[Pdx-pm] Ruby on Rails exploit

Ben Prew ben.prew at gmail.com
Wed Jan 9 13:39:11 PST 2013


On Wed, Jan 9, 2013 at 1:32 PM, Michael G. Schwern <schwern at pobox.com> wrote:
> On 1/9/13 12:02 PM, Nathan Williams wrote:
>> For most of the folks who settle on the frameworks, I think the motives
>> tend to center around using a common code base that developers are
>> familiar with (most developers these days tend to change projects ever
>> year or so), and the ability to get running quickly, where most of the
>> scaffolding is done for you, and your team can immediately get to work
>> on the bits that make your project unique.
>> These are understandable motivations, but I think a lot of folks get
>> caught by the consequences down the road when things go off the tracks
>> and no-one knows why.
> I'm sure C programmers were moaning the same refrain at Perl 25 years ago.
> Could your average, or even above average, Perl programmer debug the
> regex engine or write a meaningful C program?  Have they even looked at
> the Perl source lately?  Do they pour over the code of every CPAN module
> and all the modules they depend on?
> Computing is made of layers. Stacking them up and trusting they're
> reliable is what allows us to progress.  We're lucky if we understand
> and give any attention to even one layer down.
> Its short sighted and hypocritical to become righteous when
> $num_layers_i_am_comfortable_with + 1 has a glitch.
> _______________________________________________
> Pdx-pm-list mailing list
> Pdx-pm-list at pm.org
> http://mail.pm.org/mailman/listinfo/pdx-pm-list

More information about the Pdx-pm-list mailing list