Ruby through rails part 6: Bundler Dsl

Gautam Rege:

What happens when you write ‘gemspec’ in your Gemfile? Learn some Ruby by understanding the Bundler DSL in this series of posts.

Originally posted on narutosanjiv:

Earlier we seen detailed working of ‘gem'(present in Gemfile) command. For now, we are now going to introspect the working of ‘gemspec’ which we mostly used during building our rubygems. As i have mentioned in earlier serials that all command, which we used in Gemfile, found in the bundler file(lib/bundler/dsl.rb)

Let see how ‘gemsepec’ is used in gemfile.

Normally, when we write our rubygem, our directory name is the name of gem and gemspec found in same directory as “name_of_gem.gemspec”.

Let see the code of ‘gemspec’ defined in bundler(lib/bundler/dsl.rb).

Let understand above implementation with code example. Consider we have ‘dummy’ as rubygem.
Content of Gemfile of ‘dummy’ gem are:

As we do ‘bundle install’, then gemspec call without any options. Since we did not pass any options, default name, path, development_group get set as ‘.(current_directory)’, ‘{,*}’ and
‘development’ respectively. Line no 6 get ‘#{name}.gemspec’ file if name provided as nation…

View original 159 more words

Posted in General | Leave a comment

Nested module definitions

Gautam Rege:

Nested modules are not what they seem. In this post, Rishi talks about the scope among nested variables. Here’s an Ah-ha! moment for you!

Originally posted on Learning shall never stop..!!!:

When we define nested modules like this:

and when we do like this:

Even though both method calls to print_const looks same, and should return same result. But it returns different values of the constant.

Reason:
When you do this in first case:

and this gives:

So ruby looks for the constant X in the order as A::B::C, A::B, A. and it loads wherever it finds first, and as in our scenario, under module B.

And in second scenario:

and this gives:

Here since the nesting of the module is different, it only search in A::B::C and A, skipping A::B. So it finds constant X under module A.

View original

Posted in General | Leave a comment

Pro-tips for production server setup (when shit hits the roof)

This post is not related to production deployment automation. This post is our voice of experience (read as: major issues caused due by “minor” missing server configurations) and how we resolved them.

These are changes that would help you in case you are dealing with

  • Upgrading your server stack that uses HAProxy and SSL (We were using EngineYard)!
  • Nginx configurations to prevent spoofing (and a rant on Cloudflare Always Online crappy product).

Upgrading your server stack

For the past few years, we had been using m1.large AWS EC2 servers from EngineYard. When AWS introduced better pricing for the newer servers, we migrated to the new servers. We setup the new server and migrated our old IP address to the new server. Obviously, there was no need to make any changes in the DNS. So, we thought all was well until our customer started complaining!

The portal administrator required to know the remote IP address as an additional level of logging and security and all of a sudden (from the date we migrated to the new servers), the remote IP was always the private IP address of the EC2 instance!

After contacting EY support, we had a few rounds of barking up the wrong tree. The following stunts failed but I am mentioning it here so that you know you’re in going in the wrong direction!

Stunt 1: CNAME, ELB and HAProxy games

Initially it was assumed that HAProxy handles remote IPs incorrectly when SSL is involved and we we need to use an Elastic Load Balancer or setup stunnel! Or disable haproxy (not recommended though). We followed instructions mentioned at and setup and “App terminated” ELB. Then we added the CNAME in our DNS.

No luck!

Stunt 2: Route53 hiccup

Since we had initially setup an A record with the Elastic IP, it was deemed that the ELB name entry was being by-passed and hence things were not working. So, it was recommended to move the domain to Route53 instead of our current Registrar.

Now this was suddenly a big issue with our customer and just when there was enough shit hitting the roof, EY support had another idea that worked! There was no need to change the A record or add the CNAME entry.

Here is a concise steps of changes that are required:

  • Add an ELB (Elastic Load Balancer)
  • Set the SSL terminated option to “ELB terminated” (not App Server terminated!)
  • Copy the same SSL certificate that’s on the app server to the ELB.
  • Change the nginx configuration to listen on port 81 instead of 80 (http) and 444 instead of 443 (https)

Now, HTTP(80) and HTTPS(443) requests are handled by the ELB (since our app is listening on 81 and 444). It then forwards the request with the correct “remote IP” to our application server and things are finally back to normal. Remember that the SSL certificate is for one domain only. Since we had it for http://www.ourdomain.com, we had to setup nginx 301 permanent redirects to the www domain.

