AOL giving out AIM screen names based on an email address?

Thursday, Sep 20, 2007 @ 12:01 MDT

it seems that aol has decided to start giving out your aim name — based solely on an email address.

i’m not sure when this started happening, but i will describe how to see and confirm the behavior.

this is a very bad move on aol’s part. when an aim account is created, the user is supposed to provide a valid email address. this email is used to confirm the account (an optional step) as well as facilitate forgotten passwords, etc. that email was provided to aol with the understanding that it would not be shared. this new behavior is a breach of that trust.

new limited_sessions plugin for rails

Wednesday, Sep 19, 2007 @ 19:52 MDT

it’s time to announce my second plugin for ruby on rails, limited_sessions.

it’s been publicly available for several days, so i guess it’s time that i actually talk about it.

this came out of a need to manage sessions more intelligently than rails does by default. all of these is built as an extension to ActiveRecordStore, so sessions must be stored in the db. features:

configurable, server-enforced session expiry time (eg: 2 hours from last access)
optional hard limit on session from login time, regardless of access (eg: 8 hours from login)
ability to tie session to user’s IP or /24 subnet
auto-cleaning of expired sessions from db without an external script or other helper

as usual, details are on the project page.

9 comments

http status codes for rails

Wednesday, Sep 12, 2007 @ 12:05 MDT

the restful scaffolding generator for rails uses various http status codes when sending results back to the client.

i was adding some additional methods and wanted to use status codes myself, so i went looking for a list of them. i didn’t readily find it in the docs and ended up looking through the source to action controller.

they’re stored in this array:

ActionController::StatusCodes::SYMBOL_TO_STATUS_CODE

type (or paste) that into script/console and you’ll have the full list (which is quite long).

0 comments

reading sessions in rails

Tuesday, Sep 4, 2007 @ 17:55 MDT

in ruby’s CGI::Session module, sessions are stored as a block of seeming junk, like this: “BMZWRlcm1hbiBCb25kaW5nIENvb”. it’s actually an encoded format which is all well and fine until you need to read something out of it for debugging purposes.

if you are using rails’ ActiveRecordStore, the contents of a session can be read fairly simply. since this relies on an AR model called Session, which your app most likely doesn’t have, we’ll create that too.

so, fire up 1script/console and input the following:

1class Session < ActiveRecord::Base ; end
2CGI::Session::ActiveRecordStore::Session.unmarshal(Session.find(:first).data)

that will dump the contents of the first session. :first can be replaced with any valid option to AR’s #find method.

dump all of the sessions with something like:

1Session.find(:all).collect {|s| CGI::Session::ActiveRecordStore::Session.unmarshal(s.data)}

0 comments

apache, mod_proxy_balancer, and mongrel

Friday, Aug 24, 2007 @ 14:33 MDT

a brief hint about setting up apache 2.2’s mod_proxy_balancer with a mongrel cluster.

if you receive a permission error, “client denied by server configuration” when accessing your apache install, check the proxy configuration. in this case that means the proxy balancer configuration. an example working config:

1<Proxy balancer://mongrel_cluster>
2  BalancerMember http://127.0.0.1:8000
3  BalancerMember http://127.0.0.1:8001
4  Order deny,allow
5  Deny from all
6  Allow from all
7</Proxy>

the key is the last 3 lines, Order…, Deny…, and Allow….

this usually comes from a more general proxy permissions config:

1<Proxy *>
2  Order deny,allow
3  Deny from all
4</Proxy>

this protects against other kinds of proxy support in apache being publicly accessible, and is a good thing. so leave that in place, and just specifically allow access to the balancer proxy.

0 comments