It’s interesting that I’ve chosen to go the path of the Rubyist because it’s a path that combines two things that I love very much: Japan and programming. Ruby Kaigi is a Ruby conference held in Japan, which I unfortunately missed this year. However, my blog didn’t, and I was made aware of it thanks to PostRank.

One of my most popular posts is one I wrote about using Authlogic and ActiveLDAP to let a Rails app do pass-through authentication to an LDAP server. It has been bookmarked over 50 times on delicious and has seen a bit of love in the comments and on Twitter as well. Onc of those tweets was hash-tagged #rubykaigi, so I followed up to ask if my post showed up at the conference. Turns out it did. Ruby and LDAP integration was one of the topics at this year’s Ruby Kaigi and my blog post was one of the ideas presented for integrating LDAP with Rails.

I would not have known any of this were I not watching my blog’s Activity Stream on PostRank Analytics. Hopefully I can be at Ruby Kaigi next year — it’s being called “The Final RubyKaigi”, which I’m hoping doesn’t mean there will never be another one — but my blog was there and PostRank told me about it. Now that’s eating your own dog food.

By the by, if you’re a blogger, try PostRank Analytics. You can get a 30-day free trial, or help us connect influencers with brands by signing up to PostRank Connect and get a free PostRank Analytics account to help you measure and maximize your influence.

I recalled some of my first experiences with RSpec. For one job interview with a company that was using Rails, I was asked to bring in a small Rails app, a toy problem that they previously set for me to test my skills. I worked really hard on that application, struggling with every feature because at the time I had done relatively little with Ruby and Rails. I was specifically asked to make sure that this app was well tested. I had been doing some reading about TDD around that time, which led me to BDD, and in the context of Ruby that led me to RSpec. So I used RSpec and Spec::Rails, though I wasn’t entirely familiar with them.

During that interview, the developers sitting in asked me to add a new feature to my app. I remember that I needed to check that a particular value went up by 1 when I called a method. So I stored the old value in a local variable, invoked the method, and then checked that the new value was what I expected it to be.

“That’s good, but it can be better.”

From there, I was walked through something that at the time I couldn’t fully comprehend. I was asked to create a lambda with a block invoking the method, append .should to that, a space, and then change, with another block that would produce the value I wanted to check, and then .by(1). The three-line example I’d originally written became a single (albeit long and, for me at the time, hard to read) line. I was assured that it did precisely the same thing and they asked me to run it. Sure enough, it passed. That was my introduction to a whole side of RSpec I’d never learned about before: matchers.

I always wrote should == or should_not ==. I just thought of it as the particular way that RSpec did assertions, just a small part of the entire DSL. But he’s much more powerful than he actually looks. When you call should on something you pass an argument. That argument is a matcher. But what is a matcher? A matcher takes an object, evaluates some sort of predicate on it, and says “yes, that matches” or “no, it doesn’t”. It can also define a friendly message for failure (that’s what you see when an expectation fails while running your specs) and a description of what that matcher asserts, which appears in the documentation output format (“specdoc” if you’re still using RSpec 1.x) if you called #it with just a block and no string.

So let’s look at something similar to what I was walked through during that interview:

describe Foo do
  before(:each) do
    @foo = Foo.new
  end
 
  describe ".harbl" do
    it "should raise 'bar' by 1" do
      lambda { @foo.harbl }.should change { @foo.bar }.by(1)
    end
  end
 
end

Now, say we’ve implemented everything except the part where calling #harbl on a Foo increases the value by 1. When we run this, we’ll see a message saying something to the effect of “{ @foo.bar } should have been changed by 1, but was changed by 0.” Here, we see the first benefit using a special matcher instead of a raw assertion: the failure message actually reflects the behaviour we were expecting to see! Instead of seeing “1 doesn’t equal 2″ which tells us little about what we were actually testing, we see “@foo.bar should have changed, but it didn’t.”

