[Turing_Machine]

Yes, you're right. There have never been any security problems with "serious" "nonfun" languages like C, or Java, or the .NET stack. :-/

This has nothing to do with the Ruby language, by the way, any more than a hole in IIS is a problem with .NET.

If you're going to talk smack, at least learn what you're talking about.

[alexanderh]

You misinterpreted my comment. I agree, the language is largely inconsequential. Its the culture around the language that is the problem. Ruby's is particularly bad. All I'm saying is the "1000 ways todo the same thing" nature of Ruby, has the unfortunate consequence of attracting newbs, and making 'best practices' hard to nail down.

Other languages tend to have more support in corporate/educational areas, tend to have more money backing them, tend to have more 'best practices', tend to have more rigorous testing and review. Ruby is the hipster hacker's language.... and the quality of code shows this. (in the core of the language, and by the individuals who use it)

Other languages absolutely have these problems too, but it has been my experience that Ruby is particularly bad. You are welcome to disagree with that part.

But IMO it makes sense. The quick and dirty 'million ways todo the same thing' nature of Ruby breads this kind of culture. I certainly didnt mean to single out interpreted languages tho, or imply other languages dont have security problems, or unique issues with their cultures.

PHP is probably about just as bad. I'd put Ruby and PHP high up on the 'fun to program in' list, and low on the 'secure, quality languages' list.

[jasim]

I haven't seen many seasoned developers claiming PHP is a 'fun' language to program in. It was my first web development language and it was fun back then. But the honeymoon period gets over quickly once you realize the limitations of the language and see what other languages like Ruby has to offer.

[drstewart]

I still believe you may not understand the difference between a language and a framework.

[tedunangst]

The distinction is rather academic with ruby and rails. 90% of the answers to "how do I do this in ruby" on forums are actually "how to do this with rails" answers, but they never mention that little detail, because who'd ever write a ruby program without rails, right? Trying to find straight ruby answers is annoying as hell.

[chimeracoder]

I've had frustrations with certain "ruby" libraries requiring methods like "blank?" (IIRC) that are provided only via Rails, not Ruby. It made developing on a machine that Ruby but not rails rather annoying.

[Turing_Machine]

"The distinction is rather academic with ruby and rails."

No, it isn't.

"90% of the answers to "how do I do this in ruby" on forums are actually "how to do this with rails" answers"

You're looking in the wrong places.

"who'd ever write a ruby program without rails, right?"

People who are writing shell scripts? People who are using Sinatra? People who are writing desktop Ruby programs?

[Turing_Machine]

"quality of code shows this. (in the core of the language"

Your examples of this would be?

[marshray]

Hey, did you hear that scanf() will accept XML and YAML and automatically convert it into pointers handy for you to dereference?

Neither did I.

[tptacek]

Or how about when you put that 256th character in a ruby string and end up overwriting heap metadata? Man I hate it when that happens.

[marshray]

There are known undefined behaviours and there are unknown defined behaviors.

Which is worse?

[tptacek]

I'll take Ruby over C any day of the week.

[marshray]

No formal argument there.

[askimto]

How about informal?