6 Oct, 2011
Fantastic Fest 2011 Movies Ranked
In the tradition of Ramsey's Seattle International Film Festival rankings, I ranked all the movies I had the pleasure of seeing at Fantastic Fest this year. Some of the individual ratings are heavily related to how they performed relative to expectations affected my overall impression of a movie. For example, Let the Bullet Fly or The Squad may be better and more enjoyable for most people but I just felt they were lost opportunity to be so much better given their concept and individual performances.
- Sleep Tight
- Bullhead
- Headhunters
- A Boy and His Samurai
- Elite Squad: The Enemy Within
- Sleepless Night
- Blind
- Underwater Love
- Comic-con Episode Four: A Fan's Hope
- The Yellow Sea
- Melancholia
- Julia X
- Smuggler
- Urban Explorer
- A Lonely Place to Die
- How to Steal Two Million
- The Human Centipede 2
- Two Eyes Staring
- Livid
- Penumbra
- Retreat
- Aardvark
- Summerland
- Last Screening
- Milocrorze, A Love Story
- The Corridor
- Let the Bullets Fly
- Beyond the Black Rainbow
- The Squad
- Haunters
- Yakuza Weapon
- Paranormal Activity 3
Photos from Fantastic Fest 2011: http://www.flickr.com/photos/rwoan/collections/72157627655940263/
3 Aug, 2011
Full-on Roy Fielding REST - Think Hypermedia
I have to admit years of ignorance thinking Representational State Transfer (REST) was simply providing a simple XML or json API over HTTP. Mike Amundsen kindly schooled me earlier this week at Nerd dinner.
REST classic is about Hypermedia as the Engine of Application State (HATEOAS), i.e. media types and links from one state to another.
Per the discussion, I purchased and have made my way through most of REST in Practice, listened to the Herding Code RESTavaganza podcast, and reread Roy Fielding's 2000 Dissertation.
Of these the podcast actually was the most illuminating discussing more generalized client implementations using links from server responses in the uI, just like rendering HTML in a way, and the ability for servers to provide contextual links (as in different links for different users for example) as well. The benefits of API discovery and more flexibility in evolving the API and endpoints is pretty clear in all of these sources. Given requirement of application semantics, I am not entirely sure I buy this for the general case apart when surfacing a UI or workflow for users (wait maybe that is the general case as opposed to code based automation).
Looking back at the original dissertation, it really seems that Fielding derived REST by observation of what makes the WWW and the HTML/HTTP experience unique as an architectural pattern. That might not really be the case, but starting with that as the basis the HATEOAS and REST concepts seem much more clear.
UPDATE I realized after I hit publish that a real world example might help. Check out the links in the Netflix API: http://developer.netflix.com/docs/REST_API_Conventions
7 Apr, 2011
First Impressions Dell XPS 15 Intel Core i7-2630QM Quad-Core Sandy Bridge 15.6" Laptop
It's hard to understand the product positioning of the XPS 15. Midprice multimedia laptop? Somewhere between Alienware and the Inspiron series? Consumer build compared to business build of the Lattitude? Most comparable with HP Pavilion dv6t Quad edition.
It's big! I guess you can get that from the specs, but it just feels like a luggable. I haven't compared the specs or put it side by side with my 15" Macbook Pro but the widescreen and thickness gives it a chunky feel. I can't imagine a 17" version... Also, the aluminum look is purely cosmetic, it's some kind of plastic or composite material both top and bottom. Hard drive activity light behing the display when open is a little weird and ineffective. Also not enough of the rubber spacer things between the display and keyboard halves, it bumps or rattles under my arm carrying it around which is annoying to me. Otherwise feels solid and well built with stiff display hinges. I really like they keyboard, a slight indentation with each key feels well and the layout is pretty good.
The 1080P display is gorgeous, maybe a little LED backlight bleed and slightly uneven black screen, but definitely the nicest laptop display I have seen. Definitely nicer than the Macbook lower res displays. Speakers are also pretty cool. Best laptop sound quality I have experienced. Neat to have a built-in "subwoofer."
OK after booting up, the system is fast... Really fast... Much snappier than my 2 yr old Macbook Pro Core Duo. The 640GB 7200 RPM drive turns out to be a Toshiba MK6461GSY and is sufficiently quick. As with all manufacturers it seems, you have to apply a ton of updates including Windows 7 SP1. Make sure you have fast Internet access to pick up all this stuff. Also Dell doesn't seem like it has an auto driver updater for the XPS series. It is annoying to download and install individual update from the Dell support website. Normal half day and at least 10 reboots getting development toolschain onto the laptop.
I like the Intel Turbo Boost Technology Monitor. My CPUs spike up all the time, similarly you can see cores or hyperthreads in the park state in the Windows Performance Monitor. There seems to be no easy way of telling which GPU (Intel chipset or Nvidia) is being used at any particular time.
All in all, loving the new machine.
25 Mar, 2011
Review of Bertrand Meyer's classic Object-oriented Software Construction
Originally Posted to Amazon - A Bit Disappointing Through Modern Eyes
I picked this up used after seeing references to this book for years. I believe I met Bertrand at OOPSLA years ago.
This book does have lots of nuggets in it in terms of the difference between object-oriented design (i.e. bottom up as opposed to the top-down of modular, external world simulation, command-query separation) but many of them seem to be almost throwaway lines or paragraphs. The examples, as befitting something designed for an undergraduate college course maybe do not draw out the true implications of the methodology being presented, i.e. text example for object modelling is a stack whereas more real world examples left as exercises at the end of the chapter.
Additionally, there is understandably a lot of coverage of Eiffel that served to illustrate one concrete implementation of the concepts and occasionally Betrand references features missing from the language. If you won't be using Eiffel, I think some of this gets in the way of the concepts.
