Archives
1 comment 
Andre
Staging environments are the perfect excuse to dig into new server configurations, and to play around with tools like Deprec. I have covered the gruesome technical details of the process over at Andre on Tech:
Overall, I'm impressed with how much deprec does for you. I had my staging environment setup in a few hours. Enjoy!
Posted in Scout, Presentations, Atlanta | 3 comments
CBQ
Last night, I demoed Scout to a room-full of Rubyists at the Atlanta Ruby User Group Meeting.
I would love to share all the wonderful feedback, but instead, I’ll share some of the excellent questions (and more elaborate answers) that were asked of Scout:
What are the security pitfalls, i.e. can someone simply write a ‘rm -rf’ plugin?
To answer that, let’s look at the architecture of Scout first:
- You install the tiny Scout client (which is a Ruby gem) on your server.
- The client connects over https (always) through a 256-bit secure, encrypted connection (the same encryption your bank uses).
- Scout never logs in to any of your servers.
- All communication is initiated by the client.
- The client downloads a pre-loaded plugin plan, consisting only of plugins of your choosing, so it cannot run plugins you didn’t explicitly authorize.
- The server also uses that same secure encryption for all communication. Individual accounts are protected.
- Client keys (uniquely generated) can be revoked at any time, disabling the client.
The security measures needed for Scout are the same as for any other software. In fact, in some ways, it’s easier to be more secure – the plugins are relatively few lines of code and easy to review. For a more closed environent, you can create a copy of the plugin code and host it on one of your own servers (a plugin is plain text).
Is Scout open source?
The Scout client is completely open source. The gem is a normal Ruby gem, open for development, and distributed under the MIT and/or Ruby License (whichever you prefer). The Scout Plugins people write are also completely open, in fact, they are surrounded and fostered by a community that encourages branching, fixes, and general open-ness.
The Server, where you aggregate your data, do reporting, and in general, collect information about your account is not open-source. We maintain the server, and keep all your data safe and sound.
When does it launch?
We’re doing the plumbing now – account subscriptions, a new home page, privacy policies, backup procedures, etc. We’ve recognized that lots of people are anxious to get going and we’re working to get it ready for public use as fast as possible.
Posted in Ruby on Rails, Speaking | 3 comments
CBQ
For those who missed my talk at the most excellent Acts As Conference put on by the good folks at Rails For All in Orlando, Florida—here’s the cheat sheet.
My talk was on the lessons learned from teaching the Ruby on Rails Bootcamp and various on-site Trainings over the past year and a half. Here are the 4 key things you need to do to be a successful trainer:
Define Your Purpose – Come up with a clear, specific, desired outcome. Are you attempting to teach the basics, or promote mastery? A quick how-to, or a detailed guide to a particular way of development? A clear purpose helps your audience hit the ground running. An unorganized braindump can leave your students frustrated when they go at it alone.
Know Your Audience – You’ve got to understand everything you can about your audience. This means not only their current level of knowledge, but their past experiences, and even their goals. Ask questions before and during your training to understand everything you can about them. This will help immensely with the next tip.
Give Relevant Examples – Cater your examples to the domain that your audience knows. If you are teaching a bunch of journalists, use concepts from the publishing world. Never use foo, bar, or any other made up word in any example. If you don’t know, guess, and if your audience corrects you on the concept, you now have attentive listeners, contributing to your solution!
Teach How to Learn – Show, don’t tell. Stress how to find out why something works the way it does. Give plenty of examples, and help your audience figure out concepts. Give them the resources to continue learning and to find out more. Show them how you figured it out, or where you went to learn.
I’m sure there are plenty more tips, but I’ve found these 4 to be extremely valuable to me in coming up with valuable lessons and ways of teaching. Thanks to everyone who came up to me afterward to ask questions and share feedback about teaching!
Posted in HowTo, Ruby on Rails | 1 comment
James
One of our current projects at Highgroove sends a lot of email to its users. It essentially walks them through a process and emails them at each step. All of those messages include URL's to visit the relevant page in the application for that step. Since we've emailed them the URL's we don't want them to have to login every time they click one.
To get around that I modified the application to accept URL's like the following:
http://domain.com/login/TOKEN/ANY/SITE/URL
These URL's log the user in using their security TOKEN and then redirect them to /ANY/SITE/URL. This setup allows me to easily forward a user to any URL on the site which is great when writing all of these emails.
The code is easy enough too. I imagine many of us have a sessions controller that looks something like:
class SessionController < ApplicationController
def create
if user = User.authenticate(params[:email], params[:pass])
# log user in...
else
# login error message...
end
end
# ...
end
First, I just added some support for the token based login with redirect to that:
class SessionController < ApplicationController
def create
if params[:token] and (user = User.find_by_token(params[:token]))
# log user in...
if params[:path].is_a? Array
redirect_to "/#{params[:path].join('/')}"
else
redirect_to home_path # or whatever default page you want
end
elsif user = User.authenticate(params[:email], params[:pass])
# log user in...
else
# login error message...
end
end
# ...
end
The magic redirect_to() call in that new code uses a not-often-seen feature of Rails's routing. You can specify that Rails collect any number of trailing URL bits into an Array much like Ruby can do for method parameters. Here's the route definition I am using to get users to the code above:
# a custom login route with forwarding
map.connect "login/:token/*path", :controller => "session",
:action => "create"
The *path is the magic slurping parameter syntax, again just like arguments to a Ruby method. Rails will collect each piece of the remaining URL into an Array called path, so just remember that you need to rejoin the elements to make them a real URL again.
