Yesterday, I talked about the first half of the first ever Windy City Rails conference that happened on Saturday at IIT. Tonight, I'll pick up where I left off with my summary of the presentations I attended.
Virtualization and Elastic Servers -- Yan Pritzker of CohesiveFT
The gist of this talk is that the Rails stack is not well known so why not let CohesiveFT handle deployment for you. It's a virtualization factory, that lets you put together a custom Rails stack and they can deploy and maintain it for you for as little as 10-15 bucks a month. Also, he pointed out that virtualization is a solution for your front end guys getting a working version. Which, having tried to get many a design person's computer up and running, I think is a pretty cool idea.
Ten Things I Hate About Web Apps by Micah Martin
Short list of things Micah hates about Web Apps:
- You need to know css, html, js, and the actual programing language just to get started.
- Html -- only 3 fonts to chose from
- Css is not implemented the same on browsers
- Multiple browser support
- The Photoshop dependancy (why should rounded corners and gradients be so hard?)
- The statelessness of http
- Flash/silverlight are not open source
- Ruby on Rails -- a pretty mask on top of the ugliness
His solution is Limelight -- A platform for writing rich ruby apps. It's all Ruby all the way down. He showed off a simple demo of how easy it is to create apps with Limelight. Then he showed a tower defense video game his brother wrote using Limelight. It looked pretty cool, but it's very audacious to propose a new platform.
Slight of Hand for the Ruby Man by Aaron Bedra, Relevance
I missed a bunch of this presentation 'cause I'm a dumbass. The cool thing I did manage to see is "the-inspector" which is a gem that can tell you where some monkey patcher has redefined a method. So you can call this:
Very cool. Check it out at: http://github.com/spicycode/the-inspector
The Morph App Space lightning talk was next.
Morph can help you deploy RoR in five minutes, it's fully managed, and elastically scalable for $1 a day.
Rails Security by Aaron Bedra, Relevance
Aaron talked about using Tarantula to crawl your app and attack it. It's particularly good at finding cross site scripting and sql injection attack vulnerabilities.
There are a number of solutions to preventing cross site attacks (aside from remembering to use 'h' everywhere):
His general recommendations for security:
- Keep your framework up to date
- Build security from the ground up
- Audit your code
Test Last Development -- Noel Rappin, Pathfinder
Regular TDD is Red-Green-Refactor and yet it often goes wrong and Noel spent some time talking about typical ways in which it does.
- People often skip the refactor step -- he calls this test driven mess as TDD is supposed to be about design
- Data driven testing -- fail the test, get the output, then put into test
- Code then test -- Which useful in exploration, but it's easy to slip. It also leads to coverage gaps
- Test last development -- when you check in without tests and then later try to wrap tests around your code.
Noel uses two coverage suites:
- One models only
- And the other is everything else
He does this because controllers hit models a lot so they can hide lack of model coverage in tests.
Generally, I had a great time at Windy City Rails. I think Ray Hightower and everyone involved did an amazing job pulling this together.