So how does this actually work? We’ll take this from the inside and work our way out. The “magic” here is change. It’s a method, but what does it return? It returns a fresh instance of Spec::Matchers::Change (in fact, the definition of the method is right in that file!). The block that you pass it tells the matcher what it’s supposed to evaluate to get the value before and after. We call #by on that which is just a little decorator. It tells the matcher what kind of change it’s looking for. We’re telling the matcher “run that block I gave you before and after running the code I plan to give you later. The value you get from that block after running the code should be 1 greater than it was when you ran it before the code.”

So now the matcher knows how to get the value, and it knows what we expect it to change by. It needs one last ingredient: a subject. What piece of code does the matcher need to run so it can observe the change in the value? That’s where #should comes in. He’s pretty simple: call him on something and he’ll take that something, pass it over to the matcher that he’s given as an argument, and say “tell me if this matches or not.” And just like that we’ve turned the matcher that we’ve built up into an expectation on the behaviour of our code.

That’s pretty nifty all on it’s own, but here’s where it becomes truly beautiful: RSpec comes with matchers for just about every common predicate you can think of. Not only does it come with all of these matchers, but it comes with methods that dynamically generate matchers! Wait, what?

describe Orange do
  before(:each) do
    @orange = Orange.new
  end
 
  it "should be tangy" do
    @orange.should be_tangy
  end
end

While the guys who made RSpec included a lot of matchers, I’m pretty sure a “be tangy” matcher is not one of them. And yet this is a perfectly valid RSpec example, without any special extensions or monkey patching. How? It turns out that RSpec’s “be” matcher is a lot smarter than it looks. If you connect it to something with an underscore, it will send that something with a ? on the end as a message to the subject and determine pass or fail based on the response.

Here’s the code we would write to make that spec pass:

class Orange
  def tangy?
    true
  end
end

And there you have it. We have a tangy orange, and RSpec lets us specify that it should be tangy. There is so much of this kind of awesomeness in RSpec that I can’t fit it all into this post. You really should explore RSpec matchers for yourself. If you somehow find a predicate that RSpec cannot express with one of its matchers, you can easily create your own. Just follow the model of RSpec’s other matcher classes; define a few necessary methods and some decorators if you need them and you’re done. If you’re using RSpec 2, I hear they’ve even created a small DSL to make custom matchers even easier to generate. Spiffy!

So if I could give only one piece of advice about RSpec best practices, it would be this: if your expectation looks messy, RSpec probably has a matcher that can make it cleaner.

Use the matchers, Luke.

So I created gabriel. gabriel helps you communicate with god by offering completions for subcommands, options, tasks, and group names for your bash shell. Installing it is pretty simple:

$ gem install gabriel
$ gabriel-install
(From there, follow the on-screen instructions)

To ensure you get completions in every session, confirm that your .bashrc is sourced in your .bash_profile (or .profile, if you’re a bit more old-school).

This is my first foray into shell scripting and into publishing a ruby gem, so check out the source and if you can make gabriel even better, please do contribute your patches.

May god watch kindly over all of your processes.

One of these parallels between humans and computers is the way that we multitask. Computers only seem to multitask by switching between tasks rapidly, with the exception of new multi-core and multi-processor systems, which can run as many tasks in parallel as there are cores or processors. So it was interesting to read recently that the prevailing theory is that humans multitask in precisely the same way!

Analogous to a multitasking CPU, current experimental psychology research shows that interference occurs when we attempt to perform even simple tasks simultaneously. There are certain exceptions to this, particularly when one of the two tasks is stored in “muscle memory”, but this is because we can perform such tasks without even thinking about them. In many other cases, the effectiveness with which we perform the tasks is diminished when we are doing more than one task at the same time.

It is also common wisdom in IT that when somebody is deep in his/her work (commonly referred to as flow), an interruption of even a few seconds can result in 15 minutes of lost productivity. While I’ve never verified the actual number, I have often had trouble putting myself back on a task after being jolted out of it by a short interruption.