My final observation is that much of the guidance, i.e. the dangers in finding objects from specification, really require an example to get the point across for those that haven't already failed at it on their own.
In terms of a modern approach to OO that better get across the practical practice I would recommend Domain-Driven Design: Tackling Complexity in the Heart of Software and Agile Software Development, Principles, Patterns, and Practices
10 Mar, 2011
iPad 1 Price Depreciation - Which iPad 2 to Buy?
Some food for thought for folks who sell one generation for the next of Apple products... iPhone 4 tethering might affect 3G price retention with iPad 2.
Using current (at time of blogging) gazelle.com offers:
Model Resell Value Loss Price Retention
16GB WiFi 300 199 60.1%
32GB WiFi 340 259 56.8%
64GB WiFi 405 294 57.9%
16GB WiFi+3G 340 289 54.1%
32GB WiFi+3G 380 349 52.1%
64GB WiFi+3G 530 299 63.9%
9 Mar, 2011
Getting Started With Ruby on Rails Devise 1.2 OmniAuth Integration For Facebook Authentication
Posted by woan 16:54 |
Permalink |
Comments (1) |
Trackbacks (0) |
Technology and Industry, Programming
Permalink |
Comments (1) |
Trackbacks (0) |
Technology and Industry, Programming A walk through of my experience with using the new Devise 1.2 built in OmniAuth authentication. Most of the information on the web including railcasts seem to cover rolling your own or other frameworks for integrating them.
I started with the project that I first added Devise authentication to that I described in the prior post (minus the User model and Devise views created): http://www.woan.org/plog/index.php?op=ViewArticle&articleId=1029&blogId=1
I used the Devise wiki as my guide: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I started with the project that I first added Devise authentication to that I described in the prior post (minus the User model and Devise views created): http://www.woan.org/plog/index.php?op=ViewArticle&articleId=1029&blogId=1
I used the Devise wiki as my guide: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
Setup
The first thing you will note is the warning on the page: WARNING: THIS REQUIRES DEVISE FROM GIT REPOSITORY, MASTER BRANCH. Of course as a newbie, I had to look this up. It means that you need to have the following in your Gemfile at the root of your Rails application (C:\Ruby192\apps\guestbook\Gemfile in my case):gem 'devise', :git => "git://github.com/plataformatec/devise.git", :branch => "master"
Of course this didn’t work for me as I didn’t git installed which is not required for gem install which is how I was installing gems. I installed git for Windows using the installer from the downloads section of: http://code.google.com/p/msysgit/
For omniauth, you need the following in your Gemfile:
gem "oa-oauth", :require => "omniauth/oauth"
With these in your Gemfile, you can run bundle install from your application root directory (C:\Ruby192\apps\guestbook in my case) to pick up the right versions. Of course the firewall where I am working from blocks git protocol (port 9418), so I had to explicitly tell the system to use http making the Gemfile line:
gem 'devise', :git => "http://github.com/plataformatec/devise.git", :branch => "master"
After that bundle install installed devise (1.2.rc) and oa-oauth (0.2.0.beta5) which you can verify with the gem list command, i.e. gem list devise.
Configuring Your Application
Just as with straight Devise, run the following from you application root directory (C:\Ruby192\apps\guestbook in my case):- rails generate devise:install
- rails generate devise User to generate User model to hold authentication details
- rails db:migrate to update the database
- rails generate devise:views to generate basic views log user
In devise.rb (C:\Ruby192\apps\guestbook\config\initializers\devise.rb in my case), add the following in the OmniAuth section:
config.omniauth :facebook, "APP_ID", "APP_SECRET"
In the generated User model (C:\Ruby192\apps\guestbook\app\models\user.rb in my case), make the model omniauthable (you can only do this to one model in you application according to the documentation so you can’t use multiple models for roles) by adding :omniauthable, :omniauth_providers => [:facebook] to the devise modules. You also need to add a couple methods to handle authentication: self.find_for_facebook_oauth and self.new_with_session. To make things easier, here is my entire user.rb:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:facebook]
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
def self.find_for_facebook_oauth(access_token, signed_in_resource=nil)
data = access_token['extra']['user_hash']
if user = User.find_by_email(data["email"])
user
else # Create an user with a stub password.
User.create!(:email => data["email"], :password => Devise.friendly_token[0,20])
end
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] &&
session["devise.facebook_data"]["extra"]["user_hash"]
user.email = data["email"]
end
end
end
end
Next I added the Facebook login to my application template (C:\Ruby192\apps\guestbook\app\views\layouts\application.html.erb in my case):
<%= link_to "Sign in with Facebook", user_omniauth_authorize_path(:facebook) %>
Now we configure and add the callbacks to handle the Facebook login. In routes.rb (C:\Ruby192\apps\guestbook\config\routes.rb in my case) add or modify the devise line:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
Create app/controllers/users/omniauth_callbacks_controller.rb (C:\Ruby192\apps\guestbook\app\controllers\users\omniauth_callbacks_controller.rb in my case):
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
# You need to implement the method below in your model
@user = User.find_for_facebook_oauth(env["omniauth.auth"], current_user)
if @user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
sign_in_and_redirect @user, :event => :authentication
else
session["devise.facebook_data"] = env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
In theory (according to the docs), we would be done now, but unfortunately you will get a SSL error on callback from Facebook if using Ruby 1.92. The issue and the hack around (basically ignore validation errors) are described: http://stackoverflow.com/questions/3977303/omniauth-facebook-certificate-verify-failed
I created the file C:\Ruby192\apps\guestbook\config\initializers\farraday_override.rb:
require 'faraday'
module Faraday
class Adapter
class NetHttp < Faraday::Adapter
def call(env)
super
is_ssl = env[:url].scheme == 'https'
http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80))
if http.use_ssl = is_ssl
ssl = env[:ssl]
if ssl[:verify] == false
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
else
http.verify_mode = OpenSSL::SSL::VERIFY_NONE # <= PATCH or HACK ssl[:verify]
end
http.cert = ssl[:client_cert] if ssl[:client_cert]
http.key = ssl[:client_key] if ssl[:client_key]
http.ca_file = ssl[:ca_file] if ssl[:ca_file]
end
req = env[:request]
http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout]
http.open_timeout = req[:open_timeout] if req[:open_timeout]
full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment)
http_req = Net::HTTPGenericRequest.new(
env[:method].to_s.upcase, # request method
(env[:body] ? true : false), # is there data
true, # does net/http love you, true or false?
