Sure there are sites that use Rails such as Twitter. The primary reason why I say it's less proven is because I don't see very many financial websites using Rails.
Etrade, Ameritrade, Chase, Bank of America, PayPal, etc. don't use Rails.
But, I am willing to give Rails the benefit of the doubt and maybe I am wrong this time.
Topic: Reverse-engineering and documenting Bitcoinica - page 2. (Read 3125 times)
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Cool story. What makes Ruby unreliable/insecure?
Here are some reasons not to do it in Ruby on Rails:
1.) Ruby on Rails is a scripting language built on top of another language. Any flaws or bugs in the foundation language can propagate to the scripting language. It takes time to fix these changes until it is fixed and compiled in the Ruby language. (PHP works the same way where functions in PHP are mostly wrappers to functions in other libraries.)
2.) Ruby on Rails hasn't been around as long as some other web languages. It's less proven.
3.) There are less Ruby on Rails developers then other languages. In the case with Bitcoinica, the code was passed to Intersango who had no experience with Ruby on Rails.
4.) Ruby on Rails attempts to write code automatically for you. It's possible the automatically written code could be overlooked.
5.) There specific security issues with RoR. (I guess you could Google it.)
I'm not sure if you're a Rails troll and trying to spread some FUD but I'm going to clear some things up for you.
Quote
1.) Ruby on Rails is a scripting language built on top of another language. Any flaws or bugs in the foundation language can propagate to the scripting language. It takes time to fix these changes until it is fixed and compiled in the Ruby language. (PHP works the same way where functions in PHP are mostly wrappers to functions in other libraries.)
Ruby on Rails is not a scripting language. It is a MVC framework built on top of Ruby. Just like other frameworks, like CodeIgniter, Kohana, Yii, ASP.NET MVC 3, it aims to provide agile development.Many applications have been built with it. Sites such as GitHub (which hosts the core Bitcoin project), Yellow Pages, Groupon, and most of the latest hip start up companies use it.
Quote
2.) Ruby on Rails hasn't been around as long as some other web languages. It's less proven.
Have you been living under a rock? http://rubyonrails.org/applicationsQuote
3.) There are less Ruby on Rails developers then other languages. In the case with Bitcoinica, the code was passed to Intersango who had no experience with Ruby on Rails.
The community & ecosystem is huge. Large enough for many companies to use it, and for many many libraries to be written for it. https://github.com/rails/railsQuote
4.) Ruby on Rails attempts to write code automatically for you. It's possible the automatically written code could be overlooked.
It does not write code for you. It's a framework.Quote
5.) There specific security issues with RoR. (I guess you could Google it.)
Just like any other Framework or language, there will always be potential security vulnerabilities. All of these have been fixed quickly.However for vulnerabilities such as XSS, SQL injection, CSRF attacks, it is up to the developer to fix these. Rails already takes advantage of the best practices so these are almost impossible to leak through for any app. You won't have to go boast to your visitors that you use 'prepared statements'.
The trick is that if strings are immutable, and short strings are guaranteed to have unique memory locations, the a == "foo" comparison can actually be implemented as a direct pointer comparison rather than a slow string comparison. This is basically just as fast as a traditional enum, and in practice takes up the same amount of space. (integers in structures are usually not packed) Of course, comparing three letters is pretty quick as well, especially in the context of an interpreted language. FWIW if I'm not mistaken Python strings work this way, and it's considered "Pythonic" to use strings to replace enums.
Premature optimization is the root of all evil.
Premature optimization may be the root of all evil, but only if it makes the code harder to read, aka replacing the strings with status numbers. Enums doesn't reduce code readability, as it is essentially the same as strings, (except without the quotes). Secondly, enums are superior to strings because they are strongly type checked to prevent any undefined behavior, which may result from typos. In addition, IDEs can recognize enums and provide additional features such as auto completion and error detection, which boosts productivity. Premature optimization is the root of all evil.
