Tag Archives: coding

PAM authentication for Ruby 1.9

Announcement

So, I’m happy to announce the availability of PAM authentication for Ruby 1.9.x, through the rpam-ruby19 gem. A couple of gems had existed for previous ruby versions, but 1.9 broke compatibility with all of those. After looking at the options, I decided that the the rpam gem was the best candidate for an update. It works really well on Linux (tested on Debian and Ubuntu), it’s simple to use, and there’s an authlogic plugin if you want to use rpam in your rails app.

Why?

I ran into a situation where I needed to use an approved “enterprise” authentication solution. My options were limited to Shibboleth, OpenID, SiteMinder, and ActiveDirectory. The first three involved a redirect to an ugly sign-in page; that was a no-go for a mobile app. So I decided to get creative. Using Authlogic + Rpam + Likewise to validate AD credentials created a seamless way to integrate into the environment, while leaving the look-and-feel of everything under my control.

Caveat

Using PAM for web authentication is ONLY a good idea for internal applications. Even then, you have to be careful. But if all potential users of your application are also potential user of your systems (i.e., AD/LDAP entities), it can be a decent solution.

P.S.

If you want the source, or would like to contribute, you can find it on my GitHub. It’s still a work in progress; it really needs tests and documentation. But it works, and might come in handy for someone, so I’m throwing it out there now.

Advertisements

TDD Hiring Practices – How do you evaluate a programmer?

I’ve been thinking a lot about hiring practices. How do you evaluate a potential employee’s programming skills? One popular yet (sometimes) controversial method is the use of coding quizzes. While I like this idea in principle, these quizzes can range from the absurd to the superfluous to the fascinating-yet-bizarre to the absolutely brilliant.

This suggestion is going to be very specific to my own milieu, but I think it can be abstracted easily.

One of my favorite learning experiences ever has to be Ruby Koans. It’s a set of failing unit tests that you have to figure out how to make pass. It’s fantastic, challenging (for the neophyte Rubyist), and enlightening.

I think this paradigm would be applicable to any TDD-oriented (and if you’re not, you should be) shop, because it tests both coding skill and testing proficiency. These aren’t the same thing, but both should be important to any hiring manager.

The other thing that comes to mind is Star Trek. Specifically, the Kobayashi Maru scenario (side note – it’s awesome that my browser and/or WordPress didn’t mark “Kobayashi Maru” as a misspelling).

For those who don’t know, the Kobayashi Maru was a no-win scenario, which Kirk managed to beat (the only time it was ever “won”) by reprogramming the computer. So you can test creative thinking, grace under fire, etc. by making some of the tests bad. If you’re into torturing applicants. It’s just an idea, not necessarily a good one, but if you’re a high-pressure shop, you might want to gauge that sort of thing.

This could happen on-site, or be sent to the applicant with a 24-hour window to submit the results.

Here’s how I think the protocol for this kind of test should go though:

  1. Timeboxed – You have a finite amount of time to complete this. It doesn’t have to be perfect, you don’t necessarily have to pass every test, we want to see how you think, how you prioritize problems to get the best results in the time allotted.
  2. Real-world – You’re not restricted as to resources. You can use Google, Stack Overflow, GitHub, whatever you want. In the real world, we try to see if we’re working on a solved problem before reinventing the wheel. I’m less interested in what you know than in whether you know how to find the answers to new problems efficiently.
  3. Honest – Be up-front about the problem. If the tests should be regarded as the source of all truth, say so. If the tests might be flawed, tell them. If you’re trying to test their ability to make that distinction, be honest. Tell them you’ll answer any questions they have unless you think it will bias the results. You want your programmers to have as much information as possible about the project you’ve just handed them, and you want them to be able to ask you the right questions about it. If they can do a better job by gathering information from the project manager, that’s a good thing.
I’ll disclaim this post by saying hiring practices aren’t part of my job. But I’ve experienced varying practices from employers and potential employers, and some of them seemed sensible, some seemed ridiculous, and some seemed like the people looking for a programmer didn’t even know what they were looking for.
I’m curious to see how various shops do this. How do you evaluate potential new hires? Do you quiz programmers? How?

BbWorld Transact

So, for those of you who don’t know, I work in the ID Card Services Systems team at Johns Hopkins University. Most of my (paid) development work involves creating a custom, (mostly) Ruby on Rails web interface to the Blackboard Transact transaction processing system. It’s pretty interesting work, adapting Rails/ActiveRecord to this proprietary database format to do all the things we want it to do. Sometimes it’s frustrating, especially with dealing with importing data from other departments’ maddening stovepipe systems, but, all in all, pretty rewarding. And then it all got exciting.

