apeiros changed the topic of #ruby-lang to: Nick registration required to talk || Ruby 2.0.0-p195: http://ruby-lang.org (Ruby 1.9.3-p429) || Paste >3 lines of text on http://gist.github.com
PSKOSINSKI has quit [Ping timeout: 240 seconds]
wmoxam has joined #ruby-lang
havenwood has quit [Remote host closed the connection]
mdedetrich has joined #ruby-lang
heftig has quit [Quit: Quitting]
heftig has joined #ruby-lang
fridim__ has joined #ruby-lang
_jpb_ has quit [Ping timeout: 252 seconds]
_jpb_ has joined #ruby-lang
jstorimer has joined #ruby-lang
lutfidemirci has joined #ruby-lang
GeissT has joined #ruby-lang
hashkey has quit []
jstorimer has quit [Ping timeout: 240 seconds]
havenwood has joined #ruby-lang
<whitequark>
zenspider: did you ever release that ruby obfuscator you were working on in 2006?
andrewvos has quit [Ping timeout: 246 seconds]
glebm_ has joined #ruby-lang
marr has quit [Ping timeout: 268 seconds]
marcostoledo has joined #ruby-lang
vlad_starkov has quit [Ping timeout: 240 seconds]
wmoxam has quit [Ping timeout: 252 seconds]
fenicks has quit [Remote host closed the connection]
Kabaka has quit [Ping timeout: 240 seconds]
arubin has joined #ruby-lang
havenwood has quit [Ping timeout: 260 seconds]
Kabaka has joined #ruby-lang
x0f has quit [Read error: Operation timed out]
x0f has joined #ruby-lang
andrewvos has joined #ruby-lang
krohrbaugh has quit [Quit: Leaving.]
krohrbaugh has joined #ruby-lang
<whitequark>
and what happened to metaruby?
krohrbaugh has quit [Client Quit]
krohrbaugh has joined #ruby-lang
_jpb_ has quit [Ping timeout: 246 seconds]
crackity_jones has quit [Quit: Computer has gone to sleep.]
chris_rb_ has quit [Quit: Ex-Chat]
_jpb_ has joined #ruby-lang
bzalasky has joined #ruby-lang
dankest has quit [Quit: Leaving...]
vlad_starkov has joined #ruby-lang
<zenspider>
whitequark: it wasn't released ... it was a commercial product
<zenspider>
whitequark: do you have ANY CLUE how the fuck MRI 2.0 distinguishes between 'def !@' and '!@ivar' ? because it totally looks like it will always slurp up '!@' like an operator
<zenspider>
metaruby got us hired into rubinius and then we dropped it
<zenspider>
I'm so fucking stuck
<zenspider>
I don't want to resort to negative lookahead
pkrnj has joined #ruby-lang
<erikh>
zenspider: thanks for putting that patch in!
_jpb_ has quit [Ping timeout: 246 seconds]
<zenspider>
erikh: n/p
_jpb_ has joined #ruby-lang
<whitequark>
zenspider: I do
<whitequark>
!@ is parsed in EXPR_FNAME state
<whitequark>
"!@" is one token; "!@ivar" are two tokens, "!" and "@ivar"
<whitequark>
longest match rule mandates that "!@" should be lexed in that context
<zenspider>
but mri isn't a peg. I don't see how longest even comes into play
<zenspider>
and the ! handler is before the tIVAR handler
glebm_ is now known as glebm
<whitequark>
hm? longest match is the usual rule for all lexers
<zenspider>
no... MRI's lexer returns immediately on any match
<zenspider>
so it is first one wins
<whitequark>
well, it doesn't, since it distinguishes = and == for example
<whitequark>
but lemme check parse.y
<whitequark>
that will be quicker.
<whitequark>
also, I fixed tabs in RXR
<zenspider>
line 7008 vs 8011
mdedetrich has quit [Quit: Computer has gone to sleep.]
joshuawscott has quit [Quit: Leaving.]
<zenspider>
I'm going with lex_state check and a negative lookahead for now :/
<whitequark>
zenspider: line 6938
<whitequark>
in 2.0.0-p0
<zenspider>
I'm not sure I'm on the same code... whitespace check?
<whitequark>
and IS_AFTER_OPERATOR() includes EXPR_FNAME
<savagecroc>
this is excellent, he's even supported collecting the sudo command
<drbrain>
savagecroc: that's me + zenspider + Defiler
<savagecroc>
ah i couldn't work out how to do the sudo password via Net:SSH
<savagecroc>
and i spent hours on it
<savagecroc>
this should fix all of those problems
jstorimer has joined #ruby-lang
andrewvos has quit [Ping timeout: 240 seconds]
RickHull1 has quit [Quit: Leaving.]
jstorimer has quit [Read error: Connection reset by peer]
jstorime_ has joined #ruby-lang
RickHull1 has joined #ruby-lang
dgibson has joined #ruby-lang
<savagecroc>
drbrain: ah your library ones a single command via ssh and then closes the connection/
<savagecroc>
?
