There are 161 occurrences of the following code pattern inside the ASP.Net MVC source code: See details of which class and which line at https://gist.github.com/739523
method(type argument)
{
if(argument == null){
throw new ArgumentNullException("argument")
}
...
}
So, in total this pattern introduces 312 lines of duplicate code without whitespaces and 644 lines of duplicate code including whitespaces. And the pattern is simple, just check a condition and throw exception if its true. Not to mention, there are numerous other duplications where string.IsNullOrEmpty is used to check for string arguments.
This observation is interesting to me. Since, I think it adds a lot of noise to the code. In fact, if you randomly look at any of the methods - you have a good chance of seeing the first few lines doing this exactly similar thing. And this adds noise to me. Not to mention that, the developer needs to write the code, write tests for this code and if one needs to use this method, somehow should know this in advance that passing a null will result in an exception. But of course, this is not explicit from the method signature unless the developer also takes the pain to put a documentation styled comment and mention about this ArgumentNullException.
To remove this clutter, I think C# can introduce a few language keywords such as the follows:
public void Authenticate(required User user)
public void AddNewUser(nonblank string userName)
A compiler can very easily compile the code and put the exception throwing logic based on these keywords. Call it a syntactic sugar or a language keyword, this is the kind of translation that seems to be perfect for the compilers. And I can foresee it being used in almost all methods we write, since if the methods require an argument they do it for a purpose and most of the time null is not expected anyway!
I don't know if this will reach the people responsible for developing C#, but if it does, I think the community will really love this new language feature.
I know about workarounds using AOP or other hyped-but-seldom-used tricks to solve this problem. But these tricks often make life harder by introducing a learning curve and then punishing the learning by slowing down the application. So, its best to put in as a core language feature. What do you think?
while I.am_alive? do
read.think.innovate.share
I.wannabe_alive += 1
end
Monday, December 13, 2010
Friday, December 10, 2010
Book Review: Jose Valim's Crafting Rails Applications
Have you already read this? |
The following excerpt by Jose Valim at the end of the book nicely summarizes it:
Finally, you understand Rails better. You can explore other areas of the source code, study other Action Controller and Active Models modules, check other generators implementations or read the source of Railties, Engines and Applications with detail! - Jose ValimFor the impatient readers, this is the best in-depth Ruby on Rails related book I have ever read and you should read this (only 172 pages). Buy the book here. But wait, you could get 40% discount and get the book for $13. I will tell you how, continue reading!
This book literally opens up the Ruby on Rails framework for the readers. So, now I am crystal clear about Metal, Rack, ActiveModel, Rendering, Templating, Migrations, Gems, Engines and so many core concepts. If you are like me, you have cloned the Ruby on Rails code and took a peek into the code to understand, patch some code or just to learn some hidden treasures of Ruby, but had tough time getting hold of the big picture. Well, this book will show you some highways and also some other useful alleys - you can find the rest by yourself!
This book embraces Test Driven Design, so all code examples, and hell yes there's a lot of them, are test driven. So, its unit test, functional test and integration test that drives the show. The topics cover customization of key Ruby on Rails components such as: models, controllers, views, mailers, generators and rack integrations. But the examples are really good as it shows:
- Responding to pdf requests so that the server responds with on-the-fly PDF responses
- Using Markdown templates for producing HTML and Text multipart emails from a single source template
- Rendering views that are stored in a database to work as a simple CMS
- Publishing and subscribing to Rails internal event such as SQL queries
- Creating a simple rack application
- Creating a Rails Engine
- Creating custom responders so that you can DRY up your controllers that use exactly same lines for respond_to do |format|...
- I18n translations using Redis key-value store and caching
- Combining Sinatra with Rails in a single Rails app
To ease the process of trying out the DIY code, Jose Valim created an excellent gem called enginex. This gem gives you an incubator to try out the example code while building your own gem and using it from an embedded dummy application, writing tests and even browsing the app. The whole experience of trying out the code is awesome. Before this, I have never read a book that shipped with a gem just so that the readers could easily use the source code. Awesome idea and even better execution.
While explaining the inner workings of Ruby on Rails framework the book also discussed about a few useful gems:
- devise - authentication gem.
- enginex - produces incubator for gem development and makes it a breeze.
- capybara - drives integrations tests and also works with browsers through selenium etc.
- rdiscount - Discount is an implementation of John Gruber's Markdown markup language in C
- responders - DRY up your Ruby on Rails application with a number of handy responders.
- redis - an easy to use Key Value store.
- prawn - Ruby PDF library.
This book also shows a number of cool tricks. Its overall a fun read. I would say, the final version will be more eye-soothing, but don't wait for that. Grab your ebook now and you will get the updates as they come!
I would like the book more if Jose Valim could reorganize some of the content. For an example, the text about Generators appear in different places. I think it would be easier to follow if it was in a separate chapter. The same applies for Engine.
I have another observation: the book is written for pro developers with substantial Ruby/Rails application. But I think the topics discussed here could also be equally useful to beginners. The later can be achieved by going a bit slow about some of the topics. Jose Valim, can you add little explanations at places for beginners?
The bottom line is, buy this book and read. To receive 40% discount, sign up at http://pragprog.com and refer to a friend and ask her to complete signup. You both get 40% discount. To claim, go to your account and you will find this as soon as your friend completes the signup.
Thank you!
--
This review is not sponsored and contains my opinion only.
Thursday, November 11, 2010
Ruby - some mysterious language features
Here I will share some of the interesting ruby features that you will notice when looking into mature ruby code by advanced level coders.
