Maintainability
In software testing, based on the definition given in ISO 9126, maintainability is the ease with which a software product can be modified in order to:
- correct defects
- meet new requirements
- make future maintenance easier, or
- cope with a changed environment
It is quite clear that if languages lack certain features, it can push back maintainability while the languages that have certain features make it very easy to maintain it. When I say “certain features," I am talking about full error messages, namespaces, encapsulation, abstraction and code re-usability, operator overloading, macros, etc. Among these are the Object-Oriented characteristics of any OO-language. My point is, the programmers have a responsibility for their own actions, and we should not compare apples with oranges. I will share a very common example, which I agree with, that I came across while reading a few articles on O'Reilly Network which was on responsibility for an un-maintainable code of Java. It stated, "If a team of Perl programmers refuse to use lexical variables, making all of their subroutines work on global variables, is that the fault of Perl for allowing global variables? If a team of Java programmers re-invents leap-year checking code badly and gets it wrong for century years, is that the fault of Java?"
I don't need to comment at all. It is quite obvious that programmers should take responsibility for their own actions.
Maintainability is where Ruby wins.
Open source and lack of big company backing
Yes, Ruby is open sourced, and maybe it lacked support of big companies in the past. Things never remain the same and backing from the larger companies for a product does mean that the product is going to be maintained in a way that provides inherent business value. It would be like expecting good business from the son of a good business man, who may or may not be productive enough to follow in the footsteps laid down by his father. Again, the point is that we have all seen cases where companies continue to 'maintain' a piece of software or a platform in a way that is not much more than lip service. They will be there with a tech support line to call, and an e-mail address to e-mail, but that does not mean that they will actually be helpful.
Further, we can look at the recent momentum of Rails, and see that there are a lot of developers involved in its evolution to version 2.0. The increased growth rate in developers of Rails shows that the amount of support for this application is increasing and not decreasing. This gives developers the ability to ask for help from a variety of sources that are free and, often times, willing to help. I have found some very helpful material regarding the new features in Ruby and their effects as tested by Antonio Cangiano in his article, "The Great Ruby Shootout."
Fly-by-night potential
Flexibility is one of core features of Ruby which has provided it a fly-by-night potential. It is flexible enough to write a quick three-line script and also to power a larger script of thousands of lines. Ruby has great impact on productivity as its multitude of features inherent to Rails framework proved to be beneficial for all web applications. Convention over Configuration, or CoC helps to use convention to avoid possible configuration which results in time saving and enhanced productivity. The reason is that usually Ruby has to provide configuration. This would result in saving developers from writing lines of codes which does not need to be written and to avoid the headache that comes from starting from scratch.
There is always the effect of inertia in technology, but think of this as a differentiator.
- There are a lot practical reasons that make Rails a great platform. It is not likely to go away soon.
- Open-source ensures that you have the control you need to have.
- CoC specifies the unconventional aspects of software, resulting in time saving and the overhead of writing lines and lines of code.
- DRY (Don't Repeat Yourself) requires that information be placed in a single reference point and unambiguous location to avoid hidden errors.
Rails acceptance is already being witnessed in large companies such as IBM, Microsoft, Apple and Sun Microsystems. Sun Microsystems supports a project called JRuby. Apple Computer has announced that Ruby on Rails will be included in the next release of its flagship operating system, OS X 10.5 (Leopard). Even Microsoft has included Ruby support in its newest rich-internet framework, Silverlight.
Ruby on Rails Security
Session management
Cookie Session Storage Security implications are as follows:
- The user can view the session data in plain text
- The HMAC can be brute-forced and arbitrary session data could be created
- Replay attacks are easier as you cannot flush the client-side session
Countermeasures
- Don’t store important data in the session!
- Use a strong password, Rails already forces at least 30 characters
- Invalidate sessions after a certain time on the server side… or just switch to another session storage
Rails has many security features enabled by default.
- SQL injection protection by quoting 'quote()'
- HTML sanitization
- Java Script hijacking prevention.
- CSRF (Cross Site Request Forgery) protection is very useful. All forms generated in Rails will supply a session token which will be, by default, checked by Rails in all POST requests.
Adding security in Rails is easy and not a pain like in many other frameworks. It has safety and security features. Ruby borrows Perl's concept of tainting and allows different levels of control (levels of paranoia?) by means of the $SAFE variable. This is especially good for CGI programs that people will try to subvert in order to crack the web server.
Whats Next with Rails? Updates for Rails 2.1
Interested in knowing what is coming next in Rails? In a review posted by David April it seems that Rails 2.1 is not very far off. There has been a lot of improvements added in its latest release. A few of them are listed here:
An application's scalability, performance, maintainability and professional support - which is very big in the case of Ruby on Rails as it is open source and there are communities working for further enhancements - is valued by enterprise's top level IT management. Programmer productivity is also on the priority list, as is the list of other users. Owners of IT value fast, comprehensive solutions to problems and to improve customer service.
I would like to ask you to discuss whether or not Rails is ready for enterprise. Are there any points that I skipped? Anything that you agree or disagree with? Please feel free to leave any comments or questions that you might have.
References:
TIOBE Programming Community
http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
Ruby Investment News
http://www.infoq.com/news/2008/01/engine-yard-gets-three-five
http://www.infoq.com/articles/netbeans-rubyide1
Bradley Jones is an Executive Editor focusing on Software Development topics for Jupiter Media. He has been recognized in the industry as a Microsoft MVP and as a bestselling author. His books include Sams Teach Yourself the C# Language in 21 Days, Teach Yourself C++ in 21 Days, and the upcoming Vista Bible Desktop Edition.
Maik Schmidt
http://www.linuxjournal.com/user/801619
http://www.linuxjournal.com/article/8969
Benchmark is responsible for early stage funding of some very successful startups such as eBay, Linden Labs, Yelp and Zillow. The move strikes confidence into the hearts of Ruby fans everywhere.
Timothy M. O'Brien
http://www.oreillynet.com/mt/mt-comments.cgi?__mode=red;id=433196
Zed A. Shaw is a professional software developer who’s been writing software for close to 13 years in industries ranging from government, academics and commercial software and on applications ranging from security products to network protocols and web applications. He’s also dabbled in system administration, product development, usability engineering, and customer service. In his spare time he likes to write biographies so people think he’s super cool.
Pat Eyler is an Infrastructure Engineer for the LDS Church by profession, a Ruby geek by choice, and a writer by night. He enjoys reading, cooking, spending time with his family, and helping to build the Ruby community.
Jonathan Siegel is the founder of ELC Technologies, which is believed to have the world’s biggest team of developers for Ruby on rails.
Antonio Cangiano works as a Software Engineer & Technical Evangelist at IBM, please see http://antoniocangiano.com/author/Antonio%20Cangiano/
For detailed information, refer to article by Antonio Cangiano named "The Great Ruby Shootout"
Davil April has an article posted on RubyonRails.com named "A taste of what's coming in Rails 2.1"; please refer to http://weblog.rubyonrails.com/2008/4/1/a-taste-of-what-s-coming-in-rails-2-1
Tim O'Brien wrote "Bringing Rails to Enterprise" http://www.oreillynet.com/ruby/blog/2007/01/bringing_rails_to_the_enterpri_1.html
RSS