Rails releases 1.1.6, with better disclosure

Discussions

News: Rails releases 1.1.6, with better disclosure

  1. Ruby on Rails has released version 1.1.6 one day after 1.1.5, noting that 1.1.5 only partially closed the security hole, which was the ability to execute arbitrary code stored on the filesystem through "a bug in the routing code." The group also posted patches for older versions, for sites that can't arbitrarily upgrade. 1.1.6's release process is much more open. What can we take from this whole episode?
    1. Ruby on Rails isn't perfect. For those saying it's a "silver bullet" for even simple applications, the security flaws highlight that it's not a good idea to install software without evaluating it seriously, no matter how shiny and appealing it is.
    2. The release of 1.1.6 included "full disclosure," a vast difference from the release of 1.1.5, which only commanded that users upgrade. This is a good process for all projects, because the openness fosters trust for future issues and also offers system administrators data so they can evaluate what they need to do.
    What other things can you take away from the whole issue? Wouldn't it be nice if all products followed such full disclosure, commercial or not?

    Threaded Messages (59)

  2. ahem[ Go to top ]

    TheServerSide.COM Your Enterprise Java Comunity.
  3. Re: ahem[ Go to top ]

    TheServerSide.COM Your Enterprise Java Comunity.
    True. But there are two reasons I felt this was worth posting here:
    1. "Enterprise" is larger than just Java
    2. There's a good takeaway from the RoR group's behaviour with the release of 1.1.6.
    I think RoR is worth keeping an eye on, because it's very successful and very useful. Plus, it's affecting how enterprise Java is being developed, for what it's worth.
  4. Re: ahem[ Go to top ]

    Then start a ROR board like you guys did for .NET Posting ROR stuff here is just to start flame wars.
  5. Re: ahem[ Go to top ]

    I think RoR is worth keeping an eye on, because it's very successful and very useful. Plus, it's affecting how enterprise Java is being developed, for what it's worth.
    There is something I have been puzzling over for a while, and I would be interested if anyone can point me at any resources that might help. RoR is certainly influencing Java and other languages, and there are areas where it is useful, but how does anyone really tell if it is currently successful? There are many well-known developers using it and trying it out, and there is a lot of news about it, but does this mean it is really widely used? On IT jobsites, it barely registers. On the TIOBE index, Ruby barely makes it above Visual Foxpro. If these aren't appropriate measures of use, what are? I would be interested in how people get a feel for the use and success of a language.
  6. blah..[ Go to top ]

    if you ask RoR users, all world already switched to it ;). seriously, i believe there will be projects using RoR here and there (mostly small, or pure web front-end oriented apps) but nothing more to expect for a while.. it has the burden of slowness of Ruby , lack of developers (comparing with others in the market), lack of mature IDE and lib and maybe not so important but big company support. dynamic languages also does not suit to all developers's taste .Net shops will most likley not give a try to it , Maybe that is why RoR guys always try to lure Java developers instead. also there is no alternative to RoR in Ruby.. sort of a vendor lock in ;) this kind of extremely critical errors should not happen frequently in mature applications, i think this is the curse of dynamic languages. power brings responsibility but developers are lazy.. one day we will notice most time lost in a product is actually the GUI and web is a horrible environment for it.. oh well. enough rant.
  7. Re: ahem[ Go to top ]

    I had previously asked why Ruby had been sleeping all this time and now suddenly people realize how good it is. If it took 10 years for people to realize this, it is kind of "suspicious" to me. So suddenly it is great, so quickly it is competing with Java. I look at RoR as the "proof of concept" in programming with Ruby. But to conclude anything from that is quite narrow minded and populistic.
  8. Re: ahem[ Go to top ]

    I think RoR is worth keeping an eye on, because it's very successful and very useful. Plus, it's affecting how enterprise Java is being developed, for what it's worth.


    There is something I have been puzzling over for a while, and I would be interested if anyone can point me at any resources that might help. RoR is certainly influencing Java and other languages, and there are areas where it is useful, but how does anyone really tell if it is currently successful? There are many well-known developers using it and trying it out, and there is a lot of news about it, but does this mean it is really widely used? On IT jobsites, it barely registers. On the TIOBE index, Ruby barely makes it above Visual Foxpro. If these aren't appropriate measures of use, what are? I would be interested in how people get a feel for the use and success of a language.
    How about books? http://www.amazon.com/s/ref=br_ss_hs/104-3402640-0649536?platform=gurupa&url=index%3Dblended&keywords=ruby+rails No flames please, I'm just suggesting that a lot of "get to know technology X in Y days" type of books from multiple publishers tend to show some growth and adoption of a technology. I remember in the roaring' 90's watching the Java books soak up more real estate at Barnes and Noble. Of course I also watched as they got squeezed back down to one small section. Anyway, just a thought. ______________ George Coller DevilElephant.
  9. Re: ahem[ Go to top ]

    I remember in the roaring' 90's watching the Java books soak up more real estate at Barnes and Noble. Of course I also watched as they got squeezed back down to one small section.
    Perhaps, but surely this is evidence that such book volumes might not be a good indication of things, as there is no sign of any decline in Java use. Book volumes certainly indicate interest, but do they relate to actual use? I don't know.
  10. Re: ahem[ Go to top ]

    I remember in the roaring' 90's watching the Java books soak up more real estate at Barnes and Noble. Of course I also watched as they got squeezed back down to one small section.


