Wednesday, 16 April 2014

Link: Female Founders by Paul Graham

Paul Graham (of Y-Combinator) writes some amazingly worthwhile essays. One of his recent ones is about what he's learned about Female founders

Read to discover:
Is YC anti-female (spoiler: no)
Do female founders fare differently in startup culture (spoiler: sometimes, but that should rapidly improve)
What can we do to encourage more females to be founders?

Thursday, 10 April 2014

Heartbleed: openSSL has been compromised test your site!

So, you may have read that there's a security vulnerability in OpenSSL called Heartbleed. It's pretty serious and potentially affects everyone. You should change all your passwords right now.

Read more about it here: Here's How To Protect Yourself From The Massive Security Flaw That's Taken Over The Internet

You can use this site to test any site you care to try: Heartbleed test

Friday, 4 April 2014

Quit being so negative!

Interacting with other people is all about perceptions. For better or worse, we can't see inside of other peoples' heads and have to infer what's inside of them based on their actions... and also on (get this) *our* past behaviour.

You thought it would be *their* past behaviour, yes? but actually unless you've known somebody a really long time - your perceptions of another person are more based on what you have done in the past, than on what they have.

It's way too easy to totally miss this point when it comes up in reality - because what you think another person is doing... just seems so obvious. Surely they're doing X, it's just obvious they are...

What you don't see are all the subconscious micro-decisions that got you to that point. What exactly did you base your observation on?

Could you be mis-interpreting something? Just because you (or your sister, your boyfriend or your old teacher back in high school) used to do X and that meant they thought Y - doesn't mean that this person you're talking to right now... thinks Y - even if they're quite clearly doing X.

This all stems from a bit of an example from my own life (I'm T):

P comes up to T and tells her all about a friend of his who's developing a new javascript library.
"it's gonna be awesome!" P enthuses.
"interesting," T says. "so what does it offer over jquery?"
"what do you mean?", P asks, looking taken aback.
"well, jquery is pretty bog-standard in the web-world right now. What does your friend's library do, that would make me choose to use it over jQuery?" T replies.
"why are you asking me that? It's a great library, it's going to be the best!", P asks

We'll stop here and see where everybody stands, because I know from later discussion that P is thinking that I'm not interested in hearing about this new project. He thinks that *I* think it's only worth doing a project if it's better than jQuery. Why else would I demand what this new project had to offer and whether or not it was worth pursuing? How dismissive of me!

Hang on a tick... what did I *actually* say?

None of the above, it turns out. From my perspective, I was curious about the project and wondering what it might have to offer.

It think it all hinges on what part we both assume the role of questions plays.

I assume that questions are to elicit information on something of interest.
P assumed that questions were a way of poking holes in an idea and dismissing it.

Both of these are assumptions based on our own past history of using questions.

Perhaps when P questions something it's because he has strong reservations about it, or because he's decided it's a bad idea and he wants to highlight all the flaws in it... but assuming that that's the reason why *another* person asks questions... will lead to very great misunderstandings.

No doubt there are downsides to my own assumption - obviously that other people will get the wrong idea about my reasons for doing so... perhaps thinking that I'm attacking their idea instead of finding out more about it.

The biggest part of the problem is that that these assumptions are pretty-much invisible to us. To us it just feels like "the way it is"... not "my perspective". it's only when we brush up against somebody else's different perspective that we even notice they're there at all (like two people with different-coloured sun-glasses finally swapping notes about the colour of objects they see).

I haven't got a solution to this problem yet... I'd be curious if any of you readers out there do. feel free to comment and let me know.

Saturday, 29 March 2014

Speaking Eloquent Javascript - learn javascript (and programming) for free

Eloquent javascript seems a nice site for learning programming for free, by working your way through a free textbook.

I've only skimmed it myself - I've been working my way through Code School's Javascript path.

Another that's just come out is Speaking javascript (an O'Reilly book that's also online for free)

I've heard good things about both of these.

Have you tried either one? If so, tell me what you think, or if you have a better (free) source, let me know in the comments.

Sunday, 23 March 2014

Link: Australia's top female programmers

Pollenizer has posted a list of what they call Australia's top female programmers.

I apparently made the grade... but it's a little scary to see my name amongst some of the most awesome women coders I've met over the years...

Tuesday, 11 March 2014

The failure of the ruby community - and what we can do about it

Sam Peters holds up a dark mirror in which our community reflects more poorly than I'd have hoped to see.

Her post on ruby meetups and the developer community is particularly worth a read for those of us happily ensconced inside that echo chamber.

Some representative quotes:

"[at ruby meetups] people who knew one another would connect, catch up, and spend the time excitedly discussing the latest news. To one another. Exclusively."
"Upon my attendance [at ROROSyd] I was immediately struck by the small, tight groups of people scattered across the venue – something that felt quite intimidating as a new learner"
"My more unorthodox theory implies that this community is merely an illusion"

The words "scathing indictment" spring to mind.

Clearly this is not the kind of community that we want.

As a mob, we can be pretty intimidating - and we need to work on better outreach and inclusiveness at our meetups.

I remember the earliest days of the rails community in Sydney. I remember when everybody was a beginner, and we came together to share our solutions to the hard problems we faced, to welcome newbies and help each other grow into skilled rubyists.

One particular observation of hers at rubyconf gives an example of what we can do better:

" I also experienced a bit of community on a personal level too – one particular lunch time, a pair of developers invited me to their table with no pretence or expectation. It resulted in a rather pleasant lunch, and opened my eyes a little. I felt a little more welcome."

In other words - it doesn't take much.

If there are people at your local meetup looking new and alone, go over and say hi. Ask them about their experience in ruby, invite them to sit at your table. Just start the conversation and include them.

I'm personally hoping to help break down that barrier-to-entry with Ruby Women - to provide at lest one extra avenue into the scene via a smaller, more beginner-friendly meetup and more open network of friend

The full article is well worth a read and some careful self-reflection. We should take note and work hard to build something better.

My Students

So, I've been teaching the General Assembly Immersive Web Development course for the past two months now.

It's going great and has been a really rewarding (if highly challenging) experience for me

They've recently finished their second (of three) projects, and the results are pretty amazing - especially considering that most of them had never touched a line of code, two months ago.

Here are links for some of their blogs to see how they've been coping over the past two months...

Sam Peters

Sam is a creative developer and her humour punctuates her work. Her blog showcases her particular mix of creativity and humour, with quite pointed insight into the development process and community

Her first project was: Forage, a website built to let gardeners swap their excess produce with others.

Alberto Forni

Alberto moved here all the way from Italy with his girlfriend in order to learn development. He's studying full-stack development, and his girlfriend is in the classroom next door studying User Interface Design. So I expect them to make a formidable development team when they're done.

His first project was: Alfred lets you keep track of expenses and wishlists - and share your wishlists with your friends.

Luke Schoen

Luke is always overflowing with ideas. No sooner do I describe some new topic and he thinks of five new applications for it in various combinations with other things he's learned.

His first project was TrendMyHunch, a site to share your ideas, pick your favourites and see if they're currently trending on google.

I have plenty more students, but they haven't shared their blog-urls with me yet... I'll come back and add them if/when they do :)

Here are the links to their recent, group-projects:

Expense Tracker

Split and track expenses with your friends or housemates

Autism Connect

A community for carers of the Autistic, allowing sharing of autism-related events, documents, links etc

Rick Rampage

A javascript, scrolling shooter game (the scores are stored in the rails backend)

Saturday, 8 March 2014

Classic: Making Wrong Code Look Wrong by Joel Spolsky

The article Making Wrong Code Look Wrong by Joel Spolsky is a classic take on a programming concept that you should still, always keep in mind when writing your code:

You should try to write your code so that it's more difficult for things to go wrong...or at least more obvious when things do.

It was written Some Time Ago - so take his prescriptions with a pinch of salt and apply your intelligence and ingenuity.

It's the vibe of the thing that matters here :)

Sunday, 2 March 2014

Ruby Women - a new meetup group

TL;DR: come to the Ruby women Sydney meetup (if you're a woman in Sydney and into ruby and/or rails), and please spread the word


I've been kicking around this idea for a while now.

You see, once upon a time I was a regular at the Sydney Linux Users Group - a formidable group of uberhackers. I knew almost nobody there, and due to the high skill-level of the members found it overwhelmingly scary to even think about presenting.

