Re: (newbie) Why doesn't this line work?
Every time I work on my app. I feel like I learn something new about every 30 minutes...
this time it was that the :confirm parameter on :link_to (which pops up a confirmation box when you click a link), is an HTML option and thus needs syntax like
<%= link_to "delete", {:action => delete, :id => @item.id}, {:confirm => 'Are you sure?'} %>
Riding Rails: Associations aren't :dependent => true anymore
Some useful info. about how :dependent works in rails 1.1+ . Handy if you've got items that are dependent on one another and want to get rid of the child objects when you delete the parent.
the other part of this post is a continuation of something I touched on before. Ruby on Rails is great but it really moves too fast for print books. This is a good example.
In my copy of Ruby on Rails: Up and running, the bit on cascading relationships says that you specify :dependent => :true , however that doesn't work (as I found out when I tried it), cue 10 minutes of searching around for the answer which led to the post above.
Now this is probably the most recent book published about RoR and I only got my copy about 3 weeks ago, but I've found more than a couple of areas which don't match up with my rails deployment and I'm not even using Edge rails!
Google Cheat Sheets (Version 1.05)
Interesting. Has all the syntax for google searches on it.
Validating Email Addresses, URLs and IP Formats with Regex in Ruby on Rails
Some handy validator recipes which help you setup "validates_format_of" settings on your models.
IEs 4 Linux - Internet Explorers for Linux
Now this is mega-cool. an Easy script to download and install IE on a Linux box...
This definately removes one of my few remaining reasons to ever boot into a windows VM.
Google Cross-site Request Forgery
Cross Site Request Forgery is one of those vulnerability classes that can be a bit tricky to explain, so it's always nice to find a decent live example. This one's pretty harmless, just changes your google languange preferences, but I reckon that we'll see a real growth in this kind of problem over the next couple of years as "the bad guys"(tm) keep looking for innovative new ways to attack web apps.
In_place_edit_for with validation and sanitization
I've started having a look at my little rails app. I'm writing with a security persons hat on and one of the problems I've run into is that you can't by default use the h() function with an in place edit control. So this link has a solution for that...
One quirk seemed to be when I put in the XSS code </span><script>alert("xss")</script><span> using in_place_edit it escapes it ok, but then each time I click into the field and then click ok it re-escapces the contents, giving an ever expanding field...
still main thing is it gets rid of the xss problem (well from a security point of view anyway)
How to paginate, sort and search a table with Ajax and Rails · dev.nozav.org
This one looks to have some good information on observe_field which is v. handy if you're looking to do any Ajax style fields on a page...
Banking Trojan Captures User's Screen in Video Clip
A good write-up and video of malware designed to capture information from users using virtual keyboards.
It's just another indication that banks and other E-Commerce sites will need to come up with something more robust if they really want to make phishing impractical for attackers...
Personally I'd be interested to try a combination of RSA SecureID and Intrusion detection/prevention.
It works like this. the SecureID forces an attacker to do an in-line attack 'cause they've only got a less than 60 second window to use the credentials successfully, and this should increase the visibility of the traffic patterns. For example if you've got 10 users who've always come from different UK based IP addresses in the past, and suddenly they're all coming from the same non-UK based ip address, then that could be a good time to block the session.
It would be difficult to tune, but I think once you'd baselined users it would be possible to build up a reasonable enough pattern to allow for some form of anomoly detection.
sorttable: Make all your tables sortable
This looks like an interesting enhancement for rails. Unfortunately it doesn't seem to play too friendly with my AJAX updated table. It works when I first load the page, but then if I refresh the div with the table in it the sortability vanishes...
Decent explicable presentation on the REST architecture for web application development. From what I've seen so far, the URI style fits in well with the way Rails apps work by default, which is nice..
RadRails: A free and open source Ruby on Rails IDE
Looks like a new version of my rails IDE of choice is out.
I'm not usually a great fan of IDE's for development, but I must admit that I'm liking working in radrails quite a lot.
There's several fetures which I like, the subversion integration is cool (I only discovered this by mistake, but still...) and having the generators in the IDE is also very handy. Another small, but useful feature is the server support where it'll recognise that you've got multiple apps in your workspace and start them on separate ports...
SIFT - Information Security Services
This tool takes an interesting approach to helping with web services security reviews. It looks for methods which may serve up sensitive information but which are not published into the WSDL...
Security Compass - Application Security Canada
One to try out when I get a chance. This tool looks to assist in code analysis of web applications...
Ok, I've been wandering round the world of rails for a while now... here's some of the more interesting stuff I've found.
Well there's the obvious one... http://www.rubyonrails.com/ :o) There's some cool screencasts there which try to capture some of the reasons that rails is an interesting place to develp.
Also it's not a bad idea to look in on the blog of the guy who started it all David Heinmeier Hannson to get a sense of some of the ideas that he's looking to include in rails...
And if you're looking for reasons to spend some time on rails there's an interesing entry here about Sitepoints survey recently that 25% of SitePoints developers that aren't currently using Ruby expect to be in the next 12 months....
Ok, so you've decided to give it a shot... how to start... well there's some good tutorials on rails around, though unfortunately they get out of date pretty quickly due to the pace of change in the rails world..
Some of the one's that I liked
Rolling with Rails Good tutorial in 3 parts by Curt Hibbs, who's authored a rails book for O'reilly recently
Really getting started with Rails is kind of a complement to rolling with rails, and there's some other cool stuff in the form of cheatsheets and the like on Amy's site
If you're looking for more tutorial material there's a cool list here and also another more recent one from the competition that the ruby inside site ran here
One of the things I've found about rails is that the only really decent way to keep up to date is to keep an eye on the blogs which cover the topic.. Fortunately, there's loads of them...
(no particular order to this, apart from the order I added them to my blogroll) ;op
Ruby inside
Ryan's scraps
Riding Rails - the official Rails blog
Cardboard Rocket
The unofficial Ruby on Rails blog
I.NFECTIO.US
And there's more... but a good way to find 'em is just follow links in the one's above :O)
What's considered the semial book on rails development is Agile Web Development with Rails from pragmatic programmers. I actually wasn't too fond of the style, as there wasnt' much in the way of excercise material in the tutorial, which I find helps re-inforce concepts with me... That said it's still a gold mine of info. on rails. One key point is that I wouldn't buy the 1st edition as the 2nd is under active development and you can get the PDF from the pragmatic programmers site.
Another book which is handy if you've not got a strong ruby background before starting with rails is Ruby for Rails which goes through a lot of the basics of ruby coding with an eye on rails...
One thing is that there are... a lot... of upcoming books for rails as it's pretty hot at the moment and there's a relative dearth of content... There's a good posting here Which covers some of the upcoming books
Subject say it all really. I much prefer forum based interfaces to these things rather than looking at the usual web-based mailing list interfaces...