    Perhaps, but surely this is evidence that such book volumes might not be a good indication of things, as there is no sign of any decline in Java use. Book volumes certainly indicate interest, but do they relate to actual use? I don't know.
    From where I stand, book volumes indicate in which phase of the hype cycle you're in. Sometimes, technologies/books don't get out of the trough of disillusionment :o) When you start reaching the plateau of productivity, you don't need thousands of books: you only need one good book on the shelf. If RoR replaces anything it will probably be PHP, you can do more Java than with RoR. a++ C├ędric ps: Knowing what else exists beyond Java is called being open-minded ;o)
  11. Re: ahem[ Go to top ]

    From where I stand, book volumes indicate in which phase of the hype cycle you're in. Sometimes, technologies/books don't get out of the trough of disillusionment :o)
    I can buy this for the most part.
  12. Shrinking Book Sections[ Go to top ]

    I remember in the roaring' 90's watching the Java books soak up more real estate at Barnes and Noble. Of course I also watched as they got squeezed back down to one small section.


    Perhaps, but surely this is evidence that such book volumes might not be a good indication of things, as there is no sign of any decline in Java use. Book volumes certainly indicate interest, but do they relate to actual use? I don't know.
    Over the past 5 years the local B&N computer book section has shrunk to about a third of it's original size. I think it's more the effect of Amazon and B&N.com. Brick & mortar bookstores just seem to be carrying less and less niche material. Just a theory... It seems like there is no shortage of Java (or any other technology) books.
  13. Re: Shrinking Book Sections[ Go to top ]

    I remember in the roaring' 90's watching the Java books soak up more real estate at Barnes and Noble. Of course I also watched as they got squeezed back down to one small section.


    Perhaps, but surely this is evidence that such book volumes might not be a good indication of things, as there is no sign of any decline in Java use. Book volumes certainly indicate interest, but do they relate to actual use? I don't know.


    Over the past 5 years the local B&N computer book section has shrunk to about a third of it's original size.

    I think it's more the effect of Amazon and B&N.com. Brick & mortar bookstores just seem to be carrying less and less niche material.

    Just a theory... It seems like there is no shortage of Java (or any other technology) books.
    True, plus most technologies are better learned through internet resources. By the time it makes it to print it is usally out of date. Especially for new, fast-evolving technologies.
  14. Re: Shrinking Book Sections[ Go to top ]

    O'reilly track this and the report is quite interesting, at least in terms of general trends. Ruby is finally beginning to get quite a lot of attention and so its sales are coming up, as you'd expect. Java books sales are in a steady decline though Java use seems to pretty solid as far as I can tell. I don't really wamt to see TSS mutate into a generic enterprise board. There are other things that serve this purpose. Charles (a third of twofish)
  15. Re: ahem[ Go to top ]

    From Java To Ruby, by Bruce Tate.
  16. Rails real world usage[ Go to top ]

    The thing about Rails is that it can quite easily be a one man show. I know for a fact that there are tons of Rails projects underway right now (I'm involved in several myself), but these are all under the radar. The reason being that, whilst using more traditional technologies one would need to build a team first, in Rails it is possible to roll out a decent web site pretty much single-handedly. In addition, there are many businesses nowadays who are building products in Rails. One company I work with is doing it, but they don't want the fact to leak out. From the end users' point of view, who cares what it's built in? However, politically that could be an issue. It's similar to what I had to go through with Java 10 years ago. Back then I used to build tons of Java products undercover. Then sell it to the upper management as if it was built in VB or something. They used to call that 'skunkworks'. Same thing is happening today -- I've been asked to go hush-hush about the Rails projects I'm helping some of my clients to work on.
  17. Re: Rails real world usage[ Go to top ]

    The thing about Rails is that it can quite easily be a one man show. I know for a fact that there are tons of Rails projects underway right now (I'm involved in several myself), but these are all under the radar. The reason being that, whilst using more traditional technologies one would need to build a team first, in Rails it is possible to roll out a decent web site pretty much single-handedly.

    In addition, there are many businesses nowadays who are building products in Rails. One company I work with is doing it, but they don't want the fact to leak out. From the end users' point of view, who cares what it's built in? However, politically that could be an issue.

    It's similar to what I had to go through with Java 10 years ago. Back then I used to build tons of Java products undercover. Then sell it to the upper management as if it was built in VB or something. They used to call that 'skunkworks'.

