Edge Rails now comes with protection from CSRF attacks which is implemented via a token that gets inserted in forms. This causes problems when developing Facebook applications on Rails if coupled with the Cookie Session Store which is the default Session Store in Rails 2.0 and Edge since Changeset 6184.
With Cookie Session Store, the token generator uses a salt generated from the cookie itself. I suspect Facebook modifies the cookie in between requests in ways that yield a different salt each time, causing the the token verifier to flag it as invalid.
Until I understand this problem in more detail, the current solution is to use ActiveRecord Session Store and set your own salt via the :secret option on protect_from_forgery. Rails will now successfully verify the token as legit.
Update: Looks like you can keep your Cookie Session Store. Just set the :secret manually as in the paragraph above and everything should be dandy.
Update: To make it clear, the exact exception you will hit is the ActionController::InvalidAuthenticityToken.
Update: Ignore the update that you can use Cookie Session Store with Facebook. You can’t. Until Facebook-the-giant-proxy forwards our cookies, any cookie that we read from the client will not from our own app but Facebook’s own.
At RSB, we strongly believe in tests - copious amounts of tests. We have so many tests that we had to modify our Capistrano deployment recipes to NOT checkout our spec directory. Okay, I’m exaggerating. We do have decent amount of test, especially on the still-under-development Rails plugin to ease an aspect of Facebook development (we like to call it our secret sauce - look out for that soon).
So, we have autotest to keep us honest. The thing that bugs us is that autotest eats significant CPU resources as it constantly polls the filesystem to check file modification times. Aizat Faiz, one of our newest member to the RSB family, decided to hack autotest to utilize Leopard’s new File System Events with a bit of RubyCocoa glue. Now, autotest is informed of filesystem changes. Beautiful.
Go check out the blog entry, grab the code and paste it in your ~/.autotest file. Your machine will thank you.
RSB started with myself (Kegan) and Kamal back in August 2007. Today we are proud to announce that we have grown by more than 100%! The new additions to the team are Sean Sean, Aizat, and Saimer.
Sean Sean Tan has been freelancing with us since September 2007. She is our CSS Princess, wielding her magic wand to ensure our web apps are pixel perfect across different browsers. We are excited that she will join us full-time as a new member of the RSB Super Band this December.
Aizat Faiz is the programming genius. He is currently an undergraduate student in Monash University, so we worked out a flexible arrangement that keeps everyone happy. We first met Aizat at the very first Malaysia.rb meetup (there were only three of us that day) and every meetup since. It boggles the mind when you consider how amazingly active Aizat is with involvements in Malaysia.rb, the Malaysian FOSS community, part-timing with QubeConnect and juggling school at the same time. We even managed to team up with him for a couple of Rails competitions. Such talent and drive is hard to come by, so we are extremely happy he is now on board with us.
Finally, I’d like to introduce Saimer Moo - our handyman. He has all the skill set in the whole software product development lifecycle. He can code, do graphic and web design, and perform system administration. A group leader and managing a few people in his previous job, Saimer has joined RSB to venture into a whole new world of Web 2.0.
We are not stopping here. RSB is constantly hiring. Drop me an email personally at kegan@ror.com.my for a chance to work with these amazingly talented people, building the next big thing on awesome hardware.
There is absolutely no remedy, no miracle cure or fix for the climate-challenged central air conditioning in our building. Namely, we have air that is cold enough to leave you physically numb and braindead as you slowly witness work productivity grind to a complete halt right next to the big fat zero in stillframe motion and inevitably cause the nuclear meltdown outside to be a sanctuary for warmth.
Yesterday was just like any other indoor Artic day… except, THE INTERNET BROKE.
So today, we’re working from the comforts and regulated temperature of our own homes :)
Oh, and three guesses to who our provider is. Yeah, Screamyx.
I’m sure the furniture in our office counted their blessings since I didn’t have to make the call to find out what was wrong :) I would’ve rather cut myself and swan dive off the roof of our building (yeah, yeah with the bloodcurdling scream and what not) than talk to Streamyx’s customer UNsupport.
Of course, even after Kegan spent an unhealthy amount of time with the good folks who didn’t know what they were doing AT ALL… the internet was still down! Well yeah, because they made him unplug and replug some wires… while they earnestly prayed and secretly sacrificed little animals in TM’s headquarters in hopes the re-plugging would actually fix something, anything.
For times like these, there really needs to be a reboot button I can stab repeatedly that will magically restore the internet connection… or feed the hamsters powering the lines in TM’s basement.
Our company, RSB, was incorporated in August 2007. For those who don’t know, RSB stands for Ruby On Rails Sdn Bhd (633553-T). Some even call us RSB Sdn Bhd or Ruby Super Brothers.
As the company name(s) would imply, we are a Ruby On Rails software house based in Cyberjaya, Malaysia. Everyone here is a Ruby/Rails enthusiast. We think it is the right tool for building (most) web applications. We are also passionate about Agile software development, in particular the XP methodology. Coupled with Rails, this enables us to rapidly churn out solid web applications while maintaining a good work-life balance. This is codified in our unwritten rules: thou shalt write the tests first, thou shalt pair program (unless unavoidable) and thou shalt leave by 6PM.
On the hardware front, we strongly believe in providing the developers the best tools to work with. Each developer is provided a MacBook and a 20″ widescreen LCD. Did I mention that we are actively hiring?
So, what do we do? We build engaging social web applications. Watch out for our upcoming product launches.
How do we make money? The short answer is that “We don’t, not yet. But we have some solid plans”. The long answer is the same as the short answer. So how do we survive for now? Well, we have very strong private funding. And that’s all I can say for now.