Got a Ruby on Rails application running? Patch it NOW

A security issue has been discovered in Ruby on Rails, a popular web application framework. It is a serious one:

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a

…continue reading Got a Ruby on Rails application running? Patch it NOW

Book Review: The Book of Ruby by Huw Collingbourne

“The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to fall into,” says author Huw Collingbourne in his introduction to this guide to the Ruby language. He should know; he is co-founder and Technology Directory of SapphireSteel Software, which makes Ruby in Steel, an add-in

…continue reading Book Review: The Book of Ruby by Huw Collingbourne

No more Ruby support in NetBeans – the feature was little used, says Oracle

Oracle has announced the discontinuation of Ruby support in the NetBeans IDE. The reason? First, to free resources for JDK 7 support; but second (and more significant) – hardly anyone was using it.

There is hardly a shortage of Ruby IDEs. Ones that come to mind are the Eclipse-based Aptana, JetBrains RubyMine, the Visual Studio

…continue reading No more Ruby support in NetBeans – the feature was little used, says Oracle

Salesforce.com acquires Heroku, wants your Enterprise apps

The big news today is that Salesforce.com has agreed to acquire Heroku, a company which hosts Ruby applications using an architecture that enables seamless scalability. Heroku apps run on “dynos”, each of which is a single process running Ruby code on the Heroku “grid” – an abstraction which runs on instances of Amazon EC2 virtual

…continue reading Salesforce.com acquires Heroku, wants your Enterprise apps

Dynamic language slowdown at Microsoft?

Jimmy Schementi, until recently a Program Manager at Microsoft working on IronRuby, has posted about why he is leaving the company; and in doing so answers a question I posed a few months back, Why F# rather than IronPython in Visual Studio 2010?

When my manager asked me, “what else would you want to work

…continue reading Dynamic language slowdown at Microsoft?

Future of Web Apps cheers the independent Web

The Future of Web Applications conference in London is always a thought-provoking event, thanks to its diversity, independence and character. That said, it is a frustrating creature at times. The frustration on day 1 was the barely functional wi-fi, which ruined a promising interactive application called HelloApp, built with ASP.NET MVC. HelloApp would have told

…continue reading Future of Web Apps cheers the independent Web

Programming language trends: Flash up, AJAX down?

I’m fascinated by the O’Reilly reports on the state of the computer book market in 2008, particularly the one relating to programming languages.

Notable facts and speculations:

C# is the number one language, overtaking Java (which is down 12%), and was consistently so throughout 2008. Although the .NET platform is no longer new and exciting,

…continue reading Programming language trends: Flash up, AJAX down?

Salesforce.com linking with Facebook, Amazon

I’m at the Dreamforce conference in San Francisco, where Marc Benioff, CEO of Salesforce.com, and co-founder Parker Harris, are presenting new features in the force.com platform.

The first is a built-in ability to publish your Force.com data as a public web site. The service is currently in “developer preview” and set for full release in

…continue reading Salesforce.com linking with Facebook, Amazon

Future of Web Apps 2008 Day One: Web is DVD, desktop VHS

I’m at London’s dreary Excel centre for Carson’s Future of Web Apps conference, just before the opening of day two. Yesterday was a mixed bag; good when speakers talk technical; bad when they descend into marketing. The origins of the conference are as a start-up incubator; developers and entrepreneurs getting together to see what’s new

…continue reading Future of Web Apps 2008 Day One: Web is DVD, desktop VHS

Ruby interpreter flaws make the case for JRuby?

The official Ruby blog reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.

More discussion here and here. The community is fixing the problems energetically; but they do appear serious, and some are struggling with compatibility issues.

Since these seem to be bugs in

…continue reading Ruby interpreter flaws make the case for JRuby?