After being blown away by the greatness of irb and rails console, I am loving the dynamical parts of the language more and more. Now, I wonder if it would be possible for a Ruby application to update itself on-the-fly (if the write permission allows it). Can a Ruby application fetch an update and refresh itself? I have seen this functionality a lot in Apple applications and I know updates and fixes are something you must anticipate for when deploying an application.
Thank you for your feedback, comments and answers!
Sure. You can load a file that re-opens an existing class and alters behavior. There are a few ways to get the new code, too. Read it off disk, or have a socket that accepts connections and then eval the strings passed in. Or use HTTP: http://www.neurogami.com/articles/The_year_of_living_dangerously/
BTW, there's some risk involved with doing thngs this way. :)
Related
Hi thanks for taking a look at my question. I'm trying to create a site with a Sinatra server that will allow users to run ruby code in the browser similar to what you see with repl.it, code academy, etc.
Is there a gem/library or anything out there can can handle the interpreter? If I need to create one myself, how can I do this without evaluating the code in the server? (seems dangerous)
Any advice is helpful, thanks!
You can use repl.it's API https://repl.it/api
Should be very easy to use
You can use Kernel#eval to run code from the string (user's input). Remember that it is not safe to execute some random code directly in your production environment.
I'm looking into creating a website that sits on top of another site. I wish for this site to be a sort of driver/auto-mater of the original site. The original site is slow and you need to input the same data repetitively (and lots of it - which is infuriating)
What would be the best way of doing this.
I have started using watir-webdriver in ruby, and it seems to work well! Would I be able to host this? I know it launches an explorer (fire-fox in my case) and my worry is not being able to host the application?
I don't want to place all my eggs into this one basket and find out later there's a stumbling block to getting it done!
The short answer
I think there are better tools for web scraping than web testing tools (watir and others), and your end result might require a lot more work than you imagine.
The long answer
This sounds like a case of the façade pattern in which your application would act as the new frontend and the old/existing site as the backend for the improved experience of the service.
Some things to think about before jumping into programming:
If the old site requires users to register, would your users be willing to re-register to your site so that you could log them in into the old site programmatically?
How frequently is the same data required to be inputted and how would you prevent it?
The existing site may have expectations on the request headers which might cause you extra headache and require quite some work to circumvent.
Are you allowed to use the existing site's user interface material or do you need to start from scratch?
How often is the existing site changed and how would it affect your application?
In summary, there are lots of factors and issues to take into account depending on how the existing site is implemented and who are your visioned users. Suggesting a best way to do it would require a lot more knowledge of both the existing site and how you'd want to improve it.
I haven't used watir-webdriver myself but if it is like Selenium and starts a new browser instance any time you run it, then hosting it would most likely not work as you'd expect. There are better tools for what you are thinking of doing, i.e. web scraping, and you may want to take a look at the following, for example:
https://www.ruby-toolbox.com/categories/Web_Content_Scrapers
https://www.ruby-toolbox.com/categories/http_clients
Suppose that I have a Java program that uses JRuby to allow the user to use Ruby scripting to control the behaviour of some funny character in a window.
Users can share their Ruby code with the community, so others can execute the snippets on their own copy of the program and see the funny character do stuff.
I have a security concern with this, though, as users may contribute malicious Ruby code to the community.
The obvious precaution is that users shouldn't run the snippets of untrusted users. However, due to the nature of the community, the point is to check out the creations of strangers.
So, it has occurred to me that maybe I can restrict the capabilities of JRuby.
There may be other things, but some of the restrictions off of my head would be:
Do not allow any sort of networking.
No access to the filesystem.
Do not permit system DOS calls.
Can't require/import ruby code/gems/etc.
Can't create new processes etc.
Is there a reasonable way to restrict JRuby functionality?
I have thought of, perhaps, redefining several constants that are required for that sort of operations. For instance,
File = nil
But I am unsure of what constants to nullify exactly, and whether this is effective at all.
since your requirements are concrete you would likely need to implement those restrictions yourself ... some pointers :
rubygems can be disable within JRuby - assuming it's fine for you to boot that way, otherwise chaing load/require is a good option
same for system and similar calls that create a new process
instead of doing File = nil early on you might end up needing to review File/IO methods one by one
undefine Java constant and java methods to disallow smart cheating with Java APIs
I would like to create a small Rails application that would allow users to give a few snippets of code to benchmark in multiple implementations and versions of Ruby. I am capable of creating the application, I am just afraid of users mucking around in the filesystem or doing other destructive actions. Is there any way to prevent this?
There is $SAFE:
The variable $SAFE determines Ruby's level of paranoia.
The various "safety levels" are noted at the link, there's also some examples (which still work) of using a thread, $SAFE, and load to wrap untrusted code. $SAFE on ruby might be worth a look as well.
So I've started using MvcMiniProfiler on our websites and quite like it. We have a Windows Application component/framework that is leveraged by the website and I was wondering if it was possible to use the profiler on that. I'm assuming not, but maybe there is a subcomponent of the code that could be used? I see that there is a way to configure where the results are stored (i.e. Sql Server) so maybe it is close to possible?
We have the following flow:
Website submits job to 'broker' then returns a 'come back later' page.
Broker runs and eventually data in the websites database gets updated by the broker.
Website displays the results.
I'd be great if there was a way I could get the entire workflow profiled. If there is no way/no intentions from the developers to make MvcMiniProfiler available to Windows applications, any recommendations for similar styled profilers?
You could get this working by using SqlServerStorage, there is very little in the code base that heavily depends on ASP.NET, in fact the SQL interceptor is generalized and so it the stack used to capture the traces.
I imagine that a few changes internally need to be made, eg: use Thread.SetData as opposed to HttpContext but they are pretty superficial.
The way you would get this going is by passing the "profiling identity" into the App and then continuing tracking there. Eventually when the user hits the site after it happens, it would show up as little "chiclets" on the left side.
A patch is totally welcome here but it is not something it does in its current version.
(note to future readers, this is probably going to be out of date at some point, if it is please suggest an edit)
Yes, there's a Windows porting of MiniProfiler: http://nootn.github.io/MiniProfiler.Windows/