Security in use of contants

> "Unit tests provide positive reinforcement that your features behave
> as expected."
>
> Yehh, if you know how to write bulletproof unit tests......

You know the difference between negative and positive reinforcement, right?

"right?"

Nope, PLZ explain it.

peter

""causes a warning""

"This is interesting, do you have a rubydoc link to this topic ? "

And don't forget this Q.

peter

On Sunday 17 August 2008 22:06:51 loolek wrote:
> "What kind of bad thing can you do with Ruby constants? "
>
> I think this is not the question of ruby. Imagine this -> there is a
> constant that holds the value that triggers the cooler sticks in a
> nuclear power plant. Than the bad guy "overwrites" it, what comes
> next ?

Ok, first, how does the "bad guy", whoever they are, get the ability
to "overwrite" it? They shouldn't even be on the same _network_, let alone in
my memory space.

And, for that matter, if they were in my memory space, they can do a hell of a
lot worse than "overwriting a constant".

Here, I think XKCD explains this better than I could:

http://xkcd.com/463/

> Are you sure, you will be ingnorant if you where living in the next
> city from the plant ?

Sorry, but the magnitude of possible failure doesn't prove your point.

No one is saying that it's OK to be less secure. What we are saying is that
you are wrong about how to go about being secure.

In other words, we are saying that your attitude towards security is more
likely to blow up that hypothetical plant than, say, proper unit testing.

On Aug 17, 7:00*pm, Kless <jonas....@googlemail.com> wrote:
> Is secure use constants?
>
> I come from Python and it isn't recommended there.

Ops! I was wrong! I mean global variables instead of constants. Sorry!

"Ok, first, how does the "bad guy", whoever they are, get the ability
to "overwrite" it? They shouldn't even be on the same _network_, let
alone in
my memory space.

And, for that matter, if they were in my memory space, they can do a
hell of a
lot worse than "overwriting a constant".

This topic turned to interesting "ruby hacker" lessons. But first let
me answare your Qs ->

"Ok, first ... whoever they are"

a. May be ter*rist or whatever, don' really matter. But they are only
one guy.


"get the ability to "overwrite" it?"

Secound, play that -> i am the bad guy...

a. I was won the ruby programmer job at the plant -> I'm in!

b. I hacked the box of the security guy of the plant (home machine).
Why? Becouse he/she is got connection to the inner plant network
(SSH). So i am in again! (idea from Kevin)

c. I gave a really cool video game CD to my "new friend Joe", who is
working at the plant. Why? Becouse he will install it on the inner
box, just for fun. The game will install me among the cool game. So i
am in again!

d. Maybe in the plant, there is some "hard but alive" way -> between
the local and public lan.

e. Should i continue?


"let alone in my memory space."

Hmm, how do you mean this? The ruby code will guard the memory/
hardware/io/etc. I really don't get you?

But anyway -> i was first hacked the unpatched Linux kernel... Should
i continue the "how"?

a. I thought only only the CPU's protected mode can do this kind of
job. Or i am wrong?


"WE are saying is that you are wrong about how to go about being
secure."

I think "hypotheticaly" -> i am right. In other words, you STILL don't
see the DANGER that the week coding language cousing?

"hell of a lot worse than "overwriting a constant""

Oh yes, i see now -> you don't smell the dager still, becouse you
asking this silly Q. But okay, what worse could happen?

a. You are dead.
b. Your home city is dead too.
c. You mom is dead too.
d. The water in your area is posioned for a long time.
e. etc.

peter

On Mon, Aug 18, 2008 at 4:26 AM, loolek <balla.peter@gmail.com> wrote:
(A bunch of stuff about trying to be l33t.)

There are many of ways, peter, to secure Ruby. Maybe, you should ask _why.

That pun is intended.

_why made an open Ruby programming irb interface on the internet. You
can _almost_ do anything you want on that site
(http://tryruby.hobix.com). Constant security, blah.

Todd

On Aug 17, 2008, at 10:51 PM, loolek wrote:

> ""causes a warning""
>
> "This is interesting, do you have a rubydoc link to this topic ? "
>
> And don't forget this Q.