<drbrain>
yes, you can send multiple commands with ;
<savagecroc>
what we've built is a capistrano style replacement.. and so it ends up running thousands of commands and the next command is based on results from previous commands
<savagecroc>
i.e. checking statuses exit codes etc
<savagecroc>
so we pretty much have to maintain an open ssh connection to do it
<drbrain>
ah
<savagecroc>
i've got it working with Net:SSH
<savagecroc>
but i couldn't get the sudo password stuff to work
<savagecroc>
and also i wanted to be able to use our libraries to run code locally and remotely in an identical manner
<savagecroc>
lol.. and ssh'ing to myself seems silly
<savagecroc>
it's a pity there is a distinction between a local environment and a remote environment
<savagecroc>
in terms of the terminal window
hashkey has quit [Ping timeout: 246 seconds]
marcostoledo has quit [Quit: Leaving...]
jstorime_ has quit [Remote host closed the connection]
hashkey has joined #ruby-lang
dgibson has quit [Quit: Lost terminal]
io_syl has joined #ruby-lang
mbj has quit [Ping timeout: 264 seconds]
_jpb_ has quit [Remote host closed the connection]
_jpb_ has joined #ruby-lang
AWW is now known as Aww
Gaelan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
andrewvos has joined #ruby-lang
_jpb_ has quit [Ping timeout: 252 seconds]
_jpb_ has joined #ruby-lang
rrva has joined #ruby-lang
Guest45402 has joined #ruby-lang
Guest45402 is now known as diegoviola
andrewvos has quit [Ping timeout: 264 seconds]
charliesome has joined #ruby-lang
diegoviola has quit [Quit: WeeChat 0.4.1]
jstorimer has joined #ruby-lang
heftig_ has joined #ruby-lang
Gaelan has joined #ruby-lang
RickHull1 has quit [Quit: Leaving.]
heftig has quit [Ping timeout: 246 seconds]
RickHull1 has joined #ruby-lang
ledestin has joined #ruby-lang
<eam>
savagecroc: use something like pam_ssh_agent_auth or pam_krb5_ccache to do passwordless sudo
<eam>
feeding passwords into sudo expect-style is extremely bad practice
<eam>
or ssh in as root directly
<drbrain>
LOL
<eam>
?
<drbrain>
"ssh in as root directly"
<eam>
allowing sshd to perform the privilege elevation is considerably more secure than transmitting your cleartext password to the remote system and feeding it into sudo
<drbrain>
so you don't trust ssh to securely transmit data?
<eam>
(assuming challeng/response via ssh keys, kerberos or the like -- and not password auth)
<eam>
drbrain: you're missing the point. If the remote system is compromised, encryption on the wire is meaningless
<eam>
ssh keys or kerberos will keep secrets off the remote host entirely
<savagecroc>
back back
<eam>
sudo OTOH requires you to feed your password through the remote terminal in cleartext
<drbrain>
then you need to learn how to configure sudo
<eam>
unless you use one of the pam modules I mentioned above
<eam>
drbrain: I've written modules for it, I think I know how
<eam>
how do /you/ think it works?
<savagecroc>
eam: are you going to be around in 30 mins?
<eam>
savagecroc: probably
<savagecroc>
awesome... would love to chat about this more but i've ordered lunch :D
<eam>
hah, sure
<whitequark>
zenspider: also you don't need tUBANG, it's not even present in upstream parse.y... just use tBANG
<whitequark>
aka '!'
