Exactly. Rails, which is built on top of Ruby, doesn't allow arbitrary input as integer keys on Arrays, nor does it allow the user to force-execute a (very) long while loop.
The vectors for attacking this vulnerability in Rails is limited to incoming params or POST bodies, and so far nobody has been able to show a vector for using these vulnerabilities to execute remote code or cause a DoS attack on Rails or Merb.
IE7 does *not* slaughter HTML and CSS. It breaks hacks that worked in IE6 because of unimplemented features there (or just plain bugs in IE6).
Anyone who wrote HTML and CSS in standards-compliant ways, and worked around IE6 with conditional comments (and *not* by using hacks) will find their pages working smoothly.
There's a substantial *improvement* in CSS support, but it's obviously not 100%.
For crying out loud, this is the sort of thing that really bugs me.
I was recently asked, publicly, what my #1 web development annoyance is. I answered IE6. So I don't have any love for Microsoft. I also own a Mac Pro and a Macbook. So I've spent good money on Apple. And I like my machines. But there's a seriously painful double standard here:
Every incremental feature update of OSX costs $130. Incremental feature updates to Windows are free (by incremental, I mean
ones where the underlying OS is the same, but features are added. Think OSX and Windows XP)
Firefox has an automatic push feature that automatically downloads and offers to install the new version of FF. So does IE.
You can only install OSX on Apple hardware. Any licensing restrictions on the use of Windows causes a serious outcry here.
Steve Jobs has openly said his iPod marketing strategy involves building iPods in such a way that forces users to buy new ones
every year. Imagine if Microsoft said something similar about Windows (never mind that there *is* a new version of OSX that you
have to buy every year or so if you want the newest features)
Firefox recently got into a licensing dispute with a Linux vendor who wanted to use its name but not its logo. Firefox legally
blocked them (relatively minor, but still)
The bottom line is that lately, MS has been behaving fairly well. I think that's clear. They've executed legally binding agreements not to sue based on certain patents it holds, implemented very impressive CSS improvements to IE, and brought the Firefox crew over to Vista headquarters to help them make the transition to Vista.
We should step back for just a bit and let Microsoft get IE7 and Vista out. Quite frankly, the day IE7 kills IE6, I will be a very happy person. And so will many, many web developers. The "push" is actually a pretty good thing, in the end.
Until the day that I start seeing people attacking Apple for Jobs' "reality distortion field" and practices that sometimes closely mirror the actions of Microsoft, I'll look dubiously at posts like this. Frankly, I'm getting tired of them.
Slashdot Mirror
Exactly. Rails, which is built on top of Ruby, doesn't allow arbitrary input as integer keys on Arrays, nor does it allow the user to force-execute a (very) long while loop. The vectors for attacking this vulnerability in Rails is limited to incoming params or POST bodies, and so far nobody has been able to show a vector for using these vulnerabilities to execute remote code or cause a DoS attack on Rails or Merb.
IE7 does *not* slaughter HTML and CSS. It breaks hacks that worked in IE6 because of unimplemented features there (or just plain bugs in IE6). Anyone who wrote HTML and CSS in standards-compliant ways, and worked around IE6 with conditional comments (and *not* by using hacks) will find their pages working smoothly. There's a substantial *improvement* in CSS support, but it's obviously not 100%.