Hi, this blog is no longer maintained, my new blog is here

Ruby On Rails and a Conning Israeli entrepreneur

Rails Plugin: Dynamic Session Expiry

With session_lifetime you can set after how much time of inactivity your session should expire, you can execute an action when the session expires, and you can set where to redirect_to after session expiry.
Example


class ApplicationController << ActionController::Base
expires_session :time => 2.hours, :redirect_to => '/login'

protected
def on_expiry
flash[:notice] = "Your session has been expired, and you have been logged out."
end
end


Get it from

git://github.com/DefV/session_lifetime.git

Rails Plugin: import_svn

This plugin imports a rails project into subversion (excluding tmp files, logs and more) and converts the current directory to a working copy of that project.

SvnImport goes a little bit further than just adding everything; it ignores resources such as logs, tmp files and database.yml and environment.rb.

For the database.yml and environment.rb files, SvnImport creates template files, and provides a task for copying them back after checkout. This allows each developer to have their own database settings and/or keep the password for the production database out of version control.

Installation




script/plugin install https://svn.cjohansen.no/rails/plugins/svn_import/trunk


Usage




rake svn:import


This task will only successfully run once - before the applicaton has been added to subversion. Once it's been added, the task will no longer do anything. When a new developer checks out the project, she can get the standard setup by doing:


rake svn:setup


Source

Precentage proxy for Ruby's Numeric class

Just a little something i did, cause it usually takes me about 15 minutes to calculate a percentage conversion.
is anyone else checking/calculating dates in irb/console?
"Elad, in 2 weeks you have a dentist appointment!"
"mmm.... "


script/runner 'puts 2.weeks.from_now'


hehe,
but the method today's post is about, is the percent_from i did, so here it is.


class Numeric
def precent_from(num = 100)
self.to_f * (num.to_f / 100.0)
end
end


which comes out as:


>> 40.precent_from(1000)
=> 400.0
>> 6.precent_from(1000)
=> 60.0

remote_form_for with no-ajax support


<% form_remote_tag :url => {:controller => \'/posts\', :action => \'view\'},
:html => {:action => {:controller => \'/posts\', :action => \'view\', :id => @id}} do %>
<%= submit_tag \'View\' -%>
<% end %>


<form action=\"/posts/view/1\" method=\"post\"
onsubmit=\"new Ajax.Request(\'/posts/view/1\',
{asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">
<input type=\"submit\" value=\"View\" />
</form>

Tip: Finding all Unread messages in your gmail inbox

I have about 3000+ mail and i get something like 20-40 relevant messages a day, i usually very orgenized and i sort the incoming messages once an hour.
Now i had about unread messages that i missed in my inbox and wanted to find them, after a short quest i found this:

in the top search enter

label:unread in:inbox

and yaaa, all unread messages are found. you can drop the in:inbox and get your entire list of unread messages, including other labels.

String boolean: MethodMissing fun!

Check out this one, this is way i love rails.


elad = "smart"
elad.smart? # => true


using method_missing on the String object


def method_missing(method_name, *arguments)
if method_name.to_s.ends_with?("?")
self == method_name.to_s[0..-2]
else
super
end
end

Simple install Git on Leopard


mkdir -p ~/Downloads/src
cd ~/Downloads/src

# Set options since we don't have GNU gettext installed
export TCL_PATH=`which tclsh`
export NO_MSGFMT=1
export GIT_VERSION='1.6.0.2'

# Get and install git
curl -O "http://kernel.org/pub/software/scm/git/git-$GIT_VERSION.tar.bz2"
tar xjvf "git-$GIT_VERSION.tar.bz2"
cd "git-$GIT_VERSION/"

# When on Mac OS X
./configure
make
sudo make install

cd ..

