If you are a ruby programmer or a sys admin that maintains ruby programs on your network you should be aware, if you are not already, of some serious vulnerbilities that have been found in ruby.

Drew Yao of Apple has reported 5 exploits that allow an attacker to execute arbitrary code.

ruby-lang.org

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.

The Ruby team have released patches for the 1.8 series (1.8.5 >) and the 1.9 series which should be implemented immediately.

The following issues are not likely to affect loyalty among the Ruby community, as expressed in the following comment on a blog covering this issue.

For the record… I love Ruby. I blame Drew!

Now the comment is obviously meant to be funny but most likely shows the true feelings of the community. They won’t let this deter them. They will just keep working to make Ruby better.

This may, however, have negative results on the preception of Enterprise level companies who, for the most part, haven’t embraced Ruby yet. Hopefuly this isn’t a setup back to furthering adoption outside the freelance community.

On another not Ruby may get a bit more exposure from an unlikely source. Microsoft is working on it’s implementation of Ruby, IronRuby, for the .Net CLR and making it compatible with their upcoming MVC framework. Could give Ruby some limelight in Enterprise companies that use .Net and give Ruby programmers a “foot in the door” so to speak.

Here is what I found interesting this week.

Exception handling best practices in ASP.NET web applications
Exception handling plays an important part of application management and user experience. If implemented correctly it can make maintenance easier and bring the user experience to a higher level. If not, it can be a disaster.

How many times have you seen the error message that doesn’t make any sense or at least provides some valuable information, or even better - how many times have you seen the famous error screen with exception message and a complete stack trace on yellow background? Too many times, I would say. This is why, among other things, some of my colleagues were very interested in exception handling techniques and best practices.

Did Rails Sink Twitter?
Twitter is arguably the most heavily used Ruby on Rails application in the world. Almost since its inception, Twitter has fostered a wildly passionate cult following. Also from the beginning, Twitter has suffered from chronic outages under that load.

In the past month, record downtime has prompted fresh outcry within its ever-growing user base. This, along with increased attention from mainstream media has forced Twitter to publicly acknowledge these issues, and to reveal a few details about the source of these problems.

ASP.NET MVC Design Philosophy
This week the first preview of the ASP.NET MVC framework was released to the web as part of the ASP.NET 3.5 Extensions CTP Preview. It’s been a few months since we started coding and as the lead developer on the project I’d like to share my thoughts on the design of this framework. This isn’t a post about why MVC is great. Instead, it’s a post about what we did to make MVC happen in ASP.NET.

Using ASP.NET MVC With Visual Web Developer Express
Some developers who downloaded the ASP.NET Extensions CTP specifically for ASP.NET MVC and then opened up Visual Web Developer like it was Christmas morning instead got a lump of coal.

We currently only include Web Application Projects for ASP.NET MVC, which Visual Web Developer does not support. I was planning to write up a post on this, but Scott Koon beat me to it.

And thank goodness! I’m busy enough as it is already. It’s all part of my master plan to have members of the community doing my job for me so we can finally take that trip to Tahiti and sip margaritas while I tell my bosses I’m “telecommuting”. Seriously though, I appreciate it.

Rails 2.0.1 Released!
While the SitePoint crew were busy sunning themselves by the pool on our annual Xmas trip, the Rails core team packaged up version 2.0 of the Ruby on Rails framework and released it on the world. I expect the team probably had a fairly stressful weekend putting out a few fires (understandable given this is a major release). The result of their hard work is that, after only a couple of days, version 2.0.1 is already upon us.

If you’re using Ruby Gems, update your Rails install by typing:

gem install rails --include-dependencies

Why MVC Has Me Concerned
Everyone is talking about the new MVC framework that will be released in the coming weeks as a CTP, and so far everyone is very pumped about the way it will revolutionize web application development…how it will allow us to utilize testing tools, TDD, etc. It’s always mentioned with reverence and joy.

Well, hello: my name is Killjoy…

ASP.NET MVC Framework is almost here
Tutorials and previous are already posted on the web, As always Scott Guthrie is the first person to provide with an complete overlook of the new framework.

