What is the current state of the art in rails for preventing spam accounts? Captcha? Any good plugins, tutorials or suggestions?
Use a library: You're (almost) always better off appropriating code from people who are better at the subdomain than you are. The Wordpress guys behind Akismet have forgotten more about blog spam than I know, and I was an email anti-spam researcher for a while. You might be interested in a Rails integration plugin for Akismet.
Defense in Diversity: Spam is a quirky problem, in that the more popular a countermeasure gets the worse it becomes. As such, particularly for low-profile sites, you can get disgustingly good results by coding simple one-off tripwires. I won't give you any code to copy/paste because it defeats the purpose of the excercize: having a countermeasure which is globally unique.
One simple example is having a hidden form element which starts as some randomized string, and which is set to a known good value by Javascript code. You then bounce anything which doesn't have the good value supplied. This blocks clients which don't implement Javascript, which includes the overwhelming majority of spam scripts. There are issues, of course, as some legitimate clients also block Javascript -- but realistically, if you're using Rails, I'm guessing you're sort of assuming cookies are on and Javascript works.
I also recommend ReCAPTCHA, both because it's a highly-reliable service you don't have to manage, and because it serves two common goods - the OCR tasks described by the ReCAPTCHA team, and the progress towards teaching people how captchas work, reducing abandonment rates.
Edit:
It appears BranBuster is dead (this was years ago). But I really like:
https://github.com/matthutchinson/acts_as_textcaptcha
I'm a big fan of the rails plugin called "BrainBuster". It's a logic-based CAPTCHA which I find preferable over the "type these words" things, because it is annoying to decipher the words sometimes... It's simple to look at "What is 10 minus 3?" and come up with the answer. YMMV:
https://github.com/rsanheim/brain_buster
There is a re-captcha plugin if you want to use captch to verifye that only human can register, or add content: http://ambethia.com/recaptcha/files/README_rdoc.html
Spam is fair. It doesn't care what you're running behind the scenes.
So by extension, the things that work well on Rails are the same things that work for PHP, ASPNET, etc. Take a look at Akismet and the various "karma" anti-bot tools there are about.
For some there are existing ruby ports but you might have to rewrite a few to task.
For account creation, you may want to use Captchas. I personally am not terribly fond of them and I don't think they are that effective. But if you use them, I strongly suggest you use a service instead of trying to whip up your own. Re-captcha comes to mind. Not sure if there are wrappers for Ruby or Rails, though.
To prevent spam content, however, I strongly suggest Defensio (disclaimer: I've worked there in the past). It uses state of the art spam filtering techniques like what's used for email, such as bayesian filtering. There are plugins for many blogging platforms, including Mephisto (made with Rails). The API is simple and you can look in a few places to get working examples of how to use it with Ruby.
Related
Just got a new website project for my company internal use. The whole website isn't that complicating but requires quite a lot of real time interaction. Basically, it's an interactive time line table where we can freely drag and drop each elements to move and resize them.
At first I wanted to use this opportunity to learn Python+Django (I'm given a huge amount of time) but then I read around and a lot of people mentioned Rails is better for creating rich interactive website.
So, for a website with a lot of drag & drop interaction like this, is Rails really the better choice? Is Rails built-in ajax that much easier to work with compare to Django+jQuery? How flexible and customizable is Rails' built-in ajax? I want to learn RoR just as much as Python by thee way.
I don't think AJAX functionality will define which framework you find yourself preferring.
I can't answer most of your question relating to ajax, but still think this post could be useful for you: it's highlighting a huge difference between ROR and django -- mainly RoR uses magic, django doesn't.
I prefer django for exactly that. Others may prefer RoR for the same reason I don't.
What's wrong with "magic"?
Rails' developers are of the opinion
that this sort of "magic" is a good
thing because it makes it easier to
quickly get something working, and
doesn't bore you with lots of details
unless you want to reach in and start
overriding things.
