Hi. I have a slightly strange request. I''ve 90% sold my boss on RoR, but he wants to see what negative things people are saying about it (especially on issues of performance and security, and also usage numbers and the fear of it disapearing in two years) before we bite the bullet. Problem is, I''ve looked, and I can''t find any negative press, bar a few grumpy java developers saying "what''s the fuss?". Does anyone know of any serious issues regarding performance or security, and has anyone seen any seriously negative press? Thanks _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Robbie Carlton wrote:> Hi. I have a slightly strange request. I''ve 90% sold my boss on RoR, but > he wants to see what negative things people are saying about it > (especially on issues of performance and security, and also usage > numbers and the fear of it disapearing in two years) before we bite the > bullet. > Problem is, I''ve looked, and I can''t find any negative press, bar a few > grumpy java developers saying "what''s the fuss?". > Does anyone know of any serious issues regarding performance or > security, and has anyone seen any seriously negative press?I know this isn''t very helpful but I think these are the wrong questions to be asking. Performance and security are more to do with your implementation of the application, than of Rails itself. You can write slow and insecure applications in any language, Ruby being just one of them. Your manager probably doesn''t undertand that distinction though. Sorry, bit of a cop-out there ;) The thing about both of these is that, because Rails is really quick to get something going, you''ll know pretty soon whether you''re going to have a problem; something implemented in Java might take alot longer before you can gather that information. Maybe what you should (also) be asking is what are the outstanding issues that people have? For instance, are there specific problems that people have with the hosting environment you (might) plan to use that haven''t been solved? This, to me, would show that you have seen the negative side of Rails and, possibly, you know where to look for solutions should you hit it (it''s still a negative, but it might not necessarily be a show stopper). Rails certainly isn''t suited to a legacy DB schema that isn''t already in the Rails way of doing things. There are some limitations mentioned on Dave Thomas'' blog[1], in the context of how to make the decision of whether to use Rails. I can''t offer any negative press other than the stuff you probably have already read because I don''t think I''ve seen any either. Matt [1] http://blogs.pragprog.com/cgi-bin/pragdave.cgi/Tech/Ruby/IsRailsReadyForPrimeTime.html
> Does anyone know of any serious issues regarding performance or security, > and has anyone seen any seriously negative press?It''s unlikely that you''ll find a whole lot of negative press about performance and security since those elements have a lot less to do with your framework and a lot more to do with your tech stack and programmer profiency. That''s not to say that Rails doesn''t have limitations. Dave Thomas put a list up at http://blogs.pragprog.com/cgi-bin/pragdave.cgi/Tech/Ruby/IsRailsReadyForPrimeTime.html that includes the (current) lack of two-phase commit, hostility towards crazy legacy scemas, and pushback from developers (seems like you got that one covered, though). And I''m sure that we''ll start seeing a lot more bad press within 3-6 months. It''s inevitable that when something hits a high point of enthusiam and excitement that serious detractors will emerge. Of course, the appearance of serious pushback will also be one of the best harbringers of mainstream adoption. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework
On Sep 12, 2005, at 2:48 AM, Robbie Carlton wrote:> Does anyone know of any serious issues regarding performance or > security,There are some things that the framework encourages to make it easy that''s fine for smaller scale applications but maybe not so much for higher traffic applications; but it''s not anything a careful and experienced developer can''t avoid. (Or that you could run into with the other frameworks as well anyway). What kind of application are you going to write? Much traffic are you expecting? - ask -- http://askask.com/ - http://develooper.com/
On Sep 12, 2005, at 2:48 AM, Robbie Carlton wrote:> Hi. I have a slightly strange request. I''ve 90% sold my boss on > RoR, but he wants to see what negative things people are saying > about it (especially on issues of performance and security, and > also usage numbers and the fear of it disapearing in two years) > before we bite the bullet. > Problem is, I''ve looked, and I can''t find any negative press, bar a > few grumpy java developers saying "what''s the fuss?". > Does anyone know of any serious issues regarding performance or > security, and has anyone seen any seriously negative press? > ThanksHi Robbie, First, issues regarding security in the context of Rails *itself* is a bit silly. It''s a framework. It doesn''t throw any particular security model at you. What you need to look at are what the security needs *you* will have, specifically, and see what Rails and Ruby itself can do to address those needs. "Security" is far to