[ale] semi [OT] making learning ruby programming fun?

Scott Plante splante at insightsys.com
Tue Mar 26 15:59:02 EDT 2013


There are probably some good reasons not to pick Java as the modern language you want to learn, but "security problems" is not one of them. There have been several security holes found lately, but they relate to running un-trusted Java in the browser. Almost all the Java jobs revolve around writing Java on the server, and practically all the rest are Java applications on the desktop or as a trusted applet or browser-launched application. 


It's a very hard problem to allow random, un-trusted code to run on your computer and yet prevent it from doing any harm. It's a bit easier if you have an extremely limited language that doesn't do much anyway. They're constantly finding security holes in JavaScript, Flash, and ActiveX, too. That's not meant to be an excuse and vendors do try to fix holes as quickly as possible, with differing levels of competency . Also, these holes weren't in "Java" per se, but in the Oracle JVM. Some of them might also have been in, say, the IBM JVM or JRocket JVM since there is code sharing between projects. But they were probably not in Google's Dalvik JVM (since they don't do applets), even though for Android you write in the Java language (more or less). 


In a recent security contest, participants found holes inthe major browsers, including Chrome, Firefox, IE, Safari and Java and Win 7/8. Chrome OS did relatively well with only a "partial" exploit. It's not so much that Java is less secure than JavaScript, it's just that you can do general browsing these days without Java, but you can't do without JavaScript. 


But all these security holes, in a sense, exist in spades for PHP, C, C++, etc., because they're not even trying to limit what your code can do. In other words, if the OS allows your user to overwrite a file with a regular program (not an unsigned applet) written in Java, you can also overwrite that file with C, PHP, Ruby, Python, Perl, etc. But they're not security "holes" because the language (including Java) is making no guarantees in that case. But avoiding Java on the server-side because of unsigned applet security holes is like choosing a sedan for highway driving over a crossover, because the crossover gets stuck in the mud more than a Hummer. 


Scott 

----- Original Message -----

From: "Ron Frazier (ALE)" <atllinuxenthinfo at techstarship.com> 
To: "ALE" <ale at ale.org> 
Sent: Monday, March 25, 2013 10:39:11 AM 
Subject: [ale] semi [OT] making learning ruby programming fun? 

Hi all, 

As some of you know who've been following my prior threads, I've had a long time interest in learning a modern programming language. I've had difficulty putting the proper time into the studies, but I'm always genuinely interested in the information I learn here. Leam had convinced me that GO was a great language, and I believe it is. I was going to tackle that, but I have misgivings about its lack of popularity in the market place. 

According to: 

http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html 

GO ranks between 51 and 100 in usage, and the percentage is so low it's not listed. So, like it or not, learning GO might be a skill few people want. I decided to defer that. 

Most recently, I decided to learn the specific language of the MetaTrader currency trading platform so I can build a tradebot. I am working on that slowly. Unless I get really good, it is unlikely someone will hire me for that. The objective would be for the tradebot to make money using my own account. 

So, I still have an interest in learning a general programming language. 

I'm interested in a modern garbage collected language, preferably multi paradigm, with safe I/O and system calls, that can be compiled, and that doesn't care about white space. 

See this comparison: 

http://en.wikipedia.org/wiki/Comparison_of_programming_languages 

I've chosen Ruby as my project language. 

According to the link posted above, the top 10 languages, and some of the reasons I've rejected some of them, are as follows. No offense is intended to anyone that programs in these languages. 

01) Java - security problems 

02) C - not modern garbage collected 

03) Objective C - Apple centric primarily 

04) C++ - not modern garbage collected 

05) C# - MS centric primarily 

------------ 

06) PHP - security problems 
per 
http://en.wikipedia.org/wiki/Php 
"About 30% of all vulnerabilities listed on the National Vulnerability Database are linked to PHP." 

07) VB - MS centric 

08) Python - cares about white space 

09) Ruby - This is my choice. 

10) Perl - does not have safe I/O and system calls 
per 
http://en.wikipedia.org/wiki/Comparison_of_programming_languages 

------------- 

So, having said all that, I have some Ruby questions. 

A) I have the "PickAxe" book on Ruby 1.9 by Dave Thomas. Is that a good resource for learning, or do I need to upgrade to a Ruby 2.0 book now that version 2 is out? 

B) Does anyone have any experience compiling Ruby either through Rubinius or JRuby or otherwise? 

See http://patshaughnessy.net/2012/2/15/is-ruby-interpreted-or-compiled 

Finally, I've observed that reading one of these programming books is about as much fun as reading the US tax code. You get a thousand little examples of things like using for next loops to do a factorial. Now that's exciting. I've seen maybe 1 of 100 books, primarily from Deitel and Deitel or the Head First series, that make learning programming fun. They present you with real world applications, simplified, that are interesting. They let you get something you can interact with on the screen quickly and work on learning how it works and tweaking it. For example, a simulator of an ATM machine. An actual working realistic program. 

C) So, does ANYONE know of a Ruby book that would make learning the language FUN, or at least moderately interesting? 

As always, any help is appreciated. 

Sincerely, 

Ron 



-- 

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail. 
Please excuse my potential brevity if I'm typing on the touch screen. 

(PS - If you email me and don't get a quick response, you might want to 
call on the phone. I get about 300 emails per day from alternate energy 
mailing lists and such. I don't always see new email messages very quickly.) 

Ron Frazier 
770-205-9422 (O) Leave a message. 
linuxdude AT techstarship.com 


_______________________________________________ 
Ale mailing list 
Ale at ale.org 
http://mail.ale.org/mailman/listinfo/ale 
See JOBS, ANNOUNCE and SCHOOLS lists at 
http://mail.ale.org/mailman/listinfo 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130326/027f4aed/attachment.html>


More information about the Ale mailing list