RubyGeek

I was starting a redo of a old (rails 1.1.6) site and thought I’ll store the rails in the vendor directory so I don’t have to worry about what version is installed in the server, so I looked up this nifty Article on SitePoint where they explain how to do that. Installing and Managing Edge Rails.

I started with some basic steps to “redo” my old site.. used the controller generator.. whoa.. huh? “.html.erb” .. I instant messaged a friend, Carmelyne and said whats up with “.html.erb” .. she is like, oh thats edge rails. I thought I had installed 1.2 release instead but on closer inspection I did indeed install edge. I must have had the version number wrong or something. Doh, oh well.. let me try it anyways.

In further discussion.. she suggested i look at using REST.. “isn’t it just for webservices?” i ask, she said no. I’m not doing anything that I will need to publish web services for…. its just a bakery order site. But, I did a little research and Carmelyne pointed me to some resources…. and I got it!

A lightbulb went on!

I used the scaffold in edge to build my model… looked at the controller…looked at routes.rb … and i got it.

Read these to understand what the heck I am talking about:
A Series of 5 articles on REST and Rails - very basic and helped me understand how, what why of REST and Rails.
REST on Rails - another good one

I feel like I’ve been a bird with my head in the sand. I’d read stuff before but never understood how, what and why of REST.

More to follow as it sinks in.

I had planned to go to the Rails Conference but things came up and I’ve changed my mind! So I have until April 17th to transfer the ticket to another individual — price is $745. Leave a comment here if interested.

Turns out, that not even ruby was relaxing enough for my 3 day vacation.. I didn’t do much of anything on the computer. Just took a break. I spent some time outside, ordered a bike..did alot of swimming and had some fun.Now, I’m back and ready to tackle work again.

ProPHP Security

Published by: Apress

Authors: Chris Snyder and Michael Southwell

Book Site | Sample Chapter: Preventing SQL Injection | Table of Contents

At first, I thought this book was all about cleaning your input variables and filtering your output, XSS attacks, SQL injections but I was most presently surprised to find that it was that and so much more! In fact, I would have called this “ProPHP Security and Administration” instead! It is absolutely fantastic. It really is about security in all of the facets of web development - from server, to code, to database to the system users.

The book is divided into 4 parts:

- Part 1: The Importance of Security

- Part 2: Maintaining a Secure Environment

- Part 3: Practicing Secure PHP Programming

- Part 4: Practicing Secure Operations

Here are some brief overviews of the sections and the tidbits I found interesting:

Part 1:

The first part is the shortest and gives a general overview the what and why of security.

Part 2:

The second is much more hearty and goes into detail about Shared hosts and why they are secure and how to make the more so. It even dips into alternatives for the traditional shared hosts and goes into Virtual Machines. This is valuable to not only to administrators but to PHP Developers. After reading this, I understand the “why” behind many of the things about shared hosting that I found frustrating.

One of the most important things I found in this chapter is how to maintain separate development and production environments. When I was helping to set this up at one of my past jobs it was a topic that I couldn’t find much information about. It also makes mention of version control, using wikis, bug tracking, sandbox and testing! Oh and here’s a concept…. pretend your live system failed — how well does your backup plan work?

How many times have I thought, I should make a cron job to back up my database to my home server every day/week? Have I ever done this? No! But now I have no excuse! Backing up a database and storing remotely is one of the sections in this chapter and code included! Fantastic.

There are chapters about Encryption theory and practice which I read several times to understand. It was interesting but it wasn’t something I have to do right now in my life, but I will return to this book to refresh my memory when I do.

Securing Network connections SSL and SSH, these proved helpful as I have become the “Reluctant System Admin” for one of my projects — partly because if they were to hire a part time person I’d rather they get a CSS person and I’d rather do the sys admin!

The Controlling Access section goes into details about using certificates with php, single sign-on, basic and digest http authentication … whoa this is some deep stuff! But good, when I was looking into this for a project a few years ago I couldn’t find anything helpful. It continues with then permissions and restrictions, a lot about Unix permissions and keeping things running where they should, securing databases and PHP Safe mode!

