For those of you on Edge Rails, since changeset [7189] appears to have broken the current acts_as_paranoid we’ve been getting some test errors. There’s a quick patch I wrote available in this Pastie, but because scope_out is now recommended by Rick Olson himself this should only be seen as a migration path. Hopefully this will save you some trouble.

In Google Analytics there are a lot of tables where you can click a link to see content details. These links only work if you left-click. If you right-click to open the link in a new tab or window, you’ll end up opening the current Google Analytics screen again.

I find this extremely annoying because this is precisely the usage scenario where browser tabs are really handy. If you’re looking at an overview with links to additional details, you really need to be able to open them in multiple new tabs of windows so that you can quickly look through them instead of having to wait for each page to load when you go back and forth between the overview list and the details pages.

Here’s the html source for the example above.

<a href="" onclick="window.PageTable._drillDown(2); return false;">
/2007/06/flex-can-t-do-rest</a>

I’m wondering why people do this? What’s the reason for using JavaScript here? Why not just use a real link instead of a fake one?

If you’re thinking of building a cool snazzy Rich Internet Application front-end in Flex for your RESTful Rails application then please stop dreaming.

There’s no way to extract the headers from an HTTP response in ActionScript 3 so you can’t get the id of a newly created resource from the ‘Location’ header and you can’t tell the difference between a ‘500 Internal Server Error’, a ‘404 Not Found’ or a ‘422 Validation Error’.

There’s also no way to get the response body for anything not in the 2xx range.

Oh, and you can only do a GET or a POST, no PUT or DELETE, at least not without a proxy.

If you can prove me wrong, please do.

Changeset 6185, or so we assume, broke our fix for Basic Authentication in Safari when using RESTful Rails routes.

Luckily it wasn’t too hard to fix the fix and we’ve decided to make a plugin out of it so we can easily keep the fix in sync with Rails for all our projects. You can find safari_basic_auth_fix in our Subversion repository. The current fix makes sure that semicolons are encoded for every outgoing URL and it decodes the semicolons for all the incoming URLs.

Update: Changeset 6485 removed semicolons as a action separator, so this shouldn’t be a problem anymore once you upgrade to Rails trunk.

Bittorrent.com, the first endeavor in legalizing Bittorrent, launched recently. I was pleasantly surprised that they didn’t put a really large badge on the frontpage saying, “if you’re not in the US, please leave.”

Following the example of the ever successful iTunes Store most, maybe all, of the purchasable video content is marked ‘US only’. Alas. Not deferred by the tag I tried to purchase something by clicking one of the big red ‘Buy’ buttons. Then I found out how they secured the shop against non-US customers.

I could really see myself renting Clockwork Orange for 3 bucks, I hope they fix the form validation when they start selling content to the rest of the world. And when they’re done fixing the validation they might also want to look into the other slight problem.

In the latest Venture Voice episode Fred Seibert talks about Channel Frederator. A little ashamed never even having heard of what sounded like a really cool cartoon channel, I immediately checked it out when I reached the office.

After watching the first few minutes of what looks like it’s supposed to be a great cartoon I gave up in disgust. If you ‘really love cartoons and the people who make them’ (as they say on the about page), then why do you make them look this awful?

Heavy combing (‘hmm, I wonder what this de-interlace checkbox is for?’) with lots of low-bitrate encoding artifacts on top. Yuck.

Granted, you can download a higher bitrate mpeg-4 version that looks better although it still has the combing artifacts.

If you search for Windows Vista on Amazon, you get this:

