Ruby on Rails Code Audits: 8 Steps to Review Your AppIn this article, Iβm going to share eight of those items (and the rationale behind them) that we check on when we begin auditing a code base. My aim is to help provide you with a list of things to check on and consider cleaning up as a way to tidy up some possible technical debt and/or oversights.
Came across Little Things I Like to Do with Git a while back. Harry has a bunch of interesting git snippets. I found these the most useful:
$ git for-each-ref --count=10 --sort=-committerdate refs/heads/ --format="%(refname:short)"
$ git log --all --oneline --no-merges
$ git log --graph --all --decorate --stat --date=iso
Best Websites a Programmer Should VisitSome useful websites for programmers.
When learning CS there are some useful sites you must know to get always informed in order to do your technologies eve and learn new things. Here is a non exhaustive list of some sites you should visit, this list will get updated as soon as I can get another link, but you can also contribute by adding those you know π
No self respecting developer will tolerate writing out the same commands over and over.
With Jekyll building the static files, I needed a way to:
After manually running shell commands and manually editing files, I had to automate the workflow.
I use sub to organize the various scripts that handle each part of the process.
First step was to create a template.md file with all the optional
Front Matter a post might need.
---
title:
# # Rest are optional
# categories:
# tags:
# permalink:
# excerpt: # Markdown description before the story
# description: # SEO `<meta>` description (requires an `excerpt`)
# header:
# image: # Path to the full image for the size (1280x...)
# image_description: # Custom `alt` tag
# caption: # Photo credit (can be written in markdown)
# teaser: # Path to teaser image (roughly 500x300)
#
# # Hero video image
# video:
# id:
# provider:
#
# # An image with text overlay and call to action button
# overlay_image: # Path to the full image size
# overlay_filter: 0.5 # opacity between 0.0 and 1.0 (or full `rgba(255, 0, 0, 0.5)`)
# cta_label: # Call to action button label
# cta_url: # URL the call to action button goes to
# overlay_color: # Can be used rather than `overlay_image` as #ccc
#
# NOTE: https://mmistakes.github.io/minimal-mistakes/docs/helpers/
# https://mmistakes.github.io/minimal-mistakes/docs/utility-classes/
---You’ll notice that only title is required. Everything is commented out.
Also, there’s no date attribute since this is a draft.
When I begin writing a draft I run:
site draft whatever-the-post-slug-will-be
which runs:
#!/bin/sh
set -u
set -e
cp _drafts/template.md _drafts/${1}.md
exec $EDITOR _drafts/${1}.mdA simple script to copy the template into the _drafts/ folder with the slug
name and then fire up my editor (NeoVim.)
Jekyll can preview drafts on the localhost. I run:
site serve
which executes:
#!/bin/sh
set -x
set -e
jekyll serve -D --watchin a separate tmux pane. Jekyll is configured to watch for changes and rebuild the draft for preview.
Once I’m happy with a draft it’s time to publish it (meaning promoting it from
_drafts/ into _posts/.)
site publish whatever-the-post-slug-will-be
Which runs:
#! /usr/bin/env ruby
#
# Copy the file from the drafts folder, add the current date, and update the
# filename. Remove any commented out lines from the front matter.
#
now = Time.now
draft = File.basename(ARGV[0], '.md')
draft_filename = File.join('_drafts', "#{draft_filename}.md")
post_filename = File.join('_posts', "#{now.strftime('%Y-%m-%d')}-#{draft}.md")
post = File.open(post_filename, 'w')
state = :start
open(draft_filename).readlines.each do |line|
if (state == :start || state == :in_front_matter) && line =~ /^---/
post.puts line
if state == :start
post.puts "date: #{now.strftime('%Y-%m-%d %H:%M:%S %:z')}"
state = :in_front_matter
else
state = :body
end
elsif state == :in_front_matter && (line =~ /^#/ || line =~ /^\s$/)
# Skip all the comment lines in the front matter
next
else
post.puts line
end
end
post.close
File.unlink(draft_filename) if File.exist?(post_filename)This Ruby script:
date attribute to the Front Matter_drafts folder to the _posts folder and
prefixes the current date to the file.With everything ready, it’s time to deploy the changes to the [site]({{ .Site.BaseURL }}). One last script:
site deploy
running:
#!/bin/sh
$_SITE_ROOT/bin/site build
rsync -crvz --delete-after --delete-excluded _site/ wormbytes:/var/www/wormbytes.ca/First we build the site:
#!/bin/sh
set -u
set -e
jekyll buildand then copy the _site/ directory up to the DigitalOcean production
server, deleting any files that have been removed and updating any new files.
My brother-in-law asked me what podcasts I’m listening to and I didn’t have a good way of giving him my Overcast subscription list (since it’s not easy to share an OPML export.) Below is my current (as of August 2017) subscription list.
I π’d my favourite shows.
Over the past week I’ve been putting this website back together (using Jekyll and Minimal Mistakes.)
It’s been an adventure.
Back in 2005, I built WormBytes using a custom built static website generator written in Perl’s Template Toolkit. After a couple of years I had moved on to Ruby and I stopped updating the site.