Labels:
Ruby
Wednesday, November 10, 2010
Upgrading to Ruby on Rails 3 - beware!
Ryan Bates had a series of posts (1, 2 and 3) on upgrading your Rails 2.3.x apps to Rails 3.x and sure they are useful. But if you are really doing that, beware of the following changes that you will need to do. It will take a lot of time for sure if you you have a moderate sized app.
Upgrading your models:
Upgrading your models:
- Get rid of all validates_xxx_of with appropriate validates
- Get rid of all def validate ... end methods with custom validator
- Find out all occurrences of :conditions, :limit, :order and use new active record methods instead
- Replace all named_scope with scope
- Make sure your acts_as_xxxx plugins are all updated to use Ruby on Rails 3. I had troubles with Authlogic as it shows Based.named_scope is DEPRICATED. Still looking for a solution.
- Ruby 1.9.2 doesn't work with soap42 wsdl driver. Haven't found a solution yet as it keeps reporting an error regarding "XML processor module" missing.
Upgrading your controllers:
- Find out all occurrences of find method and replace with where.
- Find out all calls to Mailer that looks like deliver_xxx and make it xxx.deliver
Upgrading your views:
- All erb blocks must start with a has to be changed to . Do the same for all such erb blocks with a do.
- All link_to_remote or remote_form_for or other remote form helpers need to be changed to their non-remote counterparts with a param :remote => true.
Upgrading your mailers:
- body method is gone, instead of the hashed params to this method, just define instance variables.
- All xxx.text.html.erb now becomes xxx.html.erb in the mailer views.
Upgrading the config files:
- The best way is to crate a new rails app and then copy the config folder into yours.
- Look at the initializers and clean up any required initializers.
- Make sure you have autoload_paths setup to include the lib folder. It is not included by default, so your code from the lib folder won't be accessible.
- Look at deprecation warning and you will see lots of config.action_controller.* need to changed to config.*
Plugins:
- All plugin/lib/rails/tasks/*.rake needs to be copied in to plugin/lib/tasks/*.rake
- Make sure your plugins don't use named_scope, if you find any, replace with scope.
- Whatever applies to your models should also be applied to your plugins that act on models.
Testing:
- Check you have updated shoulda, rspec or whatever lib you use.
- Update test codes according to your new lib.
Upgrading IDE to use RVM:
- Your IDE is not smart enough to use RVM. However use this to get TextMate ready.
Wednesday, September 29, 2010
Using nil.to_a or whatever.to_a in ruby
Ruby is a programming language for developer happiness and productivity for customers. Here is a quick happiness and productivity tip:
Labels:
Ruby
Saturday, September 18, 2010
4 design principles
Simplicity favors regularity.
Smaller is faster.
Good design demands compromise.
Make the common case fast.
The four principles of MIPS design that applies to most design jobs we do, even with our personal lives. Agree?
Smaller is faster.
Good design demands compromise.
Make the common case fast.
The four principles of MIPS design that applies to most design jobs we do, even with our personal lives. Agree?
Wednesday, September 15, 2010
OO Design Dilemma: Auditing Changes Across Hierarchical Objects
Here is a sample UML class diagram of the situation that posed me the OO design dilemma a few days ago.
Let me explain with an example,
Now, the above design looks good from OO perspective. However, since we need to persist the data into a relational database, we will end up with one table per class and foreign keys to interlink. If you are doing Ruby on Rails, you will possibly use polymorphic association between Auditable and the subclasses. For an example, lets consider the following E-R design (not showing all relations):
Now, given this schema, if you need to find out the latest 50 Log Messages with Author and Associated objects for the Electronics Catalog, how would you write a simple query?
Look, here is an expected outcome of the query:
Sep 15, 2010
Now, you see, the date wise grouping can be done once the latest audit logs from all across the Catalog hierarchy is found. But how do you find it given a CatalogID to start with? The following query wont work:
SELECT TOP 50 * FROM Auditables WHERE AuditableTypeName='Catalog' and AuditableID=my_catalog_id ORDER BY Timestamp DESC
Because it will only produce the audit logs for the Catalog Object, whereas we are expecting to see all the recent audits for this Catalog and underlying products down to the Specification Property level.
However, one work around is to query for the Audit Logs for the Catalog. Next, find all the Products of this Catalog and query for the audits for all these products. However, if we are to select top 50 audits for the catalog and its whole hierarchy, how many should we select here? And the problem gets even worse, when you have to repeat the above steps for Specifications and Specification Properties. When you have to take the latest 50 audit logs after you run a few queries, say 10, you have to take 50 audit logs for each of them. Because, the latest 50 results can be from a single query :-(
Looks like the Auditable class and corresponding design doesn't work well for this situation. So, what is a possible solution?
It's hard. I don't readily see a great solution. However, workarounds are there. For example, we can change the Audiable class to hold references to all levels of the Catalog object hierarchy. So, in that case the Auditables table will look like the following:
With such a schema, we need to ensure if the Audit Log corresponds to a SpecificationProperty, we put references to all its higher level objects. So, the query will be simple. With this assumption, the following query will be able to fetch all audit logs for Catalog and its descendants.
SELECT TOP 50 * FROM Auditables WHERE CatalogID=my_catalog_id
Similarly, the following query will produce the audit logs for a single project and its descendents:
SELECT TOP 50 * FROM Auditables WHERE ProductID=my_product_id
However, it has its downsides as well. The Auditables is no longer a general purpose Auditable. If we add a new type of Auditable, we cannot use it unless we alter its properties! High Coupling! Less Reuse. Also, a lot of if-else will be required to show the Audit logs, as it can belong to multiple parents!