    Same thing is happening today -- I've been asked to go hush-hush about the Rails projects I'm helping some of my clients to work on.
    I am sure the same thing is still happening with a range of technologies. Hibernate/Spring being used in place of EJBs. PHP being used in place of Java. The issue (or rather, what I am interested in) is how we quantify this - is it possible to get a real measure of use of techniques like Rails, PHP, Spring and so on. Much use of these alternative approaches can be hidden. An example was the JDO 2.0 debate last years, when the vote against acceptance of the JSR was followed buy a campaign from thousands of developers, the numbers having been underestimated in many quarters. What I am trying to do is to get past the 'buzz' and publicity - both positive and negative. The thing is, a lot of articles, and a lot of blog entries, and even a substantial number of books, does not necessarily relate to substantial actual use. It might do, but it doesn't necessarily. I remember a similar buzz around Smalltalk in the mid-late 80s. The publicity was enormous, and articles appeared everywhere, but did this indicate substantial use? No, it didn't. I believe that the Ruby situation is a lot more substantial. But how much more, and how can we tell? I find this a fascinating question.
  18. Re: Rails real world usage[ Go to top ]

    I am sure the same thing is still happening with a range of technologies. Hibernate/Spring being used in place of EJBs. PHP being used in place of Java.

    The issue (or rather, what I am interested in) is how we quantify this - is it possible to get a real measure of use of techniques like Rails, PHP, Spring and so on. Much use of these alternative approaches can be hidden. An example was the JDO 2.0 debate last years, when the vote against acceptance of the JSR was followed buy a campaign from thousands of developers, the numbers having been underestimated in many quarters.

    What I am trying to do is to get past the 'buzz' and publicity - both positive and negative. The thing is, a lot of articles, and a lot of blog entries, and even a substantial number of books, does not necessarily relate to substantial actual use. It might do, but it doesn't necessarily. I remember a similar buzz around Smalltalk in the mid-late 80s. The publicity was enormous, and articles appeared everywhere, but did this indicate substantial use? No, it didn't.

    I believe that the Ruby situation is a lot more substantial. But how much more, and how can we tell? I find this a fascinating question.
    I'd say the situation is a bit different right now. At least with regards to Rails. The Rails crowd is overall not very keen on getting into the enterprise. Rails creator David Hanssen went on the record claiming that he will activelly dissuade any efforts to turn Rails into a business platform (not that there isn't plenty of skunkworks in that arena already). The core Rails philosophy is that reuse is not for Rails. And building corporate software is all about reuse. So the two worlds mix like oil and water. Where you are going to see Rails domineer is in the new breed of web-based software (the so-called social software). Rails is an extremely agile platform well suited for the 'on the go' situational software that the web facilitates. I doubt that Rails will ever become a corporate platform, because it leans too much toward creativity and forsakes the orderly, ritualistic process. And because most of the publicized research figures focus exclusively on the corporate software, Rails will never make it on their radar.
  19. Re: Rails real world usage[ Go to top ]

    Where you are going to see Rails domineer is in the new breed of web-based software (the so-called social software). Rails is an extremely agile platform well suited for the 'on the go' situational software that the web facilitates.
    I don't believe in this 'on the go' software. There is are websites that works well, and websites that doesn't. Agile development with Rails is simply one way to produce good websites. There are other techniques that work equally well. Good website software requires considerable visual design (HTML and CSS styling), and there are established techniques in J2EE that allow such design to be performed very dynamically, such as facelets. Then, of course, there is PHP. I would imagine there are many PHP developers working on 'social software' and who would be surprised if their way of working was categorised as less agile than RoR.
  20. Re: Rails real world usage[ Go to top ]

    I don't believe in this 'on the go' software. There is are websites that works well, and websites that doesn't. Agile development with Rails is simply one way to produce good websites. There are other techniques that work equally well.
    Really? Which ones?
    Good website software requires considerable visual design (HTML and CSS styling), and there are established techniques in J2EE that allow such design to be performed very dynamically, such as facelets.
    That's a very questionable statement. Here is why: most people I know aggregate the content they're interested in, and never bother to visit the source web sites. I've been doing it for a long time now. Instead of pounding the pavement and visiting and re-visiting websites I'm interested in, I just subscribe to their RSS/Atom feeds and wait for the material to be delivered to my doorstep. I really couldn't be bothered to organize my life any other way. And same is with most people I know. Once you subscribe to a certain web site, you never ever go and visit it again. Which in reality means that all their efforts at styling are completely unfounded. Business could be wasting huge bucks polishing their sites' style and presentation, all in vain, because most of their consumers never get to see the results of their efforts.
    Then, of course, there is PHP. I would imagine there are many PHP developers working on 'social software' and who would be surprised if their way of working was categorised as less agile than RoR.
    I'm sure they would be surprised. But just because someone is surprised, doesn't mean that the claim is incorrect. Overall, PHP is possibly the ugliest mess one could imagine at this point. If you're calling this mess 'agile', you've truly managed to surprise me.
  21. Re: Rails real world usage[ Go to top ]

    I don't believe in this 'on the go' software. There is are websites that works well, and websites that doesn't. Agile development with Rails is simply one way to produce good websites. There are other techniques that work equally well.


