leaps || bounds

Integration Testing in Python

noreply@blogger.com (Mike Leone) — Mon, 30 Apr 2012 00:19:00 +0000

Hey folks! Here's a presentation I did for the Providence Royal Python Society meetup this winter. It covers some of the currently-available integration testing tools for Python, as well as my own project, easy-integration.

Integration Testing in Python

View more presentations from Panoptic Development, Inc.

Web App Security: Django and the OWASP Top 10

noreply@blogger.com (Mike Leone) — Thu, 20 Oct 2011 16:24:00 +0000

Security threat: Neutralized.

At my company, Panoptic Development, we've built several applications for the healthcare industry. Since we often deal with sensitive patient medical data, web application security is a huge concern. Enter the OWASP Top 10, a collection of best practices for web application security.

What's OWASP?
From Wikipedia:

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

What's the Top 10?
From the OWASP Wiki:

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available....As you help us spread the word, please emphasize:
OWASP is reaching out to developers, not just the application security community
The Top 10 is about managing risk, not just avoiding vulnerabilities
To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

No Easy Answer

Make no mistake - robust security is the result of consistent, ongoing code review, infrastructure expertise, and a broad knowledge of web programming, not a one-time checklist. Still, when you're dealing with sensitive data, and especially when several organizations work on the same codebase, it's important to have mutually-accepted security standards.

Django: Frameworks to the Rescue
Full-stack web development frameworks like Django are great for helping a team manage security concerns. Let's investigate how Django's security features relate to the 2010 OWASP Top 10. If you need background information on the vulnerability types themselves, I included wikipedia links.

I should also stress that this isn't an exhaustive look into every possible security vulnerability; this just explores some of the most important ways that Django mitigates (or doesn't mitigate) major security concerns.

Code Injection: For most Django applications, the primary code injection risk is SQL injection. Django protects against SQL injection through its ORM abstraction layer, which automatically escapes input. Note that it's possible to perform raw sql queries with Django, any any such code should be manually audited for if it interacts with direct user input. Though raw SQL is needed occasionally, especially for optimization, it's generally a code smell in a Django application.

If your application interacts with any other backends, like LDAP, you'll want to investigate those third-party libraries separately. Client-side javascript is also mitigated through its templating system; see #2 below.
Cross-site scripting: Generally, the most important way to mitigate XSS is to prevent unescaped user input from making it into your application's rendered HTML. Django’s templating system facilitates this by automatically excaping all variable values. If you don't want to escape something on the front end, you have to explicitly tell Django not to escape it. In your code reviews, you can concentrate more on the few areas of your app where you don't escape user input.
Session hijacking: With the default Django SessionMiddleware, the framework doesn't allow any session data in the url. Session IDs are also stored as hashes, mitigating brute force attacks.

While you'll still want to ensure your code doesn't expose direct session data to the user in any way, Django makes it difficult to expose that information.
Insecure direct object references: Django has several mechanisms in place to mitigate IDORs. It provides a special "slug" field if you don't want to pass object IDs around as parameters. Django 1.2 also lets you explicitly name read-only fields in the admin, so you can prevent users from hacking together forms that alter protected data.

Note that you'll still want to manually audit your code to expose areas where users can access arbitrary object data, especially outside of the admin.
Cross-site request forgery: Django has built-in CSRF protection middleware, so it would be extraordinarily difficult for an attacker to maliciously submit a form to your site using an authenticated user's credentials.
Security misconfiguration: This is one item that is largely outside the domain of the web framework itself; it's more about the application's deployment environment. You need to keep up with Python security updates, Django security updates, and keep track of any third-party libraries you use for security updates. You need to disable ports/services you don't use, and more. With complex apps, this can be a huge job.

Fortunately, there are great, frequently-updated blogs for both the Python and Django core teams where you can keep track of security updates. It's also easy to follow security announcement lists for your web server (e.g. apache, nginx) or operating system to keep track of security updates.
Insecure cryptographic storage: If the only secure information you're encrypting is user password data, you're all set if you use Django's built-in user authentication. Django encrypts password data using SHA1 by default, but also supports MD5 and crypt out-of-the-box.

