Planetoid 0.1.6 released
January 20, 2010  comments

I've released a new version of Planetoid, a lightweight planet for small teams that can be used as a feed aggregator and projects portfolio.

This new version includes has been tested under Ruby on Rails 2.3.6 and provides integration with Slideshare accounts (even showing the slides directly on the planet), as well as Del.icio.us accounts. Thanks for Javier Ramírez and José Galisteo for their respective forks, which introduced these new features.

Planetoid is currently being used by several teams / companies out there, including:

I'm planning new releases including support for Liquid templates and i18n, if there's any feature you'd like to see added (or removed!) just drop me a line. Thanks!

Lessons Learned Playing With SSL
January 11, 2010  comments

I've been lately configurig SSL encryption for logins on Rails applications, and I've learned some interesting tips that I'd like to share with you. This is not meant, however, to be a complete tutorial -there's a lot of good stuff already published about this- but just some quick tips that I hope can be helpful.

Sniff your own passwords

Surely you've heard about password sniffers but never used one. Believe me, sniffing user passwords is as easy as using one of those little password sniffing programs on a public network, maybe the wifi on your favorite café or while you're getting bored attending a tech talk. Just launch it and wait for something to come.

Take ettercap, for instance. You can install it on Mac OS X with a simple "sudo port install ettercap-ng" and then launch it on text mode with "sudo ettercap -T". This will catch a lot of packets on your network so you want to filter out the ones containing a given string, like this "sudo ettercap -T | grep password". Try it on your non-encrypted app and you'll soon be convinced of the need of encrypting your login and signup forms.

SSL Requirement plugin is your friend

I guess you already knew about this great plugin but in case not, here it goes: SSL Requirement. As it's explained on its README, SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.. Easy as pie, you just tell what actions you want to require SSL, and the plugin will redirect the user as needed.

You don't need HTTPS everywhere

It's up to you to decide what parts of your application should be covered by SSL. You can encrypt the whole application if you want but in most cases this is unnecessary, and will make your application slower. For most cases, you only want to encrypt the communications where private data is involved, and that probably means you're happy covering only the login and signup forms. So, you could just tell SSL Requirement to require SSL on those parts of the app, right?

Well, more or less, you've got to be careful with that. What will happen for example if you have a public site with a lot of different sections, and a login form on the header? Does this mean you've got to require SSL on all pages showing a login form? The answer is, it depends. It depends on how you specify your action URL on the login form:

  1. form action="/session"
  2. form action="https://example.com/session"

If you specify the form action on the first way, you're not telling the server or protocol you want to send the form to, so the browsers will assume it's meant for the same server and protocol. What this means is that this kind of forms should be accessed through HTTPS, because if you do it through normal HTTP, they will not be sent encrypted.

The second option is better, as it is explicitly telling the browsers that you want to send this login form through HTTPS, so it will encrypt your data when sending it.

In my case, I'm using the restful_authentication plugin, and the action on the login form is generated by the form_tag helper like this:

form_tag session_url

Remember to use session_url (and not session_path) so that the URL includes the full path including the protocol and the server.

Next, you can tell your rails application you want to use HTTPS on session_url with the :requirements option on your routes.rb, like this:

map.resource  :session, :requirements => { :protocol => 'https' }

Avoid mixed content warnings

Some browsers, like Internet Explorer, will complain about "mixed content" if you load HTTP assets on a page requested through HTTPS. This is kinda stupid and paranoid, but it's the way they behave, and we have to live with it.

This "mixed content warning" can be a problem when we're using asset hosts to speed up the loading our application. Let's say you've configured your rails app so assets will be loaded from your asset hosts, like as0.example.com, as1.example.com, etc. The trouble here is that if you visit https://example.com to get an encrypted page, it will contain assets from non-encrypted URLS like http://as0.example.com, and these paranoid browsers will complain about that.

There's a nice solution to this problem, which involves using procs to decide if you can safely use asset hosts or not, based on the protocol of the request. You can read about this on Rails asset hosts and SSL

Any more tips?

That's all I wanted to talk about for today. If you've got additional tips to share please participate!

