Petri Wessman's weblog

Rails 1.1.6

The 1.1.5 patch to Rails didn’t quite fix all the holes, so version 1.1.6 is now out, along with details on the hole. It’s good to see the Rails team take this seriously and move fast – and I really don’t understand the whiners about “security through obscurity”. Yes, in the long run that’s a bad policy, but when you’ve just discovered a hole in a popular framework, the thing to do is precisely what the Rails team did: announce the fact that there’s a potential expoit and offer a new version of the software, but withhold details for a day or two until most people have managed to update their systems. To do otherwise would be to give the script kiddies of the world a free ride. Yes, you can possibly figure out the hole by comparing diffs… but most of the script kids out there are just that: kids who will use a ready-made “hack”, but won’t bother to figure it out for themselves.

This site is now upgraded to 1.1.6, naturally. Typo is still version 4.0.0 – there is now a version 4.0.2 out which fixes some bugs and includes Rails 1.1.6, but the gem updater for that one gave me an error. I’ll try it again after Ropecon, no time to hack now.

Published on by Orava, tags , , ,

Backpack revisited

Backpack is a web-based service/app run by 37signals, the same company responsible for unleashing Ruby On Rails on the world. The base/demo version is free, if you pay you get extra functionality – this seems to be a growing trend these days.

So, what is it? That’s a reasonable and simple question, but the answer is a bit more elusive. It’s something like an ultra-simplified wiki with todo (and other) list support. It provides some structure to your data (unlike a traditional wiki which is totally freeform), but doesn’t mandate a strict system or layout. It’s also extremely streamlined and simple, by design – the design idea was to only include the things people really need, and nothing else.

So we’re back to “what is it”?

It’s an sort of freeform, online personal organizer tool, a place to hang all the virtual (or physical) Post-It notes and lists that are always hanging around. It’s a place to store all the general small “stuff” and info that don’t have any proper place, and which you need to refer to often. Todo-lists. Reminder notes (Backpack provides email notifications on those). General “notes to self”. Just… stuff.

I tried it out when it first came out less than a year ago, and was mildly interested by the concept. On the other hand, my gut feel was “I could do all this myself with a wiki and some other stuff”. Which is true… except I never got around to organizing something like that, so the “I could do something like this myself” has been replaced with “well, I could, but why should I when this exists”?

At the time, Backpack was missing any sort of calendar, and that was really the deal-breaker for me – I need some sort of calendar in my organizer tool.

Well, just about a week(?) ago the bastards added a calendar to it. I tried it out, and it works – like everything in Backpack it’s ultra-simplified; there is only one view, and you can’t really configure anything. But it works, and my calendar needs are very simple. As a sneaky move, the calendar is only available in the for-pay accounts, so I was “forced” to move into the $5 per month account scheme. I don’t really mind.

So. With the addition of the calendar feature, Backpack has become a surprisingly useful tool for me. I still find it hard to describe to people exactly what the thing actually is or exactly how I use it, but… “works for me”.

While I’ve come to appreciate 37signal’s “keep it as simple as humanly possible” design method, I still think they take it a bit too far sometimes. There are a lot of things in Backpack I’d like to customize. On the other hand, I suppose everyone has their list of things, and if all were accomodated the whole app would quickly become a confusing, Microsoft-like mess. The zen-like simplicity does have a certain charm, keeping that in mind.

Published on by Orava, tags , , , , , ,

VTES page

Moved the VTES page to a Typo-managed page for now. Ideally I’d want a wiki for that stuff, but one thing at a time. The “public” link of http://www.orava.org/orava/vtes should still be used, that will redirect to the correct place.

The big Ropecon 2006 tournament is in a few weeks, and this year it’s also a qualifier for the European Championships. Whee! Please note that, like last year, I’m closing registration at 17:30 on Friday – either be there on time, or pre-register by emailing me. See the VTES page above for details.

Published on by Orava, tags , , ,

Dig more clay, you lazy sods!

The latest mini-craze seems to be Travian, a fun and addictive strategy board-game-via-the-web. Nothing really innovative here, you grow/mine/gather resources and use them to build Stuff(tm). But the execution is nicely done and it’s massively multiplayer, each server has 10-20k players. Fun and suitably slow-paced. I’m on server #7, trying to grow enough wheat to keep my economy booming, and keeping a careful eye on a nearby Teuton village – I’m convinced a raiding party will show up at my gates any day now.

Work continues on Squirrel Valley, the upcoming capital of my empire. Pretty pathetic right now, but just you wait…

Published on by Orava, tags , , ,


Ok, I’ve been playing around with Typo a bit now and it seems a lot nicer than Wordpress. A lot of the “nicer” comes from it being written with Ruby On Rails, which is a kick-ass platform, especially when compared to the steaming pile of dung that is PHP. Don’t get me wrong, WordPress is very nice – but Typo suits me more.

It helps that I’ve done some stuff with Rails, and I know how the framework is organized and is intended to work. This, together with Ruby being a nice and concise language, makes peeking under the hood in Typo a pleasant experience, as opposed to the “aaaagh, I want to claw my eyes out!” reaction I get from PHP and WordPress. I’m already thinking of writing a sidebar plugin or two, they seem pretty straightforward. I also want to add a text filter to generate DriveThruRPG links easily.

The installation and setup was pretty straighforward, the new installer defaults to a Mongrel server which suits me fine. I ended up with Mongrel listening to a port on the local interface, with Apache proxying requests that way. Rails is not thread-safe, so Mongrel wraps most of the app in a sync block – which is fine for a small site like this, but would not scale for more traffic. Luckily, Mongrel has support for running a cluster of Mongrel instances, and Apache 2.2 and later have a load balancing proxy module that is reported to work. I don’t need that now, but it’s good to know that stuff like that exists. All in all, it seems that the Mongrel + proxy solution is a very painless way to deploy and administed Rails apps. Nice. Production deployments have always been the slightly ugly side of Rails, up to now at least.

Published on by Orava, tags , , , , , , ,

New weblog

It… lives!

The new server is chugging along nicely after the post-crash recovery, so I felt it was time for a new blog – I hadn’t updated the old one for about half a year for various reasons. This is now running on Typo 4.0.0, a very nice blog platform that’s written with Ruby On Rails. I’m still playing around with this, and using one of the default themes, but so far I really like what I see. Seems nicer than Wordpress, and Wordpress is not bad at all. Ajax is used to good effect, and the admin interface has some really spiffy Ajax-based drag+drop stuff in it.

I had a new theme layout done for a new blog, but that went with the crashed disk. I have an older backup copy, but I’m waiting to see if we get the crashed disk recovered or not before I proceed on that. I’m hoping to hear from DataPrey this week.

Published on by Orava, tags , , , , , ,

Powered by Publify – Thème Frédéric de Villamil | Photo Glenn