Django's developers are of the opinion
that this sort of "magic" is a bad
thing because doesn't really save all
that much time (a few import
statements isn't a big deal in the
grand scheme of things), and has the
effect of hiding what's really going
on, making it harder to work out how
to override stuff, or harder to debug
if something goes wrong.
Both of these are, of course, valid
stances to take, and generally it
seems that people just naturally
gravitate to one or the other; those
who like the "magic" congregate around
Rails or frameworks which try to
emulate it, those who don't congregate
around Django or frameworks which try
to emulate it (and, in a broader
sense, these stances are somewhat
stereotypical of Ruby and Python
developers; Ruby developers tend to
like doing things one way, Python
developers tend to like doing things
another way).
So I think one will click for you regardless of out of the box ajax support.
Speaking as someone who mostly works on Rails, I would say take a day with each framework, follow a "getting started" screencast or tutorial, or pick up a book. ( For rails, I recommend Beginning Rails 3 ). Then, keep going with whichever one you feel more comfortable with.
One amazing resource rails has is Railscasts. Railscasts almost single-handedly converted me from PHP to ROR. I don't know if Django has a similar volume of quality screencasts available or not.
All frameworks are pretty heavily focused on the server-side of the equation. Now, Rails has a lot of things that help make writing views (your drag and drop stuff) nice, such as HAML (a fantastic template language)... and while I don't know enough to post links I'm sure Django has similar helpers. It's worth noting that both Django and Rails can use jQuery or any other javascript framework.
But, in the end, just by the nature of the web as stateless, there's going to be a degree of independence between your client-side templates and javascript, and what's serving that from the server side.
The real question you should probably be focused on is: Do you want to become a jQuery ninja, or do you want to scale up a notch and focus on Javascript itself, perhaps using tool suites like MooTools or Prototype. Your drag and drop stuff is client-side, so that's where your toughest decisions will have to be made.
Good luck!
I used to worry about things like this and would try new frameworks all the time because people would say it was a big improvement over the last one I was using until I realised I wasn't doing anything. Now I just pick one and stick with it. The fact that I know it much better than any others means I am more productive, even though the other frameworks probably include nice little tricks and shortcuts, and because I know it better I can debug problems faster.
Basically what I am trying to say is that just about every popular web framework can do everything that you want it to. Some are better than others but what really matters is that you become an expert in at least one of them. Being able to dabble in lots is not helpful, you really need to know one inside and out. Committing some code to the project helps this process.
Mainly depends on which programming language you prefer to work and most comfortable with. Some prefer the flexible syntax of Ruby others like the cleanliness of Python. Also need to take into consideration the production environment (aka what OS is it going to be hosted on).
Django does not do interactive web applications, it is agnostic to the whole "frontend" part, this is done in Javascript with little to no support from Django (except for transferring data from AJAX calls).
So if you want to use Django for this, you will have not only to learn Python but also to learn loads of Javascript.
I like this solution as hand-written Javascript feels a lot clearer than any of these generating tools to me, plus there are plenty of libraries that make writing advanced Javascript GUIs a breeze these days, check out Jquery UI or ExtJS.
From there, the server side will only be AJAX calls that (de)serialize data in JSON, nothing else.
Both Rails and Django are good. Try them both out and see which you like better.
I'm working on a application that requires a feature-rich media view, including images, videos, and smooth sequencing based on capture time. The backend is currently written in Rails.
What's currently the best, most mature option for implementing RIAs with Rails on the backend? I've looked at Flex, Laszlo, and ExtJS. ExtJS is interesting to me because I'm really not a fan of pure Flash UIs, but it seems highly targeted towards business apps, not entertainment applications like this.
Any suggestions or insights from others doing similar efforts will be very much appreciated.
Thanks!
I second zdmytriv for that book Flexible Rails, it's awesome. It's fairly outdated now though but lays out how simple it is to create a solid Project Management application with Flex and Rails. Everything in there has now become "RestfulX".