tRAS has joined #ruby-lang
lutfidemirci has quit [Remote host closed the connection]
<eam>
drbrain: in normal configuration, sudo reads your cleartext password from stdin/terminal and auths against whatever your system is config'd to use (generally pam, something like pam_unix.so)
lutfidemirci has joined #ruby-lang
<drbrain>
eam: if you can change one thing you can change another, like the sudoers configuration
<eam>
what I'm suggesting is to modify the pam config to farm it out to a challenge-response system, like ssh-key based
<eam>
drbrain: yeah but that's what I said: "use something like pam_ssh_agent_auth or pam_krb5_ccache to do passwordless sudo"
<whitequark>
drbrain: the point here is to keep *password* off the remote host
<whitequark>
the secrets
<eam>
those are PAM modules for sudo
<drbrain>
sudo can be configured to not need a password
lutfidemirci has quit [Read error: Connection reset by peer]
<eam>
(one of which I'm the author of)
crackity_jones has joined #ruby-lang
<whitequark>
drbrain: right. sudo plus pam_ssh_auth allows you to not have passwordless sudo on remote host
<whitequark>
drbrain: so if *something else* runs with rights of your account, it won't be able to escalate its privileges
<eam>
you can also use NOPASSWD -- but I'd suggest using sshd itself instead
<drbrain>
sounds a hell of a lot better than logging in directly as root
<eam>
drbrain: nah
<eam>
common misconception
<eam>
"don't log in as root" is advice for people who know nothing, who would use logging in as root for day to day operations
<eam>
and while that's good advice, it really doesn't apply when considering a holistic approach to privilige escalation in a production environment
<eam>
privilege even
<whitequark>
eam: also, nice trick. thanks. I will probably use it.
<eam>
whitequark: it's really really cool, have used it at large scale
cofin has joined #ruby-lang
brianpWins has joined #ruby-lang
hashkey has quit [Ping timeout: 252 seconds]
glebm has quit [Quit: Computer has gone to sleep.]
dhruvasagar has quit [Ping timeout: 246 seconds]
andrewvos has joined #ruby-lang
brianpWins has quit [Quit: brianpWins]
hashkey has joined #ruby-lang
andrewvos has quit [Ping timeout: 246 seconds]
brianpWins has joined #ruby-lang
Sambalero has quit [Remote host closed the connection]
Icharus has joined #ruby-lang
kgrz has joined #ruby-lang
<savagecroc>
ok back
<savagecroc>
eam: ok currently i have sudo set to NOPASSWD
<savagecroc>
so what i'm worried about is if some command gets executed in my user account
<savagecroc>
they don't need to authenticate to run it
jstorimer has quit [Remote host closed the connection]
<savagecroc>
so basically i have root, sysadmin1, sysadmin2, nginx, postgres, app1, app2, app3, app4 etc as my users. root i never login as but sysadmin1 and sysadmin2 both have nopasswd for sudo
kgrz has quit [Ping timeout: 260 seconds]
<savagecroc>
nginx only has read access to the webserver directory, postgres only postgres stuff.. and the apps only have read access to files and write access to log files (and some directories where they need to dump cache stuff)
<savagecroc>
for deployments everything gets run via sysadmin1 / sysadmin2
RickHull1 has quit [Quit: Leaving.]
RickHull1 has joined #ruby-lang
krombr has quit [Remote host closed the connection]
crackity_jones has quit [Quit: Computer has gone to sleep.]
jsullivandigs has joined #ruby-lang
ledestin has quit [Ping timeout: 246 seconds]
<eam>
savagecroc: yo
<savagecroc>
hey
brianpWins has quit [Quit: brianpWins]
<savagecroc>
eam: ok
<eam>
I'd typically either grant users access to those role accounts directly (especially if you want to say, rsync as that user) or use a pam module to make sudo authenticated, but not via passwords
<savagecroc>
so pretty much the script that connects essentially is a "root" script.. it can decide which commands to run as root and which should be run as a particular user
<eam>
savagecroc: the best way to drive that decision tree is sshd, imo, by granting the correct users access to login via ssh keys
<eam>
running a homebrew dispatch script as root is an easy attack vector
<eam>
sudo is an ok-ish version of a configurable dispatch script, but it's kinda clumsy and often misconfigured itself
<savagecroc>
so you'd allow every user login ability?
<savagecroc>
i.e. app1 can actually ssh in
<eam>
savagecroc: you can limit commands if you want, via ~/.ssh/authorized_keys
<eam>
restricted shell, etc
<savagecroc>
eam: ohhh whitelist the commands?
<eam>
yup
<savagecroc>
how does chef do it.. install a module on the server.. then that server starts delegating the commands
Sambalero has joined #ruby-lang
<eam>
in your security model you should probably still assume they can run arbitrary commands, but it can help limit policy-wise what goes on
<eam>
savagecroc: not familiar with chef, but in the file chef configures you can list the commands and other options
<savagecroc>
lol.. lots of thinking to do
<eam>
if you let someone deploy and invoke code as a user, they essentially have full access to the user
<savagecroc>
yeah but the people who can deploy have full access to the system anyway
andrewvos has joined #ruby-lang
hhatch has joined #ruby-lang
arooni-mobile has quit [Ping timeout: 252 seconds]
andrewvos has quit [Ping timeout: 248 seconds]
wallerdev has quit [Quit: wallerdev]
achiu1 has quit [Quit: WeeChat 0.4.1]
achiu has joined #ruby-lang
wallerdev has joined #ruby-lang
Gaelan has quit [Quit: Bye!]