full_path, # request uri path
env[:request_headers]) # request headers
if env[:body].respond_to?(:read)
http_req.body_stream = env[:body]
env[:body] = nil
end
http_resp = http.request http_req, env[:body]
resp_headers = {}
http_resp.each_header do |key, value|
resp_headers[key] = value
end
env.update \
:status => http_resp.code.to_i,
:response_headers => resp_headers,
:body => http_resp.body
@app.call env
rescue Errno::ECONNREFUSED
raise Error::ConnectionFailed.new(Errno::ECONNREFUSED)
end
def net_http_class(env)
if proxy = env[:request][:proxy]
Net::HTTP::Proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password])
else
Net::HTTP
end
end
end
end
end
Wa la! Facebook authentication achieved...
Usage Scenarios
Usage scenarios pretty much the same as with vanilla Devise except you can pull out some of the omniauth Facebook information for the user. See: http://www.woan.org/plog/index.php?op=ViewArticle&articleId=1029&blogId=1
Conclusion
Using the OmniAuth integration that comes with Devise 1.2 is pretty easy. It doesn’t do everything some of the other roll your own integration efforts with Devise 1.1, in particular saving access tokens for use with Facebook API. If you need more user Facebook integration, you might start here: http://blog.assimov.net/post/1635826492/facebook-integration-with-omniauth-and-devise-on-rails27 Feb, 2011
Lady Gaga Great in Pittsburgh Monster Ball Tour
The title sums it up, Gaga is super great in concert.
I had the pleasure of attending her Pittsburgh show last night. Scissor Sisters http://www.scissorsisters.com/ who I never heard of (lead singer announced that if we weren’t English or Gay, chances are we haven’t heard of them) opened up promptly at 8p and performed for just a bit more than half an hour. Upbeat dance music that goes over well with Lady Gaga fans. Lead singers Ana Matronic and Jake Shears were very thankful of Lady Gaga for inviting them on tour and appreciated the Little Monsters.
It took over an hour and fifteen minutes for Lady Gaga to take to the stage, during which they played all Michael Jackson songs.
As reported elsewhere the theme of the Monster Ball tour is a journey to the Monster Ball by Lady Gaga and friends. It is a unifying theme with a number of big set changes reminiscent of a Broadway Musical accompanied by costume changes, i.e. Miss Saigon comes to mind. Lady Gaga made it point to announce that she does not lip-sync and you could hear some heavy breathing with the elaborate dance numbers and when she talked to the audience between numbers. She also interjected Pittsburgh into a number of the songs and let us know her grandmother and family members came to the show from their homes an hour away in West Virginia. She talked about everyone being special and being on stage as the ultimate revenge on all those that bullied her growing up. Super high energy dancing and singing with elaborate staging reminded me of the Madonna concerts that I have only seen on TV. I would guess a third or half of the crowd got dressed up for the concert, and probably the whole Pittsburgh gay community showed up with some rainbow flags visible in the stands. Lady Gaga was on stage for almost exactly two hours and played all of her hits including the new Born This Way and at least one other song from her next album.
I have seen a lot of concerts and this one is definitely one of the best. I highly recommend seeing Lady Gaga live if you ever have a chance.
Side Note: I learned the hard way, Stubhub cuts off sales two hours before showtime. Prices for available tickets came down to half-price for some really good seats, i.e. $96 instead of $198. General Admission standing tickets came down to basically break even taking into account Stubhub fees, i.e. $130 in this case. I ended up getting a Ticketmaster GA ticket less than 2 hours before showtime even though they were sold out the night before; I paid $105 total for an $85 face value ticket making the Ticketmaster total fees $20 of which only $3.80 was an explicit service charge...
I had the pleasure of attending her Pittsburgh show last night. Scissor Sisters http://www.scissorsisters.com/ who I never heard of (lead singer announced that if we weren’t English or Gay, chances are we haven’t heard of them) opened up promptly at 8p and performed for just a bit more than half an hour. Upbeat dance music that goes over well with Lady Gaga fans. Lead singers Ana Matronic and Jake Shears were very thankful of Lady Gaga for inviting them on tour and appreciated the Little Monsters.
It took over an hour and fifteen minutes for Lady Gaga to take to the stage, during which they played all Michael Jackson songs.
As reported elsewhere the theme of the Monster Ball tour is a journey to the Monster Ball by Lady Gaga and friends. It is a unifying theme with a number of big set changes reminiscent of a Broadway Musical accompanied by costume changes, i.e. Miss Saigon comes to mind. Lady Gaga made it point to announce that she does not lip-sync and you could hear some heavy breathing with the elaborate dance numbers and when she talked to the audience between numbers. She also interjected Pittsburgh into a number of the songs and let us know her grandmother and family members came to the show from their homes an hour away in West Virginia. She talked about everyone being special and being on stage as the ultimate revenge on all those that bullied her growing up. Super high energy dancing and singing with elaborate staging reminded me of the Madonna concerts that I have only seen on TV. I would guess a third or half of the crowd got dressed up for the concert, and probably the whole Pittsburgh gay community showed up with some rainbow flags visible in the stands. Lady Gaga was on stage for almost exactly two hours and played all of her hits including the new Born This Way and at least one other song from her next album.
