/var/log/orava

My Rails coding project is proceeding, I’m currently working on getting a user permission system in shape so I can open up my alpha test Exalted character tool to a friend who is interested in checking it out. Still quite a bit of work to do, but it’s proceeding nicely. A big helper has been the fact that I’ve dived pretty deep into test-oriented programming here – I probably have more test code than “actual” code, and have most of the model and controller functionality covered. It’s nice to type ”rake test” and see hundreds of tests get run in an instant, it gives a nice instant sanity check to any changes I make to what is at times somewhat tricky code.

I’ve been using some of the new Rails 2.1 features; named scopes are useful, as are many other helpful additions. In addition, I recently decided to give Phusion Passenger a whirl and was pleasantly surprised to be able to move all the current Rails apps on my server (including this blog) to run under it with minimal hassle. Much nicer than Mongrel, especially since it does automatic load balancing “out of the box” – and it makes Rails as easy to host as PHP, which is extremely welcome.

One other nice recent find was the Shoulda plugin, which provides syntactic sugar on top of Rails unit and functional tests. Very cool, and encourages grouping of tests into functional blocks. In addition, it provides macros which generate tons of tests for restful resources with just a few lines of code.

This week I’ve been coding quite a bit on my free time, for a change. I’ve been following Ruby on Rails since it was at version 1.0 and have done some small toy test apps, but to date I haven’t really built anything biggger with it. I’ve had plans, sure, but somehow just never got started – part of that is just an overabundance of stuff I’d like to code, I could never decide what to do. I’d like a wiki that works just like I want, I’d want a nice simple photo gallery, I’d like lots of tools to help with rpg gamemastering, I’d like a pony… well, scratch the pony, but you get the drift.

Rails is (really!) great, and it allows you to develop more or less as fast as with PHP without needing to touch the Mindshatteringly Horrid Piece of Shit(tm) that is PHP. You can write web apps in an “agile” fashion while keeping the architecture clean, with a level of abstraction that I like. It’s somewhere between the over-engineered N-levels-of-cumbersome-abstraction maze of J2EE and the “easy web apps for people who don’t know how to code” of PHP. Me likes.

…but naturally there’s some setup involved when you want a system with user management and authentication, deployment with Mongrel & Capistrano, and all that stuff. The restful authentication plugin makes building a user auth system a bit less painful, but it’s still quite a bit of work (I’ve been following hints from various sources). So there’s quite a bit of startup intertia involved whenever you want to write a non-toy app. It’s a whole lot less intertia than with most other system, but it’s there, still.

Anyway, I realized that I don’t need to write N separate web apps, each duplicating a large part of this functionality – I can just write one app, with lots of subsystems, expanding them as needed and using one user auth system for all. Since this will be mostly for my own use and I don’t need to worry about it being modular and useful for others, keeping the apps separate would just involve (a lot) more work for me and bring no real benefit.

So I’ve been coding during evenings, using a snapshot of the new Rails 2.1 and using all the new conventions and toys (REST, named paths, named scopes, etc). It’s been fun, it’s been a while since I had a coding project, and I’ve been learning a lot of practical Rails stuff at the same time.

To date, I have a working (if simplistic) wiki, a user authentication system with email confirmation, and the beginnings of an Exalted character builder/manager tool for my Exalted game. Deployment is handled by Capistrano, and the thing runs on a (currenly single) Mongrel instance with Apache proxying. The intention is to expand it with a blog engine at some point, and maybe move this blog over – but that’s (far) in the future. That would also need some sort of image upload capability, which overlaps with the photo gallery I’d also like to have one of these days. Work work.

In any case, it’s a fun project.

Otherwise it’s been pretty quiet. Went to basic swords training on Tuesday, was fun – but somehow managed to do something bad to my heel. Didn’t notice anything that evening, but the next day it was very sore and I had to limp along. Janka thinks I may have inadvertently over-stretched my Achilles tendon (or some such) before it was warmed up properly, but that’s just a theory. In any case, it seems to be getting better now and it hardly hurts at all even if I stretch the sore spot… so should be able to go to training next week without problem. It might have been ok to go yesterday, but I tend to be very careful when it comes to foot/joint/tendon problems. I’d much rather miss out one week than to really aggravate some spot, that an easy recipe for getting problems that will need weeks or months to heal. Sore muscles, no problem. Seriously hurting tendons or joints? Danger sign. For me, at least.

I’m still a bit mystified by what caused the thing, but sometimes these things happen. My body is telling me that something is (or was) wrong, so that’s that.

Looks to be a busy weekend, a party on Saturday and an Exalted game to run on Sunday. Need to squeeze in some game prep today and Saturday, even though I’m mostly ready… some details still need fleshing out.