I was simultaneously looking into issues that women face in the workplace, and came across a couple of different books that pointed out that women, in general, tend to be more self-critical and less self-confident than their male counterparts.

It helps to have a network of other women to support you... but where can you get one in the traditionally male-dominated arena of IT uber-geekery?

Well - shortly thereafter, a number of us women in linux geekery began organising a local version of Linux chix. We just got together about half an hour before the SLUG meetup - and chatted and gave mini talks on interesting and basic linuxy topics... (nothing special)... and then all walked en masse to the SLUG meetup.

It doesn't seem like much, but it made a huge difference.

It provided a safe, conducive environment to women-geeks to introduce them to the linux community, without diving right into the deep end. It also provided a network of other women to serve as colleagues and role-models.

A couple of short years later, Sydney hosted a Linuxconf(.au) that had a remarkably large percentage of women for conferences of the kind - along with a whole mini-conf on topics relating to women in IT.

Linux-geekery was now something that women participated in too - in large (if not yet equal) numbers, and I'm quite certain that the strong networks formed at linuxchix helped with this

then I went away to the UK for three years...

Coming back to Sydney again, now part of the ruby community... I went to my first rubyconf.au and was overjoyed to hear of RailsGirls - a hackday-style initiative designed to help non-dev women get their first Rails site up and running.

...but it has come to the attention of many, that there's not much to keep interested women going after this. RailsGirls is currently working on RailsGirls-Next - to help Rails Girls participants continue working on their apps and slowly improve their skills... and alongside that - I've been working on something much more akin to the linuxchix concept:

Ruby women

It will be a group dedicated to women in the ruby/rails community - providing exactly the kind of supportive network and easy transition into the ruby/rails community that I think women still need.

Our first dinner meetup/discussion will be held on Wednesday 19th of March in Sydney

Please feel free to publicise the meetup far and wide, and to invite any and all women you may know.


To head off a couple of obvious responses:

What about a ruby men group?

Feel free to start one. There's nobody stopping you, and I'd certainly welcome that too.

I'd be really interested in hearing about the issues facing men in the IT industry too. I've heard especially about issues regarding fatherhood and balancing concerns of needing to appear dedicated to your job, as well spending time with your children... and also tales of unfair paternity laws (ie women are more likely to get time off for children than men are).

Can men come too?

Good question. We probably won't drive you away with pitchforks...

Personally, I'd be curious why you wanted to come. If you're there to pick up chicks - I'd be strongly against you coming. If you're there to support the needs of women in another group you run I'd happily welcome you...

but this won't be just *my* group, so others may have differing ideas about that.

Isn't it kind of exclusionary?

Yes. So is a group catering only to the interests of ruby programmers (as opposed to, say, python programmers)

Meetup is being DDOSed

I just checked meetup.com - it appears to be under a DDOS attack right now.

Check the meetup blog for ongoing details

Friday, 28 February 2014

Startups for the unexotic underclass

If you're an entrepreneur looking for ideas, consider looking beyond the city-centric, navel-gazing, youth-obsessed mainstream.

The unexotic underclass in a fascinating read for startups looking for meaningful ideas for new apps.

It's a call to action for us to stop wasting our time developing the next fashion-hunting twitter-app for our manicured dogs...
and instead start looking at solving some real problems that affect real people that we tend to mostly overlook, because they're just not treated as *interesting* enough by our society.

Really worth a read

Friday, 21 February 2014

Vale David E.

There's too much death going around right now.

The ruby world has been rocked by the death of of Jim Weirich (kind man, great teacher and original writer of rake)...

But for me, I have to say this is overshadowed by two deaths much closer to home.

About 3 weeks ago, my grandfather died.

I was never really close to him, but his passing sent ripples through my family. Even my close family came back from the states to attend the funeral and be with my grandmother.

But my grandfather had made it to 96. He was well-travelled and had managed to complete his book on lay evangelism - which was the end result of his life's work in his church. He lived a long, full life.

This morning, my uncle gave up his struggle with cancer.

He was only 70, and the world is that much less bright without him in it.

He was kind and generous, and always made me laugh. He brought joy and love back to my aunt - whom he married only a few short months ago (right after the diagnosis).

He was way too young to die.

Monday, 17 February 2014

Link: Stack Overflow Goes Down, Programmers Around The World Panic

StackOverflow went down on Sunday. It's back up now, but it sure serves as a reminder of how much we've come to rely on this truly awesome resource.

The article above shows some of the (inevitable) humour that flowed from the event... but it does leave me with that feeling that we're whistling nervously in the dark - what if it went away for reals?

Sunday, 9 February 2014

Link: a deeper look at ruby's enumerable

Have you ever needed to load a VERY large file in ruby? No I don't mean your 500 line rails model. I mean a several gig binary or text file.
Try it. Watch your machine become unresponsive. Cry a little inside. Then reach for enumerable.
Ruby's Enumerable module gives you a way of iterating over collections in a lazy manner, loading only what you need, when you need it. But it gives us so much more than that.

rubylove has written a great, in-depth look into enumerable with: A Deeper Look at Ruby's Enumerable

Sunday, 2 February 2014

Gamification on coursera

Kevin Werbach's coursera course on gamification is restarting again!

He's the bloke who wrote For the Win: How Game Thinking Can Revolutionize Your Business - and the gamification course had amazing reviews.

I started it too late last time to fully participate - and now I get another chance!

it's only just begun - so there's still time to sign up without missing out on any of the assignments or the option to get a certification.

Tuesday, 28 January 2014

Teaching at fishburners

If you're wondering why I've been so quiet... I'm currently teaching the "Immersive web development" course for General Assembly at fishburners, in Ultimo

This is a 12-week course covering the full stack of web development. Students learn ruby, HTML, CSS, SQL, sinatra, rails, javascript and several javascript frameworks.They complete three personal projects as well as many small homework projects. They also get an introduction to the ruby/rails and startup communities (especially via fishburners).

I'm teaching the course - and teaching is, for me, a brand new skill. While they learn rails, I get to learn how to structure and plan lessons, and how to deal with multiple levels of understanding.

It's tough - which is what I expected. I have to plan 40 hours of talking... every weekend - and brush up on every aspect of what I'm teaching so I can answer the tricky questions.

This essentially means I'm working 6 days a week, and the teaching itself drains a fair bit out of me.

So if you're wondering why I'm a bit quiet atm... that's why

Monday, 16 December 2013

Open Source Software is Anarchism*

There is No Governing body

People come together purely through enlightened self-interest to build something useful

Yes there are freeloaders
yes there is chaos
yes standards vary

But some amazing stuff gets built despite all that.


* Note: anarchism != anarchy... go look it up, if you've never heard of it before...

No. it wouldn't work as a form of government for obvious reasons (ie people are still people)... but that isn't the point I'm trying to make here.

Monday, 9 December 2013

In the land of the blind

In the land of the blind
the one-eyed man is burnt at the stake
for asserting the heresy of light in our land of blessed darkness

Tuesday, 3 December 2013

Twitter bootstrap - for quick and easy design

If you're anything like me, for a graphics designer you make a great web developer.

My past attempts at design have run the gamut from "geocities" to "unicorn vomit", and I've become increasingly minimalist in an attempt to rectify that

-> less design == less unicorn-puke == win!

But it still leaves my sites looking like crayon-drawn whitesites

It's a long way from there to the current industry requirements of a clean, flexible, responsive design - able to handle mega-huge desktop-monitors and tiny smart-phones alike while looking sleek and professional... and I had resigned myself to basically just not sucking too badly and hoping my sites were useful enough for people to get past the ugly-duckling look.

but now I've found bootstrap. It lets you quickly and easily build a fully-responsive all-devices-ready design with very little graphic-design nous required. From a full grid-based system (to easily build columns that will nicely collapse on smaller screens), to all sorts of components - navbars, breadcrumbs, panels, lists of linked thumbnail images... the list is pretty huge.

Don't be put off by the "oh my god PURPLE" look of their website - this is a tool worth using.

The getting started guide is where to begin.

There's a number of pre-built templates on bootply templates that even if you don't like, you can cannibalise for the various pieces you want.

You can also buy a whole bunch of pre-packaged, professional themes (for about $12 each) from WrapBootstrap to kickstart your website design. Though be aware they are mostly built on Bootstrap 2

If you're building this stuff in rails, there's a whole bunch of bootsrap-related gems - which mean you don't have to download the css/js versions of bootstrap and mix them all into your assets directory.