How would you solve this design dilemma? Comments welcome!
Let me explain with an example,
The Electronic Items catalog has many Televisions. The Sony Televisions come with different specifications, such as refresh rate of 240 Hz, 120 Hz and 60 Hz. However, the 240 Hz ones also comes in different colors - Black and Grey.Now, a store manager needs to see the recent changes across all catalogs, such as electronic items, musical instruments and so on. So, if someone added a new Sony 240 Hz color of Dark Black or removed the Grey one, the store manager needs to see this. However, a department manager may need to see changes at all levels, for example whenever one of her Catalog, Product, Specification or its Property is changed. So, if she needs to see all changes under Sony Television, you know, she needs to see changes in the name and value of underlying specifications and their properties as well as changes at the higher level, say, the price.
Now, the above design looks good from OO perspective. However, since we need to persist the data into a relational database, we will end up with one table per class and foreign keys to interlink. If you are doing Ruby on Rails, you will possibly use polymorphic association between Auditable and the subclasses. For an example, lets consider the following E-R design (not showing all relations):
Now, given this schema, if you need to find out the latest 50 Log Messages with Author and Associated objects for the Electronics Catalog, how would you write a simple query?
Look, here is an expected outcome of the query:
Sep 15, 2010
- Jane added new Color : Dark Black for Sony 240 Hz TV
- Shon changed the Sony TV Price from $700 to $600
- Jakie added a new Specification for Panasonic TV: Aspect Ratio -> 16:9
- ...
- ...
Now, you see, the date wise grouping can be done once the latest audit logs from all across the Catalog hierarchy is found. But how do you find it given a CatalogID to start with? The following query wont work:
SELECT TOP 50 * FROM Auditables WHERE AuditableTypeName='Catalog' and AuditableID=my_catalog_id ORDER BY Timestamp DESC
Because it will only produce the audit logs for the Catalog Object, whereas we are expecting to see all the recent audits for this Catalog and underlying products down to the Specification Property level.
However, one work around is to query for the Audit Logs for the Catalog. Next, find all the Products of this Catalog and query for the audits for all these products. However, if we are to select top 50 audits for the catalog and its whole hierarchy, how many should we select here? And the problem gets even worse, when you have to repeat the above steps for Specifications and Specification Properties. When you have to take the latest 50 audit logs after you run a few queries, say 10, you have to take 50 audit logs for each of them. Because, the latest 50 results can be from a single query :-(
Looks like the Auditable class and corresponding design doesn't work well for this situation. So, what is a possible solution?
It's hard. I don't readily see a great solution. However, workarounds are there. For example, we can change the Audiable class to hold references to all levels of the Catalog object hierarchy. So, in that case the Auditables table will look like the following:
With such a schema, we need to ensure if the Audit Log corresponds to a SpecificationProperty, we put references to all its higher level objects. So, the query will be simple. With this assumption, the following query will be able to fetch all audit logs for Catalog and its descendants.
SELECT TOP 50 * FROM Auditables WHERE CatalogID=my_catalog_id
Similarly, the following query will produce the audit logs for a single project and its descendents:
SELECT TOP 50 * FROM Auditables WHERE ProductID=my_product_id
However, it has its downsides as well. The Auditables is no longer a general purpose Auditable. If we add a new type of Auditable, we cannot use it unless we alter its properties! High Coupling! Less Reuse. Also, a lot of if-else will be required to show the Audit logs, as it can belong to multiple parents!
How would you solve this design dilemma? Comments welcome!
Labels:
Architecture
Monday, July 19, 2010
Know Your Enemies Before They Kill You!
From darekb
You know what, this is a political world. So, enemies will seemingly look like your friends until the moment when.. well, its time for the kill! My dear readers, its time to know the enemies!
I have met with a few enemies off late. I will go one by one here.
If you are a software developer like me, you will often see this enemy, camouflaged variables, methods, classes and namespaces. For example, I have recently seen a Stack camouflaged as Visitor! I really mean this. I found a class called Visitor, so I was expecting a Visitor Design Pattern implementation or something similar, but what I got was a Stack under the hood with two methods Push and Pop! This enemies are very bad for your health, as they will keep you guessing all the time... you never know what they do from looking at their names!
Another enemy you will often see are the very skinny ones, to skinny to have any meat in them. I met some enemies like this as well. What happens when you do over engineering with interface explosion and a lot of one method classes? Is it really that difficult? Is it really a class? Is it really a package? I don't think so! You can spoil a piece of code by introducing a class/package for a single method. This enemy often surfaces because of the fact that, the design pattern book only shows classes with one/two key methods in them... which is of course not intended. But this is life... you gotta balance between class explosion and God classes... really, or this enemy will kill you someday.
I have just touched two common enemies... but there is another enemy we all are aware of, CMD+c (OS X) or Ctrl + C (Win). Its such a pain to copy a code fragment and use it in a different class... this is exactly the form of reuse that kills everything. Make sure you don't let this germ to grow, or it will outgrow you and leave you crying.
Have you reviewed your code by someone else today? If yes, keep up the good work. If not, beware of the enemies before they get you. Best of luck!
Wednesday, July 07, 2010
The Greatest Show on Earth and What Else?
FIFA world cup 2010 is almost coming to an end. This is definitely the greatest show on earth and I have been all occupied with the matches...
However, the show started almost immediately after I was back from Europe. It was a nice tour, starting a day at Amsterdam. Then to Trondheim (Norway), Stockholm and the best part was the night long sea cruise to Helsinki. An experience to remember for the rest of my life.
