Philosophically Secure

I recently started reading Dr. Dobb’s Journal again, and quickly came across this article on Ruby. It goes beyond just talking about how Ruby is really gaining momentum as a serious enterprise programming language, especially for dynamic web apps. The article also mentions two supposed new technologies from Microsoft: APAX and ARAX. Yep, that’s basically AJAX with Python or Ruby instead of the JavaScript. Unfortunately, I haven’t really seen anything official about either APAX or ARAX, except maybe this post from Savas (a Microsoft engineer). As a Python fan, I’m looking forward to more information becoming available.

On a side note, I recently learned that Ruby treats zero as a true value. I find that rather irritating.

This isn’t exactly breaking news, but it’s new to me! I just came across this screencast by Sean Kelly of NASA, where he does a bake-off between several web application frameworks: J2EE, Ruby on Rails, Zope/Plone, TurboGears, and Django. He starts out by creating a simple “Hello, world” application, just to get a feel for the frameworks. As he goes along, he gives each one a “fun level” rating, as well as making note of how many lines of code, configuration files, and XML sit-ups were required to get the desired functionality. Once that’s done, he goes into creating a more involved application, so that he can really try out a few of the advanced features each framework offers.

Not to spoil the ending, but it did make me want to give Plone a try. I currently do mostly Python with Django for the web stuff at work, and its been great so far. But it certainly couldn’t hurt to try out something different and see how it fits in…

No, not the Mac kind of apples. I’m talking about the problem team member - someone who is working on a team, but really ends up working against the team. I found this quote from McConnell’s Rapid Development to really ring true:

…the most consistent and intense complaint from team members was that their team leaders were unwilling to confront and resolve problems associated with poor performance by individual team members.

Everyone knows that there will be conflicts whenever a group of people attempt to work towards some goal. But once in a while, the entire team suffers because of just one person constantly going against the grain. And it’s frustrating when your leadership seems to refuse to do anything about it, even after you’ve made the situation crystal clear to them. As Jeff says on his blog: “…if your team leader or manager isn’t dealing with the bad apples on your project, she isn’t doing her job.”

Sometimes the problem isn’t that a team member is necessarily doing negative things, but rather not doing anything at all. Why keep someone around when he’s completely unproductive? Unless, of course, you only care about spending your client’s money.

There are already plenty of people talking/screaming/crying about the recent bugs found in the Ruby programming language:

• Techworld
• Ruby Inside
• ZSFA
• Matasano Chargen

The list of CVEs created to track these bugs:

• CVE-2008-2662
• CVE-2008-2663
• CVE-2008-2725
• CVE-2008-2726
• CVE-2008-2664

The funny thing is, these vulnerabilities were created in the run-time implementation of Ruby, which is itself written in C. So it’s really not all that surprising, considering how hard it is to write secure, large, bug-free C programs.