[Pdx-pm] Ruby on Rails exploit
Nathan Williams
nathan at nathanewilliams.com
Wed Jan 9 12:02:13 PST 2013
I side with this perspective as well; overall, I tend to have a negative
reaction to the "frameworks", as their use requires relying on someone
else's determination concerning 'best practice'.
On the flip side, I see some advantage to communities using common
components and working together to enhance them, whether that be
security issues or new features... It's definitely something to give
thorough consideration to before launching a project.
For most of the folks who settle on the frameworks, I think the motives
tend to center around using a common code base that developers are
familiar with (most developers these days tend to change projects ever
year or so), and the ability to get running quickly, where most of the
scaffolding is done for you, and your team can immediately get to work
on the bits that make your project unique.
These are understandable motivations, but I think a lot of folks get
caught by the consequences down the road when things go off the tracks
and no-one knows why.
Node.js is a whole different beast, and I decline to comment on the
intelligence of giving frontend engineers control over server-side
processes.
-- Nathan W
On 01/09/2013 03:02 AM, Ronald Chmara wrote:
> There is raw code. That's usually C. Then there are macro
> pseudo-language extensions, like C++ and Java, built upon that code.
> On top of that, there are scripting things, like Perl, PHP, Python,
> Ruby, etc. Stacked on top of that are things like "frameworks" and
> "MVC" and other useless crap like Rails and Node.js, which are to
> programming like an "oil-change technician" is to a "internal
> combustion engine engineer".
>
> </rant>
>
> -Bop
>
>
> On Tue, Jan 8, 2013 at 8:58 PM, Keith Lofstrom <keithl at gate.kl-ic.com
> <mailto:keithl at gate.kl-ic.com>> wrote:
>
> Via my ISP:
>
> http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/
> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
> <https://groups.google.com/forum/#%21topic/rubyonrails-security/61bkgvnSGTQ/discussion>
>
> I don't run Rails, but a lot of sites do. I wonder if my bank does?
>
> Keith
>
> --
> Keith Lofstrom keithl at keithl.com <mailto:keithl at keithl.com>
> Voice (503)-520-1993 <tel:%28503%29-520-1993>
> _______________________________________________
> Pdx-pm-list mailing list
> Pdx-pm-list at pm.org <mailto:Pdx-pm-list at pm.org>
> http://mail.pm.org/mailman/listinfo/pdx-pm-list
>
>
>
>
> _______________________________________________
> Pdx-pm-list mailing list
> Pdx-pm-list at pm.org
> http://mail.pm.org/mailman/listinfo/pdx-pm-list
More information about the Pdx-pm-list
mailing list