The days were eventful to say the least. At XP 2010, I presented my paper. Here is the presentation for my caring readers :-)
But XP 2010 was also a great place to meet people from around the world who care about software, its crafts and of course impacts. In very short, I found people to be very interested and starting to explore the possibilities with Lean and Kanban. This was a little surprising, because until now it has almost always been Scrum and XP to have a covering meaning of Agile. But, the industry seems to be leaning towards Lean. This is the beauty of being agile, to be able to adapt with time!
However, Norway seemed to be an expensive place even compared to Calgary. But, don't shy away from Norway for this reason, they have spectacular beauty in their landscape. Serene and soothing. While staying in Trondheim, I visited a cathedral from early 1000's. It was amazing to see the cathedral still standing firmly after so many years... extreme engineering! The city was full of historical buildings... if you haven't heard, the Harry Potter building is actually the main academic building at NTNU. (kidding! but the locals really call it by Harry Potter building)
This is me and my wife in front of the Harry Potter Building!
The city tour and canal cruise at Amsterdam was also a pleasant experience. It was nice to see the centuries old bridges and roads still serving the people so well. It is indeed a bicycle city, everyone in the city seemed to have a bicycle... believe me, they have multi-storied parking facilities only for bicycles! No wonder, why they are so healthy as a nation.
Next, Stockholm is a city full of life. You will see people dancing, having a drink and enjoying their times with friends everywhere. Especially for people like me, who barely see any crowd in Calgary, will find the place to be very exciting and inspiring.
Our Stockholm stay was rather short as we went to Helsinki on a sea cruise with Viking line. This was very eventful. Firstly because me and my wife lost each other when I was rushing into the ship as it was just about to start... then I stepped out of the ship, rushing back to the checkin counter and heard her crying like a baby... she was so upset and so scared! But we eventually managed to get into the ship may be 1 min before the doors were locked!
But this late entrance came with a surprise! We were given a window side cabin although we didn't get one while booking... and the awesome journey began. It was around 5:30 in the evening and the view from the deck was so nice. And there were live music and dance uptill midnight, nice romantic trip altogether. When we landed at the Helsinki city, we roamed around the tourist hotspots and I slept on the grass. Really! I took the following photo before I fell asleep..
However, the show started almost immediately after I was back from Europe. It was a nice tour, starting a day at Amsterdam. Then to Trondheim (Norway), Stockholm and the best part was the night long sea cruise to Helsinki. An experience to remember for the rest of my life.
The days were eventful to say the least. At XP 2010, I presented my paper. Here is the presentation for my caring readers :-)
But XP 2010 was also a great place to meet people from around the world who care about software, its crafts and of course impacts. In very short, I found people to be very interested and starting to explore the possibilities with Lean and Kanban. This was a little surprising, because until now it has almost always been Scrum and XP to have a covering meaning of Agile. But, the industry seems to be leaning towards Lean. This is the beauty of being agile, to be able to adapt with time!
However, Norway seemed to be an expensive place even compared to Calgary. But, don't shy away from Norway for this reason, they have spectacular beauty in their landscape. Serene and soothing. While staying in Trondheim, I visited a cathedral from early 1000's. It was amazing to see the cathedral still standing firmly after so many years... extreme engineering! The city was full of historical buildings... if you haven't heard, the Harry Potter building is actually the main academic building at NTNU. (kidding! but the locals really call it by Harry Potter building)
This is me and my wife in front of the Harry Potter Building!
The city tour and canal cruise at Amsterdam was also a pleasant experience. It was nice to see the centuries old bridges and roads still serving the people so well. It is indeed a bicycle city, everyone in the city seemed to have a bicycle... believe me, they have multi-storied parking facilities only for bicycles! No wonder, why they are so healthy as a nation.
Next, Stockholm is a city full of life. You will see people dancing, having a drink and enjoying their times with friends everywhere. Especially for people like me, who barely see any crowd in Calgary, will find the place to be very exciting and inspiring.
Our Stockholm stay was rather short as we went to Helsinki on a sea cruise with Viking line. This was very eventful. Firstly because me and my wife lost each other when I was rushing into the ship as it was just about to start... then I stepped out of the ship, rushing back to the checkin counter and heard her crying like a baby... she was so upset and so scared! But we eventually managed to get into the ship may be 1 min before the doors were locked!
But this late entrance came with a surprise! We were given a window side cabin although we didn't get one while booking... and the awesome journey began. It was around 5:30 in the evening and the view from the deck was so nice. And there were live music and dance uptill midnight, nice romantic trip altogether. When we landed at the Helsinki city, we roamed around the tourist hotspots and I slept on the grass. Really! I took the following photo before I fell asleep..
However, back to normal life and the greatest show on earth started! At office, I have kind of wrapped up the application that I was working on for the last 3 months and now heading towards another project. This time its gonna be Java after a looong time... At the lab, trying to wrap my thesis related implementations by the summer. Discovering lot of things as I am working with Lucene, Solr, Tika, Acts as Solr and these full text search engine related stuffs. Hope to push a post about these things when I get some time!
But, this is summer in Calgary. And I attended the Canada Day fireworks at the City hall. Here is a photo of the event for my reader:
This is pretty much it. Looking forward to the events at Calgary Stampedes. Hopefully this will also be a wonderful time pass. I will see if I can be back with some real "meat" in this blog shortly!
Labels:
other
Monday, May 03, 2010
Summer of 2010! Europe, here we come!
I just completed my Winter 2010 semester at school. It was so far a good one. I pushed my papers and presentations on the courses of this semester at http://smsohan.com/#courses If you are interested to read my paper about Tabletop Application Testing or Communication Challenges with Distributed Agile Teams, you are most welcome at my site.
