Nygma - Signing and encrypting data with tools built-in to Rails 4

Published by Michael de Silva on Saturday, 29 November 2014


Screen%20shot%202014-11-29%20at%2013.57.27

Having stumbled on Signing and encrypting data with tools built-in to Rails I was quite pleased to see this approach use the same tools that Rails uses for encrypting the user session (cookie).

This lead me to building Nygma to allow encrypting tokens received from Stripe. Since this was built rather quickly, I haven't been able to document its API as I normally do, but I will be cleaning this up in due course.

For those curious engineers amongst us, Rails' encrypted cookie implementation looks like

    class EncryptedCookieJar #:nodoc:
      include ChainedCookieJars

      def initialize(parent_jar, key_generator, options = {})
        if ActiveSupport::LegacyKeyGenerator === key_generator
          raise "You didn't set config.secret_key_base, which is required for this cookie jar. " +
             ...(continued)


Code & Tech

Mixing in Namespaced Classes in Ruby, a Template Method implementation

Today I was searching on a means for mixing in a namespaced class into another class and stumbled onto a gist of mine that I had saved back in October 2013.

Here's w ...(continued)

Graceful locale-based content fallback in RefineryCMS

This hack took me through the refinerycms-i18n gem, and I discovered that it does not aid in achieving graceful content fallback, amongst other issues.

It should b ...(continued)

'DevOps': Killing the Developer?


Screen%20shot%202014-08-07%20at%2000.39.03

Preamble

I started this week sorting out some widgets for a couple code bases that I am looking after at work. One's a legacy CMS app (Ruby 1.8.7/Rails 2.x) th ...(continued)

Ruby

Mixing in Namespaced Classes in Ruby, a Template Method implementation

Today I was searching on a means for mixing in a namespaced class into another class and stumbled onto a gist of mine that I had saved back in October 2013.

Here's w ...(continued)

TDD vs. Design

It's quite likely that you've read David's recent write up 'TDD is dead. Long live testing.'

The Ruby Class Diagram ~ Eigenclasses Demystified

Thanks to some inspiration from Andrea (@madebydna)'s article 'Ruby's Eigenclasses Demystified

DevOps

Simple Scalable Infrastructure with DigitalOcean, Terraform, and Docker


Img_20141102_025514

While my primary system is a Ma ...(continued)

'DevOps': Killing the Developer?


Screen%20shot%202014-08-07%20at%2000.39.03

Preamble

I started this week sorting out some widgets for a couple code bases that I am looking after at work. One's a legacy CMS app (Ruby 1.8.7/Rails 2.x) th ...(continued)

Getting to Grips with Chef via Knife-solo, Berkshelf, and Vagrant ~ Part One

To get started, I've put together an example chef-repo (a.k.a 'kitchen') chef-server-with-vagrant, which was set ...(continued)


Mixing in Namespaced Classes in Ruby, a Template Method implementation

Published by Michael de Silva on Saturday, 22 November 2014


Today I was searching on a means for mixing in a namespaced class into another class and stumbled onto a gist of mine that I had saved back in October 2013.

Here's what I implemented today, and you'll find a link to the original Gist at the end of this post.

The essence of the approach is to simply call const_set on the base class, _klass, and in this example setting that constant to class of interest via Class.new(ClassOfInterest).

You would also see this being used in specs such as

MyFancyException = Class.new(StandardError)
raise MyFancyException

In this context, the receiver, self is in fact the class in which you call the above, so self.MyFancyException = Class.new(StandardError) would also be perfectly fine, although not strictly idiomatic Ruby, as most often the receiver is implicit.

module Snowden
  module Utility
    extend self

      class Response
        attr_reader :error_message

        def initia ...(continued)

Simple Scalable Infrastructure with DigitalOcean, Terraform, and Docker

Published by Michael de Silva on Monday, 03 November 2014


Img_20141102_025514

While my primary system is a Mac, I like to keep my development workflows as linux dependent as possible. Therefore, rather than relying on tools such as boot2docker, I setup a custom image of Ubuntu 14.04 with various tools installed along with Docker 1.3 using Packer

My build template can be found on Github. My workflow from this point onwards is to simply start my customised version of Ubuntu via vagrant up and ssh vagrant@10.33.33.33.

Docker Build

Last weekend, I focused on creating a docker build for Rails, Nginx, and Unicorn with a MySQL data store. My aim at the time was to build a proof of concept, so I broke this down into several sessions ...(continued)

Graceful locale-based content fallback in RefineryCMS

Published by Michael de Silva on Monday, 13 October 2014


This hack took me through the refinerycms-i18n gem, and I discovered that it does not aid in achieving graceful content fallback, amongst other issues.

It should be noted this bit of work focused on Refinery v2.0.9 and may not be entirely applicable with the current release.