Mozilla Announces Screaming, Iron, Action Monkeys - Tamarin in IE
Brendan Eich always delivers on a great keynote, and to conclude the opening day of the show, he had some announcements up his sleeve.

Mozilla has three monkey’s up their sleeve:

IronRuby in WinForms
The Ruby in Steel guys seem to be applying the knowledge of Ruby and .NET gained through building a Ruby editor for Visual Studio and their Ruby connector project to bring IronRuby to WinForms development…

MVC, REST, and the Alternative ASP.NET Framework
You can read about REST in a PhD thesis, but I think Tonic captures the essence of a RESTful architectural style from the perspective of a web application developer:

* Everything useful is a resource, not a file, not a CGI script, a resource, an abstract concept of something useful that the client wants to grab hold of.
* Resources are located by URLs, URLs are cheap and form the universal addressing system of the Web.
* Clients can issue a standard number of HTTP methods upon an infinite number of resources and receive something useful in return.
* Representations of resources are sent back to the client, a representation is just a way of turning the abstract concept of a resource into something more concrete, like a HTML page or a XML file. One resource can have many different representations.

ASP.Net MVC Framework an early look
As many of you already know Microsoft is working on a MVC Framework for ASP.Net. MVC stands for “Model View Controller”. The Model View Controller is a design pattern and the idea is to separate business logic from the View (The View is the page that will display content, for example an .aspx page). The MVC in general maintain a clean separation of concerns, it will be easier to test business logic because it’s separated from the View and the View will not have any knowledge of the underlying model. Today when we build ASP.Net applications we have a code-behind which is a partial class of the “View”. With the code-behind model we can’t easy use Test Driven Development (TDD) or unit-test, at least is not easy. We can use the MVP (Model View Presenter), but that require us to write some extra code. With the MVC Framework it will be much easier to apply TDD…

I found a nice article explaining how to ensure that the newest version of your javascript or css is always loaded and not using old cached versions. The example shows how to accomplish this in ASP.Net but this technique can easily be applied to any server side code.

<script type=”text/JavaScript ” src=”FileName.js?v=<%=AssemblyVersionNumber()%>”>

The attribute does nothing other than trick the browser into thinking that the .js file must be retrieved from server for new version instead of cached .

ScottGu’s blog announced the “pre-alpha” release of IronRuby, a .Net implementation of the popular RUby language. IronRuby appears, although early on and no benchmarks have yet been done, to address some of the speed concerns that plague Ruby and have been a growing concern for sites such as Twitter.

Today we are making available the first public drop of our IronRuby implementation. You can learn more about how to download the source, build it, and try it out from John Lam’s blog post here.

Today’s IronRuby drop is still a very early version, and several language features and most libraries aren’t implemented yet (that is why we are calling it a “pre-alpha” release). It does, though, have much of the core language support implemented, and can also now use standard .NET types and APIs.

Today we are making available the first public drop of our IronRuby implementation. You can learn more about how to download the source, build it, and try it out from John Lam’s blog post here.

Today’s IronRuby drop is still a very early version, and several language features and most libraries aren’t implemented yet (that is why we are calling it a “pre-alpha” release). It does, though, have much of the core language support implemented, and can also now use standard .NET types and APIs.

IronRuby has been architected to take advantage of a new DLR feature we call “Dynamic Sites” - which delivers a fast adaptive call-site method caching implementation. It also uses the lightweight-code generation features of the CLR. Lightweight code generation enables dynamic language implementations to create in-memory IL that is then JIT’d into native code at runtime (without ever having to save anything to disk). This can yield much better runtime performance than interpreted code, and the lightweight codegen feature ensures that once we are finished with the JIT’d code we can optionally garbage collect it to avoid leaking.

We are releasing today’s drop mainly for developers interested in language implementations to start looking at the IronRuby source code, and learn how it was implemented. Developers interested in playing with an early version of Ruby for .NET can also download it and give it a spin.