# Often, Less is Better!

When I was learning Ruby, I was searching for things that could be improved. I was looking for ways I could make things better. One of the areas I was involved in was testing. This should come as no surprise. If you are writing Ruby code, you need to be writing tests. The exact order in which this is done is not my point. Just that tests must be written and run frequently. Here is a typical test run using the minitest facility:

To my mind, this was not communicating that true progress of the tests. Consider: What version of minitest was in use? What files were being processed? How many tests were in each of those files? Most of all, why does this output look so boring?

Yes; boring! So being bored I thought: Surely I can do better! I came up with a gem I call minitest_visible to spruce things up. Here’s what its output looks like:

Much better! Clearer! Nice progress! and so entertaining? Well at least I thought it was a big improvement. It would seem that not many people shared my view. I can see their points. Notice that the bottom line is the same in both cases:

21 runs, 92 assertions, 0 failures, 0 errors, 0 skips

This result line is what counts. These are tests, not video games. They should test the code without a lot of bells and whistles and let you get on with the real work.

I was also told that my little gem did not fit in with the minitest ecosystem. I asked what was meant by this but I never got a reply. I suppose somebody was channeling their inner Linus Torvalds of rudeness that day. I’ll never know. It also does not matter.

I have finally come to realize that the critics were right. The best answer is to keep things as simple and lean as possible. No being fancy; no showing off. To that end I have worked to remove the minitest_visible augmentation from almost all of my work.

Affected gems are: composite_rng, counted_cache, fibonacci_rng, flex_array, format_engine, full_clone, full_dup, fully_freeze, in_array, insouciant, lexical_analyzer, make_gem, mini_erb, mini_readline, mini_term, mysh, parse_queue, pause_output, safe_clone, and safe_dup. The exception is the fOOrth gem experiment that has so many test files that it would be hard to sort out what was happening without a little help. At least for now.

Now these gems can be used by others without the hassle of having to install a non-standard testing extension.

Is less more? I’m not sure. Is less better? Very often, yes it is.

Peter Camilleri (aka Squidly Jones)

# Updating Dependencies

There are things you don’t want to see when you review your code. Here’s one:

What’s worse, this message was hard to track down. There was no way (that I found) to have GitHub tell me about all the code that was affected. I’d have to check each one manually until I had found and fixed them all.

I had several things going for me. The alerts were all caused by one thing; the discovery of a bug in the “rake” gem. Here’s one version of the bug report I found:

It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands.

USN-4295-1: Rake vulnerability

Now, in theory, one could do an in depth analysis of this bug and conclude that it has no impact on your code. I do not recommend this approach. I would not have confidence that I could see all the devious ways this fault could be exploited. Further, I know I cannot possibly predict every move by the criminals. That is why I will now focus on ensuring that my code specifies a version of rake that does not have this defect. That is we need to specify versions of rake with version greater than or equal to 12.3.3.

I write Ruby Gems and for those gems, dependencies are specified in the <gem_name>.gemspec file. Let’s see some rake dependency entries and see how they stack up to our security requirement:

This was the dependency entry that generated my alert messages. To translate into plain English, it says that any version of rake is OK, so long as it was version 10.something. The last such release was 10.5.0 which clearly has the bug and thus generates a warning. This entry clearly must be replaced.

Now many of my Ruby Gems had the following entry that did not result in a warning, but still leaves something to be desired:

This entry says to accept any version of rake so long as it was version 12.something. The last such release was 12.3.3 which is clear and free of the bug! So, yes, this is much better, but it suffers from the fact that it limits rake to version 12. Version 13 is already out and forcing the use of an older version may not be a good idea. I chose to replace these entries as well.

So, we now examine the simplest and most permissive specification:

This translates to anythings goes, but use the very latest if it’s not already installed. This is very simple, it generated no warnings, and it can get the latest. It will also settle for much older versions, including those with the bug. This too must be updated.

This is the entry recommended for use by the alert:

This translates to “Anything from 12.3.3 or later”. This ensures that we will not use older versions of (buggy) code, and that we won’t exclude newer versions of code either.

