As an occasional wannabe screenwriter, one open-source app I use is Celtx, a tool for creating screenplays, comics, and several other forms of multimedia. After playing around with it a bit tonight, I decided to download the code (we can get to what that says about the possibility of me ever finishing a screenplay some other time). It’s cross-platform, and it’s got a non-standard interface, so I knew it wasn’t Cocoa, and since I’d recently been reading about Qt, I wondered how Celtx was constructed.

Turns out that it’s made w/ the Mozilla application framework and that the whole thing is written in Javascript and XUL.

So you’re basically working in a self-contained web app, and the coolest thing is that you never would’ve known — the interface is smooth, even if the textures and colors aren’t as polished and pleasing as the interface on an OS X/iOS app.

I’ve been working with the web for long enough to have done a decent amount of JavaScript. I’ve got a reasonable understanding of the language itself, and I know how to get around in a number of the big frameworks. I’ve also been to a couple of JavaScript meetups. Most of the people at those meetups have been web-oriented. Most of the JavaScript talks I’ve been around have seemed to center on usability, cross-browser issues, etc.

If you like programming for the web with Javascript, HTML, CSS, my advice is to find an XULRunner app that you like, download the source, and check it out. You’ll be challenged, but it won’t be gobbledygook to you when you start reading the code, and you’ll almost certainly get something from the experience of figuring out how it’s put together.

Earlier this week, I took the plunge that so many TextMate users before me have taken recently and switched to Vim. So far, there have been some frustrations, but it’s overall been relatively rewarding. For every feature from TextMate where I’ve been like “how the hell do you do this in Vim?” I’ve found a couple Vim features that completely make up for that.

I wouldn’t have made the switch if not for carlhuda’s Janus, which I promptly forked so I can customize it for my own needs. This thing is extremely cool — Vim config managed w/ one big Rakefile.

What I like so far

• Split screens — I think this is the number-one “general editor features” thing that people using TextMate are missing out on. Sure, you can have multiple windows, but it’s not that easy to do. You can’t even easily convert an existing open tab into a separate editor window (as you can pull a tab out with Safari, Firefox, and Terminal on OS X). With Vim, I routinely fill a 24″ monitor up with one window split into 4 buffers, each remaining large enough for me to see a significant amount of code.

• Sophisticated class/method name completion — This is what pushed me over the edge from TextMate. At work we have a bunch of different Rails apps and gems that we are constantly moving in and out of. Watching co-worker Vim users auto-complete from the whole galaxy of method/class names while I typed out every letter like a chump was just too much for me. About 10 seconds after the first time I hit tab and got an auto-complete list including an instance method I had added to a class in another file seconds before, I threw TextMate out of my OS X Dock and Login Items. I am never going back to using an editor that doesn’t include this.

• C and t — ©hange to end of line and (T)ill (usually used in combination with ©hange) are great for doing edits to text that has already been written.

• O and o — Vim is famous for making it easy for you to type and use the mouse less. These insert a new line fabove or below the one you’re on and take you into insert mode. For me at least, this saves a surprising amount of time.

What I dislike

• For some reason, with Janus, arrow keys don’t work at all in visual mode.

• No automatic matching of ‘ ” ( { [ characters

• Running the buffer through an interpreter is not nearly as simple. In TextMate, it’s built in — if you hit Command-R, it will use the filetype to choose an interpreter and execute the buffer’s text as code for that language. This is really nifty for trying to do small things like remember if some standard library method works the way you think it does. I’ll figure this out eventually w/ Vim, but it’s nice that it comes out-of-the-box w/ TextMate.

• I miss the blogging bundle. Once I’ve typed this up in Vim, I’ll probably move over to TextMate just so I can shoot the post straight to my blog the way I always have before. I’m sure such a thing exists for Vim, but again, it’s out-of-the-box behavior for TextMate.

• Wrapping seems unsophisticated — it breaks in the middle of words, and it doesn’t let you traverse the pseudo-lines like you can in TextMate. If one logical line is broken into four pseudo-lines, you’re not able to up-arrow amongst them like you’d hope –it jumps you up to the top and bottom of the logical line.

