search

Sophrinix / TryRuby

Try Ruby is a interactive shell that quickly and whimsically teaches the Ruby programming language. Originally _why's idea, it has been recreated from the ground up by Rubyists who have a passion for Ruby and for teaching their fellow (wo)man how to program.
tryruby.org
345 stars 80 forks source link

Updated broken ruby-doc method links #166

Closed mauro-oto closed 11 years ago

mauro-oto commented 11 years ago

I've updated all ruby-doc links as the anchors were no longer working, as reported by peterkokot here: https://github.com/Sophrinix/TryRuby/issues/164

The pickaxe links and a few other older links could also be updated in the future as some are broken.

Sophrinix commented 11 years ago

Thank you sincerely for helping out this code base. This code is actually the 2.0 version of try ruby.

Code school never open sourced their version of try ruby (aka the version that actually resolves at tryruby.org)

However, I have seriously considered (since I still own the domain name tryruby.org) relaunching try ruby. Your changes would have an impact then.

If anyone else is up for it, I wouldn't mind entertaining the idea of a try ruby running ruby 2.0 version. The codeschool version is actually using jruby. You can verify this by typing RUBY_PLATFORM

In order to do so there would have to be a bit of clean up on this code base done.

Presently the legacy version of try ruby depends too heavily on SAFE being secure-- It is not.

Also, I tried to make this rack based once and failed horribly. This was the original reason for reaching out to EnvyLabs in the first place a few years back.

Last, I am using CGI.new rather than rack. If these factors could be overcome, I would A) be tremendously grateful and B) seriously consider a proper relaunch of TryRuby.org

mauro-oto commented 11 years ago

Oh, I didn't realize this wasn't the Try Ruby currently online.

Isn't it possible to use a SAFE level of 4? Or is that too restrictive?

Also, it might be worth checking this gem out, but I'm not sure how adaptable that could be.

Sophrinix commented 11 years ago

too restrictive is the wrong word. It would kill interactivity, but SAFE as a ruby method has been shown to have problems.

I can't find the canonical/reference article talking about exactly why SAFE is a bad idea, but it is notable that exploits with and involving SAFE come up all the time.

This one being from December. http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/

Although, I do have to admit, TryRuby from 2009-2011 was never compromised due to any of the code involving SAFE. It was other things that caused it problems.

Also, it's been proposed to deprecate and or drop SAFE from ruby https://bugs.ruby-lang.org/issues/5455#change-25609

that's a fascinating library. it seems to operate on a permissions are whited principal. I'd need to look into this library a bit further. It looks like a promising starting point.

Sophrinix commented 11 years ago

The real question with that gem you referenced is if evalhook is a reasonable library https://github.com/tario/evalhook/

I'm looking into that now