Poetry of Programming

Its about Ruby on Rails – Kiran Soumya


So howzz Rails2.0? Its Awesome !

Added the “rake routes” task, which will list all the named routes created by routes.rb.

All resource-based controllers will be plural by default. This allows a single resource to be mapped in multiple contexts and still refer to the same controller. Example:
  # /avatars/45 => AvatarsController#show
  map.resources :avatars

  # /people/5/avatar => AvatarsController#show
  map.resources :people, :has_one => :avatar

Rendering a HTML page in Iphone using Rails 2.0 Multi View

Speaking of the iPhone, we’ve made it easier to declare “fake” types that are only used for internal routing. Like when you want a special HTML interface just for an iPhone. All it takes is something like this:
  # should go in config/initializers/mime_types.rb
  Mime.register_alias “text/html”, :iphone

  class ApplicationController < ActionController::Base
    before_filter :adjust_format_for_iphone

      def adjust_format_for_iphone
        if request.env[“HTTP_USER_AGENT”] && request.env[“HTTP_USER_AGENT”][/(iPhone|iPod)/]
          request.format = :iphone

  class PostsController < ApplicationController
    def index
      respond_to do |format|
        format.html   # renders index.html.erb
        format.iphone # renders index.iphone.erb
You’re encouraged to declare your own mime-type aliases in the config/initializers/mime_types.rb file. This file is included by default in all new applications.

No more overhead of Requesting a bazillion of Javscript/Stylesheet files

In Rails2.0, Using javascript_include_tag(:all, :cache => true) will turn public/javascripts/.js into a single public/javascripts/all.js file in production, while still keeping the files separate in development, so you can work iteratively without clearing the cache.

Speed your application !

In Rails2.0, If you set ActionController::Base.asset_host = “assets%d.example.com”, we’ll automatically distribute your asset calls (like image_tag) to asset1 through asset4. That allows the browser to open many more connections at a time and increases the perceived speed of your application.

Identify your Record url just by object !

Added a number of conventions for turning model classes into resource routes on the fly. Examples:
  # person is a Person object, which by convention will
  # be mapped to person_url for lookup
  link_to(person.name, person)

API authentication over SSL

It’s terribly simple to use. Here’s an example (there are more in ActionController::HttpAuthentication):
  class PostsController < ApplicationController
    USER_NAME, PASSWORD = “dhh”, “secret”

    before_filter :authenticate, :except => [ :index ]

    def index
      render :text => “Everyone can see me!”

    def edit
      render :text => “I’m only accessible if you know the password”

      def authenticate
        authenticate_or_request_with_http_basic do |user_name, password|
          user_name == USER_NAME && password == PASSWORD


A built-in mechanism for dealing with CRSF attacks. By including a special token in all forms and Ajax requests, you can guard from having requests made from outside of your application. All this is turned on by default in new Rails 2.0 applications and you can very easily turn it on in your existing applications using ActionController::Base.protect_from_forgery (see ActionController::RequestForgeryProtection for more).

Also made it easier to deal with XSS attacks while still allowing users to embed HTML in your pages. The old TextHelper#sanitize method has gone from a black list (very hard to keep secure) approach to a white list approach. If you’re already using sanitize, you’ll automatically be granted better protection. You can tweak the tags that are allowed by default with sanitize as well. See TextHelper#sanitize for details.

Finally, added support for HTTP only cookies. They are not yet supported by all browsers, but you can use them where they are.

Exception handling

Lots of common exceptions would do better to be rescued at a shared level rather than per action. This has always been possible by overwriting rescue_action_in_public, but then you had to roll out your own case statement and call super. Bah. So now we have a class level macro called rescue_from, which you can use to declaratively point certain exceptions to a given action. Example:

  class PostsController < ApplicationController
    rescue_from User::NotAuthorized, :with => :deny_access

      def deny_access

Cookie store sessions

The default session store in Rails 2.0 is now a cookie-based one. That means sessions are no longer stored on the file system or in the database, but kept by the client in a hashed form that can’t be forged. This makes it not only a lot faster than traditional session stores, but also makes it zero maintenance. There’s no cron job needed to clear out the sessions and your server won’t crash because you forgot and suddenly had 500K files in tmp/session.

This setup works great if you follow best practices and keep session usage to a minimum, such as the common case of just storing a user_id and a the flash. If, however, you are planning on storing the nuclear launch codes in the session, the default cookie store is a bad deal. While they can’t be forged (so is_admin = true is fine), their content can be seen. If that’s a problem for your application, you can always just switch back to one of the traditional session stores (but first investigate that requirement as a code smell).