If your application directly stores or manipulates any sensitive user data, you'll need to audit that code manually. Fortunately, OWASP maintains a great cryptographic storage cheat sheet to help you along the way.
Failure to restrict URL access: Django has great built-in support for restricting access to specific content. Access is always controlled at the view level, before anything is rendered. You're able to restrict access for specific actions or for entire views. Note that you'll still want to audit each url/action in your app to ensure that you're restricting access the way you intended. It's easy to miss a @login_required decorator or forget to lock down an AJAX action.
Insufficient transport layer protection: In many cases, strong transport layer protection means using SSL. Though this falls outside the domain of Django itself, the framework does provide some help: Django supports the secure cookie protocol (PDF link to research paper), and also allows developers to force the use of secure cookies over HTTPS.
Unvalidated redirects and forwards: Because of Django's robust, built-in URL access restriction (see #7), it would be very hard for an attacker to take advantage of unvalidated redirects. Again, since access is handled at the view level, you can't [easily] redirect users to a different url on your site without access control.

Additionally, Django's built-in user authentication system doesn't allow off-site redirect links as url parameters. Note that you'll still want to audit your code for any manual use of redirect links in URL parameters.

Redmine-lite Released

noreply@blogger.com (Mike Leone) — Mon, 04 Apr 2011 22:41:00 +0000

I recently released redmine-lite, an easy-to-install fork of Redmine 1.0.3-stable, a project management and issue-tracking tool.

Redmine-lite has smart conventions that help you set up your instance quickly and painlessly. In fact, you can set it up and deploy it on your server in under five minutes. Out of the box, it's set up to use the sqlite database, the thin web server, and Gmail for outgoing messages.

Redmine-lite is ideal for developers whose organizations require them to host issue-tracking software locally, but don't have much time to set up and administer a system. Redmine-lite was the result of an enterprise client project. At the time of writing, we're using this for a project with about 8 users, and it's currently tracking about 2-300 issues.

Check out the 90 second screencast!

Dependencies: git, bundler, rvm.

MagicRuby Roundup

noreply@blogger.com (Mike Leone) — Wed, 16 Feb 2011 00:10:00 +0000

Last week, I attended the MagicRuby conference in Orlando. Aside from all the content in the talks, I learned three important things:

Rubyists are always trying something new and interesting.
Disney World is a great place to hold a conference.
Orlando has a fun and enthusiastic Ruby community!

I saw a lot of great talks at this conference. I'm attempting to condense 30+ pages of notes into only the most important information. I'll tell you (a) where to find slides/video, (b) who I think should check out each talk, and (c) what I think the most important points are.

This doesn't include every talk, but it includes most of them.

----------

Cultivating Cucumber (Slides)
Les Hill, Hashrocket

Who should check it out?

Developers interested in improving TDD and BDD practices.
Developers unsure of whether to use Cucumber.

Short take:

Great summary of the features of cucumber: Hooks, tags, steps, and more!
Good explanation of Cucmber's strengths (like the use of natural langage) and its weaknesses (like the need to maintain all those regexes)
Good discussion of best practices for organizing and refactoring cucumber suites.
I wish there was more discussion about the types of projects where cucumber is most useful.

----------

Geospacing Your Ruby (Slides)
Peter Jackson, Intridea

Who should check it out?

Developers of spatially-enabled apps
Developers working in government, urban planning or environmental modeling.
Database Administrators (for those of you in the enterprise)
Geography/map buffs.

Short take:

Great overview of spatial terms, geometry, map types, etc.
Great overview of existing database and front-end tools for spatially-enabled apps.
Good suggestions for interesting spatial data to model and useful ways of displaying it.

----------

Loving your Customers, Loving your Peers (No slides available)
Alan Johnson, Carsonified

Who should check it out?

