So, a serious security hole in Rails was announced this week. There’s a lot of bashing going on about “security through obscurity.” I’ve always understood STO as sustained secrecy about known (or possible) vulnerabilities, which seems different from the Rails team’s provisional waiting period between the initial announcement and the full disclosure. (And the patches themselves told the story, for those familiar with the source.) Not that there weren’t legitimate problems with their patch release process.
I wasn’t able to get to OSCON this year, but this photo is definitely a winner in the category of impromptu geek performance art: Ruby on Rael Filip Salomonsson commented on Wed Aug 9 15:37:01 2006: Except, of course, it’s an OSCON 2005 photo.
The Zend Framework was released a few days ago. This is a PHP5-only web application framework from Zend, “the PHP company.” It has been in development for a long time, but if that had a chilling effect on the development of other PHP frameworks, it’s hard to see. I’m going to go straight for my grim conclusion here: I think many of the other PHP web frameworks in development have no long-term prayer against Zend.
Yesterday, Ruby on Rails 1.0 was released. It came along with a nice website redesign, too. And some teasers: Rails 1.1 is already pretty far along in development and will see some of the biggest upgrades of any Rails release. Hopefully some time in February.
Yesterday was the Snakes and Rubies meetup in Chicago, featuring Adrian Holovaty of the Django Project and David Heinemeier Hansson of Ruby on Rails. By all reports it was an informative and enjoyable event, with about 100 to 200 people attending. I’m looking forward to hearing the audio when it becomes available. In the meanwhile, thinkhole.org has a good roundup of notes and blog postings, and of course there’s always Technorati.
The creator of Rails has a nice aphorism in his blog today about the ever-elusive general-purpose CMS: The more expensive it is to create fresh software, the more appealing the mirage of generalization will appear. Of course, many religious wars in software architecture (including the one between Rails and J2EE) seem to boil down to differing attitudes toward generalization, so maybe the apparent wisdom here is itself a mirage.