Raesene's Ramblings

Well no sooner than I blog about the problems falgged up by Kevin Clark's post on changes to the recommended styles for rails code, but someone comes up with an idea for Finding Old Rails Code
Although it could be controversial if some of the findings are more of preferred style than deprecated features it's still one way of dealing with the issue.
Also helps me out 'cause I was going to go through the 2 little rails sites I've written to help me get up to speed with rails and looks for deprecated items.
One thing all this has helped me with is that I did find it confusing that different tutorials had slightly different ways of doing the same thing.
In particular the problem of where to use :symbols and where to use single or double quoted text...
still reckon this kind of rapid change is likely to put off some newbies if they, like me, start with tutorials and see many differing styles being used.
Actually one thing that occurs is this kind of issue will be interesting for the burgeoning rails book market, in that it's real difficult for a paper book to keep up with rapid change in the material it's covering....

Is that things change all the time, and keeping track of what's changed can be tricky. There's a list of Things You Shouldn't Be Doing In Rails over at the Gluttonous blog, and from that in the comments I found another link on using params and not @params.
This is all good stuff, but if people coming to the framework are relying on published books and tutorials, it's giong to be real difficult for them to keep up to date, if these corrections only exist in various blogs...
The best answer from the P.O.V. of the newbies is that the people who wrote the tutorials, go back and clean them up with the new conventions. That said, unless those guys are really altruistic, I can't see it happening.... it's one thing to write some cool tutorials for a new framework, it's quite another to have to go back and maintain them ...
Hmm perhaps the best answer is a listing of the conventions that've changed somewhere reasonably official and make sure it's clearly linked, I know I would've found it more readily than I found these items...

O2 closes call records site after security flap | The Register
whenever I read this kind of story it makes me reckon that the victims probably hadn't had a recent Pen. test done, and the kind of URL manipulation described would likely have been picked up by most testers.
However kudos to O2 for admitting the flaw and moving to fix it, instead of taking the line that some organisations seem to take which is to attack the person that found the flaw....

TaoSecurity: Why 0wn When You Can XSS
I've come across a lot of postings where people doubt the impact of XSS, this post is a good exmaple of why it can be pretty serious. Replacing content on trusted news sites is an interesting attack which could be leveraged in a number of ways (pump-dump stock scams anyone)

End to the madness, or “How to install the ruby mysql adaptor on CentOS”
Here's one solution to a problem I'm having at the moment where I'm trying to install the ruby mysql plugin on a CentOS machine.
another note is that in order to get rails working you need to get the ruby 1.8.4 packages from the c4-testing repository here
[update] Actually ended up using this solution http://mopyblue.blogspot.com/2006/04/ruby-on-rail-fc4.html which works for me...

in_place_editor_field and blank values
One of the problems I'm having with my to do list application is when using the cool AJAX'y in_place_editor field I cant' update an empty field...
Anyway the link above looks like a solution to try.
[Update] Yep that works... initially I didn't seem to be able to get it working but I think that was PEBKAC (need to remember to restart the server to reload the config!)

Rubycon : Weblog
One of the more useful features of rails is migrations, which remove the requirement to write database specific SQL statement and therefore make moving platforms easy...
anyway the docs are pretty sparse as to what can actually be put in a migration as options, and this post seems to fill in some of the missing blanks...
[update] also there's an article at IBM developerworks which does a reasonable job of introducing the topic.

One of the cool things about rails is the Scriptalicious javascript library which you get as part of rails. I've just been trying to add in place editing to some of the fields in my app and I encountered a problem with way it's implemented in conjunction with the way I was decribing the view.
Anyway a much better description of the exact problem I was having and a solution (which is in the comments to the post) is at the Rabiit Creative Blog

Well I've been meaning to post some of this stuff for a while. I've been doing some Ruby On Rails (RoR) development for a while now, more to teach myself than to create any spectacular applications.
Anyway as you do I've run across a variety of intersesting sources of information about rails as I built my first application (a security checklist management system), so I'll post some of them here...
The main site is at www.rubyonrails.com and is a decent place to start.
For tutorials there's a list here Top 12 Rails Tutorials of which I'd have to say that the rolling on rails one I liked (although it's a bit out of date now). Also if you look at that one I'd be inclined to follow-up with Amy Hoy's ones which can be found here
In terms of forums and the like I've actually not found any that I like a lot yet. There's mailing lists off the main site, but I'm not a great fan of mailing lists for picking up things as I find the web interfaces not that great, usually.
There's some books that are a good bet, the seminal one is Agile Web Development with Rails however I wouldn't buy the current print version as V2 is under development. what you can do is get the PDF of the current cut of V2 from there and then you get the PDF of the final one when it's done...
There's an Oreilly book by the guy who did the Rolling on Rails tutorial I mentioned above, which is out on safari now and will be in print R.S.N . I've not read much of it yet, so I'm not too sure how it'll be...
Anyway that's enough of an intro, I just need to remember to keep posting as I find new stuff...

SiteKey-20060718.pdf (application/pdf Object)
An article detailing some problems with the SiteKey implementation at BofA. I must say I'm not surprised by the one about real-time MITM bypassing the problem, but I'm a little surprised about one of the security processes for login being waived once the user clicks a button on a given PC and moreso that there's no easy way to remove the bypass from a given PC....
Secondary security questions (well one's that aren't likely to be public knowledge anyway) are a decent add-on to an authentication procedure, but I wouldn't have thought that they were so onerous, that you couldn't just ask them every time...