Lessons learnt – when upgrading hardware resources, certain security policies change and can have adverse impact

Prevent Spoofing with proper nginx configuration

It so happened that our customer complained about Google Search results going wrong! As the owner of a site called fundamentor.com, when he google’d for it, very surprisingly, another site came up too!

spoofed site 2

When we actually clicked on that link – we were very surprised to see exactly our site available there. Thinking that there may be someone who has copied our HTML and updated it, I tried to login and I was able to login too!. Now we were worried and shit hit the roof. As you can see in the image below, the URL is for superpromoapp.com but its our web-portal that is displayed and fully functional. Had our servers been hacked? Had our source code been compromised?

spoofed site 4

When we checked out access.log file in nginx and found (to our relief) that we had been getting requests to http://superpromoapp.com and they were being served! On further investigation, we realized that our nginx configuration has only one server block. It’s mentioned in the documentation of nginx listen directive that

If none of the directives have the default_server parameter then the first server with the address:port pair will be the default server for this pair.

That’s exactly what was happening. So, superpromoapp.com has a malicious HTTP server that was rewriting the URL to hit the real server (fundamentor.com) and acting as a pass-through. Luckily we had found this early on otherwise all data including sensitive information would pass through this middle-man. They even had their own robot.txt configured to ensure good responses to crawlers and get a better ranking! (I still don’t know what they would get out of a better ranking) but to prevent this unwanted access, we then added the following to our nginx configuration.

server {
  listen 80;
  server_name fundamentor.com www.fundamentor.com;
  ...
}

# This was added to prevent any other domain accessing our site.
server {
  listen 80;
  server _ default_server;
  return 520;
}

Now, when we tried to open http://superpromoapp.com we realized that the spoofed site had cached all the content via “CloudFlare Always On” technology. Since this product acts as a reverse proxy, you can get content from virtually any site if you configure your DNS. When we reported abuse, they said that this was a hosting issue and diverted our query. Probably unrelated but worth a read about CloudFlare crappy support ToS!

spoofed site 1

When a day later, the cache was invalidated, the requests to http://superpromoapp.com were rejected by nginx with Error code 520 (Origin Error) and we finally resolved the problem ourselves!

spoofed site 3

Lesson learnt – Among other directives, don’t forget to add an nginx default_server block.

Hope these minor server configurations help you ensure that hardware upgrades or nginx server configurations allow you to have a better experience than we faced!

Posted in Case Studies | Tagged , , | Leave a comment

Learning to Fly – Internship story

This is the unedited version of Ankit’s internship story at Josh for 2 months. We have posted it “as is”. We hope this helps others understand what internship at Josh is like, the culture and the values – @gautamrege

Introduction

This is a list of activities carried out during 8 week full-time internship at the Josh Software. The document contains information about the organization and the work performed throughout the period between 19 November 2014 to 17 January 2015.

The first part of the report offers an overview of the organization. Following, it proceeds to describe in some detail the most relevant projects carried out and their respective analysis. Finally, the report wraps-up with a few closing remarks and conclusions from the experience.

How I got selected

Our 5th semester exams got finished on 15 November 2014 and I got news that Josh team is coming on 17 for winter internship programme. I didn’t have any time for preparation but was very excited and confident to face the interview.

In first written round there were total four question. We have to write two programs on paper and had to tell output of one programme and one was puzzle problem. I wrote all the programs but was not able to solve the puzzle problem. After four hours result came and five student were selected for next round and I was one of them.

Second round was at Josh office and we five reached there at 10 am next day. Then they called their first guy to interview and I was relieved that I was not that guy. That guy was there for one hour in interview room. Then he came out and after him another guy was called and again that was not me. Utilizing time properly and judicially I asked all questions asked to him and I was happy to hear that all were coding question related to linked list, pointer and C concepts. My confidence again rose to next level as I was very comfortable in these areas. Finally my chance came at last and I was asked to write a program to maintain details of stock market per day basis. I wrote it using structures and linked list and they were happy after seeing full page of code. Then they asked me some basic questions on C which I answered. At last they played a game with me made by one of software engineer at Josh who was also from my college and they observed how I was making moves in the game. Then my interview finished and I was very excited to hear the words from the interviewer “You come from tomorrow”. I was very happy. Then we came outside of interview room and I came to know that I was the only one got selected. Then they show us their office and work environment. We have our lunch their and then we returned.

