2009-02-08- Today’s Ruby/Rails Reading
Things that go bump on the web - Web Application Security
A presentatin on web application security from Christian Heilmann, Yahoo’s technical evangelist. 123 slides.Attack techniques : XSS (cross site scripting),SQL Injection, CRSF (cross site request forgery), Clickjacking, Phishing, XBCR (Cross boundary currency request) . Solutions: Breed smart users, don’t trust browsers, don’t leave data lying around, update your software, use frameworks, server logs & statistics, keep up-to-date with security news, be curious.
February 2009: Tools on the edge
ENTP’s test path (from Test:Unit & Fixtures to Machinist, Context, Context on Crack & Matchy). Machinist is more work up front but produces clearer tests. Time zones handled in JavaScript - Use UTC in your database and custom strftime handlers and views. Communication via campfire and bots. Developed Propane, a campfire client, to get around browser crashing after all day on campfire. Dev tools: Macs,Textmate, Passenger prefpane (for OSX). Deployment Tools: Exceptional & Tender have supplanted Exception Emails.
Thin benchmarked. Results: Slightly slower than mod rails but faster than Mongrel Cluster/Nginx.
Redo - restart the current iteration. Handy for user input in console apps, tail recursion
Write-Through Cacheing is an Essential Part of a Healthy Scaling Strategy
One database doesn’t scale. Master-Slave Replication does scale (for reading but not writing). Masochism is the best rails plugin for this. Downsides: Replication lag can lead to inconsistencies. Deal with this by writing data to the cache then the database (write-through cacheing). Hard to code,hard to simulate - use selenium and test against two databases that are disconnected (infinite replication lag!). Other scaling strategies - Master-Master (sessions need to stick to one db?) - not ready for prime time on MySQL and has worse failures than Master-Slave. Sharding/Partitioning still needs to deal with replication lag issues. Message Queued data base writes is another option for where message order doesn’t matter.
How to make Google’s new imageless buttons. You know you want to.
A review of open-source message queuing servers. Apache ActiveMQ is instantly dismissed for losing messages. ZeroMQ and RabbitMQ support AMQP ( Advanced Messaging Queue Protocol) an open source messaging protocol. ZeroMQ doesn’t persist data through crashes but does have low latencies and flexible topologies). The rest of the (long) article focuses on RabbitMQ (written in Erlang) and has examples of a consumer in Python.
Building Ruby is as hard as ruby is easy and it is even harder on windows due to a lack of a default compiler, ruby dependencies, and windows installer packages. It’s hard to get people involved but some people did. Lots of complaints and few solutions. Now with 1.9 out people are abandoning 1.86.
This entry was posted on Sunday, February 8th, 2009 at 12:12 pm and is filed under Ruby on Rails. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