nebulous of a term to use. Don''t. Next, don''t confuse performance versus scalability. Performance is something that you address by optimizing. But you''re building web applications with Rails, do you really care about shaving that last tenth of a second off that method? Probably not. What you really (ought to) care about is... Scalability. Serving up as many pages per second as you can. The thing you get by throwing more hardware at it. Since Rails (w/ FastCGI) can follow the same "share nothing" model as other sites have done, it can scale in a similar fashion. Don''t look at Rails specifically to see how it scales, look at similar deployments that *have* (or have not and told the tale) scaled. While they may not provide absolute measurements, they should provide an approximate assessment of what you can achieve. When you have no direct comparisons, compare against frameworks/deployments with the same architecture for clues. This (scalability) horse has been beaten and buried many times over. Google turns up many, many discussions about "ruby rails scalability" Try http://www.loudthinking.com/arc/000479.html for instance. Now, given a different way to approach these questions you should be able to dig up mounds of discussions talking about the negative points of this architecture to scale. As for security... well you need to refine your questions to something very specific (Can we implement an ACL system? Can we authenticate via Kerberos? Is there a Ruby SSH library? Can we sandbox some portion of code? etc) Also understand that some of these may not be Rails questions, but general Ruby questions (actually all of those were). As for the fear of Rails disappearing in 2 years... pick your favorite "dead" language or framework. Google. Sit in amazement as you find people are still out there using it years/decades after its supposed death. Ruby has been around for 10 years now, it''s not going anywhere anytime soon. I doubt Rails will disappear overnight either, it looks like its just getting warmed up (which is why you''re here wanting to sell your boss on Rails in the first place right? Have some confidence). -- Michael Schubert <michael-CIUEQDs/xG9fq8cQ1yknNg@public.gmane.org> Maintaining badly written code is like trying to solve a crossword puzzle set by someone who can''t spell -- Jacob Kaplan-Moss
I would say, from a business standpoint, the biggest downfall to RoR is developer resources -- not nearly as many developers have experience in RoR as other dynamic web environments. Those that do have experience probably have little "real world" exposure. As far as technical downfalls, that''s very subjective and it is impossible to argue without getting into discussions about underlying OS / server process / etc. .NET offers a very nice developer paradigm -- but it sits on Windows. That could be good or bad, depending upon who you ask and several other factors. Same argument could be made for RoR and Linux. It just depends who you ask. Also, a lot of "web developers" I have met tend to be more seat-of-your-pants programmers than would be acceptable on any other kind of application development. RoR makes it *really* easy to generate content quickly -- and it can also be easy to shoot yourself in your foot as your site grows. One tends to need to know a lot about various aspects of how not only Rails and Ruby works, but how the server process hosting them does, how the db does, etc. In short, there''s nothing necessarily "worse" about RoR than Java, ASP, JSP, PHP, etc -- the most expensive cost in about any project is developer time. A RoR project will succeed if a) there is at least one stubborn dev who will not rest until that last "funky" bug is fixed and b) *all* devs involved do things "the ruby way", instead of how they are accustomed. Working in RoR is significantly easier than any other web technology -- if you have the right mindset. On 9/12/05, Michael Schubert <michael-CIUEQDs/xG9fq8cQ1yknNg@public.gmane.org> wrote:> > > On Sep 12, 2005, at 2:48 AM, Robbie Carlton wrote: > > > Hi. I have a slightly strange request. I''ve 90% sold my boss on > > RoR, but he wants to see what negative things people are saying > > about it (especially on issues of performance and security, and > > also usage numbers and the fear of it disapearing in two years) > > before we bite the bullet. > > Problem is, I''ve looked, and I can''t find any negative press, bar a > > few grumpy java developers saying "what''s the fuss?". > > Does anyone know of any serious issues regarding performance or > > security, and has anyone seen any seriously negative press? > > Thanks > > Hi Robbie, > > First, issues regarding security in the context of Rails *itself* is > a bit silly. It''s a framework. It doesn''t throw any particular > security model at you. What you need to look at are what the security > needs *you* will have, specifically, and see what Rails and Ruby > itself can do to address those needs. "Security" is far to nebulous > of a term to use. Don''t. > > Next, don''t confuse performance versus scalability. Performance is > something that you address by optimizing. But you''re building web > applications with Rails, do you really care about shaving that last > tenth of a second off that method? Probably not. What