Quelques conseils pour tenir bon lors d’une soirée électorale

Sortie de Ruby 1.9.3-p194

Ruby 1.9.3-p194 a été publié.

Cette version inclut un correctif de sécurité pour RubyGems : elle corrige l'échec de la vérification des certificats SSL sur les serveurs. Elle contient également des correctifs pour d'autres bugs.

Correctif de sécurité pour RubyGems : échec de la vérification des certificats SSL sur les dépôts distants

Cette version inclut deux correctifs de sécurité pour Rubygems :

  • Elle active la vérification des certificats SSL serveur
  • Désactive les redirections du https vers le http

Les utilisateurs qui utilisent des sources en https dans les fichiers .gemrc ou /etc/gemrc sont encouragés à mettre à jour vers la version 1.9.3-p194.

Voici un extrait des notes de sortie de RubyGems 1.8.23 [1].

« Cette version augmente la sécurité quand RubyGems communique avec des serveurs https. Si vous utilisez un serveur RubyGems privé en SSL, cette version empêchera RubyGems de s'y connecter à moins que le certificat SSL ne soit valide.

Cependant, vous pouvez configurer l'utilisation des certificats SSL dans Rubgems grâce aux options :ssl_ca_cert et :ssl_verify_mode des fihiers ~/.gemrc et /etc/gemrc. La bonne pratique consiste à renseigner :ssl_ca_cert avec le certificat du CA de votre serveur ou d'un groupe de certificats contenant celui de votre CA.

Vous pouvez aussi définir :ssl_verify_mode à 0 pour désactiver complètement la vérification des certificats SSL, bien que ce ne soit pas recommandé. »

Merci à John Firebaugh pour avoir remonté ce problème.

[1] <URL:https://github.com/rubygems/rubygems/blob/1.8/History.txt>

Correctifs

  • Correctif de sécurité pour RubyGems : échec de la vérification des certificats SSL sur les dépôts distants
  • d'autres corrections diverses.

Pour plus d'informations, vous pouvez consultez les tickets et le ChangeLog.

Téléchargements

Gem money

Écrire un service web en C

Écrire un service web en Go

Node.js is the new PHP

Like any new stuff a bit hype and rapidly gaining traction, Node.js is sometimes under the fire of developers considering Node.js as a bad library. PHP has been and is still in this state with a lot of developers in the community but with a lot of people considering it harmful.

Why Node.js is gaining traction?

Node.js enables developers to create async web servers without headaches because you don't have to think about threads and other concurrency stuff. You can find a good explanation here. Using evented & long-lived protocols like Websockets is very easy. The underlying language of Node.js, Javascript, is more and more widespread so more and more people can understand Node.js because they know Javascript. We can't say the same things for concurrent languages such as Erlang, Haskell or Clojure. Finally I find the documentation pretty good, and the wiki has a list of libraries that's worth a quick read.

Node.js has design flaws

You'll not have headaches regarding concurrency (at first), but you'll have them when dealing with callbacks. For some cases I almost ended up with one callback per line, that's crazy!

The current focus of languages and libraries is to ease the development for multicore CPUs. Node.js uses just one core with its single threaded evented loop. This is the most attacked side of Node.js, it can be a serious issue for scalability and forking is not the ideal solution.

Node.js is not well suited for business logic. Its approach to concurrency is simple and can be a perfect fit for some use cases, but it can be harder than concurrent languages in others.

The future of Node.js

There are already some libraries to help resolving these issues and next versions will add some features to run "child processes" in threads.

But more features can mean more complexity and core & 3rd party developers have to be careful to not add overkill features while maturing Node.js.

To use or not to use Node.js

At the beginning PHP gained traction because it was easy to build websites. In addition it was very common on hosting services. And PHP has a very good documentation. The focus nowadays is on webapps and real-time, Node.js is the easy way to do it and Javascript is more and more common which makes Node.js easier to understand.

PHP had design flaws and still has some. Node.js chose to be simple but may be too simple and the maturing can exacerbate the flaws or resolve the issues, we'll have to wait & see.

The parallel between PHP and Node.js is evident.

And I think it's really important to not fall into the trap of the hype using Node.js for everything without learning about concurrent languages that may solve your problems more elegantly than Node.js.

The wiki page on the projects using Node.js is a good indicator of what you can do with it.

Faire ses premiers pas avec Go