Category Archives: coding

PAM authentication for Ruby 1.9

Announcement

So, I’m happy to announce the availability of PAM authentication for Ruby 1.9.x, through the rpam-ruby19 gem. A couple of gems had existed for previous ruby versions, but 1.9 broke compatibility with all of those. After looking at the options, I decided that the the rpam gem was the best candidate for an update. It works really well on Linux (tested on Debian and Ubuntu), it’s simple to use, and there’s an authlogic plugin if you want to use rpam in your rails app.

Why?

I ran into a situation where I needed to use an approved “enterprise” authentication solution. My options were limited to Shibboleth, OpenID, SiteMinder, and ActiveDirectory. The first three involved a redirect to an ugly sign-in page; that was a no-go for a mobile app. So I decided to get creative. Using Authlogic + Rpam + Likewise to validate AD credentials created a seamless way to integrate into the environment, while leaving the look-and-feel of everything under my control.

Caveat

Using PAM for web authentication is ONLY a good idea for internal applications. Even then, you have to be careful. But if all potential users of your application are also potential user of your systems (i.e., AD/LDAP entities), it can be a decent solution.

P.S.

If you want the source, or would like to contribute, you can find it on my GitHub. It’s still a work in progress; it really needs tests and documentation. But it works, and might come in handy for someone, so I’m throwing it out there now.


TDD Hiring Practices – How do you evaluate a programmer?

I’ve been thinking a lot about hiring practices. How do you evaluate a potential employee’s programming skills? One popular yet (sometimes) controversial method is the use of coding quizzes. While I like this idea in principle, these quizzes can range from the absurd to the superfluous to the fascinating-yet-bizarre to the absolutely brilliant.

This suggestion is going to be very specific to my own milieu, but I think it can be abstracted easily.

One of my favorite learning experiences ever has to be Ruby Koans. It’s a set of failing unit tests that you have to figure out how to make pass. It’s fantastic, challenging (for the neophyte Rubyist), and enlightening.

I think this paradigm would be applicable to any TDD-oriented (and if you’re not, you should be) shop, because it tests both coding skill and testing proficiency. These aren’t the same thing, but both should be important to any hiring manager.

The other thing that comes to mind is Star Trek. Specifically, the Kobayashi Maru scenario (side note – it’s awesome that my browser and/or WordPress didn’t mark “Kobayashi Maru” as a misspelling).

For those who don’t know, the Kobayashi Maru was a no-win scenario, which Kirk managed to beat (the only time it was ever “won”) by reprogramming the computer. So you can test creative thinking, grace under fire, etc. by making some of the tests bad. If you’re into torturing applicants. It’s just an idea, not necessarily a good one, but if you’re a high-pressure shop, you might want to gauge that sort of thing.

This could happen on-site, or be sent to the applicant with a 24-hour window to submit the results.

Here’s how I think the protocol for this kind of test should go though:

  1. Timeboxed – You have a finite amount of time to complete this. It doesn’t have to be perfect, you don’t necessarily have to pass every test, we want to see how you think, how you prioritize problems to get the best results in the time allotted.
  2. Real-world – You’re not restricted as to resources. You can use Google, Stack Overflow, GitHub, whatever you want. In the real world, we try to see if we’re working on a solved problem before reinventing the wheel. I’m less interested in what you know than in whether you know how to find the answers to new problems efficiently.
  3. Honest – Be up-front about the problem. If the tests should be regarded as the source of all truth, say so. If the tests might be flawed, tell them. If you’re trying to test their ability to make that distinction, be honest. Tell them you’ll answer any questions they have unless you think it will bias the results. You want your programmers to have as much information as possible about the project you’ve just handed them, and you want them to be able to ask you the right questions about it. If they can do a better job by gathering information from the project manager, that’s a good thing.
I’ll disclaim this post by saying hiring practices aren’t part of my job. But I’ve experienced varying practices from employers and potential employers, and some of them seemed sensible, some seemed ridiculous, and some seemed like the people looking for a programmer didn’t even know what they were looking for.
I’m curious to see how various shops do this. How do you evaluate potential new hires? Do you quiz programmers? How?

(Programming) Language Wars

So, given my blatant Rubyism, why did I link this video? Well, the first reason, is that it’s funny as hell, and really well written. Even the Ruby-bashing is hilarious… and any community needs to be able to laugh at itself. Sure, Ruby is kinda the faux-hawked hipster of programming languages at the moment. It’s also popular and in the spotlight because it’s FRICKIN’ AWESOME!!!

What I think is more telling, though, is the way this video presents the arguments of the stalwart defenders of PHP, who are usually the first-line Ruby haters. The number-0 argument I typically here in defense of PHP is along the lines of, “more large-scale, successful web projects are built on PHP than any other stack.”