$ ruby -e 'C = "once"; C = "oops"'
-e:1: warning: already initialized constant C

James Edward Gray II

Why does loolek feel so much like Ilias? Hmm=85

James Edward Gray II=

"http://tryruby.hobix.com"

This site is a bad ruby "demo", or i dont know. I followed the
instructions ->

type help <- the result is an error

type 2 + 6 <- the result is Bad Gateway error

>> 2 + 6
<html>
<head><title>502 Bad Gateway</title></
head>
<body
bgcolor="white">
<center><h1>502 Bad Gateway</h1></
center>
<hr><center>nginx/0.6.31</
center>
</
body>
</
html>
>>

Where was i wrong ?

peter

"$ ruby -e 'C = "once"; C = "oops"'
-e:1: warning: already initialized constant C "

Okay, but i don't decide yet to use ruby or not. So i have not
installed Ruby so far...

So ask again, PLZ send me a RubyDoc link about this topic !

The Google search dosn't fint this frase ->

google says: "Your search - site:rubydoc.org "already initialized
constant" - did not match any documents."

peter

2008/8/18 loolek <balla.peter@gmail.com>:
> "$ ruby -e 'C = "once"; C = "oops"'
> -e:1: warning: already initialized constant C "
>
> Okay, but i don't decide yet to use ruby or not. So i have not
> installed Ruby so far...

Peter, in Ruby others can change almost everything that you have
written, and they can change it at runtime, without having access to
your code: constants, classes, methods, instance variables, and so on.
So I think Ruby isn't the right language for you.

Regards,
Pit

On Tue, Aug 19, 2008 at 3:37 AM, Pit Capitain <pit.capitain@gmail.com> wrote:
> 2008/8/18 loolek <balla.peter@gmail.com>:
>> "$ ruby -e 'C = "once"; C = "oops"'
>> -e:1: warning: already initialized constant C "
>>
>> Okay, but i don't decide yet to use ruby or not. So i have not
>> installed Ruby so far...
>
> Peter, in Ruby others can change almost everything that you have
> written, and they can change it at runtime, without having access to
> your code: constants, classes, methods, instance variables, and so on.
> So I think Ruby isn't the right language for you.
>

Neither is any language that resides in memory or has any connection
to the pysical world.
http://imgs.xkcd.com/comics/real_programmers.png from http://xkcd.com/378

> Regards,
> Pit

On Aug 18, 8:37 pm, Pit Capitain <pit.capit...@gmail.com> wrote:
> 2008/8/18 loolek <balla.pe...@gmail.com>:
>
> > "$ ruby -e 'C = "once"; C = "oops"'
> > -e:1: warning: already initialized constant C "
>
> > Okay, but i don't decide yet to use ruby or not. So i have not
> > installed Ruby so far...
>
> Peter, in Ruby others can change almost everything that you have
> written, and they can change it at runtime, without having access to
> your code: constants, classes, methods, instance variables, and so on.
> So I think Ruby isn't the right language for you.
>
> Regards,
> Pit

"Peter, in Ruby others can change almost everything that you have
written,"

Cool, could you give me a good link for self Ruby education ?

"So I think Ruby isn't the right language for you."

A big no -> i mean: i could decide what good for me and not you !!!

peter

2008/8/18 loolek <balla.peter@gmail.com>:
> Cool, could you give me a good link for self Ruby education ?

Peter, I'm sure you'll be able to find the official Ruby homepage and
navigate from there to the introductory documentation. Specific
questions like the not-so-constant constants in Ruby as in this thread
are normally answered here on ruby-talk.

>> "So I think Ruby isn't the right language for you."
>
> A big no -> i mean: i could decide what good for me and not you !!!

That's exactly why I wrote "I think", not "I decide for you". From
your questions I got the impression that you are looking for a
language which allows you to create tightly sealed programs. On the
other hand, Ruby is one of the most open and flexible languages I
know.

Maybe you can tell us more about what you are really looking for, what
kind of programs you want to create, etc. Many of us here on ruby-talk
know a lot of other programming languages and could tell you what we
think would be the right language for your purposes. Again: of course
it is you who finally has to make the decision.

Regards,
Pit