I have seen a lot of concerts and this one is definitely one of the best. I highly recommend seeing Lady Gaga live if you ever have a chance.
Side Note: I learned the hard way, Stubhub cuts off sales two hours before showtime. Prices for available tickets came down to half-price for some really good seats, i.e. $96 instead of $198. General Admission standing tickets came down to basically break even taking into account Stubhub fees, i.e. $130 in this case. I ended up getting a Ticketmaster GA ticket less than 2 hours before showtime even though they were sold out the night before; I paid $105 total for an $85 face value ticket making the Ticketmaster total fees $20 of which only $3.80 was an explicit service charge...
25 Feb, 2011
Getting Started with Devise Authentication and Access Control for Ruby on Rails 3 Applications
Posted by woan 16:23 |
Permalink |
Comments (3) |
Trackbacks (0) |
Technology and Industry, Programming
Permalink |
Comments (3) |
Trackbacks (0) |
Technology and Industry, Programming Adding basic authentication and access control using Devise to my Ruby on Rails 3 Applications was incredibly easy. I’ll review my steps and provide some notes on basic use scenarios that where I thought the documentation was a bit lacking for beginners like me.
I’ll assume you already have an application that you would like to secure. Mine is installed in apps\guestbook in my Ruby directory, so substitute paths appropriately.
The README distributed with Devise is pretty good: https://github.com/plataformatec/devise#readme
Install and configure for your app:At this point, you can start securing parts of your application. I went through 3 basic scenarios: by controller, by view, by controller method.
Secure by Controller
This is for scenarios where you managed to partition your website by access requirements, i.e. you have an admin or registered user section with its own controllers.
This is the easiest of the scenarios because you just add before_filter :authenticate_user! to your controller (in my case apps\guestbook\app\controllers\guestbook_entries_controller.rb):
end
end
There you have it, easy peasy. Some more complex scenarios are covered in the HOWTO documentation on the Devise wiki: https://github.com/plataformatec/devise/wiki
I’ll be looking into omniauth for Facebook Connect and integrating with other authentication systems next.
I’ll assume you already have an application that you would like to secure. Mine is installed in apps\guestbook in my Ruby directory, so substitute paths appropriately.
The README distributed with Devise is pretty good: https://github.com/plataformatec/devise#readme
Install and configure for your app:
- gem install devise from my Ruby directory
- add gem 'devise' at the end of apps\guestbook\Gemfile
- rails generate devise:install from apps\guestbook to configure my app for Devise
- rails generate devise User to generate User model to hold authentication details
- check devise_for :users added to apps\guestbook\config\Routes.rb and set root if you haven’t already
- optionally edit model apps\guestbook\app\models\user.rb (I left it as is)
- optionally edit db migration file in apps\guestbook\db\migrate\<datestamp>_devise_create_users.rb (I left it as is)
- rails db:migrate to update the database
- rails generate devise:views to generate basic views log user
Optionally add sign in to your application template (apps\guestbook\app\views\layouts\application.html.erb):
Signed in as <%= current_user.email %>. Not you?
<%= link_to "Sign out", destroy_user_session_path %>
<% else %>
<%= link_to "Sign up", new_user_registration_path %> or <%= link_to "sign in", new_user_session_path %>
<% end %>
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
<div id="user_nav">
<% if user_signed_in? %>Signed in as <%= current_user.email %>. Not you?
<%= link_to "Sign out", destroy_user_session_path %>
<% else %>
<%= link_to "Sign up", new_user_registration_path %> or <%= link_to "sign in", new_user_session_path %>
<% end %>
</div>
Secure by Controller
This is for scenarios where you managed to partition your website by access requirements, i.e. you have an admin or registered user section with its own controllers.
This is the easiest of the scenarios because you just add before_filter :authenticate_user! to your controller (in my case apps\guestbook\app\controllers\guestbook_entries_controller.rb):
class GuestbookEntriesController < ApplicationController
before_filter :authenticate_user!
With the before_filter in place, unauthenticated users will be redirected to a login page before access to any of the controller’s views or methods.
Secure by View
This is where you present different options in a view based on whether a user has been authenticated. You can call user_signed_in? to conditionally present in a view. For example, I present a Destroy option only when the user is authenticated:
<% if user_signed_in? %>
<li><%= link_to 'Destroy', guestbook_entry, :confirm => 'Are you sure?', :method => :delete %></li>
<% end %>
If not strictly to selectively display, you will want to couple this scenario with the next of Secure by Controller Method otherwise, the view can be bypassed and the method called directly.
Secure by Controller Method
Similar to Secure by View scenario, you can call user_signed_in? For example:
With the before_filter in place, unauthenticated users will be redirected to a login page before access to any of the controller’s views or methods.
Secure by View
This is where you present different options in a view based on whether a user has been authenticated. You can call user_signed_in? to conditionally present in a view. For example, I present a Destroy option only when the user is authenticated:
<% if user_signed_in? %>
<li><%= link_to 'Destroy', guestbook_entry, :confirm => 'Are you sure?', :method => :delete %></li>
<% end %>
If not strictly to selectively display, you will want to couple this scenario with the next of Secure by Controller Method otherwise, the view can be bypassed and the method called directly.
Secure by Controller Method
Similar to Secure by View scenario, you can call user_signed_in? For example:
# DELETE /guestbook_entries/1
# DELETE /guestbook_entries/1.xml
def destroy
if user_signed_in?
@guestbook_entry = GuestbookEntry.find(params[:id])
@guestbook_entry.destroy
respond_to do |format|
format.html { redirect_to(guestbook_entries_url) }
format.xml { head :ok }
end
else
respond_to do |format|
format.html { redirect_to(guestbook_entries_url, :notice =>
# DELETE /guestbook_entries/1.xml
def destroy
if user_signed_in?