When a CPU switches tasks, it must perform a context switch. The current state of the program that is running on the computer, including the values stored in the registers, a reference to the next instruction to execute, and other housekeeping information are stored in memory (RAM). When the program comes back, the stored information is put back into its proper places so that the CPU can pick up where it left off. This is a fairly costly operation as the CPU cannot access RAM even a fraction as fast as it can access its registers. Of course, this means that when a CPU runs two programs simultaneously, it is less efficient at each than if it were concentrating entirely on one program or the other. Determining when to switch to a different program is therefore an incredibly important concern in the design of modern operating systems.

I’ve witnessed human “context switching” in a co-worker of mine. When I knock on her door to ask her a quick question about work that I’m doing for her, she asks me to give her a moment and looks to be deep in thought. She then asks me to repeat my question and answers it with surprising conciseness and accuracy. She has told me that she needs to switch from the mindset of what she’s currently working on to the mindset of what I’m asking her or she can’t answer properly.

This isn’t to say that multitasking is bad, but I am acutely aware that when I do multitask, I am not going to be able to perform each task as effectively as if I were focused entirely on one. Also, there are certain points at which it is easier or more natural to switch from doing one thing to doing another, particularly where I’ve accomplished a sub-goal in the task or where I’ve written down detailed notes on the current state of what I’m doing, which makes it easier to switch back to it later.

What do you think?

Self-esteem expressed in Ruby

It’s a valuable life lesson made incredibly concise in my favourite programming language, Ruby. I leave the interpretation to the reader. It relates to some themes that I’ve already written about before and will probably write more about in the future.

As with the first tutorial, I’ve pushed a branch based on authlogic_example that you can use as a concrete example.

First, let’s bring in the declarative_authorization gem:

# My example code was written before GitHub decided that they don't want to
# build gems anymore but this line should do the trick.
config.gem "declarative_authorization", :source => 'http://gemcutter.org'

Now, we need to make an ActiveLdap model class like LdapUser but for groups. We’ll call this LdapGroup:

class LdapGroup < ActiveLdap::Base
  ldap_mapping :dn_attribute => "cn",
    :scope => :sub,
    :prefix => "ou=groups,o=users"
 
  has_many :members, :class_name => "LdapUser", :wrap => "member",
    :primary_key => "dn", :foreign_key => "dn"
end

The ldap_mapping part is very similar to the previous one for LdapUser, but the has_many is where the real ActiveLdap magic starts!

We are letting ActiveLdap know that an LdapGroup has LdapUser members, which are defined in the multi-valued attribute member, where each of the values is the DN of an LdapUser. If you’re looking for a bit more detail, refer to the ActiveLdap documentation. Keep in mind that the code above is for the specific schema used by my example application and you may have to change it to match yours.

With that, we should be able to list all of our LDAP groups and find the members of any particular one in the console:

>> LdapGroup.all.collect { |g| g.cn }
=> ["super_admin"]
>> LdapGroup.find("super_admin").members.collect { |m| m.dn }
=> ["uid=ebianco,o=users,dc=example,dc=com"]

Now we’ll create an association between LdapUser and LdapGroup so that given a user, we can figure out which groups he/she is a member of. We’re going to tell ActiveLdap that a user’s groups are those groups in which the user’s DN appears in the group’s member attribute:

belongs_to :groups, :class_name => "LdapGroup", :many => "member",
  :foreign_key => "dn"

Let’s check our handiwork in the console:

>> LdapUser.find("ebianco").groups.collect { |g| g.cn }
=> ["super_admin"]