Part 3

Finally — the stuff that I thought the book would be about - validating user input, filtering output, preventing cross site scripting attempts, remote execution.. so much more to security than I thought! It talks about securing temp files, I always assumed the OS handled this and I didn’t need to worry.

Part 4

Ahh — Practicing Secure Operations… all you ever wanted to know about making sure your users are humans, verifying your users, setting roles for users, logging your users actions, preventing data loss, executing system commands safely, working with webservices and finally Peer Reviews! Sometimes it’s that extra pair of eyes that can see things you miss.

Something I find interesting - in the section about preventing data loss, it talks about setting a flag on records that are “deleted” and then making a db view of the “good” data and using that to select from. One of the things I like in Ruby On Rails is this “acts_as_paranoid” model option that does about the same thing. Neato.

Pro PHP Security is a most excellent read and so much deeper than my brief overview here. It will be a handy book on my shelf to keep me on my toes regarding security in all areas of web development, from the server to the code, to the users, to best practices of security you will find this is a helpful book too!

Hey, I added Feedburner to this site AND to DevChix … still learning about all I can do with it…

Tonight was fantastic! We had Chris McAvoy, fellow language geek as myself, talk about the favorite parts of his languages. He started by stating the criteria for learning a new language - from what I remember he said he likes good documentation and a good interactive console. Ruby has great both, Python too… Perl is a bit lacking in the console but does have an attempt at it using the perl debugger. Its not bad, but compared to Ruby and Python, its not so fun.

He gave brief overviews of the basic syntax and structure as well as talked about the packaging system. It was interesting, I have dabbled in Python, but have decided to master Ruby first. I do love the cleanness of Python — very refreshing after staring at ugliness of PHP all day. PHP is fine, but after looking at ruby, man… I just can’t help it..
I had to leave just when he started talking about Ruby DSLs, something that has me absolutely fascinated the past few weeks as I try to wrap my tiny brain around the concept and track down tutorials and sample code. I may have to track him down for lunch and fill me in ….
Here are links from his talk:

Notes from Meeting - like me, he also dislikes powerpoint. Nothing wrong with just a list of notes!

This week, I attended the Perl and PHP meetings. Though they were late nights for me, they were good meetings and worth the loss of sleep.

Perl - Catalyst
Catalyst is a MVC framework for Perl. I like Rails — alot, but not just cuz its Rails because its Ruby. I love Ruby. Perl I really like also, but I’m not so sure its a fantastic language to develop for the web. After seeing the presentation I say, thats nice… but.. I will probably use Rails if I were to use a MVC framework. I’m wearing my Perl shirt today!

By the way — if you are south of chicago there’s a Perl meet up in Tinley Park on Jan 24, 7pm

Caribou Coffee
16205 Harlem Ave
Tinley Park, IL 60477
(708) 444-0478
PHP - Firebug
We didn’t really have any topics planned out for this one — but we had some volunteers. Peter did a good overview of the indispensable tool for debugging javascript, css and HTML. Unfortunately, it only works in Firebug, but there is an add javascript to use with IE and get a few features to make your life a bit more bearable in IE. Larry jumped in and showed some Javascript Debugging. Next month at PHP — profiling fest with XDebug, and Valgrind. Should be interesting!

Ruby - no love!
I’ve been moping about this week about Ruby… I haven’t done it in about 4-5 months since being back in PHP-Land? I’m having withdrawals. It all started after I read this article Technologies of the Year 2006 (BTW -I have done all of them!). I was thinking ..awwww… Rails…. and I picked up my Rails book at work that I look at when I am fed up with PHP, just to cheer me up a bit. I skipped the last Ruby meeting, at the last minute the buddies that I thought would go with me backed out.. and.. well.. I was pretty tired and the topic of “Environments” made me think it would be a mac-love fest. I used to want a mac laptop, but… I’ve decided to stick with the PC environment since I am happiest in Ubuntu. I am determined, buddies or no buddies, to go to the next meeting which should prove more interesting. The Chicago Ruby list has been buzzing with topics and volunteers for presentations. There’s even an outbreak of smaller meetups in other areas of the city.. North, South… fun times.