Really? That’s what you’re going to lead with?

More (lines of) large-scale, successful, production code in the world right now is written in COBOL than virtually any other single language.

So by the same argument, COBOL is the BEST language for application development, right?

The use of COBOL cripples the mind; its teaching should, therefore, be regarded as a criminal offense.  ~ Edsgar Dijkstra

Okay, Dijkstra had a gift for hyperbole, but I don’t think you could make the argument that COBOL has any place in the modern computing world beyond the maintenance of billions of lines of legacy code already in the wild.

I’m not equating PHP with COBOL, nor am I suggesting PHP doesn’t have its place. It actually has two places. PHP is great iff:

  1. You’re maintaining a large, legacy codebase written in PHP, or
  2. Your employer/client/whatever has mandated that you use a certain PHP framework for the project.

Now, my personal inclination to case (2) is that it’s time to find a new employer/client/whatever. But that’s just me. I had a point when I started writing this, and ended up kvetching about PHP… it’s like a lot of conversations I have.

The topic I was ostensibly leading up to was that of language wars, or more generally, any of the Holy Wars geeks get up to. Like the Deep Magic, the Holy Wars began in the Elder Days. The canonical Holy Wars are such esoterica as big-endian vs. little-endian, Unix vs. VMS, Apple vs. Microsoft, Vi vs. Emacs, and so on. But you can really substitute [my favorite language] vs. [your favorite language], and so on. Some of this is just geek personality flaws traits shining through, making a choice of text editor seem like a life-or-death decision. On the other hand, I think there’s something else going on here. When you see true vehemence from the community surrounding an established, accepted language/framework/environment toward a plucky little upstart, a number of things might be happening:

  1. The old guard are threatened by something about the plucky little upstart, be it market share, mindshare, or something else.
  2. The old guard are jealous of the people who get to work with the plucky little upstart, and would rather bitch than upgrade their skillset and move on.
  3. The plucky little upstart is actually a complete crock, but for some reason nobody notices and/or cares.

The attitude of (some) PHP coders toward Ruby is reminiscent of how people thought of Linux in the late 90’s. It’s cute and all, but not for real-world, mission-critical applications. Real Unix came from Sun or IBM (guh!) or SCO. And this was also when Microsoft was making their ungodly encroachment into the datacenter.

One of my favorite (like, saved to my favorites on Twitter!) tweets ever comes from David Heinemeier Hansson, the creator of Rails:

Tweet from DHH

There’s always that. If I may be permitted to switch Holy Wars for the moment: IT professionals who don’t actually like computers LOVE Windows on the server for this reason, in my opinion. First, it’s brainless system administration. Secondly, it’s constant system administration. Sure, you can do everything through a GUI, but secondly, you’re doing it all damn day. So you need an admin for every few servers you add to your infrastructure. compare this to Unix/Linux servers, where uptime is measured in years rather than days (hours?), and although configuration requires, um, I don’t know, expertise or competence or something, one admin can take care of 50, 100 servers, natch.

I kinda feel like there might be some similar ill-will coming from the PHP camp toward Ruby. I don’t mean to defame PHP coders as a group. There are some excellent programmers working in PHP. But at the same time, I look at blog posts like Where Did All The PHP Programmers Go?, and it makes me think… the bulk of the PHP code I’ve encountered in my life is of truly dismal quality. Like, Visual Basic spaghetti-code bad. It’s painful. Again, there’s good stuff out there… but it’s hard to find. With Ruby, on the other hand, I haven’t seen much truly bad code. I spend a lot of time clicking around Ruby projects on GitHub, and most of the code I find is pretty decent. Good, even. I don’t think ruby programmers are inherently better coders, but I do think that a language like Ruby makes it easier to follow good design principles, and harder to implement truly bogus crocks. whereas PHP lends itself immensely to bogus crocks (variable variables, anyone?)

This isn’t meant to be an objective comparison of programming languages. More of an extension of my previous thoughts on why I love Ruby so much, expanding more into the area of languages you really couldn’t pay me to work in, in this day and age. And thinking about why. If you feel strongly about languages (whether you’re a Rubyist or a PHP die-hard or none of the above), please tell me why in the comments.


BbWorld Transact

So, for those of you who don’t know, I work in the ID Card Services Systems team at Johns Hopkins University. Most of my (paid) development work involves creating a custom, (mostly) Ruby on Rails web interface to the Blackboard Transact transaction processing system. It’s pretty interesting work, adapting Rails/ActiveRecord to this proprietary database format to do all the things we want it to do. Sometimes it’s frustrating, especially with dealing with importing data from other departments’ maddening stovepipe systems, but, all in all, pretty rewarding. And then it all got exciting.

