I had a good idea for an open source browser plugin I think:

- It has a list of financially sensitive websites (banks, bitcoin exchanges, betting sites etc). Basically anything that would cause significant harm if you were phished
- When you access website x, it compares key parts of it with the index of the authentic versions of these key websites. You can probably prune this quickly by looking at domain name similarity before doing a broader search.
- If any of these key parts match it shows a warning.

Key parts of the website could include:

- Logos (if website x has a 90% similar logo to Barclays.com something's up!) You can look at palettes, typeface, size etc
- Lexicons of the websites
- Layouts of websites
- Exact text matching (check specific paragraphs or just header tags)
- Image similarity

Some of those might not work, just ideas. The checking could be done in real time or from a stored library of some description.

It's not meant to act as a vote of confidence when it doesn't show a flag, but rather a warning system if key parts of website x match authentic websites. It certainly wouldn't be fool proof, but would make phishers jobs a lot harder and save some people I'm sure as well as building awareness in the process. And if it forces phishing sites to circumvent this plugin it at least prevents them from create 100% authentic duplicates.

Dumb idea? Or has legs?

Interesting, I definitely found myself fairly sympathetic to the contractors. Maybe its because I've worked for Government contracts like this.

One of the root problems *is* the speccing system the Government requires. For example, the issue isn't so much that there was only 2 weeks for end-to-end tests before going live - its that there's a stage called end-to-end testing that doesn't start until everything else is 'done'.

If you're going to tie people's hands and make them jump through a bunch of hoops you're not going to get a quality product at a reasonable price.

Do you believe the claim that the site was 500mil LOC?

You hit another point. It seemed like there was no communication between the teams, and it seemed like this could have caused many issues where they thought they were okay, but, in reality, they weren't.

nah, python (mostly) goes the other way: it works the way you'd expect as a beginner, but bites you when you get fancy.

If the idea is to learn enough JavaScript to write a card game that you could run on a static page, then probably.

I think it's a good idea, but you're going to have an audience problem: The people that really need this and could benefit from it don't know wtf a browser plugin is, and the people that get and appreciate the product probably don't need it.

I guess it would best as a default service in browsers. Proof of concept might be a fun side project.

Dave,
I wonder why the meet-up guys threw "unfortunately" in there.

It's like oh man it's unfortunate you can put together a really solid site using a lot of best practices in a fairly short amount of time while being able to handle a lot of traffic on cheap hardware.

What else do people want, seriously.

I didn't hear this claim and I find it pretty doubtful.

Maybe if you counted all the LOC from all systems and all libraries used and double counted each library used by more than one vendor) you get close? Still seems exaggerated by an order of magnitude or two.

Definitely. A good example is if you're writing against a mock implementation of a service that returns fast you might not notice if you do something stupid like multiple calls or might not realize you need caching. But once you switch to the real service suddenly those ms calls are taking seconds and you're ****ed.

Overall I lay the majority of the blame for things like lack of communication and being way too tightly tied to a spec / waterfall life cycle at the Government's feet.

So, the better question is why are people abandoning it in the first place and doings so fast enough that this question can be raised at all.

My impression is that RoR is suffering a serious brain drain, or as I've heard, it is easy to find people who can install gems, but its extremely difficult to find people who can actually program and think through problems.

The unfortunate part would be that the smart people are walking away and the inexperienced are embracing it, and this serves to cause a cyclic brain drain.

Of course, that doesn't say why people are walking away I'm the first place, or why the mention of it can often times cause eyes to roll or loud snorts, but it probably has to so with the LA programmer scene, which is about as comprehensible as the fashion scene. Most people I meet here are polymath programmers.

Man I hate Ruby. It tries to use multiple programming paradigms and it's easy to write unreadable code (almost as easy as Perl). I switched to using Django for my hobby projects and so much happier. Too much black magic happens in Rails. I like the python/django philosophy of being explicit. It's more setup but you at least know wtf is going on.

Early adopter types are onto other things, node.js, Scala, Go, etc and Rails has a marketing problem among hardcore nerds.


These two trends are related - a lot of the better developers don't want to be associated with RoR, because of all the new developers on the scene. RoR is the Visual Basic of the 10's.