• Customization seems much less straightforward — without something like Janus to pull lots of things together that already made sense and to make some decent assumptions (e.g. “project drawers” are nice; I’d want to have snippets for Ruby, Javascript, etc), I would’ve had to spend days just learning how to customize the editor for my needs. In a practical sense, this means I’d have never started using it. Not a knock at Vim really so much as praise for the Janus guys.

• Modal editing– I’m torn about this. I railed against it for years, and I still kind of think that it’s stupid. I hate hitting Esc constantly. If there had been a Janus equivalent for Emacs, (which is much more like TextMate in terms of key bindings, etc), I’d probably have switched over to that. That being said, modal editing is the only way that you can have this huge number of single-key functions. In Emacs or TextMate, you’re “chording” all the time (hitting a modifier key and multiple other keys simultaneously), and that can be really rough on the wrists.

All of these are basically nits (other than the wrapping, which is really obnoxious), and I understand that Vim and TextMate are trying to do two different things (actually, TextMate doesn’t seem to be doing much of anything these days, which is a big part of why I switched). I just list them here because they’ve been on my mind as part of the process of switching.

Overall, I’m pleased. I’m pretty sure that I’ve learned to stop worrying and love Vim. My hand will tire of hitting Esc, I’m sure, but my left wrist will be thankful that it no longer has to do so much contortionistic chording.

Today I finally got some time to play around with Firesheep. Wow. This thing is like Oz — “great and terrible”. I hijacked my own Facebook, Twitter, Gowalla, and Google (some services, not GMail) accounts from another laptop on my same home network with just two clicks. It’s certainly true that this is going to rock some boats for awhile until HTTPS gets more common.

One thing I found interesting is that since Safari triggers updates of your Top Sites when you make a new tab, you can end up doing a request for something like Facebook by accident. That happened to me today, and it kind of spooked me because it took me a second to connect the Firesheep capture to the tab opening. I used Wireshark to confirm that Safari does indeed kick off a bunch of HTTP connections on every tab opening, seeming to correspond to the Top Sites host-wise. So you could be at the rogue’s gallery coffee shop not signed out of Facebook but thinking you’re safe because you aren’t going there, and popping open a new tab hands some creep your account.

I’m really impressed that someone took the time to put this together. Guerilla action like this seems to be the only way to get people to take notice and protect themselves. It’s going to be sad if it causes divorces on Facebook or something, but everything you should be cautious of needs cautionary tales; it’s the ugly stuff in driver’s ed that gets you to wear your seat belt and know your booze limit as a licensed driver.

Nevertheless, implementation/knowledge will remain relatively low — how many internet users can’t install a plugin or aren’t sure what a firefox is? Lots of people will remain vulnerable. So HTTPS usage for web services will naturally need to increase. Anything you pay for should be HTTPS. Anything you don’t… well that should be up to the company and its PR people and lawyers. For a lot of things it probably makes sense, for others it doesn’t. Facebook and GMail are two that definitely need to do HTTPS by default. GMail already does, and Firesheep doesn’t work on it. But if you are as big as Facebook, you are making robber-baron money from the traffic and you have an implied obligation to provide secure access to the people who are making that happen for you.

That being said, I’m not in favor of any legislative action trying to force more services to use HTTPS or anything like that. Banks and other financial entities already do, and there may be some regulation somewhere that requires it for them, and that’s a good thing. But the more we’re using web services in our daily lives, the more we need to simply be aware of our environment. People need to learn how encryption works and why it matters. They need to have a hands-on experience so that communicating via computers is less about shouting into magic black boxes and more about having a deliberate conversation with an audience you choose.

This is an answer I posted to a question on Stack Overflow. The title of that question is a little off from what the writer actually wanted to know, so I decided to to re-post the answer here. It’s a bit of an easy/basic topic, but it comes up a lot, so I thought other people out there might find it useful.