you really > (ought to) care about is... > > Scalability. Serving up as many pages per second as you can. The > thing you get by throwing more hardware at it. Since Rails (w/ > FastCGI) can follow the same "share nothing" model as other sites > have done, it can scale in a similar fashion. Don''t look at Rails > specifically to see how it scales, look at similar deployments that > *have* (or have not and told the tale) scaled. While they may not > provide absolute measurements, they should provide an approximate > assessment of what you can achieve. When you have no direct > comparisons, compare against frameworks/deployments with the same > architecture for clues. > > This (scalability) horse has been beaten and buried many times over. > Google turns up many, many discussions about "ruby rails scalability" > > Try http://www.loudthinking.com/arc/000479.html for instance. > > Now, given a different way to approach these questions you should be > able to dig up mounds of discussions talking about the negative > points of this architecture to scale. > > As for security... well you need to refine your questions to > something very specific (Can we implement an ACL system? Can we > authenticate via Kerberos? Is there a Ruby SSH library? Can we > sandbox some portion of code? etc) Also understand that some of these > may not be Rails questions, but general Ruby questions (actually all > of those were). > > As for the fear of Rails disappearing in 2 years... pick your > favorite "dead" language or framework. Google. Sit in amazement as > you find people are still out there using it years/decades after its > supposed death. Ruby has been around for 10 years now, it''s not going > anywhere anytime soon. I doubt Rails will disappear overnight either, > it looks like its just getting warmed up (which is why you''re here > wanting to sell your boss on Rails in the first place right? Have > some confidence). > > -- > Michael Schubert <michael-CIUEQDs/xG9fq8cQ1yknNg@public.gmane.org> > > Maintaining badly written code is like trying to solve a crossword > puzzle set by someone who can''t spell -- Jacob Kaplan-Moss > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Brock Weaver brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org /* you are not expected to understand this */ _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 12/09/05, Brock Weaver <brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> As far as technical downfalls, that''s very subjective and it is impossible > to argue without getting into discussions about underlying OS / server > process / etc. .NET offers a very nice developer paradigm -- but it sits on > Windows. That could be good or bad, depending upon who you ask and several > other factors. Same argument could be made for RoR and Linux. It just > depends who you ask.Not really a good analogy - .NET is M$ only, whereas Ruby runs on nearly everything. -- Rasputin :: Jack of All Trades - Master of Nuns
On 9/12/05, Brock Weaver <brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I would say, from a business standpoint, the biggest downfall to RoR is > developer resources -- not nearly as many developers have experience in RoR > as other dynamic web environments. Those that do have experience probably > have little "real world" exposure.That being said, if your company is willing to hire individuals working from a remote location I don''t think there''s any problem finding developers. In fact, I know there''s quite a few smart people looking for RoR jobs, and for these early adopters it''s a passion of love, meaning you get higher quality work. Ben
Dick Davies wrote:> On 12/09/05, Brock Weaver <brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > >> As far as technical downfalls, that''s very subjective and it is impossible >>to argue without getting into discussions about underlying OS / server >>process / etc. .NET offers a very nice developer paradigm -- but it sits on >>Windows. That could be good or bad, depending upon who you ask and several >>other factors. Same argument could be made for RoR and Linux. It just >>depends who you ask. > > > Not really a good analogy - .NET is M$ only, whereas Ruby runs on > nearly everything.I think that would be one of those ''several other factors''. Sometimes only one platform matters at all - the one that''s already installed. It''s a very instructive comparison to make when you have to take into consideration the entire environment - developer tools, server technology, licencing costs, and so on. It''s very Microsoft for management to be able to tick one box and have a productive workflow system, whereas, in common with many OSS systems, Rails implies that the developer (or their manager) has to sort out the integration of the whole development environment themselves. For someone who''s spent the past 10 years developing in emacs, say, what do you think the time invested in tweaking their environment to *just* the way they like it is worth? Is it worth more or less to a manager to be able to flick a switch, and have a fully integrated homogenous toolchain available to their entire staff? -- Alex