Now there may be legitimate reasons to stick to older code. I know there are working web sites using ancient versions of rails running on equally old versions of ruby. Even so, there are (too many to list here) real risks to running obsolete code. If at all possible, keep up-to-date. It may require some effort, but it is worth it. Test your code with newer versions before pushing them out into the wild. If problems/issues arise, fix them and update your dependencies. This usually can be accomplished in a modest amount of time. If it can’t then you need to lock in the obsolete code dependencies and take a serious look at re-engineering your application.

In the end, everything needs maintenance. The reason we all avoid gems that have gone many years with no updates is that we know that nobody is tending house. I was caught by surprise and it is hard to anticipate what the next disruption will be, but by defensively coding, the risk can be reduced.

Finally let me take a moment to list which of my gems needed to be updated due to this issue. If you have a current, safe version of rake installed, you need do nothing even if you are using these gems: composite_rng, connect_n_game, counted_cache, fibonacci_rng, format_engine, format_output, full_clone, full_dup, fully_freeze, in_array. insouciant, lexical_analyzer, make_gem, mini_erb, mini_readline, mini_term, mysh, parse_queue, pause_output, ruby_sscanf, safe_clone, safe_dup, test65, and vls. In addition, fOOrth, games_lessons, and rctp were updated but the changes are currently part of unreleased code.

Yours Truly

Peter Camilleri (aka Squidly Jones)

# Survey Results: Introduction [Updated]

In April of this year, I completed gathering the raw data for my survey of gem downloads from my postings at the RubyGems web site. In the past, I have published progress reports at the 12 week and 24 week progress points. I am glad that the data collection is finally done. I admit, that it was only about an hour a week, but after several months it began to take on a level of tedium and boredom.

To be clear, data was collected for all 52 weeks, however, the data for week, 41, was lost in system crash. The data for that week is interpolated from the data of weeks 40 and 42.

The \$65,536 question is WHY? Data collections and studies are are a lot of work and normally only undertaken with a goal in mind. My goal was simply to understand who was downloading the Ruby code I was writing and giving to the world. Unlike really popular authors, I did not have the luxury of looking to see thousands of downloads a day. My numbers were quite meager. My hypothesis was that by gathering detailed data, over a reasonably long span of time, some truths could be gleaned from that data that would reveal the nature of the user base. That is, assuming such a user base even existed.

You see, my fear is that I am just a crazy lunatic, working away in complete isolation, writing code that nobody will ever read. Just thinking about this scenario makes breathing difficult and causes my gut to twist and contort painfully.

The data itself reveals a brighter side. While subtle, there are some signs that there real are people out there at least looking at this code, and maybe incorporating it into their own projects.

There is a lot of data, too much for this blog or any single posting. In the coming days, I plan a number of articles looking at the data and coming to some concrete conclusions about Ruby Gem downloads and how to gage the success of a code release and maybe some tips for success in the world of software components.

Best regards

Peter Camilleri

ps: My library of gems can be found at Ruby Gems and the source code is at GitHub.

For the 24 week report there are two main data findings. A graph of individual, cumulative downloads for each gem for 24 weeks and a graph of the weekly downloads for all gems for the same period.

I have collected 24 weeks of data, so here is the graph showing the rate of downloads.

If you look, you will see that the slopes of the lines vary. Some lines are very flat, while others are sloped upward at a much sharper angle. This means that the rate of downloads is also different.

The weekly, combined results show that the rate of downloads is anything but constant. The valleys seem to correspond to periods this summer when large numbers of people would be on vacation (Not me of course; I’m never/always on vacation)

The spiky peaks do tend to correspond to times when large numbers of gems were mass updated. This is especially the case for the last and fourth from last points where a code of conduct and changes to the mini_readline gem were propagated to most of the gems. This is clearly indicative of automated downloading.

This study shall continue. I estimate that the next posting on this matter will be one to study an entire year’s worth of data.

Until then, Many Thanks and Best Regards;

Peter Camilleri (aka Squidly Jones)

# Announcing the vls utility.

One of the joys of modern programming is the ability to utilize external code libraries to speed up development, saving time, and reducing wasted effort. The Ruby language is especially blessed in this regard with its system of code gems. Instead of the narrow minded NIH (not invented here) mindset, the world has become our tool chest.

There is, however, a downside to this modular nirvana. Versioning! To be precise: Am I using the correct version of each (and every) little code gem? This problem goes back all the way to the old Visual Basic days. Back then it was called DLL Hell, as developers struggled to maintain a myriad of cryptic, often poorly documented binary files.

