How do I develop self-hosted Rails app - ruby-on-rails

Suppose I have Rails 4 app, call it "Super SaaS". Now my client says he likes my appvery much, but he doesn't want his data to be in the cloud. So he says he would buy a licience from me to deploy "Super SaaS" on his own server. More like Atlassian Jira.
The question is: is there any secure way(in terms of protecting source code) to do that?

While you can probably package up your code as a JRuby application with JAR files and Java byte code, there are decompilers for that, so you can never presume your source to be 100% secure.
Ideally you'd offer some sort of VM appliance that the customer can install, a system image compatible with VMWare or whatever virtualization system they're using. This helps package up a fairly secure environment, but won't protect against a determined adversary trying to get your source code.
If you're giving out your code to someone in any form, compiled or otherwise, you have to have a certain amount of trust. Even compiled executables are not immune to reverse-engineering.

Related

Updating own software in Program Files

I have a single executable which, via InnoSetup, installs into Program Files\FolderName by default. The exe has a 3rd party component which goes online to check for new versions and downloads them, then does a bit of fiddling to replace the exe - simple stuff. The problem is, it can't do this in Program Files because of the necessary security there. I was reading Windows 7 - Can't update my program's files in C:\Program Files in which David Hefferman gives a solution but then seems to say it's a bad idea - but I don't know whether the bad idea bit refers to his solution or to the OP's comments!
So what is the preferred method by which a program can update itself? One that will work on XPSP3 to Win8. I can't seem to find the right phrase to enter into Google that gives me relevant results. Ignore digital signatures and suchlike for now, for simplicity.
(Please note, it may look like I worded that as an opinion question but it's not - there must be some MS-endorsed way of doing it that I can't find. FWIW this is a Delphi program but any Win32 notes will do)
That 3rd party update utility needs to be run with administrative privileges, you can achieve that programmatically.
There is nothing wrong with installing your application in Program Files, that is the designated purpose of this folder. However, user data that is used by the application should be stored in a different location.
However you run that 3rd party Utility, you should first check the Windows OS version to see if fiddling with UAC is really necessary(Vista+...) and then run the utility in the elevated state.
He says its "extremely bad practice" to fiddle with your system so that normal users can write in "Program Files".
If your program is in "Program Files" it's installed with System Admin rights. So updates need also be installed with System Admin rights.
You can configure InnoSetup to request admin-rights so you can write to "Program Files" but if the 3rd party component does not do this its best to install everything in an other directory.
i.e. C:\Your_Program
That way your 3rd party component can write there.
There are several options here:
The easiest: make updater as a separate program with manifest, which requires admin privileges. Also you can ask for admin privileges when you start your updater. Or you can move your updater into out-of-process COM object instead of separate exe.
You can create hidden user with admin rigths during installation of your program. Then you will run your updater with credentials of this user.
You can install system service during installation of your program and this service will run from system account. So your updater will be implemented as a service.

Is there a way to update a cloud app instead of redeployed?