Check out RestfulX, it's a must. The RestfulX Google Group is very active too and they've made a lot easy.
We built this website in Flex with RestfulX and it was very easy. That application uses the Rails Paperclip gem to do image processing in a Flex admin panel like ScrapBlog (Scrapblog was built in Flex), and we could use some cool layout effects built into Flex 4. RestfulX made that pretty easy, and the gems made it even easier :p. They have generators too like Rails so it's real easy to get up and running with a DataGrid/CMS-like interface in 5 minutes.
I don't know anything about the other things you've mentioned, but I do know that it's pretty fun and easy to integrate Flex with Rails now-a-days.
As a side note, you can do hardcore SEO with Flex and Rails too, thanks to SWFAddress. We're doing that with that site above.
Cheers
I can recommend Flex and also this book Flexible Rails, whole book dedicated Flex with Rail cooperation. List of sample applications from the book here
Flexible Rails http://ecx.images-amazon.com/images/I/51QysfVDlVL._SL500_AA240_.jpg
If you're serious about considering Ext as an option, you should really search and maybe post in their forums about others using Rails, I know there are quite a few doing so successfully. I just ran across this example that seems like a pretty fully-baked app doing just that, so it's definitely possible.
Without knowing exactly what you're trying to do, I think that saying Ext is "targeted towards business apps" is a fair general statement, in terms of the widgets that come with it out of the box. It's highly geared toward window/form-based Ajax apps. That said, Ext Core is very similar to jQuery and other core frameworks, and everything in Ext is built to be highly extensible (hence, "ext"). In terms of being able to build what you need off of it, it is very powerful and flexible. You can certainly implement a flash viewer easily, and there are existing plugins that will do exactly that.
Sounds like Toby had a bad experience with Ext, but many other people enjoy it and find it very natural to code in. The syntax definitely has a Java/C# flavor to it in some ways (although it's really hard to directly compare any JS framework to a static language), and it has roots in YUI (which is even more verbose). For someone coming from C-ish backgrounds, it will likely feel very comfortable. If you're more used to Python or Ruby or something else, then it might not be as enjoyable, I don't know. Something you'd have to try for yourself.
Take a look at WebOrb from themidnightcoders.com. Among many features, it allows for AMF protocol for serialization of data. It is smoking fast.
IMO, if you want a true RIA experience, you'll need to focus on either Flex or Silverlight. There are pros and cons to each.
I did a GWT project a while back and am working with Ext right now. I have some C# / Swing GUI experience, none in Flash.
I like Ext a lot. It looks great, and I found the programming model close enough to the C#'s and Swings of the world as to be familiar and fairly pleasant. The documentation is not excellent, but definitely good enough. For Java at least, there is a solid remoting mechanism (third party, called DJN... most likely there are others, too). A couple of minor bugs here and there.
The major negative is support. They have a forum but there are a distressingly large number of questions and problems that go unresolved. They have paid support in theory, but were sufficiently unresponsive to basic 'how does your paid support work' type questions that I was not encouraged to buy any. There is only one book that I know of, it looks promising but it is not out yet.
I found GWT impressive and had no real problems, but at the end of of the day I am much happier with Ext.
Have you taken a look at Google Web Toolkit yet? In my opinion it's a great way to build rich and performant web applications. The toolkit is quite mature (Google Wave is build with it) and has a lot of good tools to make development easy.
Here's a previous Stakoverflow post.
I don't know about best, but I did a project using ExtJS and hated every minute of it. Frustratingly verbose code, overly complicated programming model, confusing documentation, and difficult to make it do anything it didn't want to.
That said, it looks very awesome, has incredibly powerful widgets and the client and users loved it.
I haven't helped at all, have I?
I think if you requirements include doing anything with video and audio, you are going to need a Flash solution.
Take a look at netzke -- client-server components with Sencha Ext JS and Ruby on Rails.
