Early morning treadmill and sun lamp keep me mildly sane.

• Sparrow for iPhone - If I actually had an iPhone this would be the mail client for me.
• Nodester - "an open source Node.JS Platform-as-a-Service written in Node.JS with a RESTful API designed to run in any cloud without a VPS".
• Remove --http - A mystery in the Rails master.
• Y U NO GEMSPEC!? - The Nokogiri team explains why they make it hard to build a gem directly from their GitHub repository.
Ruby on Rails for Developers - A full course on GitHub, courtesy of General Assembly.
• Draper - A decorator pattern implementation for Rails.

Morning has broken. Someone needs to put it back together.

• Firefox 11 is now available - Must mean it's about time for me to update to Firefox 14. Here's info on new features. And here's a look at where Firefox is going in 2012.
• Remove Active Resource source files from the repository - The red-headed stepchild has been booted from Rails. "+13 additions -7,147 deletions"
• Capital - A little extra syntactic sugar for Active Record attributes.
• Piro - Chrome extension for Pivotal Tracker.
• 7 Resources Every JavaScript Developer Should Know - Pointers from Rob Bazinet.
• rails_admin - This Rails 3 admin UI engine now supports mongoid.
• Ruby 2.0 Enumerable::Lazy - A tiny shift to a more efficient chaining for the next major version.

If this isn't spring it's sure close. A year without a winter is fine by me.

• one9 - Project to help move your Ruby 1.8.7 code to 1.9 by running your tests and then reporting on what needs to change.
• Short, explicit test setups - How to save a few keystrokes when using Factory Girl to manufacture things.
• ruby-mkfifo - Hooks up File.mkfifo to create FIFO files, i.e. named pipes.
• Manage and Monitor Resque with Upstart and Monit - Looks like the next logical step if God or pure Monit haven't done the job for you.
• Snail Drop - Service to print and (physically) mail documents from your computer or DropBox. I'd be more excited about this if I could remember the last time I printed and mailed a document.
• Load Balancing and Reverse Proxying with Nginx - I have some servers where this really ought to be in place.
• FXRuby - Ruby bindings to the FOX toolkit cross-platform GUI library, now coming back from a long period of dormancy.
• Faraday: One HTTP Client to Rule Them All - I hadn't realized that Faraday had an entire middleware stack built into it. Among other things that makes it useful for writing fake responses in tests.
• A few cURL Tips for Daily Use - Download resuming, faking AJAX requests, using requests from a file and more.
• Wirb - Syntax highlighting for irb. Based on Wirble but without the other tools.
• Measure Anything, Measure Everything - How to use StatsD to instrument your code.

Week of March 4-March 10, 2012

It was a fairly quiet week in Rails master.

• Another piece of mass assignment protection shows up in c97a1666, which prevents the association builder from assigning unexpected foreign keys.
• e4e13883 adds a :layout option for partials that render a collection. Take a look at 6e0a763d for example usage.
• On the Guides front we're getting an instrumentation guide: see 4bfc8b1e.

Habits come in many shapes and sizes.

• Polishing Rubies: A Guide to Ruby Open Source Development (Part I) - Michael Bleigh starts a new series with a look at rubygems.
• Getting the Most out of Bundler Groups - Smart use of groups can minimize loading time, among other things.
• CommentBlocker - If you view user-generated content as a vast wasteland of morons, this Chrome extension will help.
• Hacking on Firebug - The Firebug source lives on GitHub now. Here's how to get involved.
• IncubatorIncubator - Stop the madness.
• Saint - Admin backend generator for DataMapper models.

I'm pretty ready for things to slow down a bit.

• API Version for Rails Routes - Nice dive into some intricate routing from Ryan Bigg.
• rubydeps - Tool that uses GraphViz to display the dependencies in your project, which it finds by running your tests.
• Bakop - Streamlined offsite backups with a free account hosing 500MB.
• Lightrail - Minimalist cut of the Rails stack designed to serve JSON APIs.

Off for another day in the woods today.

• What is docrails - All about the project that provides much of the documentation baked into Rails.
• Luca.js - JavaScript patterns built on top of backbone and made to integrate with Bootstrap.
• Mass assignment vulnerability isn't just for Rails - You can shoot yourself in the foot with ASP.NET MVC too.
• Rails Best Practices - Auditing gem now with mass assignment checking.

