Please find the attached interesting links for this week as provided by Trevor and Tim:
This Week in Edge Rails
it certainly hasn’t looked like a holiday week in edge Rails. Things are moving fast, with some major changes afoot for version 2.3 of Rails.
Ta-da List on Rails 2.2, Passenger And EC2
If you haven’t documented your server deployment process in code or experimented with these technologies, now is the time.
Slicing Your Attributes
ActiveRecord models default to having all attributes assignable this way. As a result, unless you’re very careful with attr_protected and attr_accessible, there’s a good chance your app has security holes.
Favicon Hell: Small Feature, Big Code
The end result is that it took thousands of lines of code just to display favicons. And that’s often the case with features that seem simple at first glance. It’s not until you dive into the code and find all the weird problems and bugs that you realize your little feature is actually a big PITA.
Warren Buffett’s 10 Ways To Get Rich
When you get to my age, you’ll measure your success in life by how many of the people you want to have love you actually do love you. That’s the ultimate test of how you’ve lived your life.
Ask Hacker News: Does the SaaS model really work?
I’m working on a web startup with a partner and I’m just feeling unsure of whether whole SaaS thing really works.
Pair Programming – Marketing FAIL
My modest proposal is to stop calling it Pair Programming or Extreme Programming. At this point, that is like calling your new energy company Enron. I propose calling it Collaborative Development.
Notes from the Ruby Manor
I’m lucky enough to be at RubyManor today; a Ruby conference organised by Ruby users, for Ruby users.
Cloud computing is a sea change
How sysadmins can prepare …don’t be shy, embrace the cloud. If you’re a UNIX sysadmin you already have the right stuff to succeed in this new world of utility on-demand computing…
Dumbing Down the Cloud
I trust Dropbox. Here’s why.
Turning Ideas Into iPhone Applications
No one wants to work for equity or the promise of future returns for someone else right now. There is too much cash work out there. The developers willing to take risks on future returns would rather do this for their own application projects. That is a risk worth taking.
Refactoring Rails Controllers
One of the basic memes of Rails is “Skinny controller, fat model.” And even though most examples, especially the ones using the newer REST features in Rails advertise it, there are still heaps of controllers out there that have grown too big, in both the sense of lines of code and the number of actions.
Seven Rules for Building Online Portfolios
Your site is a frame. Make every project a link. Make it simple. Don’t be clever. Make it easy for us to contact you. Make it easy to update. SIMPLIFY!
iPhone GUI PSD
Over the past few months we’ve had to create a few iPhone mock ups for presentations. Since we know we’ll be doing more of this, we created our own Photoshop file that has a fairly comprehensive library of assets.
TaskPaper
Today’s task managers have evolved into complex database-like applications, TaskPaper provides an alternative that harkens back to simpler (and faster) times.
Daring Fireball: Treating URL Protocol Schemes as Cruft
…it’s always struck me as somewhat ungraceful that we spend all day staring at dozens of URLs that all start with the same repetitive prefix. [If you're going to hide http://, why wouldn't you also hide the equally useless www?]
On App Store pricing
People have always been willing to pay money for valuable software, and users of the iPhone platform are no different. It’s not some crazy new voodoo platform where nobody will pay for anything. Treat it like any other software market, and you’ll see that it responds in the same way.
Schneier on Security: The Future of Ephemeral Conversation
Full disclosure: security expert and cryptography ace Bruce Schneier is a personal hero of mine. That having been said, I feel like I must also now say that I would only recommend a particular essay of his to other people if I felt like it was genuinely worthwhile. This piece deals with so-called “digital ephemera” (the casual conversations you have on-line) and the generation gap that exists between my generation (“baby busters” or “millenials”) and everyone from the GenX and previous set. Definitely a must-read for anyone whose life has been as copiously documented as yours certainly has been if you are reading this.
Geek to Live: Wget local copies of your online research (del.icio.us, digg or Google Notebook)
I’m going to go meta here for a second with a link to a lifehacker.com article about how to archive delicious links and diggs. Basically, this describes the wget flags you want to use if you’re trying to keep a local archive of someone’s delicious links: handy for automating things like, for example, a weekly digest of your del.icio.us links
While mass-assignment in Rails can be convenient for developers, it can pose a security risk if the implications aren’t understood. An article on Rails Spikes does a good job of explaining the issue:
By default ActiveRecord allows visitors access to any writer method, that is, any method ending with an equal sign. This comes courtesy of the ActiveRecord::Base#attributes= method, which is used internally by the main methods that handle creating and updating records, including new(), create(), and update_attributes().
The way most applications are designed means that whatever data a visitor sends to the server will likely find its way through the attributes=() method, and if not protected, ActiveRecord will happily update the records based on what was sent. In less technical terms: ActiveRecord is insecure by default.
I suggest reading over that article, even if you’re familiar with the potential issues around mass-assignment. There’s also a Railscasts episode on the subject.