    Really? Which ones?
    People work in agile ways with PHP, with Java (not all J2EE approaches involve substantial reloading of applications), with Cold Fusion, with JSP, with ASP and with newer Java/JVM approaches like Grails. For those who want very fast development, open up Studio Creator, and design with your components. You can get a data-linked website with AJAX up in minutes.
    Good website software requires considerable visual design (HTML and CSS styling), and there are established techniques in J2EE that allow such design to be performed very dynamically, such as facelets.


    That's a very questionable statement. Here is why: most people I know aggregate the content they're interested in, and never bother to visit the source web sites. I've been doing it for a long time now. Instead of pounding the pavement and visiting and re-visiting websites I'm interested in, I just subscribe to their RSS/Atom feeds and wait for the material to be delivered to my doorstep.

    I really couldn't be bothered to organize my life any other way. And same is with most people I know. Once you subscribe to a certain web site, you never ever go and visit it again.

    Which in reality means that all their efforts at styling are completely unfounded. Business could be wasting huge bucks polishing their sites' style and presentation, all in vain, because most of their consumers never get to see the results of their efforts.
    That is still a minor practice. Sites like Digg, MySpace, Flickr etc. are all carefully designed. And, as someone who writes business websites, I can tell you that you are plain wrong. Of course the customers get to see their efforts. Most people go direct to a business website to browse services and products. Sure, they may then later decide to use subscription mechanisms on that site or whatever, but that is secondary. Almost all visits to business sites are (1) direct because they know your name (2) via search engines or (3) links via marketing or promotional sites. What attracts people to a site in the first place? What makes information easy to find for aggregation, and appealing to read? Good design. This whole myth that anyone can quickly and easily design a website that is appealing and easy to use and scalable is nonsense (or at the very least, hugely overstated). And, of course, this has nothing whatsoever to do with the underlying technology. A site based on boring old J2EE/EJB can be aggregated just as easily as one based on RoR or PHP.
    Then, of course, there is PHP. I would imagine there are many PHP developers working on 'social software' and who would be surprised if their way of working was categorised as less agile than RoR.


    I'm sure they would be surprised. But just because someone is surprised, doesn't mean that the claim is incorrect.

    Overall, PHP is possibly the ugliest mess one could imagine at this point. If you're calling this mess 'agile', you've truly managed to surprise me.
    Just because you can write PHP messily does not mean you can't be agile with it. No matter what you think of the language (and it is messy), it can be used for very rapid interactive development. You should see some of PERL-like code some people write in Ruby... And, of course, I am not calling a language agile. Languages aren't intrinsically agile (I have even seen systems for interactive development in C++!) - it is how you use them.
  22. Re: ahem[ Go to top ]

    I think RoR is worth keeping an eye on, because it's very successful and very useful. Plus, it's affecting how enterprise Java is being developed, for what it's worth.
    How big os the impact of RoR on enterprise Java development? I think that Rails is a simple framework for *very* simple applications. If you want to do something slightly diferent than the CRUDs generated by the scaffold, you will not have a significant advantage by using Rails itself rather than another Java framework. Of course that a dynamic language is more productive, but you can use Groovy in Java. The complexity of Java is in the EJBs 2.X, the too many XML in Java frameworks and the some APIs that do not focus simplicity.
  23. Re: ahem[ Go to top ]

    1. "Enterprise" is larger than just Java
    Yes please! TheServerSide.COM Your Enterprise Server Comunity. 'Java only' is boring.
  24. Re: ahem[ Go to top ]

    TheServerSide.COM Your Enterprise Java Community.
    True. But there are two reasons I felt this was worth posting here:
    1. "Enterprise" is larger than just Java
    2. There's a good takeaway from the RoR group's behaviour with the release of 1.1.6.
    I think RoR is worth keeping an eye on, because it's very successful and very useful. Plus, it's affecting how enterprise Java is being developed, for what it's worth.
    Plus many so-called Java thought-leaders are talking about it/using it. What that means in the long run is anybody's guess but it does show that RoR and Ruby should be on our radar and should be discussed on this site. Of course the nice thing about a discussion board is that if you see a topic you don't care about, you don't have to read it or comment on it. ______________ George Coller DevilElephant
  25. Re: ahem[ Go to top ]

    Plus many so-called Java thought-leaders are talking about it/using it. What that means in the long run is anybody's guess but it does show that RoR and Ruby should be on our radar and should be discussed on this site.
    Is IT a place for lemmings? Thinking should be what everyone does, why would we need such thing as "thought leaders"? This is not only insulting for the those that prefer reason instead of hype, but also the evidence of how big some people's egos can get. If they, the thought leaders, were developing rocket science, or working on taking humans to other planets, or anything like that I would give some credit, BUT WHAT'S SO SPECIAL ABOUT WEB FRAMEWORKS? What's so special about "yet another way of doing the same-old same-old"? If this RoR were more business oriented, adding value to what we do so we can have some advantage over the competition, it would make more sense.
  26. Re: ahem[ Go to top ]

    Plus many so-called Java thought-leaders are talking about it/using it. What that means in the long run is anybody's guess but it does show that RoR and Ruby should be on our radar and should be discussed on this site.


    Is IT a place for lemmings? Thinking should be what everyone does, why would we need such thing as "thought leaders"?

