, with different maintenance policies. Benefits include easier bugfixes and new features, but concerns include complex dependencies, need for cross-platform support, and ensuring gems do not conflict with standard libraries. It provides statistics on libraries extracted in Ruby 2.4 and 2.5 and discusses ongoing work like OpenSSL extraction and addressing naming conflicts.
Latest Tech Trends Series 2024 By EY IndiaEYIndia1
Ā
Stay ahead of the curve with our comprehensive Tech Trends Series! Explore the latest technology trends shaping the world today, from the 2024 Tech Trends report and top emerging technologies to their impact on business technology trends. This series delves into the most significant technological advancements, giving you insights into both established and emerging tech trends that will revolutionize various industries.
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesSAI KAILASH R
Ā
Explore the advantages and disadvantages of blockchain technology in this comprehensive SlideShare presentation. Blockchain, the backbone of cryptocurrencies like Bitcoin, is revolutionizing various industries by offering enhanced security, transparency, and efficiency. However, it also comes with challenges such as scalability issues and energy consumption. This presentation provides an in-depth analysis of the key benefits and drawbacks of blockchain, helping you understand its potential impact on the future of technology and business.
kk vathada _digital transformation frameworks_2024.pdfKIRAN KV
Ā
I'm excited to share my latest presentation on digital transformation frameworks from industry leaders like PwC, Cognizant, Gartner, McKinsey, Capgemini, MIT, and DXO. These frameworks are crucial for driving innovation and success in today's digital age. Whether you're a consultant, director, or head of digital transformation, these insights are tailored to help you lead your organization to new heights.
š Featured Frameworks:
PwC's Framework: Grounded in Industry 4.0 with a focus on data and analytics, and digitizing product and service offerings.
Cognizant's Framework: Enhancing customer experience, incorporating new pricing models, and leveraging customer insights.
Gartner's Framework: Emphasizing shared understanding, leadership, and support teams for digital excellence.
McKinsey's 4D Framework: Discover, Design, Deliver, and De-risk to navigate digital change effectively.
Capgemini's Framework: Focus on customer experience, operational excellence, and business model innovation.
MITās Framework: Customer experience, operational processes, business models, digital capabilities, and leadership culture.
DXO's Framework: Business model innovation, digital customer experience, and digital organization & process transformation.
Discovery Series - Zero to Hero - Task Mining Session 1DianaGray10
Ā
This session is focused on providing you with an introduction to task mining. We will go over different types of task mining and provide you with a real-world demo on each type of task mining in detail.
Top 12 AI Technology Trends For 2024.pdfMarrie Morris
Ā
Technology has become an irreplaceable component of our daily lives. The role of AI in technology revolutionizes our lives for the betterment of the future. In this article, we will learn about the top 12 AI technology trends for 2024.
Keynote : AI & Future Of Offensive SecurityPriyanka Aash
Ā
In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such as continuous threat simulation, autonomous attack path generation, and the creation of sophisticated attack payloads. The discussions underscore how AI-powered tools like AI-based penetration testing can outpace traditional methods, enhancing security posture by efficiently identifying and mitigating vulnerabilities across complex attack surfaces. The use of AI in red teaming further amplifies these capabilities, allowing organizations to validate security controls effectively against diverse adversarial scenarios. These advancements not only streamline testing processes but also bolster defense strategies, ensuring readiness against evolving cyber threats.
This PDF delves into the aspects of information security from a forensic perspective, focusing on privacy leaks. It provides insights into the methods and tools used in forensic investigations to uncover and mitigate privacy breaches in mobile and cloud environments.
Demystifying Neural Networks And Building Cybersecurity ApplicationsPriyanka Aash
Ā
In today's rapidly evolving technological landscape, Artificial Neural Networks (ANNs) have emerged as a cornerstone of artificial intelligence, revolutionizing various fields including cybersecurity. Inspired by the intricacies of the human brain, ANNs have a rich history and a complex structure that enables them to learn and make decisions. This blog aims to unravel the mysteries of neural networks, explore their mathematical foundations, and demonstrate their practical applications, particularly in building robust malware detection systems using Convolutional Neural Networks (CNNs).
Choosing the Best Outlook OST to PST Converter: Key Features and Considerationswebbyacad software
Ā
When looking for a good software utility to convert Outlook OST files to PST format, it is important to find one that is easy to use and has useful features. WebbyAcad OST to PST Converter Tool is a great choice because it is simple to use for anyone, whether you are tech-savvy or not. It can smoothly change your files to PST while keeping all your data safe and secure. Plus, it can handle large amounts of data and convert multiple files at once, which can save you a lot of time. It even comes with 24*7 technical support assistance and a free trial, so you can try it out before making a decision. Whether you need to recover, move, or back up your data, Webbyacad OST to PST Converter is a reliable option that gives you all the support you need to manage your Outlook data effectively.
Smart mobility refers to the integration of advanced technologies and innovative solutions to create efficient, sustainable, and interconnected transportation systems. It encompasses various aspects of transportation, including public transit, shared mobility services, intelligent transportation systems, electric vehicles, and connected infrastructure. Smart mobility aims to improve the overall mobility experience by leveraging data, connectivity, and automation to enhance safety, reduce congestion, optimize transportation networks, and minimize environmental impacts.
Challenges and Strategies of Digital Transformation.pptxwisdomfishlee
Ā
In an era where digital innovation is ubiquitous, executives from various corporations frequently seek insights into the tangible benefits that digital transformation can offer. This document outlines a comprehensive framework that elucidates the concept of digital transformation, highlighting its multifaceted dimensions and the pivotal roles it plays in enhancing business competitiveness.
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...AimanAthambawa1
Ā
The studyās main objective is to analyse the level of cloud computing adoption and usage during COVID-19 in Sri
Lanka, especially in Information Technology (IT) organisations. Using senior IT employees, this study investigates
what extent their organisation adopts with cloud computing, the level of cloud computing usage, current use of
cloud service model, usage of cloud deployment model, preferred cloud service providers and reasons for adopting
and not adopting cloud computing. The study also describes why cloud computing is a solution for new normal
situations and the cloud-enabled services used during and after the COVID-19 pandemic. The finding suggests
that 87.7% of the organisations currently use cloud-enabled services, whereas 12.3% do not and intend to adopt.
Considering the benefits, cloud computing is the solution post COVID-19 pandemic to run the business way
forward.
The History of Embeddings & Multimodal EmbeddingsZilliz
Ā
Frank Liu will walk through the history of embeddings and how we got to the cool embedding models used today. He'll end with a demo on how multimodal RAG is used.
"Hands-on development experience using wasm Blazor", Furdak Vladyslav.pptxFwdays
Ā
I will share my personal experience of full-time development on wasm Blazor
What difficulties our team faced: life hacks with Blazor app routing, whether it is necessary to write JavaScript, which technology stack and architectural patterns we chose
What conclusions we made and what mistakes we committed