I was starting Windows Azure using WebSites, now I'm facing with the situation where I need Crystal Reports in my site, so I'm looking for a way to install the Redistribute Files to use it in my web page to generate reports.
I follow this page:
http://dotnetspeak.com/2012/07/running-crystal-reports-on-windows-azure
So instead of having a simple website, I'm gonna use a cloud app. Unfortunately, I'm updating frequently my website (role in Windows Azure project).
Do I need to redeploy all the time my cloud app each time I update my MVC project? Because it takes so long (like an hour, because I included a msi installer)
Thank you
Unless you build some custom extensibility into your application with some very robust dependency injection, yes, you have to redeploy.
EDIT: After re-reading your question again, I realised that you're using Windows Azure Websites.
The correct way to accomplish this is to use a webrole rather than the Websites
What you need to do is to store the installer as a blob in Cloud Storage.
Then part of a Azure Startup Task you can download from the blob and execute the installer.
If possible, you can also use the WebPICmdline (i.e the Web Platform Installer Commandline) to download and install for you from the Startup Task.
Steve Marx has done a few posts on using Azure Startup tasks. Here is one of them http://blog.smarx.com/posts/windows-azure-startup-tasks-tips-tricks-and-gotchas
Adding a bit to #Robert's answer: If the actual execution of the MSI is taking an hour, then this is not a very good use case for web/worker roles. Anything that takes more than a few minutes doesn't really fit well with the stateless scalable model. If that's the case, you should consider running a Virtual Machine for running Crystal Reports. Then you can use your web role for everything else.
If, on the other hand, the one-hour time is mostly consumed by the uploading of the MSI, then I'm completely in alignment with Robert: Store the MSI in a blob, and then download it to your role instances upon startup.
I would suggest to split your single Cloud project into two - one for Crystal Reports only. This way you can deploy it separately from MVC site. You could also build extra smarts into start up task, maybe checking if Crystal is already installed. However, I think splitting them up should be good enough for you
Normally the update process does not lead to an complete re-image of your webrole, only the approot gets destroyed! Here you can find a very detailed information about what is happening on update and deployment: http://msdn.microsoft.com/en-us/library/windowsazure/hh472157.aspx
What does that mean to your problem? Code deployment is an "in-place update" process. If you install Crystal Reports in Drive C: or D: it wont get destroyed on each deployment.
In your Start-Up Task you have to check, whether the software is already installed, or not. In case it is not installed, just install it, as mentioned above on Drive C: or D:
Edit: I got the Point: Does your update Process takes so long, because of the file-size of your MSI? If so, i also suggest to upload the MSI into Blob-Storage.

Could I install Delphi and my libraries on a USB key in such a way as to allow debugging of my app on a customers PC?

Back in the days of Delphi 7, remote debugging was mostly ok. You set up a TCP/IP connection, tweaked a few things in the linker and you could (just about) step through code running on another PC whilst keeping your Delphi IDE and its libraries on your development PC.
Today, with Delphi XE2,3,4 you have paserver which, at least at the moment can be flaky and slow. It is essential for iOS (cross platform) development, but here at Applied Relay Testing we often have to debug on embedded PC's that run recent Windows. To do this we have employed a number of strategies but the hardest situation of all is to visit a customer site and wish that one could 'drop in' a Delphi IDE + libraries and roll up ones sleeves to step through and set breakpoints in source code.
It is quite likely - hopefully - that the paserver remote debugging workflow and its incarnations will improve over time but for now I got to wondering how it might be possible to install Delphi + libraries + our source code on a USB key so that with only a minimal, perhaps automated setup, one could plug that key into a PC and be compiling, running and debugging fairly quickly.
I can see that the registry is one of the possible issues however I do remember that Embarcadero once talked about being able to run their apps from a USB key. Knowing how much of a pain it is to install my 20-odd libraries into Delphi though, it is not trivial and needs thinking about.
Has anyone done anything like this or have any ideas of how it might be done?
Delphi does not support what you are asking for. But what you could do is create a virtual machine with your OS, IDE, libraries etc installed in it, then copy the VM onto a USB drive, install the VM software on the customer system, and run your VM as-is. There are plenty of VM systems to choose from.
First, I need to get this out of the way: embedded PCs running Windows?? Sob.
Ok, now for a suggestion: if a full virtual machine isn't an option for this task, application-level virtualization may be. This intercepts registry calls and other application-level information and maps them to a local copy, allowing essentially any application to be turned into a portable version. The good news is that there are free versions of several programs that can turn Windows programs into virtualized apps.
The only one I've personally used is MojoPac, and found it delivered as promised although was very slow running off of a (old, very slow) flash drive.
http://lifehacker.com/309233/make-any-application-portable-with-mojopac-freedom
I haven't used this newer "freedom" version though.
Two other programs I've seen that appear to be popular are Cameyo:
http://www.techsupportalert.com/content/create-your-own-portable-virtual-version-any-windows-program.htm
and P-Apps,
http://dottech.org/26404/create-a-portable-version-of-any-software-with-p-apps/
but I can't vouch for the quality of either of these two.
Hope this helps.