# Install Man Pages
curl -O "http://kernel.org/pub/software/scm/git/git-manpages-$GIT_VERSION.tar.bz2"
sudo tar xjv -C /usr/local/share/man -f "git-manpages-$GIT_VERSION.tar.bz2"

Update: Rails 2.1 globalize plugin - Fix

I am using globalize since ever, I always prefered it over gettext or what ever taylor made i18n solution out there.
It seems to be that there is a problem with the action method of date_select, or if to be more specific, the month_select helper produces a "wrong number of arguments" exception... I droped the usage of the globalize plugin for meantime... But I am really looking forward for a real solution... Anyone?

Update
i found a post a about a Rails 2.1 compliant Globalize plugin release. it is currently working for me with no special problems.

Installation:


script/plugin install git://github.com/heythisisnate/globalize.git

updated: Brand new Rails security for 2.1

update: link target changed.

uhh, i know a guy that make a whole bunch of money just by pointing out security holes in web applications.
Most of the people don't even realize how much work is needed in order to even start to make your application in a minimal security level, there are so many ways in which evil hackers (or just playful kids) can disfigure your site, steal information or damage your site data integrity and eventually sending your application in a DOS oblivion.
Rails is not different, there are many traps to hop over, many standards and code implementation techniques to use.. lucky for us, our guys at the Rails HackFest are working hard on updating the rails documentation and menuals in order to make our life easier once more

I would generally recommend to read ALL what you can find in the Rails 2.1 Manuals page and put a great focus on the Rails Security Manual

What is with Mac users?

Great post, as a mac-men, I appreciate every word.

http://howgoodisthat.wordpress.com/2008/10/24/what-is-it-with-mac-users/

Ruby on Rails 2.2 Release Notes

Rails 2.2 delivers a number of new and improved features. This list
covers the major upgrades, but doesn't include every little bug fix
and change. If you want to see everything, check out the list of
commits in the main Rails repository on GitHub.

Along with Rails, 2.2 marks the launch of the Ruby on Rails Guides,
the first results of the ongoing Rails Guides hackfest. This site will
deliver high-quality documentation of the major features of Rails.

http://guides.rubyonrails.org/2_2_release_notes.html

Lighting Fast Ruby On Rails security checklist

Ruby on Rails Security checklist for models:

  1. Use attr_accessible (or attr_protected if you must) to explicitly identify attributes that are accessible by .create and .update_attributes. Just because you don't expose an attribute on an edit form doesn't mean that someone won't try to post a value to it. I prefer attr_accessible over attr_protected as it fails on the side of safety when new fields are added to a model - you have to explicitly expose new fields.
  2. Make sure queries are using the Rails bind variable facility for parameters, not string concatenation or the handy Ruby's #{...} syntax.
  3. Use validations to prevent bad input.
Ruby on Rails Security checklist for controllers:
  1. Make non-action controller methods private (if possible).
  2. If non-action controller methods must be public, identify them with hide_action to prevent unwanted execution.
  3. Make sure before_filters are in place if necessary for your authorization infrastructure.
  4. Move queries from your controller to your model, and see the model checklist above.
  5. Check for params[:id] usage - are you sure you can trust it? Check for proper ownership of the record.
  6. Check for usage of hidden fields - a user can send anything to you through them, so treat them with suspicious just as params[:id] should be suspect.
  7. Use filter_parameter_logging to prevent entry of sensitive unencrypted data (passwords, SSN's, credit card numbers, etc.) in your server logs.
  8. Forget about your view code for a minute, and think about how to protect your controller from posts a malicious user could make to any of your exposed methods. All parameters (whether or not exposed on a form, and whether or not invisible) are suspect to length overruns, bypassing of any browser based validation, attacks with malformed data, etc.
Ruby on Rails Security checklist for views:
  1. Make sure all data displayed is escaped with the helper method h(string).
  2. Eliminate comments in your views that you don't wish the entire world to see.

