Like many… I’ve been using del.icio.us for several years and so have some of my closest colleagues. A few of us at PLANET ARGON have been using the for:username tag to send each other links, which has been a great productivity hack as we don’t need to copy URLs and paste them into emails, IMs, or IRC channel windows anymore. One of the things that del.icio.us doesn’t have a totally perfect implementation is sending to a group. There are people in your network, but to my knowledge, there isn’t a way to send everyone in a network the same link without selecting everyone individually. This was adding more time to the process of saving a link for ourselves and our fellow team members. So, we came up with a clever hack… a new delicious user account.

Over the past four months, our team has bookmarked almost four hundred links on topics ranging from Rails plugins, Interaction Design, Business processes, cool new web applications, to any variety of things that we find relevant to our team.

So, all of the links are being sent to a fake user. How do we see the links for that user without having to logout of our current user and into the planetargon account? Well, what we’ve done is take the delicious RSS feed and pipe it through feedburner and given everyone the URL that feedburner provides. Now, we’re all able to subscribe to the same feed and check out links when each of us has time for it.

…and this is what I get to see show up in my RSS reader. :-)

How is your team managing bookmarks? :-)

Yesterday afternoon, we were helping our newest employee, Paige Saez, get setup with new accounts across all of our applications. She uses Google Reader and couldn’t understand why her Basecamp RSS wasn’t working in it. We explained that Google doesn’t provide any way to subscribe to authenticated feeds (yet)… so it wasn’t something she could do. (I still use NetNewsWire because of this problem…)

During the discussion, I said that it probably wouldn’t take much effort to build a proxy for an authenticated feed… and Andy said he’d give it a shot.

10 minutes later… he had an initial version of a RSS proxy application, written in Ruby.

15 minutes after that, we had it up and running on a private server for all of us at PLANET ARGON to begin using.

…and here is the proof!

Wee! Authenticated Basecamp RSS feeds in Google reader. It even works with the openid authentication.

You can grab the code from Andy’s blog post and finally make the switch off of desktop RSS readers to Google Reader, because you know you want to. ;-)

Thanks Andy!

I wanted to give Jing a try… so here goes my first screencast with it.

Enjoy!

Yesterday evening, I deployed the new version of RubyURL. This was a collaborative effort between Chris Griffin and I, which we’re happy to finally push live.

There are a few things that we’re going to push out in near future, such as an API and a new RubyGem.

{width=”500” height=”458”}

Chris volunteered to work on the new design and I did most of the programming in Ruby on Rails. When we worked on this, we really wanted to keep the process as simple as possible, despite some of the problems that the site has been having.

In the end, we have a Rails application that is only 85 lines of code and has a 1:2.3 code-to-spec ratio. I wanted to keep it under 100 lines of code. This means that there is some breathing room for further development.

We also tried out a beta account that I was given for RoundHaus for Subversion hosting. We had a really good experience using their service and were impressed by the plethora of useful features that came with the repository, such as continuous integration, rcov/code coverage stats, and twitter integration!.

If you find a bug, be sure to submit a ticket on the RubyURL bug tracker.

On a side note, we deployed this on a brand new Rails Boxcar, our new hosting solution that will be launched in the very near future. ;-)

It’s been about six weeks since the last Rails Business “Weekly” Review on here, so perhaps it’s worth changing the name to cut me some slack on not being consistent. ;-)

Since the last post, we’ve gone from around 400 members to 555 as of this morning. We’ve had 562 messages as well, so there hasn’t been a shortage of discussions taking place. I’d like to take a few moments to highlight some of the discussions that have taken place and encourage you all to consider participating, if you’re not already.

Licensing and Client Agreements

Tim Case writes,

“My client sent me this agreement drawn up from their lawyer that
included the following:



© the Contractor shall not bundle with or incorporate into any Work
Product any third-party products, ideas, processes, software, codes,
data, techniques, names, images, or other items or properties without
the express, written prior approval of the Company;”

Tim then goes on to ask how his applies to using Ruby on Rails, which as a MIT license and how other consultancies are handling these types of situations. Follow the discussion…

Escrow

Gustin writes, “Does anyone have any escrow experience, legal and cost? I am dealing with a client that got burned bad and we are reducing their fear with escrow on the first two iterations.”

Follow the discussion…

Project Planning tools

Mike Pence writes, “So, I used to use MS Project for the composition of those dreaded Gantt charts, but it has been a few years since I had to be so formal. Anything new and exciting - and more robust than Basecamp - happening in the world of project planning software?”

