In the latest Ruby Rogues podcast, @Brixen (formerly Brian Ford, now Brian Shirai) said
> But I caution people who think, “It’s working okay. Let’s just do more of > this.” I caution that, that is not necessarily going to be > sufficient. And I will point to a couple things. What I’ve seen is talents > bleed away from Ruby to other languages because Ruby > couldn’t do things like concurrency well. These recent exploits in Rails and > stuff are of great concern. We already have strikes > against us as a Ruby language for a bunch of reasons and what we really don’t > need is big companies who pay developers to say, > “You know what? We’re not using Ruby. There’s no Ruby going to be on my > server because I’m not having someone exploit my > servers.” Point and click, and you have a remote shell, right? Would I be correct in interpreting him as saying that the recent YAML exploits with Rails indicate a problem with Ruby, rather than just Rails? That in a more secure programming language, even if the web development framework stuffed up, the hackers wouldn't be able to execute arbitrary shell code? Andrew -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