How do I package a rails as a standalone executable

I've been developing a web application and a lot of customers are asking if they can host the application in their network (for security reasons). I have been looking for a way to package up a rails app into a single executable (with server and all), but haven't been able to find anything. My other requirement is that we distribute it without the source. Because of that I was looking at JRuby and Warbler. The end product should run on linux or windows. Has anyone done anything like this before, or can anyone point me in the right direction.
Thanks
My best guess would be to use JRuby and the JRubyCompiler, although I have no idea if you could compile a whole rails project (including all the required gems). I got it to compile a small ruby script though. Anyway, if you succeed, you could package those in a jar or war and deploy that as a contained application.
It doesn't sound like you necessarily need to package it as an executable, as long as the code is obfuscated. I personally haven't needed to protect any of my code, but a quick google search returned this product http://rubyencoder.com/. I'm sure there are others out there, but the basic idea is that your code is unreadable and cannot be reverse engineered. This would allow you to run a standard rails environment without giving access to your source code.
If you have the budget and really want to outsource this, the Github guys partnered with BitRock to build their cross-platform installable product (Github Firewall Install). BitRock has this case study on their website.

Single-user source control?

Searching with '[Delphi] "source control"' didn't return much, so here goes: For those of you Delphi programmers working on your own, what source control do you like? I know about TortoiseSVN (which can be used without a server), but I'd like to know if there are better options before choosing it.
Thank you.
SVN will be more than enough as you'll mostly use it for backing up and diff'ing versions.
You can use VisualSVN Server and TortoiseSVN with Delphi IDE Integration. All of these are freeware. If you wish to use any other freeware SCM with Delphi IDE integration you'll need to buy SourceConneXion or Athlant. Also, if you're using D2009 you'll need to convert strings to ansistrings in order to get TortoiseSVN addon for delphi to work.
I use Mercurial, and have used Bazaar and Perforce (free for small teams). All are good, but nowadays I tend to prefer Mercurial. Mercurial comes with its own tortoise
which, while not quite as polished as TortoiseSVN, is perfectly usable:
(source: sourceforge.net)
For users of RAD Studio XE or XE2, Uwe Schuster has published an IDE add-on called Version Insight Plus that adds Mercurial and Git support to the IDE's built in version control support.
For all the systems I have mentioned, no central server is required.
I would recommend Git which is free & open source and:
Doesn't require you to even set a central server even if you want add more developers or machines.
Is Extremely Fast (imo)
Encourages the use of branches
I use it for almost every new project, even when it's just me on the project. It's an extremely fast distributed version control system and was written by Linus Torvalds and is now used in high profile projects like the Linux Kernel and Ruby on Rails.
Git isn't hard to use from the Command line but also has it's own "Tortoise" package (TortoiseGit - albeit not as polished as it's SVN cousin).
SourceGear Vault is free for a single user. I like to use the external client because I work in different environments, but If you want Delphi IDE integration, you can use Source ConneXion (not free).
You might look at some of the responses here (Stack Overflow) if you do have Delphi in mind. As mentioned in the answers there, I use Team Coherence which integrates very nicely with Delphi's IDE, and is aware of Delphi file groups (.pas with .dfm etc). I think it's written in Delphi too.
Having said that, the other comments already made are true - you shouldn't really let your choice of language dictate your choice of VCS.
Even though you've said single user, I would look for a solution that allows you to easily host it on a server/other desktop machine, so you have separated your development machine from your source repository. I'm probably teaching granny to suck eggs but you ought to check that whatever you choose can be easily backed-up too (even to a USB key or external drive would be fine). :-)
I know you have asked for Source Control, but if you are always planning to be a 'single developer' you might like to consider an automatic backup solution like AJC Active Backup instead. Yes, you lose the ability to check in and out specific versions, but at the same time you avoid the need to check stuff in and out all the time when it is only you working on a project. And you can recover or diff any previous source files by date for as far back as you care to configure. It's very much a set-and-forget solution, until you need to recover something, when it is invaluable. And the archive itself can be backed up in the normal way.
I use TortoiseSVN, but store my repositories as files on my laptop (on a share that can be accessed by mutilple VMs), not managed by a server. This means that I have full access to the repository regardless of server access, but also allows me to easily backup the repositories to the company file server when connected.