However, its time to look ahead to the summer. And I hope this will be a good one! I just received my driving license after a wonderful training from Drashko and Gordana at the Green Light Driving School. If you are looking for a caring and professional driving school in Calgary, I highly recommend them. They will make it easy for you.
Well, driving license comes with an obligation to buy a car :-) I am right now looking for one used car, probably from Toyota, Honda or Nissan, as people told me these are more reliable than others. I am not sure if I will be buying a car soon, but I already got visa for a Europe trip, my first ever. Its gonna be our second honeymoon in the European land :-) We will be going to Norway for attending the XP 2010 conference where I will be presenting my research paper on Email Auto-Tagging with User Stories. However, we are planning to see a part of Amsterdam and Stockholm alongside Norway. I have heard all the good things about these sites during summer... staying tuned to that!
I will also be working on my research project as well as my job at Wairever Inc. This summer will be a busy one. But I am hoping the summer in Calgary will be a lot of fun with friends and at work...
One little realization: I figured out that there are two crowds in the software world. One crowd has lot of respect for open source stuffs like Ruby on Rails and another crowd has that for "established" big players like .Net or Java. With this realization, I am focusing on getting my .Net knowledge in sync with recent developments as of .Net 4.0 and VS 2010. I am always reading the blogs and MSDN... but this time I will look into one/few books that give(s) a complete and detailed picture about the deltas in .Net 4.0. However, I will keep posting on my Drink Rails blog as usual, almost daily.
Do you have any recommended book for .Net 4.0? Please use the comments area for that.
However, its time to look ahead to the summer. And I hope this will be a good one! I just received my driving license after a wonderful training from Drashko and Gordana at the Green Light Driving School. If you are looking for a caring and professional driving school in Calgary, I highly recommend them. They will make it easy for you.
Well, driving license comes with an obligation to buy a car :-) I am right now looking for one used car, probably from Toyota, Honda or Nissan, as people told me these are more reliable than others. I am not sure if I will be buying a car soon, but I already got visa for a Europe trip, my first ever. Its gonna be our second honeymoon in the European land :-) We will be going to Norway for attending the XP 2010 conference where I will be presenting my research paper on Email Auto-Tagging with User Stories. However, we are planning to see a part of Amsterdam and Stockholm alongside Norway. I have heard all the good things about these sites during summer... staying tuned to that!
I will also be working on my research project as well as my job at Wairever Inc. This summer will be a busy one. But I am hoping the summer in Calgary will be a lot of fun with friends and at work...
One little realization: I figured out that there are two crowds in the software world. One crowd has lot of respect for open source stuffs like Ruby on Rails and another crowd has that for "established" big players like .Net or Java. With this realization, I am focusing on getting my .Net knowledge in sync with recent developments as of .Net 4.0 and VS 2010. I am always reading the blogs and MSDN... but this time I will look into one/few books that give(s) a complete and detailed picture about the deltas in .Net 4.0. However, I will keep posting on my Drink Rails blog as usual, almost daily.
Do you have any recommended book for .Net 4.0? Please use the comments area for that.
Monday, April 26, 2010
Using Authlogic and single access token for API access
Bynarylogic's authlogic has gained much popularity for its out of the box solution to ruby on rails authentication. Yesterday, I was working on giving API access to my ruby on rails application so that other apps can use my RESTful services. The authenticated API access usually involves the following steps:
- API_KEY or a token to identify/authenticate an API call.
- Authentication of an API caller using the API_KEY.
Authlogic comes with in-built support for this. The following steps will do it for you:
Wednesday, March 31, 2010
flash.now - did you know?
Well, I didn't know this until late. If you are like me, you have often wondered when you saw those unwanted flash messages appearing after a request, sometimes after ajax requests when you do a redirect, all on a sudden that flash shows up!
Well, as you have thought, the Ruby on Rails people have solved this problem way before now. The solution is to wisely use flash.now[] and flash[]. Here are a few tips:
Use flash.now[] when you are flashing:
Well, as you have thought, the Ruby on Rails people have solved this problem way before now. The solution is to wisely use flash.now[] and flash[]. Here are a few tips:
Use flash.now[] when you are flashing:
- on ajax requests
- before a call to render :action => :my_action, as often found in failure cases of create and update actions
- before a redirect_to, often found in the success cases of create and update actions
In general, use flash.now[] when you don't want to carry over the flash to the next http request and flash[] otherwise. The FlashHash class has more detail on this at the ruby on rails API page. Hope this helps you to get rid of those annoying and often embarrassing out-of-context flash messages!
Tuesday, March 23, 2010
What's up next?
Hello Readers:
Wish you all are doing great as the Spring already started :-)
Recently my grad courses are keeping me busy with assignments and projects as the term comes close to an end. So, I haven't had much time to spend on blogging other than posting the Ruby on Rails link blog called www.DrinkRails.com. However, for my readers, I thought I would post the recent presentation that I put for the Agile course here:
But I am looking forward to start a new project with Wairever (www.Wairever.com), a Calgary based health care IT solution vendor. I hope that will fuel me with a lot of new concepts and as always, I will try to keep my learning posted here at my blog. Stay tuned! BTW, if you are Ruby on Rails developer or wanna be so, please let me know your feedback about the DrinkRails.com link blog.