Follow the discussion…

Not long after, Jim Mulholland started a new thread on the same topic and brought up the open source application, redMine. Follow this discussion…

Ruby on Rails versus .NET

Michael Breen asked a big question on the list, which has sparked an going discussion about the benefits of using Rails versus .NET (and other platforms).

“A couple of months ago I decided to stop actively pursuing .NET gigs to focus on Rails. Several of my existing .NET clients have learned of this through the grapevine and have contacted me to discuss.”

Follow the discussion…

Three things Tim’s learned from Freelancing Rails

Tim Case shared his experience of freelancing with Ruby on Rails and highlights three things that he’s learned.

• The non-code business aspect of Freelancing is demanding.
• It takes 10 hours to bill 6 to 8.
• Figuring out your rate is hard.

Read the rest of Tim’s observations and the discussion the followed.

Client issue tracking and documentation

Jeff Judge writes, “Hello all! I was curious to here how people are handling client issue tracking and documentation.”

Several applications were mentioned for handling issue tracking and the general consensus was that there was still a lot to be desired that current options didn’t provide. Be sure to follow the discussions…

Join the Community

These were just a small handfull of the discussions that have taken place over the past several weeks. If you’re an aspiring Rails freelancer or business owner, be sure to join the community and share your experiences and learn from other members of the community that are willing to share theirs.

Until next time, have fun!

While engaging in another one of our deep philosophical conversations in #caboose, the topic of remembering that great idea that we had before we fell asleep or at any point during the evening.

Manfred Stienstra writes, “I always think of stuff right before I fall asleep and can’t remember them when I wake up.”

This happens to me as well, just not as much as it used to. I keep a small moleskin notebook and a pen on my bed side table and try to get everything in there as it comes up. When I open it, I see notes that don’t make any sense, which were probably after waking up from some bizarre dream. There are many business and development ideas that come up, but it’s often hard to record everything.

I’m sure that there are others who’ve faced this problem. Have you come up with a working solution? If so, would you mind sharing it?

I meant to work on this post… oh about 7 months ago.

Way back in January (7 months ago), Jamis Buck posted an article titled, Testing your views, which gave a few tips on using Test::Unit to, as the title suggests, test your views.

While, I’m not going to rewrite everything that Jamis wrote, I’d like to show you how to test these views with RSpec. (you might take a moment to quickly read his post…)

In this example, I’m going to show you how we’re able to write specs for the following RHTML, which you’ll notice matches the code that he wrote tests for.

Our team is lucky enough to be in a position where we have both designers AND developers working on the same code base in parallel.

Since Ruby on Rails adopts the Model-View-Control pattern for separating business logic from the presentation layer, we’re able to give our designers a lot of breathing room to to design the interface, whether it’s for interaction or aesthetic reasons. However, sometimes this breathing room has resulted in small bugs slipping into the application interface. In general, nothing disastrous, but each bug that slips into the queue, slows down the project and we want to avoid as much of that as possible.

I’d like to share a few issues that we’ve seen occur on various occasions, and then show you what we’ve done to avoid them happening again.

Scenario #1: The case of the changed div id, (victim: designer)