Microsoft Windows Vista Ultimate FULL VERSION, Microsoft Windows Vista Ultimate UPGRADE, Microsoft Windows Vista Home Premium UPGRADE, Microsoft Windows Vista Home Premium FULL VERSION, Microsoft Windows Vista Ultimate UPGRADE Limited Numbered Signature Edition, Microsoft Windows Vista Home Basic UPGRADE, Microsoft Windows Vista Business UPGRADE, Microsoft Windows Vista Business FULL VERSION, Microsoft Windows Vista Home Basic FULL VERSION, Microsoft Windows Vista Home Premium Upgrade Additional License Pack, Microsoft Windows Vista Home Basic Upgrade Additional License Pack, Microsoft Windows Vista Home Premium 64-bit for System Builders, Microsoft Windows Vista Ultimate Upgrade Additional License Pack, Microsoft Windows Vista Ultimate 32-bit for System Builders, Microsoft Windows Vista Business Additional License Pack, Microsoft Windows Vista Business Upgrade Additional License Pack, Microsoft Windows Vista Ultimate Additional License Pack, Microsoft Windows Vista Ultimate 64-bit for System Builders, Microsoft Windows Vista Ultimate 64-bit for System Builders - 3 pack, Microsoft Windows XP Professional SP2B for System Builders with Vista Tech Guarantee Coupon, Microsoft Windows Vista Ultimate 32-bit for System Builders - 3 pack, Microsoft Windows Vista Home Basic 64-bit for System Builders, Microsoft Windows XP Media Center Edition 2005 SP2B for System Builders with Vista Tech Guarantee Coupon (CD-ROM), Microsoft Windows Vista Home Premium 32-bit for System Builders, Microsoft Windows Vista Home Premium Additional License Pack, Windows Vista Home Premium SPANISH FULL VERSION, Microsoft Windows XP Home Edition SP2B for System Builders with Vista Tech Guarantee Coupon, Microsoft Windows Vista Business 64-bit for System Builders, Microsoft Windows XP Pro X64 Edition SP2B for System Builders with Vista Tech Guarantee Coupon, Microsoft Windows Vista Business 32-bit for System Builders - 3 pack, Microsoft Windows Vista Home Basic 64-bit for System Builders - 3 pack, Microsoft Windows XP Tablet PC 2005 SP2B for System Builders with Vista Tech Guarantee Coupon (CD-ROM), Microsoft Windows Vista Business 32-bit for System Builders - 3 pack, Microsoft Windows Vista Home Basic 32-bit for System Builders - 3 pack, Microsoft Windows XP Pro SP2B for System Builders with Vista Tech Guarantee Coupon, 3 pack, Microsoft Windows Vista Home Premium SPANISH UPGRADE, Microsoft Windows XP Media Center 2005 for System Builders with Vista Tech Guarantee Coupon, 3 pack (CD-ROM), Microsoft Windows XP Pro X64 SP2B for System Builders with Vista Tech Guarantee Coupon, 3 pack, Windows Vista Business SPANISH FULL VERSION, Microsoft Windows Vista Home Basic SPANISH UPGRADE, Microsoft Windows XP Home SP2B for System Builders with Vista Tech Guarantee Coupon, 3 pack, and Windows Vista Business SPANISH UPGRADE.

Right.

A few weeks ago Amazon launched UnSpun, a web application to collectively manage lists of all sorts.

During signup I was presented with the following.

I know Internet Explorer fixes a lot of broken encoding by guessing the true encoding for just about everything, maybe that’s why they never noticed during development?

I’ve had this problem myself on a few occasions. Because geographical information is commonly extracted from text files and loaded into a database you always have to be really careful to transcode any data extracted from text files to the same encoding as the database. In the case of ISO-8859-1/15, which is commonly used in west-european countries, there is a really simple oneliner to transcode to utf-8.

source.unpack('C*').pack('U*')

A few weeks ago I received a new MacBook Pro Core 2 Duo. When I turned it on I immediately noticed that the bottom of the panel was noticeably brighter than the rest of the display. It also had small dark triangular areas in the bottom corners.

It looks a bit like the display on Manfred’s Gameboy Advanced SP. Acceptable for a low-cost piece of consumer electronics, but certainly not for a high-end laptop marketed at professional photographers.

I called Apple, explained the issue and they immediately offered to send a replacement which was delivered today.

The panel on the new machine has the exact same defect.

I’m really disappointed. Over the years I’ve ordered an iBook G3, a PowerMac G4 with a 19” Cinema display, a PowerBook G4, three Mac Mini’s, two 23” Cinema Displays, a MacBook, three iPods and a ton of small stuff. All arrived in perfect condition.

One of the reasons I keep buying from Apple is that I was under the impression that they have excellent quality control. Not anymore, apparently.

Update (30 Nov): I’m now waiting for the third replacement. Both machines I received so far are from the same series; the serial bumbers both end with ‘W0L’.

Also, here’s a picture to give an idea of what I’m talking about:

In the picture you only see a small very bright band, but in reality the bottom 20% of the panel is brighter and has a different color temperature than the upper part.

Update (8 Dec): I’m now waiting for the fourth replacement. See the comments for details.

Update (12 Dec): There seems to be a major quality issue with matte panels.

Update (4 Jan): The fourth replacement was first sent to an Apple engineer for inspection. It also has the bright band at the bottom of the display which, according to the sales representative I spoke, is ‘within specifications’. He also said the engineer told him it’s because ‘the current flows from the bottom of the screen to the top’. I’ve asked for a refund and I’m going to go back to my 12” G4 PowerBook for now.

Update (22 June): Just got a new MacBook Pro 2.4 GHz with the 15” LED Backlight panel. No issues, perfectly fine screen.

From the latest We don’t trust voting computers newsletter (I’m too lazy to translate this and Babel Fish does a decent job anyway):

Op de website van het ministerie van Binnenlandse Zaken is een speciaal afgeschermd hoekje ingericht voor de gemeenten die op 22 november met een stemcomputer van Nedap moeten stemmen. De afgeschermde pagina bevat documenten met instructies rondom de beveiliging en verzegeling van de Nedap stemcomputers.

