Saturday, July 26, 2008


wpa attack:
Use dictionary attack: need 7gb dictionary. You can torrent, or create your own

Man in the middle: monkey-jack... Dumps all ur username and passwords to you first before sending to server...

Fake ap - to thwart man in middle hackers - but only if hacker use other than kismet.

Securing: disable ssid, change ssid, disable dhcp, position your ap, change password, vpn?

Barcamp: Danger Will Robinson, Someone's Hacking your Wireless!

One of the more 'risque' topics in barcamp today: wireless hacking. It was way too tempting to resist: they had a barainstorming session on web marketing that i wanted to attend... Nah... It was too good to resist.

10db antenna gives you 1km radius
Atheros chipset wireless card the best for hacking wireless... Look for higher MW. Mormal is 100, best is 300MW
Software: no support in windows, many in linux
How: detect wireless (war driving), war chalking - marking wireless zones
Wirelss can be detected using: beacon sniffers use - airopeek etc.
Passive sniffers use kismet
Netstumbler lets you map gps coords of access points
Kismet: detects hidden ssid And mac ids - also checkout gkismet 4 mobile: mognet, ministumbler macs: mac stumbler ap scanner

Openwrt with a linksys router that has 32mb ram. Wl ap 0 wl monitor passive promisc 1. Run kismet.

Friday, July 25, 2008

Barcamp: Yahoo's Search Monkey App

if you've never been to yahoo's developer network, then it's my turn to say: where you been ma?

Today yahoo presented one of their cooler apps: the yahoo search monkey.

Search Monkey lets you define more information for your search results when searched in yahoo. In other words, customize your search results!

On the side of the coin, if you're a website owner, you can build apps that expose data from your site that other users can use to customize their search results... Case in point was linked in profile data for users to use to present their search results

Unfortunately, you need to know html (duh..) and php. Well i'm out! Still cool anyways. Check out Search Monkey here.

Barcamp: Flexible Rails? Sweeet....

I was watching this presentation on Flex... And I'm asking myself: dude, where've i been all this while?

Flex rocks! I'm gonna be looking at it once i'm done with learning the crazy prototype, jquery, and scriptaculous... Phew... Turns out that by itself is more than just a walk down the park... It's more (to me) like a swim in the rapids... With no pants! Ouch..

Anyways, back to flex...
Flex seems to be able to take your data and make useful graphical representations out of it...(mmm, i like...) . In my case, working with erp systems, we can actually present data in cool, interactive ways now...

Sweet...maybe i'll blog more on this later...

Barcamp is in town!

it's a fine saturday morning and i'm not in bed (What?). That's right L&G's! Barcamp's in town, and i'm warming up my cold ass on the tiny seats (truth is, my ass is huge) of the presentation rooms this fine day.

Cool stuff coming up today! We got yahoo dev network, we got presentations on flex n JRoR, and a kickass demo on making money in youtube!

Look's like it's gonna b a long, butt flattening, but exciting day for us malaysian geeks... Reminds me of chandler's party chant: 'Spring Break! Woohoo!' (Geez... how geekier can I get?)

more on this later!

Thursday, July 17, 2008

Using TinyMCE as WYSIWYG editor

Well, well, it's been a month since we wrote... a lot of new stuff's come out,

Our customer required WYSIWYG capability for editing their blogs, which they used

There are lots of Javascript editors out there.

TinyMCE was one of the coolest I found, with everything you need under the sky for WYSIWYG editing - link to pics, link to media, blockquotes etc...

If you plan on putting up WYSIWYG for your forms, here's a link to download.

Friday, June 20, 2008

Nested Layouts in Rails

I was wondering how to keep the layouts in my rails application code DRY - I was close to the point of kicking myself for having to make changes to all my layouts whenever something standard changed - so i researched online and found the above diagram by Matt McCray in his blog.