    This is not only insulting for the those that prefer reason instead of hype, but also the evidence of how big some people's egos can get.

    If they, the thought leaders, were developing rocket science, or working on taking humans to other planets, or anything like that I would give some credit, BUT WHAT'S SO SPECIAL ABOUT WEB FRAMEWORKS? What's so special about "yet another way of doing the same-old same-old"?

    If this RoR were more business oriented, adding value to what we do so we can have some advantage over the competition, it would make more sense.
    Cool your jets Java-jocky and check your own ego. Why would we need such thing as "thought leaders"? Well maybe because in any discipline there are those who have been around longer, have more and deeper experience, and sometimes are just plain smarter than the rest of us. Typically these "thought leaders" are not self-appointed but become thought of in that light because of years of important contributions to their discipline. Many times this includes going beyond just working in their discipline but publishing and researching. Two things that many of us day-to-day developers just don't have the time to do (or make time to do). Does that mean we let them do the thinking for us? No, that would be unprofessional and simple minded - plus often they are wrong. Does it mean, as I suggested, that we should put some weight behind what they think and at least discuss it here? Yeah, I'd say that would be a good idea. Personally, if you don't have people in your profession that you look up to for guidance and leadership then you are letting your own ego get in the way of your personal advancement. Even the masters have masters. I do think it is a fair question to ask "what's so special about web frameworks"? One that the RoR advocates need to answer. I think they mainly push that development and configuration are easier. They also show how easy it is to do web 2.0 tricks inside RoR. Is that it? I don't know. They can't claim superior security now though. ______________ George Coller DevilElephant
  27. Re: ahem[ Go to top ]

    Why would we need such thing as "thought leaders"? Well maybe because in any discipline there are those who have been around longer, have more and deeper experience, and sometimes are just plain smarter than the rest of us. Typically these "thought leaders" are not self-appointed but become thought of in that light because of years of important contributions to their discipline.
    So let their work speak for itself! Julius Caesar wasn't Julius Caesar because he had been in Rome for a longer time, but because what he did was not what an average person would be capable of! And this thinking works for all areas of life. The impression I have from these Internet times is how easy is to get famous. All you need to spit some opinion piece here and there, pay attention to the opinion word, and then expect "respect" from the masses! "Opinion" is not knowledge nor expertise.
    Many times this includes going beyond just working in their discipline but publishing and researching.
    I would like to see some of that research. Opinion pieces cannot be considered research.
    Personally, if you don't have people in your profession that you look up to for guidance and leadership then you are letting your own ego get in the way of your personal advancement. Even the masters have masters.
    I believe that's the main difference between us (since you said "personally"), I do have such figures but they often speak sense and I worked with them or at least, in the case they are dead or live abroad, I am able to know what they did through their work. I am not going to select a random stranger from the Internet to be my "guidance and leadership", and no sane person should do so. If someone can't guide himself and searches for "guidance" from some stranger with dubious work then it's someone that cannot do much.
  28. Re: ahem[ Go to top ]

    I believe that's the main difference between us (since you said "personally"), I do have such figures but they often speak sense and I worked with them or at least, in the case they are dead or live abroad, I am able to know what they did through their work.

    I am not going to select a random stranger from the Internet to be my "guidance and leadership", and no sane person should do so. If someone can't guide himself and searches for "guidance" from some stranger with dubious work then it's someone that cannot do much.
    The above quote is exactly why I asked you check your ego. I didn't list anybody specific in my post that I considered a thought-leader. In fact I purposely made that post technology-neutral because I knew exactly how you were going to react - with hyperbole (love those exclamation points), conjecture and more than a little smugness. Who do you think you are to even suggest that I'm selecting "random stranger's" to look up to. I went back and reread some of your posts here on TSS and there seems to be a theme: Everybody with an opinion different than yours is a mindless heard-follower and you're the only one with reason and logic on your side. Well bully for you. Look, you obviously have an axe to grind with the Ruby/RoR community. There probably are people you can list that piss you off. Fine, everybody needs a hobby. Just quit projecting your perception of that community onto me. I like Ruby but I'm not blindly accepting it. I'm not saying people should drop Java, or even suggesting that it is superior except to note that it is a more powerful language and is fun to develop with. Wow, how controversial. I've even made the barn-burner claim that Ruby should be watched and discussed. Whew, excommunicate my butt from the Java church. I don't need you to agree with me. Just keep your critiques of my posts relevant to only what I've written without putting the words of some imagined idiot into my mouth. It's an unsportsman way to make a point. ______________ George Coller DevilElephant
  29. Re: ahem[ Go to top ]

