Interesting Things

• If your HTTP header’s HTTP_CLIENT_IP is not equal to HTTP_X_FORWARDED_IP, then rails 2.1 and above will consider it an IP spoofing attack and throw an exception! This is bad news for some traditional Apache->Mongrel setups. Solution is probably to change the apache HTTP headers, but we’re wondering exactly why this is a security problem for rails (and why they would break compatibility with the default apache setup from way back when)?
• Be careful when using validates_uniquess_of with :case_sensitive => true AND a unique index at the database level. If your database is case insenitive, then rails will approve the uniqueness, but the database will fail the insert. Solution: be sure to use a collation type for the unique column that is case sensitive (such as binary in mysql).
• Rails 2.1+ :includes are way better than pre-2.1, but they are less compatible with conditions. Hence, rails falls back on the old style. Here’s when it might legitimately fall back:

User.find(:all, :include => :profile, :conditions => "profiles.gender = 'M'")

Because we reference the included table profiles in the :conditions, rails has no choice but to construct one giant query to fetch Users and their profiles, rather than a separate query. Here’s a case when it guesses wrong:

User.find(:all, :include => :profile,
  :joins => "INNER JOIN comments ON comments.user_id = users.id",
  :conditions => "comments.approved = 1")

Because the conditions references a table that is not users, rails thinks it has to fall back to the old include style… but it’s wrong! Here’s how we tricked ActiveRecord into always using rails 2.1+ includes (note that we had to fix up a few queries that were referencing :inlcuded tables in :conditions to make this work):

module ActiveRecord::Associations::ClassMethods
  private
  def references_eager_loaded_tables?(options)
    false
  end
end

Interesting Things

• Google caches all favicons, and will serve them to you as PNG files! The url is simply google.com/s2/favicons?domain=xxx. Here’s tracker’s favicon: . We recently used this to update our social bookmarking plugin to include new icons for facebook, myspace, digg, etc.

Interesting Things

One client decided that Web 2.0-style rounded corners are only needed in Firefox and Webkit-based browsers because they are “free” with CSS properties built in for those rendering engines: -moz-border-radius and -webkit-border-radius. Internet Explorer is going to be left in the 1.0 world, at least for now, due to the over head of managing rounded corners.

Feel free to promote your personal favorite rounded corner techniques in the comments.

Interesting Things

• Hpricot 0.6.161 does not work in Windows.
• We are co-hosting an entrepreneurial event tonight with VentureArchetypes: “Early Adopters & Beyond.” Contact us if you have questions about the event or are interesting in attending.

Ask for Help

“We need to hide a flash widget without setting it to display:none, which causes it to be loaded from the server again when display:none is removed.”

Hit me with your div-hiding techniques!

• Move it off the screen with position:absolute; left:-9000px
• Shrink it down to nothing with visibility:hidden;height:0;width:0 but watch out for any IE 6 minimum height/width issues
• Similar to the above, hide it with width:0;overflow:hidden;

Interesting Things

• As suggested in 09/03, one project switched to using Solr for search indexing. We were warned that wide range queries might be slow (looking for a value between 1… 10000) could be very slow, but it is not, at least with 400K indexed documents. We’ll watch out for slowdowns as the number of indexes increases.

Ask for Help

“JSUnit tests do not show line numbers for assertion failures, which makes it hard to know which assertion failed. Suggestions?”

Have fewer assertions per test, or use the message argument, such as assertEquals(foo, bar, 'foo should be the same as bar.').

“Is there any way to see test failure stack traces as soon as a test fails or errors? This would be especially nice for slow-running Selenium tests.”

A few Pivots remember hacking on Test::Unit and Rspec to display failure details immediately, but more research is needed. Perhaps there’s a plugin?

“Design Adam’s beard!”

Pivot Adam is shaving is beard and is looking for facial hair suggestions. Over the years he has displayed many of the “standard” beards and mustaches, so it’s time to get creative. Look to The Quest For Every Beard Type for inspiration. Here is your canvas:

Interesting Things

• Pivot Davis is soliciting Agile tips, tricks, anecdotes, and anti-patterns in his two articles Tips for being more Agile and Open Thread: Which Practices Make You More Agile? Please feel free to contribute.

Ask for Help

“Is there something wrong with Net::SSH in the latest versions of Capistrano? I can’t deploy to localhost…”

Not that anyone knows of. Have you tried turning it off and on again? The power button… it’s the little glowing button on the front… the button on the front… Are you from the PAST?

“Is there a good ruby Gem or Plugin for working with the Google Charts API?”

One pair used gchartrb but abandoned it almost immediately. So far, it’s string << string << string.

“How do you use Javascript included in a Desert plugin? Is it included automatically with Desert-magic?”

Unfortunately not. Desert plugins should have an install.rb that copies the Javascript to the public/javascripts directory in your project, but few actually have this (at least at Pivotal.) For now you have to copy any Javascript into that directory yourself.

Interesting Things

• MySql only allows indexes on 64 columns per table. This is a hard limit, set in the header file, and therefore can’t even be changed at compile time without editing that file first. It was suggested that anyone who wants more than 64 indexes should not be using a database for searches anyway — use something like Solr instead.