Now Ruby does have the bundler utility that allows gem versions to be specified, but what if you simply want to know: When I use this application, what modules/classes are being used?

The vls utility answers that question. To use this simply enter:

`\$ vls <names>`

where names are a list of gems/files to be required before the modules are listed. Here, see an example of this in action:

```\$ vls fOOrth
vls (VersionLS): 0.1.0

Bignum, 0.0.5
Complex, 0.0.5
Date::Infinity, 0.0.5
FalseClass, 0.0.5
Fixnum, 0.0.5
Float, 0.0.5
FormatEngine, 0.7.2
FullClone, 0.0.5
Gem, 2.2.2
InArray, 0.1.5
Integer, 0.0.5
NilClass, 0.0.5
Numeric, 0.0.5
Rational, 0.0.5
Regexp, 0.0.5
RubySscanf, 0.2.1
SafeClone, 0.0.3
Symbol, 0.0.5
TrueClass, 0.0.5
XfOOrth, 0.6.1```

The vls gem may be found at: https://rubygems.org/gems/vls and the source code lives at: https://github.com/PeterCamilleri/vls.

Yours Truly

Peter Camilleri (aka Squidly Jones)

# The Clone’s Family Tree [Updated]

In Ruby, most data is accessed by reference. That is, variables contain a sort of hidden pointer to the data, not the data itself. This is very efficient but has a hidden trap. Assignment does not copy the data. It only copies the reference! Consider the following snippet of code:

```a = 'foo'
b = a
a << 'bar'
puts b```

What do you think the “puts b” statement will print? Turns out it’s “foobar”. Since only references were copied, when the original variable (a) was modified in the third line, both variables (a and b) were “mutated”.

So how does one copy values and not just references? The Ruby programming language has two methods for duplicating data. These are “dup” and “clone”. While these methods are quite useful, they both suffer from two shortcomings:

1. In Ruby, if an attempt is made to clone (or dup) an immutable data item like a number, an error occurs. The justification for this uncharacteristic strictness is not at all clear, but it does mean that the clone (or dup) operation must be applied with great care.
2. The copying process used by both clone and dup is said to be a shallow (or incomplete) copy. While the target data structure is copied, any internal data structures are not. References to those data remain aliased in the copy.

I started off to create a gem to resolve these issues. I ended up creating a family of  four gems that are tailored to the exacting data copying requirements of the application. Here is a summary of those gems:

 Depth / Action Need to copy all data and metadata attributes? Need to copy data only? Only need a shallow copy? Use the safe_clone gem. Use the safe_dup gem. Need a full, recursive copy? Use the full_clone gem. Use the full_dup gem.

Notes:

• Since none of these gems override the default clone and dup methods, the default behaviors remain available. Further, if multiple, differing requirements exists, more than one family member gem may be employed in the same project without fear of conflict.
• If multiple family gems are employed, they will each need to be installed and required into the application. See each gem’s github source for details.
• Meta-data attributes include the frozen status and singleton methods. However the tainted status is always copied.

I hope you find these little gems as useful as I have found them to be. I you like them, give the code repository a star as a sign of approval!

Yours Truly

Peter Camilleri (aka Squidly Jones)

# fOOrth

It is with great pleasure that I am finally able to announce the release the initial beta of the fOOrth programming language system version 0.5.0. This language, written entirely in pure Ruby is released both as a Ruby gem and in Source Code on github.

So, what exactly is the fOOrth programming language system anyway? The source code repository has this to say about the project:

The fOOrth language is an experimental variant of FORTH that attempts to incorporate object oriented and functional programming concepts. It also tries to extrapolate an alternate reality where FORTH was not frozen in the past, but continued to grow and develop with the times. Above all this project is the result of nearly 30 years of thought on the design of threaded compilers and languages with simplified grammars and syntax.

Also included in the docs folder are a User’s Guide and Reference in both open office and PDF formats.

A lot of work and effort has gone into this personal labour of love. For example, I have discovered that writing good documentation is a lot harder than it looks. It is certainly harder than just writing code. I have also found however that having to explain what is going on in plain, simple, and easy-to-understand terms has resulted in many improvements to the code that would not have happened otherwise. In effect, it served as a sober, detailed review of the code being generated.