    The above quote is exactly why I asked you check your ego. I didn't list anybody specific in my post that I considered a thought-leader.
    Self acclaimed "thought leaders" in Java land? We know who they are. No sign of humbleness. And that's so unlike Socrates, all I know is that I know nothing. I study all the time, learning new things, and I know I will never know everything. BUT some seem to have all the answers. Isn't it funny? The "thought leaders". As a matter of fact, the "Pop IT" is the only place I have found this term "thought leader". Hahaha It's funny, sounds like "thinking" isn't for everyone.
    I went back and reread some of your posts here on TSS and there seems to be a theme: Everybody with an opinion different than yours is a mindless heard-follower and you're the only one with reason and logic on your side. Well bully for you.
    You are reading too much into it. All I did was question shortsighted statements or statements that had some flaw in the information given, that do little for the general improvement of this area that's called IT. The "theme" is: opiniate less, question more. We need more reason, but everyone seems to be more interested in promoting their favorite toys with fantastic claims. When did opinions become facts? If people weren't such fanboys they wouldn't be such marketing victims to Sun, MS and the likes.
    Whew, excommunicate my butt from the Java church.
    And it all started with "what's so special about web frameworks?" and "who needs thought leaders?"... Don't you like questions? OPINIONS ARE BAD. Everyone has opinions, and once following them you get in maze that you will lead you nowhere. If anyone wants to be any closer to the truth, in the sense of what's possible to attain of it, wouldn't be a serious investigation needed? To fight the opinions with questions all the time, to make everyone's vision clearer? Good way of seeing things: Look, we can do this in the language X, that enables me to build A, B and C, and that will make my clients happy... The Ruby way: every 10 years there's a language change, it's about time now to another turn... (sic) It's just me or something doesn't sound right about the "opinions as facts" we see so often nowadays?
  30. Re: ahem[ Go to top ]

    Actually Thiago, This is the first post I've gotten from you that was very clear and challenged what I've written without sounding personally condescending. Sincerely, thanks. I think the only criticism I have on what you wrote is that you tend to use overly-inclusive phrases like "...everyone seems to be more interested in promoting their favorite toys with fantastic claims..." and "99% of Ruby proponents are a bunch of boring-one-sided-with-an-agenda-to-promote apologists" in your arguments. By saying "everyone" what comes across is "everyone but me" which lumps even those who may agree with you into the other camp. I get that hyperbole is a nice literary device but I think if used too much it detracts from your point and, as in my case, offends your audience, which can keep them from taking your point seriously. ----- Yeah, you know I'll go in with you that "thought leader" sounds like a "Pop IT" term. I even like the usage of "Pop IT" with things arbitrarily going in and out of fashion. I get it, but come on; instead of Caesar, Socrates, or some other distant icon you have to have some people on your list who are living, breathing people you hold up a little. Let's not let the term "thought leader" stand in the way of discussing who in current IT may be important to listen to (not automatically agree with but to at least put some thought into what they are saying). Enough generalities - I'll be specific. I like and respect Dave Thomas (the Pragmatic Programmer guy not the dead Wendy's spokesman). I like his writing; it tends to pack a lot of good ideas into a short space and comes across with some humor to make it fun to read. I like his public speaking; it is clear, knowledgeable, and often just fun. Because of that demonstrated work he is someone who I hold up a little bit; someone I put some weight behind in the opinion department. Anyway, because of a "Intro to Ruby" talk he gave I decided to look into it and liked what I found. I consider myself a Java expert - maybe it's because I've reached an expertise with that platform that I've felt myself longing for something different. Something that wasn't so corporate-minded. Something that made programming fun - like when I was a teenager dinking around with my Commodore 64 and the Forth language. Does that make me some kind of a sheep? I like to think that it doesn't. I don't go to my clients and say "Switch to Ruby and it will save your project". Nope, I promote better Java frameworks and hopefully better design and methodology. But, I still like Ruby and think it is more fun. I do my own blog in Ruby. I do my unix scripting in Ruby. Is it more fun because it is new and is more powerful than Java as a language? Maybe. Or maybe because of those reasons I'm more productive on my Ruby tasks? I don't think Ruby or RoR will change the IT world or even make too much of a dent in Java. Even if it did, who cares - most of us here seem smart enough to shift when it is required. I'd say Ruby has a good chance of easily adapting to what comes next. Maybe if only because a lot of smart developers are having fun programming in that language. ______________ George Coller DevilElephant
  31. Good For ROR[ Go to top ]

    I have been a Java guy for a while and I will still be. But I will surely put ROR in my tool box.
  32. It is incredibly refreshing to run "sudo gem update rails" and have your bug fixed right there. I wish there was as simple of an upgrade path for Java libraries.
  33. It is incredibly refreshing to run "sudo gem update rails" and have your bug fixed right there. I wish there was as simple of an upgrade path for Java libraries.
    What if you want to run more than one version of Rails on a single server? I'm pretty sure you can do that, but it would break system-wide update tools like gem. Also, doesn't gem require root/administrator access to run?
  34. I don't know about you, but my default JVM updates itself in the background.
  35. I don't know about you, but my default JVM updates itself in the background.
    That sounds scary, too. I'd never let my JVM autoupdate on anything real - Windows, fine, no big deal, people expect it to be crap. But on my production servers? Never!
  36. It is incredibly refreshing to run "sudo gem update rails" and have your bug fixed right there. I wish there was as simple of an upgrade path for Java libraries.
    jpackage.org, using yum/rpm, not to your liking?
  37. It is incredibly refreshing to run "sudo gem update rails" and have your bug fixed right there. I wish there was as simple of an upgrade path for Java libraries.