Now why did we go through all of this effort? declarative_authorization allows us to provide an instance method for User, #role_symbols, that returns an array of symbols representing the list of roles that the user has. With our ActiveLdap setup, mapping a user’s roles to LDAP groups becomes a one-liner:

def role_symbols
  ldap_entry.groups.collect { |g| g.cn.to_sym }
end

From here, we can define the authorization rules for our LDAP-based roles. declarative_authorization reads these from config/authorization_rules.rb:

authorization do
  role :super_admin do
    has_permission_on :users, :to => :manage
  end
  role :guest do
    has_permission_on :users, :to => :read
    has_permission_on :users, :to => [:create, :update, :destroy] do
      if_attribute :id => is {user.id}
    end
  end
 
end
 
privileges do
  privilege :manage do
    includes :create, :read, :update, :destroy
  end
end

Now we can use declarative_authorization as usual. I won’t go through all the details but if you want a primer on using declarative_authorization, you can start here and browse the commits on my authlogic_example branch.

class WebTransaction
 
  # Base URL for transaction web service
  SERVICE_URL = "http://accountingservice.com/"
 
  def transaction_url
    url = SERVICE_URL
    url << "VAL1=foo"
    url << "&VAL2=bar"
    url
  end
 
end

The class is meant to represent a transaction being posted against a rather odd web service that actually uses GET rather than POST for posting transactions (bad web service!). In my actual code, the URL parameters appended to the SERVICE_URL base would be determined on a per-object basis but I’ve simplified it here.

Here’s the punchline: SERVICE_URL was changing! Calls to transaction_url would keep on appending more variables to it. If you’re particularly clever with Ruby, you’ve already figured out exactly why. But if you’re scratching your head like I was, here are some hints:

• In Ruby, constants aren’t. In fact, they’re really no different from variables except for the fact that Ruby detects that variable names in all-caps are probably supposed to stay constant and warns if you try to assign to them.
• <<, for strings, will append to the end of the string.
• Ruby strings are mutable. That is, operations on a string variable will usually be done in place, rather than returning a new string. (Method calls, on the other hand, are a different story!)
• Assigning a String variable to another String variable will assign the reference. That is, the two variables will be pointing at the same object.

Hit the jump to see the solution to this little mystery…

SERVICE_URL is only directly assigned to when it is declared. But what happens when I assign SERVICE_URL to the local variable in transaction_url, url. They’re pointing to the same object!

Then I go ahead and I start appending things to the end of the string. Ruby has no complaints because I’m not assigning to SERVICE_URL but the object that it is pointing to is being changed! The operation is causing the URL parameters to be appended in place.

And that, friends, is what happens when constants aren’t. Let’s fix this little error:

class WebTransaction
 
  # Base URL for transaction web service
  SERVICE_URL = "http://accountingservice.com/"
 
  def transaction_url
    url = SERVICE_URL.clone
    url << "VAL1=foo"
    url << "&VAL2=bar"
    url
  end
 
end

Now, instead of appending to the string object referenced by SERVICE_URL directly, I’m creating a copy of the object and then appending URL parameters to that.

About a week ago there was a discussion about this on programming Reddit. The original poster, a programmer, feels a sense of inferiority because while others can succinctly explain the “awesome” in what they’re doing, he cannot. I sympathize with this sentiment. I love what I do but how do I transfer that passion without drowning the other person in the technical details? It feels like without the finer, technical details, my job description becomes distilled to “I make websites.”

Really? That’s it? That’s what I do for a living?

But is the problem really that what we’re doing isn’t interesting to the layperson? Web developers built Google, Facebook, MySpace, Wikipedia, and many more technologies that people use every day. We are building cool web applications that, while they might not gain the same degree of popularity or critical mass, can potentially provide just as much value. If we didn’t think that web development was an awesome career, a lot of us probably wouldn’t be doing it.

(And by the way, if you’re making money doing something you have absolutely no passion for, you might want to try and fix that.  Just sayin’.)