Last week, our team went to the BbWorld Transact conference at the Talking Stick Resort in Scottsdale, Arizona. Not only was it great fun to head out to the Southwestern desert in March, escaping the Mid-Atlantic doldrums, but it was a truly exciting and invigorating experience.

Sure, we were giving a presentation on the web app I’ve developing for the past seven months or so (read: 9,383,094 years of ASP development or 87 years of PHP development, subjective time), and that was pretty damn exciting. So was the response. People were crowding the table at our session collecting our business cards, hoping we could get permission to put this code up on GitHub (I hope so, too).

But what’s got me the most pumped was my experiences of the conference itself. Starting with a keynote from Bridgeworks, LLC, about “millenials” and the desire for connectedness, the conference delved into a new commitment to openness and transparency from Blackboard, which, as a developer, gets me psyched. There’s nothing like support from the vendor supplying the system you’re developing against.

We had some great meetings with the Transact product development team, as well as Sony‘s FeliCa team, and I haven’t been so excited about the code I’m getting (paid) to write in a long time. Already, we have proof-of-concept code in the works to do Twitter tweets and Foursquare check-ins via card swipes.

The coding is only going ot get sexier from here on out.


Why I love Ruby (part 2)

II was going to write a second installment, but I think DHH has said it all for me…


B’more on Rails

So I’ve been meaning to do it for a while, and tonight I finally made it to a B’more on Rails meetup. Damn, was it worthwhile. Jeff Casimir of Jumpstart Lab gave a presentation entitled “Fat Models Aren’t Enough,” and damn if it didn’t change my opinion about the ActiveRecord scope method… and give me some awesome refactoring ideas.

One of the best funny-because-it’s-true moments of the evening was this quote in big letters on the screen:

I don’t know how much more emphasized step 1 of refactoring could be: don’t touch anything that doesn’t have coverage. Otherwise, you’re not refactoring; you’re just changing shit.

It’s a quote from this blog post, which I highly recommend. (Thanks to Jeff for tweeting me the URL while I was writing this post.)

Anyhow, It’s late, and I can’t possibly recap Jeff’s great presentation (my notes are in the other room, and I’m lazy), but if you missed it, you’re in luck: he’ll be presenting on this topic at this year’s RailsConf, May 16-19 right here in Baltimore. Definitely check it out.


Why I love Ruby (Part 1)

So, it occurred to me that so far, my posts (both of them) have been pretty negative. So I thought today, instead of ranting about something I detest, I’d rave about something I love. And that something is Ruby. I looooove Ruby. I got into Ruby because of the Rails web application framework, but my love of Ruby goes so far beyond Rails. Let’s start with a quote from Yukihiro Matsumoto (Matz), the creator of Ruby:

For me, the purpose of life is, at least partly, to have joy. Programmers often feel joy when they can concentrate on the creative side of programming, so Ruby is designed to make programmers happy.

Ruby definitely brings the joy. Oh, does it ever bring joy. Have you ever coded in something like PHP or C++, and felt like you were fighting the language to accomplish your task? This common phenomenon is absolutely absurd. Tools should make the job easier. This bears repeating:

TOOLS SHOULD MAKE THE JOB EASIER!!!

I like tools that make the job easier. This is why I only use Unix-like operating systems, because they have many small, convenient tools that make life infinitely easier. I’ve never understood how people could assert that Unix (or Linux, etc.) isn’t user-friendly. It’s the most user-friendly OS that has ever existed… it’s just selective about who its friends are. But, back to Ruby.

Ruby knows exactly who its friends are: programmers. It’s the most programmer-friendly language I’ve ever worked with. It’s designed from the ground up to operate on the Principle of Least Surprise. What this means is that the irritating gap between what you want the computer to do and what you actually told it to do becomes a lot narrower.

Ruby was also developed slowly, and thoughtfully, from the ground up, using the best-of-the-best from multiple programming paradigms, and from the best-of-breed languages from each of those paradigms:

  • Smalltalk: Smalltalk was the first object-oriented programming language, invented by Alan Kay at Xerox PARC in the late ’70’s and early ’80’s. Ruby draws its pure-OO object model from the language that started it all, and this adds to the joy of object-oriented programmers.
  • Lisp: Probably the first full-fledged functional programming language, Lisp has a storied history of use in academia and the AI community. From Lisp, Ruby inherits its concepts of closures, lambda functions, and tail call optimization, which make it possible to do very function-oriented things in this pure-OO language… I won’t go into the guts of why tail-recursive functions are a Good Thing, or why closures add to programmer joy… but the guy who said “Ruby is like Lisp, but with syntax” wasn’t wrong.
  • Perl: Ruby has less of the Perl-paradigm than it has of the paradigms of Smalltalk and Lisp, but it shares much of the Perl-nature. Ruby has powerful text-processing and regex capabilities which were non-existent before Perl (don’t even bring up sed and awk). It also borrows some rather random things from Perl; Gems follow the CPAN paradigm to a degree, Ruby can handle shell one-liners much like Perl, and Ruby is actually great at most of the system administration tasks that Perl started to make easier in the late ’80’s. Procedural Ruby scripts even tend to look a bit like Perl scripts, but maybe that’s just because so many of them are written by old Perl hackers.