New request profiler

The new request profiler that can follow an entire usage script and report on the aggregate findings. You use it like this:

  $ cat login_session.rb
  get_with_redirect ‘/’
  say “GET / => #{path}”
  post_with_redirect ‘/sessions’, :username => ‘john’, :password => ‘doe’
  say “POST /sessions => #{path}”
  $ ./script/performance/request -n 10 login_session.rb
And you get a thorough breakdown in HTML and text on where time was spent and you’ll have a good idea on where to look for speeding up the application.


Makes it even simpler to create Atom feeds using an enhanced Builder syntax. Simple example:

  # index.atom.builder:
  atom_feed do |feed|
    feed.title(“My great blog!”)

    for post in @posts
      feed.entry(post) do |entry|
        entry.content(post.body, :type => ‘html’)

        entry.author do |author|

Faster Performance

Active Record has seen a gazillion fixes and small tweaks, but it’s somewhat light on big new features. Something new that we have added, though, is a very simple Query Cache, which will recognize similar SQL calls from within the same request and return the cached result. This is especially nice for N+1 situations that might be hard to handle with :include or other mechanisms. Also drastically improved the performance of fixtures, which makes most test suites based on normal fixture use be 50-100% faster.

More efficient Migrations

create_table :people do |t|
  t.column, “account_id”,  :integer
  t.column, “first_name”,  :string, :null => false
  t.column, “last_name”,   :string, :null => false
  t.column, “description”, :text
  t.column, “created_at”,  :datetime
  t.column, “updated_at”,  :datetime
endNow you can write:

create_table :people do |t|
  t.integer :account_id
  t.string  :first_name, :last_name, :null => false
  t.text    :description

Clean up your environment

Before Rails 2.0, config/environment.rb files every where would be clogged with all sorts of one-off configuration details. Now you can gather those elements in self-contained files and put them under config/initializers and they’ll automatically be loaded. New Rails 2.0 applications ship with two examples in form of inflections.rb (for your own pluralization rules) and mime_types.rb (for your own mime types). This should ensure that you need to keep nothing but the default in config/environment.rb.

Easier plugin order

This can require that you load, say, acts_as_list before your own acts_as_extra_cool_list plugin in order for the latter to extend the former.

Before, this required that you named all your plugins in config.plugins. Major hassle when all you wanted to say was “I only care about acts_as_list being loaded before everything else”. Now you can do exactly that with config.plugins = [ :acts_as_list, :all ].


Notes on using fb:swf in FaceBook

In facebook groups or discussions… I saw plently of developers struggling to embed fb:swf using FBML.

An example for them to make their life easier :)

<fb:swf swfsrc=”SRC_URL” allowscriptaccess=”all”
bgcolor=”#ECECEC” id=”some_id” wmode=”transparent” SWLIVECONNECT=”true”
flashvars=”serverPath=http://dynamic_url?fbid=<%=uid%>&some_params=blahblah” height=”200″ width=”382″
imgsrc=”img_url_at_beginning” />

The other Common Wiki Notes for this to be noted:

  • Currently, Facebook requires Flash version 9.0.0 for all <fb:swf> tags.
  • Make sure that the flashvars parameter is all lowercase. Some sources of embedded links capitalize the V, which does not work on Facebook.
  • Currently, Facebook wraps the resultant Flash object in a <div> tag, so despite the fact that the embed/object tag is not block-level, consecutive <fb:swf> tags will appear one above the other instead of side-by-side.
  • To verify that your Flash object was loaded from a Facebook page, do the following. For security, this technique does not embed your secret key in your Flash app:
  1. Get all the parameters whose names start with fb_sig_. (Do not include the fb_sig parameter itself.) In Flex use Application.application.parameters to do this.
  2. Strip the fb_sig_ prefix from each, and make sure the keys are lowercase.
  3. Create a string of the form param1=value1param2=value2param3=value3, etc., sorted by the names (not the values) of the parameters. Note: Do not use ampersands between the parameters.
  4. Pass this string to your server, where your secret key is stored.
  5. On your server, append your application secret key to the string that was passed in. The following is returned: param1=value1param2=value2param3=value3myappsecret
  6. On your server, create an MD5 hash of this string.
  7. Return the MD5 hash from your server to your Flash object.
  8. In your Flash object, compare the returned hash with the fb_sig parameter that was passed in. If they are equal, then your Flash object was loaded by Facebook. (Or by someone who stole your secret key.)

While the above technique doesn’t embed your secret in the Flash object, what you’re doing is making a public Web service to sign parameter strings with your secret and then embedding its address in your Flash object. This is just as bad as publishing your secret key (except you do the MD5 computation for any malicious clients). What you want to do is send all the parameters to the Web server (including fb_sig) and have it verify the signature internally and respond with either OK or NOT_OK.