Today: the work I should have done last week. I hope.

• New Basecamp Features - Some nice-looking stuff here, but really, "no learning curve for new users"? You have to be smoking some good weed to write something like that.
• Vagrant - New site for this development virtualization solution as 1.0 approaches.
• Barebone models to use with ActionPack in Rails 4.0 - A look at how to use one of the features that just landed on Rails master.

Someone has been feeding my inbox growth hormones. I wish they'd stop.

• iPad HTTP Debugging with Charles - Run iPad traffic through a desktop proxy. Useful.
• Crew - Code review tool for git projects based on a branching model.
• sudo_attributes - Methods for Active Record to allow you to override the attr_accessible settings that you should be making.
• Zonebie - Set a random timezone at the start of each test run to make sure you don't have timezone-specific code.
• Induction - Database client for OS X with built-in visualizations. Alpha release but worth keeping an eye on.
• versionist - Plugin for versioning Rails 3 RESTful APIs, with support for multiple versioning strategies.
• There is no simple solution for local storage - Discussion of some of the pros and cons of localStorage and other HTML5-ish browser storage methods.
• Open Sourcing BankersBox - But if you do want to use localStorage, here's a javascript library to make it look sort of like redis.
• Mass Assignment Security - How you can handle it in the controller in Rails 3.
• Scriptular - Regular expression tester for javascript.

Week of February 26-March 3, 2012

The big news this week is the switch to requiring whitelisting all Active Record attributes by default. (See Double Shot #831 for some of the nonsense that led up to this). The impact is simple: you need to add an attr_accessible declaration to all of your models before update_attributes will change anything about them. You should have been doing this anyhow.

• 641a4f62 turns on attribute whitelisting in Active Record by default. This is a change to Rails behavior.
• ActiveModel::Model shows up in 3b822e91 as a way to make Active Model objects work directly with Action Pack. Documentation is in cb9d03f0.
• 9b2c38b7 reduces the default connection pool size to 1 in new applications, trusting that people who need more for multithreaded applications will know what to do.
• A little sugar: d6366625 adds last_year, last_month and last_week as aliases for the corresponding prev methods.
• cd5dabab adds some optimization for path helpers. You won't have to change anything in your code, but all _path and _url helpers speed up by a factor of 5 or so.
• b8396578 features a bit of trolling due to a mass-assignment bug at GitHub. Removed a bit later in 2b74968f.
• efd557a6 adds a new Guide for API-only applications. Note that some of the code in it hasn't been implemented yet - something I'm not personally too keen about having in a Guide.

Long weekend out with the Boy Scouts helping people clean up after tornadoes. Puts a lot of this software nonsense in perspective.

• wow how come I commit in master? O_o - Big kerfluffle over the weekend when this commit appeared in Rails master. The bottom line is that GitHub missed properly using Rails' tools to prevent mass-assignment bugs. Some of the fallout:
  • How-To - The hacker involved explains what he did.
  • Public Key Security Vulnerability and Mitigation - GitHub's explanation and response.
  • Ruby on Rails Security Guide - Rails has publicized how to prevent this sort of thing basically forever.
  • Responsible Disclosure - Where and how to responsibly report GitHug security issues.
  • Ruby on Rails Security Policy - Where and how to responsibly report Rails security bugs. Not that I think this was a bug in Rails, but that's how some people are spinning it.
  • Default to whitelist more for mass assignments - Rails did change to a safer default for 3.2+. Months ago.
  • Whitelist just the params you allow - Code snippet from DHH.
  • Or block it entirely - Initializer solution from John Barnette
  .
• CapybaraEmail - Test support for Action Mailer via Capybara.
• ActiveWarehouse - This ETL project for Ruby has reached version 1.0.0rc1.
• GitHub for Mac 1.2: Snow Octocat - A speed and stability release with a few new features.
• Square Register - Slick-looking iPad cash register app that works with Square's card readers.
• HTML5 & Friends - MDN's page on the subject is a good starting point if you want to see what's up with all these new web technologies.
• SourceTree - Free Git/Mercurial/Subversion client for OS X from Atlassian.
• Call yourself a 'brogrammer'? Then get the hell away from me. - John Graham-Cumming casts well-deserved scorn at the latest chauvinist stupidity in our community.

Storms today, cleanup tomorrow.

