On Friday, 26 December 2014 17:56:39 UTC-5, Matt Jones wrote:
>
>
>
> On Sunday, 21 December 2014 15:55:26 UTC-5, Star Light wrote:
>>
>> https://github.com/LouHenryAlvarez/jackbox
>>
>> If it's true. It sounds like some pretty wild stuff. Anyone care to
>> comment about this?
>>
>
> Followup to my original comment: the Github page only has specs. Rubygems
> has a gem, but it's got binary components without source and obfuscated
> source (RubyEncoder). I certainly wouldn't load this code anyplace that
> wasn't heavily sandboxed. I have no evidence that it's malicious, but have
> the same amount that it *isn't*.
>
> There's some interesting ideas in there, but nothing interesting enough
> that I'd want to bring un-debuggable, un-updatable mystery code in that
> also locks me to MRI.
>
> The barrage of "announcement" posts across rails-talk, ruby, ruby-dev, and
> ruby-core certainly haven't helped make a positive impression.
>
>
A final addon: the thing doesn't even WORK. Brand-new Ruby install on a
brand-new Vagrant VM:
vagrant@precise32:~$ irb
irb(main):001:0> require 'jackbox'
TypeError: can't create instance of singleton class
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:188:in
`new'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:188:in
`block (2 levels) in decorate'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:51:in
`suppress_warnings'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:179:in
`block in decorate'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:208:in
`[]'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:208:in
`decorate'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox/examples/dir.rb:18:in
`block in <class:Dir>'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox/examples/dir.rb:17:in
`class_eval'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox/examples/dir.rb:17:in
`<class:Dir>'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox/examples/dir.rb:15:in
`<top (required)>'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:404:in
`require_relative'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:404:in
`<encoded>'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:2:in
`RGLoader_load'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/gems/2.1.0/gems/jackbox-0.9.3.1/lib/jackbox.rb:2:in
`<top (required)>'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:135:in
`require'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:135:in
`rescue in require'
from
/home/vagrant/.rbenv/versions/2.1.5/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:144:in
`require'
from (irb):1
from /home/vagrant/.rbenv/versions/2.1.5/bin/irb:11:in `<main>'
---------------------------------------
System info:
vagrant@precise32:~$ ruby -v
ruby 2.1.5p273 (2014-11-13 revision 48405) [i686-linux]
vagrant@precise32:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise
-------------------------------------
I'd add that EVEN IF THIS WORKED, it would be terrible - it's loading the
file from lib/jackbox/examples/dir.rb, which redefines - ahem, "decorates"
- methods of the stdlib Dir class to have entirely different semantics. For
instance, `Dir.new(some_path)` now writes to the filesystem...
Some of the rest, on further examination, feels like over-abstraction /
sugaring. For instance, here's how `lets` is implemented:
def lets(sym = nil, &block)
if sym.class == Symbol
define_method(sym, &block)
else
sym ? sym : block
end
rescue StandardError
raise LetsError
end
(BTW: RubyEncoder just makes this harder, not impossible. Not even
particularly difficult, once you get used to reading YARV bytecode.
RubyVM::InstructionSequence.disasm FTW!)
Digging into this, the first example for `lets` is USELESS. `lets bar
=->(arg){ arg * arg }` is actually parsed as `lets(bar = ->(arg){ arg * arg
})`. This works, but `lets` does exactly fuckall since the actual
local-variable-setting part is a side-effect of its argument.
Other fun things, in no particular order:
* attempting an install on Ruby 1.9.3 fails, since the gem was built
expecting `byebug` to be available but that gem requires Ruby 2.0.0. The
gemspec appears to be *attempting* to deal with this by including a
conditional on RUBY_VERSION, but that code runs at gem-build time, not
gem-load time. :(
* `with` appears to work by decorating `method_missing`, using
`instance_exec` on the target, and then undecorating. Bonus points if you
wondered what happens if the block exits the scope abnormally (via `raise`
or `throw`).
* the directory example reimplements Dir.exists? to do exactly the same
thing as the Ruby version, only in Ruby instead of C. This is unlikely to
be a performance issue, but it makes one wonder why it was included at all.
* disassembly of the included libraries shows additional oddities - there
are two Mach-O format libs (ext/jackbox/jackbox.so and
ext/jackbox/jackbox.bundle) and a DLL, but no corresponding library for
Linux. The OS X libraries also don't appear to DO anything - just FFI stubs
and utility functions.
* I'll leave the detailed object-oriented theory criticisms to somebody
who's passionate about it, but some of the examples seem like classic is-a
/ has-a reversals to my eye. A Spaceship isn't a fuel line, or a capsule -
it HAS those things. Mixins seem like the exactly wrong choice for that
case.
* there's a namespace whose purpose I'm still unclear on under
Jackbox::Meta::Abstract and Jackbox::Meta::DSL. Neither of the latter have
(at first inspection) any methods of interest.
* needless to say, thanks to the RubyEncoder non-security garbage, the gem
doesn't even WORK on 2.2.0.
LHA, if you're reading this, you've got some interesting ideas. You need to
work on packaging and presentation, though - shipping useless binary
extensions and obfuscated source isn't going to endear you to many people.
It would be a great deal easier to discuss these ideas without having to
trawl through YARV disassembly.
--Matt Jones
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/f9156a84-6a9a-4d96-8d68-3e2628ea6373%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