Wish you all are doing great as the Spring already started :-)
Recently my grad courses are keeping me busy with assignments and projects as the term comes close to an end. So, I haven't had much time to spend on blogging other than posting the Ruby on Rails link blog called www.DrinkRails.com. However, for my readers, I thought I would post the recent presentation that I put for the Agile course here:
But I am looking forward to start a new project with Wairever (www.Wairever.com), a Calgary based health care IT solution vendor. I hope that will fuel me with a lot of new concepts and as always, I will try to keep my learning posted here at my blog. Stay tuned! BTW, if you are Ruby on Rails developer or wanna be so, please let me know your feedback about the DrinkRails.com link blog.
Labels:
agile
Thursday, March 11, 2010
Ruby on Rails Security Review: An Experience Report
Image credits to Wink on Flickr (creative commons)
I was reviewing a Ruby on Rails source code to see the security implementations they have so far. They are about to launch their product for the first release and wanted to ensure they have the most obvious things checked. So, in a sense it was not supposed to be a hacking job for me, rather to check if the most well known security measures are in place. This is what I looked into so far:
- Password: Password was encrypted using a salt. However, the default logger would log the password as they didn't use the filter_paramerer_logging method.
- Cross-Site Scripting: I was able to easily inject a script by just entering <script>alert('Script')</script> when I signed up to the system and every time it would open an alert window whenever I navigated to a new page! So, I recommended them to use <%= h %>. However, Rails 3 does a good job of making this a default.
- Authorization: I found the weakest measure in the implementation of Authorization. For an example, there is a calendar in the web app where one can add/remove events. I found that any logged in user, not necessarily the event owner, could change/remove any calendar event. This was a shocker. Next, I found this same thing happening to the core models as well. The catch here is, they had a filter that checked if a user was logged in, but they didn't check if a user has rights to modify an instance of the object. For example, there is a project model, that can only be modified by the project owner. However, this per object ownership was not authorized and it was a huge potential security bug in my opinion.
- File uploads: The app was designed to upload the files to a folder underneath the public folder. Which means, if the rails server was down, apache would serve the files directly to the user bypassing whatever security measure was taken inside the app.
- PRG violation: This is a good idea to follow a post-redirect-get pattern when an object is modified through post/delete/put to ensure pressing the browser refresh button doesn't re-invoke the change. This wasn't done at some places which might end in multiple payments and such severe risks.
- Direct public release: I was a bit concerned that they wanted to go public release with their first ever release, even before having an alpha or at least in-house user. This is important because this application deals with money and credit cards. Trust is very important for such apps. So, I advised them to try this for some real works at home other than the "asdf asdf asdf...."(!) kind inputs. This will help them spotting some of the odd behaviors early and cause less embarrassment.
It was only a 4 hour assignment for me. Also, I was only limited to the source code and the test deployment that they have now. However, it seemed to me that, they might spend a few hours to fix the obvious errors and do some in-house real use before going to a public release.
Tuesday, March 09, 2010
Ruby on Rails or Rails on Ruby?
All on a sudden, this thing popped up in my mind. What we are calling Ruby on Rails, is this actually "Ruby" on "Rails" or the other way around? Is this upside down? Here's my mental picture of the RoR framework:
Image credits to Foo Fighter on Flickr(creative commons)
- Ruby is a self-sustained language. As a language this is completely ignorant of the Rails Framework. So, I think there is no dependency from Ruby to Rails.
- Rails is a framework built using Ruby as a language. So, there is a strict dependency from Rails to Ruby.
What do you think? Would you call it "Rails on Ruby" or "Ruby on Rails"? I see a point of agreement for the ones who want to call it RoR, no damage done :-)
Lets see how this "on" preposition works for other language/platform pairs:
- Java on Struts vs Struts on Java
- PHP on Cake vs Cake on PHP
- C# on .Net vs .Net on C#
Confused? Well, then you can use RoR for now!
Friday, February 26, 2010
Rails Source Code Walkthrough #1: the ActiveModel Module
I was taking a look into the fresh ActiveModel module of Rails 3 as of github revision #100644. Here is what I learned:
- Learned about new feature called autoload. Rails Inside has a small yet useful autoload example here. It is a mechanism to lazy load your modules, so delaying the load unless the module methods are actually called. A call to autoload simply marks it as a potential include, but the actual include takes place only when you first use something on that module. I has a syntax like the following: autoload :Callbacks
- Using autoload, the ActiveModel module loads a number of other modules such as: AttributeMethods, Callbacks, Dirty, Observer, Observing etc.
- Also, it initializes the I18n Internationalization with the default en locale.
What's inside AttributeMethods?
This module defines class methods that lets you define attribute methods for the objects. I learned that you can have prefix, suffix and affix appended to your attributes that go to to a default method. For example, consider the following example right from the code:
# class Person## include ActiveModel::AttributeMethods# attr_accessor :name# attribute_method_suffix '_short?'# define_attribute_methods [:name]## private## def attribute_short?(attr)# send(attr).length < 5# end# end## person = Person.new# person.name = "Bob"# person.name # => "Bob"# person.name_short? # => true
Isn't this amazing?
What's inside callbacks?
Callbacks module is responsible for firing your before, after and around callbacks on ActiveModel models.
What's inside Conversion?
Conversion module only has 3 methods, to_model, to_key and to_param . These methods can be overriden to allow custom conversion of the ActiveModel objects.
What's inside Dirty?
The dirty module is all about dirty tracking methods of your ActiveModels. It has methods like changes, changed?, changed, reset_attr! etc. that you can use to track changes of your model objects. Thinks like history tracking or audition on changes can be done using this module methods.
What's inside Errors module?