My expectation and objectives

After coming home I was very happy and excited about the internship. Josh builds web application and I was a very bad in web development. Earlier I have done only algorithmic programming and was good in it. So this was the time to improve this part of mine. My objective for next two months was to become proficient in rails framework.

Two months internship

First day of internship I reached office and was very excited. Then I done some formalities there and I got my Josh email id. I was working directly under Gautam Rege CEO of Josh. What else you want. Then my internship kicked off

So before starting Rails my task was to learn ruby since rails is built in ruby. Till now I have only programmed in C, C++, Java, python so ruby was new to me. I was given task to learn ruby by writing a Sudoku game. Then I just gave a scan on ruby language and learnt basic syntaxes of language in half an hour and the game was ready in next hour. I was very happy with my performance and was ready to learn Rails. I showed my code to Gautam Sir and was waiting for reply. He scanned my code and asked me what I have done. I was shocked to hear that and politely said that I have made sudoku in ruby. He replied where is Ruby in your code. And Again I was shocked because definitely I have written ruby code. Then he gave me a lecture on what ruby is and what was the expectations. He meant that Ruby code should be like English, one should understand your code by just reading. He also shown me examples with some piece of code how Ruby is self expressive. But Wait main action was left. He asked me do you have another copy of sudoku. I said no. At next moment I saw him typing rm command and I was shocked for a moment. My code was deleted and I have to write again sudoku from scratch. I thought for a moment that I could have modified this one also. But No problem I was here to learn not to complete my assignment. Then I started taking ruby serious and studied Ruby for three days understanding its concept and wrote my sudoku again from scratch. But same happened with my code as previous My code was deleted three times and fourth one was as execpted. I knew after first deletion that It can happen again. But honestly I didn’t stored a copy of my code. I am very competive by nature and was ready to take challenge that let’s see how many times Gautam Sir deletes my code. So I wrote my Sudoku four times from scratch and finally it was as expected. I have finally written sudoku by ruby expressive nature and exception handling.

sudoku2

Then next step comes I was asked to test my game. I have done competitive programming earlier and was very good at testing manually covering boundary cases and noting program output after each input. I told Gautam Sir that I am going to test my game in this way. I was again shocked that this is not gonna do as I have done this from last 2 years. Then Gautam Sir tells me about minitest supported by ruby I was really surprised how clean way ruby gives to test it. I have never seen this kind of testing earlier. We can refactor our code without messing with our logic by using minitest.

So finally I did all that stuff but this was not end i was to asked to tell my code quality and then again i asked myself now what is this my code quality is 100%. Then Gautam Sir told me about CodeClimate which tell the quality of our code by examining function variables, length etc. Then I learnt that this way Clients of Company remain assured of code quality without reading code. CircleCI tells how much we have covered in our test cases. So I have integrated my code with codeclimate and then it analysed my code and give a score of 3.8 I was shocked what 3.8 out of 10. I just imagined 10. Then Gautam Sir told me that it was out of 4 and I became very happy. I also integrated with CircleCI and it was showing 80% test coverage. Now finally I finished my sudoku in ruby. Last I learned about bundler in ruby and used it in my program and finally made a gem of my sudoku. Bundler basically keeps record which version of gem our program needs and provide that.

Meanwhile making sudoku I also read about Ruby metaprogramming and was excited to see ruby true power. Then I read somewhere that Rails use metaprogramming a lot and my curiosity rises to learn Rails.
So finally It was time to start learning rails. I spend my first two weeks to just read about Rails all the things it provide to build web apps and the metaprogramming it uses. It might seem long days but this time I don’t want my code to be deleted. This time I was given a web app Quizmania to build. Now best thing in this was Gautam Sir acted like client and I as software engineer and my task was to take the idea of client and build the web app as client is imagining. I was free to ask any question to client. I did quite well in this but mistakes were done by me and I was not able to take the full idea of what client wants. This time Gautam Sir showed me the famous diagram which I think all Software Engineer knows.

Client expectations and what he gets

I have seen this in my college lecture but realized now that how really difficult it is to take full and exact knowledge what client wants. I learnt here ways to ask question to client. Finally I made my database tables, relations and was ready to go. I started working on my project and it took almost one week to finish. I integrated it with CodeClimate, CircleCi and wrote test cases. This time my code quality was 3.7 and test coverage was 98%. I wrote test after finishing my project which is wrong way to do this we should write test cases before and should then code to pass our tests know as Test Driven Development. So I will definitely going to take care of this next time.

