I guess I hadn’t realised, but Ruby is the language, and Rails is the web development framework for it. And boy does it work well. More on that later.

Installation was a bit of a bugger, and I couldn’t get the default installation (which I got here to talk to mySQL at first. The tutorial I was following was Rolling with Ruby on Rails, but I found I had to install the Ruby/MySQL API instead of whatever was installed by default. After that, the tutorial all worked fine.

It’s a good tutorial, so I won’t go through all that - instead I’ll write my impressions.

Okay, so Rails makes you use MVC (Model View Controller) as a design paradigm, but that’s no bad thing - I am a BIG fan of MVC. The Model part is really neat - Rails uses reflectance to define itself; that is, it looks at the database and defines the model based on the definitions it finds within. Clever, and simple.

The view - well, it does what it says. It’s quite nice - you can have templates, the views can have loops or call ‘helpers’. Works well. Plenty of functions for generation of links - and I love the automatic pagination. One line to do pagination - fantastic.

What impressed me the most was the main point of Rails, I guess - you have to do very little to get something that works up and running (which you can then develop upon), and it takes very little code. I mean, during that demo, you get a website that lists recipies, with all the create/delete/update/select actions in a total of 11 line of code, in which you wrote 1.

That’s a lot of bang per buck. I could be tempted off PHP by that.

So, the short of it - not played with Ruby itself so much, but it seems a fairly nice language. Typical one, you know. But Rails - very impressed, I can think of projects that would benefit from this. I expect it will become more popular (much more) though perhaps not amongst some of the PHP crowd, as MVC requires a certain degree of abstract though. If you’re a web developer, you probably want to take a look…

He gets one thing right - I’ll give him that. Most developers don’t have an adequate idea of what security entails, and training in this is, at best, extremely rare. There should be more of that, both at university and in the job - attacks evolve, after all.

But making developers responsible? When they don’t have the authority to control the product? Management choose what features are ‘in’ or ‘out’, project times scales, budget, etc.. I’d love to produce better code, but my boss will reject my ‘It’ll take twice as long and be 3 times as expensive’ - and rightly so.

Why rightly? ‘Cos it wouldn’t sell. Many customers want a lot for very little money, and there is not such thing as a free lunch. If you buy a Ford Fiesta, you get a Ford Fiesta, not a Ferrari. We could write more secure products, but they wouldn’t sell. Customers almost invariably go for the cheapest option.

I like the comparison between software and the aerospace industry. Computers crash - we wish they didn’t by they do. Airplanes don’t (well, not often, statistically speaking. I mean, how many times has your PC crashed, and how many times have you been in a plane crash?) The difference is that designing, building and testing planes is a slow, detailed, heavily documented process that is, therefore, very expensive. People are willing to pay that as a plane that doesn’t work is, well, a bad thing. A visibly bad thing. Bad software isn’t usually such a bad thing, and it’s unlikely to be so visible.

Anyway, back to the point - I’m not the one who sets a ridiculous deadline in the first place. I’m not the one who reduces our budget. I’m not the one who decides to skip some testing to meet a deadline. I’m not the one who expects a developer to be able to design, implement and test a system, which really are 3 seperate roles (although where I work, at least we don’t test our own stuff). And if they are 3 roles, who’s fault is a security hole - the designer (who designed it in), the developer (who wrote it) or the tester (who didn’t find it in testing)? Or even the manager, who stuffed it all up with an infeasible deadline in the first place?

Finally, a developer can only have ownership of his part of a solution. You could have hundreds of coders working on a project, and those lines will become blurry. Perhaps the issue lies in how two bits of code work together - that in isolation they work fine, but when talking together their interface has been interpretted differently.

I’ll accept personal liability when I 1) have total control of the project and 2) earn 3 times what I get at the moment.

Anyway, I’m not going to get too worked up. It turns out “Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters.” ‘Nuff said