Started thoroughly studying the trading part, here's my understanding of the trade matching code.
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
doesn't ruby have something like enums? why make slow string comparisons?My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
I can't speak for Ruby or that exact case specifically, but often in modern languages string comparisons are a lot faster than they look. For instance, a typical enum replacement would look like this:
Code:
a = "foo"
if a == "foo":
do stuff
The trick is that if strings are immutable, and short strings are guaranteed to have unique memory locations, the a == "foo" comparison can actually be implemented as a direct pointer comparison rather than a slow string comparison. This is basically just as fast as a traditional enum, and in practice takes up the same amount of space. (integers in structures are usually not packed) Of course, comparing three letters is pretty quick as well, especially in the context of an interpreted language. FWIW if I'm not mistaken Python strings work this way, and it's considered "Pythonic" to use strings to replace enums.
Premature optimization is the root of all evil.
Ruby symbols would be preferable to string comparisons, but yeah, it's really an unnecessary optimization.
Started thoroughly studying the trading part, here's my understanding of the trade matching code.
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
doesn't ruby have something like enums? why make slow string comparisons?My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
I can't speak for Ruby or that exact case specifically, but often in modern languages string comparisons are a lot faster than they look. For instance, a typical enum replacement would look like this:
Code:
a = "foo"
if a == "foo":
do stuff
The trick is that if strings are immutable, and short strings are guaranteed to have unique memory locations, the a == "foo" comparison can actually be implemented as a direct pointer comparison rather than a slow string comparison. This is basically just as fast as a traditional enum, and in practice takes up the same amount of space. (integers in structures are usually not packed) Of course, comparing three letters is pretty quick as well, especially in the context of an interpreted language. FWIW if I'm not mistaken Python strings work this way, and it's considered "Pythonic" to use strings to replace enums.
Premature optimization is the root of all evil.
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Cool story. What makes Ruby unreliable/insecure?
Here are some reasons not to do it in Ruby on Rails:
1.) Ruby on Rails is a scripting language built on top of another language. Any flaws or bugs in the foundation language can propagate to the scripting language. It takes time to fix these changes until it is fixed and compiled in the Ruby language. (PHP works the same way where functions in PHP are mostly wrappers to functions in other libraries.)
2.) Ruby on Rails hasn't been around as long as some other web languages. It's less proven.
3.) There are less Ruby on Rails developers then other languages. In the case with Bitcoinica, the code was passed to Intersango who had no experience with Ruby on Rails.
4.) Ruby on Rails attempts to write code automatically for you. It's possible the automatically written code could be overlooked.
5.) There specific security issues with RoR. (I guess you could Google it.)
Let me clarify if I may as I think you've dismissed ruby and ruby on rails without acknowledging the benefits.
Ruby is a dynamic language http://en.wikipedia.org/wiki/Dynamic_programming_language
Rails is an MVC based architecture for the rapid development of web applications. The Rails architect is built using the Ruby language and that's why it's called Ruby on Rails. (RoR).
Let me address some of the points you've raised.
1. The ruby interpreter is written in C I believe, it's been around since the mid 90's and is stable and mature.
2. The Rails architecture has been around since 2005 and is at version 3. It powers a large number of websites including twitter, github, scribd, shopify and many more.
3. There are plenty of ruby on rails developers, just that intersango didn't have that skill set.
4. Rails dynamically creates methods at run time so that you don't have to, it can be argued that this is a benefit as the developer writes less code and therefore can make less mistakes.
5. There have been specific security issues with Rails. They get addresses quickly in my experience.
I've been developing web apps for over 12 years and RoR is easily the quickest and most succinct way to build web applications in my experience.
Thanks for saving me the time. Ruby kicks ass. Rails takes names.
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Cool story. What makes Ruby unreliable/insecure?
