Kickstarter - Two Guys SpaceVenture - by the creators of Space Quest -
The creators of one of my favorite game series as a youth are back via Kickstarter, another awesome project thanks to crowdsourcing.
During a code review, I came across the following jewel embedded in an HTML form.
Some thoughts on why this is bad:
Another laughable element here is that the alert also reminds the user what words not to type, and gives them a heads-up that someone might not want people to insert comments with SQL.
The one benefit of this code is it was created “cheaply” in terms of up-front dollars paid to the developer to create it. Of course, the cost of having the database dumped, sold and posted online would probably reduce the TCO considerably.
“Think of it like this: What’s the cost to prevent a bug? If it takes you 1,000 lines of validation testing to catch the one time Bob accidentally removed the validates_presence_of :name declaration, was it worth it? Of course not (yes, yes, if you were working on an airport control system for launching rockets to Mars and the rockets would hit the White House if they weren’t scheduled with a name, you can test it—but you aren’t, so forget it).”
Since I am constantly forgetting to do this before compilation, I thought I would post about it in case it benefits others.
$ gem install rake
ERROR: Loading command: install (LoadError)
cannot load such file — zlib
Installing rvm and ruby requires various per-requisites, namely development libraries ruby builds against during compilation. The RVM site leads you towards installation via RVM package, which introduces a whole other set of sources. A better solution is installing the appropriate native packages beforehand.
See also:
After several hours troubleshooting my production Rails environment, I finally found out why images were not being served properly after an upgrade to 3.1: no XSendfile module. Rails 3.1/Sprockets apparently relies heavily on Apache’s XSendfile to serve assets, and without the module installed and configured, images will silently fail and browsers will display a missing image.
To enable under Ubuntu:
More details here.
I regularly contribute to StackOverflow, a free, community powered Q&A site, about once a week. Whenever I have a challenging IT question in a particular domain, I find StackOverflow or one of it’s fellow sites in the StackExchange network, to be the fastest, cheapest, easiest route to getting feedback or suggestions. The unique mix of reputation and rewards for answering questions seem to have engendered a community that is actively interested in posing technical questions, and answering them well.
And so I am excited to learn StackExchange is planning on expanding to a site that focuses on Healthcare IT related questions as well. I think this would be a great edition to the HIT community, and provide a reputable source for HIT related Q&A beyond what can currently be offered by the hodge-podge of forums and groups that exist today. The site is still in the planning and proposal state, everyone is welcome to check it out, and contribute.
Why does my application work in the local development environment, but not in production?
Heroku is an awesome service. It provides a stable platform and tools for quickly deploying applications to the cloud, and allows users to enjoy all the scaling benefits cloud infrastructure can provide. One gotcha I have experienced, however, is Heroku’s reliance on the Postgres database, instead of MySQL.
While researching Heroku I noticed this, but naively assumed that I could use MySQL for local development, and that any differences between these two databases would be relatively obvious, and that I could compensate on the backend. ”Surely” I remember thinking, “almost all of my database queries will be performed in Active Record, and so I’ll be protected from DB differences anyway.” Unfortunately, I was wrong.
Some portions of my application code required implementing a slightly tricky join with the aggregate function ‘avg’. The results of this ended up going into a vector.
Unfortunately, Active Record returns strings instead of floats or integers for aggregate functions in Postgres. This is obviously leads to problems if your app is expecting something it can calculate with, and in my case leading to a silent conversion to 0.0. The end result was an application that performed differently on production at Heroku than locally in my MySQL development environment, and several hours spent moving to Postgres locally.
Lesson learned. Postgres all the way.
Update: It turns out converting to Postgres and removing DatabaseCleaner calls from my spec_helper reduced spec time from 78.2 seconds to 38.75 seconds. 50% faster specs eases the pain.