I’m sorry there hasn’t been much action on here recently – it’s been a manic few weeks.

I’m writing a book on Writing Performant Ruby (catchier title pending), which will be coming out in the new year, and – if anyone happens to be around the Worcester, UK region then I’m presenting at @WooWebUK on Google’s Go language next month (September 20th) – look it up and come along!

There’ll be a couple of new blog posts out in the next couple of weeks, as well as a tutorial series on designing scalable apps – check back!

If you wouldn’t mind taking a couple of minutes to fill in this quick questionnaire about the direction that RefineryCMS PgSearch should take, it would help the community massively! This relates to the gem I released a couple of days ago.

I’ve just released an improved version of the Search gem for RefineryCMS by Resolve Digital. This version uses PostgreSQL’s inbuilt full-text search capabilities to offer performant search in a scalable manner on Postgres based sites. Check out http://jgwmaxwell.github.com/refinerycms-pgsearch for more information, or just add to your Gemfile, then run: And you are underway! Enjoy

EDIT – THIS POST WAS RETARDED, AND COMBINED TWO MUTUALLY EXCLUSIVE WAYS OF DEALING WITH THINGS. You only ever need one OR the other of these approaches – Strong Parameters does not work WITH attr_accessible – if you want to use it, you need to remove the mod below for attr_accessible by default, just like you set whitelist_attributes to false with ActiveRecord. This is a follow up to this post, which dealt with Mass Assignment Security in ActiveRecord. Mongoid doesn’t support setting to enable Mass Assignment Security, so we need a way around this. Essentially, all this switch does is add to your models, making you declare each field that you wish to be eligible for Mass Assignment. We can do this very simply with Mongoid by adding an Initializer. That’s all you need to do – remove the line altogether from your application.rb, and you are good to go.

Firstly, many apologies for not having had the time to update this much recently, I’ve been flat out working on the final stages of Cloudhaven, the hosted e-Commerce platform that I’ve been working on for a long time. I have to say I’m delighted with what we’ve managed to produce – there are many innovative features that will make a difference to real-world stores selling online. I will be offering a full write up soon on what it does, along with releasing 2-3 gems that we’ve built for community release in the process of building it, but don’t worry – this site isn’t going to become propaganda! However, we are starting to send out some invites to people registered on our beta-testing mailing list, if anyone would like to sign up to become a tester, you’ll get a fully featured store free for the duration of testing and some great Read more…

There has been a reasonable amount of focus on security recently, with a number of high profile websites succumbing to a variety of password hacks. I’m not going to discuss password security here, although please, please don’t be a mug and  store them in plain text or just as a simple hash, even with a salt. If you were planning on doing that, read up on the issues first, especially on BCrypt or a similar solution before you go live – you owe it to your users. Mass assignment is something which has often been the cause of security holes, but shouldn’t be. Best practice in Rails has been to use attr_accessible to declare mass assignable attributes, which works well, other than it puts the burden for authorization of which attributes are ok into the Model. This is a violation of MVC, where the Controller should be handling Authorization/Authentication. It Read more…

There are few topics in programming more likely to cause dissent than the ideal way for beginners to learn a programming language1 or even to program at all, and whilst I’ve read some great posts on the subject – I think many of them are missing the point. A lot of the posts I’ve read are 6 months old now, but little has changed to frame their arguments differently – I apologise for rehashing the subject, but I wanted to offer my own take. Not for Beginners? There seems to be a reasonably broad consensus that Rails is ‘not for beginners’, with comments from the very top of the ecosystem down (see @dhh tweet below). @sryche Rails was never primarily about being friendly to beginners. We encourage improvement and for people to live up to the state-of-art. — DHH (@dhh) November 30, 2011 An oversimplification of many of the arguments Read more…

I was just browsing the Ruby Koans project, considering whether to recommend it to a friend who ia interested in learning to how to programme, and two things struck me. Firstly – it’s a fantastic way for beginners to learn some of the inner workings of the language – check it out if you haven’t already. Secondly, it’s a brilliant reminder of how pure and deep the Object Oriented nature of Ruby is. I’ve been writing some PHP code recently, and the PHP adoption of OO principles has improved a lot of late, but it still feels like a sticking plaster over a broken leg – some visual cues of attention and improvement, but can’t really walk on it. Coming back to Ruby, even simple Ruby like this, is always a delight and a joy. I wish that more programmers would give it a go – both Object Oriented code Read more…