Ruby

Ruby config options fail

Sunday, January 27, 2019

Ruby is a horrible nightmare language, like almost all modern languages. They try to be so clever and modular, but end up making a maintenance hassle as various modules come and go, dependencies break, and the developer community moves on to the next shiny thing that claims to be the best thing to happen to programming since C.

Oh well.

If you get a bunch of "invalid option: --no-rdoc" errors, it is because sometime in the last few years --no-rdoc and --no-ri were depreciated in favor of --no-document. And, apparently, just recently builds started barfing on the deprecated errors. Building universally with these options is a pretty standard thing as it vastly improves build time and the rdoc system is a whole big kettle of annoying weirdness you just don’t need to wade through.

Now Ruby, being oh-so-clever and friendly, has all sorts of places where these might be set universally or semi-universally. The references will tell you about /.gemrc and /etc/gemrc, but only by doing a grep -FrHIis 'no-rdoc' * at / did I find these sneaky little bastards:

basejail/usr/ports/sysutils/vagrant/Makefile:RUBYGEM_ARGS=      --no-ri --no-rdoc -l --no-update-sources \

basejail/usr/ports/Mk/Uses/gem.mk:RUBYGEM_ARGS+=        --no-rdoc --no-ri

basejail/usr/ports/devel/ruby-gems/Makefile:DOCS_VARS_OFF=      RUBY_SETUP_OPTIONS+="--no-ri --no-rdoc"

basejail/usr/ports/devel/rubygem-io-like/Makefile:DOCS_VARS_OFF=                RUBYGEM_ARGS+=--no-rdoc

After converting those to the “new” “better” “shiny” version of the config option string did my gems build.

Posted at 06:33:18 GMT-0700

Category: Technology

Rubygem passenger flavors in FreeBSD

Saturday, February 3, 2018

The latest bit of code to adopt the trendy new “flavors” model is passenger. As “flavors” aren’t supported in Portmaster, this means the transition results in errors like:

/bin/rmdir /var/ports/usr/ports/www/rubygem-passenger/work-apache/stage/usr/local/lib/ruby/gems/2.4/extensions 2> /dev/null || true
( cd /var/ports/usr/ports/www/rubygem-passenger/work-apache/passenger-5.1.12 &&  /bin/sh -c '(/usr/bin/find -Ed $1 $3 | /usr/bin/cpio -dumpl $2 >/dev/null 2>&1) &&  /usr/bin/find -Ed $1 $3 \(   -type d -exec /bin/sh -c '\''cd '\''$2'\'' && chmod 755 "$@"'\'' . {} +  -o -type f -exec /bin/sh -c '\''cd '\''$2'\'' && chmod 0644 "$@"'\'' . {} + \)' COPYTREE_SHARE buildout /var/ports/usr/ports/www/rubygem-passenger/work-apache/stage/usr/local/lib/ruby/gems/2.4/gems/passenger-5.1.12 )
find: buildout: No such file or directory
find: buildout: No such file or directory

You can make with flavors manually or (assuming your current version is 5.1.12, adjust as needed):

# portmaster -o www/rubygem-passenger rubygem-passenger-5.1.12

Posted at 04:58:54 GMT-0700

Category: FreeBSD • Technology

28C3 Scariest Talk of the Day

Wednesday, December 28, 2011

We attended Effective Denial of Service attacks against web application platforms by Alexander “alech” Klink and Julian | zeri where they described a really, really easy to implement denial of service attack that exploits an artifact of hash checking which is computationally intensive when the hash table is filled with hash collisions. It is fairly easy to find 2-4 character hash collisions for a given hash functions (and there are only a few variations in use) and as hash operations are performed by default on all POST and POST-like functions, which take (by default) from 2-8MB of data, one can easily tie up a computers CPU effectively indefinitely.

The researchers tested the attack on most web languages in use (and all in common use – only Perl is deployed safe (since 2003) and Ruby 1.9 has a patch available. Every other OS is vulnerable. Today. The attack is only a POST option with a table of delimited hash collision values. You could copypasta a working exploit, it is that easy. The vast (vaaast) majority of sites on the web run PHP, and 1 Gbps of attack vector bandwidth could take down 10,000 cores. With ASP.NET, that 1 Gbps can hold down 30,000 cores cRuby 1.8 (not patched, about half of Ruby installs): that 1 Gbps can keep a million cores tied up.

Yow.

Posted at 18:32:59 GMT-0700

Category: Events • Technology • Travel

Recent Posts
- A one page home/new tab page with random pictures, time, and weather 2024 April 11
- Putting ccache on a backed RAM disk to speed compiles 2024 March 16
- Audio File Analysis With Sox 2024 February 07
- Manually Update Time Zone Data on Android 10 2023 October 31
- Autodictating to self using Whisper to preserve privacy 2023 August 17
- Projecting Qubit Realizations to the Cryptopocalpyse Date 2023 August 04
- AI PSYOPS are changing strategic messaging 2023 July 29
- Convert A Slideshow/Presentation into HTML 5 Video 2023 July 23
- Mobotix Notifier in Python – get desktop messages from your cameras 2023 June 06
- Get a desktop alert when Thunderbird gets constipated 2023 May 29
Categories
Categories
Links
Search
Search for:
Archives
Archives
Post History
April 2024

M T W T F S S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

« Mar

Gessel On…

Ruby

Ruby config options fail

Rubygem passenger flavors in FreeBSD

28C3 Scariest Talk of the Day