Rubygems Issues For Mac

How do I install RubyGems on my Mac? I tried to run $ gem install rubygems-update with no luck. It returns ERROR: While executing gem. (Gem::FilePermissionError) You don't have write. While you might be tempted to stick with that, you probably shouldn't for a couple reasons: Old versions of the OS shipped with a buggy version of Ruby RVM provides the flexibility to use any version of Ruby that you require. Plus, if you're just starting out with Ruby, don't use an old version; you want 1.9.2! Mac service and repair. Learn about AppleCare+ and the Apple limited warranty coverage, start a service request for your Mac, and find out how to prepare your Mac for service. RubyGems Upgrade Issues gem update -system is disabled on Debian. RubyGems can be updated using the official Debian repositories This is due to using apt-get install rubygems. The Mac mini is a desktop computer made by Apple Inc. It was introduced in January of 2005. It is uncommonly small for a desktop computer, and its external power supply is roughly one third of the size of the computer itself.

I recently brought a new Mac Book Pro and will be using it as my primary machine. I had to set up Ruby on it. This included Ruby, Rubygems, and RVM. While Mac 10.5 OSX and higher come with Ruby 1.8.7 pre-installed I wanted a later version.

I also installed the Rails Framework and encountered a problem when I tried to run my first Ruby on Rails App. While searching for help online I ran across this pretty nifty tool “JewelryBox” on Stackoverflow.

JewelryBox helps lessen your use of the Terminal when installing Ruby. So where I performed system updates and installations for Ruby, Rubygems and RVM, JewelryBox would have installed and managed them all for me. Jewelry Box also provides me with the different versions and all I would have had to do was click once to install the desired version of each.

Obs studio for mac 10.9.5. See other features below:

As with any product JewelryBox comes with “support issues”.

The website mentions the following:

Rubygems Issues For Mac

For the current version of JewelryBox you must be running OSX 10.7 Lion or newer as 10.6 is no longer supported. If you wish to use JewelryBox on OSX 10.6, you can download JewelryBox v1.3. However using RVM 1.17 or newer with JewelryBox v1.3 can possibly result in crashes. So you just have to be aware of these issues when making the decision on whether or not JewelryBox is for you.

Below is a list of the defects and features on github: Quicktime 7.3 1 pro mac download.

While i’m still working on my Rails issue finding JewelryBox in the process was a nice treat. As I have installed it and started using it mostly for keeping my gems up to date.

Ruby developers beware: a would-be cryptocurrency thief is out to get at your digital wallet, and they’re using typosquatting code to do it.

Issues

Typosquatters use misspellings of popular names to misdirect victims into using the wrong thing. It’s been a problem for websites for years, but it’s becoming an increasing issue for software developers too. Rather than reinventing the wheel by writing their own code to handle common tasks, they write it once as a software package and upload it to repositories. These repositories contain thousands of packages for developers to download. The upside is that it accelerates software development. The downside? Developers don’t often known exactly what those packages are doing.

Security researchers at threat detection company Reversing Labs found typosquatters had uploaded a malicious package in RubyGems, which is a repository serving the Ruby programming language.

You can install a RubyGems package – known as a Gem – by typing gem install followed by the package’s name on the command line. Attackers take advantage of this by copying a legitimate package, inserting some malicious code, and then uploading it again with a similar name to target fat-fingered programmers. In this case, the author had engineered the package to steal victims’ cryptocurrency.

Reversing Labs is no stranger to malicious packages, although they’ve tended to be in the Python package repository PyPi and the NPM Node.js repository. It found a typosquatting package after analysing the entire PyPi repository in July 2019. It also found a password stealer in the NPM repository last year after a similar scan.

This time it honed its approach by finding the most popular Ruby gems and then monitoring the RubyGems repository file for new files that used misspellings of the legitimate packages, it flagged those for further analysis and dug into their code. It found over 700 packages containing a file with executable code using the same name: aaa.png. This was suspicious, because .png extensions indicate image files, not executable ones.

The most downloaded Gem in this group was atlas-client, which had been downloaded about a third as much as the legitimate atlas_client Gem.

The booby-trapped Gem includes a script that activates if it’s running on Windows. If so, the script renames the file aaa.png to a.exe and runs it.

The a.exemalware file monitors the Windows clipboard for text that looks like a cryptocurrency address, something that is very likely to appear in the clipboard via Ctrl-C just before the user performs an online cryptocurrency transaction.

The sniffed-out cryptocoin address is then replaced in the clipboard itself with one belonging to the attackers, so that if a user subsequently pastes the address into the “send the money here” field on a cryptocurrency transaction page, then the crooks will receive the payment instead.

The malware also adds an entry to the Windows registry to make sure it gets reloaded when Windows starts up, for what’s known as persistence, meaning that the malware survives a logout or a reboot.

Although we’ve seen cryptocurrency crimes carried out via the clipboard before, this attack is pretty niche, according to Reversing Labs. It only works against Ruby developers using Windows machines making bitcoin transactions. Perhaps that’s why the address used in the attack had no transactions at the time of writing.

Rubygems Issues For Mac Catalina

The attacker is persistent, though. Judging by the use of just two user accounts in RubyGems and the common filename, they were probably responsible for most of the malicious gems, said Reversing Labs. It also noted that the file names had turned up in other attacks on RubyGems in the past.

The RubyGems security team has removed all the affected packages from its repository, but Ruby developers should check the list of malicious packages to ensure that they’re not running dodgy code.

These supply chain attacks have been a perennial problem for other repositories too. Another researcher also discovered a cryptocurrency-stealing package that used typosquatting in the Python PyPi repository in October 2018, and ten packages cropped up in 2017. Attackers have also targeted NPM repeatedly over the years, most recently in January.

Questions / Discussion Area - RubyGems.org Support

Latest Naked Security podcast

LISTEN NOW

Rubygems Issues For Mac Os

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.