#ruby - 15 July 2018
« Back 1 day Forward 1 day »
[07:30:38] eadthem: im having an issue running a part of a ruby program. the offending line req.match?(spec, allow_prerelease) causes this error `block in find_all': undefined method `match?'
[07:31:14] eadthem: im interested in knowing a bit of background on .match? and maybe if this is something version related
[07:33:42] eadthem: a manual explaining req.match would help. ive not had any luck finding that much
[07:39:08] baweaver: Though you need to show more of your code if you want an answer, as there's too much context missing.
[07:39:41] eadthem: https://github.com/hashicorp/vagrant/blob/master/lib/vagrant/bundler.rb Line 500
[07:43:32] eadthem: ok moving down the call stack it says /usr/lib64/ruby/2.1.0/rubygems/resolver/composed_set.rb:38:in `block in find_all'
[07:44:00] eadthem: well maybe thats wehre i need to start then i wasnt sure how old it was. its the stock version for opensuse
[07:44:29] ruby[bot]: https://gist.github.com - Multiple files, syntax highlighting, even automatically with matching filenames, can be edited
[07:45:12] eadthem: and the issue is trying to install a plugin in vagrant, but sense ive not done ruby figured id get more context in to the error.
[07:46:13] eadthem: ya i know, i was more curious about the one line but this is helpful the code is vagrant, i shuld of said that from the start
[07:48:43] eadthem: is there a easy way in ruby to dump a object to console? like var_dump() in php? for debugging
[10:43:44] leitz: What's the usual way to parse user input to make sure there's no commands or other hanky-panky? The string requested will become a filename.
[10:45:47] elomatreb: The only *proper* way to do this is using a tool that doesn't allow this to happen, i.e. avoid shelling out with string interpolation
[10:48:12] leitz: Is there an existing library that converts entities, ro just write my own? In this case, things like semi-commas, colons, etc, should not be in the string.
[10:49:58] leitz: Actually, it might be easier to just convert spaces to underscores and then only allow those and alphanumeric.
[10:50:01] elomatreb: If you just want to substitute characters something simple like String#tr is worth a look
[10:50:46] leitz: Alec, I'm asking the user for a string that will become a filename. Trying to avoid stuff like "/etc/passwd". :)
[10:51:25] elomatreb: A blacklist of "dangerous" files will not work out in the long run, your OS protects the files
[10:53:07] lupine: if you ensure it's not interpolated, the main thing you have to watch out for is path traversal
[10:53:11] leitz: Why do users do whatever they do? My assumption is that they will behave, but it would be nice to at least put a little protection in.
[10:56:02] leitz: I had a PHP form one time. The goal was to help non-computer people enter data. After repeated requests they still put odd characters in some strings. Couldn't get English speaking people to follow plain English.
[10:56:42] elomatreb: I'm not quite sure what the problem you're worried about is btw. Are you creating files?
[11:03:06] leitz: elomatreb, yes. https://github.com/makhidkarun/ftl_tools/blob/master/bin/build_book#L41
[11:03:44] elomatreb: And 0-bytes. And a bunch more depending on filesystem and/or platform (e.g. NTFS has an infinite number of illegal filenames)
[11:03:57] leitz: I think the two gems I pushed up to RubyGems this weekend are the wrost ever. However, it pushes me to improve them. ;)
[11:04:14] Alec: elomatreb: I did think it went without saying, but I realised 680 people - we're going to have a few auties so ^
[11:08:44] elomatreb: leitz: Looking at your code, the worst that could happen is the user accidentally overwriting a file, but only if they have write access in the first place
[11:09:34] elomatreb: Usually in a case like this the best way to proceed is to print a warning and ask for confirmation, but you can't e.g. end up borking /etc/passwd because a regular user can't do that anyway
[11:10:01] leitz: elomatreb, agreed. The future state I'm worried about is my Ruby skill. I'm putting together a web based game and tool, and that means the webserver has the ability to over-write its own files. I'm trying to learn to prevent that early. :)
[11:11:12] elomatreb: Depending on the data you're storing you're often much better off with a database instead of files, also solves this problem
[11:11:46] leitz: A bit verbose, but this seems to work. https://gist.github.com/LeamHall/bb6ddb7474bcbee0f18fc08b76edf405
[11:12:17] leitz: And yes, elomatreb the database will come. Not that skilled yet though, so things are stored in files.
[11:12:41] elomatreb: But if you do need to store files the usual approach is to both sandbox your application as much as possible, and/or to store files in an "abstract" manner that doesn't directly translate to real-fs paths
[11:15:04] elomatreb: You also need to reject/remove slashes, otherwise you still end up accidentally references directories. E.g. your example will try to reference a directory called "Now_isnt_a_good_time_to_write_"
[11:17:29] leitz: I realize it's a bit heavy-handed, but if the user doesn't want to play with good form...
[11:18:03] elomatreb: Oh I missed the gsub, lol. That should cover most cases, but you could still end up with weird directories (e.g. `...` is a perfectly valid name, but looks really awkward and hides in ls output)
[11:20:28] elomatreb: The more you escape/remove though, the more you need to worry about collisions
[11:22:17] leitz: Ha! You should see my typing when I've been up too long or start before the coffee kicks in...
