ZenLinux Blog

I recently discovered that my Rails model validations could be easily bypassed or broken by adding whitespace to the beginning or end of strings as they are entered in forms. For example, if your user account system is based on the uniqueness of email addresses, “joe@example.com” and ” joe@example.com” would validate as unique. This is something that nearly every webapp I can think of would want to avoid.

Fortunately there is a simple Rails plugin, strip_attributes, which will take care of this easily and efficiently. You can enable it on a per-model or per-field basis if you need fine-grained control. See the Rails wiki for more details.

In other news, there will be no December meeting of the NH Ruby and Rails User Group. Enjoy the holidays!

Because it’s an enjoyable language to program in. Thank you, Giles, for reminding us about the importance of this factor.

Total amount my household spent today in retail stores, dining out, and for gas/transportation: $0.00.

Another successful black Friday.

Jeff Bezos demonstrates his business genius again with Kindle, their new eBook reader. Unfortunately, there are some other ramifications of proprietary eBook systems. Mark Pilgrim summarizes them well (and demonstrates some flip-flopping by Bezos) in this 5-act “play.”

Richard Stallman’s essay The Right to Read is referenced in this article and is definitely worth reading in and of itself.

Don’t get me wrong – I’d love a better platform for reading PDFs and web pages than my Nokia N770 web tablet. But Kindle is definitely not for me.

Crypto geeks are buzzing with today’s Bruce Schneier article in Wired. Schneier questions some suspicious contributions by the NSA to the random number generator of a forthcoming encryption standard. Unfortunately, the most likely conclusion to draw is that a backdoor is being deliberately introduced. It will be interesting to see how this plays out over the next few weeks.

This blog post on Wired provides insight into the processes Hushmail uses to comply with court orders. Anyone with a Hushmail account – or users of similar privacy enforcement services – should read this article carefully. It turns out that a convenience feature of Hushmail has enabled the company to turn over unencrypted emails from users who take advantage of this “feature.” I agree with the author of the article that Hushmail should be praised for being so open regarding what is going on. Yet at the same time you have to wonder what other flaws may exist with other services that haven’t been revealed.

I’m not much of a paranoid, tinfoil-hat type, but I do encourage people to make use of privacy-enhancing services like Hushmail, in the hopes they will become more mainstream. I do this based on the philosophy that one’s right to privacy and security is only worth something when people choose to exercise those rights.

Don’t forget, the next meeting of the NH Ruby and Rails User Group is coming early this month. We’ll be meeting on Monday, November 12. Guest speaker and author David Berube will be discussing reporting using Ruport and various other tools. He knows a bit about this topic since he has a book forthcoming on the subject in early 2008.

I’ll also spend a few minutes discussing how to keep your mongrel processes under the watchful eye of monit. This is an outstanding utility that has many uses in systems administration.

So I have upgraded all of my systems (work desktop, home desktop, and laptop) to the latest Ubuntu release, “Gutsy Gibbon.” I’m disappointed to say that as far as my experience goes, this release gave me a number of hardware issues and introduced regression problems. Here’s a summary of what I encountered and fixes or workarounds I had to use:

Work Desktop:

Dual-monitor mode and many ATI video cards don’t get along. My work desktop ha[s|d] an ATI x300SE PCI Express video card in it. It was working perfectly well with Ubuntu Feisty in dual-monitor mode. Unfortunately, my configuration would not work with Gutsy using either the open source radeon X.org driver or the fglrx ATI proprietary driver. Ubuntu Forums had numerous posts of people encountering the same problem, and I tried several fixes. Eventually I had to give up out of obligation to my employer – it was costing them more to pay me to fiddle with my X configuration settings than to buy me a cheap NVIDIA video card. So that’s exactly what I did – expense an NVIDIA 8500GS card, which worked fine.

Sound card issues. Something is really wrong with my sound card. I can play audio through it just fine, but the audio is completely lacking low frequencies. I haven’t spent much time investigating this yet, but I know it wasn’t happening with Feisty.

Home Desktop:

Sound card issues. I use an external SB Live! USB sound card in my home system, and I have the motherboard’s on-board sound card disabled in the BIOS. It was working just fine in Feisty. Upon booting Gutsy the first time, I had no sound at all. I was able to almost fix this by going into System->Preferences->Sound and manually selecting “USB Audio” as my preferred sound device. However, this only fixed sound in gstreamer-based applications, such as Totem, Rhythmbox, and Exaile. Other apps, like mplayer and the Flash Firefox plugin, still did not play any sounds. The solution was found in this Ubuntu Forums thread.

But we’re not done yet! There is another widely-experienced bug with the volume control applet and some sound cards which causes changing the volume to “pretend” to mute the mixer device, which results in the on-screen volume display widget to show the current volume as zero, rather than it’s current level.

Laptop:

I have a Dell Latitude D620, which worked extremely well with Feisty. Happily, it has no issues with X.org or sound, but it does crash frequently when I put it to sleep. Another maddening regression bug, and I need to use suspend very regularly.

I’m seriously considering downgrading my laptop to Ubuntu Feisty again. The remaining issues I will learn to deal with until fixes are released. But for now I share this news as a warning to some (particularly those with ATI video cards and dual-monitor setups) and possibly as some useful information on fixes/workarounds to others.