• Designer adds a few HTML elements to the page, defines an id on a

`<div>` tag and styles it with CSS.
```text
-   A few days later, a developer needs to make some changes, tests it
```text
in their favorite browser and commits.
```text
-   Later, the designer doesn't understand why the styling is all messed
```text
up. "It *was* working fine."
```text
-   ...minutes, hours... go by where the designer tries to track down
```html
the issue. "Oh! Someone renamed the `id` in this `<div>` tag. Sigh."
```text
-   Developer apologies, but explains that he needed to do it because he
```text
needed to make it work with his new RJS code.
```ruby
**Scenario #2:** The case of the changed `div` id, (victim: developer)

-   Developer is implementing this cool new Ajax feature into the web
```bash
application
-   The code relies on there being one or many HTML elements in the
    DOM with specific `id` values defined.
```ruby
Example: `<div id="notification_message">`

-   A few days later, a designer is making some changes to the layout
```html
and needs to restyle some of the view that this `<div>` tag is
defined. Designer decides to change the id to a different value for
any variety of reasons. (or perhaps they changed it to use a class
instead of styling it by the id). Often times, we don't know who set
the id or class... and many times the developers aren't savvy enough
with HTML and designers end up cleaning things up a bit.
```text
-   Later, code is checked in and designer didn't notice that the Ajax
```text
was now breaking as they weren't focusing on just the layout.
```text
-   Day or two later, developer sees bug, "Feature X isn't working,
```text
throwing JavaScript error..."
```yaml
-   Developer is confused, "Hey, that was working! What happened?"
-   Developer tracks down the problem, discusses with designer, they
```text
figure out a solution. Problem solved.
```ruby
I could outline a few other examples, but I really wanted to highlight
these two types of situations, as our team has seen this happen on
several occasions. Luckily, we've learned through these experiences and
have taken some measures to try and avoid them in the future.

## Moving forward (together)

Both of the examples above, were essentially the same problem, but
resulted in problems for a different role in the design and development
cycle. While, I've definitely been the victim of #2 several times
myself, I know that I've also been the guilty of #1. So, what can we do
as designers and developers to work with each other without causing
these little problems from occurring? (remember: many little problems
can add up to a lot of wasted time spent resolving them)

Several months ago, I had a meeting with
[Chris](http://chriszgriffin.com/) (User Interface Designer) and
[Graeme](http://blog.imperialdune.com/) (Lead Architect/Developer) to
discuss this very problem. At the time, we were implementing a lot of
Ajax into an application and were occasionally running into Scenario #2.
We discussed a few possible ways of communicating that, "yes, this div
id should NOT be changed (without talking to a developer first)!"

### Idea 1: Comment our "special" HTML elements

We discussed using ERb comments in our views to do something like the
following.
```html
```html
<% # no seriously, please don't change this id, it's needed for some Ajax stuff %>
  <div id="notification_message">
    ...

We all agreed that, while effective, it was going to clutter up our
RHTML code more than any of us desired.

**Team Response:** *Meh.*

### Idea 2: Reserve id's for developers

Another idea that came up, was to ask that designers only use classes
and ids wold be used by the developers when they needed it.
```html
```html
<div id="developer_terriroty" class="designer_territory">
    ...

Chris pointed out that this wasn't an ideal solution as there is a
distinct case for when to use ids versus classes.. and he is very strict
about adhering to the HTML/CSS standards.

**Team Response**: *Not hot about it...*

### Idea 3: Naming convention for Ajax-dependent elements

The third idea that was discussed, was specifying a naming convention
for any elements that were needed by our Ajax code. We played around on
the whiteboard with some ideas and settled on the idea that we'd prefix
our id's with something easy to remember for both designers and
developers.

We agreed on... `x_` (x underscore), which would make an element id look
something like this:
```html
```html
<div id="x_notification_message">
    ...

**x == ajax**... get it?

While this adds the strain of typing two more characters to much of our
RJS code, we don't run into Scenario #2 very often anymore.
````ruby
```ruby
render :update do |page|
    page[:x_notification_message] = 'Something exciting happened... and this is your notification!'
    page[:x_notification_message].visual_effect :highlight
  end

or in client-side JavaScript (where we also use this)...
```bash
```javascript
$('x_notification_message').do_something

```

I find that this helps our team keep a clear distinction between what can and shouldn’t be changed in the views by our designers. Sometimes they have a good reason to do so, but they know that if there is x_, then they should ask one of the developers on the team for assistance in renaming it without causing any problems in the application. It also allows our designers to add classes to these elements, or style the id that we’ve defined.

Team Response: Wow, was that all we needed to agree on? Hooray!

This leads me to some other problems that have/may come up, but I’ll discuss that in my next post on this topic, when I’ll show you how we can use RSpec to avoid these sorts of designer versus developer problems.

If you’re working in a similar environment, how are your designers and developers working, together, in perfect harmony?

Until next time, remember to hug your designer. …and if you’re still having developer design your applications, consider hiring a designer. ;-)

UPDATE: changed examples after a few comments about using div_for as another solution. (see comments for details)

Yesterday, I started to dig deeper into YSlow and decided to pick an application that we recently launched for a client. The performance grade that I saw at first was an F, which wasn’t surprising to me because we knew that there was going to be some fine tuning in the near future.

There is a lot of JavaScript in this application and we have several files to break up stuff to make it more maintainable. However, in production, we really don’t need to send the client (browser) 19 different JS files. We’ve been using mod_deflate to compress these files, but it doesn’t solve the problem of having several connections opening to download all the necessary JavaScript. The same is true for our CSS files.

At RailsConf, DHH announced that an upcoming version of Rails would bundle all the stylesheet and javascript files into one file and compress it. We’re running on 1.2.x for this application and decided to look at the AssetPackager plugin as a good solution to this problem.