Ryan Bates' railscast (see below) uses seyhunak / twitter-bootstrap-rails, which seems to have a whole bunch of neat generators for quickly throwing up layouts. I prefer not mixing bootstrap's Less with the existing SASS, and so have gone for the sass-based gem: bootstrap-sass gem.

I suspect you can combine these two powers for good by using the generators of twitter-bootstrap with the sass-based assets of bootstrap-sass... but have yet to try it (let me know if you do).

There's also a great overview of rails and twitter bootstrap with a related RailsApp that goes into far more depth (I haven't had a look at that yet).

and Ryan Bates has done a railscast on twitter bootstrap basics, and a pro-only railscast: more on twitter bootstrap

enjoy...


Note: Bootstrap version 3 has recently been released, and a lot of the tutorials, railscasts etc are based on version 2. Bootply has a Bootstrap 3 migration guide if you want a reference to what has changed.

Wednesday, 27 November 2013

Link: loading-icon generator

Load info is a neat website that lets you generate your own loading icon.

The first page has a hypnotising array of load-icons to choose. Click on one and it'll bring up a box that lets you choose the size and colours you want and it'll generate you a customised animated gif you can use.

Tuesday, 19 November 2013

Thursday, 14 November 2013

Zen and the Art of Western Rationality

Zen seems to have, as central to its dogma, a mystery tradition. ie it makes all its teachings appear incredibly mysterious in what appears to be an effort to make it seem harder to attain - and thus weed out those not willing to work for the enlightenment it proffers.

at least this is how it seems to western thinking. I've known a number of people who have fallen into what I believe is the trap of thinking that zen actually *is* a mysterious hidden secret that can only be approached in a non-rational way...

The reality is that zen is a very good way of switching off that part of the mind that gets in the way of thinking about the things that zen teaches... however, its not the only way.

As they say in zen - zen is not the way, but it approaches the way.

ie it's a good way of starting out, but it won't get you all the way there.

and (unlike the smugness of certain woo-woo types would lead you to believe) it's not the *only* way of reaching The Way.

It's my contention that it is just as possible to work your way there, starting with traditional western rationality/philosophy.

Here's an example pulled from zen:

A teacher once said "this is my short staff. If I call it a short staff, I deny its reality, but if I do not call it a short staff, I deny its fact, so what do I call it?"

It sounds incredibly mysterious. It's a mind-puzzle that you must work out for yourself - and if you are starting from scratch, it may take years of meditation to get to an answer... or you may grasp it in a second.

This is why it seems mysterious, like a great hidden secret that must be very valuable and thus you can feel all smug about knowing...

However, this koan contains some truths which are quite easily expressed in Western rationality also, and I believe it's more valuable to share those truths than to remain "terribly mysterious".


This koan, to me, expresses the map vs territory problem.

The map is not the territory, and yet it is the territory - just not *all* of the territory. The territory is represented by the map, but it is not defined by the map. Change the map (say, pencil in a new road) and the territory will not change (the new road does not spontaneously appear). Change the territory, and the map must be changed to match or lose it's connection with the territory.

Yet the map (if properly drawn) is the territory also - that road connects to this one in just such a way. If you follow the pattern of roads on the map, you will arrive at the destination that the map says you will.

The territory contains those facts that are within the map, but it *is not* the map itself. The map contains facts which are defined in the territory. You can recognise the territory by looking at the map - but the territory is so much more. It contains trees and roof-tiles and many other things that are not in the map.

The map is not the territory, and the territory is not the map

If I look at a map of england and say that this is england I will deny the reality of england. But if I look at the map and say that it is not england, then I deny the fact that the map is of england.

The map is the territory and is not the territory

but using the map you can approach the territory, but it is not the territory.

It does and does not have "england-nature"...


To get back to the koan... the object that the teacher is holding out is a short staff - that is the fact. If he said "this is not a short staff" then he would be denying the fact of it actually being a good example of a short staff.

However - if he broke it in half (so that it was no longer a short staff), it wouldn't be like there was no longer any short staves in the world. Thus you cannot say that is is "the" short staff. Other short staves are not defined by the properties of the object in the teacher's hand.

The name "short staff" is just a reference to it... but not a definitive one. It is not the same short staff as, say another one lying on the floor over there. If I can point to each and say "this is a short staff" then you are not naming a thing, only categorising it.

Therefore if you name it "short staff" you deny the reality of it being something *more* than a short staff.

The phrase "short staff" is the map that lets us recognise "things that have the short-staff property"... but it is not the short staff itself.

Now - perhaps you got something different from the short-staff koan. If so, instead of being "all zen and mysterious" about it, I implore you to figure out what it is you've learned... and share it with the rest of us.

Thursday, 7 November 2013

Link: Awesome guides to building a functional rails app

Rails girls is a group dedicated to training up the next generation of Rails developers... who happen to be women.

They tend to run over a weekend and get women of all backgrounds (but without rails experience) to build a rails app from scratch.

They have a set of materials that is brief, but quite impressive - and if you follow them through step-by-step it's a quick tutorial on how to get a pretty decently functional Rails app off the ground.

Start with the App tutorial to get it up and running with a simple scaffold, to add some basic styling with bootstrap, and add picture-uploads with carrierwave.

Then follow the set of guides (links are at the bottom of the app-tutorial page) to get it up on heroku, to add authentication with devise, to use geocoding to add your widgets to a map, to create thumbnails for your uploaded images and more.

With just the above you can get a fairly decent rails app built for most purposes in a day or so.

Friday, 1 November 2013

Putting your heroku repo on github

When I set up a new quick-and-dirty app on heroku... I often also want to put my code up on github.

I was really surprised this simple process wasn't covered in the otherwise pretty excellent Getting started with Rails 4 post on heroku.

It's pretty straightforward, so here it is.

If you follow the instructions as per the getting started guide (above), you'll have a local git repo, and it'll be tracking the heroku remote as "heroku". which means there's no problem with using the bog standard "origin" for your github repo version.

So from there

Step 1 create a new repo on github

  1. Go to your github page eg this is the github page for me: taryneast's github
  2. Click on the "repositories" tab
  3. Click the green "new" button
  4. Give it a name and, optionally, a description
  5. Click "create repository"

Step 2 - link it to your heroku app

  1. Go to your heroku app's settings page. this will be something like: https://dashboard.heroku.com/apps/<myapp>/settings
  2. About halfway down you can add your repo-name. It'll be <mygitusername>/<mygitrepo>
  3. Click save

Step 3 - link your local repo to the github remote

  1. open a terminal in your rails app's root directory
  2. type git remote add origin git@github.com:<mygitusername>/<mygitrepo>.git
  3. git push -u origin master

Your heroku app is now on github.

You can continue to push to heroku with:
git push heroku master
and to github with:
git push origin master

Wednesday, 16 October 2013

Levelling up in Ruby/Rails - for free.

So, I've recently found myself back on the job market... at least I will be, but I first want to re-sharpen my skills. I've been working in legacy Rails for a while now, and I want to make sure I'm au fait with the latest and greatest the ruby+rails world has to offer.

But when I went looking for courses - there's not a lot on offer for experienced rails devs. Most rails courses are pitched at complete beginners wanting to become a rails dev. Fair enough, but what can I do to polish my existing skills?

Thankfully, some more digging produced a nice set of related online tutorials and screencasts that will get me ship-shape in no time, and for far less than I expected

NewRelic CodeSchool offer

NewRelic currently has an offer whereby if you deploy a new site with NewRelic installed, you can get a free month of CodeSchool. Now, NewRelic is an awesomely useful tool for giving you extremely useful metrics for your site. They even have a free account - and to set this all up, you can roll out a simple site to heroku (also for free) with the new_relic gem installed and away you go.

You can then sign up for a free CodeSchool account (which will give you access to the basic level free courses), and sometime in the near future - you'll get an email from NewRelic with a special promotion code to give you your free month at CodeSchool.

CodeSchool = Rails for Zombies!

So once you've got a month of code school - you can start to work your way through the courses. Starting with the simple "Try ruby" course and through their funny "Rails for Zombies" courses all the way through Rails testing and best practices and some advanced topics of Ruby.

I was happy to discover that even in the simplest ruby course there was one or two things I'd never seen before - so they're all worth the time (but you can skip ahead to the challenges if they're too simple for you).

