[Pdx-pm] Ruby on Rails exploit

Michael G. Schwern schwern at pobox.com
Wed Jan 9 13:32:33 PST 2013

On 1/9/13 12:02 PM, Nathan Williams wrote:
> For most of the folks who settle on the frameworks, I think the motives
> tend to center around using a common code base that developers are
> familiar with (most developers these days tend to change projects ever
> year or so), and the ability to get running quickly, where most of the
> scaffolding is done for you, and your team can immediately get to work
> on the bits that make your project unique.
> These are understandable motivations, but I think a lot of folks get
> caught by the consequences down the road when things go off the tracks
> and no-one knows why.

I'm sure C programmers were moaning the same refrain at Perl 25 years ago.

Could your average, or even above average, Perl programmer debug the
regex engine or write a meaningful C program?  Have they even looked at
the Perl source lately?  Do they pour over the code of every CPAN module
and all the modules they depend on?

Computing is made of layers. Stacking them up and trusting they're
reliable is what allows us to progress.  We're lucky if we understand
and give any attention to even one layer down.

Its short sighted and hypocritical to become righteous when
$num_layers_i_am_comfortable_with + 1 has a glitch.

More information about the Pdx-pm-list mailing list