This module has everything that deals with generating errors on ActiveModel validations. One ruby feature I learned from this module that I didn't know before. Its something like an indexer in C#. Here is an example from the source code:
# When passed a symbol or a name of a method, returns an array of errors for the method.## p.errors[:name] #=> ["can not be nil"]# p.errors['name'] #=> ["can not be nil"]def [](attribute)if errors = get(attribute.to_sym)errorselseset(attribute.to_sym, [])endend# Adds to the supplied attribute the supplied error message.## p.errors[:name] = "must be set"# p.errors[:name] #=> ['must be set']def []=(attribute, error)self[attribute.to_sym] << errorend
What's inside the Naming module?
Naming module is all about singular, plural, human and such names for your models! This methods are used to define the routes as well as in views. You can override such methods to provide a custom pluralized name for your model.
What's inside observing?
Rails Observers provide you a clean implementation of the Observer design pattern. It extends on top of the default observer module from Ruby. These observers are often use for implementing Aspect oriented programming as well as the code that are neither part of models or controllers, rather fall in between the two. Email notification is an useful example from Rails Guides.
What's inside the Railtie module?
Well, not much! But it glues up ActiveModel with Rails! Just two lines of code as folllows:
require "active_model"require "rails"
What's up with Serialization?
It has only one method that generates a hash based on the serializable attributes with :only and :except filter!
What's inside Serializers?
It has two serializers, one for json and another for xml. This two works great out of the box. However, if you need to tweak it, it should be very simply done by subclassing this classes.
What's inside translation?
It translates your model attribute names to match your locale using I18n. The default skim looks for the following naming in your local yml file when called through the method human_attribute_name
activemodel.attributes.underscore_model_name.attribute_name
Whats inside Validations?
This is a freshly renovated module for Rails 3, as it merged the validates_presence like methods into a single method validate that lets you keep all your validations for a model with a single call. Also you can easily reuse custom validators through out your models.
But this forked a few more modules, one per kind of validation. All these validations and your potential custom validators will probably be descendent of the Validator class that has the following method:
# Override this method in subclasses with validation logic, adding errors# to the records +errors+ array where necessary.def validate(record)raise NotImplementedErrorend
Some in-built implementation of this validator are acceptance, confirmation, exclusion etc. I learned something new here, the NotImplementedError exception.
So, what's the big learning here?
- I will use Modules to modularize my ruby code. This perfectly makes sense and also this is how one can come up with plugins out of their code base. Having the small bits in a module also facilitates reusability inside a project.
- The source of ActiveModel is very simple and completely ignorant of its underlying database. This is the big change of liberating Rails from ActiveRecord, which I think is not a matter for most rails developer anyway! But its a good lesson learned.
- Once I see some time, I would like to jump in to the development of Rails, at least make some initial contribution.
Stay tuned for more posts on Rails 3 source code.
Thursday, February 25, 2010
Why would you spend $10 to learn to use Basecamp?
This is sounding very strange to me indeed! 37Signals is very much known for creating the simplest of interfaces and I really found people finding it very intuitive. But this is strange... now they are asking people to buy a book for $10 to learn how to use Basecamp! Can you believe it? See the sales post (!) here at "Sams Teach Yourself Basecamp in 10 Minutes" is a comprehensive guide to Basecamp
Labels:
other
Tuesday, February 23, 2010
Ruby on Rails Interview Questions: Advanced
In my previous post, I listed a few general interview questions for Ruby on Rails jobs. This one is intended to be more of an advanced level, not for the rookies :-)
- What is Rack?
- Sketch out a deployment architecture of a Ruby on Rails application utilizing multiple servers.
- How can you secure a rails application to counter for Session Fixation?
- Where can I get the core rails framework source code?
- How can you reuse the models from one rails project into another?
- Explain one plugin that you extracted out of your source code.
- What is the difference between pre-initializers and initializers?
- How can you easily switch your logger to use Log4r?
- How would you design the logging standard for your rails application?
- How can you implement asynchronous messaging in Rails?
- What will you do to look for a possible memory leak in Rails application?
- How can you run a profiler?
- What is lambda?
- What is Proc? When did you use this?
- How can you use before and after callbacks of your rails methods to halt a database insert/update/delete?
- How can you reuse your before and after callback methods across multiple models?
- Define an architecture to store files uploaded to an application so that they are only accessible to valid users.
- How would you change your asset storage to use a static server?
- Explain one situation when you used rails caching.
- What kinds of caching comes in-built with Rails?
- Can you explain the use of 'dynamic' features of Ruby on the core Rails framework?
- How can you call a SOAP web service from a rails application?
- Your application needs to send a lot of email notifications. How would you design the notification so that the end user doesn't get stuck for email sending delays?
- What is a mongrel cluster?
- Can you explain if the clusters share a same memory? Can one cluster handle a request from a client that was handled by another?
- How would you internationalize your application interface?
- How can you create a rails generator?
- Have you ever used a polymorphic association?
- How can you define a plugin that adds a new class method to ActiveRecord::Base?
- What are the three most significant changes in Rails 3 in your eyes?
- How can you implement complex reporting using ruby on rails?
I am sure this list will go on and on. But I have found most people asking questions about scalability, deployment issues, security and such architectural level questions to extract out the in-depth understanding of such core concepts. Where to learn more on such advanced stuffs? Ruby on Rails Guides and Stack Overflow are my favorite places. However, its good to keep an eye on the edge rails to see what's happening today!