But the courses don't just cover Ruby/Rails, they also have a series for Javascript, HTML5, CSS3 and even iOS development. Which I'll be availing myself of for the next month - and will almost certainly spring for longer until I've done them all!

From zombies to RailsCasts

I was even happier to discover, that as a "prize" for finishing the "Rails for zombies 2" course, you get one month of a Railscasts Pro account.

Now RailsCasts was where I was planning on heading next anyway - I followed RailsCasts religiously in my early years of developing Rails, and learned a hell of a lot thereby. The number of screencasts that Ryan Bates has done by now is simply staggering. They cover a huge range of topics from detailed aspects of developing Rails (eg tagging or nested forms), to most of the commonly-used tools, and it's great place to go if you want help on a particular topic. To get access to a free month of these on a pro account is wonderful icing on top of the CodeSchool month.

Other CodeSchool courses give you other freebies, and discounts on books etc too, along with lots of links to other amazingly useful resources - so my reading list has suffered a cambrian-explosion this week. I'll keep you tuned if I dig out any further fabulous free offers.


Update: you can now get 3 months of code school for free

It's a limited offer... here's a link: 3 months of codeschool

Saturday, 5 October 2013

Putting a price on your technical debt

Ben Orenstein has written an interesting article: How much should global variables cost?.

It's basically a price-list for different kinds of technical debt, and you can use it to calculate the "cost" that each of your commits adds to your codebase. By actually putting a dollar amount on each "violation" - you can get a good, visceral feel for what you're doing.

As he points out - you can still choose whether or not to keep something (sometimes you really do need to do something that would otherwise be considered a no-no), as long as you can "afford" it.

I think it's an interesting way of looking at the problem. I'd like to see you regaining points for fixing/refactoring similar code-violations out of the project too :)

Saturday, 28 September 2013

Link: don't publish your secret keys on github

I probably don't really need to tell you that it's dangerous to publish secret keys on a public website... but which key am I talking about here?

  # this one...
  MyApp::Application.config.secret_key_base = 'fb636477f014943b9cf2d202f9da4349a580fbb9521ef38d8dc0111ae933a10bfec732ce7d563a854db1663ba00af1db21d06d6764d84a88d0a6286bcd2299e2'

It's one of those things that often gets overlooked...

  rails new
  git add .
  git push

Bam!

But if you're on heroku, rather than deploying to your own hosted site (where you can easily drop config files into a shared directory), how do you have a secret key?

Here's a great little gist that will show you how to set it up on an environment variable.


Update/gotcha

Don't forget, that if you put more than one of these into your .env file... you need to append to the file or you just overwrote your secret key (oops)


Further update

If you're on heroku and putting one of these environment variables into code that will be evaluated at compile-time (eg config/initializers/devise.rb for instance) you will need to switch on heroku's "compile time environment variable" option: user-env-compile or you will not even be able to deploy your site.

This feature allows your environment variables to be available during compilation of the slug (which is when things like bundler, asset-compilation etc are run)

Note that this is an experimental heroku:labs feature - so blah blah use at your own risk blah...

Friday, 16 August 2013

Gotcha: irb, multi-line strings and "Display all 309 possibilities? (y or n)"

Small thing I figured out. I was in irb and trying to copy/paste some text into a multi-line string to play with gsub, and it kept exploding halfway through and showing the message:

Display all 309 possibilities? (y or n)

instead of actually allowing me to create a multi-line string.

Turns out, irb still responds to tab-completion even if you're halfway through creating a multi-line string.

This kinda sucks if you want a string that contains tabs - but don't want to manually type the whole string (including tabs) yourself as you go along.

To fix it, I copy/pasted the text into vim and used :retab to replace the tabs with spaces before copying it back into the string in irb... its a hack, but it worked for my purposes.

Any thoughts on a better solution?

Wednesday, 7 August 2013

Link: alias vs alias_method

If you ever wondered what the difference was, this quick post by Neeraj Singh will show you the difference between alias and alias_method

TL;DR:

  • alias_method is slightly more flexible accepting strings or symbols
  • alias_method will redefine local methods at runtime - which means you can override the aliased method in a subclass and alias_method will pick this up
  • alias will keep the original scope when aliasing - so even if you override the method in a subclass, the aliased method will refer to the parent's original method
  • alias works nicer with rdoc

Don't forget to use a comma for alias_method

Tuesday, 30 July 2013

Link: ruby-warrior : a fun way to learn a little ruby

I just came across ruby-warrior.

I can thoroughly recommend it as a couple of hours of fun diversion while picking up a few lines of basic ruby.

Its byline is:

"A triumphant quest of adventure, love & destiny all within a few lines of code."

Tuesday, 23 July 2013

Link: Your boss, the invader from Mars (or how agile transitions can become unhinged by poor buy-in)

If you've ever tried to implement an agile transition in a traditional workplace, you'll know there are many stumbling blocks - one of the greatest being that of the existing stakeholder: Your boss, the invader from Mars explains how change can and should be dealt with by both the SCRUM and kanban approaches to agile development - and how that can easily be messed up by your boss.

The case-study especially strikes a chord with my experiences, describing a shop wanting to "become more agile" but not actually implementing agile processes, instead trying to add the "agile" on top - with a rather apt simile where the agile process are described as "layered over existing dysfunctions as a sort of veneer".

The article then goes on to show various ways in which a boss who is not fully vested in the agile approach can unhinge the transition process... but also lets us learn the various lessons from that so a we can hopefully improve upon it in our own attempts.

Thursday, 18 July 2013

Gotcha: rvm and No binary rubies available for: ubuntu/12.04/x86_64/ruby-1.8.7

I'm working with a legacy rails system. We're still stuck on Rails 2.3.2 (yes really) and ruby 1.8.7 (it's better than 1.8.6 which we were on only a few months back).

I've just been given a new computer at work (finally) and it has ubuntu 12.04 - and I was trying to set it up with a rails stack. For which I can strongly recommend Ryan Bigg's howto article: Ubuntu, Ruby, RVM, Rails, and You

I got through the tutorial ok, happily installed ruby 1.9.3... but when I tried to install 1.8.7, I hit a snag.

    triton:[~]% rvm install 1.8.7
    Searching for binary rubies, this might take some time.
    No binary rubies available for: ubuntu/12.04/x86_64/ruby-1.8.7-p374.
    Continuing with compilation. Please read 'rvm help mount' to get more information on binary rubies.
    You requested building with 'gcc-4.4' but it is not in your path.

According to rvm, you can list the set of available rubies using rvm remote which gave me:

    # Rubies available for 'ubuntu/12.04/x86_64':
    
       ruby-1.9.3-p194
       ruby-1.9.3-p286
       ruby-1.9.3-p327
       ruby-1.9.3-p362
       ruby-1.9.3-p374
       ruby-1.9.3-p392
       ruby-1.9.3-p429
       ruby-1.9.3-p448
       ruby-2.0.0-p0
       ruby-2.0.0-p195
       ruby-2.0.0-p247

Ruh-roh!

Now, I know 1.8.7 is ancient news, but I didn't think they'd drop support for it so entirely.

I went wandering about looking for a way to specify an older repository - perhaps the 10.04 repo would still have 1.8.7 in a useable format...

Turns out I'd just made a simple mistake, easily rectified.

The important clue was in the last line of the result for rvm install:

You requested building with 'gcc-4.4' but it is not in your path.

I'd copied a whole bunch of things across to the new 'puter, including my .zshrc file - which is what was specifying the gcc version (can't remember why). And on the new 'puter I had gcc version 4.6 but my .zshrc (copied from my previous computer) was pointing at this older version.

Because of this small mistake, rvm thought I didn't have a c-compiler. Which means that rvm wasn't able to install any rubies from source - only pre-compiled rubies - which means it was restricted to only those already pre-compiled for my platform (ie 64-bit ubuntu 12.04).

oops.

When I fixed the gcc line in my .zshrc - rvm was able to figure out how to install+compile source-code rubies - including v1.8.7

Sunday, 30 June 2013

How to shop at Ikea...

Step 1. recognise that you have a problem.
Decide that ikea has the perfect solution.

Step 2. Find a time where you know you have four hours spare (just in case), but convince yourself that you're only likely to be there for an hour or so.

Step 3. struggle for two hours through a labyrinth of perfect mini-houses and dawdling shoppers trying to find the thing you know is there somewhere... you've *seen* it the last time you were here...