In September of 2009 my wife, Roselle Kaes, and I found out we were to be parents. I felt this should be documented so I resurrected the site on WordPress.
The WordPress site was a short lived experiment (less than eight months!)
That’s where the site sat until 2016 when the super old computer I was using as a server (a machine that used to run my ISP Flarenet and which had been sitting in my parent’s basement) finally died.
WormBytes as a web presence ceased to exist. :(
A former coworker at ePublishing, Christopher Coleman, asked me to publish some of the software development practises we’ve developed at ePublishing. It’s a brilliant idea, but I had no where to put the articles.
Until now.
Configuring nginx to use SSL certificates from Let’s Encrypt using the Webroot method isn’t hard, but there are a few steps to make it all work. We assume:
/var/www/example.comwww.example.com and example.com
if you want to support both domains.The easiest way to request a SSL certificate from Let’s Encrypt is to use
the certbot. The Certbot developers have their own [Ubuntu] software
repository with update-to-date versions of the software.
First add the repository:
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
You’ll need to press ENTER to accept the certbot repository.
Now install Certbot:
sudo apt-get install certbot
The certbot Let’s Encrypt client is now ready.
Let’s Encrypt uses a challenge system to ensure the domain for which the SSL
certificate is about to be issued is controlled by the requester. To avoid
duplicating the logic in every virtual host configuration (as we’re setting up
both example.com and www.example.com) we’ll create a snippet.
sudo mkdir -p /etc/nginx/snippets/
Create /etc/nginx/snippets/letsencrypt.conf containing:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
Create the ACME challenge folder (as referenced above):
sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
We need to create the server specific dhparam.pem file. This will take
a while:
sudo apt-get install openssl
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Now, within /etc/nginx/conf.d we’ll create the global SSL settings. Create
/etc/nginx/conf.d/ssl.conf containing:
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
# Use the "Modern" cipher suite recommended by Mozilla
# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
ssl_ciphers
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
# Enable HTST to ensure communication is only over SSL
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;
preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
As we don’t have any SSL certificates yet, we need to configure our domain to
respond to the ACME challenges. Assuming your nginx virtual server
configuration is at /etc/nginx/sites-available/example.com.conf add:
include /etc/nginx/snippets/letsencrypt.conf;
between your server { ... } blocks.
Enable the site:
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
And then reload nginx:
sudo systemctl reload nginx
Request the certificate (don’t forget to replace with your own email address):
certbot certonly --webroot --agree-tos --no-eff-email --email YOUR@EMAIL.COM -w /var/www/letsencrypt -d www.example.com -d example.com
It will save the files into /etc/letsencrypt/live/www.example.com/
Note: The --no-eff-flag opts out of signing up for the EFF mailing
list.
Now that we have the SSL certificates, switch your domain to HTTPS. Edit
/etc/nginx/sites-available/domain.com.conf and replace the HTTP server
configs with:
## http://example.com redirects to https://example.com
server {
listen 80;
listen [::]:80;
server_name example.com;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://example.com$request_uri;
}
}
## http://www.example.com redirects to https://www.example.com
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.example.com;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://www.example.com$request_uri;
}
}
## https://example.com redirects to https://www.example.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
location / {
return 301 https://www.example.com$request_uri;
}
}
## Serves https://www.example.com
server {
server_name www.example.com;
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
# The rest of your previous HTTP virtual server configuration. Below is an
# example:
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Finally, reload nginx:
sudo systemctl reload nginx
Note that http://example.com redirects to https://example.com (which
redirects to https://www.example.com) because redirecting to
https://www.example.com directly would be incompatible with HSTS.
Certbot can renew all certificates that expire within 30 days. We’ll create a cronjob that automatically updates the certificates (and restarts nginx to pick up the changes.)
Let’s try a dry-run to ensure that everything is working:
sudo certbot renew --dry-run
Create /usr/local/sbin/letsencrypt.sh containing:
#!/bin/bash
systemctl reload nginx
# If you have other services that use the certificates add reloads here:Make it executable:
sudo chmod +x /usr/local/sbin/letsencrypt.sh
Edit the root’s cron:
sudo crontab -e
And add:
20 3 * * * certbot renew --noninteractive --renew-hook /usr/local/sbin/letsencrypt.sh
And that’s it! If all went well you should see your site at
https://www.example.com/!
Today I needed to prove that my Rails controller method deleted a cookie. After Googling for the answer (without success), I came up with the following.
Within your controller:
cookies.delete('cookie-to-delete')
In your controller spec you can check that the cookie was deleted with:
expect(response.cookies).to include('cookie-to-delete' => nil)
Rails sets the cookies to be deleted to a value of nil. By checking for the presence of both the cookie name with a value of nil, you can ensure your controller code deleted the cookie.
After 3 days and 15 final hours of labour, Natalie Elizabeth Kaes entered the world via C-section at 9:43am.Β We’re so excited to finally meet you!
Short post to serve as a reminder to myself!
Something I need to do often in my job is find out what hardware a particular server has installed.
The best tool I found for the job is HardwareLiSter. On a CentOS system simply do:
sudo yum install lswh
to install and then run:
sudo lshw | less
to see what you’re dealing with.