We'll show a quick step-by-step to getting started with rvm on a new Rails application setup (in Ubuntu 10.04).

Continue reading...

This is the second post of our Rails security series. After we talked about Sessions, now we focus on another important security issue you should be aware, Cross-site Request Forgery (CSRF).

Continue reading...

One of beauty in the world of open source is there is always available option to solve a problem. Similarly, in the world of Ruby programming. You can always find the tool to complete your work on websites such as RubyGems or GitHub. But somehow that kind beauty is lead you to another problem. Which tool should I use? You can always browse dozen of blogs to have some reviews or recommendations on tools you'd like to use or you can write a simple Ruby bechmark using bench_press. This post will show you how to benchmark Hpricot vs. Nokogiri. Both of them are Ruby HTML parser library. Install bench_press gem, then

bench_press --new html_parsing

edit the newly created html_parsing.rb and run your benchmark

bench_press html_parsing.rb

I am doing benchmarking on how both library load a HTML document and search for Elements by XPath and CSS expression. This benchmark is not intended as a real bechmark, instead is just show you how to get started on writing your first simple Ruby benchmark. Here is my html_parsing.rb content

require 'bench_press'
require 'hpricot'
require 'nokogiri'

extend BenchPress

reps 1_000 #number of repetitions

measure "hpricot" do
  doc = Hpricot open('example.html')
  doc.search "//p[@class='description']"
  doc.search "p.description"
end

measure "Nokogiri" do
  doc = Nokogiri::HTML open('example.html')
  doc.xpath "//p[@class='description']"
  doc.css "p.description"
end

and the example.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    <title>HTML Example</title>
</head>
    <body>
        <div id="content">
            <p class="paragraph title">Put your title here</p>
            <p class="paragraph description">Put your long description here</p>
        </div>
    </body>
</html>

So, are you benchmarking too? if so, show us how you write your benchmark.

This is the first post of our Rails security series. Sessions is vulnarable to particular security threats that why it is a good place to start looking at security.

Continue reading...

Page Responsiveness is the amount of time it takes to load a webpage on a browser. There are some different tools to measure page responsiveness, here is 2 example of them

1. Yahoo! YSlow, from within the Firefox
2. Web Inspector on Safari

How can you improve responsiveness? by improving browser load time. You want to install YSlow to figure out what is wrong with your front end browser performance. When you run YSlow against a website, it will give you a report card offering suggestions for improving the page’s performance, summarizes the page's components, displays page's statistics. YSlow also provides tools for performance analysis. YSlow will analyzes and give you 35 best practices recommendations based on a set of rules for high performance web pages. Now let us take a quick look on how you can achieve some of those recommendations. Rails code snippet used on this post is based on version 2.3

Make Fewer HTTP requests

Combined files are a way to reduce the number of HTTP requests by combining all scripts into a single script, and similarly combining all CSS into a single stylesheet. You can include all javascripts in the javascripts directory using :all as the source:

javascript_include_tag :all

If you have sub-directories under javascripts, you should set :recursive

javascript_include_tag :all, :recursive => true

Make it even better, cache multiple javascripts into one files

javascript_include_tag :all, :recursive => true, :cache => true

Remember caching will only happen if ActionController::Base.perform_caching is set to true which is the default for production environment. You can also apply this strategy to your stylesheets

stylesheet_link_tag :all, :recursive => true, :cache => true

The last thing that usually cost HTTP requests a lot is external background images. You want to combining them with CSS sprites. To find out how you can create CSS sprites with Rails you can start from this slide.

Use a Dedicated Asset Server

You can easily done this by setting ActionController::Base.asset_host in the application configuration

ActionController::Base.asset_host = "assets.example.com"

Helpers will take that

image_tag("rails.png")
# => <img alt="Rails" src="http://assets.example.com/images/rails.png?1230601161" />
stylesheet_link_tag("application")
# => <link href="http://assets.example.com/stylesheets/application.css?1232285206" media="screen" rel="stylesheet" type="text/css" />

Add Expires Headers

It is the web server responsibility to set the far-future expiration date on cache assets. Here's an example for Apache

ExpiresActive On
<FilesMatch "\.(ico|gif|jpe?g|png|js|css)$">
    ExpiresDefault "access plus 1 year"
</FilesMatch>

Compress Components with gzip

Another task for the web server. In Apache, enabling output compression is fairly straightforward and this is a example for your .htaccess

Options -Indexes
Order allow,deny
Allow from all
AddOutputFilterbyType DEFLATE text/plain text/html text/css application/javascript text/xml application/xml application/xml+rss text/javascript

Obviously, there is some more YSlow recommendations to be done, but the above are the quick improvements that should have improved the user experience a bit. Feel free to share your tips/tricks on the comment form below.