I used Matt's method for nesting layouts, but instead of defining a method called sub_layout in my controllers, I called a pre-defined rails controller method:

<% render :partial => "layouts/#{controller.controller_name}" %>

and defined a partial layout named after every controller I had, which had different settings for their own views. Rails has a local variable called 'controller' you can use to access its controller's name and even the action used for the current view. So using this, I don't have to define additional methods in my controllers, nor use any plugins.

kudos to Matt for coming up with this in the first place. Thanks!

Pair programming explained!

Here's the slides I used to explain pair progamming to my peeps - whew!

Pair programming looks like fun. We'll be doing it next week, so more on this later!!

Before I forget (and I do it a lot), here's the link to the file

Sunday, June 15, 2008

Pair Programming - I Drive, You Show the Way

Ever gone on a road trip - alone? Not much fun is it? With a Big Mac in your mouth, you've got to have one eye on the road, one hand on the steering wheel, the other eye on a map, and the other hand clutching it. Now that's a feat even unicycle riding, ball juggling circus clowns find hard to do.

It's the same thing with programming - on the one hand you've got to make sure you're codes are syntactically correct (never mind politically), and on the other, you've got to think about software and database design, security, speed, scalability and a whole bunch of other issues. Now i know most of you out there can do this better than a circus clown, but the fact remains - wouldn't it be better if there where a 'co-driver' so to speak?

Here's where pair programming really shines. I used to think pair programming was just a bunch of 'poppycock' - two people sitting working on a single computer one the same set of codes - whatever for? So they both can slap the sense out of each other if one decides to snooze?

It turns out that, when explained the 'co-driver' way, it makes a lot of sense. When I do programming, and I reach a design decision point, I tend to stare off into space for a good few minutes while the cogs in my brain turn (rather slowly, I might add). It's kinda like stopping at the side of the road to refer to your map to decide which way to go (if you're alone of course). Having someone else figuring out the way, just makes more sense.

Ok, enuff explaining - I'm preparing training slides for this to start pair programming in my team - slides for this next post!

Monday, June 9, 2008

Rails 2.1 script/dbconsole

It's been a while since i posted anything up on this blog. Meanwhile, our programmer fadhli, has been busy - in the right way of course.

Here's a link to his own blog for a post that talks about rails 2.1's new script that helps manage your database...

And i promised some posts on agile methodology last week... shame on me... one coming up next week!

Monday, June 2, 2008

Global Email Settings in Rails

I was running the functional test and didn't realize it was sending actual emails from my data fixtures. However, I did learn how to globally set the email settings so not to send the emails out during tests.

If you want to use this, create a file called global_email_settings.rb (or whatever you want to name it) and put it in your your config/initializers/ folder. Restart your server to get rolling.

unless ENV['RAILS_ENV'] == 'test'
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
:address => '',
:port => 101,
:domain => '',
:authentication => :plain,
:user_name => "",
:password => ""

Thursday, May 29, 2008

Much more than Android

Here's a link to a blog with a Youtube video link talking about Google's much awaited Android - sorta like a phoneOS...

But the keynote spells out more than that, and Vic Gondotra, one of Google's VPs, does a good job of explaining things... and of where Google's headed with the internet and with world domination!

Now, for geeks like me who don't get to actually be on the scene and get all screamy and excited, the video in the link will have to do... just hope I don't wet my bed tonight!

This week's been a bit slow, so i'm picking up the pace this weekend for all you readers out there. I'm studying an updated version of XP today - i mentioned we needed to do some improvements on our project management methods... so expect more on this next week!

Wednesday, May 28, 2008

Rails training, anyone?

