Archive for February, 2008

« Older Entries

Depth Charge

Wednesday, February 27th, 2008

Over the past couple of days, I’ve run into two separate problems caused by gems being installed on one machine and not on another. Fool me once, right?

So I spent a little time last night writing up a rough dependency-finder gem: Depth Charge. As of the 0.0.1 version, it gives you a rake task that parses your project code and displays all the gem and library dependencies it can find, along with the files they occur in. Here’s a sample of its output when run on one of my current projects:

mini_magick
vendor/plugins/attachment_fu/lib/technoweenie/attachment_fu/processors/mini_magick_processor.rb
 
mocha
vendor/plugins/foreign_key_migrations/test/test_helper.rb
vendor/plugins/viget_tasks/test_helper.rb
 
net/http
vendor/plugins/attachment_fu/test/backends/remote/s3_test.rb

It’s super rough at the moment, but I’m hoping to be able to clean it up as I go. As it currently stands, it works pretty well on a Rails project when frozen via the gemsonrails plugin - and one of my first priorities is making it even easier to run. I’m also probably going to use GitHub for SCM, as opposed to RubyForge’s SVN hosting, so it’ll be easy to contribute to. If you’d like to get in on the bleeding edge, though, you should be able to install it with the standard sudo gem install depth-charge.

Posted in gems, ruby and rails | No Comments »

Default routing considered harmful

Monday, February 25th, 2008

An unexpected back door in London

(I always wanted to write one of those “considered harmful” posts)

In case you haven’t realized it yet, if you’re writing a RESTful application in Rails 2, you should probably delete the default route at the bottom of your routes file:

map.connect ':controller/:action/:id'

The reason is that this provides a back-door into any of your RESTful actions that you’d otherwise think are protected.

Take the following resource declaration, for instance:

map.resources :puppies

To update a puppy record, you have to PUT data to /puppies/[id], right? The PUT is of course simulated with a POST, but if the body of the POST doesn’t include _method=PUT (or the request forgery protection hash), your Rails app will reject it.

Unless, that is, you still have the default route declared. If that’s the case, then you can get around the HTTP method restriction (and request forgery protection!) by just requesting /puppies/update/[id] - you could even do it via a GET request, if you wanted.

If you’re writing a RESTful Rails application, then, be sure to delete the default route. Otherwise, you’re just asking for an URL-hacker to come in and play.

(photo of a back door in London from 2create on Flickr)

Posted in rest, ruby and rails | 4 Comments »

Note to self: favicons in Rails

Friday, February 22nd, 2008

Just so I can remember it later: adding a favicon to /public is not enough to get it to show up for a Rails application. You also need to update your layout(s) with the following:

<link rel="shortcut icon" href="/favicon.ico" />

Hopefully this saves somebody else some time, too.

Posted in ruby and rails | No Comments »

OpenID and standard authentication usability

Tuesday, February 19th, 2008

Maybe it’s just me - I haven’t implemented OpenID anywhere yet (it’s on my list, I swear!), so I could just be missing something - but is there a fundamental problem in allowing a single user to log in with both OpenID and via standard authentication?

Take Basecamp, for instance. I used to log in with a username and password. After OpenID became a possibility, I used it - and now, my username and password don’t work at all. Unfortunately, I’m not all that bright, so I often forget which sites I’ve used OpenID on and which I haven’t (this is compounded by the fact that the “login with OpenID” links are often small and/or hard to see). As a result, I’ll try to log in three or four times before I realize what’s happened. How hard could it be to link up a standard authentication account with an OpenID login?

Posted in openid, usability | 4 Comments »

The hardest day

Sunday, February 17th, 2008

(If you read this blog for the technical bits - or have a dog - you might want to skip over this post. It’s one of those blogging-as-catharsis things that many people hate.)

Yesterday was one of the hardest days I can ever remember having. Lacie and I had to make the decision to put our dog Daisy to sleep.

Daisy on the couch

(more here)
(more…)

Posted in life | 4 Comments »

« Older Entries