This is still only a beta, and there is still a great deal more work to do. I hope you find it useful or at least interesting. If you like what you see, give the code a star to show your support. Suggestions, comments, complaints and ideas are always most welcomed.

Yours Truly

Peter Camilleri (aka Squidly Jones)

# The redesigned minitest_visible gem (v0.1.0)

Just because code works, doesn’t mean it’s the correct code. A case in point is my own minitest_visible gem. This little bit of Ruby code adds simple progress tracking to the testing process. In any programming, and especially in a  dynamic language like Ruby, testing is vital. So is having faith in those tests.

Now the standard minitest testing system is awesome! It is full of helpful methods for confirming the correctness of code. It is however a little terse regarding progress. That is where minitest_visible comes in. When used, it lets you know the version of minitest being used and prints out the name of each test file as it is processed.

A fairly simple task. Yet, when I came up with the first version of this code, it was clunky and ugly, but it worked. I suppose I had other matters pressing at the time, but I let things stand at “good enough”

Recently, I began to think that there must be a way to make the code better, cleaner, and easier to use. It seems that I have indeed learned some stuff in the last year because I am now writing about a new version that is far simpler and streamlined.

OK, let’s be clear: The old way of doing things is still supported, but prints out a message about the needed changes. Test still pass though so disruption and panic should be minimal.

The new minitest_visible can be found https://rubygems.org/gems/minitest_visible and the source code is at https://github.com/PeterCamilleri/minitest_visible.

Yours Truly

Peter Camilleri (aka Squidly Jones)

# A Double Bill!

Having just announced format_engine version 0.4.0, things seem to be speeding along as I now announce format_engine version 0.5.1 and ruby_sscanf version 0.1.1.

These two gems are rather tightly coupled. The ruby_sscanf gem uses the capabilities of the format_engine to create a Ruby translation of the POSIX ‘C’ sscanf routine. This allows a formatted string to be processed into the data elements contained within. The new version of the format_engine is required to add some features required by the ruby_sscanf gem.

I thought a great deal about the idea of merging the ruby_sscanf gem into the format_engine, but in the end, concluded that they did different things despite the high degree of coupling. Further, ruby_sscanf modifies (or monkey patches) the base String class, and that was something that might not always be desired. So two separate gems.

These may be found at:

I hope all Ruby programmers find these programming tools to be useful.

Yours Truly

Peter Camilleri (aka Squidly Jones)

# Hidden Traps: Floating Point Math.

As a life long programmer, I’ve programmed a lot of calculations over the years. Yet, I was recently astounded to hear expressed the opinion that “Computer computations are error free and flawless”. The reasons that this is not (and never will be) the case are fairly deep and fundamental.

Mathematics routinely deals with matters of the infinite like the infinite digits in the value of the famous irrational number π (called pi). Engineers and computers on the others hand live in a world of the finite: finite memory, finite processing power, and finite time. The IEEE standards for computer arithmetic are marvels of ingenuity. They are also a compromise between the needs of speed, storage, and accuracy.

Let’s see a real example and test the associative property of addition. This crucial, fundamental rule of math says that:

$(a+b)+c = a+(b+c)$

Now lets try to program this. We’ll use Ruby for brevity, but the results would be the same for virtually any programming language that uses the computer’s floating point hardware.

a = 1.0e20
b = -1.0e20
c = 1.0

puts “(a+b)+c = #{(a+b)+c}”
puts “a+(b+c) = #{a+(b+c)}”

The output of this little snippet of code is:

(a+b)+c = 1.0
a+(b+c) = 0.0

The two results should be the same but they’re not. In one case, the use of a finite amount of memory to represent the numbers has caused an important “bit” of data to fall off the “end” and be lost. Addition in computers is not always associative.

Are there ways around this? Sure, you can improve things. In Ruby I can switch from Floats to Rational data, and this problem mostly goes away. The new program will consume more memory and take longer to run. Eventually, if the required precision becomes excessive, the program will slow to a crawl and/or run out of memory. Processing power and memory remain finite no matter how sophisticated the tools we use.

The moral: Know your math, yes, but realize that computers can’t do math, they can only approximate it! So know the limitations of your tools too.

Yours Truly

Peter Camilleri (aka Squidly Jones)