External content

state_machine 0.10.0 was released

Now allows to list transition paths from and to arbitrary states.

Sanitize user-generated filenames and only send files inside a given directory

If in your application your users pass along params that result in filenames, like invoices/generated?number=123. This could be your (very careless) controller method:

def generated
  send_file File.join(Rails.root, 'shared', 'invoices', params[:number])

This allows your users not only to access those files but also any files your application can read, like this:

# => send_file '/etc/passwd'

You do not want this. In most cases you should prefer a show metho…

RSpec matcher to check if an ActiveRecord exists in the database

The attached RSpec matcher exist_in_database checks if a given record still exists in the database and has not been destroyed:

describe Ticket do
  describe '.purge_expired' do
    fresh_ticket = Ticket.create(:expiry => Date.tomorrow)
    expired_ticket = Ticket.create(:expiry => Date.yesterday)
    fresh_ticket.should exist_in_database
    expired_ticket.should_not exist_in_database

Note that there is also [ActiveRecord::Base#destroyed?](…

Mocks and stubs in Test::Unit when you are used to RSpec

We are maintaining some vintage projects with tests written in Test::Unit instead of RSpec. Mocks and stubs are not features of Test::Unit, but you can use the Mocha gem to add those facilities.

The following is a quick crash course to using mocks and stubs in Mocha, written for RSpec users:

RSpec Mocha
obj = double() obj = mock()
obj.stub(:method => 'value') `obj.stubs…

Alternative to url_for's deprecated :overwrite_params option

If you have the following deprecation warning after upgrading to rails >= 2.3.10

DEPRECATION WARNING: The :overwrite_params option is deprecated. Specify all the necessary parameters instead.

that is for example caused by

url_for( :overwrite_params => { :order => 'name', :dir => 'asc' } )

you can fix this by using params.merge {:my_param_to_overwrite => 'foo' }. To fix the example above the code could look like:

url_for( params.merge { :order => 'name', :dir =...

Delete all MySQL records while keeping the database schema

You will occasionally need to clean out your database while keeping the schema intact, e.g. when someone inserted data in a migration or when you had to kill -9 a frozen test process.

Old Capybara versions already have the Database Cleaner gem as dependency. Otherwise add database_cleaner to your *Gemfile`. This lets you say this from the Rails console:

DatabaseCleaner.strategy = :truncation

You …

External content

Apache: SSL with Virtual Hosts Using SNI

With SNI, you can have many virtual hosts with HTTPS sharing the same IP address and port, and each one can have its own unique certificate. SNI is supported by all major browsers except Internet Explorer on XP, Safari on XP, wget, Android and Java.

CSS3 Pie: Element not properly redrawn

Pie sometimes does not properly redraw elements upon changes. This often happens when the change comes from somewhere further up the DOM.

Consider something like:

  <li class="active"><div class="content">Active element</div></li>
  <li class="inactive"><div class="content">Inactive element</div></li>

with CSS

li .content {
  -webkit-box-shadow: #666 0px 2px 3px;
  -moz-box-shadow: #666 0px 2px 3px;
  box-shadow: #666 0px 2px 3px;
  behavior: url(/;


Setup an SSH server on Ubuntu

Install OpenSSH Server:

sudo apt-get install openssh-server

To check if the server is running you should get no error when you restart it:

sudo /etc/init.d/ssh restart

Now your ssh server is ready to use.

To add additional security edit your sshd_config (gksudo gedit /etc/ssh/sshd_config):

# Deny root login:
PermitRootLogin no

# To whitelist users:

# To disable interactive authentication (without SSH key)
PasswordAuthentication no

Don't forget to restart after editin…

Find records with a Range condition

You can find ActiveRecord models by using a Range as its conditions:

User.scoped(:conditions => { :id => 3..5 })

This will generate the following query:

SELECT * FROM `users` WHERE (`users`.`id` BETWEEN 3 AND 5)

This also means that all your scopes that take an array of allowed values and use condition hashes, automagically work for Ranges, too.

Output the descriptions of RSpec examples while they are running

In order to track down warnings and to see failing specs immediately, you can use RSpec's "nested" format. It looks like this:

    should require model to be set
    should require place_id to be set
    should include the model and tag if the tool has a tag
    should return the model if the tool has no tag
    should find tools by model and maker
    should find tools by serial number

Call RSpec like this in order to use the nested format:

spec spec -...

Synchronize a Selenium-controlled browser with Capybara

When you click a link or a press a button on a Selenium-controlled browser, the call will return control to your test before the next page is loaded. This can lead to concurrency issues when a Cucumber step involves a Selenium action and a Ruby call which both change the same resources.

Take the following step which signs in a user through the browser UI and then sets a flag on the user that was just signed in:

Given /^the user "([^"]*)" signed in (\d) days ago$/ do |name, days|
  visit new_session_path
  fill_in 'Username', :w...
External content

Cheats to optimize your web font rendering

Type looking a little flabby? Overweight? Want to give it a kick in the pants? Take a look at some of these tricks to really give your web type a workout.

External content

JavaScript Garden

JavaScript Garden is a growing collection of documentation about the most quirky parts of the JavaScript programming language. It gives advice to avoid common mistakes, subtle bugs, as well as performance issues and bad practices that non-expert JavaScript programmers may encounter on their endeavours into the depths of the language.

JavaScript Garden does not aim to teach you JavaScript. Former knowledge of the language is strongly recommended in order to understand the topics covered in this guide

Common VIM commands

An overview of common vim commands, including:

  • windows
  • buffers
  • undo/redo
  • navigation
  • bookmarks
  • selection/whitespace
  • clipboard shortcuts
  • search/replace
  • programming
  • external filters

Also see this German command list.


  • toggle syntax highlighting: :syntax on|off

Directly search makandra notes from the Firefox address bar

The speed searching for makandra notes in Firefox can be improved by following these steps:

  1. Download the Firefox-Add-on "Add to Search Bar" and install it
  2. Go to the makandra notes search box and press the right mouse button to open the context menu
  3. Click "Add to Search Bar …" and give it a name like "makandra notes" and a keyword like "n" or "notes"

Now you can type notes my search keywords into the firefox address bar and it will automatically search for the…

Speed up response time in development after a Sass change

When working with large Sass files you will notice that the first request after a change to a Sass file takes quite some time. This is because the CSS files are being generated from the Sass files the moment the application answers your request (Sass looks at the files and recompiles if the timestamp changed); it takes even longer when you build sprites with the Lemonade gem.

To avoid this, have Sass watch the files for changes and compile them into CSS files immediately. The files w…

External content

Monitoring Theory

Around the time in my life when I stopped ordering drinks made with more than one ingredient, I was woken up for the last time by a hypochondriac Nagios monitoring installation. If you are on-call long enough, you cultivate a violent reaction to the sound of your cell phone's text message alert. If your monitoring is overconfigured, that reaction boils over hastily, as it will interrupt you during meals, sex, sleep — all of the basics — with the excruciating operational details of your web site.

I've since developed, with the help of some n…

2389 cards