I remember testing Oj a few years back and finding that yajl where still faster for some cases, I believe it was very large arrays of thousands of objects.
I did some impromptu benchmarking now, and couldn't find a case where Oj performed worse than yajl. Impressive!
The warnings, other than symbol GC in MRI <= 2.1, refer to using Oj in `object` mode: marshallings arbitrary Ruby object graphs to/from JSON. This is similar to pickle in python. This mode isn't what you would be using at the boundary of something like a http/json api.
If you are referring to the Ruby YAML vulnerability, the problem is that the deserializer ends up calling methods on the deserialized object. This says it doesn't, it merely warns you against doing it yourself, or at least doing it carelessly.
Not so much. With YAML it's a feature baked into the syntax that you have to go to extra effort to avoid. With JSON, it's just a specific data schema you opt in to, so a non-aware decoder will just give you a Hash with some odd data in it.
How does this have 71 upvotes in such a short time and two comments. It's a Ruby C extension for JSON, nothing more. Something fishy here, especially given that a link on the homepage is "Vote on Hacker News."
Because it's a known piece of software in the Ruby community, one that actually kicks ass. His work isn't new, this is probably being voted up by people who know of it... and what's really to comment on? I read the page, upvoted because I like the gem, and moved on.
Getting to the front page of hackernews is more about timing than content. I've had submissions get no votes only to see the same article on the front page a few hours or days later.
There's a lot of luck that goes into who is viewing and voting.
Version 3.0 is being announced which is compatible with Ruby 2.4 and Rails 5. With this being a popular gem in the Ruby community, I'm guessing those are important milestones many folks are happy with.
Don't make comments like this if you don't understand why people use Ruby in the first place.
Maybe your code is performing acceptably well, but if someone comes up to you and says "Hey, would you like some free performance with this drop-in replacement?" you'd be stupid to say no.
There's a difference between performance being critical and performance being important.
I disagree but perhaps it's on semantics... A better statement would be:
If the boxing/unboxing matters, don't use a language with objects. Use one that gives you value types to manipulate and serialize into. For some things, like Regexp, the language has almost zero overhead-- because it's done in C/bare metal.
Additionally you could provide which languages/runtimes one should use.
Performance is only one of several factors when selecting a programming language, like suitability to problem domain, available libraries, tooling etc.
In my work I have found Ruby often more than makes up for its poor performance record with an excellent ecosystem, mature testing tools, and outstanding string processing APIs. It also offers a high fun factor, which is just as important IMHO.
Performance actually matters a lot in Ruby. The average coder doesn't (usually) have to deal with it, but chasing down performance issues in library code opens up more and more applications for Ruby to tackle.
It would be awesome if Ruby could eventually become useful in every context. I think it'll eventually get there, but on the way there will need a mountain of performance improvements.
I don't think ruby will ever get to the point where it's useful or a good fit in every context. The optimization goals are pretty clearly laid out: developer performance and happiness over raw speed of the language. A lot of features don't lend themselves to easy performance optimization (open classes, the ability to change methods on individual objects, lots of the metaprogramming features etc.). It's just not ruby's goal to be fast on every platform and in every context. It's often fast enough, though.
I agree that Ruby isn't a good fit for every context, but the reasons for Ruby's speed can and are being addressed, this article is extremely accessible and beautiful:
Ruby has some of the best concurrency support: Fibers and threads are all well-established features. JRuby and Rubinius can handle native threads, no Global Interpreter Lock (GIL) at all.
The downside is most Ruby code bases are reluctant to take advantage of it, or even be thread-safe or fiber-aware, which can make writing apps more challenging than an environment like Node.js where there's established standards and expectations.
I remember a Rails application I developed a couple of years ago. Basically a JS dashboard over a time series database, but not a SPA. Let's say a few JS-fat pages displaying graphs with filters. The JS code in the pages made API calls to the Rails controllers which answer in JSON. Plus, we had some cron jobs pulling JSON data from a remote API.
The application was fast enough but the data transfer started to dominate response time when the queries were large. We did several optimizations to reduce the size of the JSON (gzip among them, obviously) and sometimes building the JSON manually instead of using the jbuilder provided a speedup.
The cron jobs were OK. Using oj made a noticeable difference over the default parser. Batch inserts in the db made a big difference too (the activerecord-import gem). With those optimizations there was no need to write everything else in a more performant language. After all, oj and batch inserts already moved most of our performance critical code from Ruby to C.
I did some impromptu benchmarking now, and couldn't find a case where Oj performed worse than yajl. Impressive!