zsombor's lair

I’ve congratulate them for their new found independence. Failure to communicate and reach a sensible comprise between the Serbs and Kosovo-Albanians had made Sunday’s declaration inevitable. They were repressed by the Serbs in a most brutal way and in the last ten years they had nothing but a straining struggle.

Most of Europe shows clear signs for recognizing their independence, albeit a few notable exceptions exist: Bulgaria, Cyprus, Greece, Slovakia, Spain, Romania and Russia. Now you just have to wonder what makes certain countries predisposed to deny the freedom of distant third one?

How come each of these (more or less) recognizes the right to self determination as fundamental right, some even preach it proudly in their own history books when discussing their own independence. Yet they can all vehemently oppose the overwhelming desire of the people of Kosovo. There is lot of fear to be found in them, all derived from subconsciously drawn parallels with themselves and the Serbs. Their subconscious now generates fear that if persisted will just hinder healthy communication that would have made Kosovo a non-issue in the first place.

I feel strongly that eventually Kosovo will get recognized by all Europe, becoming a lesson on how communication is imperative. On how use of force, be it military or not just increases opposition. But most importantly it will be a recognition on how embracing our collective diversity can only yield benefits to be reaped by all of us.

The press release and the coveted prize. In the last year VirtualBox had made my life infinitively simpler. Superb for making setup experiments with multiple nodes, before trying it out live. Makes my day even on the rare occasions I’ve need to boot a legacy operating system. Great for trying out new distros, progress on KDE4 development etc. VirtualBox starts them up blazingly fast. All the best to the Innotek team and hope this latests development will propel their product further.

Before starting a grandiose list like The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives. I don’t get this obsession with round numbers? I find it hard to believe that 50 software packages were checked and they all got better alternatives. Especially after bitting the bullet and trying out Archimedes the replacement for Autocad (btw this is not the defacto tool for architects). Or Authorize.net to OpenSSL I wonder how can you replace one with another? Why not try to compile an end to end usable list?

This is the exact problem with the web, there are so many voices that it is difficult to find real value amongst the noise.

An EU study on Free/Libre/Open Source Software while not necessarily reflecting the views of the European Commission does have some interesting findings:

Proprietary packaged software firms account for well below 10% of employment of software developers in the U.S., and “IT user” firms account for over 70% of software developers employed with a similar salary (and thus skill) level. This suggests a relatively low potential for cannibalisation of proprietary software jobs by FLOSS, and suggests a relatively high potential for software developer jobs to become increasingly FLOSS- related. FLOSS and proprietary software show a ratio of 30:70 (overlapping) in recent job postings indicating significant demand for FLOSS-related skills.

So much for “eating our lunch” myth.

FLOSS potentially saves industry over 36% in software R&D investment that can result in increased profits or be more usefully spent in further innovation.

Observe the “imitation instead of innovation” myth sinking.

Firms have invested an estimated Euro 1.2 billion in developing FLOSS software that is made freely available. Such firms represent in total at least 565 000 jobs and Euro 263 billion in annual revenue. Contributing firms are from several non-IT (but often ICT intensive) sectors, and tend to have much higher revenues than non-contributing firms.

Makes you think about the “sharing destroys competitive advantage” myth.

The existing base of quality FLOSS applications with reasonable quality control and distribution would cost firms almost Euro 12 billion to reproduce internally. This code base has been doubling every 18-24 months over the past eight years, and this growth is projected to continue for several more years.

Tomorrow it will be even tougher to ignore than today.

After spending a few years on CVSEmacs waiting for the 22th release and a few months of actually using it I’m on Emacs latest again. I’m pleasantly surprised to find the “not even alpha version” quality surprisingly high … no crashes or lockups in the last month. At least compared to other projects Emacs developers seem to have significantly different standards. Kudos to them.

You will be missed, no doubt you are skilled and knowledgeable as Mongrel weighs in heavily. Likewise no doubt that Rails the community and the framework has its flaws, you just can’t see the explosive growth we had while keeping everything pink.

Still you might want to work on your ego, as it overshadows your accomplishments. Don’t spill poison in a well just because you do not want to drink from it anymore. You’ll end up with a bias against you irrespective of the future community you’ll work in.

While the private sphere faces true challenges doing true work and providing true value (you get the picture) some state funded online businesses just give me the creeps. If you are happy to live in country where small transparent government “for the people” has real meaning no point reading further. Personally I doubt that you are as all countries have similar problems albeit some to a lesser extent. Try find one or two issues like this in you local system instead of just being dismissive about it.

The first pick for my asshole list is:

http://recom.onrc.ro

They are selling detailed company statistics collected at the taxpayers expense. First there is the paycheck of bureaucrat to “digitize” data, then there is the waisted time by company owner having to report on an arcane interface. Anyway given that law requires the company to report this data, and that taxpayers fund the collecting feels awfully strange to charge for it.

Second pick goes to:

http://www.inmh.ro

Selling meteorological data series – yearly average temperature, yearly average wind speeds, yearly sunshine hours etc. All important data when you need to size your home heating equipment, determine economically viable insulation levels, window to wall ratios and other non-construction related uses. Again they have collected this data from taxpayer funding, so why not put them up on their site for all to see. Clearly there is no hosting issues here since these (yearly averages) barely would consume more data than some of the images they have on their homepage?