Book Review
Beginning Ajax with PHP by Lee Babin, published by Apress

Book Site | Sample Chapter: 3 PHP and Ajax | Table of Contents

Although no stranger to Ajax, I received a review copy of Beginning Ajax with PHP expecting some watered down presentation of Javascript with some PHP thrown in. I was quite surprised to find a good presentation of using Ajax and PHP, easy enough for the beginner and still interesting for those who have done it for years.

The book starts out exactly how I would write it — SIMPLE! The first time I did Ajax with XHR (xml http request), I used a plain text file, which I then read into a DIV at the click of a link. This takes a similar approach and has data stored in an array which is then accessed with a simple call to a PHP file. The following chapter, takes it a step further and this building upon previous chapters is a common theme in the book.

After going through the basics, the book gets into more practical uses of Ajax. The latter chapters talk about using forms to pass along data to be processed by Ajax and doing form validation. It also gives a good explanation of the proper use of the form methods GET and POST. It goes into detail about uploading images and other files using a hidden form submit trick, since XHR doesn’t support file uploading (javascript is not allowed to access files on your harddrive). And this chapter is the perfect predecessor to the “Real-World Ajax Application” chapter where you will take what you have learned and create an Ajax based photo gallery. Practical, hand-on is the best way to learn something IMHO (Sorry “Hello World” scripts!). It is interesting that this chapter is in the middle of the book, when I would expect it at the end. Perhaps the author wanted the user to jump in and try it, instead of persevering to the end. I don’t know about you, but often the last few chapters of the book go unread by me.

After the reader has confidence on how to use AJAX, the book gives the warning, “Whoa! Wait a minute! AJAX isn’t appropriate for EVERYTHING!” It gives examples of when AJAX would be a good idea and when it would not. I think this is pretty important as each CEO now wants Ajax everywhere in their application but it’s not always the best solution! And it talks about the classic, “THE BACK BUTTON”, problem. Then, in the same chapter, the book takes sort of a funny turn (in my opinion) and gives an introduction to PEAR.  The book explains how to use PEAR’s HTML_TABLE class to illustrate a good use for Ajax in creating an Excel-like grid that sums columns. This is a very cool class but would have been better suited for an appendix.

The rest of the book seems to be a random splattering of interesting topics: web services, map applications, cross-browser issues (touches again on the back button problem - but a solution this time!). There is also a brief mention of security. This should have been more in the middle of the book (see above for skipped last chapters syndrome). What then follows is a testing and debugging chapter which would have been more effective as the 3 or 4th chapter in the book. Finally there is a chapter about the browser DOM.

A great minor addition to the book would be an overview of some Ajax libraries such as Prototype, JQuery, Dojo, etc.

Moved from Wednesday to Tuesday this week, I’ll be talking about testing. I’ll talk a bit about Selenium, test-more and PHPUnit.

Info.com
150 N Michigan
Suite 2800
6:30p

If you are arriving past 7:00pm, shoot me an email (or comment here) and I’ll give your name to the guard and he’ll let you in .. otherwise, call Rich or I.

The Chicago Google office volunteered to host and feed the Python meeting this month. Everybody I say this to, says “I didn’t know that Google had a Chicago office!?!” as if Google should make a full page annoucment when they open an office somewhere. I admit, I went partly to see what it was like and Python is on my radar of languages to learn next.

Brian Ray talked about operator overloading in Python, which is always cool to overload something. Then the Google guys gave an overview of Google Code and touched on things like Big Tables (of which I knew nothing). Then my buddy Jason Huggins (Selenium guy) talked about Selenium and showed off his freaking cool MAC laptop and virtual machines. I have got to see if I can do that on mine.

I had to leave early to catch the 9:20 train.. but such is life.