Looks like we’ve got a little gift from the TextMate art crew today:

	Pretty nice, eh? While hanging around the TextMate IRC channel yesterday, there were quite a few different reactions to this, few of which I expected! Most people seemed to be pretty impressed that their favorite editor would pull out a treat like this on Hallowe’en. But some people thought it was a trick (Did some Rails-hater create a virus??) and others were offended by it. I suppose it could be taken as such, but in the end you have to try to receive things with the intent they were given–and this was all for the fun of it (ask Soryu!) Thanks, TextMate, for raising the bar for editors (once again)! Update: Here’s a link to Soryu’s blog about it.

Word has it that Ruby 1.8.5 and below (i.e. all versions of Ruby) have a security flaw in its cgi.rb file that will allow a remote hacker to cause your application to max out your CPU usage and essentially launch a denial-of-service attack with a single request.

There’s a nice write-up of it on Evan Weaver’s blog. According to Evan and Zed Shaw, Rails apps using mongrel and Litespeed are also affected. The original announcement from Zed is on the mailing list here.

Thanks to Pat Eyler for the tip-off.

So I’ve tried Ezra’s “ez_where” and InVisible’s “where” plugins, but in the end I just couldn’t get past the hackish feeling I got when I used them.

I liked the concept that Ezra built—trying to make a domain-specific language for a where clause in Ruby—but the result felt like a heavy-weight addition to a small but common problem. In addition, I had trouble memorizing which Ruby operators mapped to which SQL operators in fringe cases.

Using InVisible’s “where” plugin was a bit of a relief, as it was lighter weight and the mapping was more direct; however, in order to test for a condition in the case where the column is in another table, I had to resort to a “send” method, like this:

    c = InVisible::Cond.new do
      send("permissions.value", params[:role])
    end

Which isn’t all that bad, but the inelegant solution gnawed at me for a while. Finally, I decided to make a “simplest-case” Condition class by re-using Ezra’s Cond class. The final outcome looks like this, and feels more Rubyesque to me:

    @invitees = @book.permitted_users \
      :conditions => Condition.block { |c|
        c << [ "permissions.value", params[:role] ] if params[:role]
      }

As with the InVisible::Cond class, you can do things like this:

cond = Condition.new do |c|
  c << [ "first_name", "like", "#{prefix}%" ] if prefix
  c << [ "verified", true ]
  c << [ "created_at", ">“, 5.days.ago ]
end

cond.where
# => ["first_name like ? AND verified = ? AND created_at > ?", "dua%", true, "2006-10-18"]

users = User.find(:all, :conditions => cond.where)

My simple version of the plugin is available for download as a tar/gz file here.

Thanks to both Ezra and InVisible for their pioneer work!

There have been some noteworthy changes to the Rails code base recently. I thought I’d list some of them here to familiarize myself (and others) with them:

• You can now specify which plugins you want loaded, instead of having Rails assume you want to automatically load all plugins in the vendor/plugins folder. In config/environment.rb:
  

  config.plugins = %w[ textmate_footnotes acts_as_taggable ]
  

• Namespaced Models! It’s now possible (and has been for some time, I believe) to create models like this:
  

  class Admin::Tools < ActiveRecord::Base; end
  

  
  The above example would reside in app/models/admin/tools.rb.

  Update: This feature is in Rails 1.1—thanks to Matthias for pointing out how out of date I am
  

  I think I’m going to find that it’s a lot easier to keep large applications organized, given that good applications often break concepts up in to small and manageable classes in the domain.

  Note that you can also use this ability with non-active-record classes as well–it’s just as valid to create a model that connects with your LDAP server or loads text files from disk. Namespacing is good

• You can run your own script files on Unix-like systems like a real script, using script/runner. All it takes is adding the following shebang line (first line) to a ruby file:
  

  #!/usr/bin/env /path/to/my/app/script/runner

  This is similar to adding

  #!/usr/bin/env ruby

  to ruby files, but it gives you the whole Rails environment to work in as well.

• The content_tag and form_tag helper methods now support blocks. This means you can enclose a bunch of HTML or more eRB in a block, and it’ll close the tags automatically for you at the end of your block.
  