So why do we have difficulty getting people to identify with this?  Perhaps this comment from the Programming Reddit discussion might shed some light on the topic (emphasis mine):

Obnoxious braying girl: (To me and a friend) Oh, i bet i can guess what you do! go on, let me! (Obnoxious braying girl makes a few guesses about my friend’s job, eventually works out he does some sort of admin thing in publishing, polite words exchanged about this field) Obnoxious braying girl: (to me) Hmm.. you’re… a graphic designer? Me: hah! god no OBG: A journalist? Me: Well, that does sound like fun, but no (back and forth for a bit until she eventually asks me what i do Me: (in jokey, self deprecating tone) – I’m a massive nerd, basically – I program computers and make websites for people OBG: oh, right… (she stares down into her drink) Me: (trying to salvage this conversation) – so, and what do you do? OBG: Oh, i work at a corporate events company! it’s really exciting, basically we…. Cue 15 minutes of skull-numbingly boring monologue about basically being a travel-agent for corporations. It puzzles me though – why is anyone who doesn’t work with computers given licence to go on and on about their job (Despite the fact that asking people about work is basically a social nicety and not interesting at all to anyone socially), wheras anyone whose interests (whether work based or not) include anything technology or science-based are automatically percieved as boring socially-inept people who can’t talk about anything else? Fuck that shit – next time i’m introduced to someone I’m going straight into explaining recursion.

There are a few things that one could criticize here but the point I’ve decided to focus on here is the blatant self-deprecation. If you read the rest of the comments in the discussion, you might notice, like I have, that this is actually surprisingly common — it’s like many of us have been conditioned to believe that what we do is simply not interesting to a vast majority of people, so we might as well just say “I do computer stuff” and get it over with.

Alun Anderson, Editor-in-Chief of New Scientist magazine, would beg to differ (emphasis mine again):

Science writing used to be slightly apologetic: [puts on whiny voice] “this is all going to be terribly difficult, but I’ll try and make it easy for you”. Like they’ve sugar coated something you don’t really want to take. Our goal was to really change that – change the people and the ideas – to be self-confident. Science often suffers from this sort of cringe factor – “I’m a boring scientist, you probably don’t want to talk to me”. My policy was if you’re talking to someone else the approach is: “what’s happening in science is the most interesting thing in the world, and if you don’t agree with me just fuck off, because I’m not interested in talking to you”. You had to have that kind of attitude. That tended to be the kind of attitude of people in the arts: [in snooty voice - think Brian Sewell] “Of course I am doing something interesting”, so I took the same attitude. If you’re not interested, I don’t want to explain to you – you’re just a fucking idiot, so get out of my way! And it worked, because if you write like, “I’m really interested in this, it’s not only interesting its really important. If you can’t see this, you’re probably a moron!” It works. It has to be true to a degree. Otherwise it’s just piped bullshit, or triumphalism or something. The thing is, it is really interesting and important. People from the sciences do often have massive inferiority complexes.

I believe that what I do is interesting, important, and valuable. If I didn’t, I’d be doing something else. And so, I will endeavour to find a way to convey that value and importance and when someone asks me what I do, that is how I will answer.

Anyone who absolutely can’t identify with my passion for what I do is probably somebody I really wouldn’t like anyway.

This branch shows a way of implementing pass-through authentication to an LDAP server using ActiveLdap and Authlogic, with just some small changes to the User and UserSession models.

First, we’ll need to bring in the net-ldap and activeldap gems. We edit config/environment.rb to include the following two lines:

config.gem "net-ldap", :lib => false, :version => '>=0.0.5'
config.gem "activeldap", :lib => "active_ldap", :version => '1.0.9'

If you use sudo gem install net-ldap, you’ll get 0.0.4. Here, I’ve built the 0.0.5 gem from the GitHub repo. This is because there are some bug fixes in the GitHub master that aren’t in the RubyForge gem. In the with-activeldap branch, the two gems are vendored.

