AJ Morris

An Apple Product Security technician has identified multiple vulnerabilities with Ruby, which if exploited could be used in denial of service attacks. It does not have to be just Mac OS X that this afects. It looks like it’s all versions based on the official post from the Ruby development team.  To find out what version of Ruby you are using open up Terminal or your command-line prompt client and type

ruby –version

You should get something like this

ruby 1.8.6 (2008-06-20 patchlevel 230) [i686-darwin9.3.0]

Now you can see that’s I’ve already went ahead and updated my version, so yours might have patch 110 if there was a patch level. To update your Ruby version all you need to do is visit the link above and choose which patch you need to install.  For us Ruby on Rails developers you’ll need to upgrade to Ruby 1.8.6 patch 230. You can download it here and type the following in your command-line prompt.

curl -O ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz
tar xzvf ruby-1.8.6-p230.tar.gz
cd ruby-1.8.6-p230
./configure –enable-shared –enable-pthread CFLAGS=-D_XOPEN_SOURCE=1
make
sudo make install
cd ..

You can then check your version by typing.

ruby –version

If you have any problems, feel free to comment below.

UPDATE: After posting this I was having a hard time keeping an instance of monrel running.  I did some searching and found out that the option they have offered us does have a bug still in it.  So what that means is that we either update and have issues or stay at what we’re currently at and deal with the possibility of denial of service attacks.  Keep your eyes posted to the Ruby on Rails blog for an update. I’ll post another update here as well once things are figured out.

So I’ve been getting a little busy at work lately, and while I’d like to really take you guys through a ToDo list tutorial, I just don’t have the time right now to work on that, while learning Rails 2.0, and then working on getting a ToDo list app working as well.  Rather than leave you guys high and dry without finishing this, I thought I’d show you this really cool open-source ToDo application that you can install for free!  Check to FooToDo here!! I think you guys will like it.  I’ve played around with this on my Development machine, but not in a Production setting.  From what I’ve been able to tell it looks like it’s no longer being updated (it’s running under an older version of Rails as well).

On other news, I would like to invite anyone in the NOVA/DC area that’s interested in hearing Chad Fowler and Rich Kilmer at the DCRUG meeting this Wednesday, March 26th. Here’s the details:

Date & Time 
Wednesday, March 26th, 2008, 7:00pm

Refreshments:
Pizza and soda will be provided by Intridea - please RSVP to chris@intridea.com so we can get a headcount.

Location:
The George Washington University
Media and Public Affairs Building
Room B02
805 21st Street NW
Washington, DC
http://www. gwu.edu/~map/hmap/index.cfm?bldg=103

You can also read more about it here. If you’ve got any questions, please feel free to comment and I’ll let you know if I can answer them.

I’ve recently taken a new position doing Rails applications full time (which I’m definitely excited about) however, between myself and the other developer, we’ve decided to go right up to Rails 2.0.2. This of course did not fit with me very well because I haven’t done rails development full time yet, and what rails apps I have done were in 1.2.6 and lower. I haven’t been a good developer because I wasn’t paying attention to all the new features and how they work. Of course I posted awhile back about some of the new updates here, but that’s about all I’ve done with Rails 2.0 until last week when I started my new job.

This is tutorial 1 of a new series I’m creating for making a simple CRM application that you can use for some of your daily tasks. Today we are going to create a simple todo list without writing any code (well to start off with). First create lets create a new app by typing,

rails -d mysql todo (I’m adding -d mysql, because sqlite3 is the default database and I’m using mysql)
cd rails

Next, we need to create our databases so we can type the following with rails 2.0.

rake db:create:all

Now that we’ve created our databases, it’s time to make our controller and model. For this, so that we don’t have to write any code, we’ll go ahead and scaffold this. We’ll type the following.

script/generate scaffold Todo title:string body:text done:boolean due:datetime

We can now migrate our database so we’ll type this.

rake db:migrate

Finally, all we have to do is start our server.

script/server

Then we can go to http://localhost:3000/todos and we’ll see our index page. You know have a working todo list, not very design oriented of course, but you are well on your way to making it yours. I’ve put up the application the way it should look here.

If you are looking for a version of this with pre-2.0 of Rails, you won’t be able to use the “rake db:create:all” command, so you’ll have to make your database another way. In the next tutorial we’ll add a customer database with a custom search so that we can search all your customers. Until next time folks!