  <% form_tag :action => “create” do %>
  HTML and Text goes here.
  <%= submit_tag "Done" %>
  <% end %>
  

  
  Functionality is similar for content_tag:
  

  <% content_tag :span, :class => “title” do %>
    <%= @names.join(", ") %>
    <%= image_tag "link.gif" %>
  <% end %>
  

  
  Produces:
  

  George, Tom, Lisa 
  

• Some helpers have become deprecated:
  • start_form_tag / end_form_tag
  • link_to_image
  • link_to :post => true
  • others?

We (at FamilyLearn) have been using Amazon S3 for photo storage in our new system. The Ruby libraries are still a little young, so we run in to trouble occasionally.

For example, today I was unable to limit the number of keys returned from a bucket with the :max_keys option. As it turns out, the Amazon API expects “max-keys” even though Ruby syntax does not allow dashes in its symbols. This turned out to be a simple problem to fix:

@files = @@s3_connection.list_bucket(
  @current_bucket,
  :prefix => @prefix,
  :"max-keys" => 15).entries

There have been some great videos made available online recently regarding the World Trade Center towers. The first (which I highly recommend if you haven’t looked in to this stuff yet) is about Building 7, that 47-story building that fell in the late afternoon of September 11th. This one shows 3 or 4 different views of the building as it collapsed, with a comparison to other known demolition jobs:

WTC7 Controlled Demolition

Next up is video footage of a presentation by Kevin Ryan. Kevin is the chemist at Underwriter Labs who was fired for his making public a letter to upper management that questioned Underwriter Labs’ silence on several key points of its analysis of the World Trade Center structural steel. This video is an excellent and detailed wrap-up of the 4 government-sponsored studies of the towers’ collapses and how these studies have largely been pseudo-science up to this point. I was particularly interested to see that the 4 studies were each directed and authored by the same handful of scientists and engineers:

Kevin Ryan’s “A New Standard for Deception”

I’ve also been fascinated with a fun but instructional music video whose content is made up entirely of controlled demolition footage. Check it out:

Sonic Bomb

And finally, a newly released and never-before-seen home video of the twin towers from “Bob and Bri.” Their blog is here. They kept this video private due to the personal nature of this film:

What We Saw

Robert D. Steele, “former Marine Corps infantry and intelligence officer for twenty years and … the second-ranking civilian (GS-14) in U.S. Marine Corps Intelligence from 1988-1992,” [wikipedia] recently reviewed Webster Griffin Tarpley’s “Synthetic Terror: Made in the USA” on Amazon.com. In his review of the book, he reports:

It is with great sadness that I conclude that this book is the strongest of the 770 books I have reviewed here at Amazon, almost all non-fiction. I am forced to conclude that 9/11 was at a minimum allowed to happen as a pretext for war (see my review of Jim Bamford’s “Pretext for War”), and I am forced to conclude that there is sufficient evidence to indict (not necessarily convict) Dick Cheney, Karl Rove and others of a neo-conservative neo-Nazi coup d’etat and kick-off of the clash of civilizations (see my review of “Crossing the Rubicon” as well as “State of Denial”).

…

I sit here, a 54-year old, liberally educated, two graduate degrees, war college, a life overseas, 150 IQ or so, the number #1 Amazon reviewer for non-fiction, a former Marine Corps infantry officer, a former CIA clandestine case officer, founder of the Marine Corps Intelligence Center, and I have to tell anyone who cares to read this: I believe it. I believe it enough to want a full investigation that passes the smell test of the 9/11 families as well as objective outside observers. I believe it sufficient to indict Dick Cheney and other neo-cons. Sadly, the Executive is now in the service of corporations that benefit from high crimes and misdemeanors, rather than in the service of the American people who suffer great ill from these terrible mis-deeds.

As I’ve delved in to this new world of politics and events, I’ve become aware of some of my own shortcomings. For example, in one of my conversations with Jeff Moss the other day, I realized that I don’t know that much about PNAC, Israeli spy rings or even Dr. Steven Jones’ hypothesis about the World Trade Centers coming down by thermite.