@guestbook_entry = GuestbookEntry.find(params[:id])
@guestbook_entry.destroy
respond_to do |format|
format.html { redirect_to(guestbook_entries_url) }
format.xml { head :ok }
end
else
respond_to do |format|
format.html { redirect_to(guestbook_entries_url, :notice =>
'Must be logged in to delete entry') }
format.xml { render :xml => @guestbook_entry.errors,:status => :unprocessable_entity }
endend
end
There you have it, easy peasy. Some more complex scenarios are covered in the HOWTO documentation on the Devise wiki: https://github.com/plataformatec/devise/wiki
I’ll be looking into omniauth for Facebook Connect and integrating with other authentication systems next.
20 Feb, 2011
Ruby on Rails 3 AJAX Classic and Internet Explorer 9
While using the classic Rails forms AJAX ":remote => true" with Format.js .js.rjs views, hitting submit button in IE9 RC caused double submissions. The first request is the expected "as JS" submission but it is immediately followed by an "as HTML" submission with the same data.
In searching the web, I found a reference to update rails.js if encountering problems Internet Explorer. I tried that with no change. Searching some more I found: http://prototypejs.org/2010/10/12/prototype-1-7-rc3-support-for-ie9 and noticed my Rails 3 distro came with 1-7-rc2. Getting the latest stable version of prototype.js http://prototypejs.org/download resolved the double submission issue.
I reverted to the original version of rails.js and everything continues to work.
18 Feb, 2011
Favorite IBM Watson Jeopardy Links
- IBM Watson Home: http://www-943.ibm.com/innovation/us/watson/
- Nova Smartest Machine on Earth TV episode and followup: http://www.kurzweilai.net/how-watson-works-a-conversation-with-eric-brown-ibm-research-manager
- Q&A with Watson team on Reddit: http://asmarterplanet.com/blog/2011/02/the-watson-research-team-answers-your-questions.html
- Behind Watson’s storage: http://www.computerworld.com/s/article/9210319/Brain_behind_IBM_s_Watson_not_unlike_a_human_s
- How Watson works: a conversation with Eric Brown, IBM Research Manager: http://www.kurzweilai.net/how-watson-works-a-conversation-with-eric-brown-ibm-research-manager
- Brad Rutter Why I Lost to Watson: http://blogs.wsj.com/ideas-market/2011/02/21/why-i-lost-to-watson/
- Ken Jennings Blog: http://ken-jennings.com/blog/?p=2578
- Slate Ken Jennings: http://www.slate.com/id/2284721
- Washington Post Ken Jennings Q&A: http://live.washingtonpost.com/jeopardy-ken-jennings.html
- NY Daily Ken Jennings Op-ed: http://www.nydailynews.com/opinions/2011/02/17/2011-02-17_ken_jennings_exclusive_oped_jeopardy_champ_says_computer_nemesis_watson_had_unfa.html
- TED Post Jeopardy Future of Watson talk: http://www.ted.com/webcast/archive/event/ibmwatson
- TV Ratings: http://blogs.wsj.com/speakeasy/2011/02/17/watson-boosts-ratings-on-jeopardy/
14 Feb, 2011
Monetizing Your Website With Google Adsense and Amazon Affiliates
Both of these are pretty painless and only take a few minutes each.
Google Adsense: https://www.google.com/adsense Ridiculously simple... Then just drive traffic to your website...
Google Adsense: https://www.google.com/adsense
- After registering go to “My ads” tab in the UI and select “+ New ad unit”
- Complete the wizard (probably want to view examples) and then cut and paste in your website (probably want to edit a template or add styling to float it on the side of your content somewhere)
- After registering select “Widgets” tab and choose your favorite widget type
- Go through the wizard and then cut and paste in your website (probably want to edit a template or add styling to float it on the side of your content somewhere)
I am a bit partial to the My Favorites widget to recommend some of your favorite items.
14 Feb, 2011
Installing Ruby on Rails on Windows
A reminder in case I need to do this again...
The basics: http://rubyonrails.org/download
Didn't mention that you need Sqlite (error occurs in "rails server" step):
- Get Sqlite binaries: http://www.sqlite.org/download.html
- Extract binaries in \Ruby192\bin or whatever bin directory you installed Ruby in
- gem install sqlite3
12 Feb, 2011
What is Quora? Good and Bad
I have to admit to a quora.com addiction of late. Along with news sites, Twitter and Facebook, it offers bite sized distractions (I wouldn’t have even thought that I would be interested in MSG but it crossed my feed this morning). I think it has the potential to cross the chasm into mainstream utility, but a nagging question remains: what is it and how to describe it?
Always interesting to see how others answer the question:
http://www.quora.com/What-is-Quora-1
and additional insight:
http://www.quora.com/What-is-limiting-Quora-as-a-product
Taken at face value, quora.com is a Q&A site which is something akin to a wikipedia with multiple entries for each topic and definitely a healthy dose of opinion. The interface is a cross between search and social network following of both people and subjects.
The Good (maybe Great):
The great thing about quora.com is that there are some fantastic and thoughtful answers to interesting questions. There are also some interesting personalities you can follow along with your friends. Depending on subject area and serendipity, you can get pretty quick answers to new questions.
The quora.com UI is also very good and responsive. I love how you can navigate notifications with a next button rather than having to select from a list (as you do on Facebook). In place questions update is cool and using Facebook connect to help you find your friends is good.
For folks answering questions, I like the ability to edit your own answer and comment on both the question and specific answers. Being able to suggest edits of answers is also nice for fixing grammatical errors which definitely improves readability of answers compared to other user created content sites.