Google Analytics: Tracking AJAX and Flash

Google Analytics has a new feature that Ajax & Flash developers will find extremely useful . According to the new article, is now possible to track page views in Ajax & Flash applications. And, it is simple.


http_request.onreadystatechange = sendAlert;
http_request.open(’GET’, url, true);
http_request.send(null);
}

function sendAlert() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
alert(http_request.responseText);
pageTracker._trackPageview("/pagefilename1" ); }
else {
alert(’Error.’);
}
}
}

An important usage tip about this feature is that, Google Analytics codes are normally installed just before the /body tag. When calling _trackPageview function, you’ll need to use it after the Analytics codes are included. Which means installing the Analytics codes just after the tag is a guaranteed solution.

Tip: 21 Ruby tricks you must use

From RubyInside at 21 Ruby tricks you must know

ERROR: While executing gem … (ArgumentError)

After a recent upgrade to a newer rails version the gem package manager seems to be broken. Everytime you try to use gem install gem_name, you get the following error:

ERROR:  While executing gem ... (Gem::GemNotFoundException)

Deleting the cached files as suggested in other posts results in the error:

ERROR:  While executing gem ... (ArgumentError)

Solution
As suggested, you need to do:

gem install rubygems-update
update_rubygems

which should be updating the gem version to the latest one, ie 1.3.0

Stepping Up: Migrating from an SVN to a Git repository

pull the svn history into a new git repository:

* mkdir project_name.svn
* cd project_name.svn
* git svn init path/to/svn/repo —no-metadata
* echo “svn_username = Real Name ” > users.txt
* git config svn.authorsfile users.txt
* git svn fetch

make an svn-free git repository:

* mkdir project_name.git
* cd project_name.git
* git init
* git remote add origin path/to/git/repo
* git pull project_name.svn
* git push origin master

yippie!

Tip: Installing Mysql Gem on Leopard

First, i want to make it clear that i am totally for using Oracle Express Edition, and not in Mysql, although you may need a real DBA, it is something you will want anyway, even with Mysql for my opinion.

Working with the Ruby-Based Mysql libraries is not recommended, it freezes with no prior warning in the middle of a transaction and not very stable at all for my opinion (i will update important notes from the comments if you have any other enlightenment about it).

anyway, since Leopard is running on the Intel based Macs, you'll need to specify the ARCH flag in the gem install command.

first, make sure you installed Mysql from the official package at mysql.com

then,


sudo env ARCHFLAGS="-arch i386" gem install mysql -- --with-mysql-config=/usr/local/mysql/bin/mysql_config


Imporatant!!!! make sure you update your XCode libraries from the Leopard CDs.

Javascript logging, all hail to BlackBird

Everybody likes birds recently, Yahoo with their eagle, FireFly (it's not a bird, but close enough for me).
This particular bird offers a dead-simple way to log messages in
JavaScript and an attractive console to view and filter them. You
might never use alert() again as they declared.

BlackBird Home page is right here

Free SVN/Git Hosting Services

Anyone who is not using any source control of what so ever, please never come back to this blog.
Now, seriously... you have to protect your work and efforts from evil nature (yap, coffee on the MacBook) damaging your precious work.
The conventional way is to get a personal server somewhere and install the source control of your choice on it, and giddie up, but for those of use who are still poor entrepreneurs with no wish what so ever to buy a server somewhere, here are some few options to consider when choosing a source control platform for your application.

Unfuddle - Nice, remindes my of Zoho for some reason . Web 2.0 to the max and packed with project tracking and management such as issue tickets, source control, time tracking, milestones and etc. (but still not a replacement for BaseCamp, but that's for another post), Their free package comes with 250Mb, support for infinite repositories on both Git and Subversion.

Assembla - only a small part of a feature-packed project management service, a basic 200Mb of SVN hosting. the project hosting comes with wiki pages, blogs, etc. The free package has all of this so even if you don’t stump up the $49 p/m for the paid you’ll get one hell of a service.

OpenSVN - One of the first to release free SVN hosting of open source projects and starting to show its age with a very clunky interface and barebones features. free but a trouble maker, i got a lot of 404s and peer resets during commits.

