Installing new fonts on Ubuntu

Normally I do all of my image manipulation on Windows with Photoshop as I am not a big fan of GIMP, so I’ve never had to install a new font before. Not immediately obvious but you can do it like so.

rl@bloodandguts:~$ sudo mkdir /usr/share/fonts/truetype/robl/
rl@bloodandguts:~$ sudo cp /home/rl/Desktop/HorsePuke.ttf /usr/share/fonts/truetype/robl/
rl@bloodandguts:~$ sudo fc-cache -fv
/usr/share/fonts: caching, new cache contents: 0 fonts, 3 dirs
/usr/share/fonts/X11: caching, new cache contents: 0 fonts, 6 dirs
/usr/share/fonts/truetype/robl: caching, new cache contents: 1 fonts, 0 dirs
fc-cache: succeeded

A solution to the pain of FBJS

I’ve been trying to develop a small Facebook application and FBJS is getting in the way somewhat. We have an existing application which we can easily plug in to Facebook with a few tweaks but sadly most if not all of our jQuery is completely useless.

Facebook add security re-jig all of your javascript into its own namespace by prefixing ‘applicationid_’ to each function and variable and then only allow limited access to javascript by means of implementing their own slightly modified version FBJS.

Unfortunately this means our jQuery flounders and we have to rewrite to get the same functionality. One potential saving grace is this little script that someone has come up with

Its a re-write of basic jQuery functionality in FBJS, so in theory you can just plugin your existing jQuery and it will just work. It hasn’t worked for me but I think I was being a little optomistic that everything would just magically work still I am going to keep on working with it to see what more I can get out of it.

ActiveRecord and getting the timing right

Have you ever with returning record that are depedndent on time based criteria. One of my last projects had a token based logging in system. A user clicked a login button, it created a token on a remote site and redirected the user away to the other site if the token matched and wasn’t out of date (more than 30 seconds old) then the user was logged in.

So we’d employ something like

Token.create(:token => 'something random', :expires_at => 30.seconds.from_now)

On the remote server we’d then attempt to recover the token

Token.find(:first, :conditions => ["token = ? AND expires_at < now()",  'something random'])

We then started to get problems with people just not being able to login. It didn’t take 30 seconds to redirect and recover the token from the database so what was going on.

The database server was on a different server to the web server which hosted both the Main site and the one that allowed token access. However the database server time was about 10mins behind the time on the webserver so Ruby’s and SQL’s now() or CURRENT_TIME() were returning the incorrect results.

At that point running ‘ntpdate’ to update the server time on the database server worked. But going back and fixing every instance of ‘now()’ was probably the smart move.

Token.find(:first, :conditions => ["token = ? AND expires_at < ?",  'something random',])

There’s a lesson to be learned from that, if you’re going to trust the time then it should be the same across all the servers you are using. But also if we are using an ORM to encapsulate SQL logic then stray into SQL at your peril as you may get unexpected results.

Development on a local machine whilst being publicly visible on the net

Just read a nice little tip in the “Developing Facebook Platform Applications with Rails”. If you’re working off a laptop in an office or at home and you want your app to be viewable on the public internet you don’t have to develop on a remote server. You can however use ssh to forward requests from a remote server (if you have one) over an ssh tunnel to your local machine.

Once minor addition to your /etc/ssh/sshdconfig

GatewayPorts clientspecified

and reload the config. Be very careful here, there’s nothing worse than changing your config and accidentally locking yourself out of your remote machine.

root@li38-149:~# /etc/init.d/ssh reload
 * Reloading OpenBSD Secure Shell server's configuration sshd

Now trying the following from your local command line.

rl@bloodandguts:~/project$ ssh -R :9000: sleep 99999

Accessing will now serve the application over the tunnel. Obivously your provider will need to allow the port you are trying to access available. Some ports are locked down by firewalls and so a little extra running around may be required.


I was under the impression that find_or_create_by worked like so…

Model.find_or_create_by_attribute('attribute, :other => '1', :stuff => '2')

But it seems its actually like….hmmzzz….when did that happen or am I going crazy.

Model.find_or_create_by_attribute(:attribute => 'attribute', :other => '1', :stuff => '2')

rspec and parameter filtering

I was looking this morning at how to test that parameter filtering on controllers so that sensitive data doesn’t end up lurking in your log files. ie. credit card numbers, passwords. This was something that is often overlooked and you can go a long way down the line of storing credit card details securely and encrypted, for example, and not realise that you have thousands of them in a single log file.

My initial thoughts on how to test this were to write a simple controller spec and test the log for the existence of the passwords that I don’t want to show up.

post :create, :user => { :pasword => 'kj123ert', :password_confirmation => 'kjl123ert' }

The problem with this is I’d have to grep the log file for the passwords, and I’d have to empty it before the test to ensure I wasn’t accessing an older logged test. Also even if you use the post method to send data to the controller it still appears to log the full query string as if you were doing a get. Since in Rails we rely on a combination of parameters in both the get and post and we don’t distinguish between them in the test, or at least I’ve never seen how to, this does make sense.

