Security Compass - Application Security Canada
One to try out when I get a chance. This tool looks to assist in code analysis of web applications...
Ok, I've been wandering round the world of rails for a while now... here's some of the more interesting stuff I've found.
Well there's the obvious one... http://www.rubyonrails.com/ :o) There's some cool screencasts there which try to capture some of the reasons that rails is an interesting place to develp.
Also it's not a bad idea to look in on the blog of the guy who started it all David Heinmeier Hannson to get a sense of some of the ideas that he's looking to include in rails...
And if you're looking for reasons to spend some time on rails there's an interesing entry here about Sitepoints survey recently that 25% of SitePoints developers that aren't currently using Ruby expect to be in the next 12 months....
Ok, so you've decided to give it a shot... how to start... well there's some good tutorials on rails around, though unfortunately they get out of date pretty quickly due to the pace of change in the rails world..
Some of the one's that I liked
Rolling with Rails Good tutorial in 3 parts by Curt Hibbs, who's authored a rails book for O'reilly recently
Really getting started with Rails is kind of a complement to rolling with rails, and there's some other cool stuff in the form of cheatsheets and the like on Amy's site
If you're looking for more tutorial material there's a cool list here and also another more recent one from the competition that the ruby inside site ran here
One of the things I've found about rails is that the only really decent way to keep up to date is to keep an eye on the blogs which cover the topic.. Fortunately, there's loads of them...
(no particular order to this, apart from the order I added them to my blogroll) ;op
Ruby inside
Ryan's scraps
Riding Rails - the official Rails blog
Cardboard Rocket
The unofficial Ruby on Rails blog
I.NFECTIO.US
And there's more... but a good way to find 'em is just follow links in the one's above :O)
What's considered the semial book on rails development is Agile Web Development with Rails from pragmatic programmers. I actually wasn't too fond of the style, as there wasnt' much in the way of excercise material in the tutorial, which I find helps re-inforce concepts with me... That said it's still a gold mine of info. on rails. One key point is that I wouldn't buy the 1st edition as the 2nd is under active development and you can get the PDF from the pragmatic programmers site.
Another book which is handy if you've not got a strong ruby background before starting with rails is Ruby for Rails which goes through a lot of the basics of ruby coding with an eye on rails...
One thing is that there are... a lot... of upcoming books for rails as it's pretty hot at the moment and there's a relative dearth of content... There's a good posting here Which covers some of the upcoming books
Nabble - Ruby on Rails forum
Subject say it all really. I much prefer forum based interfaces to these things rather than looking at the usual web-based mailing list interfaces...
Well no sooner than I blog about the problems falgged up by Kevin Clark's post on changes to the recommended styles for rails code, but someone comes up with an idea for Finding Old Rails Code
Although it could be controversial if some of the findings are more of preferred style than deprecated features it's still one way of dealing with the issue.
Also helps me out 'cause I was going to go through the 2 little rails sites I've written to help me get up to speed with rails and looks for deprecated items.
One thing all this has helped me with is that I did find it confusing that different tutorials had slightly different ways of doing the same thing.
In particular the problem of where to use :symbols and where to use single or double quoted text...
still reckon this kind of rapid change is likely to put off some newbies if they, like me, start with tutorials and see many differing styles being used.
Actually one thing that occurs is this kind of issue will be interesting for the burgeoning rails book market, in that it's real difficult for a paper book to keep up with rapid change in the material it's covering....
Is that things change all the time, and keeping track of what's changed can be tricky. There's a list of Things You Shouldn't Be Doing In Rails over at the Gluttonous blog, and from that in the comments I found another link on using params and not @params.
This is all good stuff, but if people coming to the framework are relying on published books and tutorials, it's giong to be real difficult for them to keep up to date, if these corrections only exist in various blogs...
The best answer from the P.O.V. of the newbies is that the people who wrote the tutorials, go back and clean them up with the new conventions. That said, unless those guys are really altruistic, I can't see it happening.... it's one thing to write some cool tutorials for a new framework, it's quite another to have to go back and maintain them ...
Hmm perhaps the best answer is a listing of the conventions that've changed somewhere reasonably official and make sure it's clearly linked, I know I would've found it more readily than I found these items...
O2 closes call records site after security flap | The Register
whenever I read this kind of story it makes me reckon that the victims probably hadn't had a recent Pen. test done, and the kind of URL manipulation described would likely have been picked up by most testers.
However kudos to O2 for admitting the flaw and moving to fix it, instead of taking the line that some organisations seem to take which is to attack the person that found the flaw....
TaoSecurity: Why 0wn When You Can XSS
I've come across a lot of postings where people doubt the impact of XSS, this post is a good exmaple of why it can be pretty serious. Replacing content on trusted news sites is an interesting attack which could be leveraged in a number of ways (pump-dump stock scams anyone)
End to the madness, or “How to install the ruby mysql adaptor on CentOS”
Here's one solution to a problem I'm having at the moment where I'm trying to install the ruby mysql plugin on a CentOS machine.
another note is that in order to get rails working you need to get the ruby 1.8.4 packages from the c4-testing repository here
[update] Actually ended up using this solution http://mopyblue.blogspot.com/2006/04/ruby-on-rail-fc4.html which works for me...
in_place_editor_field and blank values
One of the problems I'm having with my to do list application is when using the cool AJAX'y in_place_editor field I cant' update an empty field...
Anyway the link above looks like a solution to try.
[Update] Yep that works... initially I didn't seem to be able to get it working but I think that was PEBKAC (need to remember to restart the server to reload the config!)
Rubycon : Weblog
One of the more useful features of rails is migrations, which remove the requirement to write database specific SQL statement and therefore make moving platforms easy...
anyway the docs are pretty sparse as to what can actually be put in a migration as options, and this post seems to fill in some of the missing blanks...
[update] also there's an article at IBM developerworks which does a reasonable job of introducing the topic.