Here are some reasons not to do it in Ruby on Rails:
1.) Ruby on Rails is a scripting language built on top of another language. Any flaws or bugs in the foundation language can propagate to the scripting language. It takes time to fix these changes until it is fixed and compiled in the Ruby language. (PHP works the same way where functions in PHP are mostly wrappers to functions in other libraries.)
2.) Ruby on Rails hasn't been around as long as some other web languages. It's less proven.
3.) There are less Ruby on Rails developers then other languages. In the case with Bitcoinica, the code was passed to Intersango who had no experience with Ruby on Rails.
4.) Ruby on Rails attempts to write code automatically for you. It's possible the automatically written code could be overlooked.
5.) There specific security issues with RoR. (I guess you could Google it.)
Let me clarify if I may as I think you've dismissed ruby and ruby on rails without acknowledging the benefits.
Ruby is a dynamic language http://en.wikipedia.org/wiki/Dynamic_programming_language
Rails is an MVC based architecture for the rapid development of web applications. The Rails architect is built using the Ruby language and that's why it's called Ruby on Rails. (RoR).
Let me address some of the points you've raised.
1. The ruby interpreter is written in C I believe, it's been around since the mid 90's and is stable and mature.
2. The Rails architecture has been around since 2005 and is at version 3. It powers a large number of websites including twitter, github, scribd, shopify and many more.
3. There are plenty of ruby on rails developers, just that intersango didn't have that skill set.
4. Rails dynamically creates methods at run time so that you don't have to, it can be argued that this is a benefit as the developer writes less code and therefore can make less mistakes.
5. There have been specific security issues with Rails. They get addresses quickly in my experience.
I've been developing web apps for over 12 years and RoR is easily the quickest and most succinct way to build web applications in my experience.
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Cool story. What makes Ruby unreliable/insecure?
Here are some reasons not to do it in Ruby on Rails:
1.) Ruby on Rails is a scripting language built on top of another language. Any flaws or bugs in the foundation language can propagate to the scripting language. It takes time to fix these changes until it is fixed and compiled in the Ruby language. (PHP works the same way where functions in PHP are mostly wrappers to functions in other libraries.)
2.) Ruby on Rails hasn't been around as long as some other web languages. It's less proven.
3.) There are less Ruby on Rails developers then other languages. In the case with Bitcoinica, the code was passed to Intersango who had no experience with Ruby on Rails.
4.) Ruby on Rails attempts to write code automatically for you. It's possible the automatically written code could be overlooked.
5.) There specific security issues with RoR. (I guess you could Google it.)
Started thoroughly studying the trading part, here's my understanding of the trade matching code.
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
doesn't ruby have something like enums? why make slow string comparisons?My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
Started thoroughly studying the trading part, here's my understanding of the trade matching code.
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
doesn't ruby have something like enums? why make slow string comparisons? My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Cool story. What makes Ruby unreliable/insecure?
Guys, I'm doing margin trading exchange at https://github.com/santacruz123/node-bitcoin-exchange
It's PostgreSQL\NodeJS based. Order matching done through SQL triggers...
I would accept some criticism on early stages
It's PostgreSQL\NodeJS based. Order matching done through SQL triggers...
I would accept some criticism on early stages
I don't recommend Ruby on Rails, but perhaps the logic could be recreated in another more reliable language in addition to beefing up the security.
Started thoroughly studying the trading part, here's my understanding of the trade matching code.
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
My comments start with "D :", there are like 2 comments made by ZT
http://pastie.org/4257541
After the amount of heartache and financial loss Bitcoinica has caused to its users and the wider Bitcoin community you would be better off throwing it away and starting again.
Not really. The code needs a security audit, but the trading code is decent.
After the amount of heartache and financial loss Bitcoinica has caused to its users and the wider Bitcoin community you would be better off throwing it away and starting again.
I've just started a technical document aimed at describing the way the bitcoinica codebase works, how the trading works and how one could potentially setup a clone. Feel free to help !
It's all here
It's all here
Jump to: