Wednesday, July 16, 2014

User Authentication on ruby on rails

Devise is the ruby gem we need for this.


The official guide is here:

https://github.com/plataformatec/devise

I additionally had to make app/controllers/application_controller.rb look like the following to get the sign in to happen:
class ApplicationController < ActionController::Base  # Prevent CSRF attacks by raising an exception.  # For APIs, you may want to use :null_session instead.  protect_from_forgery with: :exception
  before_filter :require_login
  before_filter :check_if_devise
  private
    def check_if_devise        if params[:controller].include? "devise/registrations" and params[:action].include? "create"        end    end
    def require_login      if not current_user and not params[:controller].include? "devise"        redirect_to new_user_session_path      end    end
end
Then I had to make app/views/layouts/application.html.erb look like this:
<!DOCTYPE html><html><head>  <title>Universalnewsaggregator</title>  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>  <%= csrf_meta_tags %></head><body><p class="navbar-text pull-right"><% if user_signed_in? %>  Logged in as <strong><%= current_user.email %></strong>.  <%= link_to 'Edit profile', edit_user_registration_path, :class => 'navbar-link' %> |  <%= link_to "Logout", destroy_user_session_path, method: :delete, :class => 'navbar-link'  %><% else %>  <%= link_to "Sign up", new_user_registration_path, :class => 'navbar-link'  %> |  <%= link_to "Login", new_user_session_path, :class => 'navbar-link'  %><% end %><p class="notice"><%= notice %></p><p class="alert"><%= alert %></p><%= yield %>
</body></html>

The user auth code I got from here:
http://guides.railsgirls.com/devise/

And at this point I finally get a login for the site that looks like this:

The commands that I used for this project.
Create the heroku project and copy the given command to check out the project locally.
git clone git@heroku.com:universalnewsaggregator.git -o heroku
rails new universalnewsaggregator
cd universalnewsaggregator
vi Gemfile
  # add in devise and other required gems.
bundle install
rake db:drop
  # just to get rid of the old similar database I had created before on first try.
rails generate devise:install
rails generate devise user
  # or instead of user, you could call it member, or whatever.
rake db:migrate
vi apps/views/layouts/application.html.erb 
vi app/controllers/application_controller.rb
vi app/views/layouts/application.html.erb
rails generate scaffold news
vi config/routes.rb
  # make sure it has the following:
  devise_for :users
  resources :news
  root "news#index"

# edit the database to use postgress
vi config/database.yml
  # put in the postgres sections

#finally push it back up
git add -A .
git commit -m "Basic Site with User authentication"
git push heroku master



Wednesday, July 2, 2014

The Supreme Court is wrong in the Hobby Lobby case.

In America we take a reduced wage in order to have that reduction pay for our medical insurance before taxes. This is just an accounting trick so that the worker doesn't pay taxes on that cost. The worker is paying for the insurance by working, not Hobby Lobby. 

If someone wasn't working for Hobby Lobby, they sure wouldn't be getting any insurance from the company.

The reform that we need to move to in America is just to outlaw all employer benefit packages and have them pay that benefit package in cash to any employee, and then allow a 100% pretax deduction for all medical insurance costs.

Just become a nation of contractors.

Wednesday, June 25, 2014

Working with Heroku and github for ruby on rails development

This is a little rough, but wanted to record the commands I used and why for some ruby on rails development using heroku as a server and github as the source code repository.


So, create a project on github and add it to heroku.  

Then invite yourself to it:

#Install heroku toolbelt on your local machine.

# copy and paste the invite you get from heroku:
git clone git@heroku.com:yourherokurepository.git -o heroku

#Add your public key to heroku site 

git pull
chmod 0600 /home/homedir/.netrc 
heroku logs -a yourherokurepository

#because we checked it out from heroku we have to add in the github repository as well.
git remote
  >> only says 'heroku'
git remote add origin git@github.com:githubusername/yourherokurepository.git

#after you add and commit changes, push the changes out:
git push origin master ; git push heroku master


#run a local copy of the code for testing:
rails s
:~$ vi testcommands.editme.txt 
:~$ cat testcommands.editme.txt 


#Install heroku toolbelt

git clone git@heroku.com:yourherokurepository.git -o heroku

#Add your public key to heroku site

# make sure you are upto date
git pull

chmod 0600 /home/homedir/.netrc 
heroku logs -a yourherokurepository

#because we checked it out from heroku we have to add in the github repository as well.
git remote
  >> only says 'heroku'

git remote add origin git@github.com:githubusername/yourherokurepository.git

#after you add and commit changes, push the changes out:
git push origin master ; git push heroku master


#run a local copy of the code for testing:
rails s

Monday, June 23, 2014

The Rise of the Intelligent Agent.

In the future, when all the corporations (i.e., the de facto government) are tracking our every movement with AI we are going to need our own intelligent agents that act almost like a 1950's secretary between you and the world. Back then the boss didn't do anything for themselves, the secretary did everything for them, from taking notes, to getting the dry cleaning.

When you want something on the Internet you will ask your secretary and the secretary will cloak itself in a layer of anonymity and go seek out the services and information you want, in a safe and untraceable manner, then return with it.  Of course, all info should be properly filed so that it can be accessed instantly inside "the office."  The secretary would also remind you of birthdays, and send out a newsletter to each of your friends and business associates personalized for each person.

These IA would friend each other at our command and interact directly with each other using insane levels of verification and strong crypto to schedule appointments and exchange messages .

The IA will have to be hardware based, and be able to easily perform levels of crypto that would choke a computer today.  The device should perform voice to text transformations for you, rather than using the cloud, because recording your voice to the web leaks too much info about you to a third party.  It goes without saying that you need to own this hardware device yourself and have full control over it.  It should be able to be instantly and irrevocably wiped at the touch of a button.

This device would act as a onion router and cooperate with other devices of the same type to cloak our identities and guard our actions.  You would post all your messages and social media to this device and only others that you have given access to the information would be able to see the information.  You could finally post your full contact information for your friends and family to see, without having to share the information with a corporation and their advertisers, as you must now.

Every Google search you perform should appear to be from a brand new browser that has never connected to Google before.  These searches and your links should be saved on your side so that you don't have to repeat them very often.  We may want to cycle through a list of search engines to make any patterns we are looking for more difficult to spot.

A device like the Beagle Bone Black, along with a couple of specialized programmable chips to do the crypto and voice recognition would be all we need.  Rooting our phones to put a secure OS and loading a secure OS onto something like a chromebook to operate closely with the device over a heavily encrypted wifi vpn link.

These devices should also perform some sort of private financial services between individuals using a mechanism like bitcoin to ensure that there is a free and open economy even in fascist states that try to control and track every financial exchange.

Saturday, June 21, 2014

Hackmaster character manager: charcter attributes.

Character attributes:

There are 7 attributes, each with a set of bonuses or penalties to various gaming abilities.  For example, having a strength of 15.48 would give you the following abilities:

Damage Mod  +2
Feat Str         +7

Lift (lbs.)         245
Carry (lbs.)      91
Drag (lbs.)       613

The various abilities would stack, some attributes adding and some taking away.  These abilities of attack Bonus, Speed, initiative, defense, and damage would combine with your class and  level abilities, special bonuses, talents, racial bonus, armor, shield, and magic abilities for a specific weapon and fighting style in order to generate the weapon rose that is used for combat.

To build out all the abilities I am thinking having one table for all attributes that would have a row for each ability at each different level that the attribute can be.

So for a strength of 15.48 would match the following rows:

attribute  min      max     name      mod
strength  15.00   15.50   damage  2
strength  15.00   15.50   strfeat     7
strength  15.00   15.50   lift          249
strength  15.00   15.50   carry      91
strength  15.00   15.50   drag       613

So every line from the book for each attribute would have multiple entries in this table for all the ability scores.  The table would be queried for every attribute, and all the abilities added up and combined into a single set of abilities for the character with all the modifiers combined.

Ability scores can only change due to leveling up, or purchasing more ability points using build points.  Magic items may modify ability scores while worn, or .  Once we get to the point of allowing characters to join campaigns, then we would allow game masters to award changes to scores based on a set of rules.

Build points are awarded at character creation, for the addition of quirks, and for each new level.

I think that you can assign the order you want the attributes to be increased when you level up, assigning a d20, d12, d10, d8, d6, and d4 to the various scores and this will happen each time automatically... maybe give the opportunity to mod this before the additional values are generated and added to 6 of the 7 attributes.