Technical people who deal directly with customers
People who want to improve the reputation of the Ruby community

Short take:

A "feel good" presentation, rife with humorous anecdotes and pop culture references.
A good reality check for developers who are quickly dismissive of non-ruby technologies, Microsoft, etc.
Lots of great suggestions on how to treat customers better, how to empathize with customers, and how to enjoy your job more.

----------

Code is not Enough (No slides available)
Gregg Pollack / Caike Souza, EnvyLabs

Who should check it out?

Entrepreneurs
Freelancers
Software development shop owners
Employees of small companies

Short take:

Good commentary on many important engineering management concepts: Setting expectations, delegating tasks, etc.
A good discussion on software development as a craft vs an art.
Good suggestions for developers, like "don't be afraid to ask for help" and advice on how to "get in the zone" while programming.
Great advice on creating a culture of learning at your organization (especially the "book club" suggestion)
Good insight into effective networking and "making friends rather than sales"
Asserted that developing a product for another company is more difficult than developing and launching your own product (I don't necessarily agree)

----------

Exceptional Ruby (Slides and More)
Avdi Grimm

Who should check it out?

Just about any Ruby developer.

Short take:

Good review of exception syntax and handling in Ruby.
Great discussion on when to use exceptions in the first place ("exceptions are for exceptional situations")
Review of many design techniques for handling and managing exceptions
Reviewed some common software design pitfalls related to exceptions.

----------

What happened to Desktop Development in Ruby? (blog post)
Andy Maleh, Obtiva

Who should check it out?

Developers interested in desktop applications
Developers interested in the current state of desktop application programming in Ruby.

Short take:

Great review of current desktop development frameworks: shoes, wxWidgets, Limelight, Glimmer
Excelent insight into what's wrong and what's right with each framework.
Great perspective on what makes a well-designed desktop app framework.

----------

Keynote (No Slides Available)
Dave Thomas, Pickaxe Author

Who should check it out?

Dave Thomas fans
Project managers and developers looking to improve software development methodologies.

Short take:

Great review of what it really means to practice "agile" development.
Insightful recursive algorithm for software development: Where do we want to be? Where are we now? How do we improve our position? Repeat.
Good use of a one-wheel balancing robot as a metaphor for prioritizing and executing incremental software changes.
Advocated the "ten second audit" for developers: Why am I doing this? Does it have to be done this way? Does it have to be done at all?
Insightful, humorous commentary on overzealous cucumber evangelists and constantly-changing tools in the Ruby community.

----------

Crank up your Apps with Torquebox (Slides and Video)
Jim Crossley, Red Hat

Who should check it out?

Enterprise developers who want to work with Ruby but must develop in a Java ecosystem
Developers challenged with building scalable, distributed web applications.

Short take:

Good overview of everything Torquebox: Configuration, JBoss, messaging, queues, processors, services, scaling techniques, and more.
Good discussion of use-cases for Torquebox, its performance, and potential future changes.

----------

How I Lerned to Stop Worrying and Love the Cloud (Slides)
Wesley Beary, Engine Yard

Who should check it out?

Developers currently using or interested in cloud-based infrastructure.
Anyone overwhelmed by the choice of cloud providers.

Short take:

Great overview of Fog, a vendor-agnostic cloud interface that works with many popular providers, such as EC2 and Rackspace.
Discusses many good use-cases for Fog.
Helpful, tutorial-style explanation of how to use Fog to interface with a cloud provider.

----------

Documentation is Freaking Awesome (Slides and More)
Kyle Neath, Github

Who should check it out?

Open-source authors.
Any developer who might, at some point in the future, hand off their project to someone else. :)

Short take:

Very straightforward, "common-sense" talk about why documentation will help your project.
Discussed many useful ways to improve documentation, covering everything from the README to RDoc to Yard to "Having an awesome web page."

----------

Please let me know if there are any errors, of if you can point me to any slides that are currently missing!

