Re: The Trouble with Ruby
I like Ruby but I don’t see it becoming a mainstream language soon. The biggest strength of Ruby–the OO nature of the language and some of its cooler constructs–are its greatest weakness. Consider continuations, for example. How many people in the world would know how to implement something with continuations without screwing up?
By definition, the vast majority of developers out there have average skills. They need tools and programming models that are safe more than they are powerful. We learned this in spades at Allaire. ColdFusion became one of the most widely used Web development platforms because it created a rubber room where hackers, non-professional programmers and many others could build apps without the thinking too hard. Were they the best architected, most scalable apps? Absolutely not. But they came out quickly and they worked. (Hey, MySpace was built on ColdFusion initially and it served them well.)
Sim is one of the smartest guys I have met but I have to disagree with this post. He seems to think he is talking about danger vs. safety but I think he is actually talking about having a shallow learning curve.
Continuations are not dangerous
Continuations are so hard to understand and use that average programmers don’t even try to use them. Even if they do try, they’re extremely unlikely to stumble upon a dangerous solution, that is, one that looks right but is subtly and perniciously wrong. Go ahead, try it; if you’re an average programmer, or even a pretty good one of the C++/Java/VB persuasion, take a look at this and this and then try to picture where and how you would use them. And then, ask yourself if you actually would.
(Contrast that to a really dangerous feature, like C macros. They look seductively simple, but the pitfalls are legion, just waiting for the right conditions.)
ColdFusion is not a rubber room
In fact, ColdFusion has a few pitfalls of its own. ColdFusion was groundbreakingly innovative in its heyday, and continues to be (IMO) the single easiest way for web designers to wade into the programming pool. But that is different than being “safe” or a “rubber room”, which implies that it’s hard for users to hurt themselves. For example, the following three snippets all look like canonical examples of CFML (circa 1998, at least–I haven’t kept up) to the casual eye, but they are all actually showstopping bugs:
<!--- SQL injection vulnerability! --->
INSERT INTO users (email, password)
VALUES '#url.email#', '#url.password#'
<!--- XSS vulnerability! --->
<!--- Failure to use CFLOCK, causes crashes in CF5! --->
<cfset session.hitCount = session.hitCount + 1>
You can get things working in CF without thinking too hard. To get them working right, you have to think about as hard as you do with any other half-decent language*–you just might not know it.
* not including languages that lack automatic memory management
Filed under: Programming, Ruby | 9 Comments