Monday, February 22, 2010
Ruby on Rails Interview Questions
Ruby Specific Questions
The best place for learning ruby is to get started with the programming-ruby. It fairly covers the important bits in a very readable language. Here are a few quick questions on ruby:
Rails Specific Questions
A thorough reading of the articles at Ruby on Rails Guides can be very useful for starters as well as a refresher for veterans. The following bunch of questions are specific to rails, in no particular order. The Pragmatic Bookshelf has a fantastic book for beginners called Agile Web Development Using Ruby on Rails.
Test Frameworks
Ruby on Rails has a number of built-in and a few other third-party test frameworks. Here are a few sample questions on such frameworks:
Plugins
Plugins are the principal mechanism to reuse code. The open-source community is at full-bloom when it comes about plugins. The Rails Plugins site has a really good list of such plugins from the community.
Architecture Related Questions
This questions can be from different angles like: quality, security, scalability, manageability, interoperability, reusability and all the other ilities you name! Here are a few example questions:
Community Related Questions
I see a fairly large community on Github, Stack Overflow, RailsCasts, The Riding Rails Blog and many more. Some interviewers may want to see if you are connected to the community. The following questions may help you prepare :-)
The best place for learning ruby is to get started with the programming-ruby. It fairly covers the important bits in a very readable language. Here are a few quick questions on ruby:
- What is rubygems?
- What is a Symbol?
- What is the difference between a Symbol and String?
- What is the purpose of yield?
- How do you define class variables?
- How do you define instance variables?
- How do you define global variables?
- How can you dynamically define a method body?
- What is a Range?
- How can you implement method overloading?
- What is the difference between '&&' and 'and' operators?
- What is the convention for using '!' at the end of a method name?
- What is a module?
- What is mixin?
- How will you implement a singleton pattern?
- How will you implement a observer pattern?
- How can you define a constant?
- How can you define a custom Exception?
- How can you fire a method when a module is included inside a class?
- What is the default access modifier (public/protected/private) for a method?
- How can you call the base class method from inside of its overriden method?
Rails Specific Questions
A thorough reading of the articles at Ruby on Rails Guides can be very useful for starters as well as a refresher for veterans. The following bunch of questions are specific to rails, in no particular order. The Pragmatic Bookshelf has a fantastic book for beginners called Agile Web Development Using Ruby on Rails.
- Define the Rails MVC implementation using an example.
- What is a named scope? (or Scope in Rails 3).
- Can you give an example of a class that should be inside the lib folder?
- Where should you put code that is supposed to run when your application launches?
- What deployment tool do you use?
- How can you migrate your database schema one level down?
- What is an observer?
- What is a sweeper?
- How can you implement caching in Rails?
- What is a filter? When it is called?
- How can you divide your controllers into separate modules?
- What is RESTful routing?
- How can you list all routes for an application?
- How can you send a multi-part email?
- Is it possible to embed partial views inside layouts? How?
- What is the purpose of RJS?
- How can you create a REST API for your application?
- How can you define a new environment called 'staging'?
- What is Rake?
- What is Capistrano?
- What is a polymorophic association?
- How can you implement a polymorphic association?
- What is a has and belongs to many association?
- What is the difference between has_one and belongs_to?
- How can you implement single table inheritance?
- What is eager loading?
- How can you eager load associated objects?
- How can you add a custom validation on your model?
- How can you implement a custom theme for your forms?
- Why is fields_for used for?
- What is the purpose of a helper method?
- What is flash?
- How can you install the missing gems that are required by your application in the simplest way?
- How can you implement internationalization?
- How can you show search user friendly urls instead of using only numeric ids?
- How can you configure your application for different environments?
- How can you instruct rails logger to ignore passwords and such fields while logging?
Test Frameworks
Ruby on Rails has a number of built-in and a few other third-party test frameworks. Here are a few sample questions on such frameworks:
- Are you familiar with unit testing?
- How does functional testing differ from unit testing?
- Have you ever used a mocking framework?
- Are you familiar with BDD using RSpec or Cucumber?
- What is an alternative to using test fixtures?
- How can you reuse part of a text fixture?
- How do you specify associations in the test fixture yml files?
Plugins
Plugins are the principal mechanism to reuse code. The open-source community is at full-bloom when it comes about plugins. The Rails Plugins site has a really good list of such plugins from the community.
- What plugin would you recommend for user authentication and authorization?
- What plugin do you use for full-text search?
- How can you implement a state machine?
- What is the difference between a plugin and a gem?
- How can you create a plugin?
- Can you please name a few useful plugins?
- How can you implement a search feature that searches for multiple models?
- How can you upload a flie to a server?
Architecture Related Questions
This questions can be from different angles like: quality, security, scalability, manageability, interoperability, reusability and all the other ilities you name! Here are a few example questions:
- Is Rails scalable?
- What are the key deployment challenges?
- How can you safeguard a rails application from SQL injection attack?
- How can you secure a rails application?
- How can rails engage with a SOA platform?
Community Related Questions
I see a fairly large community on Github, Stack Overflow, RailsCasts, The Riding Rails Blog and many more. Some interviewers may want to see if you are connected to the community. The following questions may help you prepare :-)
- Can you tell me a few good community resources for Rails?
- Where would you reach out to get the community to answer your questions?
- What's new in Rails 3.0?
- Which famous applications are built using ruby on rails?
I plan to polish this document on a later revision. But in the meanwhile, if you feel like contributing, you can start commenting with the answers, more questions or suggestions. I believe this will not only help people getting ready for their next Rails job, but also for everyone to see what knowledge we are missing...
Disclaimer: This is not a shortcut, rather its kind of a check list that may help you with an interview.
Disclaimer: This is not a shortcut, rather its kind of a check list that may help you with an interview.
Subscribe to:
Posts (Atom)