Netzke is a framework that allows for a beautiful blend of client- and
server-side code (JavaScript and Ruby, respectively) into ready-to-use
GUI components. It's most useful for creating complex data-rich
backend applications with Ruby on Rails on the back end, and Sencha
Ext JS in the browser.
What is your favorite Rails admin tool and why? By admin tool, I'm referring to those that let some users add records for all the tables, like the tool shipped with Django.
This question is subjective and I believe the matter is subjective, but I think it would still be nice to be able to read other people opinions and gather data on the strength of each tool. Feel free to also comment on why you are not using a particular tool.
Looking around I've seen these ones:
Streamlined
Typus
admin_data
active_scaffold
full list
I think it would be excellent if there was one answer for and one answer against each tool and we just add information to each of them, in a very encyclopedic way, but I'm not sure if that's doable. Of course, this question is a community wiki.
In my experience Streamlined, Active Scaffold etc. often ends up limiting you and slowing you down in the long run, although it can be very efficient in the short run.
By combining the Inherited Resources and Formtastic plugins you can produce controllers and forms for your models just as fast as with a full-stack admin tool plugin, and it will leave you with greater flexibility and extensibility.
The tradeoff, however, is that neither of these plugins will give you the fancy lists that the admin tools give you. So as you say, it is indeed a matter of taste.
I've been using admin data in my last few projects and find it far superior to ActiveScaffold. When I used AS, it was always trying to do too much and that led to some problems. Admin data is completely non-intrusive. When it can't handle something in your data, it just displays a message instead of breaking your app.
I've been using ActiveScaffold for awhile. I feel that I have pushed its limits fairly far and it reacts pretty well (i.e. it's pretty robust). I customize it considerably so that non-technical users can jump in and manage their own websites with it. Those who take the initiative to work with it seem to like it. I do find the default interface confusing at times but you could change that completely if you wanted. AS is very customizable. On the downside, I've definitely grappled with my fair share of AS bugs, but the project does improve and I'm satisfied with its results. I have never even heard of the other admin systems you posted, but Typus and admin_data look nice. My biggest concern would be how easy I can customize them for use by non-techs.
I myself have used active_scaffold quite a bit and like it for certain tasks but I believe its niche is for power users not for mortals per se.
Streamlined was an interesting option but is officially unmaintained now which sucks. It really was a beautiful product but it never really seemed to get a lot of attention from the community so maybe they gave up on maintaining it publicly.
I've also not used Typus and admin_data but I ran into some references to Typus last night so clearly some very smart people are looking at it very hard.
On a last note, I think this blog post really summarizes an opinion I've come to recently after working with a Drupal firm for a bit. I believe that the reason admin interfaces haven't received the same amount of love is that Rails is built primarily for applications rather than content, which means that the people looking at backends are typically not mortals or can stand to look at an ugly backend.
In my next rails project I'm going to need blogging functionality. I'm wondering whether anyone has any good suggestions, or should I just roll my own? (Probably not in 15 minutes)
I think the most important feature will be to display code samples elegantly.
How's your free time?
Five years, that's how long that little idea took. Plus 2 years of adding bells and whistles. And that, folks, is why I'm giving in and using a blog host. Because I have lots of ideas, lots of things to say and to explore, but only a few dozen years left at best. I can't afford to go chasing every 5-year idea that springs to mind. After due consideration of the crap web frameworks and crap blog packages out there, I decided that I don't want to spend my next 5 years implementing my vision for a decent self-publishing system. Someone else can do it.
http://steve-yegge.blogspot.com/2006/03/blog-or-get-off-pot.html
It's a classic build-versus-buy (or, in this case, download for free) decision isn't it?
Write up the feature set of what you are looking for.
Survey the offerings out there to see how close a fit you have.
For the one or two products that is the closest fit, evaluate whether or not it would be less effort to write your own solution or customize the offering to do what you need.
