Thought Palace

I hope some of you reading this are Ruby On Rails experts and have a moment to help me out …

The problem in a nutshell:

What Rails generator/plugin should I use to create a user account / login system, preferably with OpenID, in a new app?

The gory details:

I haven’t done any Rails work in quite a while. The app I was working on was circa Rails 1.0. I’ve now updated all my gems so I have Rails 2.0.2. Of course the app doesn’t work: it crashes and burns immediately with Ruby errors in the generated code. Not surprising since I’m sure a lot has changed since 1.0.

So I thought I’d start over by generating a fresh Rails app, and then start moving pieces of my app over. But I’m immediately stuck at the first step, setting up a user account/login system.

(Which is a hurdle every newbie runs into, right? Because nearly every web app needs this, but it’s strangely the one area where DHH, the Man With An Opinion On Everything, didn’t have enough of an opinion to settle on a standard account system. So instead, chaos reigns.)

What I’ve done so far is —

1. Looked in my brand new copy of [...]

I don’t want to make a habit of replying on my blog to posts on other blogs, because (a) it’s dorky in an autistic way, and (b) it only encourages the annoying practice of blogs that stick their fingers in their ears.

But I’ve seen a couple of references now to Dean Allen’s complaint about sites that offer multiple RSS feed formats, but no place to post a comment about it; and since it directly relates to my past job monkeying with feeds, I feel like I should answer.

There are two reasons why a web page would link to multiple feeds.

To support feed-readers that don’t understand every format. The XML-syndication-format field has a totally ludicrous history of incompatible versionitis, and the only format that’s actually sanely designed (Atom) is new enough that for a while some major clients, such as BlogLines, didn’t support it. So it’s reasonable during such a transition period to generate both formats.
Because there might be feeds with different content. Some sites offer headlines-only feeds and full-content feeds. Some blogs offer a feed of all the comments on one post, as well as the usual feed of all the posts. Some wikis offer a feed of revisions of [...]

Continuing from Unstealthing, Incrementally…

I have many ideas for applications, but most of them seem to rely on similar kinds of infrastructure, in particular a distributed, secure application-level messaging system. Unfortunately, this doesn’t really exist yet, at least not in any form that meets my needs.

What am I talking about here? More colloquially, it’s a mechanism for letting applications all over the network send messages to each other, without requiring a central server, and without allowing messages to be eavesdropped upon or faked.

Let’s take it one buzzword at a time…

Distributed.

I don’t know about you, but I’m getting fed up with centralization. It happens because it’s the path of least resistance: buy a domain name, rent a server, buy more servers and stick a load-balancer up front as your user base grows. It’s solving problems by throwing hardware at them. The end result can certainly work fine, but too often it’s fragile: both technically (site goes down, ten million users get pissed off) and politically (just one domain for China to censor, one company for France to file lawsuits against.)

In social software especially, there’s an additional type of cultural fragility, since the owners, implementors and users of a big social site [...]

Cabel Sasser, of indie developer Panic, reports from Japan:

“Within minutes of riding on the first trains in Japan, I notice a significant change in advertising, from train to television. The trend? No more printed URLs. The replacement? Search boxes! With recommended search terms!” [*]

He goes on to note how common it is for people to type URLs or domain names into their browser’s search box instead of the address field. To American geeks this seems clueless, but Cabel points out that in Japan it makes more sense, since URLs are in a foreign alphabet, so search words are much more memorable.

First off, this instantly reminded me of two favorite jokes:

Homer Simpson, picking up the phone: “Operator! Get me the number for ‘911’!”

Scott Pilgrim, on finding out that the cute girl he saw at a party in Toronto works as a delivery courier for Amazon.ca: “Hey, Amazon.ca, that’s the online bookstore or whatever, right? … What’s the website for that?”

But seriously: This is another example of Zooko’s Triangle, which basically says “names cannot be global, securely unique, and memorable, all at the same time”. URLs are global and unique, but not memorable, especially not in Japan; search terms are global and [...]

Famous Hacker Paul Graham on his new LISP dialect, Arc:

“Arc only supports Ascii. MzScheme, which the current version of Arc compiles to, has some more advanced plan for dealing with characters. But it would probably have taken me a couple days to figure out how to interact with it, and I don’t want to spend even one day dealing with character sets. Character sets are a black hole. I realize that supporting only Ascii is uninternational to a point that’s almost offensive [...] But the kind of people who would be offended by that wouldn’t like Arc anyway.”

That last bit [emphasis mine] sort of flummoxed me. Is he saying that LISP only appeals to native English speakers?[1] Or that no one in their right mind would use LISP to write software for end-users?[2] Or maybe that internationalization is just some sort of abstract feel-good political-correctness issue, since none of those third-worlders even have computers anyway?[3]

He makes similarly eye-opening assertions about HTML, too. Arc has HTML-generating libraries, but they “just do everything with tables” instead of CSS. Why? Because apparently CSS-based Web designs are less agile than ones made out of tables. Somehow I don’t think most people who’ve done web [...]

