OStatic

Last week, members of the Ruby community received word that all but the most recent versions of the language contain a serious security hole, and should be upgraded immediately. The announcement indicated that the security problem allows an attacker to potentially execute arbitrary code from a remote location. Other than that general description, what is the problem? Well... the powers that be aren't telling. Zed Shaw, decided to blog about this, announcing the vulnerabilities, as well as the techniques that he used to uncover them.

One of the fascinating trends that the Java world has seen in the last few years is the growth of non-Java languages that use the JVM (Java Virtual Machine). After all, if you create a new programming language, you will need to write it for a particular platform. If you want your language to be portable across platforms, you will need to implement versions for each of those platforms. By contrast, if you implement your language on the JVM, then your language will work on any system with a JVM, which is basically everywhere. Four of these languages -- Jython, JRuby, Groovy, and Scala -- are released under open-source licenses, and are increasingly popular choices for programmers who value portability.

Client-side Web developers work mainly in JavaScript, HTML, and CSS, displaying and manipulating data within a Web browser, while retrieving and storing that data on the server. One exciting new entry on this front is SproutCore, a new JavaScript framework that brings a full model-view-controller (MVC) approach to client-side programming. SproutCore gained a great deal of public attention in the last week, since Apple announced that its new MobileMe (formerly .Mac) service uses it.

Databases provide a great way to store information. But more important than that is their ability to retrieve information, and to do so in many different ways. Because database programmers, like all other programmers, don't like to re-invent the wheel, they often turn to reporting software, allowing them to concentrate on what they want to report, rather than how they want it to appear. One open-source reporting tool that is gaining momentum is Ruport, written in the Ruby language. Ruport is designed for use with Ruby applications, including those using Ruby on Rails.

RailsConf, the main conference for the Ruby on Rails community, took place in Portland, Oregon over this past weekend. I wasn't able to attend, which is really a shame; I was at the first RailsConf in Chicago in 2006, and learned a great deal from the talks, as well as from the other Rails hackers in the audience. While the social aspects of a conference can't easily be recreated away from the conference, it is possible to watch and read a number of the presentations and lectures from RailsConf 2008. I have been doing that over the last few days, and have a few to recommend to other RailsConf-challenged fans.