michael.sepcot

Destination: Unknown

• Home Page
  • 2008 Blog Archive
  • 2007 Blog Archive
  • 2006 Blog Archive
• College Work
  • Communications
  • Computer Science
  • Humanities
  • IPRO
  • Mathematics
  • Science
• Links
• Photography
• Resume
• Wish List

RailsConf 2008 Recap

Added: June 3rd, 2008 (tagged with: conference, ruby, ruby+on+rails)

RailsConf 2008 has come and gone, I'm now back at work and trying to collect my thoughts on the events of the past few days. I really enjoyed the keynotes at RailsConf, I am glad that they were more than a sales pitch, it felt more like the "zen of coding" with Joel Spolsky talking about the aesthetic building blocks of good software, David Heinemeier Hansson stressing the importance of taking time away from programming to grow as an individual, and Kent Beck telling stories of the twenty year progress in Design Patterns, Developer Testing, and Extreme Programming. Overall, a good time was had. Below are my notes, briefly polished, from the sessions I attended with a massive amount of links to further resources on the net.

Birds of a Feather: Presenter Class

Presented by: Mike Subelsky

The idea of a Presenter Class is to help prevent controller obesity and keep views stupid through an abstraction layer to keep the state of the view.

When are Presenter Classes useful?

1. Forms with multiple models
2. Complicated view logic
3. Complex retrieval

Presenter Class resources:

• Presenter Classes and the Power of Abstraction
• Rails Presenter Pattern

Lightning Talks (All Sessions)

• GateKeeper - permission control per model
• Varnish - page caching outside of Rails
• Prabode Weebadde - Optimal Paging Plugin, pro-paging
• git-lighthouse - Command line utility to work with Git and Lighthouse
• SharedCopy - collaborative annotation service, add and share comments about any web page
• FanChatter.com - uses MMS2R to take cell phone photos that get placed on a JumboTron (active now with the Minnesota Twins)
• JavaScript Keyboard Shortcuts
• MiniUnit - Drop in replacement for TestUnit - includes specs and mocks
• ActiveSesame - HTML Sesame Interface to Triple Store (ORM for RDF/OWL)
• Pastie - TextMate Integration added
• RAD - Ruby Arduino Development
• Scrum Ninja, hosted project management
• Rubber - capistrano plugin to get up and running on EC2
• UltraSphinx - Geo-distance searching with sphinx
• Primospot - find parking spots in NYC
• acts_as_revisable - versioning system per model
• earfl - Voice Flickr
• wesabe - get API access to financial services (personal bank accounts, etc.)
• RailsBrain - JavaScript enhanced API docs.
• ActiveResource Kool-Aid
• MethodTrails - uses graphvis and Ruby 1.9 to generate a representational map of method processing
• BuildingWebApps.com - an information portal for web application developers
• iPhone on Rails - (on view wraps iUi toolkit)
• Permissioning - User has_many Roles which are a group of Permissions
• RESTful Workflow - Interview Style Workflow
• REST with Rails & ejabberd - send SMS through web based Jabber client
• Lazy Methods
• Pseudo Cursors
• Seamless Database Pool
• KABLAME!! - count test code per user
• RSpec Story Runner, Textmate Bundle
• GemInstaller
• NSTableViewFTW - iTunes like tables
• jivepages - YUI Grid Style, Real-Time Editor

RailsConf 2008 Lightning Talk Summaries

DataMapper

DataMapper is an Object Relation Mapper (ORM) that improves on the ActiveRecord concept. DataMapper adds repository(:legacy) type syntax to change object mappings and allows you to copy between data repositories.

Profitable Programmer: Creating Successful Side Projects

Main Topics: Idea, Implementation, Promotion, Success

23 Hacks

This presentation was a collection of random code to do fun things. Examples:

• Ruby Ook Interpreter
• Changing LCD messages on HP printers
• Haskell code that plays Moola
• gitjour (written during RailsConf 2008) - Bonjour-based method of getting git repositories and cloning them.

Asynchronous Processing

Examples:

• Using attachment_fu to store files locally on the filesystem before uploading to the S3 cloud
• Using thread.join to query multiple services and wait for all to finish before returning
• Using spawn to fork off background processes
• Using task storage in the database or message queue and trigger jobs via daemons or cron
• simple-daemon
• CronEdit - control cron through ruby
• Others: BackgroundDRb, AP4R (Asynchronous Processing for Ruby), Bj (Background Job - store in DB tables)

Small Things, Loosely Joined, Written Fast

Integrate small modules to get the job done faster. Examples:

• RubyCAS - a Single Sign-On Server (that works with Active Directory). RubyCAS is a centralized service that must sit behind firewall. Rails integrated documentation at: http://rubycas-client.rubyforge.org/
• ActiveMQ or ActiveMessaging

What To Do when Mongrel Stops Responding to Your Requests and Ruby Doesn't Want to Tell You About It

Ruby/Rails Debugging Tools:

Use the C debugger: gdb -p PID. Then you can play around with the options:

• bt - C backtrace
• eval "RAILS_ENV" - eval puts to STDOUT, you will see it in your Rails log
• eval "caller"
• eval "ObjectSpace.each_object(String) { |s| p s }"
• rb_object_counts - macro that shows summary of ruby objects
• rb_finish - macro that gets you a cleaner environment
• rb_bt - Ruby backtrace
• rb_raise - macro to raise exceptions
• redirect_stdout
• restore_stdout.

"Design Patterns" in Ruby

Important design book: Design Patterns: Elements of Reusable Object-Oriented Software (the GoF or Gang of Four book)

GoF Patterns:

• iterator: sequential access of objects in a collection (Ruby's each)
• command: something that can be executed (closures or proc) that support undo operations (create a command class with undo functions) - Steve Yegge: Execution in the Kingdom of Nouns
• strategy: let algorithms vary independently by caller (Ruby's mixins)
• interpreter: create grammar/lexer/parser (or use DSLs in Ruby as an embedded interpreter)
• adapter: create a class that wraps another by adding methods to allow it to work with something else (Ruby allows you to re-open a class)
• state: allow an object to change its behavior when its internal state changes (Ruby allows mixin behavior, the mixology gem allows unmixing)

Dynamic Language Patterns:

• null object: use object representing null that acts like null, no special cases (Ruby's NilClass)
• aridifier: remove duplication - Book: Pragmatic Programmer by Andrew Hunt and David Thomas introduced the concept of DRY (Don't Repeat Yourself)

Traditional design patterns rely heavily on structure to solve problems. Dynamic languages use language facilities to create simpler solutions.

De-Railing: Smashing the Rails Stack

Beware of SQL Injection, find_by_sql, execute, limit, offset, group_by, and order are not sanitized by Rails. Take advantage of the quote() function to sanitize user input (for SQL).

Cross Site Scripting preventive measures: SafeERb, XSS Shield, Manual Escaping with h()

Tarantula plugin crawls everything and performs form fuzzing.

Don't let a ninja get your neck

• add firewall script that blocks all non used ports
• don't allow the root user to login remotely
• more your SSH port to a non-standard place
• demand strong passwords for all your users
• turn off password authentication entirely and use SSH keys
• monitor your server logs

Security Resources:

• http://rorsecurity.info
• http://owasp.org
• http://quarkruby.com/2007/9/20/ruby-on-rails-security-guide
• http://rubythis.blogspot.com/2006/11/rails-security-checklist.html

Advanced Active Record Techniques: Best Practice Refactoring

Key Points: use callbacks and move business logic to models.