    jpackage.org, using yum/rpm, not to your liking?
    Not to mine because it makes Java dependent on RPM and *nix. Please read some thoughts on that matter here http://kgionline.com/annoying/java/cjar_vision.jsp http://searchj.org/info/about/cjar_everyday_use.png Repositories browser and more is http://searchj.org To make "cjar --update hibernate" enterprise worthy all the artifacts should be signed and those signatures be verifiable, some ideas are here http://searchj.org/app?page=SubmitArtifactForm&service=external
  38. There is....[ Go to top ]

    bash> cp newcopyofjar.jar /apps/myapp/lib/ Done - just restart service and you're up'n'running :-)
  39. Java thought-leaders...[ Go to top ]

    are a victim of their own specification-driven development.. There's a body of new Java devs that are coming from the horrors of long-term dynamic language applications and Java is such a wonderful safe place compared to that. As someone who's leaving the world of scripting behind, I really can't see myself using anything remotely related to duck-typing in a production setting again. For disposable code bodies though, sure.
  40. duck typing and immutability[ Go to top ]

    Could someone explain to me why in the RoR and Ruby community mutability of objects and being able to change class definitions on the fly is not a problem, while for years (it seems to me at least) I've always learned that immutability is better and safer and leads to more robust code? Being able to change things on the fly the way you can with Ruby reminds me of the old days of long ago with assembly language when you could write self modifying code, which was subsequently branded as Very Bad. Is it just the pendulum swinging back and forth and now we're entering the phase where people don't like all of the safety nets that Java provides?
  41. Yup[ Go to top ]

    Could someone explain to me why in the RoR and Ruby community mutability of objects and being able to change class definitions on the fly is not a problem, while for years (it seems to me at least) I've always learned that immutability is better and safer and leads to more robust code?

    Being able to change things on the fly the way you can with Ruby reminds me of the old days of long ago with assembly language when you could write self modifying code, which was subsequently branded as Very Bad.

    Is it just the pendulum swinging back and forth and now we're entering the phase where people don't like all of the safety nets that Java provides?
    Zing ! You are right. This particular emperor has no clothes ... if we are talking about fundamental software development practices. It's proven to be useful for small Web sites with relatively simple database access. Since that is valuable, people are interested. People like to investigate new ways of doing things. That's good. Since people want attention, they misrepresent the potential of their particular gewgaw. That's bad. Java seems to be in the maturity stage of a programming language and will eventually be supplanted by the next evolution of understanding. Unfortunately we are still waiting for that Next Big Thing; it will have to offer more than these scripting tools. Absorb the good, ignore the bad, move on. No big deal.
  42. Re: duck typing and immutability[ Go to top ]

    Could someone explain to me why in the RoR and Ruby community mutability of objects and being able to change class definitions on the fly is not a problem, while for years (it seems to me at least) I've always learned that immutability is better and safer and leads to more robust code?

    Being able to change things on the fly the way you can with Ruby reminds me of the old days of long ago with assembly language when you could write self modifying code, which was subsequently branded as Very Bad.

    Is it just the pendulum swinging back and forth and now we're entering the phase where people don't like all of the safety nets that Java provides?
    I think there is a long history of arguing programming power over safety limitations. I think your idea of the pendulum is very close to the truth. Every computer language written is probably a direct reaction to another existing language being either too complex or too simple. Java (the language) is relatively simple but also is limiting in ways. Depending on the types of applications you are developing and the quality of your team Java maybe the safeguard that keeps you on the correct path or the chain that binds you into one kind of implementation. (Talk about your terrible metaphors). I think that simplicity Java's sweet spot; it is the language for the average Joe but can also be used by the pro. Honestly, I'm a little scared to see how Ruby will be used/abused by the masses (if it ever reaches that level of acceptance). Most of the Java code I've looked through has been ugly and utilitarian. The genius of Java is that often it still works in spite of the worst developers' most stomach-churning code. In corporate development that seems to be the bar. Maybe the Ruby side of the equation is more like "Hey, if everybody was a smart driver then there would be no need for seat belts". If you are a small team of reasonable ability I think you'll really dig Ruby and use it well. If you are corporate programmer number 5512a from sector G-12 then Java will be your long time friend. ______________ George Coller DevilElephant
  43. Java and simplicity[ Go to top ]

    I think that simplicity Java's sweet spot; it is the language for the average Joe but can also be used by the pro.
    Maybe Java 1.2 but Java 1.5 is not simple any more. Besides the language one also has to know numerous libraries, frameworks and tools.
    Most of the Java code I've looked through has been ugly and utilitarian. The genius of Java is that often it still works in spite of the worst developers' most stomach-churning code. In corporate development that seems to be the bar.
    You have a point there.
  44. RE: Casual Visitor[ Go to top ]

    Programming the web is NOT HTML and JavaScript. Go get yourself an MS in CS. You will get to know all about the new things in Java 5. Obviously, you want to stop the irrelevant rants and keep using Java 1.2. Bird brain!
  45. Re: There is....[ Go to top ]

    bash> cp newcopyofjar.jar /apps/myapp/lib/

    Done - just restart service and you're up'n'running :-)
    start: oops! xxx.zzz.NewDependency ClassNotFoundException oops! method does not exists Ahgr, I forgot to to download new dependencies, and update existing. O s..t!, now I need to copy this to all my applications(war-a, ear-s, and directories) O s..t! I need to restart it again... GOTO start
  46. Re: There is....[ Go to top ]


    start:
    oops! xxx.zzz.NewDependency ClassNotFoundException
    oops! method does not exists

    Ahgr, I forgot to to download new dependencies, and update existing.

