Hi all,

This is a summary of ruby-dev ML in these days.

[ruby-dev:23762] Ruby 1.8.2 to be released

  Kouhei Sutou requested to import his RSS Parser library into 1.8 branch,
  and Matz agreed with him.

[ruby-dev:23784] URI()

  TANAKA Akira proposed a new global method URI(), to construct an URI
  object. With this method, you can write HTTP GET program as below:

    print URI("http://www.example.com/").read

  This program is better than `open("http://....").read' because it
  properly closes IO objects.

  Here are some opinions: (+ : approval, - : objection)

    + There are similar methods such as Integer(), String(), etc.
    + URI is a name, literal-like syntax seems good.
    - URI.[] is better because URI() pollutes the global name space.
    - String(obj) calls obj.to_s. Integer(obj) calls obj.to_i.
      But URI(obj) does not call obj.to_uri.
      (Note that Complex(obj) does not call obj.to_complex, too.)
    - A method name which begins with a capital looks bad.

  This issue is still open.

[ruby-dev:23814] $SAFE in Proc
[ruby-dev:23815] set_trace_func in safe mode

  Nobuyoshi Nakada posted two security considerations.

  1. $SAFE=4 program can safely call a Proc object which is created
     by $SAFE=0, and it runs in $SAFE=0. It causes `$SAFE downgrading'.

     -> Matz said that it is not a problem because Proc objects which
        are created in $SAFE=0 environment should be trustable.
        In other words, you should not load untrustable code in $SAFE<4.

  2. set_trace_func should be prohibited in $SAFE>0.

     -> Matz stated that $SAFE>3 check is enough,
        because we are trusting $SAFE<=3 codes.

-- Minero Aoki

ruby-dev summary index:
http://i.loveruby.net/en/ruby-dev-summary.html

why not

   URI::read :

     def URI.read uri
       begin
         u = parse "#{ uri }"
         u.read
       ensure
         u.close
       end
     end

   + like IO::read, YAML::load, etc.
   + no name space pollution
   + only requires ducktype string like parse

-a

Minero Aoki wrote:

[ruby-dev:23784] URI()

  TANAKA Akira proposed a new global method URI(), to construct an URI
  object. With this method, you can write HTTP GET program as below:

    print URI("http://www.example.com/&quot;\).read

  This program is better than `open("http://....").read' because it
  properly closes IO objects.

  Here are some opinions: (+ : approval, - : objection)

    + There are similar methods such as Integer(), String(), etc.
    + URI is a name, literal-like syntax seems good.
    - URI. is better because URI() pollutes the global name space.
    - String(obj) calls obj.to_s. Integer(obj) calls obj.to_i.
      But URI(obj) does not call obj.to_uri.
      (Note that Complex(obj) does not call obj.to_complex, too.)
    - A method name which begins with a capital looks bad.

I like the idea of a simple way to deal with URIs, but I agree with all the objections this idea.

Is there some reason it couldn't be a factory method of a URI class, making the example like:

URI.create("http://www.example.com").read

The factory method, 'create' could return URI type objects, customized for that particular URI.

For a local file:

URI.create("file:///path/to/local/file.txt")

=> #<File:/path/to/local/file.txt>

For a HTTP connection it would return a HTTP object, for gopher a Gopher object, etc.

Sure, it's an extra 6 keystrokes (one for the dot, 5 for create) but it seems to satisfy the objections. Maybe someone has a better option for the factory method name?

Ben

Why not override IO.read ?
And if short typing is the issue, what is the short alternative to
IO.read?

I'm not sure I agree. I don't think it should ever be possible to
downgrade your $SAFE level without help from a thread that already has
its $SAFE level downgraded, but it is:

  # "safe" thread
  t = Thread.new do
    Thread.current.abort_on_exception = true
    $SAFE = 1
    set_trace_func proc { |x|
      b = x[4]
      safe = eval("$SAFE", b)
      if safe == 0 then
        # now we have a binding with $SAFE=0 and we can effectively
        # bypass $SAFE
        puts "got a binding with $SAFE=0!"
        set_trace_func nil
      end
    }
    sleep
  end

  # main thread
  sleep 1

I'd have to be malicious to write code like this, and potentially
malicious code shouldn't be executed in $SAFE=1, but if explicitly
setting $SAFE is disallowed, then so should the above code. Is there a
practical use calling set_trace_func when $SAFE=1?

Paul

I like the idea of Class() being used as a constructor - it's a neat,
readable idiom. I don't really see this as namespace pollution, since
the class and the method are in some sense logically bound together;
similarly the fact that this is a special case makes the capital
acceptabe.

martin

Hi,

In article <ef5be0lq3kuoe96lrpec7rjhi8qn2k77el@4ax.com>,
  gabriele renzi <surrender_it@rc1.vip.ukl.yahoo.com> writes:

Why not override IO.read ?

Sometimes IO.read is used as File.read. I feel File.xxx means an
operation for a local file.

Since redefining IO.read violates the meaning, I don't want to do it.

In article <Pine.LNX.4.60.0407020808300.32330@harp.ngdc.noaa.gov>,
  "Ara.T.Howard" <ahoward@noaa.gov> writes:

why not

   URI::read :

Because URI() can be used with other instance methods on URI.

Hi,

  2. set_trace_func should be prohibited in $SAFE>0.

     -> Matz stated that $SAFE>3 check is enough,
        because we are trusting $SAFE<=3 codes.

I'm not sure I agree. I don't think it should ever be possible to
downgrade your $SAFE level without help from a thread that already has
its $SAFE level downgraded, but it is:

<snip>

I'd have to be malicious to write code like this, and potentially
malicious code shouldn't be executed in $SAFE=1, but if explicitly
setting $SAFE is disallowed, then so should the above code.

Define "malicious" before saying "shouldn't".

Is there a practical use calling set_trace_func when $SAFE=1?

For exmaple, running a debugger on -T1 program.

              matz.

>I'd have to be malicious to write code like this, and potentially
>malicious code shouldn't be executed in $SAFE=1, but if explicitly
>setting $SAFE is disallowed, then so should the above code.

Define "malicious" before saying "shouldn't".

I guess I meant "potentially malicious" as a synonym for "untrusted".

>Is there a practical use calling set_trace_func when $SAFE=1?

For exmaple, running a debugger on -T1 program.

Shouldn't this be possible anyway, since -rdebug has to be specified
before -T1 on the command line (and thus the debugger will be started
before $SAFE is set)?

Paul

Hi,

I suppose before I can answer that I would need to know why mod_ruby
sets $SAFE to 1.

Paul