The solution proposed is to use attr_accessible in all of your models. This way, you have to explicitly make attributes accessible to users, which is generally a good thing. However, this strategy introduces a small “gotcha” that’s bitten me a few times.
When you’re in development and try to mass-assign a protected attribute, it will fail silently, leaving only a note in the debug log. I don’t know about you, but I very rarely look at the debug log, and I’ve found myself temporarily stumped when attributes weren’t being assigned as expected. Of course, I’m getting better about remembering to add attributes via attr_accessible after being bitten by this one a few times, but perhaps others have been confounded by this gotcha as well?
Well, thanks to a small change in Active Record (more detail here), it’s now possible to give yourself a more noticeable warning when your testing your application. Simply add the following initializer, and your tests will complain much more loudly if you try to mass-assign a protected attribute.
# config/initializers/noisy_protected_attribute_removal.rb
if Rails.env.test?
ActiveRecord::Base.class_eval do
def log_protected_attribute_removal(*attributes)
raise "Can't mass-assign these protected attributes: #{attributes.join(', ')}"
end
end
end
This little trick has saved me some head-scratching already. Perhaps you’ll find it useful as well.
I’ve very pleased to welcome our good friend Tim to the Weekly Digest. I’m sure you’ll enjoy his contributions. You can follow along with his delicious account, if you’re into that sort of thing. We’ve also managed to inspire another weekly collection of links that you may be interested in checking out. Nick will be posting links for creatives and creators over on his blog, greyscalegorilla.
So, without further ado, please join me in welcoming Tim’s links:
tarsnap.com
If you can stomach the idea of someone else storing your data on his computers and are running out of disc, tarsnap might be the solution for you. Basically, you set up your machine to dump your data to the remote site, it is encrypted and then snapshots are taken (presumably at the normal rsnapshot intervals) and you can get at them whenever you need the data. The key here is encryption: there are dozens of places to stick your data, but the fact that you dump via a secure tunnel and that the site’s proprietor never has any access to your data makes this solution a viable one. If I wasn’t an incurable tin-foil-hat about privacy, I would definitely consider tarsnap.
Pixelpipe – Free your media, upload and share anywhere
Like a lot of G1 applications that are either overt ports of iPhone software or obviously inspired by iPhone software, this one is still coming together. The big idea here is that this is a Web 2.0 labor-saver that automatically dumps your G1 pictures into your Facebook, Myspace, etc. account: I wouldn’t say it’s fully automatic yet, but it’s getting there. I tried to link it up to my picasa account on day one and, after some finagling, managed to get it working. Ideally, it would “just work” and you could download and set this up without your home/laptop computer on a moving train. And, as I say, Pixelpipe isn’t quite there yet, but it’s got potential.
Write or Die : Dr Wicked’s Writing Lab
This is a tool, designed with creatives in mind (i.e. not coders), to encourage copywriters to shake their tail-feathers. The basic idea is that you tell it how many words you want to write and how much time you want to allow yourself to write those words and then it gives /you/ a text input window and a ticking clock. As the clock runs down, the text you enter is deleted if you stop typing. This definitely works just like the essay writing portion of a standardized test: you don’t waste too much time tangentializing during the pre-writing/brain-storming processes and when you get down to it, you eyes don’t drift backward to check for continuity/grammar errors or typos.
Noodle Soup Oracle
The so-called “noodle soup oracle” was “created by Michele Humes and Joshua Sierles after a meal of shrimp roe noodles in miso, topped with spicy carnitas, shelled edamame and chopped scallions”; at the click of a button, it will randomly choose a noodle, two savory additional ingredients and a sauce. It is also capable of suggesting noodle dishes bereft of meat. Indispensible for anyone who enjoys a.) the consumption of noodles and b.) letting a little chaos into his life from time to time.
Clonezilla
I haven’t had a chance to play this in an actual production environment, but it seems like a dream come true to anyone who has had to deploy workstations based on a common image: basically, in clonezilla you get a F/OSS alternative to Acronis/Norton Ghost that works a lot better than ghost4unix and has a some nice, time-saving user-friendliness features.
http://mysqltuner.com/mysqltuner.pl
This is a handy little diagnostic tool that, while utterly useless if you’re not familiar with the details of your /etc/mysql/my.cnf, takes the guesswork out of gathering a number of important usage and performance statistics.
…and now the set from yours truly:
CouchDB is now officially Apache CouchDB
CouchDB has graduated from incubator to a top level project.
This Week in Edge Rails
…some pent-up code has been checked in, and some big changes are being made. It’s an exciting time, and edge is definitely worth checking out.
Delayed Gratification with Rails
Daniel Morrison, of Collective Idea, is the first and will be showing a few ways he has used delayed job to offload tasks to the background. Without any further ado, here is Dan.
Base for SQLite3
Base is an application for creating, designing, editing and browsing SQLite 3 database files. It’s a proper Mac OS X application. Fast to launch, quick to get in to and get the data you need.
A demo of some thoughtful UI on Ffffound.com
Keyboard shortcuts FTW.