The Bad (maybe not so Great):
The not so great thing about quora.com is how to get effectively use the site when not seeking an answer to a specific question (your own or by searching for an existing question).
You can follow people on the site, tagged topics, and specific questions (whether or not you asked them). When you follow something, recent updates appear on the home page assuming you logged in and you will get notifications for updates to specific questions you follow. Unless your interests are very narrow, things will almost certainly have scrolled off the home page before you see them, and you will have to use search to catch up if motivated to do so. The notifications are more useful as you can navigate them and see specifically what has been updated and by whom. At some level there is information overload and a high probability of missing something that could be of interest. Is this a real problem? I guess you can argue that it's like air, you don’t have to consume it all just because it exists. On the other hand, you spend a lot time looking at things you are less interested in while missing stuff you are more interested in so there is definitely waste or opportunity for optimizing the time you spend on the site.
Someone else pointed out that there are a lot of high quality questions that go unanswered. The reasons for this seem numerous including: critical mass of people interested and capable of answering and likelihood that someone who would answer the question actually sees the question. Similar to the information overload issue there is an opportunity to better match specific questions with people interested in answering them.
Summary:
There is a lot to like about quora.com but for many the experience is going to be simply over or underwhelming based on happenstance. If you get a burning question answered quickly or something you are oddly interested in appears in your stream, you are going to think it's the greatest thing ever. If you just see a never ending stream of updates of little interest when you hit the home page or have a burning question left unanswered, you will think little of it.
I still don’t know exactly how to describe it or how it will evolve, but quora.com certainly has my interest as potentially something simply great.
Always interesting to see how others answer the question:
http://www.quora.com/What-is-Quora-1
and additional insight:
http://www.quora.com/What-is-limiting-Quora-as-a-product
Taken at face value, quora.com is a Q&A site which is something akin to a wikipedia with multiple entries for each topic and definitely a healthy dose of opinion. The interface is a cross between search and social network following of both people and subjects.
The Good (maybe Great):
The great thing about quora.com is that there are some fantastic and thoughtful answers to interesting questions. There are also some interesting personalities you can follow along with your friends. Depending on subject area and serendipity, you can get pretty quick answers to new questions.
The quora.com UI is also very good and responsive. I love how you can navigate notifications with a next button rather than having to select from a list (as you do on Facebook). In place questions update is cool and using Facebook connect to help you find your friends is good.
For folks answering questions, I like the ability to edit your own answer and comment on both the question and specific answers. Being able to suggest edits of answers is also nice for fixing grammatical errors which definitely improves readability of answers compared to other user created content sites.
The Bad (maybe not so Great):
The not so great thing about quora.com is how to get effectively use the site when not seeking an answer to a specific question (your own or by searching for an existing question).
You can follow people on the site, tagged topics, and specific questions (whether or not you asked them). When you follow something, recent updates appear on the home page assuming you logged in and you will get notifications for updates to specific questions you follow. Unless your interests are very narrow, things will almost certainly have scrolled off the home page before you see them, and you will have to use search to catch up if motivated to do so. The notifications are more useful as you can navigate them and see specifically what has been updated and by whom. At some level there is information overload and a high probability of missing something that could be of interest. Is this a real problem? I guess you can argue that it's like air, you don’t have to consume it all just because it exists. On the other hand, you spend a lot time looking at things you are less interested in while missing stuff you are more interested in so there is definitely waste or opportunity for optimizing the time you spend on the site.
Someone else pointed out that there are a lot of high quality questions that go unanswered. The reasons for this seem numerous including: critical mass of people interested and capable of answering and likelihood that someone who would answer the question actually sees the question. Similar to the information overload issue there is an opportunity to better match specific questions with people interested in answering them.
Summary:
There is a lot to like about quora.com but for many the experience is going to be simply over or underwhelming based on happenstance. If you get a burning question answered quickly or something you are oddly interested in appears in your stream, you are going to think it's the greatest thing ever. If you just see a never ending stream of updates of little interest when you hit the home page or have a burning question left unanswered, you will think little of it.
I still don’t know exactly how to describe it or how it will evolve, but quora.com certainly has my interest as potentially something simply great.
My quora.com profile: http://www.quora.com/Ronald-S-Woan
9 Feb, 2011
Scouting for Star Talent Potential
Summary:
The battle for star talent is always fierce, but I haven’t seen it this fierce even during the height of the Internet Boom of the 90s. We have huge well-funded juggernauts in Google and Facebook hiring as fast as they can. There is a resurgence in sexy technology startups in hot geographies continually looking for talent.
If you are an employer looking for star talent, I am sure you know how hard it is after you tapped out your personal network. The next best thing to hiring established star talent is to identify star talent potential in both existing and prospective employees and develop that potential. Many argue that being able to develop star talent potential is more important in the long term than hiring star performers in terms of competitive advantage. The key to identifying star talent potential is to separate skills that can be taught and learned from key indicators that indicate a propensity for adopting them. Two books I recommend in terms of star talent skills that can be taught and learned are How to Be a Star at Work: 9 Breakthrough Strategies You Need to Succeed and Leading Change. They key indicators I use after over a decade of recruiting and developing engineering talent are Integrity, Passion, and Curiosity:
The battle for star talent is always fierce, but I haven’t seen it this fierce even during the height of the Internet Boom of the 90s. We have huge well-funded juggernauts in Google and Facebook hiring as fast as they can. There is a resurgence in sexy technology startups in hot geographies continually looking for talent.