tomzx_mac has quit [Ping timeout: 268 seconds]
kgrz has joined #ruby-lang
jstorimer has joined #ruby-lang
jstorimer has quit [Ping timeout: 246 seconds]
kgrz has quit [Remote host closed the connection]
cofin has quit [Quit: cofin]
hashkey has quit [Ping timeout: 264 seconds]
<charliesome>
whitequark: TIL about !@
hashkey has joined #ruby-lang
Sambalero has quit [Remote host closed the connection]
<charliesome>
drbrain: i see you were advocating sudo with NOPASSWD earlier… i suggest you check out http://rubygems.org/gems/panic ;)
andrewvos has joined #ruby-lang
<judofyr>
where it generates different code for <%= foo %> and <%= foo do %>
ffio_ is now known as ffio
<judofyr>
charliesome: I'm just waiting for "User X has left IRC (connection reset by peer)"
<judofyr>
reminds me of the nice trick of saying there was an easter egg in mIRC you could invoke with Ctrl-zorro
<judofyr>
(where ctrl-z was actually "quit")
<judofyr>
oh, or a nice Norwegian one: "partall" and "oddetall" means evens/odds, so you could ask: "is 6 a /partall or a /oddetall" and people would run the /part all command
adambeynon has joined #ruby-lang
<judofyr>
good times
<charliesome>
haha
<charliesome>
reminds me of F10 in team fortress 2
<judofyr>
so what does it do?
<judofyr>
ah, closes the game
<judofyr>
nice
mistym_ has quit [Remote host closed the connection]
<charliesome>
also the download count for the panic gem has ticked up 2 since i pasted it in here :\
<charliesome>
i should update it with some local priv escalation exploits
<judofyr>
10:38 mistym_ has left IRC (Remote host closed the connection)
andrewvos has quit [Ping timeout: 240 seconds]
<charliesome>
lol
<drbrain>
I'm a big fan of `gem unpack` when somebody says "hey, install this!"
<judofyr>
yeah
<charliesome>
oh cool TIL
<charliesome>
i've always been doing it manuall
<charliesome>
y
<judofyr>
I wish there was I way to say "review extconf.rb" before installing
<charliesome>
judofyr: this *10000
<charliesome>
drbrain ^
<charliesome>
i wasn't sure why that string escaping exploit a while ago was even a big deal
<charliesome>
when extconf.rb is an even bigger hole
<drbrain>
that could be done, can someone open a feature request on rubygems/rubygems?
<charliesome>
drbrain sure
M_BlX has joined #ruby-lang
<charliesome>
unless judofyr wants to claim it
<judofyr>
charliesome: you can do it
<charliesome>
it'll probably break bundler though
<drbrain>
if bundler uses the API properly it might be fine
tbuehlmann has joined #ruby-lang
bzalasky has joined #ruby-lang
<yorickpeterse>
charliesome: I'm lazy so copy-pasta: yorickpeterse | charliesome: you're famous here at Euruko
<drbrain>
there's one that does typo correction via method_missing
<charliesome>
yorickpeterse: add levenshtein to the method lookup code of MRI
<yorickpeterse>
drbrain: wat
bzalasky has quit [Remote host closed the connection]
dc5ala has joined #ruby-lang
M_BlX has quit [Remote host closed the connection]
bzalasky has joined #ruby-lang
zmike123 has joined #ruby-lang
dc5ala has quit [Quit: Ex-Chat]
solars has joined #ruby-lang
bzalasky has quit [Remote host closed the connection]
solars has quit [Ping timeout: 246 seconds]
andrewvos has joined #ruby-lang
mikewintermute has quit [Quit: mikewintermute]
andrewvos has quit [Ping timeout: 276 seconds]
sbpraveen34 has joined #ruby-lang
gianlucadv has joined #ruby-lang
relix has joined #ruby-lang
savagecroc has quit [Remote host closed the connection]
benanne has joined #ruby-lang
lutfidemirci has quit [Remote host closed the connection]
stamina has joined #ruby-lang
bzalasky has joined #ruby-lang
lsegal has quit [Quit: Quit: Quit: Quit: Stack Overflow.]
dernise has joined #ruby-lang
<dernise>
'Morning!
workmad3 has joined #ruby-lang
dankest has joined #ruby-lang
bzalasky has quit [Remote host closed the connection]
<whitequark>
charliesome: what did you hack
cored has quit [Ping timeout: 248 seconds]
hapster has joined #ruby-lang
cored has joined #ruby-lang
cored has quit [Changing host]
cored has joined #ruby-lang
dankest has quit [Quit: Leaving...]