Step 4. Along the way discover solutions for five other problems you'd forgotten you had. Write down prices and numbers for ALL the Things!!!

Step 5. You reach the end. Stop for meatballs.

Step 6. Spend a few minutes adding it all up on paper to discover that you'd be spending the next five pay-checks paying back the credit card debt to cover it. Cut it down to only two or three things you most need.

Step 7. Refreshed and ready. Head downstairs to pick up your things... and suddenly re-discover the kitchen section... and remember that you needed some wine glasses, and you loved that metal bowl and could do with another one... and oh! memory-foam pillows, you need a spare! etc etc...

Step 8. Get to the warehouse section and discover there's no flat trolleys, there's a queue of ten people waiting already and they're somehow closing in fifteen minutes. wait... and wait... and wait... plan the order-of-attack for hitting the aisles at a run.

Step 9. Eventually get to the first aisle... and discover you wrote down the wrong number for this item, and without it, almost all the others are useless.
Give up and decide you'll just get the original item *only*. try not to feel bad about the additional two hours of lost time spent choosing these items.

Step 10. Get to the aisle and discover that it comes in a set of *three* huge boxes. Heave them onto the trolley. Think to yourself... holy shit, I don't remember the boxes being that long... how the hell are they going to fit in the hatchback?

Step 11. navigate the trolley towards the checkout... as you try to turn it, remember that these trolleys work on hovercraft-physics, and have about the same leeway... try desperately to stop five times your own bodyweight of flat-packed MDF as it begins to slew into a pair of inattentive shoppers that are drifting about in front of you without looking... discover that the best course of action is to yell maniacally "I can't stop this thing!!!" while they stare at you in horror and clutch small children to their shaking breast.

Step 12. When you're finally waiting in the queue, remember that they do deliveries! You won't have to fit the boxes in the car after all! ... Get to the deliveries desk and re-discover that Ikea assumes that *everybody* has a house-wife willing to be there from 12-noon to 8pm for when they decide to show up... and they will *only* do next day delivery. Decide you want to keep your job, and go fetch your car.

Step 13. break a nail off and bleed profusely getting the first long box in the car... realise that even with the back seats down and the front seat far forward, it's still sticking out by 5cm... of course you knew this was going to happen.

Step 14. use the remaining shreds of your undergrad maths to figure out a topologically viable solution that will allow you to slam the hatchback closed before the carpark closes for the night... When you do, realise you have zero side-vision on your left, it's pouring with rain and pitch dark outside... hope to god that nobody does anything stupid on that side of you tonight. Decide to see the silver lining - if you die, at least you won't see it coming.

Step 15. get to the exit gates and discover that you were in the carpark for your free three hours... and 15 minutes - about the same time you spent struggling to get the boxes into the car... and for which you now owe $8.
Don't forget to drop your credit card on the ground after the *first* time the machine rejects it... apologise to the three cars behind you in time for it to reject you a second time.

Step 16. discover you have to turn left when leaving the carpark. You know this when twice your bodyweight in MDF suddenly slides off the passenger seat onto your left shoulder. Resolve to drive like a granny until you get home...

Step 17. as you continue to drive... try to repress the sinking feeling that accompanies your realisation that you don't have a trolley at the other end...

Wednesday, 5 June 2013

Gotcha: undefined method `render' for SomeTemplate

I recently had to scratch my head over a strange exception message I'd never seen before:

undefined method `render' for #<SomeTemplate:0xb17da594>

The problem was, it came with *no* application trace at all... just the usual Rails stack-trace.

I had to guess at where the problem came from by grepping for SomeTemplate in the controller-action that had exploded, and came across the following line of code:

  @template = SomeTemplate.new(params[:some_template])

Now SomeTemplate is a model of ours, and prior to this error occurring that line of code had been:

  @temp = SomeTemplate.new(params[:some_template])

I have a strong aversion to calling any variable "temp", because my reaction to seeing a variable called temp is to say "a temporary what?" not "oh, that's an instance of a template", and if I'm getting the wrong idea when I look at a variable name - that's an indication it should be changed.

So I renamed it...

Unfortunately, it turns out that @template is a magic variable in Rails that refers to the template to be rendered in a given controller action.

So Just Don't Do That.

The code has now been rewritten to the following, and works just fine:

  @some_template = SomeTemplate.new(params[:some_template])

Thursday, 30 May 2013

Your Open Source Report Card

Have a look at your own Open Source Report Card. It dives into your github commits and generates a description of your coding propensities - skills and habits.

You might even find out something you never knew about yourself - apparently I'm a Tuesday tinkerer!

Here's mine for a comparison taryneast

Tuesday, 21 May 2013

Backporting "in_array" to older versions of should'a "ensure_inclusion_of"

Here's another shoulda backport I added recently. If you're still stuck using a legacy Rails system, this backport will let you use "in_array" in the "ensures_inclusion_of" Matcher.

Save it into something like: config/initializers/shoulda_monkeypatches.rb, then use it like this:

   should ensure_inclusion_of(:widget_status).in_array(Widget::VALID_STATUSES).allow_blank.with_message(:is_invalid).use_integer_test_value
  # backport the "in_array" method for the ensure_inclusion_of matcher
  # While we're at it, add allow_blank and allow_nil too
  module Shoulda # :nodoc:
    module ActiveRecord # :nodoc:
      module Matchers
        class EnsureInclusionOfMatcher
          ARBITRARY_OUTSIDE_STRING = 'shouldamatchersteststring'
          ARBITRARY_OUTSIDE_INT = -999999999

          # to initialize the options
          def initialize(attribute)
            super(attribute)
            @options = {}
          end

          # add the method we want to allow us to pass in arrays instead of
          # just ranges
          def in_array(array)
            @array = array
            self
          end          

          # might as well also add the allow_blank and allow_nil methods too
          def allow_blank(allow_blank = true)
            @options[:allow_blank] = allow_blank
            self
          end

          def allow_nil(allow_nil = true)
            @options[:allow_nil] = allow_nil
            self
          end

          # This is a method of my own addition to point out that the
          # test-value must be an Int, not a String... because a string can
          # evaluate to 0 which is a valid Int... which will make the test
          # pass where it shouldn't :P
          def use_integer_test_value(only_integer = true)
            @options[:use_integer_test_value] = only_integer
            self
          end

          # override description so it doesn't just try to inspect the range
          def description
            "ensure inclusion of #{@attribute} in #{inspect_message}"
          end

          # override the matches method to allow arrays as well as ranges
          def matches?(subject)
            super(subject)

            if @range
              @low_message ||= :inclusion
              @high_message ||= :inclusion

              disallows_lower_value &&
                allows_minimum_value &&
                disallows_higher_value &&
                allows_maximum_value
            elsif @array
              if allows_all_values_in_array? && allows_blank_value? && allows_nil_value? && disallows_value_outside_of_array?
                true
              else
                @failure_message_for_should = "#{@array} doesn't match array in validation"
                false
              end
            end
          end

 
        private

          # provide the message-inspect method to use either array or range
          def inspect_message
            @range.nil? ? @array.inspect : @range.inspect
          end          

          # array helper methods
          def allows_all_values_in_array?
            @array.all? do |value|
              allows_value_of(value, @low_message)
            end
          end

          def disallows_value_outside_of_array?
            disallows_value_of(value_outside_of_array)
          end

          def value_outside_of_array
            test_val = @options[:use_integer_test_value] ? ARBITRARY_OUTSIDE_INT : ARBITRARY_OUTSIDE_STRING
            if @array.include?(test_val)
              raise CouldNotDetermineValueOutsideOfArray
            else
              test_val
            end
          end

          # blank and nil helper methods

          def allows_blank_value?
            if @options.key?(:allow_blank)
              blank_values = ['', ' ', "\n", "\r", "\t", "\f"]
              @options[:allow_blank] == blank_values.all? { |value| allows_value_of(value) }
            else
              true
            end
          end

          def allows_nil_value?
            if  @options.key?(:allow_nil)
              @options[:allow_nil] == allows_value_of(nil)
            else
              true
            end
          end         




        end

      end
    end
  end

Tuesday, 30 April 2013

Enforced computer-free time

Gah - I've been computer-free for the past week, and not by choice.

My ageing macbook suddenly started to switch off... at random. This was ok for a while... but when it took four times for it to even get through the boot process - I had to take it into the Apple shop. meanwhile I finally set about getting a new desktop, and work gave me a new macbook to try and use.

