SRuby version 1.0.0 has been released!
* <http://grayproductions.net/sruby/>
* <james@grayproductions.net>
I'm pleased to bring an end to a dark period of Ruby history with the release of a Ruby fork called SRuby. Let's face it, we all know and love the advantages of Ruby being so dynamic, but that flexibility comes with a hefty price tag: no security.
Inspired by the hard work of the JRuby team, SRuby was designed to put security first by bringing an enhanced version of the Java applet security model to all Ruby code. This has three major effects:
* Ruby programs can no longer interact with the file system
* Ruby programs can no longer make or receive network connections
* Ruby programs can no longer launch or manipulate external processes
It's hard to overstate the advantages of these added features! Think about how many of the classic computing challenges arise from the file system or the network? With SRuby you won't have to because we've removed those pressure points for good.
Sure, there will be an adjustment period as we all run into issues like:
>> File
NameError: uninitialized constant File
from (irb):1
But these reminders are for our own good, reenforcing the well known security fact that anything worth remembering should fit in memory anyway.
Constantly dealing with load balancing concerns, redundancy, and other networking issues? SRubyists just don't have these problems, period. Just as iterators cured off-by-one errors, network restriction will quietly kill another category of massive concerns that have plagued programmers for some time now.
How do we know all of these changes are for the better? We use the long-valued Ruby programming metric: less code is better. The Ruby interpreter is over 60% smaller once we threw out File, Process, and other related classes, plus about 95% of the standard library since it violated the security restrictions. (Abbrev is still supported.)
That's tons of unsecure code you have been relying on daily! No more.
Finally, SRuby is significantly faster. This is mainly due to being able to remove a ton of the complexity from the interpreter when you no longer need to care about file access or external processes. You're programs will have more resources and a lot less to do; you can count on that!
SRuby puts the S in Ruby. Download your copy not so you too can feel secure:
* <http://grayproductions.net/sruby/>
* <james@grayproductions.net>
James Edward Gray II