Build a Killer Online Portfolio in 9 Easy Steps
Ask yourself: how well does my site answer the questions potential clients are likely to have?
Carpal Tunnel Syndrome Fact Sheet
How can carpal tunnel syndrome be prevented? …on-the-job conditioning, perform stretching exercises, take frequent rest breaks, wear splints to keep wrists straight, and use correct posture and wrist position. Wearing fingerless gloves can help keep hands warm and flexible. Workstations, tools and tool handles, and tasks can be redesigned to enable the worker’s wrist to maintain a natural position during work.
Kvetch! Let it out, baby.
A Kvetch is a funny complaint. This site randomly displays kvetches sent via Twitter.
Rails Rumble Observations
Trends in gem/plugin usage. Winners include JQuery, Bort, Mocha, Hoptoad, Thinking Sphinx, Paperclip, and Restful Authentication.
Why the Drudge Report is one of the best designed sites on the web
Your eye darts all over the place looking around for something that looks interesting. The design encourages wandering and random discovery. The site feels like a chaotic newsroom with the cutting room floor exposed.
The Fast, Good and Cheap Pricing Method
Have you ever heard of the Fast, Good, Cheap pricing method?
The idea is that clients should only be able to choose 2 of these 3 words, and you have to keep this in mind when pricing your next job.
Custom fields? We don’t need no stinking custom fields
I think most people underestimate the impact of personal communication and overestimate the value of technology. Bug trackers are a good thing, but only if they function with your team.
Ruby on Rack #1 – Hello Rack!
Rack was initially inspired from pythons’s wsgi and it quickly became the de-facto web application/server interface in the ruby community, thanks to it’s simplicity and preciseness.
Rails meets Sinatra #2 – Mix n’ Match
Put sinatra code in any of your regular Rails controllers. No need to mount at Sinatra at a specific URI. Have Sinatra work for any URI, gracefully fallback to Rails if no Sinatra method matches the path. Use your models/libraries etc. in both Rails and Sinatra.
Four Years of Ruby Development Notes
This talk is from Ezra Zygmuntowicz from Engine Yard. He’s going to go over his history working and deploying with Rails. Interesting notes on upcoming Engine Yard offerings. Comments on Passenger.
Shared memory and Ruby Enterprise Edition
A clarification of the way memory optimization works in the specialized version of Ruby developed for Phusion’s Passenger.
HappyMapper, Making XML Fun Again
A while back, you may remember, I posted about ROXML, a ruby object to xml mapping library. I liked the idea but not the implementation. Soon after, I started playing around with what I have named HappyMapper, a ruby object to xml mapping library.
Say Goodbye to BlackBerry? If Obama Has to, Yes He Can
Mr. Obama, however, seems intent on pulling the office at least partly into the 21st century on that score; aides said he hopes to have a laptop computer on his desk in the Oval Office, making him the first American president to do so.
Rails in the Cloud: AWS, Heroku, and Morph
It remains to be seen whether either Heroku or Morph remain good options for us as our application grows (the fact that neither support true background tasks or Memcached servers might become a limiting factor at some point), but if nothing else they’re an ideal way to get off the ground.
Concurrency is a Myth in Ruby
The implications of the GIL are surprising at first, but it turns out the solution to this problem is not all that complex: instead of thinking in threads, think how you could split the workload between different processes. Partition the work, or decompose your application. Add a communications / work queue. Fork, or run multiple instances of you application.
Net Neutrality Advocates In Charge Of Obama Team Review of FCC
Both are highly-regarded outside-the-Beltway experts in telecom policy, and they’ve both been pretty harsh critics of the Bush administration’s telecom policies in the past year.
Now that we have that nice syntax for tests in Rails, I’m happy just using the baked-in Test::Unit stuff. Well… maybe I still need Mocha. But the other stuff like RSpec, test/spec, and Shoulda? Meh. The only thing missing from Test::Unit is an easy way to defer tests. That’s important. I’d been dropping “flunk” in tests to note that they weren’t implemented yet, but that can get confusing pretty quickly.
Luckily, there’s a quick and easy way to add “deferred” tests. Here’s how:
# test/test_helper.rb
class Test::Unit::TestCase
def defer
puts "nDeferred: #{caller[0]}"
end
end
# test/functional/home_controller_test.rb
require 'test_helper'
class HomeControllerTest < ActionController::TestCase
test "should defer test" do
defer; return;
end
end
This would produce output like so...
~/git/h8ter $ autotest
loading autotest/rails
/opt/local/bin/ruby -I.:lib:test -rtest/unit -e "%w[test/functional/home_controller_test.rb...
Loaded suite -e
Started
....................
Deferred: ./test/functional/home_controller_test.rb:6:in `test_should_defer_test'
............................................
Finished in 0.795139 seconds.
64 tests, 123 assertions, 0 failures, 0 errors
I thought I'd seen a commit from Koz that added a nice way to defer tests in Rails, but I can't seem to find it. Please post a comment if you know what I'm talking about. In the meantime, here we are with a quick and dirty solution for your enjoyment.
