Archive for the ‘Technology’ Category
Smibs on code: Upgrading to Git
Friday, August 14th, 2009A few days ago, our code repository server froze. Nothing a restart couldn’t solve, but this was the fourth time this month. The computer has been running continuously for a couple years, with a few developers constantly committing and pulling changes, uploading files, etc., and it had apparently had enough. Seeing this as an opportunity to fix up our development process a bit, I wiped the drives, and re-installed the OS.
The first thing I wanted to change was our code versioning system. Our office has been using Subversion (SVN) as our code repository for a couple years now. It’s done the job well, and has saved our butts on more than one occasion, but there were a few things I didn’t like. As I’ve mentioned in previous posts, I like moving around when I work; hitting a coffee shop in the morning, or taking my laptop to the local bookstore on a hot day. Subversion forced me to always have an internet connection to commit changes or make new branches. As a result, I would perform larger commits, or have branches pulling double duty, which is far from ideal. Further, setting up and maintaining the permissions with ssh and multiple developers is quite a pain on Subversion.
A few of our developers have used Git for some open-source projects, and we all quite liked it. We’ve been talking about changing for months, but we couldn’t justify the effort until we had to re-install everything anyways. We decided to use Gitosis to manage the Git server, setup the permissions, and manage users (good tutorial here). This proved to be fairly simple. I then imported all of our previous projects with git-svn with some help from this post. Next, our system was configured to send out a summary e-mail every time a developer pushed a change. Finally, I modified our deploy files so the servers read the code from our new Git server rather than our old SVN server. The entire process was completed in under two days.
While many of us had used Git before there was still a learning curve. I found a very useful guide called “Git Magic”. It starts off with the basics that all developers should know, but moves all the way to “Git grandmastery” in chapter 7.
Final thoughts:
Git has more of a learning curve than I expected, and is more complicated than Subversion — but it is so much more flexible, that I think it’s worth it. You can really use it however is best for you. For some developers, it won’t be much different than working with svn, but I’m really appreciating the differences. I read an interesting analogy comparing clones, branches, tags, etc. with multiple desktops, windows and tabs. The more options available, the longer it will take for a person to come up with the best system for them, but once they figure it out, they can really fly.
I would love to hear your thoughts on Subversion vs. Git (or any other systems you recommend for that matter). Why do you think one is better than the other?
Smibs visits Silicon Valley: The real-time web is coming on fast
Tuesday, July 14th, 2009Last Friday I flew down to San Francisco to attend the TechCrunch CrunchUp conference. This year the conference topic was ‘The Real Time Stream’. The conference was aimed to capture the opportunities and latest developments arising from the the rapidly growing amount of real-time data that is generated on micro-blogging services like twitter, friendfeed and soon facebook.
The conference was an excellent event for me. It gave me real insight about where the web is going next and on the seriousness and progress rate of the current developments. In the opening panel (video below) Ron Conway describes the real-time web as having multiple multi-billion dollar opportunities. He goes so far as to compare the current development with the early days at Google, when they still hadn’t figured out a business model and could only imagine what an impact Google would have on how we use the web today. Watch the video below for the full opening panel on ‘The Realtime Opportunity’ …
The day was packed with interesting panels and presentations and after getting an idea of how far people and companies are along in developing new platforms, tools and services, I have to say I am once again astonished. The world might be in a recession but Silicon Valley is bursting from the mass of innovation it’s producing, and its buzzing with people who will eventually turn that innovation into striving businesses.
I keep repeating myself but every time I am in the Valley I notice its biggest advantage in the tech sector: A huge amount of people who want to try new stuff – not just entrepreneurs but also consumers and businesses of all sizes. This results in new ideas getting traction early on. By the time the rest of the world notices a new idea like twitter already has a couple of million users, and the rest of the world watches as they reach critical mass.
TechCrunch put on a nice after party and I met a lot of people from last year and some people I have only met online so far. All in all it was a great trip that opened my eyes with regards to the next big wave of innovation. I look forward to taking the opportunities that come with it 
.
Oh, at the conference someone noticed that I didn’t wear socks in my business shoes so I had to explain my reasons on camera. Watch the third video under the ‘Channel’ button in the embedded video box below!
New technology is always fun!
Tuesday, June 23rd, 2009The new interface is up, and we’ve all had a chance to catch our breath from an exciting update. I thought it would be a good chance for me to talk about some of the neat technology that has been added to the Smibs Network and Doorbell.
This is what utilities look like with the new windowing system.