I was just trying to point out that .NET (C# specifically), like Ruby, is a good language. The downfall (in my eyes) of .NET is not in the language itself, but its primary dependency, Windows. Yes I know about Mono and everything, but that is just a stop-gap effort. A lot of times, decisions are made that determine which technologies to use -- but the technologies themselves do not drive the decision. That is, a manager may choose .NET over RoR simply because they have a Windows server already, or all their developers are familiar with .NET. They could care less about the beauty of Ruby or Rails. It''s all about money at the end of the day. It''s like that old saying "Nobody has ever been fired for choosing IBM". Well, that somewhat holds true for Microsoft in small businesses these days. Choosing RoR right now is somewhat of a gamble -- it is still a relatively young framework. But the benefits can be immense in terms of development time and time-to-market. But to explain how these benefits can be reaped with technology X instead of technology Y to a manager in terms s/he will be able to comprehend may prove to be insurmountable, depending on the manager. On 9/12/05, Dick Davies <rasputnik-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > On 12/09/05, Brock Weaver <brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > As far as technical downfalls, that''s very subjective and it is > impossible > > to argue without getting into discussions about underlying OS / server > > process / etc. .NET offers a very nice developer paradigm -- but it sits > on > > Windows. That could be good or bad, depending upon who you ask and > several > > other factors. Same argument could be made for RoR and Linux. It just > > depends who you ask. > > Not really a good analogy - .NET is M$ only, whereas Ruby runs on > nearly everything. > > -- > Rasputin :: Jack of All Trades - Master of Nuns > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Brock Weaver brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org /* you are not expected to understand this */ _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Brock Weaver <brockweaver-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:> I would say, from a business standpoint, the biggest downfall to RoR is > developer resources -- not nearly as many developers have experience in RoR > as other dynamic web environments. Those that do have experience probably > have little "real world" exposure.I don''t think this is true. I think there are lots of RoR developers available (I''m one of them). Besides that, I think any competent programmer can pick up RoR pretty fast (like one month of full time development would put you in "highly productive" mode). I think it''s BS to say it''s easier to get PHP or Java developers. Languages are fairly easy to learn. What''s hard to learn is the framework itself. How long does it take a Java programmer to learn Hibernate? A pretty good while. How long does it take a C programmer to learn Java? A few weeks. My point is that developers shouldn''t be afraid of learning new languages (and most aren''t). It''s really managers who are afraid of new languages; and they shouldn''t be.> Also, a lot of "web developers" I have met tend to be more > seat-of-your-pants programmers than would be acceptable on any other kind of > application development. RoR makes it *really* easy to generate content > quickly -- and it can also be easy to shoot yourself in your foot as your > site grows. One tends to need to know a lot about various aspects of how not > only Rails and Ruby works, but how the server process hosting them does, how > the db does, etc.This is subjective hand-waving. I haven''t found anything in Rails that makes it "easy to shoot yourself in your foot". Certainly not like PHP. There''s a language that encourages bad practices. If anything, Rails encourages more good practices than any other environment I''ve worked in. As far as the environment goes. Sure, someone has to know how to setup Apache, mod_proxy, lighttpd, fast cgi, scgi, whatever. That''s not much different than having someone who needs to setup Tomcat or JBoss. As a developer in my day to day tasks, I could care less. It''s only when I go to migrate to a new server do I worry about that stuff (because I''m also the sys admin).> In short, there''s nothing necessarily "worse" about RoR than Java, > ASP, JSP, PHP, etc -- the most expensive cost in about any project > is developer time. A RoR project will succeed if a) there is at > least one stubborn dev who will not rest until that last "funky" bug > is fixed and b) *all* devs involved do things "the ruby way", > instead of how they are accustomed. Working in RoR is significantly > easier than any other web technology -- if you have the right > mindset.I''d say a Rails project''s success is more dependent on how stubborn developers are about writing tests and how much liberty they have with the database scheme. I''ve not found Rails to be prone to lurking bugs. Really, it''s just a matter of writing good tests. Many developers think, "Testing? That''s what I do with a web browser to make sure my layout is right." They need to start thinking, "Testing is what I do to my models and my controller to verify my logic is right." -- Doug Alcorn - http://lathi.net/RubyOnRailsDeveloper doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org