I couldn't get the monitor to work on the desktop, and the macbook is too new to run the current ubuntu LTS (though I somehow managed to get 9.10 to install... but it won't find the ethernet port)...

I've finally got the desktop working (I was using the wrong video connection) but I still can't get mail to work properly (the joys of mail on a linux machine...), and my macbook is back from the shop... but the ethernet isn't working.

soooo.... still no email and it's been a week. But at least I have google now.

You realise just how dependant on something you've become when you suddenly don't have it anymore.

You also find just how stuck you can be. How do you find the location of a good internet shop if you don't have access to google to look one up? There used to be a directory-services phone number, but I have no idea what that is anymore, and of course I don't have a copy of the yellow pages anymore (who bothers with those when you have google)?

Wednesday, 24 April 2013

Ubuntu without the Unity!

For some time now my ageing (and now quite flaky) Macbook Pro has been running Lucid Lynx (an older version of Ubuntu). I've been biding my time and avoiding upgrading since, well, April 2010, I guess.

For most of the time it was because upgrading your only machine that you rely on for 100% of your income, to a potentially unstable, non long-term release version is generally a bad idea; but then, when I went to a new employer, I tried a new install of the new long term release... and slammed headlong into the weirdness that is the Unity Interface.

To sum up my experience: when I buy a desktop, I want it to *be* a desktop... not a iPad.

Now - maybe I'm just being backwards and should embrace the new unified interface which I'm told is meant to be amazing... if a little bloated.. and sometimes corrupts your file system if something goes wrong... but this is still my only machine (for now) and I need to be sure it's ok. I don't want to upgrade to Unity.

Of course, there is now a new long-term-release version, and sadly, the old one is now no longer supported, so I'm feeling a bit like a sprite in an old platform game, being relentlessly pushed towards the future by the scrolling screen...

Thankfully, I've malingered just long enough for the Ubuntu Gnome project to have been officially blessed by . it's not an LTR version yet, but it will be.

Until then - it's also possible to upgrade to the LTR but keep gnome. I've been putting it off because I'm ultra-busy and kept finding other, much more important things to do than figuring out how to do it myself... but I've just found a neat article on how to change your ubuntu interface to gnome.

Just what the doctor ordered

Friday, 12 April 2013

Huge medieval camping event - come and join in!

war at Rowany festival

The reason it's been so quiet around here this month is that I've been crazy busy in my main hobby due to our major event for the year (run by our local group).

Rowany Festival is the largest Medieval re-enactment event in the Southern Hemisphere. I've heard it described as "kind of like Burning Man but with a medieval theme" - we prepare all year for this!

This year 800 of us all got together at Peats Ridge and camped medieval-style, fought wars, sang, danced, drank a *lot* of booze (some of it made by me) and generally had a great time...

Needless to say not a lot of Ruby got written... but that'll pick up again now I've got most of my washing done and camp kit packed away again.

If you'd like to join me on this stuff - I'm the president the NSW branch of the SCA, known as Rowany. The Australian kingdom is called Lochac (and also covers NZ too).

The whole Society is huge: 100,000 worldwide, and we all run regular events (camping roughly once a quarter, and feasts/tourneys once a month and just general hanging-out and learning fun stuff every week) and it's a great deal of fun.

Come along to our casual fighter-practice which is held on Tuesday nights at Petersham Town Hall on Crystal St (near to Petersham Station). We regularly get 30-50 people every week and they're running beginners fighting classes right now*. We also have regular singing, Calligraphy fibre-craft and costuming days every month.


* its $5 a night for non-members, or you can join for a year for $30 - but you have to do your membership online here (we're not allowed to take payment directly for that)

Picture Credit: Enough Wealth: Rowany Festival

Tuesday, 5 March 2013

Link: Why Yammer believes the traditional engineering organizational structure is dead

This is a great article describing the way that Yammer has set up its organisational structure to be nimble and effective. Why Yammer believes the traditional engineering organizational structure is dead

Highlights for me:

Yammer’s biggest rule of thumb is “2 to 10 people, 2 to 10 weeks,” ... If you employ the “2 to 10″ rule, it’ll also force you to release often, test your assumptions, and not over-invest in mistakes.

and

While everybody knows how expensive context switching is, it’s staggering that nobody builds that into their organization as a constraint. With total focus, you build one thing, ship it, and then are able to move onto something else.

Thursday, 14 February 2013

Quick and dirty facebook feed parsing

So, there's this big discussion going on for my hobby group at the moment, and the main discussion has been going on in facebook - mainly because that's where I was first asked to set up a discussion and it took all of five minutes to get the page up and running.

However - now that discussions are progressing, there are a number of people *outside* the facebookiverse who have raised quite reasonable objections to the discussion happening there. not everyone is on facebook, not everyone *wants* to be on facebook, and to be honest, a facebook group kinda sucks for searching and archiving really important discussions.

thus it has been requested that I copy all the posts and comments to Someplace Else, to make them available for more general consumption.

At first I balked at this request - 24 posts and 250 comments to be individually copied/pasted??? Who has that kind of time?

Of course when I actually sat down to think about the problem seriously, it took far less time than I though to solve it. So here's what I did, including the quick-and-dirty ruby script that will massage the facebook feed into something that resembles readable format. It aint pretty - but it'll pass for government work.

Step 1: get the feed from the API

I'll assume you are actually a member of the group that you're after. You will need to be.

You need to go to your group and get the group's ID from the URL.

The facebook API page is here: Facebook Graph API explorer

First you need to create an access token to get the data out of facebook. This is essentially the same as doing one of those "allow application to access my data" things that you click on when you add a new app. In this stage, you need to allow the Graph-API application to access *your* group-data, to prove that you have access to he feed of the group - and to allow it to fetch out all the posts for you.

  1. click the "Get access token" button
  2. Select the "user_groups" checkbox
  3. click the new "get access token" button
  4. follow any prompts (if this is the first time using this API, you'll get the "allow access for this application" process - but it may not happen for subsequent attempts

You should now have a long encoded token in the box at the top of the page.

Next up we need to tell it what feed to use. There's a drop-down labelled "GET" which you should leave as-is. In the text-box next to that, type in the ID of the group in a URL-format like this: /1234567890?fields=feed and then click "Submit". The "fields=feed" tells the API to actually go and fetch the feed of posts and comments.

At this stage, you should be able to see a huge hash full of posts and comments in the box to the right hand side of the screen. Copy and paste that into a file.

Step 2: massage it into shape

Now you've got your feed data, you just need to play with it and spit it out into a nicer format. In our case, I decided to go for just a rough html format that showed what the posts were, what comments were attached, and who said what. My script is posted below - which can serve as a starting point for whatever you'd like to see done.

This script accepts the input filename and an optional output filename (or it just jams '.html' on the end of the input filename). It'll generate a really rough-and-ready html file that contains the posts and comments (with names and datetimes) plus some of the links (if present).

Enjoy...


#!/usr/bin/env ruby

DATE_FORMAT = "%H:%M:%S %d-%m-%Y"

class Object
  def blank?
    self.nil? || (self.respond_to?(:empty?) && self.empty?)
  end
  def present?
    !self.blank?
  end
end

new_file_name = nil

# if they've passed in the filename, use it
if ARGV && ARGV.length >= 1
  file_name = ARGV[0]
  if ARGV.length > 2
    new_file_name = ARGV[1]
  end
end
if file_name.blank?
  p "usage: facebookfeed <file_name> [<outfile_name>]"
  exit(1)
end
p "got file_name of: #{file_name}"

unless File.exists?(file_name)
  p "file: #{file_name} does not exist"
  exit(1)
end

# munge up an html filename for the output file
new_file_name ||= file_name.split('.').first + '.html'


if File.exists?(new_file_name)
  p "output file: #{new_file_name} already exists, please supply another"
  p "usage: facebookfeed <file_name> [<outfile_name>]"
  exit(1)
end

# parse json in file into ruby - preferably a hash
require 'rubygems'
require 'json'
require 'date'
facebook_hash = JSON.parse(IO.read(file_name))

feed_data = facebook_hash["feed"]["data"]



if feed_data.present?
  File.open(new_file_name,'w') do |outfile|
    puts "parsing #{feed_data.count} posts"
    sum = 0
    feed_data.each {|post| sum += post["comments"]["count"].to_i }
    puts "with: #{sum} total comments"

    feed_name = feed_data.first["to"]["data"]["name"]