One of the more obvious changes are utilities. We’ve launched our first two: a message center utility, and a centralized task list. Both of these aggregate information across all your accounts, and let you work with that information from anywhere in Smibs via the navigation bar. This magic is performed by the windowing script I wrote about a few months back. You can drag, resize and adjust columns. We even carried over some tricks like holding down shift to select multiple messages. After working with desktop browsers, our interface should be really intuitive for users.
The next trick is less obvious, but even more useful. While Ajax is great for loading data from the server without reloading your webpage, the back button stops being useful. Doorbell used to jump back to the Dashboard when you pressed the back button. I am now proud to announce that we no longer suffer from this annoyance. Thanks to a handy tool called HistoryKeeper, we can now use JavaScript to add items to the browser history in the form of anchor tags. This may result in a messy url, but now Doorbell keeps track of your history for more that 4 items. Once you have browsed through several contacts, groups, or opportunities you can use the back button to search through a true history of your browser.
We’ve had a lot of fun building Smibs and Doorbell, and hope that you’ll have as much fun using them. Login, check it out, and let us know what you think. We love feedback.
TEC Venture Prize awards luncheon
Tuesday, May 5th, 2009
Despite what is often portrayed in the media, entrepreneurs are seldom “lone wolvesâ€. This point was made obvious when I attended theTEC Edmonton’s Venture Prize Award Luncheon, it takes a community to support and inspire innovation in an entrepreneur. Business leaders and representatives from Western Economic Diversification Canada, Alberta Research Council, Economic Development Edmonton, the University of Alberta’s School of Business, and many more were on hand to show their support for this program that “assists aspiring entrepreneurs to transform high-growth ideas into solid business plansâ€. On Thursday April 30, 2009 there were three finalists for TEC Venture Prize’s fast growth award CIE: Seek Your Own Proof, SmileSonica Inc. and Swiftclips Media Networks. The finalists were competing for more than $90,000 in cash and in-kind prizes. The pitches were polished and the presentations pristine, but when the dust settled Ken Bautista and Jason Suriano’s Seek Your Own Proof emerged as this years winner.
CIE: Seek Your Own Proof is an online community where kids ages 8-13 are challenged to investigate the extraordinary, unexplained and unusual side of science and history. As agents of the “Central Institute for Exploration”, kids work together to crack open the truth – completing missions, sifting through information, and moving up within the ranks of the agency. It “blurs the lines between entertainment and education, nonfiction and fiction, and the online world with the real worldâ€
The Student Business Plan Competition Award was given to Gordon Mckinlay and his company KennelSeek.com. KennelSeek provides boarding kennel/cattery management and online reservation services. Gordon walked away with $10,000.
Congratulations gentleman. Everyone here at Smibs wishes you continued success!!!
Smibs on Code: Filtering user data
Wednesday, April 29th, 2009There is a major security concern when it comes to displaying text provided by a user. Ruby on Rails does a good job of keeping your MySQL code sanitized, but web browsers are still a source of concern. It is VERY easy for a hacker to write HTML or JavaScript into a text field. You don’t want them to be able to execute arbitrary code on other users machines. It could do all kinds of nasty stuff, like reading the session key, sending it to a different server, and letting a hacker hijack your secure connection. It could scrape data off your screen or prompt you for additional data, in an attempt to get your credit card information. The point is, displaying user data without any kind of filtering is VERY bad.
XKCD - Exploits of a mom: A perfect example of not filtering SQL code.
The real question is when to filter the data. There are two trains of thought on this: filter the data right when the user gives it to you, before you store it in the database or store exactly what the user supplies and filter the data when it needs to be filtered.
Rails is designed more for the latter approach and there are a number of good arguments for post-filtering. It makes mass-assignment much easier (storing a large amount of data from a form into a database). More importantly, it lets you store exactly what the user wants to store. Obviously, you don’t want to be altering the users data. Depending on how the data is being read, it may not need to be filtered. An RSS reader is a perfect example of this. In the RSS stream you can display an unfiltered version of what the user entered, but a filtered version can be shown in the browser.
Despite these benefits, the method I eventually chose was pre-filtering data before it was stored in the database. This has better performance, because you filter once, and display the data many times. I still have various unfilter functions, which can restore the parts of the data we need in situations when we want an unfiltered, or partially unfiltered string. Finally and most importantly, I feel it is more secure. If your data is safe, you don’t have to constantly be remembering to filter when you are displaying your data. Doorbell and Smibs are large applications, with plenty of spots where you could forget to place the all important “h†in front of your variable. It just seems safer to me to store a string that can do no damage, and convert that to a dangerous string in the few instances when you need it, rather than the reverse.
In my next post I’ll go into the code and show how I implemented the pre-filtering in our applications.
______________________
What are your thoughts on pre-filtering vs. post-filtering? Did I miss any important points?