If you are an employer looking for star talent, I am sure you know how hard it is after you tapped out your personal network. The next best thing to hiring established star talent is to identify star talent potential in both existing and prospective employees and develop that potential. Many argue that being able to develop star talent potential is more important in the long term than hiring star performers in terms of competitive advantage. The key to identifying star talent potential is to separate skills that can be taught and learned from key indicators that indicate a propensity for adopting them. Two books I recommend in terms of star talent skills that can be taught and learned are How to Be a Star at Work: 9 Breakthrough Strategies You Need to Succeed and Leading Change. They key indicators I use after over a decade of recruiting and developing engineering talent are Integrity, Passion, and Curiosity:
- Integrity - who wants to spend time with or follow people they don’t trust.
- Passion - it takes passion to overcome all the potholes on the road to success. Passion is contagious and helps motivate people.
- Curiosity - it is hard to improve without curiosity, those that don’t take the time to learn and rationalize their positions will be ineffective in communicating and motivating others.
Once you recruit or identify potential talent comes the hard part of developing that talent be it through formal training or mentoring. For IBM’s Extreme Blue program, my staff built education programs around How to Be a Star at Work: 9 Breakthrough Strategies You Need to Succeed and business and technical basics. I have found huge payoffs personally and organizationally from investing in such programs and continued them in my startup life.
Background:
Developing talent is one of the most important responsibilities for leaders and makes or breaks many companies. Almost all of the star CEO books I have read from Jack Welch to Lou Gerstner primarily focus on talent management. Hiring is only the first step of building talent in your organization and for many is the most important step because of the high cost of getting it wrong and the high return of getting it right. Years ago I developed a framework for identifying exceptional talent potential for IBM’s Extreme Blue Business and Talent Incubator (EB) centered around Skills, Passion, and Experience. Taking account the rate of change in the technology industry as well as more diverse personal experience led me to evolve this to Integrity, Passion, Curiosity.
Developing talent is one of the most important responsibilities for leaders and makes or breaks many companies. Almost all of the star CEO books I have read from Jack Welch to Lou Gerstner primarily focus on talent management. Hiring is only the first step of building talent in your organization and for many is the most important step because of the high cost of getting it wrong and the high return of getting it right. Years ago I developed a framework for identifying exceptional talent potential for IBM’s Extreme Blue Business and Talent Incubator (EB) centered around Skills, Passion, and Experience. Taking account the rate of change in the technology industry as well as more diverse personal experience led me to evolve this to Integrity, Passion, Curiosity.
- Integrity - There is no trust without integrity. This is foundational value and personal attribute that I took for granted thus leaving it out of the EB hiring framework. I really wish I could leave it off but subsequent experience has reminded me both of its importance and that it is not something to be taken for granted in our industry (just look at recent cheating reports in Universities, amount of resume inflation, and some of the industry behind the scenes blogs). I am grateful for having joined a group in IBM out of college where there was very little drama and a real commitment to integrity and ethics beyond reproach. IBM’s employee guidelines, that had to be signed off annually by every employee, had integrity beyond reproach as the highest tenet specifically singling out sins of omission that can affect decisions which is all to common in our industry. This really set the standard for the rest of my professional career as I unexpectedly joined organizations with far more drama and questionable practices. From a leadership perspective, lack of trust adds friction and can destroy organizations from within. Lack of integrity significantly affects an individuals ability to lead. There are celebrated counter examples where vision, passion, and success have overcome significant integrity and ethics problems, but I think most of us would prefer to avoid the distraction. Aside from personal experience with a candidate, professional references, web search, and maybe a criminal background check, the most effective way for evaluating a candidates integrity may be resume validation (ask the candidate questions that they should be able to answer easily based on what is in their interview) . I came across a HBR blog entry by Ron Ashkenas just today on this subject: Why Integrity is Never Easy.
- Passion - People perform better when they are doing something they are passionate about. Passion takes many forms but a couple of important ones are passion for mission and passion for craft. Passion is also very personal, and understanding an individual’s passion is important for knowing how to motivate them. Individuals that have a real passion for your company’s mission will be more flexible in finding opportunities to add value to your organization, will likely provide macro insight as they have empathy for the organization’s customers, and stick with the organization during the hard times that are sure to come. Passion for the craft, i.e. building great software, is indicative of craftsmanship and personal continuous improvement that will constantly serve to improve organizational capability. To evaluate mission passion, you can look at domain experience (if they are really passionate about something, they should have done something to indicate it) and behavioral interview questions such as “why do you want to work here?” and “what distinguishes you from other candidates for this position?” and “what do you like or dislike about our product? how would you make it better?” Passion for the craft can also be judged by experience, i.e. what has that individual done to improve their own and the state of the craft? Conference, blog, professional association participation can all be key indicators.
- Curiosity - There is little growth or innovation without curiosity. Curiosity is at the heart of agility, craftsmanship, and continuous improvement all important characteristics for individuals and organizations. There is a lot of discussion of late on the success of startups based on their ability to pivot which is just another way of describing agility. It takes curiosity to constantly challenge assumptions, reevaluate business models and the market to know when to pivot. Similarly, advances in software development and decision making is dependent on constantly understanding and challenging assumptions as well as keeping abreast of the field. You can evaluate a candidates curiosity by asking the candidate why they made the choices they did, and what they learned from them in success and failure. The curious will have reflected and tried to develop or apply a framework to those situations. For software developers in particular, I like to ask how they learned a particular framework and what underlying principles and assumptions went into their development. You are looking for people that went beyond learning just enough to do the job at hand but have the insight on where the framework fits. You can always ask candidates what they are interested in and how they have pursued learning more about them to tie together passion and curiosity.
2 Dec, 2010
Engineering Team Culture - Embracing Diversity
Posted by woan 12:59 |
Permalink |
Comments (0) |
Trackbacks (0) |
Technology and Industry, Management and Engineering
Permalink |
Comments (0) |
Trackbacks (0) |
Technology and Industry, Management and Engineering In a previous entry I discussed Corporate Culture, but what about engineering team culture in particular? What constitutes a strong engineering team culture? How do you build and maintain it? How is this related to your development methodology? What is the role of an engineering manager? These are all tough questions to answer and there is no silver bullet, per Fred Brooks. They are all tied together and there are a number of tradeoffs you have to make as an organization.