• Compromised Linode & coins stolen from slush, faucet and others - The BitCoin community is saying Linode has been compromised and people's accounts broken into. Haven't seen this confirmed elsewhere.
• List of languages that compile to JS - A growing menagerie.
• Rails 3.2.2 has been released, Rails 3.1.4 has been released, and Rails 3.0.12 has been released - All with a couple of reasonably important security fixes.
• Job Posting - Retail Benefits - One of the projects I've been heading up has grown to the point where it needs a full-time dev lead.
• Premailer - Turn HTML page into HTML email.

Someone apparently decided that today was my day to exercise the telephone.

• TConsole 1.1 - Dedicated testing console for MiniTest and Rails. Lets you easily pick and choose what tests to run, and manage Rails reloading.
• Rails Lightweight Stack - How to run a tiny version of Rails 3.
• Rails Development on Windows. Seriously. - Yes, it can be done. Advice from Engine Yard's Evan Machnic.
• Ruby-1.9.3 debugger install script - In case you're having fits installing ruby-debug19 under Ruby 1.9.3.
• The Joke Is On Us: How Ruby 1.9 Supports the Goto Statement - Easter eggs in the Ruby source code.
• Gaia, Mozilla's user interface for Boot to Gecko - all web technologies - More info on Mozilla's strategy for mobile devices.
• New Course: Rails Testing for Zombie - A follow on to the popular Rails for Zombies 2 course.
Xcode just doesn't work worth shit - Bug report that is destined to go viral.

So…I have in fact been sticking to my "do something for open source every day" resolution. What I haven't managed to do is keep up these blog entries about it! Well, time for a reset. Here's a fast list of what I've done the past few weeks, and perhaps I can get back to more regular posting next week.

• More cleanup work on the RubyGems Guides.
• Got my Shoehorn gem for Shoeboxed integration building on my continuous integration server.
• Contributed a tiny bit of code and some troubleshooting to axlsx.
• Fixed a typo in the authlogic documentation.
• Kept up with the weekly edge Rails postings (and I'm pursuing another opportunity in connection with this; stay tuned).
• Decided I was barking up the wrong tree entirely with larkistrano, and killed off the project. Going to rethink this and maybe try again.
• Documented the :inverse_of option for associations for the Rails Guides.
• Did an editing pass over the Updating Rails guide.
• Posted details on using Mercury editor, Carrierwave, and Amazon S3 together.
• Fixed a path issue in sublime_guard.
• Forked the feed-normalizer gem to make it a bit more resilient in the face of unparseable HTML.
• Fixed a parsing issue in the Command Reference in RubyGems Guides.

If you're trying to figure out how to contribute to open source yourself, you could always start with a search on GitHub. Or try OpenHatch.

Double Shot was delayed by tornado this morning. A reminder that some things are more important than coding (fortunately, it missed us by a few miles).

• How to Disable iPad Home Button - Yes, you can run an iPad in Kiosk mode.
• xVim - Vim key-bindings for things like xCode. I can't fathom it myself, but I know there are people who want this.
• ImageOptim - Multifaceted image optimizer to get your web images as small as possible.
• The Mozilla Marketplace is now open for app submissions - Nice to see a vendor-neutral standards-based app store coming. Hope it succeeds.
• gaia - Mozilla's open source HTML5 UI framework.
• Boot to Gecko - More from Mozilla, implementing new web standards for mobile platforms.
• Collusion - Firefox addin to show you who's tracking you on the web.
• Normalize.css - An HTML5 alternative to traditional reset CSS files. Looks well thought out.

The promise of the future is often weighed down by the mistakes of the past.

• Konacha - Rails-aware javascript testing framework that integrates with the asset pipeline.
• OKAdmin - A custom theme for the RailsAdmin gem.
• Mutation Testing With Mutant - I just wish I had any code mature enough to benefit from mutation testing. It's a nifty idea.
• codeCanvas - "a visual, web based application that allows you to rapidly create layouts using pre-defined blocks of HTML, Javascript and CSS."
• pow-client - Command-line client for the Pow development web server.
• OpenRuby.com - New link aggregator for ruby programming in general.
• TextMate 2 FAQ - TM2 is moving along, with some answers on how it works and what's still to come.
• Tower.js - Full stack framework putting together Node.js, MongoDB, Redis, CoffeeScript, Stylus, Jasmine, and jQuery.