I’m also feeling a little humbler today, having read Zach’s comment about my misunderstanding Jeff’s statement. I’m not sure how much I got right or wrong (perhaps Jeff can clarify), but I’m getting better at this “trying to understand the world” game. A lot of it starts inside, by trying to understand myself.

It seems to me that as we learn new things and try to teach others about what we’ve learned, a very powerful process takes place. I’ll call it the “maturity of influence”. Basically, what I’m finding is that we all have a strong drive to be “right”. Why? Well, one reason seems to be that we perceive our social influence to be directly proportional to our ability to make accurate predictions. We want others to trust us, and we know that they’re less likely to trust our predictions if past predictions have turned out to be false. In other words, we fight to be “right” because we perceive our social value and influence to be dependent on our “rightness”.

As everyone admits, however, we don’t know everything. As a consequence, inaccurate predictions by the best of us are inevitable. When such a failure occurs, we have two choices: admit it and move on, or deny it and try to protect our image. So far, I’m in the “admit it” category, and trying to remain there. I also feel strongly, however, that I’m in the “face it” category when it comes to truth. I have a deep desire to know what’s real, true, trustworthy, accurate etc. For this reason, I question a lot of issues of faith as well. Likewise, I’ve questioned a lot of issues related to contemporary American history. So far, I’m grateful for the opportunity and excited to continue.

With regard to my recent vigilant posts regarding 9/11, human rights and government responsibility, I hope you will continue to learn what you can from me. My promise is that I will try to synthesize what I can, report accurately and truthfully at all times, and most of all, admit I’m wrong when I know I’m wrong. God bless you all.

“Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?” — Patrick Henry, March 23, 1775, in a speech delivered before the First Continental Congress.

A friend of mine, Jeff Moss, with reference to the Military Commissions Act, recently made the following comment on my post, “Agree to Disagree, Even with that ‘Nutcase’“:

“Or is awaiting such determination” would only mean that anybody who claims to be a citizen but cannot (will not) present proof should be held until it can be determined whether or not they are a citizen. The feds could determine citizenship of a cooperative suspect in a matter of minutes. The alternative of releasing a dangerous person is more of a concern to me.

I could not disagree more with my friend.

Jeff is making a subtle assertion that non-citizens are to be considered guilty until proven innocent, while US citizens deserve proper trial by law. As a Canadian and lawful permanent resident of the United States, I find this logic to be absurd. As if my being born on the other side of the 49th parallel diminishes my rights as a human being, or has somehow tainted my nature so as to make me more deserving of criminal suspicion! Not only does this argument carve out an artificial and false sense of safety for American citizens, but it dilutes the very principles upon which America was founded.

Tyrany is much worse than terrorism. By a single act of violence, a terrorist can kill thousands. By a single act of law, a tyrant can enslave millions. Our forefathers demonstrated that they understood this when they signed the seditious Declaration of Independence. They were, in effect, rebels and terrorists to the state of Britain. And in the context of liberty, truth, and love of God, they acted bravely–even nobly.

It is for this same cause that I stand up to voice my concern and express my fears. If ever a day should come when Americans ask themselves, “How did we get here? How did we, the greatest nation on earth, fall from our lofty heights to become the most despised, most depraved of nations?” I hope in that day I will not be asking the same questions. I hope I will be wise enough to see now the danger as it rises. I hope, as always, that my choices in this moment can make a better world for my family and my community. I will serve no good purpose by keeping my eyes wide shut.

I’m sorry, Jeff, but your interpretation of the law does not reassure me in the least. And the American Civil Liberties Union also thinks your interpretation of the law is incorrect.

When Dave and I first developed FamilyAnywhere.com, we built it with the intent that some day we would hire a Real Designer to make it look like a professional site. For anyone who cares to make a visit right now, it definitely still looks like a couple of coders put it together—and that would be an accurate observation.

So my question to put to out there today is, are you a website designer or graphics guru looking for a side job? We’d love to talk to you. Drop me (Duane) a line at duane.johnson@gmail.com.