My solution involved adding the following decorator,

puts "Overriding Refinery::Page - #{__FILE__[/(vendor[\/\w\.]+)/]}"

Refinery::Page.class_eval do

  # The `Refinery::Page.find_by_path_or_id` call in
  # `Refinery::PagesController#find_page` calls `Refinery::Page.find_by_path` if
  # `params[:path].friendly_id?` is true.
  #
  #   # With slugs scoped to the parent page we need to find a page by its full path.
  #   # For example with about/example we would need to find 'about' and then its child
  #   # called 'example' otherwise it may clash with another page called /example.
  #   def self.find_by_path(path)
  #     split_path = path.to_s.split('/').reject(&:blan ...(continued)

Inside the Shellshock Vulnerability: The 25-year old Bash bug

Published by Michael de Silva on Saturday, 04 October 2014


You'll find posts such as "Everything You Need To Know About The Shellshock Bug" covering the basics of the bug and how to locally test it out on your, Mac or linux desktop. TL;DR — give this a spin

-> % env X="() { :;} ; echo vulnerable" /bin/sh -c "echo stuff"
vulnerable
stuff

Notice how my Mac is infact vulnerable to this. But how do attackers leverage this against web servers running say, Apache?

Cloudflare have a fantastic write up Inside Shellshock: How hackers are using it to exploit systems providing simple examples that anyone can try via curl.

For example, take this

curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/

Apache internally creates a variable HTTP_USER_AGENT=() { :; }; /bin/eject but this would only work if this variable is passed to bash. This article runs into various int ...(continued)

Better Productivity with Tmux, iTerm2 and Tmuxinator

Published by Michael de Silva on Saturday, 13 September 2014


http://www.railsonmaui.com/blog/2014/03/11/rocking-with-tmux-tmuxinator-and-iterm2-for-rails-development/
https://gist.github.com/MohamedAlaa/2961058
https://gist.github.com/andreyvit/2921703

On Holiday...!

Published by Michael de Silva on Thursday, 21 August 2014


I don't always go on holiday, but when I do

class Resource < Struct.new(:employee)
  define_method(:enable_vacation) { "Whoo! Employee '#{employee.handle}' is on holiday!!"}
end

Resource.new(
  Object.new.instance_eval { self.class.send(:define_method, :handle, ->{'@bsodmike'}) }
).enable_vacation

# => "Whoo! Employee '@bsodmike' is on holiday!!"

Blog: Upgrading to Ruby 2

Published by Michael de Silva on Saturday, 09 August 2014


Today I decided to upgrade this blog to Ruby 2+ and along the way noticed my VPS was running 1.9.2 and one of the dependencies needed at least 1.9.3.

So I set about removing RMV via rvm implode; then performing a system-wide re-install

curl -sSL https://get.rvm.io | sudo bash -s stable

This was followed by installing the new version of ruby and installing Passenger

gem install passenger
passenger-install-apache2-module

From this point, it was simply a matter of following the instructions for updating Apache's passenger.load and passenger.conf files with the path to the new ruby (installed in /usr/local/bin/rvm), and restarting the Apache service.

'DevOps': Killing the Developer?

Published by Michael de Silva on Wednesday, 06 August 2014


Screen%20shot%202014-08-07%20at%2000.39.03

Preamble

I started this week sorting out some widgets for a couple code bases that I am looking after at work. One's a legacy CMS app (Ruby 1.8.7/Rails 2.x) that's extremely mature and the other is a 'Refinery based CMS' that I put together myself.

"Wait, what?", I hear you ask. Refinery is a CMS. Well, mine's an effort to bake in features that most of our clients expect, and these 'engines' (extensions in Refinery parlance) are aspects I've added. Of course, I digress.

Yes, the start to my week was a whole lot of yak-shaving tedious work. I wasn't creating anything new. There was very little 'architectural' design on my part. The bulk of this widget related work ultimately boiled down to faffling with markup/CSS.

Looking to maintain my sanity, I found myself taking a look at a tool a colleague had pinged me about — Terraform.

At work, provisioning and deployment are, for the most part, ha ...(continued)

HOWTO: Image upload with Froala editor in Rails 4

Published by Michael de Silva on Wednesday, 06 August 2014


All the pertinent info on how Froala makes the AJAX image upload are detailed on the Froala site.

The first challenge is to get around Rails' CSRF protection, and you can do this by passing the authenticity_token via the Rails helper form_authenticity_token.

        $el.editable({
          inlineMode: false,
          buttons: ["bold", "italic", "underline", "createLink", "insertImage", "undo", "redo", "html"],
          plainPaste: true,
          imageUploadURL: '<%= refinery.admin_upload_image_path %>',
          imageUploadParams: {
            authenticity_token: '<%= form_authenticity_token %>',
            return_to: window.location.href,
            site: '<%= current_site.id %>'
          },
          imageErrorCallback: function (error) {
            console.log('ERROR: %O', error);

            var scroll_pos=(0);
            var message = error.message + ' (Code: ' + error.code  ...(continued)

TDD vs. Design

Published by Michael de Silva on Friday, 02 May 2014


It's quite likely that you've read David's recent write up 'TDD is dead. Long live testing.' (with its follow up, Test-induced design damage and Slow database test fallacy) and the ensuing debate on Twitter.

TDD is quite certainly not dead, and while those were words David chose at the time, I can understand why it's 'irked' as many in the community as it has. There are many, who've made TDD their 'mantra' to the point a large part of their business — such as training in TDD in a professional capacity not to mention followers of Pivotal labs.

David's main point was that following TDD, as it is mean't to be followed, leads to tests driving design. Going against this, would technically not be TDD — hence ...(continued)