Shanti’s Dispatches

Well, much has already been said about the recent Rails vulnerability and security patches.

My $.02 — it’s not about making mistakes — because who doesn’t? It’s about how you respond once you’ve realized a mistake has been made.

I don’t know enough of the full story to comment on the early “security by obscurity” policy as some are calling it.

As far as I understand how these things work, there’s usually a certain assessment period where people are encouraged to upgrade to a later version before the beans are spilled wide and far about what the security problem is exactly. That seems like what happened here, for the most part.

Microsoft vs. Rails - A Bad Comparison by Any Metric

If you want to see how long it takes a big corporation like Microsoft to respond to critical security bugs in their software, there’s a nice chart at this website and a pretty graph here.

Microsoft Patch Summary

In 2005, for example, there were 37 critical patches.

Avg. days from report to patch: 134
Avg. days from disclosure to patch: 46

134 days! Now, they are better with the more serious security vulnerabilities discovered. Those, it usually only takes them a few weeks. Again, apples and oranges (desktop software vs. web frameworks), but it gives you a sense of how open source communities deal with these things compared to Big Cos.

Just came across Starfish - by the guys who brought you mog.com.

About Starfish:

Lots of Rails apps are very simple CRUD mappings, which is something Rails excels at. But, as more and more large, complex sites go live with Rails, there is a demand for more complex ‘backend’ components in the system. Already we’ve got BackgrounDRB, which is great, but enter Starfish, which is a tool for complex distributed tasks made easy.

Read more at the #caboose.

Yay! Trying to decide now whether I should eventually get a new Mac Pro or MacBook Pro.

This is kind of annoying. I paid for a subscription to premium LinkedIn the other month.

As a programmer, I know it’s not that hard to add an extra little snippet of code to allow users to change (downgrade) their account plans.

This is what we do at SproutIt.com — it’s just good customer service.

LinkedIn forces you to email their customer service if you’d like to downgrade your plan. Of course, if you want to upgrade, that’s all completely automated.

Hopefully they won’t make me talk to a customer service rep like AOL does.

Update: It only took LinkedIn a few hours to respond to my request so I’ll let em slide on this one =)