Blogging from TextMate
January 10, 2010  comments

So, I've finally made the move from Wordpress to Jekyll that I was thinking about. Guess I was in need for a change: although Wordpress is a great blogging tool, perhaps the most complete of them all, I just needed something smaller. What about just using the same tools I use everyday as a coder? TextMate, git, and Ruby. Yeah, Jekyll seemed the perfect choice.

Happily, my friend Bálint Érdi posted recently on his new blog Codigo Ergo Sum some links to the tools and documentation needed for Jekyll configuration, and also for the migration of contents from Wordpress, including both posts and comments, which are now hosted on Disqus. Thanks to Bálint, it's been super-easy and really fun to do this migration.

So, no more WYSIWYG forms to post on the blog, let's publish like real coders do: git pushing.

Once again, thanks to Bálint for his post and sorry for such a shameless copy of his stylesheets: they'll soon be changed to my own styles. Thanks!

Conferencia Rails 2009 - Call for papers
September 09, 2009  comments

logoSo, summer is almost gone and it's time to start again with the organization of Conferencia Rails - the biggest rails conf held in Spain.

We've been organizing this event every year since 2006, and it's growing and just getting better year after year. This time we want to open our invitations to the English-speaking communities, so we encourage you, English-speaking rails developers, come and join us giving a talk or workshop.

If you want to give a talk, you can send your proposals here. This year we want to encourage English people who wanna come with us and give talks (but notice that the most of the talks will be in Spanish).

For more information, visit the oficial web or watch the recorded videos on our blip.tv channel.

Conferencia Rails is a non-profit event organized by a group of volunteers, some of which were also on the organization of the successful EuRuKo 2009.

More planetoids!
June 26, 2009  comments

I'm proud to see that more people are forking and using my little planetoid, a rails application for building small communities online, with feed aggregation. I started building this feed aggregator as we needed a planet for our Spain.rb association of Spanish rubyists, but I wanted to keep in mind that if this was helpful to a group like us, it could help other groups with similar needs.

ASPGems Flowers In Space

What does planetoid allow you to do?

  • Show a summary of the people in a group, with their names, avatars, links to their blogs, twitters and github accounts.
  • Aggregate their feeds in one place
  • Show the projects that the members are working on, with title, a brief description, and a link

Who is using planetoid?

I keep a list of the sites that are using planetoid. As of today, these are some of the people using planetoid:

  • Spain.rb. The Spanish rubyists community devoted to promote our work on the Ruby community, worldwide.
  • ASPGems. A Spanish Ruby on Rails company, based on Madrid.
  • Flowers In Space. A Spanish Ruby on Rails company, from Seville.
  • Planet Girona. Aggregating feeds from Girona blogs.

Want to join?

Just try it, it's easy to install as a rails application... I'm open for comments and suggestions so if you find it useful but you need a new feature just tell me. And if you use it, send me a note to add your site to the list!

github.com/jaimeiniesta/planetoid

Configurar internet móvil Simyo en el macbook
June 25, 2009  comments

Hace un par de días contraté el servicio de internet móvil por modem 3G (GPRS) de Simyo, la tarifa de 5G al mes que viene con un módem Alcatel HSPA, para poder trabajar este verano desde la playa. En principio se supone que es un módem USB plug-and-play, pero en la práctica tuve algún problemilla para hacerlo funcionar en el macbook. Finalmente, googleando un poco y fijándome en los parámetros de configuración al instalarlo en un ordenador con windows, pude ver qué le faltaba a la instalación en el macbook.

La instalación es sencilla: enchufas el modem USB, y aparece una unidad de disco. Dentro hay un instalador (.PKG), doble clic, instalar y reiniciar la máquina. A partir de ahí basta con lanzar el programa HSPA USB MODEM, te pide el PIN de la tarjeta del módem, lo introduces y en principio pulsarías Conectar y ya está. Pero esto es en Windows, en el macbook está mal hecha la instalación y falta configurar un perfil de conexión.

