Passenger 2.2.4 packages for Ubuntu 29 Jun 09

Passenger 2.2.4 was released last week and we now have Ubuntu Hardy packages available in our repository.

Passenger 2.2.4 actually is just a small bug fix release for a memory leak in 2.2.3, but obviously brings all the benefits of 2.2.3 too.  A huge number of bugs have been fixed, particularly the “Broken Pipe” errors some sites under heavy loads were experiencing.

As usual, details on installing the packages from our repository are available on our wiki.

If you’re using Passenger and it’s making you happy, please do consider supporting its development by donating money in the form of an “Enterprise License” direct from Phusion, the company behind it.

Ruby BigDecimal denial of service 10 Jun 09

From ruby-lang.org:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

ActiveRecord relies on this method, so most Rails applications are affected by this. Though this is not a Rails-specific issue.

We’re currently  building new Ruby packages for Brightbox customers with the relevant patches to fix this vulnerability. We’ll keep this post updated with the latest news.

UPDATE, 15:46 BST: New Ruby EE packages are now available in our Ruby Enterprise Ubuntu repository. We’re working on updates for the standard Ubuntu version of Ruby.

You can confirm that the update fixes the bug with the following command:

ruby -e 'require "bigdecimal";BigDecimal("E99999999").to_s("F");puts "OK"'

If your version of Ruby is vulnerable, you’ll get a “Segmentation fault” error message, otherwise it prints “OK”.

Is it JRuby? 29 May 09

Carl Mercier has forked our “Is it Ruby 1.9” web app to make “Is it JRuby“, to track which gems work with JRuby. This is how free software is supposed to work!

For those of you not in the know, JRuby is a Java implementation of Ruby, allowing you to run Ruby code on a Java Runtime Environment.  If you’re using or playing with JRuby, head over to isitjruby.com with your feedback.

Carl’s Github project is here and our original is here.

Join the Brightbox team! 12 May 09

Brightbox is looking for two new people to join the systems team, a Senior Linux Systems Administrator and a Linux/Rails System Support person. Both roles are full-time and you can work from home, from our office in Leeds, or a bit of both.

Send a hello, a CV and salary expectations to jobs at the Brightbox UK domain. CVs should be in an open format, preferably PDF or plain text. Closing date is 31^st May 2009.

As always, recruitment agents should e-mail our special recruitment company email address: root@localhost

Read the rest of this entry »

Passenger 2.2.1 Ubuntu beta packages with NGINX support 22 Apr 09

The Phusion team released a new version of Passenger last week, 2.2.1, which sports a shiny new NGINX extension.  It also adds chunked file uploads (Apache only) and improves restarts.

We’ve had to restructure the way our Ubuntu packages are built to enable installation of the NGINX extension, so needs more extensive testing than usual.  The packages are now available for Ubuntu Hardy in our testing repository.

You’ll need to add our testing repository to your apt sources list. And if you’re not on a Brightbox, you’ll need to import our key and add our stable repository too.

Once you’ve done that, you can install the new version of Passenger.  If you’re wanting to just install the Apache version:

sudo apt-get update
sudo apt-get install libapache2-mod-passenger

This will pull in a new dependency, passenger-common.

If you just want to get stuck in with the new NGINX support, install the nginx-brightbox package:

sudo apt-get update
sudo apt-get install nginx-brightbox

This will also pull in the passenger-common dependency. This is NGINX 0.6.36 plus some useful modules: upload progress, upstream fair, geoip, ey-balancer and access key. It will replace any other NGINX packages you have installed (NGINX does not support dynamic modules like Apache).

You can install both Apache and NGINX side by side, but you’ll obviously need to run them on different ports.

The 2.2.1 Apache package has already had quite a bit of testing by us, but the NGINX package has had very little. We’ve already come across a Passenger bug with reloading NGINX (reported here), though we expect this will be fixed quickly.  So basically, these are good to play with but not for production just yet.

If you need any help with these packages, try our Passenger support forum.

Passenger 2.1.3 packages for Ubuntu Hardy 5 Apr 09

Phusion Passenger 2.1.3 has been released and we’ve updated our Ubuntu packages as usual.  Instructions in the usual place on our wiki.

Phusion Passenger 2.1.2 packages for Ubuntu 14 Mar 09

Following Friday’s release of Passenger 2.1.2 by the Phusion folks, we’ve updated our Ubuntu packages.  We’ve been testing version 2.1.1 packages for a little while now and they’ve been very stable, supporting both Rails 2.3 and older apps that still depend on Rack 0.4 (such as older Sinatra apps).

The details are on the usual page on our wiki.  If you have any problems or need any help, try our forums.

The new packages depend on new versions of the Ruby rack libraries (not the gem), but this is provided in our repository too and will be automatically installed. You need to install the fastthread gem yourself though.  Our repository provides a few other useful Hardy packages too.

We are only testing our packages against Ubuntu Hardy right now, but they should install and run fine on newer versions of Ubuntu too.

Remember, for maximum memory savings (and speed improvements) try our Ruby Enterprise Edition packages for Ubuntu Hardy (currently only 32bit packages available).

Announcing isitruby19.com: tracking gem compatibility for ruby 1.9 5 Feb 09

By now you will all have heard of the release of Ruby 1.9.1 - the first, stable, production-ready release of the next-generation Ruby interpreter.  This has a number of enhancements; RubyGems is bundled with the interpreter, native threads are used instead of green threads and we have a general performance boost all round (amongst many others).  

However, there is a significant barrier to Ruby 1.9 adoption; the compatibility of the gems that we have all come to depend on.  

Which is why we’ve launched isitruby19.com - a site that tracks gems and lists whether they are 1.9 compatible.  Each time you come across a gem that works for you, drop by and leave a comment, so we all get a feel for which gems need some work and which are ready today.

Passenger Ubuntu package updated 11 Jan 09

We’ve just built new versions of our Passenger Ubuntu package.  It’s still Passenger 2.0.6, but we tweaked the dependencies so you aren’t forced to use the Apache worker mpm (prefork should work just fine with Passenger).

We’re now also providing 64bit versions of the packages (the source of the 404 errors some of you reported when trying to install the package).

Documentation for the packages in the usual place on the wiki.

More Passenger news coming soon :)

Ubuntu Ruby with COW power! 6 Jan 09

We’ve built some experimental Ruby “Enterprise Edition” packages for Ubuntu Hardy.  Ruby EE is from the guys at Phusion and is copy-on-write friendly so, in combination with Phusion Passenger, saves memory.

Our packages just upgrade (i.e replace) the standard 1.8 Ruby installation, which might not be acceptable for everyone.  But it’s simpler than fiddling about with dual Ruby installations.

So, once you’ve added our experimental repository, you’re one command away from getting copy-on-write friendly Ruby EE.  If you don’t like it for some reason, one command gets up back to where you started.

These packages are currently experimental - we’re using them on a few small projects with good results so far, but they’ve not been heavily tested yet.

More details here on our wiki.