End of the week nearing, which is nice – except that it doesn’t look like a weekend full of rest. Hopefully some fun, though. Teemu is running some VTES tournaments on Saturday, a quick Duffin Draft starting at 10am, followed by a normal constructed tournament at 12am. I still don’t have a deck ready, looks like I’ll have to play with an untested deck yet again. Defeat is always an option!

Sunday will have me doing cutting practice with sharp swords. Never done that before, should be interesting.

A funny thing with exercise: I’ve been feeling less dead after the 3h sword practice sessions lately. Very tired, yes, and often aching in various places, but less physically wiped out. Which is nice. Yesterday was mentally a catastrophe, though, the first 2 hours of longsword was no problem but the last hour of backsword just totally overwhelmed me, I probably got whacked on the mask more that I managed to parry anything. Somehow I just could not process the (simple) stuff at the pace we were going, and was just perpetually confused. It happens, sometimes. Not sure why, since on other days the same things flow by with no problems.

I’ve been playing around with Rails again a bit, I have a small project going on which might even end up being useful but is mainly intended as a exercise in trying out all sorts of cool Rails stuff. I’m still waiting for my physical copy of the 2nd edition of Agile Web Development With Rails to get here, in the meantime I’m making do with the PDF edition. Yesterday I noticed that O’Reilly has a “buy 2 books, get 3” deal that also applies to PDFs, so I bought myself PDF copies of Rails Cookbook, Ajax on Rails and CSS Cookbook, 2nd ed, for a total of a bit over $40. Not bad. Haven’t had time to read them yet (obviously), but a quick browse leaves me happy with what I bought, they look like good additions to my tech bookshelf.

I should probably also mention dokuwiki. I’ve played around with various Wiki engines so far, some have been horrible, some have been ok, and some have been very good. Up to now I’ve preferred mediawiki, since it has a nice layout and features, but I’ve always found the setup and configuration of it to be more cumbersome and complicated than I like. Enter dokuwiki, which is ultra-simple to set up; it doesn’t even use a database, just flat files. In spite of the simplicity, it offers a nice selection of features and nice, clean default layout. All in all, it looks like just the right balance of features vs setup/config complexity for me, and I set up an instance for a personal wiki. I also have a private instance for (duh) private stuff, the fast and simple setup makes creating a new wiki a breeze. Me likes. Sure, the thing probably doesn’t scale all that well with no database, but who cares; I’m not running wikipedia here. Also, it’s PHP which I normally avoid like a plague due to security concerns, but this app is just so good I’m willling to ignore the evil of PHP.

A fact of life, which I’ve discovered, is that most people are absolutely horrible programmers. Even the ones who make their living as one. Especially some of them. If I had a dollar for each utterly horrible piece of code I’ve had to see (or fix), I’d be somewhere warm with a drink in my hand and “should I buy a Jaguar?” as my main concern. Take that into account, and enter PHP into the equation. PHP, which lets people who have no business writing anything more complicated than Excel macroes suddenly become “web developers”, with naturally no idea of what a “web exploit” even means let alone how to protect against one. Stir into that pot the fact that the PHP development team has a Microsoft-like attitude about security, i.e. features and ease of use are always seen as more important… and voila!, you have a framework which is singlehandedly responsible for a massive amount of server compromises. Sure, a competent person can use PHP responsibly and write a secure app, just like a competent person can write a massive transaction processing system in Visual Basic. Doesn’t make either of them into good tools, or change the fact that PHP is what is technically known as a ”massive piece of shit”.

Ahem. Anyway… Rails good. Dokuwiki good. PHP bad. Beer good. Wife cute.

The 1.1.5 patch to Rails didn’t quite fix all the holes, so version 1.1.6 is now out, along with details on the hole. It’s good to see the Rails team take this seriously and move fast – and I really don’t understand the whiners about “security through obscurity”. Yes, in the long run that’s a bad policy, but when you’ve just discovered a hole in a popular framework, the thing to do is precisely what the Rails team did: announce the fact that there’s a potential expoit and offer a new version of the software, but withhold details for a day or two until most people have managed to update their systems. To do otherwise would be to give the script kiddies of the world a free ride. Yes, you can possibly figure out the hole by comparing diffs… but most of the script kids out there are just that: kids who will use a ready-made “hack”, but won’t bother to figure it out for themselves.

This site is now upgraded to 1.1.6, naturally. Typo is still version 4.0.0 – there is now a version 4.0.2 out which fixes some bugs and includes Rails 1.1.6, but the gem updater for that one gave me an error. I’ll try it again after Ropecon, no time to hack now.