Para ello clica en el último icono de abajo de abajo a la izquierda y selecciona "Perfil de conexión" en el menú desplegado:

simyo alcatel hspa

en la siguiente pantalla debes añadir un nuevo perfil de conexión, y después activarlo:

simyo alcatel

estos son los parámetros de configuración necesarios:

Imagen 6

    <li><strong>Cuenta</strong>: simyo (o cualquier otro nombre, supongo)</li>
    <li><strong>Número</strong>: *99***1#</li>
    <li><strong>APN</strong>: gprs-service.com</li>
    

Y ya está. Lo salvas, recuerda darle al botón "Activar", y a partir de ahí ya puedes conectar a internet.

A mi me va bastante bien, me llega a 2 Mb, que no está mal para estar en Girona.

Ahora me falta conseguir compartir mi conexión con el macbook de mi chica... se desconecta a los pocos segundos de hacerlo. Si alguien me puede echar una mano con esto, se lo agradezco de antemano!

ACTUALIZACIÓN: sí que se puede compartir la conexión entre macbooks! Debía ser cosa de mi firewall o así. El caso es que ya funciona, 2 macbooks conectándose a la vez con un mismo simyo.

Planetoid, a lightweight planet
May 21, 2009  comments

I've released today planetoid, a really simple and lightweight planet (feed aggregator) for small communities online.

planetoid will let you create users and feeds from their blogs, which will be parsed automatically and shown on the front page. You can set up a cron job to do this task automatically. planetoid is intentionally simple: I didn't want to create another multi-user blog engine, I just wanted to put together some blogs and show basic info about the authors, so you won't find here thinks like user registration or posts publication. You just provide info about the authors and their feeds, that's all.

planetoid is inspired by Aintablog, which is a great piece of software but didn't give me what I was exactly needed at the moment.

Code is available through my github repository. Please keep in mind that this is an initial draft, fully working, but on a very initial state (I started writing it yesterday), so use it at your own risk :)

Feedback will be greatly appreciated so please try it and comment what you like / dislike about it!

planetoid can be found here:

http://github.com/jaimeiniesta/planetoid/tree/master

Listen Hotmail, I'm no spammer!
May 20, 2009  comments

Sometimes it looks like Microsoft's mission in this world is making web developers life miserable. Yes, I'm sure the World will be a better place when this company finally disappears, but it looks like we'll have to wait for a while for this to happen. For now, we'll have to follow their absurd rules and adapt our standards-compliant web applications to their own de facto standards.

But this time I'm not talking about Internet Explorer, that stupid and paranoid browser we all hate. I'm talking about Hotmail, that stupid and paranoid mail service we also hate. I really hate it because it makes me lose my time trying to convince them that I'm not a bloody spammer. Look, we've only sent a few testing emails from our production server and we've already been marked as spammers. This has to be corrected right now, what could happen when we launch the site for good and thousands of mails come out of it and get lost on the spam folders of those Hotmail users? And that if you're lucky enough to reach the spam folder :)

OK, I've complained enough, I've got to live with it. Let's see some things that you can try to improve your mail sending, how to avoid being marked as spammer by Hotmail.

Stop sharing - if you can

Basically, the problem with mails is that we tend to use shared mail servers for sending e-mail. We might be good guys, but we're on a shared server, so many other e-mails are being constantly sent from it by the other users and we just can't control it. Maybe your neighbour is selling viagra, who knows? The thing is, Hotmail will mark the whole mail server as a source of spam, even if you're not a spammer.

The first tip would be using a dedicated server for sending email. Having a unique IP would help avoid those situations, but this might be overkill and expensive. In our case, we're hosted on EngineYard, and they provide these tips to improve e-mail deliverability. As they say, they have a solution that lets treat shared servers as trusty dedicated servers:

We’ve crafted a rather neat solution that allows you to utilize our shared mail systems while retaining your own dedicated sending IP. This insulates you (and your sending reputation) from being adversely (or positively) impacted by other clients.
To do this, you need to configure a SPF record on your DNS:
SPF stands for sender policy framework. It’s basically a DNS record that MTAs can use to verify that a given host is allowed to send mail for your domain.
It will depend on your domain control panel how to do this.

Microsoft Sender ID

Once this SPF record is set up on your DNS, you need to tell Hotmail this has been set up. You've got information about the Sender ID framework, but basically you need to submit your SPF record to them.