I installed the plugin via piston and ran the following task, which is provided by AssetPackager.

While everyone else is trading their pownce and skitch invites, I wanted to let everyone know that I still have 89 gmail invites available.

Post a comment on my blog and I’ll hook you up!

Happy Friday! ;-)

update: only 12 left!

RubyURL was a project that I built about 2 1/2 years ago as a late night attempt to see what I could build and deploy with Ruby on Rails in a night. It’s nearing 50,000 unique website links, has a Ruby gem that you can use with it, and rbot plugins.

I’ve rewritten it about three times in the past six months, to try out some new approaches, but haven’t deployed with a new version as I’ve been waiting for someone to help me with a new design. Chris has offered to help out and once we integrate his new design with it, we’ll be launching it.

Everything is not great in RubyURL land though. It appears that it’s become an easy target for comment spammers to abuse the site to generate rubyurls and paste those links in their spam comments. Several pissed off bloggers, forum administrators, and system administrators have emailed me to complain that I’m spamming their site. Sadly, even with a basic disclaimer on the site, they still like to blame me for their spam. It’s gotten common enough, that I’ve written a template email that I respond with that explains how the site works and that I’m not accountable for people posting links to my URL redirect tool.

You can see that it’s popping up around the net via a google search.

So, I’ve been trying to think of ways to make it easier for people to flag URLs as being abusive of the site. I’ve not come up with any elegant solution that doesn’t force the good users of the site to have more steps in their process to create a basic RubyURL.

The ideal (and current) workflow:

• User navigates to http://rubyurl.com
• User pastes in long url into text box/area
• User submits form
• User is provided with new (shortened) rubyurl
• User copies the rubyurl and does what they want with it

(generally... pastes into IM, IRC, Email, etc.)
```yaml
Some people have suggested using a user system to do this, but I really
don't like that as a solution.

Another idea, which I built... and later removed from my new version,
involved having the original url load in a frame, and then provide a way
for users to flag it as 'spam', 'nsfw', or 'dead'. Then, we could
provide the user with a warning that the following URL was flagged
before, **are you sure you want to continue?** I didn't like this as a
solution in this way as it felt very obtrusive to have a rubyurl frame
at the top of the browser window.

One person suggested a captcha to try and verify that the user is human,
but there are problems with this.

-   I really dislike captchas. ;-)
-   This doesn't prevent spammers from using the ShortURL gem, which
```text
does everything via an API.

In regards to the API, this could be enhanced by requiring that everyone register an email address to get an API key, but only solves the API abusers.

I’m starting to brainstorm some solutions that specifically help the requests made through the web. I haven’t checked the logs enough yet to verify it, but I have a strong suspicion that much of the abuse is happening through a web-based bot, not through ShortURL… because Ruby developers are nicer than that. (I hope…)

So, I am curious… dear readers of my blog. How might you solve this problem without disrupting the user experience? Or, should I just stick with what I’ve got going and find a better way to respond to pissed off bloggers who think I’m spamming them?

Discuss…

It’s been a month since I posted, Audit Your Rails Development Team and now I find myself sitting in a hotel room in Mankato, Minnesota with Graeme after a long day of walking through the documents that we delivered to our client after conducting a Rails Code Audit and Review. Our client felt that it would be a great idea to have us visit with six of their employees and walk through the various topics that we brought up in our process. We’ve been doing several of these audits recently and are thought that it would be a good idea to begin sharing some problems that we’ve discovered across projects.

As much as we like to find lots things that we’d recommend improving in Rails applications, we also want to make sure that as many projects as possible avoid some of these common oversights. So, expect to see more posts related to things that we find through our Code Audit and Review process.

Today, I’d like to point out a potential security problem that is often overlooked by developers and system administrators.

Log files.

Does your application request any of the following information from your users?

• Social security number
• Credit card date (number, expiration date, etc..)
• Passwords

BY DEFAULT, all of this data is being written to your production log file. Even if you’re encrypting this data in your database, request parameters (get/post) are all written to your production logs without any encryption. Log files are also notorious for having insecure file permissions, so if you’re on a shared host, other accounts on the server might be able to view them. Regardless of how secure you think your server is, this isn’t data that you want sitting around.

Lucky for you, Ruby on Rails has an easy solution to this problem! All that you need to do is use the filter_parameter_logging method in your controller(s). We generally add something like the following to our application controller.