Fashion is an important driver of technology adoption. What makes RoR unfashionable is that it's become widely accessible and marketed to the lowest common denominator, devaluing the perceived expertise of people who actually know what they are doing. It works just like fashion brands - the most fashionable have to constantly move to a new trend that distinguishes them from the masses.

This seems true of every single programming language. I don't know if a lot can be read into it.

You should try sinatra.

And if this is for your hobby projects, why are you complaining about unreadable code? Didn't you write it?

@candybar,

good points.

This is true, but, say, 8-9 years ago, simply knowing Ruby was indicative of high levels of competence. The whole Python paradox was true of Python, Ruby, etc, at the time. Nowadays, Ruby and Python are increasingly seen as beginners' languages because they are used to teach introductory programming courses. On the periphery of the tech scene, serious Ruby developers are compared to people who just graduated from a 6-month Rails program. You know Ruby? I know a guy who knows Ruby! This understandably sends some people on the search for an alternative.

None of this should matter, but much of the draw of Rails was fashion and prestige - use Ruby on Rails and feel automatically superior to all these corporate Java zombies - so it's interesting to see whether they can withstand the loss of prestige driven by inevitable commoditization.

candybar,

i agree with much of your rant but not this part:

the *original* draw of RoR was how it makes it easy to rapidly develop a web application because the routine heavy lifting had already been done for you -- CRUD operations in an MVC framework and even some hooks for testing.

and then yeah, i guess the hipsters and the brogrammers and the fashionistas[1] came along afterwards, but who listens to them?


[1] deep as any paper plate / dressed just like the girl beside you

Great idea... but I am not sure the comparison examples you have will prove effective. Most hacks involve just adding a couple of lines of JavaScript to the page to snoop a user's input. None of the checks you have mentioned would detect a subtle javascript snippet which has been injected into the site. If you were to develop something like this, you would need to make sure that it was 100% foolproof... especially since, if it became popular, people would be writing hacks specifically designed avoid detection by the plugin.

I completely agree with this, btw, RoR was a pioneer and virtually all popular server-side frameworks post-Rails have borrowed significantly from Rails. I didn't mean to say Rails had no technical significance but given how quickly

happened and how this was encouraged by the Rails community, including the creator himself, it's hard to separate its popularity from its dominant marketing strategy.

And like its prestige/fashion-appeal, its technical strengths relative to other frameworks are also a thing of the past, not to mention that all the cool kids have moved on to client-side javascript frameworks and server-side micro frameworks.

candybar, you just keep on saving me the need to post anything.

Haha, glad to oblige!

I guess I have spent way more time working on front end frameworks lately, but I still think rails is pretty amazing. There is ridiculous community support, even if some of the smarter people are going hipster on other languages. And mainly, it just saves me time on a lot of projects I do since I am often the only developer.

I want to learn some node, but I'm not sure what else I'd really bother learning anytime soon.

I've been building out this component for a site I'm working on in backbone. It's actually kind of amusing after all my time in angular-land. I hadn't touched backbone since I barely knew any JS, and now it makes a lot more sense. I'm going to stop crapping on it.

Yes. Rails should come with a warning label, "If you're new to web programming, try Sinatra first." I like Ruby, but the Rails learning curve was too high for me.

It is amazing in many ways.

I guess I generally agree with a lot of what you guys are saying about RoR - what I think I disagree with though is that its an indication of anything significant about Rails itself.

There's always going to be new technologies that address shortcomings in existing technologies or are built around some cool new and untried principal, they're always going to appeal to a certain group of people, some will thrive and become more main stream/popular, and most of the original cutting edge people will then move on to the newest new technology.

It just seems more of an inherent circle of life thing than anything particular about Ruby/Rails/Whatever.

jj,

i think you're mostly right. the part of that is rails specific (and this echoes what i said about ruby yesterday) is that rails, especially now, is actually a pretty massive and complex piece of software. it just also happens that you can get up and running with it without really understanding it. so you have a situation where lots of beginners brag about their new RoR site, essentially diluting the brand, even though it requires a lot of effort and learning to understand all its magic, which is why many devs, myself included, prefer simpler frameworks which you can understand top to bottom without reading 600 page books.