If all you need is a blog site, then this is a no-brainer. Use WordPress and that's it.
If there are other features for this app and blogging is just one of them, then consider writing an app around WordPress. It is just a PHP application using MySql after all.
If WordPress has features or does things that you don't want, then maybe you do need to roll your own.
If the most important feature for this site is that it is to be written in RoR, then roll your own or find a RoR based blogging app as WordPress is not written in RoR. I haven't really done the homework on this but I would imagine that getting PHP and RoR to share session state would be a time consuming hack.
Rolling your own blog is a great project (and quite fun too!), but for practical usage, using something pre-made is going to be more secure, have more cool features, etc. etc. Unless you're incredibly dedicated, you'll probably end up cutting corners and end up with something that isn't quite what you want.
Despite being a Rails guy myself, I'm a huge fan of Wordpress. If you're looking for Rails-based blog engines, I've had luck with Mephisto, although the documentation leaves something to be desired. Radiant CMS is another CMS/Blog system that might be worth looking at.
A lot of Ruby/Rails developers have actually gone the route of using static website/blog generators. This has a few advantages. First, the pages are static HTML with no dependency on a database. This means they can be served by your front-end Web server (Apache, Nginx, etc.) faster than if they were to go through Mongrel, Thin or Phusion Passenger. Secondly, the pages will be easier for search engines to index. Finally, and probably most importantly, you can easily version control your posts using Git (or your favorite SCM)
I switched my blog over to a static model after development on Mephisto seemed to stall. I am using Tom Preston-Werner's Jekyll and Disqus for the comments. Works great. Give it a try!
If you are just looking for a project, then building your own blog engine is a good start.
Personally, though I have been a full-time Rails developer for the past 3 years, I still use and recommend Wordpress for myself and others.
If the project is to write a blog, don't roll your own. There are plenty solutions out there that will solve this problem for you while you worry about pumping out great content.
You will end up spending to much time futzing with the little things that don't really matter.
Probably there are tons of those.
For example, Rastafari, or Enkiblog.
In my next rails project I'm going to
need blogging functionality. I'm
wondering whether anyone has any good
suggestions, or should I just role my
own? (Probably not in 15 minutes)
I wouldn't recommend rolling your own blog system. You should look into using Radiant CMS with a blog extension.
I think the most important feature will be to display code samples elegantly.
For this I can recommend looking into SyntaxHighlighter.
All depends on your goal:
If it is for learning purposes and it's for fun, code it from scratch. Also, try to add new functionality that you will not find in current blogging platforms. For example, make in a way that is easy for a developer to blog tutorials or screencasts.
If it's for a client or just to blog, use wordpress. You can have your site in ruby and then link to wordpress. Think about it, how many human hours are behind wordpress so for you to match that you will need to work full time on it for 8 years.
Wordpress will work out of the box and then periodically you can tweak it, depending on future needs.
I agree, for fun and learning, code from scratch. But consider coding something people really need and don't already have. Innovate.
There are so many excellent blog platforms out there, and some (like Wordpress) have active developer communities writing hundreds of useful and powerful plugins. And that includes some excellent support for code samples.
No need to reinvent the wheel.
I am working on a project for a client of the IT company I work for and I am convinced that Rails is perfect for it. I have a meeting in the next day or so, where I am afraid I am going to get bombarded with "why Rails?" type questions, and no doubt, a whole bunch of rhetoric like "Rails doesn't scale", "Rails is just a CMS" and the thousand other myths people seem to have about Ruby on Rails.
We have all seem the arguments about how Rails doesn’t scale, it’s hard to deploy or that it will explode in your hands at any given moment. For those of us that use Rails on a daily basis, we know that just like any other language or framework. It seems like there is a lot of misinformation about RoR and often Rails gets a bad wrap. To help me with this meeting, I was hoping to compile a list of myths - perhaps one myth per answer - and we can vote for the myths we've heard before - to eliminate the Fear, Uncertainty and Doubt that often clouds the truth about Rails.