Monday, May 26, 2014

First Ruby on Rails Application.

The first thing you need to do is to make sure you have everything installed on your Linux box.  On my older Ubuntu box this involved running the command:
sudo apt-get install ruby rails sqlite3 libsqlite3-rails 
Then I ran the following commands:
mkdir RubyOnRailsApps
cd RubyOnRailsApps
rails FirstApp
cd FirstApp/
./script/generate controller Say
vi app/controllers/say_controller.rb 
  And make the file look like:  
  class SayController < ApplicationController
    def hello   

    end
  end
vi app/views/say/hello.rhtml
  And make the file look like: 
  
    <html>
     <head>      
       <title> First Ruby On Rails App! </title>    
     </head>    
     <body>      
       Hello World!    
     </body>  
  </html>
Finally, start the server like this:
./script/server 
Then type this into your web browser:
 http://localhost:3000
And you should see the following;




Thursday, May 22, 2014

Why your browser should never actually directly download anything.

One of the reasons that application programming is so difficult is that the application is only provided very low level operating system calls to do most tasks.  This means that every application must reinvent the wheel when they do common, every day tasks that nearly every application does.  If you download 20 browsers you just downloaded 20 ways to cache files, 20 ways to handle bookmarks, 20 ways to download files, 20 ways to read and present a limited set of file formats and on and on.

There needs to be an application layer between the application and the operating system. The application should have no direct contact with the operating system.  Everything it does should be mediated by this middle layer.  

For instance, let's say you are writing a browser.  You have a text box for someone to type a Uniform Resource Locator (URL), and you have a button that you press to execute that query. In current browsers you would have to parse the URL, see if you know how to handle all the parts, and then make the network calls needed to get the requested file from the server.  You would have to assemble all the packets and parse the data all yourself.  If you got an image file, you would have to have a library to support that image format. If there is a caching system you would have to handle all that as well.  When the response comes back  you have to parse that as well, and then display it.  Often there will be multiple additional requests to complete.  Eventually the page will be done and displayed to the user.

A better way would be to just pass the request down untouched to an application layer that handles those requests, then handle the error, or pass the proper return value to a presentation element.  This can be a plug-able system where components can be updated and configured, independent of the browser.  The files returned to the system will be of specified formats.  These formats will also be plug-able and configurable and new media types can be added easily at the application layer.  These files will be properly parsed and verified by the application layer and handed back to the application to be handed right off the to the display portion of the browser application.

You remember how IE on Windows couldn't handle PNG files for like a decade?  And how they still don't handle SVG files? Well, with this new way of handling application building that kind of limitation will be a thing of the past. On this hypothetical system there will be just one way of handling a file format, and that one way will be heavily tested.  Any new flaws will be added to the test, and then fixed, and the tests all ran again to make sure the fix didn't break anything.  No values in a format will be believed without verification.  

There will be a single caching system for downloaded files and anything that wants cached files will share the cache.  The caching system will also act as a file down loader for other apps.    The same thing for bookmarks, and playing videos, and displaying images.

But here is where things will get interesting, instead doing it just one way, you should be able to install new modules that handle downloads and configure your system to use the new improved download manager that would handle file downloads better not just for a single browser, but for every file download on the system, every browser, every file manager.

The same thing should happen for every file format: images, video, audio, and media containers.  This means that the same media player and embedded media players will be expandable for decades just by adding new small format objects that are small and very limited in operation.  Their functionality can be severely limited by the system to only acting on streams of data.

These small files can be independently tested and such a system can be made much more secure than today's huge all in one applications.  Any updates needed to a format can be done quickly and easily and no reboot needed.  Because of the plug-able format handling it will be easy to integration test the complete system.  

This means that the browser itself would be much simpler, and just request support from the application layer/OS  to handle file downloads, presentation, and all file formats.  This means that browsers will also become very easy to write and test.   This also means that finally the browser features will fuzz into every application on a system, and make writing any sort of application easier.  Imagine downloading the latest web browser for a system, and it is only 100K of code.   Imagine a file manager that is only 10K. It would be possible to completely test such small applications.

So, having a real application layer that handles 90% of a typical applications behavior, in a plug-able way would make everything smaller, more easily testable/secure, and up-gradable in ways that today's applications are not.