SRuby version 1.0.0 has been released!
I’m pleased to bring an end to a dark period of Ruby history with the
release of a Ruby fork called SRuby. Let’s face it, we all know and
love the advantages of Ruby being so dynamic, but that flexibility
comes with a hefty price tag: no security.
Inspired by the hard work of the JRuby team, SRuby was designed to put
security first by bringing an enhanced version of the Java applet
security model to all Ruby code. This has three major effects:
- Ruby programs can no longer interact with the file system
- Ruby programs can no longer make or receive network connections
- Ruby programs can no longer launch or manipulate external processes
It’s hard to overstate the advantages of these added features! Think
about how many of the classic computing challenges arise from the file
system or the network? With SRuby you won’t have to because we’ve
removed those pressure points for good.
Sure, there will be an adjustment period as we all run into issues like:
File
NameError: uninitialized constant File
from (irb):1
But these reminders are for our own good, reenforcing the well known
security fact that anything worth remembering should fit in memory
anyway.
Constantly dealing with load balancing concerns, redundancy, and other
networking issues? SRubyists just don’t have these problems, period.
Just as iterators cured off-by-one errors, network restriction will
quietly kill another category of massive concerns that have plagued
programmers for some time now.
How do we know all of these changes are for the better? We use the
long-valued Ruby programming metric: less code is better. The Ruby
interpreter is over 60% smaller once we threw out File, Process, and
other related classes, plus about 95% of the standard library since it
violated the security restrictions. (Abbrev is still supported.)
That’s tons of unsecure code you have been relying on daily! No more.
Finally, SRuby is significantly faster. This is mainly due to being
able to remove a ton of the complexity from the interpreter when you
no longer need to care about file access or external processes.
You’re programs will have more resources and a lot less to do; you can
count on that!
SRuby puts the S in Ruby. Download your copy not so you too can feel
secure:
James Edward G. II