A Fresh Cup is Mike Gunderloy's software development weblog, covering Ruby on Rails and whatever else I find interesting in the universe of software. I'm a full-time Rails and iOS developer.


A Fresh Cup

Notes on Rails and other development


Double Shot #364

Thanks to everyone who helped make the Rails Activists launch a success. Now we just have to tap all this great energy for useful things.

  • HTTParty Goes Commando - New command-line interface for this ruby interface to the web.

  • gitcred - Page Rank for git users, as if you needed something else to compare.

  • saasy - Single sign-on and SAAS billing solution for Rails.

  • RailsLodge - Another Rails community site that I hadn't run across before.

  • Only the beginning - Status report from the Github folks. Wow, have they only been around for a year?

  • git - The main git site has been through a redesign, and looks much nicer than it used to. Check out the "Tools & Hosting" page.
  • Monday

    Announcing the Rails Activists

    I've got two major announcements to make affecting my professional life this month. Today the first of them is ready to go live: I've accepted a position with the new Ruby on Rails Activists team. Probably the easiest way to explain what that means is to quote from the blog entry announcing our existence:

    The mission of the Rails Activists is to empower and support the worldwide network of Ruby on Rails users. We do this by publicizing Rails, making adoption easier, and enhancing developer support.

    Generally speaking, the Activists will be working alongside the Rails Core team, with the intent of helping publicize Rails and pull together efforts from all parts of the Rails ecosystem. We have a lot of ideas about what this could translate to in terms of concrete initiatives, but I'd like to emphasize that we're here to support the rest of the community, not to direct it. If you want to get involved with promoting Rails and improving things, feel free to contact any one of us to discuss how we can help out. I'm easy to find:

  • mikeg1 on Twitter

  • MikeG1@larkfarm.com via email

  • mikeg1a on IRC (freenode.net, almost always in #rubyonrails)

  • It's also important to note that although there are four of us who are now in some sense authorized to speak on behalf of Rails, this does not mean that everything we say is an Official Statement. We all have our own businesses and blogs and so on, and we have lives beyond Rails activism, shocking though that may be. For example, just because I link something on this weblog doesn't mean it's gotten some official stamp of approval.

    We also intend for the communication to flow in as many directions as possible - one of our roles is to serve as ombudsmen for the Rails community. If for any reason you're feeling frustrated in an attempt to talk to the core team (though personally, I've found them very approachable), do get in touch to see if we can help.

    As some of you have probably guessed, the new team owes something to the much-discussed merger of Rails and Merb. In addition to picking up the best ideas from Merb, Rails is also working on picking up some of the best patterns from the Merb community. Just as Rails isn't throwing out all of its old code to become a copy of Merb, we're not throwing out all of our old activities (such as the Rails Guides) to copy Merb's ecosystem. What we are doing is trying to incorporate some of the energy from the combined communities to revitalize both of them as they become one.

    So stay tuned to see what initiatives emerge from this new group and its interactions with the wider Rails community. If you have any questions, I'll be more than happy to address them in comments here or privately.

    Double Shot #363

    Stay tuned for some Rails news later today.

  • Rapid Fluid Support - A how-to on adding SSB support to a web application.

  • consent - A new access control layer for Action Pack.

  • simplepay 0.2.0 - An upgrade to the Amazon Simple Pay gem just in time for me to need it.

  • RSpactor 1.0.1 - First 1.x release of this project for automatic spec running on OS X.

  • Freelancing Tips via Rails Camp 4 - Some good ideas here for beginning freelancers.

  • @the_rails_way.awaken! - Good news: The Rails Way is coming back.
  • Sunday

    Using Amazon Simple Pay from Rails

    I've recently been working to integrate Amazon Simple Pay into an application. In general, this has been pretty straightforward, thanks to the simplepay gem, which was recently bumped to version 0.2.0. (Amazon also has their own Ruby sample for ASP integration, which came in handy for a first smoke test - though unfortunately at the moment the Amazon site is having trouble delivering that file).

    For the most part, using the simplepay gem is quite straightforward. There's a helper to build a payment form:

    [sourcecode language='ruby']
    Click here to send us $120 every year
    <%= simplepay_form_for(:subscription, {
    :amount => 120.00,
    :description => "Annual Subscription",
    :recurring_frequency => "1 year",
    :abandon_url => amaz_abandon_customers_url,
    :collect_shipping_address => false,
    :immediate_return => false,
    :ipn_url => amaz_ipn_customers_url,
    :process_immediately => true,
    :reference_id => @customer.id,
    :return_url => amaz_return_customers_url
    }) %>

    When Amazon executes callbacks, it sends a signature parameter along so that you can verify that the request is legitimate. This is the only spot where I ran into a little gotcha. The simplepay gem includes a helper to validate the parameters of a request to see if they match the signature, but you have to be sure to take out the parameters that Rails inserts before you call it:

    [sourcecode language='ruby']
    def amaz_ipn
    if AWS::SimplePay::IpnValidator.valid_ipn_post?
    (Simplepay.aws_secret_access_key, params)
    # save the results somewhere
    render :action => 'show'
    logger.info "bad request from Amazon Simple Pay"
    render :nothing => true, :status => 200

    Also note that you should send back a 200 response even if you're unable to verify the signature. This will prevent Amazon from sending the same request to you over and over again.

    Double Shot #362

    Somehow it doesn't seem like it should be Friday already.

  • Linotype FontExplorer X - This came in handy when I wanted to compare some sample text in various fonts I already have installed. I'm sure there are other ways, but it was free.

  • Sanitize - Sanitization seems to be in the air. This one is a whitelist-based HTML sanitizer.

  • Cerberus - A continuous integration server for Ruby and Rails software.