Oracle on Rails: Can Proprietary and Open-Source Play Nice Together?

noreply@blogger.com (Mike Leone) — Thu, 04 Nov 2010 15:54:00 +0000

We're starting a new enterprise Rails project at Panoptic Development (that's right, enterprise Rails), and we're using the Oracle database. Yes, we all know that Rails plays best with other open-source databases like PostgreSQL, but sometimes development teams don't have the luxury of choosing the database.

The upshot of all this? We'll hopefully be contributing some articles and open-source code to help other developers work with the proprietary, enterprise behemoth that is the Oracle database.

I've started with a quick fork of Raimonds Simanovskis' useful rails_3_oracle_sample application, adding some documentation that helped me get things started.

Raimonds seems to be working harder than everyone else to integrate Oracle with Ruby on Rails, so check out his excellent blog.

Most Rails developers work in small, agile teams without a dedicated DBA, and that's often quite different from the workflow in large organizations using Oracle. Here's one of Raimonds' presentations (from three years ago!) that helped get me into the Oracle mindset:

Using Ruby on Rails with legacy Oracle databases

View more presentations from rsim.

Stay tuned for more updates.

Turn your Android Phone Into a Remote Spy Camera with Ruby in 15 Minutes

noreply@blogger.com (Mike Leone) — Wed, 01 Sep 2010 03:45:00 +0000

It's been a great year for Ruby on Android, but no one knows it.

Sinatra running on a Motorola Droid

You can start writing Ruby apps for Android devices TODAY. You don't need to install any SDK, you don't need to install some giant Eclipse IDE, and you certainly don't need to write any Java.

Some of you may have heard of Ruboto, but Damon Kohler and the team at android-scripting have been quietly improving SL4A over the past year, adding tons of features and improving stability.

Scripting Layer for Android (SL4A, formerly known as Android Scripting Environment or ASE) brings scripting languages to Android by allowing you to edit and execute scripts and interactive interpreters directly on the Android device. These scripts have access to many of the APIs available to full-fledged Android applications, but with a greatly simplified interface that makes it easy to get things done... Python, Perl, JRuby, Lua, BeanShell, JavaScript, Tcl, and shell are currently supported, and we're planning to add more.

There's even support for distributing programs as APKs, so the implementation language and dependencies are totally transparent to users.

We'd love to run some simple Ruby scripts on Android, but what about running a complete, albeit simple, application? Will it work?

Most Rubyists use Ruby to build web applications, so let's run with that. Let's build a spy camera app, so I can figure out who's been stealing ink cartridges from our office. The app should (a) show me a snapshot of what the camera currently sees and (b) update that snapshot on demand.

We need a simple, lightweight ruby framework to use. Sinatra is very easy to use and should even be able to run on older Android devices.

Similarly, we need a simple, lightweight, pure ruby web server. WEBrick is pure ruby, part of the standard library, and fast enough to run on Android. Works for me!

First, let's work from our development machine (i.e. laptop). No need to touch the phone just yet.

Start a New Sinatra Project

But wait! What about Sinatra itself? We can't easily install rubygems on our Android phone, so we'll have to vendorize Sinatra and all dependencies and ship them with our application. Since we'll be running JRuby on Android, we can't use any libraries that have native C extensions or are otherwise JRuby-incompatible.

Make Directories for Gems and Snapshots

Vendorize your Gems

Create the App

Create a file called spycamera.rb in the project directory.

First, let's set some constants for the important directories in our application. When running apps under SL4A, we need to be very explicit about directory paths.

Let's update our load path, so JRuby can find our vendorized gems.

Next, we'll load Sinatra. We'll have to explicitly load rack first, to avoid uninitialized constant errors under SL4A.

Finally, we require the Android API interface, available under SL4A, and initialize an Android object. This will allow us to make API calls, like one that tells the camera to take and store a picture.

Now, let's create a very simple HTML template. The template should just display the latest snapshot, which we'll be saving to public/latest.png. If I click on that snapshot, it should take a new snapshot and refresh the page.