I got a little lazy (well, a lot really... ) so i decided that i didn't want to study Rails by reading, but by watching a video with a popcorn in hand (really hard to get good popcorn these days)

searching through the web for video tutorials, I came across this set of videos from guys at UC Berkeley RAD Lab... Never been to UCB, but I hear its a beaut... my kudos to the guys at UCB RAD...

the video filesizes are large... I nodded off waiting for it to stream... so you might wanna have a firefox extension do the downloading for you before you view them... here's one. If you're using IE... again, seriously?

anywho, check it out! i think it's RAD! haha! (although i haven't even gotten to the end of one yet, so no guarantees)

we'll post some video tutorials up in the future - when we actually have time to kill... but we will... promise...

Sunday, May 25, 2008

Sprint Review & Retrospect Meeting

ahh... the good ol meetings... i used to think meetings kinda wanna make you feign sick and take leave... (then go and watch a movie... but that's a different story...)

We just did the Sprint Review and Retrospect meetings for one of our projects. took us about less than 2 hours... we're a pretty small team...

One thing we noticed was that when you keep improving on what you did on the last sprint, you get more - even tho it might be just abit - excited to go work on the next sprint. we realized that its because, doing the same thing for people who don't leave their brains at home when they go to work is just plain boring and disengaging.

improvements bring fresh air... we've got 6 things to improve on the next sprint... and we've still got a long way to go... hang on!

prototype and scriptaculous is gonna have to wait a bit... we're gonna need to tackle the really meaty stuff first... Basic Ruby for the team! oh god...

Thursday, May 22, 2008

Git Cheat Sheet

What's Rails without Git version control right? Here's a cheatsheet on Git by Jan Kruger from

I thought I knew it all already... well... never hurts to learn... that is, until you suffer from CM (yeah, that's cranial meltd-... i know you know it already!)

to_proc or not to proc

Instead of writing this

Profile.find(:all).collect{ |x| }

I could write this using Rails' Symbol#to_proc



Wednesday, May 21, 2008

Use filter_parameter_logging for your password

This morning while I was looking at some codes, I've found something interesting. When I login, I looked at the logs and I could see clearly the password that I'd just entered.


Parameters: {"commit"=>"Log in", "action"=>"create", "controller"=>"sessions", "password"=>"password123", "login"=>"foobar"}

I know, this looks like a trivial matter but imagine anyone having access to our server looking at our production logs file. Passwords are left wide open for the whole world to see.

But no worries, just add this one liner in your application.rb

class ApplicationController < ActionController::Base
filter_parameter_logging "password"

Go back to your login form, fill in your login name and password and then submit.

Check out the logs and see the parameters hash.

Parameters: {"commit"=>"Log in", "action"=>"create", "controller"=>"sessions", "login"=>"foobar", "password"=>"[FILTERED]"}

Notice the hash key 'password'?

Saturday, May 17, 2008

Incompetent git!! Or is it?

Git used to be, in my vocabulary, a word I use when I'm angry with someone. Now it's a new word I use to keep my codes version controlled and backed up. Interesting how language can run circles around you

If you don't know what git is, here's a detailed explanation on Wikipedia

Here's a brief tutorial on how to use git to store your development codes. At the end of this tutorial we provide a link for you to download a script we created to automate push and pull from our git server. Note that we're running this on an Ubuntu server (gutsy) and using Ubuntu desktop (gutsy/hardy) on our computers. Now, if you're using Microsoft for doing Ruby on Rails – seriously? (git is possible in Microsoft. You can find git tutorials for Microsoft on the web :) )

1. First, install git in your system/server. Open a terminal in your desktop and type the following:
sudo apt-get install git-core

2. Then, create a folder, lets call it myfirstapp
mkdir myfirstapp

3. Enter the directory that you created
cd myfirstapp

4. Initialize the directory created to be git aware
git init

5. Now you have completed initializing your local directory. Test the setup by doing the following:
Create any file in the folder
touch file1

To display the new file created,use this command
git status

It should display something like this
# On branch master
# Initial commit
# Untracked files:
# (use "git add ..." to include in what will be committed)
# file1
nothing added to commit but untracked files present (use "git add" to track)

which means you have succeeded in creating the repository.