Heroku is a new Y Combinator startup that joins the growing number of Ruby on Rails hosts, however this host adds a special step of using your browser to build your apps. You can now create Rails applications inside of your browser. Or if you prefer to use your development environment you can do that as well. Heroku is built using Amazon EC2 service. You have the option to upload your own apps via a tar file, or through their gem and git.

From their website they have an awesome list of features:

• Instant Deployment
• Create and Edit Online
• Integrated Stack
• Elastic Performance
• Share and Collaborate
• Import & Export
• Full Ruby Environment
• Gems & Plugins
• Rails Console
• Generate Code
• Painless Migrations
• Rake Console

But don’t take my word for it, check out their screencasts for more information on how to get things up and going.

Heroku, part of Y Combinator startups from this winter, has been in development since June 2006 and has attracted about 2500 users with around 2000 apps.

I do hope that we start to see some new features like support for subversion, mysql databases, and capistrano based deployment. I look forward to seeing what else comes from them. Please keep these guys in your rails radar.

I’ve got my account setup and played with it for a few hours today. If you would like to give it a try, they have a small waiting list, however if you send me an email I can work on sending you an invite faster. Feel free to send me an email at ajmorris2002[at]gmail.com for an invite.

Dan over at Hivelogic released an updated guide for installing Ruby, Rails Gems, Rails, and MySQL. Check out the article here. If there’s anything else that you need to install (like RSpec, Capistrano, SVN) you can do that with the following commands.

To install RSpec just type:

$ gem install rspec

To install Capistrano, type:

$ gem install capistrano

To install SVN it’s a little different, so you’ll have to install with the following command:

$ curl -O http://subversion.tigris.org/downloads/subversion-1.4.3.tar.gz
curl -O http://subversion.tigris.org/downloads/subversion-deps-1.4.3.tar.gz
tar xzvf subversion-1.4.3.tar.gz
tar xzvf subversion-deps-1.4.3.tar.gz
cd subversion-1.4.3
./configure –prefix=/usr/local –with-openssl –with-ssl with-zlib
make
sudo make install
Once you have everything is done you should be all set. If you want to check out any other gems, check out this site http://gems.rubyforge.org/gems/.

I had some free time today and started looking for some new sites that were iPhone friendly and saw this great plugin that can turn your WordPress blog into an iPhone friendly site. I found the instructions very simple to install and definitely worth adding to your site. Even if you have few readers, it’s always a good thing to reach out to the masses. I highly suggest checking it out.  I hope I’ll have some free time to play around with the look of it so that I can customize it a little bit, but for a quick and simple option for making your blog iPhone friendly, it’s worth it.  Perhaps I’ll even make a screencast of changing the layout/theme.

Speaking of iPhone web development I also came across this Mac only application called iPhoney that allows you to view what your site will look like in an iPhone without actually having one! The site says it’s NOT a simulator, but for all purposes of testing your web site/app inside of the 320 by 480 (or 480 by 320) screen area that the iPhone has.

The last thing I thought I would share with you is this tutorial of creating your Rails apps so that they have a different layout/theme for the iPhone, check it out here

Recently I started a quest for looking for some sort of a dedicated hosting or at least something I could rely on for Rails hosting. I was hosting my projects and sites on DreamHost, but got tired of the shared hosting and the minimal support from them so it was clearly time to start the search.

My initial search led me to this page on the RubyonRails web page. I thought about moving everything I host to one place, but from experience it’s not cost effective. So I’ve decided to keep my low traffic sites at DreamHost (as they work really well for my low traffic sites) and move my rails sites to something else. I didn’t want to spend a whole lot of money on a per month basis, so finding something on $20/month was what I needed to reach.

There were a few good places to look at, such as HostingRails, SilverRack, SpeedyRails, SliceHost and something even better, RailsMachine. After looking at these and had a few conversations with other developers, I decided that I wanted someone with Mongrel running instead of FastCGI.

I liked these options the best however HostingRails and SpeedyRails offers shared hosting; SilverRack offers VPS hosting. I looked at SpeedyRails because I’ve heard good things about them, but after looking at what they offer (they have dedicated, but no prices online)I decided it really wasn’t for me. Looking at SilverRack they had a good offering however I wanted at least 100GB of monthly bandwidth. That’s a big must for me! I then went to look at RailsMachine, however seeing that they were over my price range I decided against it.