Taranis has joined #ruby-lang
andrewvos has joined #ruby-lang
sepp2k has joined #ruby-lang
vlad_starkov has quit [Read error: Connection reset by peer]
vlad_starkov has joined #ruby-lang
<charliesome>
whitequark: their oauth
<charliesome>
found a csrf that let me get full access to a logged in user's account with no user intervention
andrewvos has quit [Ping timeout: 276 seconds]
zmike123 has quit [Read error: Connection reset by peer]
workmad3 has quit [Ping timeout: 268 seconds]
<dernise>
What's the difference between : @variable and self.variable ?
<Mon_Ouie>
@variable accesses an instance variable, self.variable calls the variable method on self
<Mon_Ouie>
If that method was defined using attr_reader (or attr_accessor) they will return the same thing, but the latter could read "variable" from another source than instance variables
swav has quit [Remote host closed the connection]
swav has joined #ruby-lang
<dernise>
got it
<dernise>
thanks
setmeaway has joined #ruby-lang
io_syl has joined #ruby-lang
swav has quit [Ping timeout: 256 seconds]
zmike123 has joined #ruby-lang
postmodern has quit [Quit: Leaving]
zmike123 has quit [Ping timeout: 246 seconds]
Weems has quit [Ping timeout: 252 seconds]
peterc has joined #ruby-lang
rue has quit [Remote host closed the connection]
rue has joined #ruby-lang
jstorimer has joined #ruby-lang
rrva has quit [Quit: Lost terminal]
canton7 has joined #ruby-lang
andrewvos has joined #ruby-lang
zmike123 has joined #ruby-lang
Mon_Ouie has quit [Read error: Connection reset by peer]
Mon_Ouie has joined #ruby-lang
Mon_Ouie has joined #ruby-lang
apeiros has joined #ruby-lang
xxaM has quit [Remote host closed the connection]
PSKOSINSKI has joined #ruby-lang
relix has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
workmad3 has joined #ruby-lang
justinram has joined #ruby-lang
xxaM has joined #ruby-lang
glebm has joined #ruby-lang
glebm has quit [Client Quit]
kgrz has quit [Remote host closed the connection]
stamina has quit [Ping timeout: 276 seconds]
workmad3 has quit [Ping timeout: 252 seconds]
hapster has quit [Quit: Leaving]
roadt has quit [Ping timeout: 256 seconds]
WindSong has joined #ruby-lang
WindSong has left #ruby-lang [#ruby-lang]
lutfidemirci has joined #ruby-lang
tbuehlmann has quit [Remote host closed the connection]
Mon_Ouie has quit [Ping timeout: 268 seconds]
ruurd has joined #ruby-lang
glebm has joined #ruby-lang
gja has quit [Quit: This computer has gone to sleep]
<mistym>
I call my monkey patches *after* `require 'ostruct'`
<judofyr>
hm
<judofyr>
it looks right
<mistym>
...oh, of course, initialize is pry bound to the original new_ostruct_member rather than the new one of that name?
<judofyr>
it should pick up the new method
<mistym>
And even when I redefine initialize it's picking up on the old one
<mistym>
...okay, what the hell. Even when I redefine initialize *that's* not being called
<mistym>
My monkey-patch is being evaluated, because if I stick a puts in the class body it picks *that* up
<judofyr>
one does not simply monkey-patch ostruct.rb, it seems
<mistym>
Please, please tell me monkey-patches *work* in 1.8.2
<judofyr>
I don't know
<judofyr>
I woudl think so
<mistym>
OK, so monkey-patching the class in IRB works. It *doesn't* if I put it in my backports file and require that after requiring ostruct.
<mistym>
Ah. Requiring ostruct in the file with the monkey-patches was what was necessary. I'm pretty sure it was already loaded by that point, but whatever
<mistym>
judofyr: Yeah, and at this point I'm considering uncoupling it from the system Ruby on Tiger.
<mistym>
But it has to be minimally functional first because if people are going to install a newer Ruby, they need Tigerbrew to work in order to do that
<judofyr>
mistym: why not just port Mountain Lion to PPC? :D
<mistym>
judofyr: If Apple gives me their source code... ;o
<mistym>
More seriously, some people are stuck on Tiger (and PPC) because they need Classic, but also need modern *nix software on the same box.
workmad3 has quit [Ping timeout: 248 seconds]
<judofyr>
mistym: I feel their pain
<mistym>
People in video and photography houses have specialty hardware they still use that was never updated past OS 9, for example. A surprising number of shops keep old Macs around for that reason.