This articles was published on 2017-07-17

mruby podcast interview

I have nearly forgot it but beginning of June I was interviewed by Software Engineering Daily about the implication of the bug bounty started by Shopify.


The podcast is available as mp3 and there is also a transcript.

The reason for the interview was the article I wrote about Shopify but in the end we covered quite a bit more than that. We started talking about the general use-cases of mruby and about the differences to MRI and JRuby.

I mentioned the mruby-cli project from Heruko’s Terence Lee and the JRuby launcher based on mruby called mjruby from Joe Kutner as some examples for command line applications. Also I talked about my prefered use-case of mruby, which is the integration into micro-controllers (e.g. Arduino Due).

Afterwards we went into the details of Shopify’s usage of mruby. We talked about the reason why Shopify is using mruby and why they opened a bug-bounty for it. I also mentioned in detail some of the most common bugs found by the security researchers.

A lot of the interview was then focused on how security researchers are finding bugs today. I mentioned the AFL Fuzzer and my afl-optimized mruby version to increase the fuzzing speed.

In the end we talked a bit about the differences of Ruby to other programming languages. The optimization of Ruby to solve a problem in very different ways and the complexity of the language itself, which makes the implementation quite complex but simplifies the usage at the same time.

In the original interview we also talked about C’s weaknesses and Rust as an alternative. But it seems this part was cut out of the interview for time reasons or they have an internal anti-rant policy at software engineering daily (-;