Raymond Law

We all know about the holy h() method that escapes your output when you do <=h blah %>. But how many of us can claim we remember to use it where it’s appropriate during development 100 of the time? Can you swear you’ve never missed one? Moreover, it’s such a mental distraction to think logic and h() at the same time. And when you take over a Rails project in the middle, how can you ensure the previous developers use h()?

Here’s the rescue.

safe_erb + footnotes

I don’t think I need to explain more. Just use it and you will find all those places where you should sanitize your output with h(), sanitize(), and untaint(), ...etc.

I am trying to raise money to buy pants for kids to keep them warm though the winter. I have found the Adidas ClimaLite and Clima365 pants to be the best Christmas gifts for this purpose. Please use the Chipin widget in the sidebar of this post to support this cause. Or you can simple click here.

We just finished the Lyricist application for RailsRumble 2008 with 3 other Intridea folks. Here are some observations:

• Keep the idea small and achievable – There are only 48 hours, so you can’t build the next Google. And there’s pressure. Try to keep your idea small and make sure you can accomplish it. You have to deploy a finished product in order to have any chance of winning. So stop day dreaming about cool extra features because you won’t get that implemented.

• Prior planning is the key – We barely had any because we had decided on the idea the day before the rumble began. When the competition started, people don’t know who’s doing what and it was kinda a mess. Fortunately we had a campfire room where all conversation happen, so we can kind of iron out the issues. However, better preparation and team cohesiveness would have helped a great deal in communication.

• Deploy early – I’ve seen too many deployment problems came up before, so I took the initiative to make sure we could deploy as soon as the competition began. It helped tremendously because we never had to worry about if we could deploy before time expired. While you are fixing last minute bugs and the pressure, it would have been tough to set up a server and deploy flawlessly.

• A lot of scaffolding – I took full advantage of Rails scaffolding. There’s just no time to reinvent the wheels when all the restful model and controller methods are already available with just one command. You use plugins and gems for the same reason, right? So, don’t be stupid.

• Conflicts – The bigger your team, the more conflicts there would be when people check in and out. We were writing a new application, so people were editing the same files. Now, if you organize and assign work to people as in a regular project, conflicts don’t usually happen and even if they do occur, it is trivial to resolve. However, when you are rumbling, you will step on one another’s toes. I can guarantee you that.

• Forget about writing tests – Look, I am in support of agile and test-driven development, with one exception. That is, you are not participating in RailsRumble. There’s just no time for it. If you are a good enough programmer, you can build a small application with no tests. If you can’t, I don’t want to work with you. Writing tests for a new application starting from scratch in just 48 hours is simple not feasible. No bargain!

• No ticketing system like Unfuddle and Lighthouse – One team member had tried to use Unfuddle to create tickets to get ourselves more organized. While it was a sincere attempt, it simply didn’t work. There’s no time to accept a ticket, create a new ticket, ... We pretty much abandoned it soon after we started.

• Nice to have a designer: – It is very nice if you have a designer on you team because it’s hard to wear two hats in 48 hours. Design work can draw your focus away from development.

Now that I’ve given you my insights for next year’s RailsRumble. As a token of appreciation, please vote for us!

UPDATE 2008/10/20

One more thought on RailsRumble the day after:

Numerous projects that I worked with before never deploy quickly, let alone in 48 hours. I think it’s refreshing and rewarding to have something built and deployed so quickly. It is true that we have to cut many features in order to deploy a first version, but lesser is better than never. I think many other projects can try to deploy early and often and just go through more iterations and get feedbacks from users and customers. The whole application doesn’t need to be finished. Even if you only have login and logout, you can still deploy. Add the next feature, deploy again. That way, you aren’t keeping the features to yourself. You can get feedback from users to see what improvements they are looking for and may even lead you to implement the real features that they truly want.

Dealistic was first deployed to Slicehost when we were testing it on staging. However, I only got the 256 slice and low memory is a big problem for Ruby and Mongrel. We’ve moved to Amazon EC2 when we launched. It is running rock solid and we don’t run out of memory again, at least for now :P

As a result of all these, I wrote two Capistrano recipes for deployment, for both Slicehost and EC2. We also use GitHub for version control. I think these deployment recipes may be helpful to others. So here they are:

• deploy.rb for Slicehost
• deploy.rb for EC2

We wrote some custom Capistrano tasks to copy over configuration files, symlink plugins, start/stop BackgrounDRb, and a custom maintenance page. But these things are optional. It should be simple to add/remove things as you see fit.

Andrew and I have been working on a new site Dealistic after our work at OnMyList.

We’ve also put up a screencast to show off our features (HUGE thanks to Sherry)

It lets you find deals by specifying a list of tags and it can notify you by email, RSS feed, and/or SMS when new deals appear that match your tags.

We made the site because we often need to find deals on things we want to buy but we spend way too much time looking for irrelevant deals on a lot of different sites. With Dealistic, what you get is what you want.

Never miss a deal because you don’t have time to find it! Just add a tag at Dealistic and we will let you know when a deal that you are looking for appears.

We also have a feedback tool that we hope you can give us suggestions to do better.

Today I was stressed out while working because of the construction drilling noise near my house (I am working from home for Intridea). So I took a break, and tried to make a dessert aka Cold Stone Creamery ’s Strawberry Banana Rendezvous.