    # html headers go here
    outfile.puts "<html>"
    outfile.puts "<head><title>#{feed_name}</title></head>"
    outfile.puts "<body>"
    outfile.puts "<h1>#{feed_name}</h1>"

    feed_data.each do |post|
      outfile.puts "<p>by <b>#{post["from"]["name"]}</b> at: <b>#{DateTime.parse(post["created_time"]).strftime(DATE_FORMAT)}</b></p>"

      if post["picture"].present?
        outfile.puts "<div style=\"float:left;\"><img src=\"#{post["picture"]}\" /></div>"
      end
      name_str = post["name"]
      name_str = "<a href=\"#{post["link"]}\">#{name_str}</a>" if post["link"].present?
      outfile.puts "<h2>#{name_str}</h2>"

      message = post["message"]
      message.each do |para|
        outfile.puts "<p style=\"clear:both;\">#{para}</p>"
      end

      comments = post["comments"]

      if comments.present? && comments["count"].present? && comments["count"].to_i > 0
        outfile.puts "<h3>Comments</h3>"
        outfile.puts "<dl>"

        comments["data"].each do |comment|
          outfile.puts "<dt>by <b>#{comment["from"]["name"]}</b> at: <b>#{DateTime.parse(comment["created_time"]).strftime(DATE_FORMAT)}</b></dt>"
          outfile.puts "<dd>#{comment["message"]}</dd>"
        end
        outfile.puts "</dl>"
      end #any comments present
      outfile.puts "<hr />"
    end # each post

    # html footers go here
    outfile.puts "</body>"
    outfile.puts "</html>"
  end # with open outfile
end #feed data present

Friday, 8 February 2013

Link: What rails security means for your startup

If you hadn't already heard, Rails has a security vulnerability that affects all versions of Rails. This one is about XML-parsing of YAML strings.

This was followed by a second vulnerability in the JSON parser - again of YAML-parsed code.

So what does this all mean for all of us running Rails-based systems? Is this just a flash-in-the-pan issue that will fade away the moment it's out of the public eye? or is it a herald of the coming apocalypse?

A really cogent overview of what the rails security issue means for your startup has been written by Patrick, and I strongly recommend you read it, and pass it on.

Amongst a number of useful overviews, it covers such things as "yeah, but we're not a high-profile site, nobody's going to attack us right?" and concludes that the worst may not yet be past, and that:

You Should Be At Defcon 2 For Most Of February

Saturday, 2 February 2013

Link: Help Vampires: A Spotter’s Guide

Here's a great post on the ubiquitous "Help Vampire" who drains the life out of helpful communities...

Help Vampires: A Spotter’s Guide gives tips on how to spot, avoid and reform them for the future benefit of humanity...

Sunday, 27 January 2013

XML-YAML-parsing security fix for older versions of rails

Earlier I mentioned the Serious Rails vulnerability that affects all versions of Rails for the last six years.

A fix has been put into the latest versions of Rails 2 and 3. but it requires you to upgrade to the latest version.

If you have an older version of rails and can't upgrade for various reasons (eg we are still stuck on v 2.3.2 due to some legacy code), there's a better fix for the *link* xml parsing error than the workarounds on offer (which tend to switch off your ability to parse XML).

The fix that we've done requires that you use bundler, though you could equally-well freeze rails into vendor/gems and make the same patch there. We chose the bundler/github approach because it reduces the size of our repository.

Step 1: fork a copy of rails for yourself

  1. fork rails
  2. git clone it into a local directory.
  3. checkout the *tag* that corresponds with the version you are on (eg for us: v2.3.2.1) - you can see what tags there are by running: "git tag -l"
  4. Don't worry about the big scary message it gives you about a detached HEAD - that just means you've got a specific commit checked out instead of a branch.
  5. create a branch for yourself eg for us: git branch v2.3.2_xmlfixes
  6. checkout that branch eg git checkout v2.3.2_xmlfixes
  7. push that to your repo on github with eg: git push -u origin v2.3.2_xmlfixes

Now you have a forked copy of the rails repo with a branch at the rails-version you are using that you can refer to in your Gemfile.

Step 2: actually apply the patch...

cherry-pick this commit (which if you look at github is is the one from v 2.3.15 that fixes this very error). Using:

git cherry-pick 70adb9613e4a40c5645c99da37

Note: You are likely to get conflicts with the CHANGELOG - you can keep them or just throw them away as you wish (it's just the changelog which describes the latest changes).

commit and push to your repository.

Now you have a patched version of rails in your git repository.

Step 3: update your Gemfile

Your Gemfile is likely to have a line that includes rails such as:

gem 'rails', '2.3.2'

You need to update that line to point at *your* git repository and your new branch.

The following *should* Just Work:

gem 'rails', '2.3.2', :branch => "v2.3.2_xmlfixes", 
:git =>l 'git://github.com/<your_git_repo>/rails.git'

To find the git url, you can go to your forked copy of git, look near the top of the page where it has a text-box with a git-link. Make sure you click on the "Git Read-only" button, and copy what's in the box on the right.

The branch to use is whatever you named your branch in step 5 above.

You should now be able to run bundle install to regenerate your copy of rails - and it will pull the details from your forked-and-patched copy

Troubleshooting

Unfortunately, when I used the above, it bundled correctly, but any attempt to spin up the server just caused the following error:

./script/../config/boot.rb:61:in `require': no such file to load -- initializer (LoadError)
 from ./script/../config/boot.rb:61:in `load_initializer'
 from ./script/../config/boot.rb:117:in `run'
 from ./script/../config/boot.rb:17:in `boot!'
 from ./script/../config/boot.rb:130
 from script/server:2:in `require'
 from script/server:2

Luckily the answer is in the StackOverflow question: how to use a branch in a fork of rails in a project with bundler.

First, you need to add .gemspec files into your patched copy of rails. If you're forking 2.3.10, you can copy the gemspec files from the commit Adding .gemspec files for all gems in the 2-3-stable version of rails created by the author of the above stackoverflow issue.

Otherwise you'll need ones correct for your own version. The commit above talks about generating them from the associated Rakefiles. I created them by copying the gemspec files listed in the commit above, and then just copying over the spec = Gem::Specification block with the equivalent block that is in the Rakefiles.

eg for actionpack.gemspec, I copied the actionpack.gemspec from the commit into the rails/actionpack directory in my forked copy of rails. Then I opened up rails/actionpack/Rakefile and copied the whole block of code that begins with spec = Gem::Specification into the actionpack.gemspec file, deleting the previous block from that file first.

You will know if you got the gem-dependencies wrong if you get an error like the following:

Bundler could not find compatible versions for gem "activesupport":
  In Gemfile:
    actionpack (>= 0) ruby depends on
      activesupport (= 2.3.10) ruby

    activesupport (2.3.2)

Now you have generated the gemspecs, add them to your forked copy of Rails, commit them and push the commit to your github repo.

Then you can put the following in your Gemfile:

:git => 'git://github.com/<your_git_repo>/rails.git', :branch => "v2.3.2_xmlfixes" do
  # Note: load-order is essential for dependencies
  gem 'activesupport',  :branch => "v2.3.2_xmlfixes" # this must go first
  gem 'actionpack',     :branch => "v2.3.2_xmlfixes" # this must go second
  gem 'actionmailer',   :branch => "v2.3.2_xmlfixes"
  gem 'activerecord',   :branch => "v2.3.2_xmlfixes"
  gem 'activeresource', :branch => "v2.3.2_xmlfixes"
  gem 'rails',          :branch => "v2.3.2_xmlfixes" # this must go last
end 

Note: make sure the gems are in the order above, with rails last - otherwise you'll get something like:

Could not find gem 'activesupport (= 2.3.10) ruby', 
   which is required by gem 'activerecord (>= 0) ruby', in any of the sources.

Also note: you *must* explicitly set the branch on the git-repo line and *also8 on all the gem-lines (and they must match) otherwise bundle install will work fine, but if you try anything else you'll get the infuriating error:

git://github.com/<your_git_repo>/rails.git (at v2.3.2_xmlfixes) is not checked out. Please run `bundle install`

Finally

you should now be able to run bundle update and bundle install and it should now work.

This has been tricky to explain, and the steps are complex - if something's not clear, let me know and I'll try and make it more plain.