That's a first step in order to clean your reputation in front of Hotmail. In one or two days you should receive response on your e-mail. In my case, they told me that they had added this SPF record to their systems, and that in 48 hours or so the changes would be propagated and I'd no longer be treated as a criminal.

2 days later, things were much better. Most emails sent from our server to Hotmail reached the inboxes! We were happy for a few days, but after that, some Hotmail users told us they still were getting our emails on their spam folders or, even they just didn't get any message at all.

Ask Microsoft directly

So, I contacted directly Microsoft by replying to the email they sent me telling everything was OK. I showed them some of the Hotmail addresses that were still thinking we were spammers. One day later, they replied back. Quick! Basically they were saying:

Your IP was blocked by Windows Live Hotmail because the majority of all the email that you send to Hotmail has been judged to be spam by Windows Live Hotmail's internal filtering system. We have conducted an investigation into the emails originating from your IP space and we have implemented a fix for your deliverability problem. This fix may take up to 48 hours to replicate completely throughout our system
So well, it looks like the SPF submission wasn't enough. And they say they've applied a "fix", I guess they'll be filtering out our domain or something. Anyway, they also provided links with more info and burocracy I could try to convince them of our innocence. After reading this I went to their Sender solutions section. There, I was interested on the Sender ID program (that I tried before), the Sender Score Certified Email, that looked very promising but you cannot apply to if you haven't got a dedicated IP, the Smart Network Data Services, which you can't control if you're not the owner of the server (I'll tell EngineYard to do this for me), and the Junk Mail Reporting Partner Program, which I joined. And finally I even found another form you could submit, but also needed data from the owner of the server so I'll contact EngineYard for this.

The Final Solution

So, that's all for now. No, there is no final solution. I'm still waiting to see if all these things help us improve our situation with Hotmail. If I learn something new, I'll tell you here - if you have suggestions, they're all welcome!

EuRuKo 2009: That's all, folks!
May 10, 2009  comments

matz_jaime_small1So, there it is, we've done it, EuRuKo 2009 is over!

It has been a really pleasing experience for all of us on the organization team, we've had a really, really good time sharing ideas and code to organize the main european Ruby conference. I have to admit it, we were really surprised to see Spain was proposed as the candidate country last year in Prague. The czech team proposed Madrid as the candidate city to the group of spaniards that were there, and we were excited to hear it. We eventually changed it to Barcelona instead, as Madrid was already quite full holding the Conferencia Rails (that's the Spanish Rails Conference that is held every November and organized by ourselves by the way: it's amazing as well :D )

So to set this up many things were made during this year: a new association was born, the SRUG (Spanish Ruby Users Group), which has been the organization in charge of the conference. We built a rails app to handle the registration process, talks listing and calendar, paypal payments and more - it was built over a simple app I did for the Conferencia Rails and made much bigger by Fernando Guillén, Juanjo Bazán and Raúl Murciano. The code of this app is freely available on github for use in other conferences, please fork us! We also received the help of the Scotland on Rails team, who sent us a pair of ruby scripts to build the EuRuKo twitter bot and the raffle. Thanks guys!

We even bought a gong for the lightning talks that will be passed from team to team during the next years conferences and will be a symbol for our descendants on the next centuries. :)

Now it's time to pass the gong to the next country and start it over again for EuRuKo 2010. I hope they find as much fun as we did during 2009! See you next spring in Krakow!

Se acerca la EuRuKo 2009 Barcelona
February 26, 2009  comments

Atención todo el mundo! La Conferencia de Ruby Europea por antonomasia, EuRuKo, abrirá sus puertas en breve.

Desde el equipo de organización del evento ya tenemos casi lista la aplicación de registro, y está previsto abrirla en estos días, en cuanto ultimemos unos detallitos.

Hemos ido recibiendo un buen montón de propuestas de charlas interesantes, pero aún queremos más! Si sabes de Ruby y te gustaría participar, aún estás a tiempo de enviar tu propuesta de charla a talks@euruko2009.org

Y si eres diseñador, ¿te animas a participar en el concurso de camisetas?

Más información en http://euruko2009.org