Ruby Lugdunum
aka RULU 2013
June 20-21, Lyon, France

Hacking With Gems

Benjamin Smith from Pivotal Labs

Blog: bsmith Github: benjaminleesmith

What's the worst that could happen if your app has a dependency on a malicious gem? How easy would it be to write a gem that could compromise a box?

Much of the Ruby community blindly trusts our gems. This talk will make you second guess that trust. It will also show you how to vet gems that you do choose to use.

There are four malicious gems I will be presenting:

  • Harvesting passwords from requests going through a Rails app
  • Exposing the contents of a Rails app's database
  • Compromising the source code of a Rails app
  • Providing SSH access to a box a 'gem install' time and stealing gem cutter credentials (and going viral)

My talk will increase awareness that these sort of gems can exist in the wild, show how easy it is for anyone to build malicious gems, and give easy techniques for identifying these gems.

Benjamin is a developer at Pivotal Labs. He has a strong passion for TDD, pairing, Agile and using technologies that get out of the programmer’s way (or the programmer out of the way). When not writing code, he follows his other passions into the outdoors to rock climb, back country snowboard, kayak and surf.

Dependencies, a boring, solved problem?

Greg Karékinian from Green Alto

Blog: Greg Karékinian Github: @gkarekinian

As Ruby developers, we all love RubyGems and Bundler. These tools are pretty amazing when it comes to installing the dependencies of your web app. Do they solve everything for command-line applications too?

In theory, you install the right version of Ruby and then run gem install. In practice, it's a bit more complicated than that.

I will show you examples of the different ways things can and will break, based on real issues I encountered as a developer and sysadmin. That includes dependencies that "work today!" (but probably won't tomorrow) and the mess created by the API instability in gems like json. We will also look at how other programming languages deal with library and their dependencies. Finally, I will tell you why vendoring everything in a system package is a good approach.

Greg is an infrastructure developer and a cofounder at Green Alto where he writes code that builds servers. After managing Linux servers in his bedroom in high school for fun, he learned HTML, CSS and PHP by himself. He never thought of making a career of it until it actually happened. He became a professional frontend developer back when you didn't have to know JavaScript, learned OOP, TDD and MVC all at one with Python, switched to Ruby & Rails around the release of Rails 2.0. Just before the asset-pipeline was released, he moved to writing command-line tools in Ruby for delivering/validating/testing an embedded critical inertial navigation system application written by a large avionics team. When he's not hacking on Open Source he's probably playing the bass, drinking czech beer or at a meetup. He lives in Berlin and is responsible for 5apps' infrastructure.

Ruby Groups: Act Locally - Think Globally

PJ Hagerty from Engine Yard

Github: aspleenic

There are thousands of local Ruby groups worldwide. Sadly, many suffer along, become stagnant, some even die off. How can you make your local Ruby Group better and in so doing, improve the global Ruby Community? This talk focuses on the human side of getting a group together and making it successful so the members, as a group can contribute to the larger community. It is a universally useful guide to improving all parts of the ruby community, starting on a local level.

A Ruby on Rails developer for the last 4 years, I currently work at Engine Yard as the US-East Team Lead and Community Lead for their world-class Application Support team. Additionally, I organize the Western New York Ruby Brigade. Traveling to conferences and Ruby meet ups around the US and Canada, I like to spread the word on the importance of community and coding, stressing the importance of outreach and focusing on the human side of being a coder.

From no code to a profitable business

Jérémy Lecour from HotelHotel

Blog: jeremy Github: jlecour

It took us four years to grow from an ambitious idea to a profitable business, with a small team and not a lot of resources. I'll tell you how making "just enough" and "good enough", with a fine mix of various best practices, a lot motivation and some Ruby, we've managed to build a fast-growing product and a happy company.

Jérémy has been a web developer for 12 years, passionate about all things relating to the web tech and always curious about new things to learn and use in his work and play. He has lead a small team for 4 years that use a heady mix of old and new tech on a site that helps search for and compare hotels. Jérémy is a Code Retreat facilitator and a core member of both Provence Linux User Group (PLUG) and Pastis Ruby Brigade in Marseille.

