20 April 2014

The Ruby Reflector

Topic

DOS

  Source Favicon
By Lucas Welch of Chef Blog 3 months ago.
Email

…Years later, when he finally got a Windows computer, he learned everything he could about DOS and Windows.

From there, learning Linux was the next logical step in Eric's lifelong love affair with games and computing technology. Eventually leading to a career managing Linux server systems, and contributing and participating in the Open Source ecosystem.

"It all started with gaming for me, but once I got into Linux, I was really hooked. I've been using it for 17 years…

opscode.com Read
  Source Favicon
On Ruby News 1 year ago.
Email

Entity expansion DoS vulnerability in REXML ( XML bomb)

And some small bugfixes are also included.

See tickets and ChangeLog for details.

Download

You can download this release from:

<URL:ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p392.tar.bz2> SIZE: 10024221 bytes MD5: a810d64e2255179d2f334eb61fb8519c SHA256: 5a7334dfdf62966879bf539b8a9f0b889df6f3b3824fb52a9303c3c3d3a58391

<URL:ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p392.tar.gz> …

ruby-lang.org Read
  Source Favicon
On Ruby News 1 year ago.
Email

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. (The CVE identifier will be assigned later.) We strongly recommend to upgrade ruby.

Details

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.

Impacted code will look something like this: document = REXML::Document.new some_xml_doc document.root.text

When …

ruby-lang.org Read
  Source Favicon
By Joey of Global Nerdy 4 months ago.
Email

Generation Y grew up never knowing a world without DOS or its descendants, and those born in the latter half of that generation likely never knew a time when it was unusual to have a computer in the house, never mind a networked one. Most of this generation are either entering the workforce or well into the start of their post-schooling working lives, and they're the next generation of leaders, decision-makers, and department heads. It is these people that Fortinet wanted Vision Critical…

globalnerdy.com Read
  Source Favicon
By Bryan McLellan of Chef Blog 1 year ago.
Email

…is no longer the default and whatever JSON you are parsing would be vulnerable to the DoS attack: JSON.parse(json_string, :create_\additions => true)

MVPs

Vaidas Jablonskis recently whipped up fedora packages for the Chef 11 Client, he's our Chef 11.4.0 MVP!

Brian Bianco filed the first bug for the JSON issue and provided a patch that we took a bit further. Thanks Brian, you're the Chef 10.22.0 MVP! Brian maintains the ‘ redisio ‘ …

opscode.com Read
  Source Favicon
By Thea Lamkin of New Relic 6 months ago.
Email

…there's an old picture of a very young Jack with a bowl cut and tacky sweater playing DOS games at my uncle's house. My stepfather was a software engineer, so from a fairly young age I had access to a computer. Having computers around, coupled with liking to play games, led my friend and me to imagine becoming "video game programmers when we grew up". One fateful day, I came home from school with a Scholastic book newsletter, and in the back was Learn to Program BASIC

newrelic.com Read
  Source Favicon
By New Relic of New Relic over 1 year ago.
Email

…with a single hardware node won't sabotage the entire system. Even if you're faced with a DoS attack, the distributed infrastructure can neutralize the impact and keep your availability at 100%.

3.) Scalability

As your content increases in popularity, you need to be prepared for inevitable bursts in traffic. Once again, allowing your data to be distributed across a CDN makes scalability one more thing you don't have to worry about. Giving your content a larger number of …

newrelic.com Read
  Source Favicon
By 0x4a6f4672 of 4 Lines of Code over 1 year ago.
Email

…language to program systems with disk-operating systems like CP/M or various forms of DOS. Together with graphical user interfaces object-oriented programming languages arrived, and for the web comfortable high-level languages like Java, Ruby or Python with garbage collection appeared. Today we have 4 or 5 layers between the programmer and the CPU: for example for Ruby programs the programs are written in Ruby, Ruby is written in C, C is written in Assembly, and Assembly boils …

4loc.wordpress.com Read
  Source Favicon
On Coding Horror over 1 year ago.
Email

…in a Commodore 64 was a lot . The entirety of Turbo Pascal 3.02 for DOS, released a year later in 1986, was barely 40k . The very concept of a multiplayer virtual world of any kind - something we take for granted today, since every modern website is essentially a multiplayer game now — was incredibly exotic. Look at the painstaking explanation Lucasfilm had to produce to even get folks to understand what the heck Habitat was, and how it worked:

The technical information …

codinghorror.com Read
  Source Favicon
By Charles Nutter of Headius over 1 year ago.
Email

…many other languages, actually released a security fix last year to patch the great hash collision DoS exploit so many folks made a big deal about (while us language implementers just sighed and said "maybe you don't actually want a hash table here, kids"). Now, the implementation we put in place has again been "exploited" and we're told we need to move to cryptographic hashing. Srsly? How about we just give you a crypto-awesome-mersenne-randomized hash impl you …

blog.headius.com Read