I give an especially large malus point for failing to share the price of these “products” instead you have phone them in to make an inquiry. So much for transparency.

(...) I could continue this further but in the spirit of keeping the end-of-year mood up and happy I’ll just stop now.

UPDATE: You can find meteorological series with excellent depth from NASA covering the entire globe, freely.

While scoring as high on the originality as spoofs do I’ve just love these ads:

I’m also sick when a wild and diverse world is collapsed into an “X vs Y” comparative.

After running on Blogger for years I decided it is time to get a more customizable blog engine. I’ve need to post code examples without going trough all the hoops. Syntax highlighting would be nice, having real code to hack on the backend would be nice. Textile would be also nice, instead of trying to live with a rich text editor that is clumsy as all such contractions are. Now don’t get me wrong Blogger as a generic platform was great and and I’ve highly recommend it as a generic no-fuss publishing system.

The conversion was a fairy painful process given my previous use of Blogger had been mildly put “avantgarde”. For example for years they did not have any “tag” support and in a confused moment I’ve actually opted to have Technorati style tags like:

<a href="http://technorati.com/tag/ruby" rel="tag">ruby</a>

embedded in the post body. To my defense this is a fairly common microformat describing tags, even if the way I’ve used it ranked very low. Linking in to a global and ever changing pool of posts, sure I was not thinking clearly at the time. To make matters worse when Blogger had released their new and shiny “Beta” interface I’ve was to lazy to go over all of my posts manually and convert them to the new “label” feature they had.

The act of importing Blogger posts was a bit tricky. Turns out that Mephisto has a set of converters only that these all assume a database access … something you lack with Blogger. So much for a generic base conversion framework, looks nice feels nice and it also assumes that you have a database. Or at least a ruby models behaving in certain way. Talk about overengineering – or just pimping up my defenses in the light of ugly code I’m about to publish here.

So here is what you need to do, first export your Blogger account. Make sure you include the comments and the post TITLE since this is missing from the help file. Then download the homepage and use my conversion script (possibly the ugliest code I’ve ever written) to populate your db. You will have to tweak the script, I’ve only wrote it as a quick hack one time hack to munge my blog. Good luck!

The New York Times on Bucharest’s Flourishing Housing Market, a load of bullocks.

Don’t be fooled while it may be the Europe’s sixth largest city I doubt that there is one more ugly. Dirt everywhere, historic center in ruins (ill maintained buildings are the norm as clearly visible in the front picture), danger of stray dogs (a year ago they bitten to death a Japanese businessman), very little and continuously shrinking green space, horrendous architecture legacy of the communist times.

I’ve only spent 3-4 pleasant hours in Bucharest, while dancing and savoring fine Romanian red wine: so it does not count.

All of the pictures where shot from inside the apartments vs actual places from the city. And the article is filled with the mambo-bambos of a real estate agent mixing the term “need” with the word “demand”. They thrive on housing bubbles! City with a lot of potential … absolutely true, but it does not show much journalistic objectivity to have its current state be hinted by so poorly.

Regardless if you are an a beginner or an expert with dozen rails projects under your belt you should really appreciate the posts at Ruby on Rails Security blog. The devil hides in the details that are all to often overlooked. True the recommendations shared are not rails specific, they are applicable to any other web stack.

One interesting recommendation that caught my eye was having a separate user for running migrations. The reason for this is simple: you don’t want a malicious user to inject an drop table users or some similar nastiness in your application. Sure you can avoid SQL injection by restrain yourself to proper query construction Rails or use exclusively the intuitive find_by_ methods. If you feel uncomfortable with the assumption that the entire codebase will never have an improper construction, better add one additional security measure: have a custom user just for database migrations, and not allowing the rails production user to drop tables.

Whilst rails does not set up your project with a custom migration user, it is quite simple to tweak support for this into a rails project. Basically you need to add a custom environment just for database migrations. First lets create a user that can do schema edits, lets call it “app_migrator”. This is specific to your RDBMS flavor, and will not document here: use the manual.

Next add a migration entry to your database.yml file. Something simple like:

migration:
  adapter: mysql
  database: app_prod
  username: app_migrator
  password: the_secret_password_goes_here

Note that the database is the same as the one you use for production environment, just the authentication info changes. Rails will try to load config/environments/RAILS_ENV.rb during its initialization process, next step is to add this file. For our purpose an empty file will suffice:

$touch config/environments/migration.rb

Now lets do a quick test to confirm that all works well:

$script/console migration
Loading migration environment.
>> User
=> User

I’ve started the console in the “migration” environment and behold it worked! Now tweak the capistrano deploy script. You want to perform the migration within the newly created custom environment. Start by overloading the standard migrate task in your conf/deploy.rb:

task :migrate, :roles => [:db] do
  run "cd #{release_path} && rake db:migrate RAILS_ENV=migrate"
end

Commit your changes and enjoy!

Disclaimer: Security comes in layers and not by a single measure. By following the above recipe you will not gain full protection against sql injections.