Finally, create a tiny Sinatra app that takes a picture, saves it, and renders the template.

Install (Deploy) The App

Now you can finally use your phone! Grab that Android device and install SL4A (r1 APK available here). Run SL4A, go to the interpreters menu, and install JRuby.

Once JRuby is installed, it's time to deploy your application to the phone.

Connect your phone to your development machine via USB, and simply copy the contents of your app to SL4A's script directory on your phone. There may be some sample ruby scripts left over from the SL4A install; you can delete them if you like.

Copying the project contents onto the deivice.

At this point, just run spycam.rb from SL4A and you're good to go!

Starting the Sinatra app from SL4A

Place your newly-activated spy camera somewhere, hide in your office/cube, start your web browser, and navigate to http://ip.address.of.phone:4567. You can do this from inside your local network via wifi, or, carrier permitting, over 3G.

Happy spying!

Further Reading

Check out my open-source project, Broadcast, on Github. It's a more refined, general-purpose embedded web app for Android. It allows for further remote monitoring and control, such as location tracking, remote text-to-speech, and remote file management over HTTP.

The source code for the spycam app is available on github here.

Check these out, too:

Broadcast Presentation at RIRUG

noreply@blogger.com (Mike Leone) — Tue, 24 Aug 2010 20:52:00 +0000

Slides are up from my August presentation at RIRUG. I'm really excited about this software; more posts to follow shortly!

Broadcast presentation

View more presentations from Panoptic Development, Inc..

Tutorial: My Fabric Presentation from RIRUG

noreply@blogger.com (Mike Leone) — Thu, 19 Aug 2010 06:18:00 +0000

Slides are up from my presentation during the June meeting of the RI Ruby Users Group!

Fabric: A Capistrano Alternative

View more presentations from Panoptic Development, Inc..

Custom Date Formats in the Django Admin

noreply@blogger.com (Mike Leone) — Sat, 27 Feb 2010 22:51:00 +0000

For better or for worse, subclassing Django components to add custom functionality is a common technique. The workflow usually goes something like this:

Subclass a django component
Override a specific method
Set some custom configuration options in the method
Call super()

For our Django 1.1 app, we needed to customize the behavior of a DateField so it would accept dates entered in the standard US format, MM-DD-YYYY, instead of the default behavior, YYYY-MM-DD. We'll create a new field called USADateField.

First, let's add a new module to our app, fields.py:

In fields.py, subclass the Datefield form, adding the MM-DD-YYY format to the tuple of default formats:

class USADateFormField(forms.DateField):
    def __init__(self, *args, **kwargs):
        kwargs.update({'input_formats': ("%m-%d-%Y",)+DEFAULT_DATE_INPUT_FORMATS})
        super(USADateFormField, self).__init__(*args, **kwargs)

Then, subclass the django model DateField to use the new USADateFieldForm:

class USADateField(models.DateField):
    def formfield(self, **kwargs):
        kwargs.update({'form_class': USADateFormField})
        return super(USADateField, self).formfield(**kwargs)

When you're done, your new module will look like this:

Finally, import fields in your models.py module and use it! Your model might look something like this:

class Appointment(models.Model):

    scheduled_date = USADateField(blank=True)

I like approaches like this, which push logic back into the models. The functionality would be tougher to test and maintain if we wrote custom front-end code for the field.

Fabric - A Deployment Tool for Rubyists and Pythonists Alike

noreply@blogger.com (Mike Leone) — Fri, 12 Feb 2010 19:03:00 +0000

If you're coming from the Ruby/Rails world, the industry standard tool for deployment is clearly Capistrano.

In some cases, though, using Fabric might make more sense. If you've got a simple web app and want to try something different for deployment, have a look at Fabric. It's a terse, lightweight Python deployment tool and a good alternative to Capistrano. Most importantly, it's SUPER EASY to learn and you don't need ANY Python experience.

