Zack Hobson

SSL and Ruby, part 2 Monday February 10, 2014

Recently I wrote about an issue with Ruby and SSL that was publicized by Jeff Hodges. Mr. Hodges has uncovered what seems like a fairly serious issue: Known insecure cipher suites and other options are being used by the OpenSSL bindings that ship with Ruby. In my original article I asserted that updating Ruby to the most recent version of OpenSSL will fix this issue, but this is not actually the case! There is still no officially published fix at the time of this writing, but there are ways you can fix this in your own Ruby installation, if you’re so inclined.


SSL and Ruby Thursday January 23, 2014

Update: Jeff Hodges has corrected a statement in this post about the most recent OpenSSL providing secure defaults in Ruby. The error was my fault, I misread part of the email thread in question. A follow-up post is in progress, but I’ve corrected this post in the meantime.


New features and fixes in HCl 0.4.x Monday December 23, 2013

HCl has always just been about scratching an itch. I’d built it years ago when I needed to track my hours, and stopped maintaining it when I got a gig that didn’t. In the late summer I started using Harvest again on a client project, and the experience made me realize that HCl still needed some work. The result was several weeks of bug-fixing and enhancements.