Bounty Source
- Bounty Source offer your basic SVN along with a wiki and CMS for managing your projects online presence as well as a task tracker. Bounty Source have a unique feature though that enables a developer to be paid for the work they carry out on user feature requests.

SourceForge
- Ya baby, the real deal, an old and great dino indeed. They tried to shot it up with some Web2.0 gradients and curves, but it still looks like Geocities in 1998 :)

Google Project Hosting
- someone said gSourceForge? Google shamelessly (as for my opinion) simply took that old dino, and painted it blue :) . its features still lack and it is basically what i call an "executed to finish" job, like "yes, we at google now have a source tracker and such, but we didn't put to much work in it".


i personally moved from OpenSVN to unFuddle a few days ago, and i am very pleased at the moment.

IE Testing: Internet Explorer cannot open the Internet site. Operation aborted.


haaah... the joy of working with IE never ceases to amaze me. I was trying to test one of my pages on IE7 when this ruthless message arrived uninvited, needless to say that the immediate action that IE preforms is to redirect you to a 404 default page, discarding from you the option of viewing some Javascript errors and basically take care of the problem.

The Issue:
Internet Explorer 6 and 7 are getting really upset when you don't give them the chance to render the entire HTML, and preform a DOM related actions (appending/removing child elements for an instance).
This is mostly a response to a >script< tag containing a DOM changing javascript.

Solution:
If you are using JQuery like i am, use the document.ready function around your inline

78 Ways For Your Small Business to Save Money

A great article, i tried to raise this subject a few posts ago, but
this looks like a much better job.


Source: http://www.bspcn.com/2008/10/15/78-ways-for-your-small-business-to-save-money/

Written by insidecrm These easy tips will keep your finances secure
during the current downturn. With the economy struggling, every
business is trying to cut costs to make ends meet. Small businesses,
which have fewer resources, especially feel the burn. Not to fear.
We've come up with a mega-list of ways to trim the fat off your
enterprise so you don't become a casualty of the latest economic
downturn.

Dynamically adding a text field, with autocomplete

We all love auto complete. It makes our lives a little less complicated and classy. I decided to (as a complimantry to my new JS beloved framework) to use the JQuery autocomplete plugin, problems began when I needed to use dynamically added text fields with autocomplete. Since the plugin assumes that you use a single and unique DOM ID, was unable to setup the autocomplete feature to newly dynamic fields.
One solution was to add the fields by javascript and Dom manipulation, but I prefered to use a partial in order to keep the code simple and Rubish. The other solution was to add a javascript script tag in the end of the partial which traverses the DOM and adds a unique and random id, and of course setting the auto complete feature for each one of them.
Bottom line, it is working and even working well, but I would like to hear new ideas if anyone has.
Over and out.

My CrunchBase page

Elad Meidar on CrunchBase

Rails as a default language?

I got first acquainted to Ruby on Rails back just after I resigned from the Israel Army, I was writing fully functional web applications way before, and even managed to hold on to a startup project in Israel named ‘DealCenter.co.il’ which was later sold.
After working years with ASP, PHP and even simple HTML programming, coming across Ruby, and Rails specific changed the entire work habits and regulations that I had. ROR had pushed me forward into the great world of Web 2.0 Application, usability and the most important.... It’s fun to work with.
Some might say, that Java is better, that Rails is slower than most of it’s competitors and that it is very though to optimize, I find it rather not accurate after using Rails in 2 major projects that I am in right now and realizing, that there is no limit.
I have managed to find a solution to every problem that occurred my way in these projects, usually with 1-3 Google searches (thank you great community!!!) and in the millions of books and screen casts out there.

I think Rails might be the one I’ll keep. I suggest you guys too.

Elad Meidar, Marketing
elad@indomite.com
http://www.indomite.com/blog



The Web Ask eizesus.com

Subscribe

    follow me on Twitter

    Twiters Around

    About Me

    My photo
    I am a web developer for more than 9 years, managed, cried, coded, designed and made money in this industry. now trying to do it again.

    Labels