One of the most interesting tradeoffs you make when putting together a new team is between diversity and conformity. It turns out strict adherence to many development methodologies requires imply quite a bit of conformity that you implicitly or explicitly recruit for (the adage of interviewing primarily for cultural fit comes to mind, GE is the canonical posterchild). There is an implicit belief in Agile communities that this is the true path and companies are very proud to proclaim themselves true believers, i.e. all of our code is pair programmed and developed with TDD, we practice XP or Scrum classic. Companies practicing a strict methodology attract and retain those that work well with such a system. There are lots of really good and great developers that don't work well in such a system and not because they are antisocial or properly motivated, but often because they are just different than existing team members (communication or cognitive styles, environmental preferences, etc...). If you have great brand recognition and significant recruitment resources, you might find it easy to passover this talent and really get the best of those that do fit, the same if you are really small and just recruiting developers from personal networks. Even so do you lose anything other than access to a larger talent pool? Kirton Adaption Innovation theory (KAI) suggests you do lose something; ironically what you lose is agility.
In KAI, there is a saying that goes something like this: conformity leads to efficiency, diversity improves odds of survival when circumstances change. An intuitive explanation is that diverse teams see the world through many different perspectives and at the same time those different perspectives make it more difficult to come together to execute on a plan. Diversity here can refer to many forms including skills, experience, cognitive styles, etc... At the same time not all forms of diversity are good, i.e. integrity, and diverse teams are certainly much harder to manage and the diversity has to be addressed directly by team culture, management style, and methodology. Is it worth it? I think every management team has to decide for itself and the answer may change over time. For example starting out with a bunch of close friends and running as fast as possible is almost inherently a less diverse organization. Over time as the organization becomes larger with more defined roles, the ability to attract and retain from a greater pool may make the overhead of managing diversity more attractive. As an organization faces rapid changes in business model or looks for innovation from within the organization, it may also find the agility afforded by diversity incredibly attractive and worth the effort.
At Azaleos, after we received a couple rounds of funding and became a middle-age startup when we offered competitive compensation rather than ownership incentives, it became imperative to access a larger talent pool. With a small development team there were some areas I didn't feel like I could compromise in, i.e. colocation, because there was no way to absorb the management cost of remote team members. I explicitly recruited developers that were experienced and inexperienced, with and without systems backgrounds, and those comfortable and not so comfortable with agile practices. I had to couple this with a blended methodology and management style that addressed the needs of the individual and at the same time built team cohesion. I skewed areas of business ownership to individual developers on the basis of their ability to relate to and communicate with specific customers, paired developers for cross-mentorship opportunities. I expended a lot of effort to keep individual developers in their comfort zone as much as possible, such that there is an energy reserve in times of crisis. At the same time, it is still one team, and culture, development practices and infrastructure to support team coherence are incredibly important. Major themes used to tie the team together are presented in the bumper sticker and corporate culture blog entries but start with the customer focus maturity model and continuous improvement. Standard agile practices are broken down between mandatory and encouraged practices, i.e. devops, standup, continuous integration, strong coding standard, ruthless refactoring in mandatory practices, while pair programming, brownbags, and regular breaking of bread together in encouraged practices. I tailored environmental accomodations for personal preferences in decoration, messy v tidy, privacy, working hours, and level of desired cacophony.
At IBM Extreme Blue, I made far less individual accomodations despite specifically recruiting for diversity because of the shorter nature of the projects made compromise to the norm far easier on team members to tolerate, i.e. not as worried about burnout in a 3 month assignment. With each Extreme Blue project session we held retrospectives and tried both to improve and experiment with the methodology built around strong themes of "Start Something Big," bizdev (fusion of business and technical development in colocated team), and hyper-communications. A related topic for another day is the sustainability of high performance teams, i.e. some members of the 1996 Atlanta Olympic Games web team worked 100 hour weeks for 6 months, yet many fondly recall it as the most fun they have had working.
Another personal anecdote, using KAI I test exactly in the midpoint of the adaption innovation scale for cognitive style which indicates that I am able to effectively interact with the largest possible segment of the general population. At IBM there were some brilliant superstars that I was able to relate to and serve as a bridge between them and their management, as well as their colleagues that they had difficulty interacting with. At the same time there was a time I had great difficulty interacting with a specific manager and had an assistant assigned to act as a bridge that worked incredibly well and proved to be sustainable. I think this is actually ingrained within the IBM tradition of Respect for the Individual:
“You can make wild ducks tame, but you can never make tame ducks wild again,” said Watson Jr. “One might also add that the duck who is tamed will never go anywhere any more. We are convinced that any business needs its wild ducks. And in IBM we try not to tame them.”
Embracing diversity requires significant effort and direct attention by management and team members. The payoff can be a stronger innovative organization able to deal with change in business models, market, and unforseen challenges. It also opens up a larger available talent pool. Embracing diversity ties in directly with the agile principle of embracing change.
References:
- Occupational Research Centre & KAI Distribution Centre http://www.kaicenter.com/
- Adaption-Innovation: In the Context of Diversity and Change http://www.amazon.com/Adaption-Innovation-Context-Diversity-M-J-Kirton/dp/0415298512
- How to Be a Star at Work: 9 Breakthrough Strategies You Need to Succeed http://www.amazon.com/How-Star-Work-Breakthrough-Strategies/dp/0812931696
- TJ Watson Wild Duck quote and explanation http://www.evancarmichael.com/Famous-Entrepreneurs/739/Lesson-2-Dont-Try-to-Tame-a-Wild-Duck.html
