First Look: Komodo 4 for Ruby Programming

It’s been a good couple weeks for Ruby IDEs. First, Ruby In Steel was released. Pretty much simultaneously, ActiveState releasedKomodo 4 with support for Ruby.

Komodo is a significantly “weightier” IDE and Ruby is just one of the many languages it supports. It is, I suppose, more akin to Visual Studio itself than to Ruby In Steel, which adds Ruby support to Visual Studio.

I still have much more head-to-head comparison to doing, but I wanted to point out a clear “win” for Komodo: the Ruby shell shown in the bottom pane here is graphical, allowing for a significantly easier cut-and-paste experience than the IRB-in-a-DOS-Box approach:


P.S. What the heck is “IDE_GeneticAlgorithm”? Well, a while back there was a flurry of posts about “the best” customized color schemes for programmers. I thought it would be funny to write a distributed genetic algorithm that “bred” color schemes and evolved them on the Web. The problem is the age-old challenge of creating a decent traversal through colorspace (that isn’t along the gray axis). What’s a way to encode color in a single number such that like values have like colors?

Gunnar Peterson on Message-Level Security

Gunnar Peterson, responding to my posts on REST, says we cannot punt on message-level security. He cites 3 security breaches as evidence that the “the 1995 security model” of “firewall, SSL, and a prayer” won’t cut it. However, I don’t believe that any of these breaches would have been thwarted by message-level security. In the first “an intruder hacked into a TJC Companies’ database,” the 2nd was a stolen file (whether physical or due to a login, I don’t know), and the 3rd was a phishing attack. I don’t see how encryption at the message-level would help in these scenarios. I’m not a computer security expert, but it seems to me that bad logins, physical loss (i.e., stolen laptops), and phishing account for the vast majority of security breaches. At the targeted assault level you have SQL injection and buffer overflows and rootkits. I’ve never heard of an actual man-in-the-middle security breach at the SSL/HTTPS level (feel free to enlighten me).

I’ll reiterate my main point: KISS approaches work well enough for companies like Google, Amazon, and Apple/iTunes to transact billions of dollars in commerce. WS-Security, with its encryption-scheme-independent tokens and trust relationships, etc.: I just don’t see the utility. I certainly see the complexity. Of course, the complexity is generally mitigated within a single vendor’s stack, but interop is actually the “big promise” that started this whole Web Services thing and is much more a real-world issue than the supposed flaws of Internet protocols.

The only scenario that I can think of where I would not trust SSL/HTTPS at the message-level are actual wire transfers. And I think the people who program bank transfers have already figured out a way that works. (Very rapidly, but one penny at a time, as numerous people pointed out in response to my “Top 10 Things I’ve Learned About Computers From The Movies” post.)