[11:25:58] elomatreb: Ruby is object-oriented in all aspects, but you see a lot of patterns that are often described as functional
[11:29:58] leitz: le98, you can do a lot of stuff with Ruby. That's part of the joy. I am working on my OOP skills but can still get stuff done with Ruby. I'd suggest you take a few ideas and try to code them in Ruby, without OOP. See if it works for you.
[11:30:37] elomatreb: You technically can for sure, but defs outside of classes are no less object-oriented than with classes. They define methods on the implicit "main" object
[11:31:52] elomatreb: Your code will quickly become really spaghetti-y probably, but there's nothing stopping your from trying
[11:33:02] elomatreb: 1. Any data structure is also a class, including the primitives like string and integers 2. Major difference to functional languages is that nothing prevents you from causing side effects
[11:43:04] leitz: le98, one of the things I had to learn was to quit worrying so much about what other people think or do. There are some concrete rules like "don't turst user input" and there are a lot of opinions about what you can/should/ought to do with a language.
[11:44:05] leitz: I've had to accept that what I want to do, and how I do it, needs to fit me. It needs to be "good code" in the sense of tests, docs, stability, etc. But it does not have to be "Pure RUby Essence" or how others code.
[11:46:36] Alec: Not so much here (although it has other issues) but some channels are FILLED with students
[11:47:11] Alec: Now I was a student once, but I kinda knew that I was also a noob and inexperienced, on Freenode they don't have... like a sense of inexperience.
[11:47:34] Alec: It sounds weird but "it's not arrogance if you're right" - you've just gotta earn your stripes.
[11:49:02] Alec: Anyway there's this thing I call "the hello world gulf" - and it's VERY real, it's the massive gap between real software and noob software, like noob software tends to be single file, very bad at taking input, fragile, ect ect, and it's a difficult thing to cross.
[11:49:35] leitz: The most wearing time was being told to upgrade after I explained that I couldn't. Led to a blog post. http://leamhall.blogspot.com/2016/08/using-ruby-187-for-fun-and-uh-fun.html
[11:49:50] Alec: I actually collect sample projects now which are very simple but "real" programs, for students to cut their teeth on. Sadly I've all but cut my lecturing commitments as the atmosphere at my uni was getting really toxic.
[11:50:24] leitz: Alec: On that "gulf" EXACTLY!!!!! I've been trying to find ways to bridge that gulf.
[11:51:27] leitz: I did some C mentoring for a bit, for others. Trying to find a way to bring it to Ruby with me as Mentee... https://github.com/LeamHall/90DW_mentoring
[12:16:08] leitz: If anyone wants to lead a Mentoring effort, here's one languages path. https://php-mentoring.org/
[12:30:40] Alec: I'd rather take my mentors and lock them in a car, climb in the front seat having put child-lock on, and used socks and a hosepipe to wedge the exhaust into the slightly opened nearest window to me, and pump the accelerator
[12:31:19] leitz: Alec, I'd love to see something similar for Ruby. I know that I don't know, and I know of things I need to know, I just don't know how to structure and prioritize what I need to know to move forward.
[12:35:54] Alec: leitz: I don't think you can mentor really. What I do (which works really really well) is give them one of the sample projects (3rd years ~ 4th in America) and they do it, then they're all smug when they enter my office for the follow up
[12:36:11] Alec: You crush them with all the stuff they missed and the ones that make it are better for it
[12:36:45] Alec: I don't want to give an example though because it taints anyone who may actually do the exercise
[14:10:34] boardfish: Quick question, I'm getting data from an API in the form of an API::Object provided by the API's gem. How can I use this as an ActiveRecord model, and if not, is there a comparable alternative that'd let me save the objects and access them in the same way?
[14:11:35] boardfish: The big thing really is having them stored in a database and being able to access and manipulate their attributes without having to change the contents of the API object itself.
[19:45:16] leitz: And the funny for the day. Rearranging code and tests fail. Cursing Matz, every developer I've ever known, and those yet to be born. Then realize I have two libraries with the same name and was using the wrong one...
[20:24:41] FernandoBasso: Do I need an accessor to print MyClass.foo, when inside the class I have @@foo ?
[20:31:34] elomatreb: FernandoBasso: Yes, everything external needs a method, and attr_accessor will not work with class variables. Generally they're not want you want anyway though
[20:32:34] FernandoBasso: So, if I want an accessor, I would have to def self.get_foo; @@foo ; end ?
[20:35:15] elomatreb: Beware of the slightly weird behavior of class variables when combined with inheritance btw
[23:19:58] scrptktty: Question: what is the difference between a library and a framework? Is there a clear distinction?
[23:20:40] Radar: like Rails itself is a framework, but it is made up of the libraries like activesupport / activerecord / etc.
[23:24:39] apeiros: scrptktty: a framework gives you a frame within which you operate. a library is a toolbox, providing you a couple of tools for a task. that's by what I tend to go :)
[23:33:37] zenspider: scrptktty: probably a semantic detail that doesn't actually help you understand things at this point. it's all just code. Just go with it.