A Tale of Two Rubies

Joshua Ballanco from Burnside Digital

Github: jballanc

We are often told that looking at a programming problem from more than one angle can be the key to finding a solution...but what about programming languages themselves? Does having multiple implementations of Ruby just mean that we can run Ruby code in more places? Or can alternate implementations improve the Ruby language itself? In this talk, I will tell the story of how a bug in JRuby led me to an area of poorly specified behavior in MRI, and how both implementations, and the Ruby language itself, came out better in the end.

Joshua has worked with Objective-C since 2002 and Ruby since 2004. He has built operating systems with Apple, local news websites with AOL, and somehow managed to finish a Ph.D. along the way. Currently, Joshua is Chief Scientist at Burnside Digital where he works with an amazing team of engineers and designers to solve problems for a wide range of clients. He works and lives in Ankara.

Let's take a walk

Thomas Riboulet

Blog: Random dev Github: mcansky

We are no factory: we are delicate organic systems that can work nicely if they are respected and used properly. We do not crash because we don't do enough, we crash because we do too much. We continually push ourselves to work, deliver and build : we expect and are expected to produce a lot. We forget we are not factories producing tons of product every day. We are machines, biological ones, tailored by millennia of genetic history. Ignoring this, leads to crashes.

What is a proper schedule for our brain to learn and process information? Why can't we stay focused for 8 hours? What is the impact of sleep and naps? What is the impact of physical activity in our daily lives? In this talk we will see how much modern workplaces and schedules are disconnected from our biology, how we can change little things to avoid big crashes, work better and be happier.

Born in the south of France, raised in the wild with cats and dogs with Apple computers and Tolkien stories. Difficult to avoid the family trade and by 2000 he was writing code and compiling kernels. After riding a dragon and crossed Oz by train he came back to old Europe to write articles and solve problems in Ruby.

From .NET to Ruby

Michael Wawra from Twilio

Github: xmjw

Think of the satisfaction you felt the first time you wrote a chain of Ruby method calls, as a C# developer, this was a scary moment. In this talk Michael will describe unlearning the C# way as he learned the Ruby way. How the languages compare, how the toolbox differ, and the pure joy of the brevity built into Ruby.

Michael is a developer evangelist at Twilio, helping people embrace cloud communications. He loves anything that can be programmed, especially things that can be connected into Lego. Prior to Twilio, Michael was consulting in the City of London - mostly building other peoples' websites. He was once involved in Telecoms R&D, and has a guilt-inducing software patent around the Linux IP Stack. He is forever looking for good causes to contribute code to, and always looking to iterate and make stuff better!

Web Linguistics: Towards Higher Fluency

Arne Brasseur

Blog: Github: @plexus

Do you know what XSS stands for? If not, you'll find out, and you'll learn how to make these vulnerabilities a thing of the past. We'll need to talk about languages first though, and the steps involved in concisely representing meaning.

Language is both about expressing and understanding, and in either case there's a lot of machinery involved that we tend to take for granted. By prying these processes apart we might gain some insights to smarten up our code. Does your app generate output as if it learned HTML from a phrase book? Stop being a web tourist and finally become fluent!

Arne is a professional software developer focused on web development. He's been passionate about Ruby since 2006, but has only really become involved in the community after moving to Berlin in 2012. He has worked in various fields, from e-commerce for telecom, concert tickets and resale, to medical OCR/OMR applications, and has made contributions to several Free and Open Source projects. His personal interests include both natural and formal languages, and he spent the best of two years in the far east learning to speak and write Chinese.

Web + native = love

Vincent Tourraine from shazino

Blog: Github: vtourraine

The fight is over. It’s not web apps versus native apps, it’s a mobile world, and we need both. Let me tell you a bit about my experience with connected native apps, and why they are essentials. More importantly, how they can work with web apps and web services in order to build truly awesome experiences.

Vincent is a mobile developer focused on iOS, but he also builds websites from time to time. He lives in the beautiful city of Lyon and he works at Shazino, where he explores various Web Services in the name of Science. He also builds his own iOS apps at Studio AMANgA. Vincent loves looking at pixels, and things from outer space.

Ruby Franciae