I like how Fabric's tutorial shows a version-control-agnostic deployment pattern. The fabfile is part of the project we want to deploy, and whatever is in our project directory will be deployed. With this pattern, Fabric doesn't need any information about our version control system or repository.

For example, I use git for most of my projects.

If I'm running the master branch on my development machine and want to deploy master, I just run

$ fab deploy

What if I want to deploy my release branch instead of the master branch? I just do the following:

$ git checkout my-release-branch
$ fab deploy

Super easy. We can manage the code we're deploying with the tools already built in to our version control system; we don't have to implement those controls again with our deployment tool.

Installing Fabric on Ubuntu 9.10

$ sudo apt-get install python-setuptools
$ sudo easy_install fabric

Wow, that was easy.

Sharing Model Code via Modules

noreply@blogger.com (Mike Leone) — Thu, 15 Oct 2009 19:06:00 +0000

Recently, I worked on an embedded Rails application where there were two models representing network devices. The models were quite different, but nonetheless, both had host and name fields, and there was some shared functionality. Here's an example:

class NetworkVideoDevice < ActiveRecord::Base

require 'ping'

def responds_to_ping?

Ping.pingecho host, 1.0

end

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

class NetworkAudioDevice < ActiveRecord::Base

require 'ping'

def responds_to_ping?

Ping.pingecho host, 1.0

end

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

At this point, developers may be aware of the code smells. Maintaining the same functionality in two places is error-prone, hard to debug, and puts an unnecessary burden on developers. In the pre-Rails 2.0 days, I saw many developers using Single Table Inheritence to share functionality between models. As Rails developers' familiarity with Ruby increased, though, I've noticed developers taking advantage of Ruby's Modules for solutions to problems like this.

First, let's factor out the common method, responds_to_ping? into a module. Since this module will only be used by Active Record models, I'm going to put it directly in the app/models directory so I don't even have to require it anywhere. Now, the code looks like this:

# the newly-created module:

module NetworkDevice

require 'ping'

def responds_to_ping?

Ping.pingecho host, 1.0

end

class NetworkVideoDevice < ActiveRecord::Base

include NetworkDevice

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

class NetworkAudioDevice < ActiveRecord::Base

include NetworkDevice

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

Now, if we want to change that ping timeout from one second to two seconds, we only need to change it in one place.

This is a good start, but we can take our refactoring even further.

Sharing ActiveRecord Functionality via included and class_eval

We also do the same validation on some fields, and we have the same named_scope call in both models. Let's stick those in the module, too! Now, NetworkDevice looks like this:

module NetworkDevice < ActiveRecord::Base

require 'ping'

def responds_to_ping?

Ping.pingecho host, 1.0

end

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

But wait! Try to start your application, and it barfs! What happened?
NoMethodError: undefined method `has_many' for NetworkDevice:Module

Our NetworkDevice module doesn't know anything about ActiveRecord methods like has_many, so when Ruby tries to evaluate it outside the context of an AR::Base-descended class, it doesn't work.

The solution? use Module's included method and Class's class_eval method.

included, a class method available to modules, lets us defer funcionality until the module is included somewhere. We simply tell Ruby to evaluate some code in the context of the including class, which will descend from ActiveRecord::Base.

class_eval lets us define or call class methods on the receiver on the fly. In this case, we'll want to call some ActiveRecord::Base class methods, like named_scope.

Sound confusing? Let's see the new code in action:

module NetworkDevice < ActiveRecord::Base

require 'ping'

def responds_to_ping?

Ping.pingecho host, 1.0

end

# run this in the context of the including class:

def self.included(base_class)

base_class.class_eval do

has_many :live_streams

validates_uniqueness_of :host

validates_presence_of :name

named_scope :ordered_by_host, {:order => "host"}

end

There! The errors are gone, and all of our general network device code is in one place. Now, our code is easier to maintain, is less susceptible to bugs, and we'll probably even save our clients/employers some money in the long run.