At last my web app was ready and this time Gautam Sir was very happy with my work and major achievement was “no code deletion this time”. I want to give special thanks to Sailesh, Sahil, Sweta and Anuja who helped me in Quizmania by finding major bugs and told me ways to correct it.

quizmania2

Here is link to my code on github
Sudoku.
QuizMania.

New skill and information gained

After two months I was happy that now web development is not my weak point. Here I saw how work is done in a company. How interaction happen between Clients and Company and how Git is used to complete a project. Earlier I have only read about git. But here I have used git in both of my program. So finally I have learned and mastered Ruby and Rails.

Summary

So summing up It was a very good two months experience, which I could never have got in college. I also learned to solve Rubik cube thanks to Anil Sir. Last but not the least, it was a great opportunity for developing my personality and making contacts which may prove of value in the near future and to work with a fantastic team of very hard-working people.

Posted in General | Tagged | Leave a comment

Watermarking images with ImageMagick

Gautam Rege:

Protecting your photos and images with watermarking using imagemagick is pretty cool. Aditya talks about watermarking images using text and images with various effects like composite, dissolve and watermark. Nice, comprehensive post! A good read.

Originally posted on The 'Ruby on Rails' Mini Blog:

Watermarking images is a breeze with ImageMagick. ImageMagick is a very handy tool to manipulate images from the command-line. It is free and is available on all major platforms.You can use text or another image to watermark your images with ImageMagick. The ‘rmagick‘ gem is a Ruby library to interact with ImageMagick.

I recently had to watermark images in one of my Rails projects. This was pretty critical as some of the customers were using these images without paying for them. Images were generated using ‘pdf2image‘ and not uploaded by the client. So we had to do this with Ruby.

We wanted the watermark to occupy a large part of the image, look pleasant without actually becoming overbearing. We tried both alternatives text and image before choosing to watermark with the client’s logo.

There are many ways to watermark images with either text or another image using ImageMagick’s ‘convert’ tool and command…

View original 464 more words

Posted in General | Leave a comment

Comparative study of looping construct in ruby, dlang, rust, golang.

Gautam Rege:

Sanjiv has drawn a good raw loop performance comparison between Go, Rust, C and Dlang. Some of the outcomes are pretty fascinating and he predicts that Rust will be a great for low level and system programming while Go will take the lead for general purpose high level languages.

Did you know – In ruby, ‘while’ loop performs much better than ‘for’. It is recommended that when iterating large data,use ‘while’ or ‘loop’ than the traditional each or foreach.

Originally posted on narutosanjiv:

We have been learning & working on various programmings languages. These different programmings language help us to learn various programming paradigm & constructs.  There are number of new programming language such golang, rust, dlang.

We are going to see performance of simple loop in golang, rust, dlang, ruby. We are going iterate a 100 million times to see raw performance. Below is the example of for loop in golang.

Above code is compiled with gccgo-4.9(golang). gccgo compile the given input file & produces binary file with name ‘a.out’.Benchmark of following code:

Below is the example of loop in rust-lang. In rust lang, there are two different looping construct namely ‘for’ and
‘while’ loop. ‘while’ denotes a loop that iterates as long as its given condition.

Above code is compiled with rust(version 0.13).  rustc compile the given input file & produce binary file with name same name as input.Benchmark of following code:

Below…

View original 239 more words

Posted in General | Leave a comment

First Solo trip!

Gautam Rege:

Shifa, who works at our company used her company conference budget and made her first solo trip abroad to attend RubyConf 2015 in San Diego.
Here is her experience while travelling alone, the preparation, the craziness, the fear and overcoming it, realisations and finally elation!
A well written post that we hope inspires other women techies to travel far and have great experiences to share!

Originally posted on A life of freedom:

The world is beautiful and full of wonders. And all those years of watching Discovery and NatGeo had only made me realize how badly I wanted to see it and experience it; all of it.

Decision

So, when I got the opportunity to attend a conference that was taking place in the other half of the world; I knew I wanted to go. But coming to a decision wasn’t easy and deliberation was needed. So I sought advice from parents, friends, colleagues and relatives. Now this might not have been the best idea, considering how few of these people had actually traveled solo before. Most conversations went like this:
Me : Hey! Guess what? I’m going to the US for a week to attend a conference!
Them : That’s awesome! Lucky you! Who all are going with you?
Me : Just me!
Them : Oh! *Thud* (Yeah, their faces just…

View original 1,516 more words

Posted in General | Leave a comment