Since I am the only programmer I have not needed a separate server so far. I have seen Nick Hodges (Delphi Development Manager) say very nice things about VisualSVN Server, and I aim to check this out, to see how easy it is to backup/restore the repository: if that can be automated, and done very quickly, then I will probably adopt that.
Longer term I am going to look at the various flavours of distributed VCS, as that may be better suited to multiple laptop-based developers; I'm not sure yet, as I've not reached that page of my to-do list ;-)
One of the things supposedly in the pipeline for Delphi is integrated support for VCS. I've no details on that, or on any implications for current users of the various traditional or distributed VCS.
The language you use doesn't really matter in the choice of the SCM you will use.
It can matter if your favorite IDE supports or not this SCM.
TortoiseSVN is just a svn client, if you choose svn you can have several client.
I use Tortoise, and subclipse for committing in the same svn repository.
I would suggest using SVN server on a separate machine (either VisualSVN as suggested before or CollabNET Subversion Server) and TortoiseSVN with JVCL integration expert (also as suggested before).
Besides getting all the good stuff from the version control, you'll also automatically have backup on a different computer, which is always a good thing.
I know this will get down voted, but I feel it has to be said.
I've used Version Control software for many years at my job, and it is required when multiple people work together - to make absolutely sure that no two people overwrite one-another's work.
But for my personal development at home I don't use one. I find them overbearing and inconvenient for a simple one-person project. And I've tried several packages including Source Gear Vault and some others that other people have mentioned.
What I do instead is at every significant change to my program that I might want to go back to, I make a copy of the entire program directory. If I screw up in the next change, I can go back to the copied directory.
I also permanently keep copies of all my directories of every release of my program. If I ever need to do comparisons between my current version and previous releases, or between two different previous releases, I use Beyond Compare by Scooter Software - a simply great tool for diff-ing and copying changes between versions. If you use Source Control software, Beyond Compare will integrate into it nicely.
So I mention this simply because I have often heard everyone pushing Version Control Software, even for the individual developer. For some of us, it's overkill.
You may want to consider this simpler solution.
I use Bazaar with Delphi and it works well, especially for solo developer workflows. It has it's own TortoiseBzr but it isn't as good as some of its cousins so I recommnend the excellent Bazaar Explorer instead. One of the great things about Bazaar is it's flexibility and the ease with which you can change workflow or include another developer in a project that started off solo.
A lot of articles about Bazaar will tell you it is a lot slower than Git or Mercurial. They are out of date, now it takes a similar time to acomplish operations as they do and is faster on some operations.
My team use StarTeam and I have never used something else like SVN so it is hard for me to do a good compare. Starteam has both positive and negative sides.
Pros:
You can register Change requests and
connect them to checkins. This make
changes more trackable.
I feel more comfortable with a real GUI compared to commandline or some Shell
extension.
Cons:
Expensive, as most products from
Borland...
Latest version use Java. It is almost like the previous Win32 version and they have added more features, but I still feel that it is some slower and more memory hungry than before.
GUI could be a bit more intuitive.
I'm not big on version control, but use SVN/Tortoise and am quite happy with it. The main benefits that I see for a single developer is being able check out older versions of the application, and use multiple computers for development (desktop / laptop) - other than the obvious backup benefit. I tend to not need it for diffing files, as I find the version control tools within the Delphi IDE fairly good for this - provided the "bug" was introduced recently.
I think most Delphi developers use SVN/Tortoise (making it a fairly safe choice) - but there are trendyer options such as Mercurial and Git.
As a single developer, I have used Perforce for a number of years. It has been great. Aside from a CLI, you can use the P4V client. There's also an explorer plugin available, as well as Delphi IDE integration. I actually just found this free integration on Torry yesterday:
p4delphi
I've installed it in Delphi 2010, and it works pretty good.
Perforce is free for two user, it would require you to install perforce server, but the server footprint is very, very small. you can use P4V (Perforce visual client) which is far more convenient than tortoise, it also provide Windows explorer extension to be have just as tortoise (but you could skip this installation). Delphi integration could be done using P4Delphi.
I am using subversion, bug tracking and simple to use project planning for my latest delphi project from an web service provider. http://www.unfuddle.com has a free account for projects less than 200mb with 1-2 developers and the user interface is easy to use.

Resources