Posts tagged ‘ruby’

Ruby Security Vulnerabilities 25 Jun 08

Some of you will have noticed the kerfuffle regarding the recent Ruby security vulnerabilities.  Fixed version of Ruby were released over the weekend but they are causing crashes in applications.  Until working fixes are available we’re all a bit stuck.

Details of the bugs have been kept officially secret but people are figuring it out for themselves (thanks to Zed in particular).  This secrecy has just contributed to the fear, uncertainty and doubt surrounding the issues and hasn’t helped the situation at all.

We currently recommend sitting tight until proper fixes are available.  When this happens, distros will release new packages in the usual manner.  Brightboxes are based on the Ubuntu distro and their security team are aware of the problem and are working on it (see the bug status here).

For those of you using the standard Ruby from Dapper (most of you) you should be able to just upgrade  using aptitude as soon as Ubuntu release new packages.  For those of you using the backported Ruby 1.8.6 packages, you’ll need to wait for us to backport the fixes once they’re released.  We’ll obviously be doing this asap.

We’ll update the blog as we know more.

UPDATE: Ubuntu have fixed ruby1.8 packages available now. They have already appeared in the Ubuntu security repository and are available for install.  Preliminary testing of the Dapper packages has been successful (gems with native libraries too).  We’re re-backporting the Hardy 1.8.6 packages right now and they’ll be available soon.

UPDATE: We have the fixed Hardy packages (1.8.6-p111) backported to Dapper available on the Brightbox testing apt repository.  They’ve passed a lot of preliminary tests but have not been tested extensively in production yet.  Please report any problems  with them (segfaults etc.) to support@brightbox.co.uk.

Posted 25 June 2008 by John Leach ::: add comment

backport dapper hardy ruby security ubuntu vulnerabilities

Euruko 2008 Ruby Conference, Prague 28 Mar 08

John and I are currently in Prague for the Euruko 2008 Ruby Conference.

It looks to be a busy but fun weekend - Brightbox is sponsoring the event, providing drinks for the party at La Fabrika on Saturday evening plus we’re doing a special discount exclusively for Euruko attendees.

If you’re here too, do come and say hello.

UPDATE (2 Apr 2008): Had a great time, and met lots of cool people. Check out the photos on Flickr. Big thanks to Karel Minařík and his team for all their hard work in organising such a great event.

Posted 28 March 2008 by Jeremy Jarvis ::: add comment

czech republic euruko prague ruby ruby conference

Ruby 1.8.6 and ImageMagick 6.3 for Ubuntu 6.06 Dapper 20 Mar 08

We’ve backported some packages useful for Ruby on Rails deployment to the long term support Ubuntu Dapper distro.  They’ve been available for a while but it only just ocurred to us this might be useful to others!

Dapper has Ruby 1.8.4 (though labelled as 1.8.2 in the package list) and ImageMagick 6.2.  Ruby 1.8.4 has some known problems that are fixed in 1.8.6 and the rmagick gem recently updated to version 2, reportedly fixing the memory leaks, but it requires ImageMagick 6.3.

We backported Ruby 1.8.6 p111 and ImageMagick 6.3 from the latest development version of Ubuntu (Hardy Heron) to Dapper.  They’ve been in use on a few boxes and no problems so far.  Feel free to make use of them.  We’ll be backporting any security updates as they come.

General details of the repository are here, with specific information about Ruby 1.8.6 and ImageMagick 6.3 on their own pages.

Ubuntu Hardy Heron is due out in the next few month, which brings a lot of this stuff with it.  Some of you might have the luxury of being able to upgrade to it, but some may need to stick with Dapper for a while - hopefully these packages will help you out.

Posted 20 March 2008 by John Leach ::: add comment

backport beta better dapper faster free-software imagemagick open-source packages rmagick ruby stronger tech ubuntu upgrade

Leeds Ruby Thing 4 Feb 08

If you’re in or around Leeds this Thursday, pop over to the Victoria Hotel pub at 7pm for the inaugural Leeds Ruby Thing (for want of a better title!).

No clear plan yet, but expect unstructured discussion of Ruby and Ruby on Rails at least. Plus nice people, beer and geeky tshirts. All welcome!

More details here: http://upcoming.yahoo.com/event/423116

We’ll put a little sign up somewhere so you can find us (in case a bunch of people with laptops loudly discussing Ruby might be difficult to locate).

Posted 4 February 2008 by Jeremy Jarvis ::: 1 comment

leeds meetup ruby social westyorkshire yorkshire