Now, we create config/ldap.yml to configure ActiveLdap’s connection to our LDAP server. Here’s mine:

development:
  host: 127.0.0.1
  base: dc=dev,dc=Asuka,dc=local
  bind_dn: cn=Manager,dc=dev,dc=Asuka,dc=local
  password: secret
 
test:
  host: 127.0.0.1
  base: dc=test,dc=Asuka,dc=local
  bind_dn: cn=Manager,dc=Asuka,dc=local
  password: secret
 
production:
  host: 127.0.0.1
  base: dc=prod,dc=Asuka,dc=local
  bind_dn: cn=Manager,dc=Asuka,dc=local
  password: secret

This tells ActiveLdap the server/port to connect to, what the base entry for our LDAP objects is, and what user to bind as for operations on the server. Now, we create a LdapUser class to represent user entries in the LDAP:

class LdapUser < ActiveLdap::Base
  ldap_mapping :dn_attribute => "uid",
    :scope => :sub,
    :prefix => "o=users"
end

This defines an LDAP user as being an entry from the o=users organization, where all of the entries are distinguished by the uid attribute. Now, we should be able to use the console to list all of our LDAP users like so:

 >> LdapUser.all

Now, we’ll add some methods to the User model that allow us to look up users by login in the LDAP and create entries in the database if they don’t already exist. We’ll also need a method for forwarding the credentials provided on the login form to the LDAP and see if they are valid:

class User < ActiveRecord::Base
  acts_as_authentic do |c|
    # Don't validate password, since that will be held in the LDAP
    c.validate_password_field = false
  end
 
  def ldap_entry
    LdapUser.find(self.login)
  end
 
  # Tries to find a User first by looking into the database and then by
  # creating a User if there's an LDAP entry for the given login
  def self.find_or_create_from_ldap(login)
    find_by_login(login) || create_from_ldap_if_valid(login)
  end
 
  # Creates a User record in the database if there is an entry in the LDAP
  # with the given login
  def self.create_from_ldap_if_valid(login)
    begin
      User.create(:login => login) if LdapUser.find(login)
    rescue ActiveLdap::EntryNotFound
      nil # Don't do anything since we can't find an entry
    end
  end
 
  protected
    # Authenticates the user against the LDAP.
    def valid_ldap_credentials?(password_plaintext)
      ldap_entry.bind(password_plaintext)
      ldap_entry.remove_connection
      true
    rescue ActiveLdap::AuthenticationError, ActiveLdap::LdapError::UnwillingToPerform
      false
    end
end

With this, there is no longer a need for the crypted_password and password_salt columns in the users table, so if those columns exist, you’ll have to write a migration to remove them (or at least allow NULL values for them). Now, we modify the UserSession to use our custom methods for looking up users and validating their credentials:

class UserSession < Authlogic::Session::Base
  find_by_login_method :find_or_create_from_ldap
  verify_password_method :valid_ldap_credentials?
end

With that, we should now be able to log in as a user by providing her uid as the login and the password. LDAP pass-through authentication achieved! There is a downside though: ActiveLdap is not particularly efficient with its queries but this can be mitigated by storing the user’s LDAP entry (the LdapUser object) in the User instance when it is first looked up.

def ldap_entry
  @ldap_entry ||= LdapUser.find(self.login)
end

In a future post, I will extend this further by modeling LDAP groups and bringing in declarative_authorization to implement role-based access control based on LDAP group membership.

Why The Lucky Stiff’s contributions to the Ruby community include “Why’s Poignant Guide to Ruby”, a book which many state was the reason they got into Ruby, Shoes, an easy-to-use cross-platform GUI toolkit with innovative online distribution features, and Hpricot, a very slick HTML parser that is also a joy to use.

Some believe that he has decided to move on from software development because his last tweet reads “programming is rather thankless. u see your works become replaced by superior ones in a year. unable to run at all in a few more.” Some believe that his accounts were all hacked. A few others believe that his anonymity has been compromised and that he has decided the destroy the pseudonym.

Wherever Why The Lucky Stiff goes from here, I hope he knows that there are so many of us who looked up to him and have him to thank for knowing the joy that is programming in Ruby. He will be sorely missed.