Week of February 19-February 25, 2012

The biggest news this week comes on the REST front, with PATCH replacing PUT as the preferred verb for updating existing records. This has provoked some flaming and snarking (in which I have indulged), but on the whole I think it's a reasonable change.

• ad46884a adds support for the HTTP OPTIONS method to Rails integration tests.
• 002713c6 adds support for the PATCH HTTP verb as well. According to the commit message "PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement."
• As of abf3f67e you can configure whether Rails flushes the log every time your write to it. Turning off log autoflushing can improve performance if you're willing to risk the loss of a few log writes.
• force_ssl is no longer ignored by default in development. This is a change in behavior; c04a0847 has the details.
• eecb086a2 gives us the start of a Guide for updating Rails.

This week's keyword: survive.

• The Sun is Setting on Rails-style MVC Frameworks - Oh noes, my skills are about to be obsolete again.
• smeagol - Sets up a basic open source development environment on a new OS X machine.
• Chaplin - Sample application architecture using Backbone.js and a bunch of other pieces.
• q - Unified monitoring for resque, sidekiq, and node workers.
• SchnitzelPress - A new ruby-based blogging engine.
• Edge Rails: PATCH is the new primary HTTP method for updates - Well, POST with a parameter that claims it really wanted to be PATCH, anyhow.
• Restivus - Experiment in exposing a CSV file as a fully-documented REST API.
• GAS - Google Analytics on Steroids, a wrapper for the Google Analytics API on the client side offering additional tracking.
• The Markdown Mindset - I'm coming around to this point of view myself, though it's hard to wean clients from Word docs.
• Prismatic - Google Reader crossed with social sharing, apparently.
• EpicEditor - Embeddable JavaScript Markdown editor.
• Behavior Driven Development - Nice set of slides from Liz Keogh that may give you some new insights into your craft.
• Capybara MiniTest Spec - Adds assert, must, refute, and wont syntaxes to Capybara.
• FlowStone 2 - Graphical programming environment for robotics with Ruby scripting baked in.
• Vimbits - Snippets of .vimrc files with voting to determine the best ones.
• RailsThemes.com - Teaser site for an offering of theming for Rails sites. Taking early access signups.
• AskGeo - Interactive map, web API, and Java library for converting latitude and longitude into timezone.
• JSONLint - "The JSON validator."

Sometimes, it's all you can do to stay a fixed amount behind.

• Rails Went Off The Rails: Why I'm Rebuilding Archaeopteryx In CoffeeScript - A classic Giles rant. Skip to the last paragraph for the summary "The Merb integration rewrite was a giant, time-wasting threadjack with only a few small payoffs, and DHH, who wrote two whole books about why you should turn down feature requests, should have nixed the whole thing."
• Selene - jQuery UI Theme that integrates well with Twitter's Bootstrap.
• jQuery UI 1.8.18 - Maintenance release.
• Dalli - High-performance ruby memcached client.
• SimpleForm 2.0 + Bootstrap: for you with love - Seems that everything is integrating with Bootstrap these days, including this Rails form builder.
• markdown-rails: Markdown for your views and partials - A way to make it easier to edit big chunks of HTML text in views.
• Skim - Client-side templating using CoffeeScript and Slim.
• Tyler - Tiling window manager for OS X.
• Riak Control - New GUI management tool for Riak, straight from Basho.
• Tumult Hype - GUI tool for building HTML5 animated and interactive content.

Very tired of "are we there yet?" emails at the moment.

• WhySQL - Evernote explains that at their current scale they have no need for NoSQL - and good reasons for ACID.
• Rails Release Candidates - There's a new round of them out for the 3.0, 3.1, and 3.2 series.
• Gaug.es for Android - Yay, more love for those of us who haven't gotten sucked into iOS-land.
• Anonymizing user, company, and location data using Faker - Code snippets to neuter a copy of your production database for developers to use.
• Firefox User Agent Switcher List - Big list of UA strings for use with the User Agent Switcher extension.
• Gitlab Version 2.2 - Updates to this self-hosted alternative to GitHub.
• StyleBootstrap.info - Create your own styling on top of Bootstrap with a point-and-click interface.
• Bootswatch - Color themes for Bootstrap.
• Cogs Bad - An argument that you can't really write good code by sticking together pre-made components.