6. Commit the file to your local repository.
git add . (Make sure you add the dot in after add)
git commit -m “put your message here”

7. Now, create your remote repository based on your local repository.
git remote

Nothing should display at this stage
git branch -a

Now, it should display something like this
* master

8. Create a remote connection to your centralized server. We use secured shell (ssh) to create a remote connection to our server.
ssh -l foo
enter the password for foo

9. Create a folder in your home driectory
foo@foobar:~$mkdir myfirstapp.git

Enter the directory created
cd myfirstapp.git

10. Initialize the directory by typing :
git --bare init

Exit from your remote connection:

11. In case you are not in the repository folder that you have created earlier,change to that directory in your local machine. Add the origin of the remote by typing
git remote add origin ssh://

12. Verify by viewing the the .git/config file
cat .git/config

You should see something like this
[remote "origin"]
url = ssh://

13. Push the changes to the server
git push origin master

14. Edit your .git/config using your favourite editor (our 'engineers' use vi. You can always choose to use nano or gedit )
vi .git/config

Now, add the following line
[branch "master"]
remote = origin
merge = refs/heads/master

15. Quit and Save.

You have now created a repository for your codes in your remote server. Now you need to set up your local directory to automatically link to the remote repository to pull codes. Your team mates will need to do the following too to get a copy of the codes (and git setup!). To get the source from the repository, the first step is to clone the source code. In your projects folder, (parent to myfirstapp, for example), type in the following:
git clone ssh://

This will clone your codes from your remote server to your local machine

The next step would be to set the .gitignore files. This file specifies what files to ignore when pushing to the remote server. You would not want to push your log file and other insignificant files to your remote server, won't you? Use your favourite editor to edit .gitignore. Again, by using vi,
vi .gitignore

Copy and paste the following lines

These are the file types that you may not want to push to the remote repository. Your requirements may vary, so make sure!. Once you've specified the file types to ignore, save and quit the text editor.

You are now all set to pull and push from your server. The following steps detail how you should ALWAYS pull and push to your server

1. First,use the following commands to add your files to your local repository.

git add . (Again, make sure the dot after “add”)
git commit -m “your message here”

2. Next, pull the codes from repository from the remote server in order to avoid any conflicts with existing codes in the remote server (your team mates might have upload codes before you, so they might be in conflict with changes you made to the codes)
git pull

If something is wrong – a conflict, for example, you and your team mate both modified the same lines of code - fix it first.

3. If there are no problems, then you may proceed with pushing your codes to the remote server
git push

Now, the server is updated with your new codes, and others may pull your codes from the repository.

Now as programmers we know very well that it's easy to overlook one or two of the procedures mentioned above – especially if you're pushing code at around 2-4 am – so we created a script for us to push our codes without having to bother doing all the above. Oh, did I forget to mention that we're also lazy?

If you want to you can download the script from here. Remember to remove the .txt extension before using (Scribd quirk, can't upload if they don't know your file format) Note that we won't be held responsible if anything happens to your data or system (In other words, make sure you know the ins and outs of your system and the script before you use it!)

Here are the steps for you to run our script

1. Save the script to the local repository folder in your machine. In this case it would be the myfirstapp folder.

2. Change the file access to executable file
chmod +x pullpush

3. Run the script from the local repository folder

Follow the instructions provided as the script runs (enter passwords etc). You may terminate the script by using ctrl+c (Hey, it ain't perfect, but it works)

That's it for our brief git tutorial! Learn to do it, and you can avoid becoming an actual git yourself!

Thursday, May 15, 2008

Prototype and Scriptaculous? OMG!!!

You really know you've got cranial meltdown when you got that really dull throbbing at the back of your head... but peeling your eyes away from the screen is just torture - "Gotta get this thing solved by sundown!!! "&%#$(^%&*@$%$!!" - you don't want to, no... cannot possibly, read another word of tutorials, but you know you have to... so it boils down to: do it, or die...