If you are running Rails anywhere, read this now and act accordingly.

The Typo blogs on this server have been upgraded as of 15 minutes ago.

This has been a public service announcement. Have a nice daycycle.

Backpack is a web-based service/app run by 37signals, the same company responsible for unleashing Ruby On Rails on the world. The base/demo version is free, if you pay you get extra functionality – this seems to be a growing trend these days.

So, what is it? That’s a reasonable and simple question, but the answer is a bit more elusive. It’s something like an ultra-simplified wiki with todo (and other) list support. It provides some structure to your data (unlike a traditional wiki which is totally freeform), but doesn’t mandate a strict system or layout. It’s also extremely streamlined and simple, by design – the design idea was to only include the things people really need, and nothing else.

So we’re back to “what is it”?

It’s an sort of freeform, online personal organizer tool, a place to hang all the virtual (or physical) Post-It notes and lists that are always hanging around. It’s a place to store all the general small “stuff” and info that don’t have any proper place, and which you need to refer to often. Todo-lists. Reminder notes (Backpack provides email notifications on those). General “notes to self”. Just… stuff.

I tried it out when it first came out less than a year ago, and was mildly interested by the concept. On the other hand, my gut feel was “I could do all this myself with a wiki and some other stuff”. Which is true… except I never got around to organizing something like that, so the “I could do something like this myself” has been replaced with “well, I could, but why should I when this exists”?

At the time, Backpack was missing any sort of calendar, and that was really the deal-breaker for me – I need some sort of calendar in my organizer tool.

Well, just about a week(?) ago the bastards added a calendar to it. I tried it out, and it works – like everything in Backpack it’s ultra-simplified; there is only one view, and you can’t really configure anything. But it works, and my calendar needs are very simple. As a sneaky move, the calendar is only available in the for-pay accounts, so I was “forced” to move into the $5 per month account scheme. I don’t really mind.

So. With the addition of the calendar feature, Backpack has become a surprisingly useful tool for me. I still find it hard to describe to people exactly what the thing actually is or exactly how I use it, but… “works for me”.

While I’ve come to appreciate 37signal’s “keep it as simple as humanly possible” design method, I still think they take it a bit too far sometimes. There are a lot of things in Backpack I’d like to customize. On the other hand, I suppose everyone has their list of things, and if all were accomodated the whole app would quickly become a confusing, Microsoft-like mess. The zen-like simplicity does have a certain charm, keeping that in mind.

Ok, I’ve been playing around with Typo a bit now and it seems a lot nicer than Wordpress. A lot of the “nicer” comes from it being written with Ruby On Rails, which is a kick-ass platform, especially when compared to the steaming pile of dung that is PHP. Don’t get me wrong, WordPress is very nice – but Typo suits me more.

It helps that I’ve done some stuff with Rails, and I know how the framework is organized and is intended to work. This, together with Ruby being a nice and concise language, makes peeking under the hood in Typo a pleasant experience, as opposed to the “aaaagh, I want to claw my eyes out!” reaction I get from PHP and WordPress. I’m already thinking of writing a sidebar plugin or two, they seem pretty straightforward. I also want to add a text filter to generate DriveThruRPG links easily.

The installation and setup was pretty straighforward, the new installer defaults to a Mongrel server which suits me fine. I ended up with Mongrel listening to a port on the local interface, with Apache proxying requests that way. Rails is not thread-safe, so Mongrel wraps most of the app in a sync block – which is fine for a small site like this, but would not scale for more traffic. Luckily, Mongrel has support for running a cluster of Mongrel instances, and Apache 2.2 and later have a load balancing proxy module that is reported to work. I don’t need that now, but it’s good to know that stuff like that exists. All in all, it seems that the Mongrel + proxy solution is a very painless way to deploy and administed Rails apps. Nice. Production deployments have always been the slightly ugly side of Rails, up to now at least.

It… lives!

The new server is chugging along nicely after the post-crash recovery, so I felt it was time for a new blog – I hadn’t updated the old one for about half a year for various reasons. This is now running on Typo 4.0.0, a very nice blog platform that’s written with Ruby On Rails. I’m still playing around with this, and using one of the default themes, but so far I really like what I see. Seems nicer than Wordpress, and Wordpress is not bad at all. Ajax is used to good effect, and the admin interface has some really spiffy Ajax-based drag+drop stuff in it.

I had a new theme layout done for a new blog, but that went with the crashed disk. I have an older backup copy, but I’m waiting to see if we get the crashed disk recovered or not before I proceed on that. I’m hoping to hear from DataPrey this week.