Regarding the argument between whether this is a Rails framework concern or a Rails developer's concern, the fact that many tutorials and screencasts don't bring this vulnerability up has left the impression to a whole slew of developers that scaffolding and other step-by-step out-of-the-box ways to build things that Rails affords you are complete solutions that don't require any other modifications besides what's needed for your own business logic, etc. I think this is how we all missed something so simple. I think it's partly because of this convention/idiom groupthink.
Good post; What I think is important to point out (and what I've always told people) is that overtime is a result of failure: failure of planning, process, time/task/scope/resource management, estimation, etc.
I completely agree. As long as we can recognize that these types of failures are the failures of management and the owners, not the employees. They shouldn't have to work overtime for the poor management of their leaders.
The way I like to explain it to get it to quickly click in anyone's head (math geek and non-math geek alike) is so:
What is true about any two distinct numbers? Answer: there are an infinite number of numbers between them (e.g. between 4.00005 and 4.00006 there are 4.000051, 4.0000501, 4.00005001, etc. You can always add more zeros). But one cannot name a single number between 0.9999... and 1 because they are the same number.
Not really an actual, rigorous proof, but it serves its purpose.
Corey Spitzer
coreyspitzer/at\rifflabs/dot\com
Full stack web/mobile developer
PHP
Ruby on Rails
iOS
Android
HTML/CSS/JavaScript
(and more; see http://coreyspitzer.net/resume )
www.linkedin.com/in/coreyspitzer/