There’s a fascinating post on DreamHost blog about how frustrated they are with trying to make Ruby On Rails work for their bread-and-butter market of shared web hosting. I’ve run into this intermittently ever since I first tried out Rails two years ago. It’s fun to develop in, it works great on my local machine, but it’s been impossible to get any Rails app to run correctly on my DreamHost-ed web site. I’ve been told by experts that you pretty much have to step up to an expensive virtual-server solution (although I just heard about HostingRails.com, which is quite cheap.)

As already pointed out in comments, this issue is not specific to Rails, or to Ruby. The same problems apply to any complex web-app (including Python and Java ones, and probably some of the larger PHP-based frameworks too) that has a large amount of set-up overhead. By running a separate app process you amortize the setup costs across large numbers of requests.

This is a more complex model than a simple CGI or mod_whatever, but it’s a straighforward engineering problem and there’s no reason it shouldn’t be workable in a shared environment, without having to make every user rent their own server. [...]

I finally made myself a Facebook account, mostly to see what it’s like. Overall, I’m pretty impressed: the UI is nicer than most such sites, particularly the still-antiquated LiveJournal and the disaster that is MySpace. The biggest issue there seems to be that the main profile page absolutely doesn’t scale up to handle the exploding number of apps/widgets people are stuffing into it, so you end up with mile-long profiles containing box after box of junk.

But the most interesting thing I noticed is how the service has no visible identifiers for user identities. Unlike most centralized services, there’s no unique username to pick. I assume that, internally, each account requires a unique email address, but that address plays very little role in the user experience, apart from its use in helping people find their existing contacts’ profiles. The service does assign a unique number to every profile, and this shows up in profiles’ URLs, but it never seems to appear in the page itself. So there’s no obvious way to say “this is my Facebook ID”, other than pasting in the completely non-mnemonic URL of your profile page. And conversely, the visible identifiers you see for other members are simply [...]

It was a great relief for Leopard to finally be finished, after more than two years of work. (And if you wonder why it took so long, consider some of the new products that have been released since Tiger shipped in May 2005: the Intel Macs, the Apple TV and the iPhone / iPod Touch. All of these contain system software that absorbed the attentions of significant subsets of the people who work on on OS X.)

And now, a few weeks later, it’s hit the streets. On Tiger Day in 2005 I helped out a bit at the Apple store in Santa Clara; that was fun, but tonight I stayed home because I’m recovering from a bad cold. Still, in between coughing fits, I can ring in the new OS by pointing out yet another little improvement, one that didn’t make it into the official Top 300 list.

#301: Safari RSS Article-Reading Improvements

You can now choose to leave new articles marked as “unread” until you explicitly mark them as read by clicking on them. This is more like other news-readers, and it’s good if you want to skim through bucketloads of new articles and read a few of them, but still [...]

This tale of woe is making me rethink whether I want to be running any PHP-based software on my website.

Yes, integer overflows happen to the best of us (even those of us who write popular algorithm textbooks), but I would hope that once one is pointed out, the people maintaining the code would have a clue about how to fix it.

Stuff like “if (size>INT_MAX)…” is funny, but I find it even scarier that someone would think the solution to integer overflow is to store potentially-huge byte counts in variables of type “float”. Which is apparently still being done in top-of-tree PHP.

[Hint: “float” is almost always 32-bit IEEE format with a 24-bit mantissa, meaning it can’t represent any integer larger than 223-1 (8 MB) exactly. And round-off error is the last thing you want when computing how large a buffer to allocate.]

By way of introducing my favorite hypertext, I have to digress a bit. Last March [2001] I had a particularly nasty flu for about three weeks, which ended up as a wretched dry cough. I couldn’t go one minute without coughing, and I had a horrible sharp pain in my ribs caused by a sprained chest muscle. One night I was lying on the couch (so I wouldn’t keep Diana up all night) trying in vain to sleep, and decided to look up exciting Drug Facts about various medications I was taking. Guaifenasin wasn’t very interesting (just an expectorant, toxic in large doses) but Dextromethorphan turned out to be fascinating stuff – chemically similar to opiates, it suppresses coughs but doesn’t bind to any opiate receptors. What the mainstream medical websites don’t tell you, however, is that it does have very potent psychedelic effects at large doses. I’d heard about people getting stoned on cough syrup and assumed it was just codeine, but no, DXM is quite odd stuff in its own right.

Disclaimer. I would never try high doses of Dextromethorphan myself and don’t recommend that you do. Not only does chugging cough syrup sound disgusting, but DXM can become [...]