I don't know if this will fit in a 140 character microblog so here goes:
Coming from a long background of destructive hacking in my teens, every time I implement a new feature in one of my new-found love of constructive hacking I think: "How could I exploit this?"
When working with sending data between the browser and the server, the developer has to remember that everything on the client side programming can be changed: What you would expect to be a JSON string could come in as some executable javascript instead... and run on your server if you have a javascript interpreter running: some NoSQL databases run JS to determine what data to send back to the main program, and Node.JS is completely javascript... I've never used .eval()...
I still feel very new to this, terms like "Prototypal Inheritance" vs. "Classical Inheritance" don't mean anything to me, but they gnaw at the back of my head irking me on to learn more about ... stuff.
I just started looking into Ruby on Rails today, partially kicked off by the Igor guy finding a insecure default setting and exploiting it on GitHub.com, and also kicked off by wanting something a little more compatible with MySQL than Node.JS express. I've been frustrated with that framework on multiple occasions... I'm not saying it's bad, it's just a difficult framework for me (at the moment) I still don't have a firm grasp of "middleware" and why I need certain types. The documentation assumes a skill-level and experience with other web-frameworks that I didn't have. However, I have come away from my (couple? three?) projects with Express "smarter" about web frameworks and the terminology in general.
While looking at Ruby frameworks Sinatra and Rails, I was really tempted to go with Sinatra, I liked how it seemed to be simpler (as in Arch linux simple vs Ubuntu simple) but I think I repeated my actions with my Linux adventures:
I started with Slackware, bumped into Ubuntu and fell in love with how easy it was.
I started with Node.JS Express, decided to finally try Rails, and am enjoying all the defaults it provides. I am also new to the Ruby language, and am impressed by the simple and beautiful syntax that it uses.
Anyway, I hope to start hacking away at a blog soon, I've almost finished the Rails for Zombies course, but you don't really start "grokking" until your head start banging against the system for some hours outside of the classroom. The challenges are a great way to teach, but I don't feel like I'm retaining very well today... but I shouldn't be too hard on myself it's only been a short amount of time...
It's neat to observe the rant style change from emotional poetic of last year to technical ... I'm tempted to say poetic... but it's not ;)
No comments:
Post a Comment