Embedding Flash in Google Gadget !

A static flash play can be easily embedded using _IG_EmbedFlash() function in the gadget but since we need to load the xml according to the User Login preferences. I need to do some more modifications.

The issue I faced here is :

For security reasons, a Macromedia Flash playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.

Since google loads modules from 97.gmodules.com domain, extracting data from marketsimplified domain becomes external.

Cross-domain policy file has to be created to make it work.

(Ref: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213&sliceId=2)

But still I didnt get it to work… unless on top of this, I have to do some workaround as described in this url…

However finally… its up and running…


Import Tool – ScRUBYt

At first I tried String Wrapper tool using open-uri

Then I understood Tree wrappers tools that the HTML document can look very good in a browser, yet still be seriously malformed (unclosed/misused tags). It is a non-trivial problem to parse such a document into a structured format like XML, since XML parsers can work with well-formed documents only

But HTree and REXML is capable to transform the input into the nicest possible XML from our point of view: a REXML Document. ( REXML is Ruby’s standard XML/XPath processing library).

After preprocessing the page content with HTree, we have to unleash the full power of XPath, which is a very powerful XML document querying language, highly suitable for web extraction.

The powerful web scrapping tools in Ruby are mainly Mechanize and Hpricot. Hpricot is “a Faster HTML Parser for Ruby” out of other Rubyful-soup(HTree + XPath),scrAPI,ARIEL

www::Mechanize has the ability to automatically navigate through Web pages as a result of interaction (filling forms etc.) while keeping cookies, automatically following redirects and simulating everything else what a real user (or the browser in response to that) would do.

Mechanize is powerful lib BUT we cannot perfectly interact with JavaScript websites. That is, it cannot handle more than one redirects through javascript.

Using mechanize, attempts to gmail webscrap to get all mails (feed exists to get new mails only) and orkut scraps extraction could go through until there is no complex javascript to break.

At first tried to do google search and extract reditt articles using almost all libs.

Then Using Xpath and scRUBYt, I am able to extract details from finance.google.com in xml format.

To a certain extent scRUBYt which is combination of Hpricot and Mechanize on steriods, seems starting step to me to get finance.google.com portfolio.

Also,scRUBYt is faster than mechanize.


require 'rubygems'
require 'scrubyt'

google_data = Scrubyt::Extractor.define do
fetch 'http://finance.google.com'
click_link 'Portfolios'
fill_textfield 'Email', '<a href="mailto:kiransoumi@gmail.com">kiransoumi@gmail.com</a>'
fill_textfield 'Passwd', '----'
fetch 'http://finance.google.com/finance/portfolio?action=view&pid=1'
click_link 'Transactions'
#Construct the wrapper
stockinfo "/html/body/div/div/table/tbody/tr" do
   symbol "/td[1]/a[1]"
   qty "/td[5]"
   price "/td[6]"


google_data.to_xml.write($stdout, 1)

[MODE] Learning
[ACTION] fetching document: <a href="http://finance.google.com">http://finance.google.com</a>
[ACTION] clicking link: Portfolios
[ACTION] fetched <a href="https://www.google.com/accounts/ServiceLogin?hl=en&service=finance&nui=1&continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview">https://www.google.com/accounts/ServiceLogin?hl=en&service=finance&nui=1&continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview</a>
[ACTION] typing <a href="mailto:kiransoumi@gmail.com">kiransoumi@gmail.com</a> into the textfield named 'Email'
[ACTION] typing ---- into the textfield named 'Passwd'
[ACTION] submitting form...
[ACTION] fetched <a href="https://www.google.com/accounts/CheckCookie?continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview&service=finance&hl=en&chtml=LoginDoneHtml">https://www.google.com/accounts/CheckCookie?continue=http%3A%2F%2Ffinance.google.com%3A80%2Ffinance%2Fportfolio%3Faction%3Dview&service=finance&hl=en&chtml=LoginDoneHtml</a>
[ACTION] fetching document: <a href="http://finance.google.com/finance/portfolio?action=view&pid=1">http://finance.google.com/finance/portfolio?action=view&pid=1</a>
[ACTION] clicking link: Transactions
[ACTION] fetched <a href="http://finance.google.com/finance/portfolio?action=viewt&pid=1">http://finance.google.com/finance/portfolio?action=viewt&pid=1</a>
Extraction finished succesfully!

stockinfo extracted 4 instances.
symbol extracted 4 instances.
qty extracted 4 instances.
price extracted 4 instances.