Setting Up the Palm Mojo SDK on 64-Bit Ubuntu 9.04

noreply@blogger.com (Mike Leone) — Thu, 13 Aug 2009 20:05:00 +0000

I'll probably be buying a new Palm Pre next month. As such, I've been tinkering with webOS, Palm's new Linux-powered mobile platform, the Palm Pre emulator, built on VirtualBox, and Palm's Mojo SDK. The Mojo SDK lets developers create Palm apps using ubiquitous web technologies (HTML, CSS, JavaScript) so it's an attractive choice for web developers looking to get into mobile development.

Here's what I had to do to get everything working on 64-bit Ubuntu 9.04.

First, the Palm Pre emulator requires VirtualBox 2.2+. If you're already running version 1.x, included in the Ubuntu repos, uninstall it.

$ sudo apt-get remove virtualbox

Download and install the latest 64-bit version of VirtualBox from virtualbox.org. I found a debian package for version 3.0 here.

If you're upgrading from VirtualBox 1.x, you'll need to convert your settings.

$ VirtualBox --convertSettings

Next, you'll need to download and install the mojo and novacom packages as noted in Palm's setup instructions.

But wait, what's this? There are only 32-bit packages available! What should we do? Luckily, someone has already run into the problem. Read this excellent post from the "Tried It" blog here, and apply the author's script to both the mojo and novacom packages. At that point, they'll install successfully.

Now, you can finish following Palm's installation instructions. It's time to start buildin' apps!

Rails/Postgres Setup Gotchas - Ubuntu 9.04

noreply@blogger.com (Mike Leone) — Tue, 28 Jul 2009 21:09:00 +0000

I recently switched to Ubuntu 9.04 after using OpenSUSE- and Fedora-Based development environments for several years, and it's been great for both Rails development and general use. The defaults are well-chosen, hardware integration is seamless, and in general, the user experience is the best I've seen of any Linux distro. Still, the default Ubuntu install is missing many important development packages; I had to take a few unexpected steps to get a simple, Postgres-backed Rails project running under Ruby 1.8. Hopefully, documenting these steps will save time for other developers.

First, install basic ruby and rubygems packages:

$ sudo apt-get install ruby ruby-dev rubygems

If your app needs to make requests over SSL, install Ruby OpenSSL bindings:

$ sudo apt-get install libopenssl-ruby

SET UP POSTGRES AND DATABASES:
Install basic postgres packages. Note that some applications won't require postgresql-contrib:

$ sudo apt-get install postgresql postgresql-8.3 postgresql-8.3-plr
postgresql-client-8.3 postgresql-client-common postgresql-common
postgresql-contrib postgresql-contrib-8.3 postgresql-server-dev-8.3

Install the postgres gem (tested w/ version 0.7.9.2008.01.28)

$ sudo gem install postgres

Initialize postgres. As your system's postgres user:

$ initdb -D /var/lib/pgsql/data
$ pg_ctl -D /var/lib/pgsql/data -l logfile start

Make sure postgres starts on boot. In Ubuntu, this should be done automatically for you, but just to be sure:

$ sudo update-rc.d postgresql-8.3 defaults
# System startup links for /etc/init.d/postgresql-8.3 already exist

As the postgres user, create a user for psql; answering no to all questions. This will probably be the user referenced in your database.yml config file.

$ createuser dbuser

In order to give the user privilages to run DROP DATABASE for commands like
rake:test, you may have to do the following in psql:

ALTER USER dbuser CREATEUSER;

Ruby-gcal is Released!

noreply@blogger.com (Mike Leone) — Mon, 11 May 2009 16:13:00 +0000

I just released my open-source Google Calendar library, ruby-gcal, on GitHub! Check it out here.

There are more features in the works, but for now, it allows you to add, update and delete multiple events with few HTTP requests using Google's batch processing API. When I have some more free time, I plan on releasing an "acts_as_google_calendar_event" sort of Rails plugin, so model objects corresponding to Google Calendar events can be saved to a database and synced with a GCal account.