There's very little you're saying here that I disagree with. I also agree with you on the matter of Ruby on Rails being less secure than other frameworks. A friend of mine quipped the other day that it's time for Ruby devs to "take of their brogramming cool-shades and embrace some of what the neckbeards have been telling us."
I just don't interpret "security is hard" as an excuse. You just repeated the phrase yourself, yet your central point seems to hinge on that being an excuse. You saw fit to put it in its own block and indent it.
There are also a community of Ruby developers who are trying very hard to improve the situation. I'm sure there are more, but the group at the forefront of my mind is Ronin Ruby [1].
In order to improve, we must first admit that we have failed. For my part in the Ruby community, I humbly admit that we can do better.
The central point I'm trying to make is this article is being disingenuous. Security is hard, but not so hard that a minute or two of thinking and filing a PR won't prevent the YAML exploits. I don't actually think the Rails community is dumb, that's why this whole thing pissed me off so much because the fact that it was even introduced and existed for so long tells me that thousands of Rails devs have just decided to turn a blind eye over the years.
I'm well aware the Ronin guys BTW, I have mentioned them in a comment in another HN thread a few days back and called for help for those 2 guys.
I just don't interpret "security is hard" as an excuse. You just repeated the phrase yourself, yet your central point seems to hinge on that being an excuse. You saw fit to put it in its own block and indent it.
There are also a community of Ruby developers who are trying very hard to improve the situation. I'm sure there are more, but the group at the forefront of my mind is Ronin Ruby [1].
In order to improve, we must first admit that we have failed. For my part in the Ruby community, I humbly admit that we can do better.
[1]:http://ronin-ruby.github.com