So, Ruby took the best concepts from the best of the best, and worked them into a masterpiece of language design. Compare the evolution of something awful like, oh, I don’t know, PHP.  Jeff Atwood of Coding Horror and Stack Overflow fame puts it rather well:

From what I’ve seen of it, PHP isn’t so much a language as a random collection of arbitrary stuff, a virtual explosion at the keyword and function factory. Bear in mind this is coming from a guy who was weaned on BASIC, a language that gets about as much respect as Rodney Dangerfield. So I am not unfamiliar with the genre.

PHP first emerged as a subset of Perl for embedding code inside of HTML, mostly. Think about that for a minute. Now think about Unobtrusive JavaScript, and the whole thrust of behavioral separation, getting the code OUT of the markup. Surely, we now realize that PHP was misguided from its inception? But this is beside the point. What PHP should demonstrate is that a programming language should evolve programmatically, not organically. PHP was never planned, it was just vomited upon the world as a mass of kludges and spaghetti code.

The development of Ruby was the polar opposite of this. Ruby was planned, designed for the sake of programmer joy. And programmer joy is, IMHO, derived from a few core experiences. I don’t claim this to be a comprehensive list, but some of those include:

  • Not having to re-invent the wheel every damn day: Ruby makes it a breeze to write re-usable code. If you find yourself violating the DRY principle while coding in Ruby, you’re doin’ it wrong.
  • Avoiding repetitive, unnecessary keystrokes: repetitive-stress injuries are an occupational hazard. If a language reduces the number of keystrokes you’re having to enter by an order of magnitude, that’s a Good Thing.
  • Principle of Least Surprise: I mentioned this earlier. Ruby’s core libraries follow class and method naming conventions fairly rigidly, so you know that a method anding in ? is going to return a boolean, and a method ending in ! is going to modify the object in-place. And this principle has been followed quite closely by gem (library) authors. So I know if I call @variable.foo?, it’s going to return true, false, or possibly nil, but not a String or Float or anything else.

This post has outgrown my intentions for it, and there are so many more resons to love Ruby, that I’m going to have to continue this later… look for Part Two soon.


    XML Sucks

    So, since the professed goal of this blog is to talk about software, coding, and related geeky things (I do reserve the right to be completely erratic and off-topic, however), I thought I’d start with a few of the things I’m most opinionated about… starting with something I hate: XML.

    Don’t get me wrong. XML has made it possible for clever people to do some very, very clever things that were much more difficult beforehand. I think the problem is developers who, having become comfortable with their XML hammer, decide that EVERY task involving serialization, data transfer, configuration, etc. is a shiny nail waiting to be beat into submission.

    It’s not.

    If you’ve ever had to support a legacy, vendor-supplied “solution” that has minimal, useless documentation, and found that the only place you can learn anything about what’s happening is by poring through megabytes of XML files that reference other XML files, that reference undocumented crap that was designed by a retarded monkey who learned XML only because he wanted to be employable after the Y2K COBOL rush… yes, this actually happened to me.

    I’m still in counseling.

    Now you’re probably about to comment, “Jason, don’t blame the tool for the incompetence of the one using it.”

    You’re partially right. But I can blame the tool for encouraging the attitude that leads to such incompetence. “XML is eXtensible! We can use it for anything! And why bother validating it, our code parses it just fine.”

    You validate it because several years down the road another coder is going to have to go through it by hand because it won’t parse on anything standards-based. You aren’t a sadist, are you? I mean, you’re obviously a masochist, you voluntarily work with COBOL and XML. But be nice to other programmers, at least. Where’s the solidarity?

    But, I digress.

    Maybe there was a time when alternatives to XML were far and few between. But that time is not now. Now we have YAML, JSON, and many other perfectly good formats for data serialization and configuration. Take the time to make life easier. Ask yourself, what is the simplest thing I can use to get the job done?

    Sometimes, you’ll have to use XML. That’s okay. Sometimes a hammer is the right tool.

    The rest of the time, you look like an idiot, sitting there banging away on screws.