The two things to keep in mind when making an admin area are

1. you can create namespaces for routes to get the /admin URLs you’re looking for and
2. you can have controllers inherit from other descendants of ActionController

So to make an admin area, you’d want to have RESTful resources declared in a namespace (assumes Rails 3 routes):

The top set is the public ones and the bottom set gives you the admin routes like /admin/users/new and /admin/posts/1, etc. I’m also assuming you might want a “dashboard” so I’m setting up a route to the index method of an Admin::DashboardController

Then you create an admin base controller that descends from ApplicationController. Use it to hold your admin area layout and your authentication filters:

Now make a directory in app/controllers called “admin”. Make controllers in there as normal, but have them inherit from your base controller:

Make a corresponding directory in app/views for “admin” and you’re good to go — everything is namespaced out and views/controllers would behave like you think.

You can always run “rake routes” to see all the admin routes.

Let us all now sing a hymn of praise to Bundler. You know, like even more than we already were. Not that it needs too much more light shining on it, what with being a dependency to Rails and all, but I’ve had cause in the past few days to throw up my hands and make a joyful noise.

Now is a piece of software designed to do something as prosaic as dependency management going to get you hot and bothered all by itself? Probably not. It’s not going to be like when you discovered the beauty of Ruby’s iterators, or how to get the QBasic interpreter to give you the exploding banana game in MSDOS 5.x+.

But along those same lines, Bundler will help you reserve more of your mental compute cycles for things that matter and fill you with wonder, secure in the knowledge that you’ve chopped off a few big boulders from the pile of computational entropy constantly threatening to avalanche everyone in our industry into oblivion.

Examples:

Kids should come with “bundle install”.

Apps are complicated because you need all sorts of specific stuff to deal with them. That’s why Bundler was originally invented, obviously. But real-world scenarios are always valuable, and today I had to get a development version of the app I’m building for my main client running on the designer’s machine, and do it as fast as possible. While the designer is good w/ HTML/CSS, she doesn’t know thing one about Rails, rubygems, or the RVM-based sequestering of different Ruby versions, etc (another hymn another time for RVM). I got all that going for her, and then, with a mere two commands (one of which checked out the source code from the repo and therefore didn’t really even count), I bootstrapped the entire app at once, while surfing the web. “bundle install” for the win. That same process would’ve taken me (just for the app’s dependencies) about 45 minutes or so in previous incarnations of Rails. This way, it took less than three. And almost all of that was completely automated.

Specifying refs is a thing of beauty

Rails 3 rc1 came out a couple days ago. Like every other RoR cultist, I upgraded as soon as I heard. A bunch of crap promptly broke. Those wacky core team members! They love to make a boatload of commits on something and then call it a release candidate, just to keep us all sharp.

One of the things that broke was state_machine, which I rely on extensively in this the aforementioned app. So one upgrade from Rails 3b4 to Rails 3rc1 and I’m sitting there in a puddle of my own tears, with all my specs broken and no ability to run my seeds.rb file.

Thankfully, the gem maintainer rapidly came up with a patch. But he didn’t have a release ready yet. So what did I do? In the old days, I’d have to download his code at that Git reference and then put together a new gem on my own, keeping a vendored version that was seperate from the other versions of the gem I might’ve been using, etc etc. I’m sure there’s probably a better way to do it even under the old regime, but with Bundler, you simply pass in a reference to the commit where it’s been fixed!

So this

Becomes this:

That blew my mind even more than the dead-simple bootstrapping of my colleague’s development system. For working with libraries that are still in frequent development, and for fixing things like the myriad breakages that can occur when one version jumps up to be something else, this is a godsend.

So don’t bitch about Bundler, even if you’re tempted to in the beginning. Like everything else surrounding Ruby/Rails, it’s new and it takes some getting used to. But in the end, you’re likely to love it, and to wonder how you ever got along without it. Plus, this gives us yet another reason to laugh at Pythonistas, who still lack even a Rubygems equivalent.