Last week, our team went to the BbWorld Transact conference at the Talking Stick Resort in Scottsdale, Arizona. Not only was it great fun to head out to the Southwestern desert in March, escaping the Mid-Atlantic doldrums, but it was a truly exciting and invigorating experience.

Sure, we were giving a presentation on the web app I’ve developing for the past seven months or so (read: 9,383,094 years of ASP development or 87 years of PHP development, subjective time), and that was pretty damn exciting. So was the response. People were crowding the table at our session collecting our business cards, hoping we could get permission to put this code up on GitHub (I hope so, too).

But what’s got me the most pumped was my experiences of the conference itself. Starting with a keynote from Bridgeworks, LLC, about “millenials” and the desire for connectedness, the conference delved into a new commitment to openness and transparency from Blackboard, which, as a developer, gets me psyched. There’s nothing like support from the vendor supplying the system you’re developing against.

We had some great meetings with the Transact product development team, as well as Sony‘s FeliCa team, and I haven’t been so excited about the code I’m getting (paid) to write in a long time. Already, we have proof-of-concept code in the works to do Twitter tweets and Foursquare check-ins via card swipes.

The coding is only going ot get sexier from here on out.


Why I love Ruby (part 2)

II was going to write a second installment, but I think DHH has said it all for me…


B’more on Rails

So I’ve been meaning to do it for a while, and tonight I finally made it to a B’more on Rails meetup. Damn, was it worthwhile. Jeff Casimir of Jumpstart Lab gave a presentation entitled “Fat Models Aren’t Enough,” and damn if it didn’t change my opinion about the ActiveRecord scope method… and give me some awesome refactoring ideas.

One of the best funny-because-it’s-true moments of the evening was this quote in big letters on the screen:

I don’t know how much more emphasized step 1 of refactoring could be: don’t touch anything that doesn’t have coverage. Otherwise, you’re not refactoring; you’re just changing shit.

It’s a quote from this blog post, which I highly recommend. (Thanks to Jeff for tweeting me the URL while I was writing this post.)

Anyhow, It’s late, and I can’t possibly recap Jeff’s great presentation (my notes are in the other room, and I’m lazy), but if you missed it, you’re in luck: he’ll be presenting on this topic at this year’s RailsConf, May 16-19 right here in Baltimore. Definitely check it out.


Why I love Ruby (Part 1)

So, it occurred to me that so far, my posts (both of them) have been pretty negative. So I thought today, instead of ranting about something I detest, I’d rave about something I love. And that something is Ruby. I looooove Ruby. I got into Ruby because of the Rails web application framework, but my love of Ruby goes so far beyond Rails. Let’s start with a quote from Yukihiro Matsumoto (Matz), the creator of Ruby:

For me, the purpose of life is, at least partly, to have joy. Programmers often feel joy when they can concentrate on the creative side of programming, so Ruby is designed to make programmers happy.

Ruby definitely brings the joy. Oh, does it ever bring joy. Have you ever coded in something like PHP or C++, and felt like you were fighting the language to accomplish your task? This common phenomenon is absolutely absurd. Tools should make the job easier. This bears repeating:

TOOLS SHOULD MAKE THE JOB EASIER!!!

I like tools that make the job easier. This is why I only use Unix-like operating systems, because they have many small, convenient tools that make life infinitely easier. I’ve never understood how people could assert that Unix (or Linux, etc.) isn’t user-friendly. It’s the most user-friendly OS that has ever existed… it’s just selective about who its friends are. But, back to Ruby.

Ruby knows exactly who its friends are: programmers. It’s the most programmer-friendly language I’ve ever worked with. It’s designed from the ground up to operate on the Principle of Least Surprise. What this means is that the irritating gap between what you want the computer to do and what you actually told it to do becomes a lot narrower.

Ruby was also developed slowly, and thoughtfully, from the ground up, using the best-of-the-best from multiple programming paradigms, and from the best-of-breed languages from each of those paradigms:

  • Smalltalk: Smalltalk was the first object-oriented programming language, invented by Alan Kay at Xerox PARC in the late ’70’s and early ’80’s. Ruby draws its pure-OO object model from the language that started it all, and this adds to the joy of object-oriented programmers.
  • Lisp: Probably the first full-fledged functional programming language, Lisp has a storied history of use in academia and the AI community. From Lisp, Ruby inherits its concepts of closures, lambda functions, and tail call optimization, which make it possible to do very function-oriented things in this pure-OO language… I won’t go into the guts of why tail-recursive functions are a Good Thing, or why closures add to programmer joy… but the guy who said “Ruby is like Lisp, but with syntax” wasn’t wrong.
  • Perl: Ruby has less of the Perl-paradigm than it has of the paradigms of Smalltalk and Lisp, but it shares much of the Perl-nature. Ruby has powerful text-processing and regex capabilities which were non-existent before Perl (don’t even bring up sed and awk). It also borrows some rather random things from Perl; Gems follow the CPAN paradigm to a degree, Ruby can handle shell one-liners much like Perl, and Ruby is actually great at most of the system administration tasks that Perl started to make easier in the late ’80’s. Procedural Ruby scripts even tend to look a bit like Perl scripts, but maybe that’s just because so many of them are written by old Perl hackers.