If you're doing AJAX on Ruby on Rails, trust us, you'll want to know these two words: Prototype and Scriptaculous (we don't - yet). In the coming weeks, we'll be posting stuff on Prototype and Scriptaculous and - if we can actually glue our brains together again - post a quick guide (or cheatsheet, if you want) for all you guys out there who don't think they can suffer like we did today...

Monday, May 12, 2008

The Wall is up and moving!

The wall is now up and moving!

We skipped some processes in setting this up, cause, well, the development was already on way, but it did clear up some stuff for us...

Can't give you the project topic yet, more on the project itself soon. but you could probably get an idea from the wall... and by the way, it looks a little bare, but that's coz we've got only 1 developer... doing 1 thing at a time...

Unlike the normal 'spit spraying' methodology of meetings, the wall actually helped us see where we're going, focus on the more important issues, and track progress - hey, it's like 3-in-1.... mmmm... hot coffee...

Also, we realized that, at least for this project, we could do away with the Product Backlog and burndowns - its a simple system development. It all depends on the conditions of work, so we'll let that tell us what needs doing for now - at least until we're better at this.

Sunday, May 11, 2008

Ruby Cheatsheet Part Two!

Finally, part 2 of the Ruby Cheatsheet is now complete! Click here to download the file from Scribd, which, by the way, is also an excellent site for lots of stuff... so kudos to the Scribd crew...

Part two gets you acquainted with the built-in stuff ruby provides to make your coding life easier and more fun (or confusing maybe?). Great help for you young apprentices who are looking forward to becoming Jedi Railers... (Nothing like geek speak to lighten up your day)

Now, about that project wall....

UPDATE: The combined version, part 1 and part 2 together, can be found here. I've made some improvements to the file to make it more readable - Acap

Tuesday, May 6, 2008

Ruby Syntax Cheatsheet

For all us Ruby on Rails newbies, it's really important to know Ruby, the language, before jumping into Rails. Learning Rails without knowing Ruby is like doing bike stunts without learning how to ride. Major pain bro...

Save yourselves from major cranial meltdown by learning Ruby syntax first. It shouldn't be too hard if you already know other programming languages. To help us with learning it, we created our own Ruby Syntax Cheatsheet

This is part 1 of the Ruby Syntax Cheatsheet we made to help us code in Ruby. It's based on the Ruby for Rails book by David Black. Highly recommended reading for all of us who aspire to become 'Jedi' Railers.... (hey, you can't make Jedi if you don't know the Force!). Click here to download the file

7 do's and 3 don'ts for creating web products

hey hey...

really slow day today, so went surfing the www... and stumbled upon this:

It's good!

no me toos... no me toos... no me toos... ok, got it!

Sunday, May 4, 2008

1st half of wall is up!!

Well, here's our first foray into the Project Wall for our projects. Heading out for lunch now.... can't think without food!!

Project Wall

Alright, we just finished a Release Plan meeting - more like hangout than meeting - so I'm gonna start with a Project Wall for this project.

Picture shows the format I'm thinking of using. Comments are welcome this time... just no tomatoes...

Real life pictures just as soon as the wall comes up....

Friday, May 2, 2008

Agile Software Development Process

2 weeks ago, while staring blankly at the screen of my laptop during our company's weekly meeting, I decided to lookup on agile programming methods.

We weren't getting far on our projects, and even if we did, I didn't know it. Man, that sucked.

So after a week's worth of toiling and brain damage (I never knew us fellow programmers can be so 'organized' when presenting stuff online), I came up with a 'framework' ("What?! another one?! $@%@%@%!!") described by the diagram I put up, a snapshot of the process we're going to use for our software development management. booyah!!

Scrum + XP guys... I'm a newbie at this... so no rotten tomatoes ok? not just yet... please...

coming up... the framework... in words... and more.

Our First Blog! (and Entry!)

Here's to all the stuff we're going to post here! huyeah!! :)