I ended up going with SliceHost, as I wanted a challenge. First off, they offered a good price, $20/month for 10GB of storage, 100GB/month bandwidth, 256MB RAM. Where’s the challenge you might say? Well you have to setup the server yourself! I’ve played system administrator with Apple servers before without a problem, so I thought that it wouldn’t be much different with what they had to offer. It wasn’t hard getting things setup, took about 1-2 hours (I double-checked things) to get the server setup, but with guides like these, they weren’t hard to follow. I did need to get a few items with support, but they had several channels (Chat and IRC channel) to get support from and I haven’t had any troubles since. They do offer backups for an extra $5/month, which I’ve found that it’s worth it. I would highly recommend checking them out!

Mephisto seems to be hitting the rails community in full wave recently.  I’ve ran across it about 6 months ago, and have started to use it for various projects I’ve been involved with.  Besides Typo, this is the first open-source rails application I’ve enjoyed using.  While there is not a lot of quality themes (yet I hope), and definitely not as many plugins as WordPress has, it definitely ranks up there with some of the top blogging apps available in the market today.While Mephisto isn’t for everyone, especially seeing that your web host needs to support Rails, and you have to install it. The install is a bit tricky if you’ve never used rails before, so I strongly urge you to consider something else if you’re not a rails developer.  Although, I’m sure with a little help from the Rails community, you may be able to get it installed ok.Mephisto has some quality features like:

• Beautiful admin interface
• Slick Asset Management
• Flexible Liquid templating system (inspired by Django, used by Shopify
• ATOM feeds
• some tagging, some ajax, yadd yadda

They are always looking for help especially in some areas such as:

• API plugin
• Documentation
• coverters for wordpress, typo, movable type
• xml -rpc api support
• and tons! of ruby on rails code fixes

If you’re looking for ways to help, check out the Mephisto site and they should be able to get you in touch with the right people!

Rails 2.0 was released on Friday!!  Thanks to all the hard work from the core developers and the hundreds of contributors.  Without them we couldn’t have had some features like Active Record: Performance, Active Record: Sexy migrations, Action Pack: HTTP Loving, Action Pack: Resources, and so many many more!!!  Check out the full blown post here. I can’t wait to see what else is in store with Rails 2.0! In the coming days hopefully we’ll see some more in the blogosphere and what else there is.

Today I thought I would talk about agile web development with ruby on rails and how we implemented it during Startup Weekend. This past weekend I went to my first Startup Weekends (hope it’s not the last) and had a group of about 10-20 developers work together for a weekend to create a product in a weekend. I found that when working with developers it helps to use an agile approach. It also helps to work in pairs (just in case anyone leaves early).

The agile approach to web development is defined as a conceptual framework for software engineering that promotes development iterations throughout the life-cycle of the project. While there are many methods to agile development, most that I have experienced have been in place to minimize the risk by developing in short amounts of time. This model of agile web development following planning, requirements analysis, designing, coding, testing, and documentation developing stages.

I think that we (for the first time working all together) implemented the agile web development method. The following is a list of what I think we did well and what we didn’t.

What I think worked well for us at DC Startup Weekend was that:

• We had a small timeline to get things done.
• We had our group of developers that were working the entire time on building features, and others that were testing.
• We had a go to person that worked on communicating to our design/UX teams.
• For the most part we worked in pairs, which helped ensure the success of the feature they were working on.

We also had some things that didn’t go so well:

• No real documentation, although we did try to do a little inline with the code.
• Not everyone was working in pairs.
• We didn’t have set goals for certain times.
• Features were only half added.
• No real time to test with a working site that would go through scripts and usability tests.

Over all I would say that we did a good job in the time that we had. There is always going to be things we did good and things that we did bad. I think that if we were to work another straight weekend there would be a list of things that we would change and I think that after experiencing what we did our first weekend we would have some better understanding as what we need to do to get everything done, and would have a list of bugs, design implementation, and some new features to add.

Anyone that is thinking about hosting or attending a Startup Weekend, I think you should really look into this. It was a great experience, and if the opportunity were to present itself again, I would attend. After checking out some of the other developers blogs, I thought I would include them here so that you can read some of what they say as well; Chris Selmer, Matthew VB.