Matthew Bass

  • CORS woes on Heroku

    ,

    After spending the past 4 hours attempting to solve what boiled down to a rather simple problem, I figure I’d better blog about it to save someone else the time and effort.

    If you’ve been leveraging Passenger’s new –nginx-config-template command line option to add CORS headers to static assets served from a Rails app hosted on Heroku, and the CORS headers recently disappeared under mysterious circumstances… read on.

    I’ve been using the method described here to add CORS headers to custom fonts served from a Heroku-hosted Rails app that’s proxied by Nginx which handles serving static files. I recently updated to Rails 4.2.2 and suddenly, my custom fonts (.woff and .woff2 files) no longer had CORS headers on them.

    After the aforementioned hours spent scratching my head, I discovered that the latest version of the sprockets gem is generating asset digests that are 64 chars in length, where previously they had been 32. Nginx’s default regexp for identifying requests for static assets assumes the digest will be 32 chars long, like so:

    # Rails asset pipeline support.
location ~ "^/assets/.+-[0-9a-f]{32}\..+" {
  error_page 490 = @static_asset;
  error_page 491 = @dynamic_request;
  recursive_error_pages on;</code>

  if (-f $request_filename) {
    return 490;
  }
  if (!-f $request_filename) {
    return 491;
  }
}

    Changing the regexp to recognize digests that are 64 chars in length immediately solved the problem:

    location ~ "^/assets/.+-[0-9a-f]{64}\..+" {
   ...
}

    I had to laugh after something so stupid and silly cost me a good chunk of my Saturday to debug. But at least it’s working now. My statically served custom fonts have the correct CORS headers and Chrome and Firefox are happy again.

Need help?

I’m an independent software developer available for consulting, contract work, or training. Contact me if you’re interested.

  • Wiki on your thumb

    ·

    Yesterday I began getting irritated with my Instiki install on my PC at home. Don’t get me wrong, I like Instiki itself, but having to start it from the command line was getting annoying and I haven’t yet had time to figure out how to set it up as a Windows service. Add to that the fact that I want to have access to my Wiki from other computers and yet not open up my home network to the world, and you’ll see the dilemma I was facing.

    The ideal thing for me would be to store my Wiki on my USB thumb drive. Instiki’s data files could theoretically be stored there I suppose, but where would that leave me if I wanted to update my Wiki on a different computer which didn’t have Instiki installed? My thumb drive is too small to host a copy of Ruby/Rails on it. In desperation, I ran a Google search for “wiki on usb drive” and, behold, TiddlyWiki appeared.

    TiddlyWiki is an experimental “micro-content” Wiki designed by Jeremy Ruston. It’s written in HTML, CSS, JavaScript… and that’s it. No web server whatsoever is required to run this thing. It’s basically a self-updating HTML file. Clever! And useful. I can store the HTML page on my thumb drive and access it from any computer with a reasonably up-to-date browser. Theoretically, I could even go a step further and embed the Firefox browser itself on my thumb drive, complete with a custom profile and bookmarks.

    I highly recommend you check out TiddlyWiki if only for the novelty. The install is dead-easy (just save a file to disk) and I found the non-linear navigation structure based on “tiddles” (small chunks of information) to be quite logical. I haven’t seen something this cool since I was first exposed to AJAX!

  • Pair Programming at SAS

    ,

    ·

    What is pair programming? PairProgramming.com defines it as:

    Two programmers working side-by-side, collaborating on the same design, algorithm, code or test. One programmer, the driver, has control of the keyboard/mouse and actively implements the program. The other programmer, the observer, continuously observes the work of the driver to identify tactical (syntactic, spelling, etc.) defects and also thinks strategically about the direction of the work. On demand, the two programmers can brainstorm any challenging problem. Because the two programmers periodically switch roles, they work together as equals to develop software.

    Pair programming has traditionally been a practice of XP (eXtreme Programming). That doesn’t mean you have to do XP to pair program, however. Developers seem to fall into several camps on pair programming:

    • Some swear by it and feel naked when they’re not with a pair
    • Some are comfortable with it, but would prefer not to do it constantly
    • Some hate it with a vengeance and wouldn’t be caught near a pair

    Each camp has its own strengths and weaknesses, just like the practice of pair programming itself. My preference, though, falls somewhere between loving it and liking it. I don’t think constant pairing is either productive or enjoyable, but there are times when pairing can be quite beneficial.

    My formative years as a developer were spent in an XP studio which practiced pair programming 24/7. Being in such an environment taught me the value of collaborative development and good communication. Pair programming supports (one might even say forces) both of these goals.

    It goes without saying that moving from an XP shop to SAS was somewhat of a shock for me initially. I was used to a work environment in which all of the developers on a team shared a common work space. Now I was isolated, not in a lab or a cubicle, but in an office with a thick, heavy door!

    In my next post, I’ll discuss how I was able to work out getting a monitor splitter and a second monitor, keyboard, and mouse in my office and I’ll give some examples of how my fellow developers and I have used pair programming to our advantage on several recent development projects. Don’t touch that remote.

  • Ruby collections

    ·

    Martin Fowler’s latest Bliki post is about the programmatic uses of closures. It’s an interesting read for its own sake, but I found his examples of one-line manipulations of Ruby collections even more useful.

  • Wi-Fi? Insecure? Pshaw!

    ·

    I just read a fascinating article in the St. Petersburg Times about a fellow who was arrested for using an open Wi-Fi AP to surf the Web. This is one of only a handful of such arrests across the country. It reminded me of just how prevalent Wi-Fi technology is now, and how easy it is to break it. I’m going to be double-checking my own Access Point tonight for some of the things they mention at the bottom of the article. I also wonder at times how secure the local SAS APs are from intrusion.

    I already run WEP (for whatever good that does me), but I haven’t mucked with MAC filters yet and figure that may be a good idea. Running my own AP has always made me nervous, and this article hasn’t helped. I sure am looking forward to having some consumer devices with better security hit the market soon.

    Wi-Fi strikes me as being a technology that the was rushed into without fully understanding the consequences of its use. Sure, it’s really convenient and fun to use, but does that counterbalance the security risk?