Processing FooController#index (for at 2009-05-18 08:48:20) [POST]
  Parameters: {"password_confirmation"=>"[FILTERED]", "action"=>"index", "controller"=>"foo", "password"=>"[FILTERED]"}
Completed in 8ms (View: 1, DB: 30) | 200 OK []

So another solution presents itself. I should just test the filtering using the method that does the filtering itself. Fortunately it wasn’t that difficult to track down.

Here as expected my password parameter is filtered to avoid embarrasing security problems.

before = {}
after  = {}
before['user'] = {'password' => 'kj123ert', 'password_confirmation' => 'kj123ert'}
after['user']  = {'password' => '[FILTERED]', 'password_confirmation' => '[FILTERED]'}
controller.__send__(:filter_parameters, before).should == after

Browser Versions

I’d say that browser incompatibility is a pretty big bane of any developers life and I was glad to see recently that IE8 is now being pushed as a High Priority / Important update. My current project is plagued by users that continue to use IE5/IE6 even though IE5 has come end of life and IE6 will not get any further updates from December 2009.

Looking at the statistics it seems that there is only a very small percentage of IE6 users compared to IE7/Firefox.

The statistics if taken on face value suggest the IE6 is going to disappear in the near future and as developers we can hope to be rid of it soon. However, this is not the whole story. Many of our users are using systems in Primary and Secondary schools who have little or no Systems Administration and rely on a teacher who may have owned a computer once and made the mistake of mentioning it and so have the enviable task of managing the school network with next to no experience.

For these users, we hope that the Automatic Updates get run and everything is upgraded. But the reality may be that they continue to use Windows 95 and IE5 for years to come and that this for this small percentage of IE6 users turns out to be 50% of our client base.

Myspace Developer Survey

Myspace are asking developers for feedback on their Developers platform. So if you’ve run into any bother, have any gripes, offer suggestions or want to praise them. This is the place to do it.

Day 10: OAuth, Rails and Myspace

Currently wrestling with verifying requests from Myspace. Found this same code on the Myspace developer forum and posted from Jarkko Laine on a the following Google group this hopefully this should be on the right tracks. It wasn’t working immediately.

I assumed that OAuth was purely for the remote server-side working as a client for accessing remote protected resources. It appears that you get oauth parameters passed through with the initial request to your iFrame when viewing a Canvas. This can be verified by the application server to ensure the incoming request is from Myspace and the ‘opensocial_viewer_id’ in fact relates to the Myspace user who is looking at your application.

CONSUMER_KEY = "xxxxxxxx"
CONSUMER_SECRET = "yyyyyyyy"

 require 'oauth'
 require 'oauth/consumer'
 require 'oauth/request_proxy/action_controller_request'  

  def oauth_required
    consumer =, CONSUMER_SECRET)

    begin do
        # return the token secret and the consumer secret
        [nil, consumer.secret]
      pass = signature.verify "Signature verification returned: #{pass}"
    rescue OAuth::Signature::UnknownSignatureMethod => e
      logger.error "ERROR"+ e.to_s

    render :text => "OAuth access denied", :status => :unauthorized  unless pass

signature.verify always seemed to always return false, after initially following these two threads thinking that the problem was because the signature was actually escaped incorrectly. This in fact is a problem that is resolved in 0Auth 0.3.2.

I realised it was my error entirely. I made an assumption that the ApplicationPlatform was purely for opensocial and MyspaceID was purely for OAuth/REST. So I was using entirely the wrong oauth key/secret. Having only two applications setup I didn’t notice the ApplicationPlatform also had OAuth keys and in fact you can use OAuth with it too…in fact you need to in order to verify the incoming requests.

I’ve simplified the code from above as not all of it is needed.

def oauth_required

  key     = 'xxxxxxxx'
  secret  = 'yyyyyyyy'

  consumer =, secret)

  verified = OAuth::Signature.verify(request) do
    [nil, consumer.secret]
  unless verified
    render :text => "OAuth access denied", :status => :unauthorized


More Myspace / Rails code examples,category,OAuth.aspx

ActiveRecord collection to_json fails

Really strange problem today, it appears that 1.1.3 has an issue. Upgrading to 1.1.4 fixed the problem.

>> Artist.all.to_json
ArgumentError: wrong number of arguments (2 for 1)
	from /usr/lib/ruby/gems/1.8/gems/json-1.1.3/lib/json/pure/generator.rb:300:in `to_json'
	from /usr/lib/ruby/gems/1.8/gems/json-1.1.3/lib/json/pure/generator.rb:300:in `json_transform'
	from /usr/lib/ruby/gems/1.8/gems/json-1.1.3/lib/json/pure/generator.rb:299:in `map'
	from /usr/lib/ruby/gems/1.8/gems/json-1.1.3/lib/json/pure/generator.rb:299:in `json_transform'
	from /usr/lib/ruby/gems/1.8/gems/json-1.1.3/lib/json/pure/generator.rb:272:in `to_json'
	from (irb):7