Monday, 21 January 2013

Link: DHH - testing like the TSA

Learning how to test is an important skill, learning what *not* to test is also an important skill. DHH shares his thoughts on this subject, with a brief article: Testing like the TSA which cuts through the "security theatre" aspect that can sometimes begin to surround our testing efforts.

There's also a long discussion on Y-combinator about the article here Hacker News: Testing like the TSA

Tuesday, 15 January 2013

Link: Why 2012 was the best year ever

So many people are on the doom-and-gloom bus - so much so that it blinds them to the spectacular, amazing things happening in the world today. New things are being created and built, and medicine is practically screaming along.

Not that this stops the doom-sayers who claim, darkly that it all comes at a heavy price, that the advances of the first world are killing the rest of the world, and that poverty and death are on the rise...

Well, pooh to that. Here's an article that explains that actually, the world is improving at a rapid pace, including all of the usual favourite doom-and-gloom topics: Why 2012 was the best year ever

Read that before you try and tell me we "shouldn't bring children into this world" or that the world isn't as good as it was back when...

Wednesday, 9 January 2013

Serious rails vulnerability - read this!

A serious vulnerability in *all* versions of rails (for the last six years) has been spotted.

In brief: complex xml-style params go through an XML-parser that will interpret based on types. "yaml" is a valid type, and that loads the YAML-parser... which instantiates any embedded classes that can include arbitrary code - leading to all kinds of injection-attack possibilities.

A general discussion of the problem, including patched versions and workarounds for old versions is available here: Multiple vulnerabilities in parameter parsing in Action Pack

A more in-depth look at what the problem entails is available here: Analysis of Rails XML Parameter Parsing Vulnerability

Thursday, 6 December 2012

Link: Everything you need to know about the National Broadband Network

Hi all, this one is aimed at other Australians. Since it was first announced in 2009, there's been a lot of rumbling about the National Broadband Network plan - what it actually is, whether it's worth it, what it actually means for us or for the Australian budget etc etc

This link provides an article that fully explains what it's all about and is well worth a read.

The NBN: everything you need to know

TL;DR: it's a plan to replace the antiquated Telstra copper-network with high speed fibre (preferably to-the-home) so that we can keep up with the massive influx of bandwidth we're all using these days just like all the other high-tech countries did ages ago... and yes, it's worth it.

Friday, 30 November 2012

Link: Why engineers are grumpy

There have been many great articles on how to deal with IT-folks. This is another of them: The care and feeding of software engineers (or, why engineers are grumpy)

It explains: what makes engineers tick, what makes them grumpy and why, and also solutions to make it all Just Work. It covers both the strengths and weaknesses of engineers, and how to build on the former, while avoiding the latter.

I'll leave you with a few quotes:

In almost every other industry where things are built, it is expected that all requirements and details are agreed upon and finalized before building commences. Except in software. In software there’s “not enough time” to gather all the requirements ahead of time. The importance of moving quickly is hammered into us from day one. And so engineers learn to fill in the gaps left by product managers just to keep the project going. Product managers, of course, also have the reputation for changing their minds frequently, which means engineers assumptions are often invalidated partway through the process. Is it any wonder that software engineers tend to burn out quickly and change jobs frequently?
True priorities aren’t transient, they are static. The frequency with which people above us change their minds is incredibly frustrating for software engineers. We frequently stand ready to march into battle and just want a direction to march in. But if you tell us one day that we’re building a house and the next day that we’re building a car, you should expect some dissension in the ranks.
There are few phrases that anger software engineers more than, “I used to code.” ... If I were to ask LeBron James how much time he needs to prepare for a game, I’m sure he’d be amused if I disagreed because I played basketball in high school. Software engineers get the equivalent all the time.
We software engineers are an interesting bunch. There’s a definite personality that comes along with us, and we really do want to make the best thing possible. If you stop treating us like short-order cooks and start treating us like part of the creative process, you are likely to get much farther, faster than you would otherwise. The teams on which I’ve worked have all had varying degrees of friction caused by not understanding the engineers’ mindset and what drives them. It’s my sincere hope that this article will lead to better communication between engineers and those that they work with. It’s really not that hard. We’re all just people who want to feel like a part of the solution rather than a worker bee.

Saturday, 24 November 2012

Deleting un-named foreign keys in a migration

So, we use foreign-key constraints in our db. It's pretty annoying to get Rails to work nicely with that, but we have some basic helper methods (which I didn't write, so I cant share).

However I recently had some trouble dropping an old table. I kept getting these errors:

Mysql::Error: Error on rename of './mydbname/#sql-1ca8_f7842' to 
   './mydbname/my_table_name' (errno: 150): DROP INDEX `my_table_name_idx3` 
   ON my_table_name

I discovered that this was because it had foreign-key constraints. The awful error message is itself listed as a bug on mysql... but the real problem is that it doesn't want to drop an index I've asked it - because there's a foreign-key constraint on the column referenced by that index*.

Fair enough.

Unfortunately, the "remove_foreign_key" code we have assumes the foreign-key has been named in a certain way (table_name_column_name) but in this case it wasn't. So Trying a drop index on that caused it to give an equally unhelpful message along the same lines...

This foreign key has been hanging around since the dawn-o-time, and it has one of those automagically-generated constraint-names built by the db itself... something like: my_table_name_ibfk_16.

Now that'd be fine to drop if we just had one client. with one database... you can easily put the following into a migration:

   execute "ALTER TABLE `my_table_name` DROP FOREIGN KEY `my_table_name_ibfk_16`" 

Unfortunately for us, we have 150 clients - each with their own db... and it looks like that constraint-name differs depending on which order the foreign-keys got created. ie sometimes it's my_table_name_ibfk_16 and sometimes it's my_table_name_ibfk_3 - and if you drop it by number - you could be killing the WRONG foreign-key constraint... which would just be embarrassing.

The way out of this quandary is to query the information_schema table to find the foreign-key's actual constraint-name. and here it is for your amusement. (note: put this into initializers eg by saving it as config/initializers/migrations.rb

class ActiveRecord::Migration
  # grab the db-name out of the connection and persist it
  # it's not going to change over the course of a single migration
  def self.fetch_database_name
    @@database_name ||= connection.database_name
  end

  # Use this if the foreign-key was created without an explicit name - 
  # and has one of the automatically-generated constraint-names.
  #
  # This method queries the information-schema table to fetch out the key
  # name before continuing to drop the foreign-key
  #
  # Use this in your migrations with:
  #    remove_legacy_foreign_key :table_name, :field_name
  # eg:
  #    remove_legacy_foreign_key :widgets, :wodget_id
  def self.remove_legacy_foreign_key(table, column_name)
    # first pull the foreign-key name from the information schema
    result = execute "select constraint_name from information_schema.key_column_usage as ke where ke.table_schema = '#{fetch_database_name}' and ke.table_name = '#{table}' and ke.column_name = '#{column_name}';"
    name = result.fetch_hash['constraint_name']
    raise "Got no foreign key by that name" unless name.present?
    execute "ALTER TABLE `#{table}` DROP FOREIGN KEY `#{name}`"
  end
end

[*] Note: mysql also gives a similar error if you're dropping a foreign-key constraint that doesn't exist at all by the name you give it:

ERROR 1025 (HY000): Error on rename of './mydbname/my_table_name' to 
   './mydbname/#sql2-1ca8-f6cc5' (errno: 152)

Saturday, 17 November 2012

Kiva is addictive

No IT angle today...

I have a mixed approach to giving to charity. I have a number of regular direct debits for various causes, and I also give sporadically in lump sums when inspiration strikes me.

My latest of these is Kiva (here's a Kiva invite) - which is a site that does micro-loans to people in developing countries.

Kiva has been on my radar for a while now, but I'd been putting it off because I had a few misconceptions about the whole process and I finally got down and actually did some reading on what it's all about.

I was mainly concerned by the fact that in most cases, the loans have already been given out, and you are paying for something that is already a fait accompli - which I thought was weird, and that it meant that you weren't really lending the money to the people you had chosen.

Turns out to make a bit more sense. These people need loans immediately, so the partner in that country does so, and then posts the loan up to Kiva. When you choose to "fund" that loan, your money then underwrites it. You are taking on the risk for the loan.

Now I've had it explained, it makes sense to me, so I've been having fun donating... it's a bit more addictive than I expected. I've already made five loans in as many countries, three of which have now been fully funded - one of which I was the final person that funded it (and that feels pretty good). We'll see how they go.