04 Feb '13, 4pm

For those concerned about @padrinorb in the light of current security issues, here is a blog post for you:

Rails and the Ruby community had their fair share of security vulnerabilities in the recent days. Where does that leave Padrino users? In short: You are safe, unless you explicitely activated some form of parameter parsing that either parses YAML directly or uses XmlMini when accepting requests or parsing responses from backend sources. Currently, some security issues plagued the Rails community. The most dangerous is CVE -156 , which is present in almost all Rails installations. Default Sinatra and Padrino are unaffected, see this discussion on the Sinatra mailing list for details. All hints given there are true for Padrino users as well. If you are using any of the Rails components in question either directly or through dependencies, you should upgrade them. The most important components in question are YAML (both Psych and Syck) or XmlMini. Popular projects using them a...

Full article: http://www.padrinorb.com/blog/sleep-well-yaml-vulnerabili...

Tweets

Anatomy of an Exploit: An In-depth Look at the Rails YAML Vulnerability

Anatomy of an Exploit: An In-depth Look at the ...

rubysource.com 04 Feb '13, 2pm

Exploits happens, and this month the Rails and Ruby communities have seen no shortage. From a major exploit in Rails to a ...

BLOG \ Faces Of Disneyland

BLOG \ Faces Of Disneyland

smashpop.net 05 Feb '13, 1am

Part 1: To Hongkong I Go! Part 2: Awesome Lunch at Disneyland Hotel After the lunch, we embarked into a magical journey in...

Blog Filler #07

Blog Filler #07

vvens.com 04 Feb '13, 12pm

Post navigation ← Previous Blog Filler #07 Posted on February 4, 2013 by vvens Share This entry was posted in FTW! by vven...

YAML's security woes are way bigger than Rails ...

yaml.org 02 Feb '13, 9pm

This document reflects the third version of YAML data serialization language. The content of the specification was arrived...

Well, this is terrifying:

Well, this is terrifying:

ace.mu.nu 16 Feb '13, 12am

« Harrison Ford Slated to Reprise His Role as "Han Solo" in Star Wars VII, for a Compensation Package Rumored to Include P...

7 New Ideas for Valuable B2B Blog Posts

networksolutions.com 04 Feb '13, 3pm

This entry is part 1 of 1 in the series 7 New Ideas for BtoB Blog Posts 7 New Ideas for BtoB Blog Posts 7 New Ideas for Va...

Follow the companies you want to work for on so...

clearedjobs.net 04 Feb '13, 12pm

Keeping yourself relevant, fresh and up-to-date can be a part-time job. But spending just 15-30 minutes per week on Linked...

[ruby-list:49181] [ANN] Ruby 1.9.3 patchlevel 3...

ruby-lang.org 06 Feb '13, 1pm

diff --git darkfish.js darkfish.js index 4be722f..f26fd45 100644 --- darkfish.js +++ darkfish.js @@ -109,13 +109,15 @@ fun...

Ad Program Launches March 31, Current Holders G...

thedomains.com 01 Feb '13, 11pm

The Search.XXX Ad Program is scheduled to launch by March 31, 2013. Search.XXX launched last year as a search engine for ....

When you're networking ask "What is the typical current pay range for x position." #military

When you're networking ask "What is the typical...

clearedjobs.net 30 Jan '13, 3pm

May is National Military Appreciation Month. Each day this month we highlight articles to aid transitioning military in th...

Ruby 1.9.3 p385 (includes a security fix) is re...

ruby-lang.org 06 Feb '13, 1pm

Now Ruby 1.9.3-p385 is released. This release includes a security fix about bundled RDoc. See this page for details. And s...

Blog Untuk Semua via @denaihati

Blog Untuk Semua via @denaihati

denaihati.com 03 Feb '13, 6am

Assalamualaikum dan Salam 1Dunia, seperti yang diumumkan dalam group Denaihati Network satu entri review blog terpilih yan...

Even if you don't use Ruby or Rails, embedding ...

alistapart.com 08 Feb '13, 6pm

Look for analytics providers and other folks on that list who have instructed you to embed JS on your website. If I do thi...

Blog: Six Israeli Security Chiefs Stun the Worl...

anwaribrahimblog.com 31 Jan '13, 6pm

Six former heads of the Shin Bet, Israel’s secretive internal security service, have spoken out as a group for the first t...

“Programmer Bob”: Latter-Day Tom Sawyer or Mass...

spectrum.ieee.org 31 Jan '13, 7pm

At first I thought this was one of those IT urban legends, like the “disappearing warehouse ” story, but according to Veri...