So, Ruby took the best concepts from the best of the best, and worked them into a masterpiece of language design. Compare the evolution of something awful like, oh, I don’t know, PHP.  Jeff Atwood of Coding Horror and Stack Overflow fame puts it rather well:

From what I’ve seen of it, PHP isn’t so much a language as a random collection of arbitrary stuff, a virtual explosion at the keyword and function factory. Bear in mind this is coming from a guy who was weaned on BASIC, a language that gets about as much respect as Rodney Dangerfield. So I am not unfamiliar with the genre.

PHP first emerged as a subset of Perl for embedding code inside of HTML, mostly. Think about that for a minute. Now think about Unobtrusive JavaScript, and the whole thrust of behavioral separation, getting the code OUT of the markup. Surely, we now realize that PHP was misguided from its inception? But this is beside the point. What PHP should demonstrate is that a programming language should evolve programmatically, not organically. PHP was never planned, it was just vomited upon the world as a mass of kludges and spaghetti code.

The development of Ruby was the polar opposite of this. Ruby was planned, designed for the sake of programmer joy. And programmer joy is, IMHO, derived from a few core experiences. I don’t claim this to be a comprehensive list, but some of those include:

  • Not having to re-invent the wheel every damn day: Ruby makes it a breeze to write re-usable code. If you find yourself violating the DRY principle while coding in Ruby, you’re doin’ it wrong.
  • Avoiding repetitive, unnecessary keystrokes: repetitive-stress injuries are an occupational hazard. If a language reduces the number of keystrokes you’re having to enter by an order of magnitude, that’s a Good Thing.
  • Principle of Least Surprise: I mentioned this earlier. Ruby’s core libraries follow class and method naming conventions fairly rigidly, so you know that a method anding in ? is going to return a boolean, and a method ending in ! is going to modify the object in-place. And this principle has been followed quite closely by gem (library) authors. So I know if I call @variable.foo?, it’s going to return true, false, or possibly nil, but not a String or Float or anything else.

This post has outgrown my intentions for it, and there are so many more resons to love Ruby, that I’m going to have to continue this later… look for Part Two soon.


    XML Sucks

    So, since the professed goal of this blog is to talk about software, coding, and related geeky things (I do reserve the right to be completely erratic and off-topic, however), I thought I’d start with a few of the things I’m most opinionated about… starting with something I hate: XML.

    Don’t get me wrong. XML has made it possible for clever people to do some very, very clever things that were much more difficult beforehand. I think the problem is developers who, having become comfortable with their XML hammer, decide that EVERY task involving serialization, data transfer, configuration, etc. is a shiny nail waiting to be beat into submission.

    It’s not.

    If you’ve ever had to support a legacy, vendor-supplied “solution” that has minimal, useless documentation, and found that the only place you can learn anything about what’s happening is by poring through megabytes of XML files that reference other XML files, that reference undocumented crap that was designed by a retarded monkey who learned XML only because he wanted to be employable after the Y2K COBOL rush… yes, this actually happened to me.

    I’m still in counseling.

    Now you’re probably about to comment, “Jason, don’t blame the tool for the incompetence of the one using it.”

    You’re partially right. But I can blame the tool for encouraging the attitude that leads to such incompetence. “XML is eXtensible! We can use it for anything! And why bother validating it, our code parses it just fine.”

    You validate it because several years down the road another coder is going to have to go through it by hand because it won’t parse on anything standards-based. You aren’t a sadist, are you? I mean, you’re obviously a masochist, you voluntarily work with COBOL and XML. But be nice to other programmers, at least. Where’s the solidarity?

    But, I digress.

    Maybe there was a time when alternatives to XML were far and few between. But that time is not now. Now we have YAML, JSON, and many other perfectly good formats for data serialization and configuration. Take the time to make life easier. Ask yourself, what is the simplest thing I can use to get the job done?

    Sometimes, you’ll have to use XML. That’s okay. Sometimes a hammer is the right tool.

    The rest of the time, you look like an idiot, sitting there banging away on screws.