Hacker News new | ask | show | jobs
by Indy9000 2042 days ago
What makes Ruby so irreplaceable? Why struggle to make it something it's not when you could pick an existing statically typed language and build your system? Also how is Ruby a safe language for financial transactions when an engineer can hijack a running process and change memory without leaving a trace
2 comments
jameskilton 2042 days ago
What makes millions of lines of code and decades of knowledge irreplaceable?

Is there any language or ecosystem that can protect against a rogue employee?

link
fmakunbound 2042 days ago
> hijack a running process and change memory without leaving a trace

Doesn't sound like a Ruby problem.

link
Indy9000 2042 days ago
No but, Ruby makes it trivial. No decompilations, no assembly, no debuggers necessary. Drop into an irb in a running process, change stuff and get out in seconds
link
viraptor 2041 days ago
Compilation is not a security control. Also if you're handling transactions at a significant rate, PCI (with all its problems) makes sure there's a trace.
link
vinceguidry 2041 days ago
> drop into an irb in a running process

This is a thing?

link
zeckalpha 2041 days ago
It also is a thing in most other languages, including C, Python, Java, Erlang, ...
link
vinceguidry 2041 days ago
I'm not so sure. You can certainly attach a debugger to any running process. But that's not what parent was suggesting. He was saying anyone could attach a REPL. That's a totally different animal.

It's your own dumb fault if you expose the web-console or similar on production.

link