De gemeenteambtenaren die toegang moeten hebben tot dit deel van de website gebruiken allemaal dezelfde combinatie van gebruikersnaam en wachtwoord, en deze stonden voor het gemak open en bloot in de nieuwsbrief van de Nederlandse Vereniging voor Burgerzaken. Deze nieuwsbrief is via de website van de vereniging voor iedereen te lezen.

BZK: Nedap stemmachines
(login “nedap2006”, password “NedapCZW12bzk!”)

Lokale kopie

Nederlandse Vereniging voor Burgerzaken, Nieuwsbrief 69
(voor de login gegevens)

From the Mac OS X Leopard Technology Overview:

Leopard Server features a built-in installation of the powerful and productive Ruby on Rails web application framework. Ruby on Rails is a full stack framework optimized for sustainable productivity. Leopard Server will ship with Mongrel for simplified development and deployment of web-based applications.

That’s great. I only hope this bug will be fixed too. It would be somewhat ironic if you can’t use HTTP Basic Authentication in Safari with the new RESTful Ruby on Rails urls.

If you have access to the latest pre-release version of Mac OS X Leopard, please visit http://onautopilot.com/test;webkit and let us know if you get asked for a username and password or if it’s still broken.

Update: Tim found that you can make this work by url-escaping the semicolon. Add the following to your ApplicationController in app/controllers/application.rb:

# make HTTP Authentication work on Safari for RESTful Rails
def url_for(options = {}, *parameters_for_method_reference)
  result = super(options, parameters_for_method_reference)
  if request.env['HTTP_USER_AGENT'].to_s.include? 'AppleWebKit' 
    result.is_a?(String) ? result.gsub(';', '%3B') : result
  else
    result
  end
end

For traditional sites cookie based authentication was often the best choice, especially because the application has complete control of the session which allows for automated logouts and other freaky stuff. Over the last year I’ve implemented quite a few authenticated applications and a large number of them has feeds or a webservice interface of some sort. But feedreaders and REST clients don’t really like cookie based authentication. HTTP Authentication is an obvious alternative, so we started using it.

In a lot of todo lists under the header ‘in the distant future’ there was an item: implement digest authentication. So I decided to bite the bullet and read RFC 2617.

I implemented the protocol for both sides, client and server. I sincerely believe that’s the best way to implement a protocol. That way you can always test the partially implemented client on the partially implemented server and bootstrap until everything is done. The best thing is that client and server implementations share a lot of algorithms, working on both makes your implementation orthogonal by default.

Implementing the specs went well, until I tried to talk to other implementations. Already in the first week I discovered four problems:

1. Apache doesn’t send the required ‘nextnonce’ directive in it’s Authentication-Info header.
2. Safari quotes algorithm and qop directives in the Authorization header. These directives shouldn’t be quoted.
3. IE quotes algorithm and qop directives just like Safari does.
4. IE computes the digest only over the path part of the URI instead of over the path and query part. (From the apache documentation of mod_auth_digest)

This brings up quite a few questions. Did Safari copy the quoting behaviour from IE instead of reading the RFC themselves? Is implementing standards too hard? Should standards be replaced by reference implementations?

I willing to tackle the last question because it’s so easy to answer. RFC 2617 happens to provide a reference implementation for computing Authorize headers, so that can’t be the problem. So are standards just too hard? RFC 2617 is a pretty complicated pieces of header prose, but it’s not as long and threaded as the HTTP specs. And way way easier than SOAP specs. So there must be something else.

Let’s assume for a moment that standards are completely unambiguous and well written. Given that premise, I believe that the quality of the implementation is a direct result of the determination and vigilance of the programmer. Or better yet, group of programmers. Two pairs of eyes see more that one, and a whole open source community sees more that just one annoyed corporate programmer.

I think digest authentication implementations haven’t received the level of scrutiny that other protocols have and that this resulted in a number of bugs in the various implementations. On that note I would like you to check out my own implementation: HTTP Authentication for Ruby. You can find the API documentation on Rubyforge. There is also a gem, which you can install the usual way:

gem install httpauth

This is still early beta and there are bugs and limitations.

Anyone at the ABN-AMRO Bank wants some help with HTTP Redirection?

The Media Guild aims to support the development of creative talent and entrepreneurship in the fields of ICT and New Media.

Great. The website looks like this in Firefox:

and even more broken in Safari:

Those who also still think they can get away with a website that only works in Internet Explorer should definitely check out their ‘range of specialist media services’ or have their ‘concepts rapid-prototyped by the Guild’s selected apprentices’.