Rails 2.3 made a lot of changes in how requests are handled. Most (all?) of this has to do with its new support for Rack. Anyway, all of these changes left Rails 2.3 incompatible with the last version of the Limited Sessions plugin.
So, here’s a shiny new version of Limited Sessions to go with your shiny new version of Rails.
I’ve noticed an interesting trend lately: I’m having more trouble catching the various prompts and other such on my computer. I think it has to do with bigger screens.
It looks like this: when a friend sends me an IM or someone sends me an email, I don’t always notice. Sometimes it takes hours. I’m losing my ability to pay attention. I hate ignoring people, even unintentionally, so this is somewhat bothersome.
When I’m just in front of my little laptop screen, I don’t have as much trouble. But when I have things spread out across two screens and tons of windows, I miss things more often. It’s even more so when I don’t have the sound turned up.
This makes me wonder though, when things get busy or life just gets spread out, what else do we miss? How many of those things are even more important than a message from a customer or friend? How many of those things are messages from family, friends, customers, and so on? What should we be doing differently to pay more attention in places where it’s important?
Apparently Rails 2.1 has the nifty ability to throw a 500 Internal Server Error with the message “IP spoofing attack?!” under certain circumstances.
Unfortunately, those circumstances include a common Apache/Mongrel deployment and Yahoo’s crawler, Slurp, trying to index your site. It’s possible Apache/Mongrel isn’t required; I’m unsure.
The key is that Slurp includes both a Client-IP header (HTTP_CLIENT_IP by the time it hits Rails) and an X-Forwarded-For header (HTTP_X_FORWARDED_FOR). When both are present, Rails assumes something evil is happening and voluntarily dies. Neat.
Such a header can be relied on only if it was set by a trusted proxy. Otherwise, it’s hard to know if it was spoofed. The difficulty is for Rails to know which one, if any, was set by a trusted proxy.
I deploy Rails in a common Apache w/mod_proxy_balancer and Mongrel setup. Apache uses X-Forwarded-For natively, so that’s the one I want to trust. To make Rails happy, I’ve just told Apache to delete the Client-IP header if present.
Adding RequestHeader unset Client-IP to the virtual host configuration seems to do the trick.
This does require mod_headers to be enabled in Apache.
I updated my limited_sessions plugin to improve support for Rails 2.1. It should maintain backwards compatibility.
The change surrounds Rails 2.1’s new partial updates support. Basically, it’s turned off for sessions so the session is kept current and doesn’t expire if the user is active.
I was at Home Depot today trying to match paint colors for some exterior trim. I went to Home Depot because they have a self-service color-matching computer.
As I’m trying to use it, and getting rather poor results, a woman asks one of the clerks, “how well does this work?” He responded, “it’s just a toy.”
Why have something that doesn’t work and is just a toy—something not actually useful for your customers? It’s a breach of trust with those customers.
I did get help from another clerk, but I still left the store feeling a bit disillusioned with Home Depot. They obviously don’t care about me or their other customers—we’re just something to be fooled around with.
In business, it would be worthwhile to always ask, “is this actually useful or helpful to my customers?”
The phrase “for all your
Does that phrase seem meaningful to you? It doesn’t to me. Instead, it strikes me as filler—a way to have a phrase to print or speak when nothing else comes to mind or perhaps when no time has been spent to think of something more meaningful.
Spend some time coming up with something interesting to say or at least an interesting way to say it. If your words are only filler, they’ll just go in one ear and out the other — not exactly the desired effect.
classmates.com just sent me one of their usual spam^H^H^H^Hupdate messages. I’m struck today by the silliness of their current business model which is to hold data for ransom and require a subscription to get to it.
Supposedly I have a guestbook signing. However, they are requiring me to pay them to get to it. That’s dumb.
Here in 2008, data like that is free. I don’t pay to use facebook, linkedin, or any other of the myriad of social networks. Why should I pay classmates.com? I won’t and their data can rot — data I can’t see might as well not exist.
Maybe it’s time for classmates.com to rethink.
For a number of weeks now I’ve been fighting a Xen host (dom0) that’s been freezing up periodically. It’s been a complete freeze of the Linux kernel, dom0, all domU’s, everything. SysRq doesn’t work either.
Today I finally found a reliable way to reproduce it.
Today I needed to compile mod_xsendfile for OS X on Intel. The standard command for this,
apxs -cia mod_xsendfile.c
resulted in a module that was for i386 only.
Apache on Leopard (untested on Tiger) doesn’t appreciate this, throwing this error:
4/7/08 5:08:08 PM org.apache.httpd[ 15990] httpd: Syntax error on line 116 of /private/etc/apache2/httpd.conf: Cannot load /usr/libexec/apache2/mod_xsendfile.so into server: dlopen(/usr/libexec/apache2/mod_xsendfile.so, 10): no suitable image found. Did find:\n\t/usr/libexec/apache2/mod_xsendfile.so: mach-o, but wrong architecture
Turns out the solution is pretty simple. Just change the command to apxs to this:
apxs -cia -Wc,"-arch x86_64 -arch ppc -arch i386 -arch ppc64" -Wl,"-arch x86_64 -arch ppc -arch i386 -arch ppc64" mod_xsendfile.c
This will generate a fat-binary for all four current Mac architectures.
one of my pet peeves is a blog that doesn’t have links to view previous pages of content. it works like this:
something i’m reading has a link to some random blog. i follow it, find the article interesting, and wonder what else of interest might be on this blog. so, i go to the home page and start reading. typically i get to read 5-10 articles and then get to the bottom of the page.
first tip: if your blog only shows one or two articles per page, change it. i don’t want to click and wait that often — i’ll end up leaving.
at the bottom i frequently find, well, nothing. i’m looking for a ‘next page,’ ‘more articles,’ ‘older entries,’ or something of the sort. i am amazed at how often there’s nothing there. sometimes i simply close the window at this point. occasionally i scroll back to the top looking for the links there, although i almost never find them.
i have, on occasion, gone digging into the archives section. even then, it’s usually impossible to find a way to get to a substantial portion of older content. the site i was just at showed about 10 articles for a given month, then an incomplete list of links to some more articles from that month (including duplicate links for all the articles above). still no pager though.
lame. don’t make visitors work that hard to read your site. if your blog or other content-drive site doesn’t have the ability to easily page through older content, you’re losing readers. fix it.