After some googling I found this blog post which is exactly the kind of thing I'd like to collate here. As David Heinemeier Hansson says in the post:
So I thought it would be about time to
set the record straight on a number of
unfounded fears, uncertainties, and
doubts. I'll be going through these
myths one at the time and showing you
exactly why they're just not true.
This is not really to convince you
that you should be using Rails. Only
you can make that choice. But to give
you the facts so you can make your own
informed decision. One that isn't
founded in the many myths floating
around.
Let's Clarify!
Myth: "Ruby on Rails doesn't scale"
Bust: That is not a specific, answerable question. Please clarify.
Saying that whatever-technology "doesn't scale" sounds very professional and very enterprisey - but it's not a clear question. It's just a lazy way of dismissing the unknown/unproven I'd ask for clarification:
"What precisely do you mean by 'scale'? and how do you measure it at the moment?"
It could mean:
Maximum user sessions
Average response time given load
Throughput of given concurrent scenarios per server in a fixed time.
... difficulties organising the project so a large team of developers could work on it.
There are lots of ways of dealing with "scale" but until you know which one you're dealing with it's not always obvious what to do about it.
There are loads of ruby-based solutions, including
caching fragments of HTML
sharding the application across multiple databases
pre-computing work that's shared between users
pushing lots of view-rendering work off into AJAX/Javascript land so it happens on the client
using a front-end web server more efficiently
just use more hardware (i.e. developer time is expensive & hardware prices fall) but this approach depends on a shallow rate of growth in demand
doing less interactively and having more batch work
doing only part of the work in ruby - e.g. existing legacy backend+rails frontend, or maybe the transactions through a functional programming system+rails frontend
If the challenger can't come up with a specific meaning of "scale" then it isn't a valid concern.
However if the challenger does come up with something specific and measurable, then I'd use a timeboxed, spike solution ( http://c2.com/xp/SpikeSolution.html ) to come back with some numbers - and possibly a few options on how to do it.
Make the argument from the only perspective the client understands, money!
Show how long you think it will take to make in Java, JSP, or whichever is their current technology, together with the pros and cons, such as easier to obtain developers. Then, state the timescales in Ruby, which for sure will be lower development costs, but also at a cost of the admins having to deploy a different system, possibly harder to recruit staff who know Rails, etc. Its their money, so give them the facts and let them make the decision.
In response to the specific criticisms a company could have against Ruby on Rails compared to their own systems there are many reasons a company can give, some of them not specific to Ruby or Rails, such as they already have many Java develops in house, or existing infrastructure written in Java, which will always be easier to use with a same language system such as Java. Anyway, to answer your specific points:
1) Why Rails?
Simple, Rails is "designed " for building web sites, and does an efficient job. Find some statistics to back you up (I'm not saying the statistics in the link are accurate but numbers will always impress a client)
http://www.theserverside.com/news/thread.tss?thread_id=33120
2) Rails doesn't scale
http://trak3r.blogspot.com/2008/03/rails-doesnt-scale.html
3) Rails is just a CMS?
If they are building a CMS then recommend Drupal, not Rails
I guess you will have to think on your feet when you answer your clients questions, and they will want someone who understand other frameworks apart from just Rails, kind of like using the right tool for the right job
Myth: Rails is not mature enough to have the plethora of hardened open source libraries built around it that one needs to pull off a large scale project quickly and reliably.
Bust: In fact, there are a ton of gems and plugins available to the RoR community, many of which have been tried and found true by the active community. Not only are the resources there, but they are simple to manage with 'gem' and Rails' built-in plugin architecture. Worst case scenario: you can't find that perfect gem or plugin. In that case you can easily write your own or borrow from the Java world if you use JRuby.
Myth: it is hard to hire a good Ruby on Rails programmer.
(Actually, I can't bust it, that's just an idea of a potential myth. Who can, please, edit this one or create another answer)