Ingredients I used:

• Turkey Hill strawberry ice-cream – not the greatest ice-cream brand but that’s what was on sale at Wegmans last night…
• Hersey chocolate chips
• A few Strawberries
• Half of a banana – I ate the other half separately

I put all these in a bowl and mix it to gether for one minute. The taste comes close. However, it doesn’t resemble ice-cream anymore as I am missing one huge ingredient – the “cold stone.”

I guess the “cold stone” must be needed to keep the ice-cream ice-cream during the mixing process. The result was more like a milk shake than ice-cream. I still ate it all since I am a big ice-cream lover and I couldn’t just throw it away to the trash! I mean, it is going to look like that in my stomach anyway, right?

So if anyone has a substitute for a cold stone, let me know. This is what I think can simulate the “cold stone.”

• Put the bowl in the freezer and take it out only when you are ready to begin the mixing process.
• Take the ice-cream out at the last possible second.
• Surround the bowl with a box of ice.
• It is probably a good idea to max your AC or do this only in the winter. A few degrees below freezing and being outdoor in Canada may help too.

Courtesy of igvita.com

require 'benchmark'

n = 1000000
Benchmark.bm do |x|
  x.report('copy') { n.times do ; h = {}; h = h.merge({1 => 2}); end }

  x.report('no copy') { n.times do ; h = {}; h.merge!({1 => 2}); end }

  x.report('map(&:id)') do
    n.times do |i|
      h = {}
      h.map(&:object_id)
    end
  end

  x.report('map { |i| i.id }') do
    n.times do |i|
      h = {}
      h.map { |e| e.object_id }
    end
  end
end

In Rails script/console or Ruby 1.9:

>> load '/Users/rlaw/Desktop/bm.rb'
      user     system      total        real
copy  4.000000   0.020000   4.020000 (  4.081549)
no copy  2.780000   0.010000   2.790000 (  2.818923)
map(&:id) 10.880000   0.040000  10.920000 ( 11.094024)
map { |i| i.id }  2.060000   0.020000   2.080000 (  2.178544)
=> []

There have been several methods to deploy an Ruby on Rails application. Until recently, the most popular is to run Apache and proxy balance to multiple Mongrel instances that are running simultaneously.

Passenger, developed by Phusion, is the new kid entering the Rails deployment market. We have been using the Apache PHP module for years and deploying a PHP applications is a snap. This has not been possible with Rails until Passenger. It is so easy too! You can still use Capistrano to automate deployment. I will show you how I get it to work on Ubuntu.

sudo gem install passenger
passenger-install-apache2-module

Update: Phusion just released Passenger 2.0 RC 1. You can download this version and do gem install passenger-1.9.0.gem instead. But I had an error compiling it on Mac OS X Leopard. hongli pointed me to use the version from GitHub that has the fix and it works like a charm. Thanks Phusion guys.

To get it from GitHub:

git clone git://github.com/FooBarWidget/passenger.git

I create a separate /etc/apache2/mods-available/passenger.load and it contains the following:

For 1.0.5:

LoadModule passenger_module /usr/local/lib/ruby/gems/1.8/gems/passenger-1.0.5/ext/apache2/mod_passenger.so
RailsSpawnServer /usr/local/lib/ruby/gems/1.8/gems/passenger-1.0.5/bin/passenger-spawn-server
RailsRuby /usr/local/bin/ruby

For the GitHub version (Of course the path will look different depending on where your git clone is):

LoadModule passenger_module /home/rlaw/downloads/passenger/ext/apache2/mod_passenger.so
PassengerRoot /home/rlaw/downloads/passenger
PassengerRuby /usr/local/bin/ruby

I then tell Apache to load the Passenger module:

a2enmod passenger

Now, I create a virtual host configuration for one of my Rails app in /etc/apache2/sites-available/dealistic:

<VirtualHost *:80>
  ServerAdmin webmaster@dealistic.com
  ServerName dealistic.com

  DocumentRoot /home/deploy/apps/dealistic/current/public

  <Directory /home/deploy/apps/dealistic/current/public>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>

  LogLevel warn
  ErrorLog /var/log/apache2/dealistic/error.log
  CustomLog /var/log/apache2/dealistic/access.log combined
</VirtualHost>

I then restart Apache:

sudo /etc/init.d/apache2 reload

When you need to restart your application because you have changed some code that Rails does not reload in production, just do:

touch /home/deploy/apps/dealistic/current/tmp/restart.txt

I have not tried their Ruby Enterprise Edition yet. They claim substantial memory and speed improvement at RailsConf 2008, so it will be interesting to see.

(I also posted about this plugin in the Intridea blog )

Badger (hosted at GitHub) is a simple Rails plugin that creates badges. A site often allows its users to upload a profile image. A profile image is just that, an image resized to fit in a predefined space to show up in the user’s profile.

With Badger, you can have something prettier – a badge that shows the user-uploaded image on top of another image that identifies the user as a part of the community. We have company badges, security badges, so why not web badges to have your users show off his/her affection for your site?

Badger works by accepting cropping parameters of the overlay image in a hash (x1, y1, width, height), which is used to crop the overlay image. It then resizes the cropped image to the size specified by composite_width and composite_height in badger.yml. Finally, it places the resized image on top of the background image at location specified by composite_x and composite_y in badger.yml. The resulting image is saved back to either the filesystem or Amazon S3, using attachment_fu.

Badger requires the attachment_fu plugin, ImageMagick, and MiniMagick. Also, the JavaScript Image Cropper UI can be used to obtain the cropping parameters from the users.

For example:

+ =

Here I overlay RUBY on top of JAVA to produce I LOVE RUBY.