I think a sign of security-mindedness for a server GNU/Linux distribution is whether it can withstand simple attacks out of the box. At the moment Ubuntu fails this test as a simple fork bomb from any user or any compromised service can render the system useless.

It seems to me that if someone wanted a web application framework to be successful that focusing on a strong, yet unobtrusive, security model would be important. One reason PHP is avoided by many developers is that so many PHP applications are full of security vulnerabilities. I’ve always been a fan of escaping all content except when otherwise specified, the opposite of how Rails operates. I remember investigating early plugins to accomplish this but without much luck. It seems like there has been a lot of activity in this area and I thought I would investigate the landscape again.

I don’t even recall what I was looking for but I came across Maruku which is a library that implements the Markdown syntax, the PHP Markdown Extra syntax, and its own meta-data syntax. It should fix problems with underscores in links. It seems like the Markdown with SmartyPants module for Drupal also uses PHP Markdown Extra in its version for Drupal 6.0. That should be nice should I upgrade at some point. But I will start using Maruku on my Rails apps now and see what happens.

I’m not sure if there is really more to this release than average but it seems like there are more changes I’m interested in than in some past Ubuntu releases. I thought it would be good to compile a list and then do a review after the release. I also want to try and find issues that I want addressed that haven’t been so I can push for their inclusion before it is too late.

Rails uses the Prototype library by default but many peopl, myself included, have been switching to the jQuery library. The library is smaller but more importantly it operates unobtrusively. A couple of plugins have already been written to help Rails developers transition from one library to the other.

I’ve been reviewing various BitTorrent tracker software and I’ve decided that what I think makes the most sense is a fast dedicated tracker and a separate front-end. I was a fan of CBTT in the past but that project, like the rest of the BNBT derivatives, appears defunct. XBTT, however, continues to be improved. And I came across a useful page on getting XBTT running on Debian. I think XBTT combined with a Rails-based front-end might make for a great BitTorrent tracker site. Perhaps XBTT could even be packaged at some point.

• http://xbtt.sourceforge.net/tracker/
• http://sourceforge.net/projects/xbtt/

I think the biggest problem with Rails is that it is not thread-safe. This leads to Rails being difficult to use for projects requiring large numbers of concurrent connections because each concurrent connection requires a process. With so many processes, management becomes difficult and there is substantial overhead. However, I like Rails, and what’s more is I think there is a lot of value to being able to develop on a consistent platform due to the familiarity one has with the platform and the ability to reuse code between projects. But for an application where Rails overhead is prohibitive there are a number of other options.