    O s..t!, now I need to copy this to all my applications(war-a, ear-s, and directories)

    O s..t! I need to restart it again...

    GOTO start
    Check out ivy -> http://www.jayasoft.org/ivy
  47. Re: There is....[ Go to top ]

    Check out ivy -> http://www.jayasoft.org/ivy
    :) My responce should have been marked as :sarcasm: Ivy is the best dependencies manager available in my opinion and I plan to add support for Ivy in http://searchj.org as soon as I will have time. But I still think that managing dependencies based on versions only is not 'right'. Dependencies manager should take into concideration: - desired bytecode version; - debug-nondebug; - obfuscated or not; - any dependency declaration should be overridable from command line parameter (use case:quick test with a particular version); - target OS and architecture for proper JNI dependencies resolution (as Java Web Start and JNLP); Gentoo's emerge dependencies manager I think might be used as source of inspiration.
  48. ...and that's why it appears on TSS.COM ;)
  49. nit picking[ Go to top ]

    it's not perfect! see, see, I KNEW IT, I KNEW it. I knew Ruby was not perfect and this proves it!!!! RUBY IS NOT PERFECT.BE AFRAID OF RUBY. FEAR IT. Ruby's terrible security holes will cause your computer to erupt in flames!! (please keep buying my bloated crapplication server) What can I take away from this episode? ("episode"?? why not "fiasco" or "disaster"?) I'll tell you what I can take away: "Enterprise" Java is freakin' terrified of Ruby.
  50. Ruby whiner at it again![ Go to top ]

    If you look at the past posts, it is the Ruby zealots preaching the superiority of their ROR, which is a silver bullet, will cure all the ills of Java, it is a Java killer blah blah. We have heard similar sales pitch from MS. Now it is proved, Ruby is only a vaporware, the whining starts.
  51. nit picking[ Go to top ]

    You are too afraid geoff, of the future. You really think enterprise JAVA is "AFRAID" of rails. You really should'nt really care anyway since DHH farted that enterprise is not what he aims to conquer. Anyways, those without dreams are ZOMBIES. And you should remeber the world cares a fly's fart about your ruby & rails emotions. Welcome to ignominance, YOU IDIOT!! It would be fitting if an yellow fade told you that you were not found in your bank's accounts. (See the shema fix) F**ckin Rails is HOSED!!!!!! My God, does anyone think it's okay to GET your DB wiped out. This idiot (ie) geoff thiks its OK. (That ain't the last one. There are 135 more coming!) We challenge your bird brains, to fix em. That's rails for you!!!! Spread the FUD and keep the FLAME burning... You geoff are a TRUE DRUNKEN MORON. Lookout, ther is another patch!!!!!!!!
  52. Re: nit picking[ Go to top ]

    Welcome to ignominance, YOU IDIOT!!
    Classic! filed for later use.
  53. I don't think the post has any place on an Enterprise Java Community. It's just as petty and childish as the Rails community using Java as a whipping post to make themselves look better. Why not .Net or PHP or ColdFusion? I find the practice of ripping down Java to make Ruby look good very off-putting. Ruby looks good enough on its own -- it doesn't need DHH's or Bruce Tate's "Java sucks; Ruby rules" brand of cheerleading.
  54. http://www2.sqlonrails.org/ Peace, Cameron Purdy Tangosol Coherence: The Java Data Grid
  55. Heh, Fragile Web Development with Sql on Rails
  56. Re: Why doesn't TSS cover SQL on Rails?[ Go to top ]

    http://www2.sqlonrails.org/

    Peace,

    Cameron Purdy
    Tangosol Coherence: The Java Data Grid
    Awesome! If there was a silver bullet - it is this, it is this, it is this! :)
  57. Cameron That's a damn fine response - glad to see you've got your finger on the pulse. Regards, Gary ______________________________________________
  58. Cameron, I have now found my mission in life. After almost 10 years of Java programming, I have found my new place in life. Thank you so very much!!!!
  59. http://www2.sqlonrails.org/

    Peace,

    Cameron Purdy
    Tangosol Coherence: The Java Data Grid
    Awesome, just awesome. That video (especially the voiceover) was spot on. ______________ George Coller DevilElephant
  60. For people like me, who are proficient in Perl and Java, Ruby is remarkably, perhaps irresistibly, attractive.
    http://www.tbray.org/ongoing/When/200x/2006/07/24/Ruby