Emphasized Insanity

Creating a Rails authentication system on Mongoid Part 3 - Password Resets

2010-03-08T00:00:00-05:00

In the last post we added some functionality to our authentication system. We added a “Remember me” functionality to allow users to log in using a cookie and we also added an activation process that authenticates the email address we get from the user.

On this post, i’ll cover password resets:

Password Resets

The logic behind a password reset process is rather simple, basically it is very similar to the activation process we did before.

We create some kind of a temporary (perishable) token that identifies the user who wishes to reset the password.
We send the user an email with a link that contains that token and leads to a page that allows the user to choose a new password.
We update the new password, and start dancing.

User.rb

First, we are going to add a field that will contain that reset token, and a method to generate it when required:

That’s basically it.

UsersController

We need to add a few actions:

one to generate the token and trigger the reset password email.
one to show a “reset password” form with password and password confirmation field.
and last, an action to save the new password and log in the user. We can’t use the #update action because we need a little different behavior that i think is enough to justify a separate action: First we need to find the user record based on a token not by id and second, we need to use our logout_keeping_session to make sure no malicious changes are made to a logged in user if it exists.

The process will work like that:

The user will be able to go on a form and enter his email in case they forgot the password, that action will be UsersController#forgot_password.
If the user entered a valid email address (and one that identifies a user on the application), then UsersController#send_password_reset will generate a new reset token and send the user with reset instructions.
When the user follows the reset link on the email, they’ll arrive on UsersController#reset_password that will match the reset token from the URI to a specific user on the system and allow the user to enter a new password if matched.
Once the user had changed and saved the password, they will be logged off and asked to re-login with their new password.

Here’s the current UsersController:

Source for the UsersController#forgot_password view, UsersController#send_password_reset view, “UserMailer model”http://gist.github.com/325983, Reset instructions mail template and UsersController#reset_password added.

Conclusion

Again, it seems that we tackled most of the problems we had with Mongoid in the early stages and practically nothing bothered us too much since the first part of this series.

I keep the implementation of a background processor until a bit later, it is not that important at this stage so we’ll get back to it later.

Creating a Rails authentication system on Mongoid Part 2 - Remember me and Account activation

2010-03-07T00:00:00-05:00

On the first part of Creating a Rails authentication system on Mongoid we tackled the basic structure of our authentication system. In this part we’ll tackle our need in creating a “Remember me” functionality to allow users to login from a cookie and a basic account activation process.

As a general thumb rule to this experience we try not to re-invent the wheel when we can, which basically means that we look at the existing authentication libraries source code and try to see if it has some kind of a problem on Mongo, if it doesn’t we use it and i if does we fix it as you read in the first part.

Out of all the authentication libraries we examined (and dropped for this cause) the one i liked the most and in my opinion the simplest yet complete is “Restful Authentication”, so we chose it as our base line and we use code snippets from it when ever we can.

Remember me?

The remember me functionality allows the user to login using a generated token that is found on a cookie we create, this allows the user to login without putting his user name and password everytime they want to login as long as the cookie was not expired.

The first thing we need to do to allow a login from cookie, is to get our User model familiar with some new fields and methods to make that process possible.

First, we need to add a few fields to our user document and a add a few methods to instance and class, this is our new User.rb:

User.rb changes

We changed User.rb a bit:

We added 2 fields, remember_token_expires_at and remember_token, both to keep a token and and an expiry limit.
We also added the following instance methods:

remember_token? – determines if a token should and can be remembered.
remember_me – generates and saves the token and expiry limit.
refresh_token – creates a new token.
forget_me – cleans the token and expiry limit fields.

we also added the following class methods:

User.secure_digest – a wrapper to our encryption method.
User.make_token – generates a new token.

Now that we changed some of the options for our session management, we will need to update sessions_controller and application_controller as well.

ApplicationController changes

In the end of Part 1, i gave an example to some methods that should be on application_controller in order to make the session management and the entire authentication process easier. Since those were just examples and were meant barely to support basic usage, we will need to go through it a bit more seriously and create a more precise and smart application_controller.

In this case, we can simply grab all the methods from Restful Authentication’s authentication.rb module, and weld it to our application_controller:

we added a few methods and changed a few existing ones, this is pretty straight forward and basically a 1:1 copy from Restful Authentication, the only important thing to really pay attention to are the current_user and the current_user= which are different than what we had in my previous example and now takes more into consideration (cookies and HTTPauth for example.)

Since now we have a getter for current_user we need to change our sessions_controller too.

SessionsController changes

This is our current sessions_controller:

note the “remember me” functionality consideration and the usage of our cookie-based-login methods from application_controller.

Now you can simply add a checkbox named “remember_me” to your SessionsController#new form, but i am sure you can do that without a gist :)

Activation

“Account Activation” is generally a process that is meant to make sure the user who filled the registration form really has access to the email account by sending that address a message with a token-generated link that upon clicked, proves ownership of this email address and activates the account.

User.rb

We had to find a solution to annotate the user instance with it’s current activation status, with that given we figured we have 2 options to tackle it:

simple add a boolean field to store the current activation status
use some kind of a state machine that will allow us some more flexibility later

Bearing in mind that we won’t need more than a single status, we decided to go with the first option and simply add an active boolean field, an activation_code token field and an activated_at timestamp. we also added those fields to our attr_protected list since we don’t really want them changed by mass-assignment.

We also added a simple before_create methods that will generate an activation token for our user and a method to activate! the user.

Given the key step in an activation process is the step where your application sends the user an email message with the activation link so we’ll need to find a good way to send out an activation email when a user is created.

As far as outgoing emails best practices goes, it’s better not to preform the ActionMailer#deliver_... method in the controller itself, but to:

Use an observer that will send that email when the current callback is fired. In our case that would be an after_create observer on the User model.
Offload the task to some kind of a background processor such as DelayedJob or Resque.

A quick check in the Mongoid source-code revealed that we don’t have support for Observers so that option is ruled out (again, until a patch arrives). As for a background processor, while DelayedJob has an ActiveRecord dependency Resque is pretty much free and relies on Redis so we decided to use Resque in our application.

I’ll cover the email management on one of the next posts, but for now we’ll just use an after_create callback on the User model that will perform a regular ActionMailer delivery.

UsersController changes (and a bonus mailer)

Since we take care of the email notification on the model level (for now, until we offload it to a background processor later) we don’t need to change our UsersController#create methods, but we do need to add an action that will take care of the activation for us:

Remember to update your routes and either:

add a :collection => {:activate => :get} to your map.users routes.
add a named route like map.activate '/users/activate/:activation_code, :controller => 'users', :action => 'activate'

we chose to add a named route, just because it makes more sense and that the activate action is not a collection action, but not one that requires an id too.

Here are a sample user mailer and an activation mail view if you really need them :)

Conclusion

In this part we didn’t ran into that many issues because we use Mongoid, the only real problem was the lack of observers but since we are going to offload the email sending process to a background processor, it doesn’t really matter.
In the next part, we’ll tackle password resets and background processing.

Creating a Rails authentication system on Mongoid - Part 1

2010-03-06T00:00:00-05:00

Preface

A few days ago we started our first real all-MongoDB project at Nautilus6.
Up until now we used Mongo only on small time projects, ones that hardly required any data storage at all so this is practically the first real project that we will try (and hopefully succeed) to deploy with Mongo as the data layer.

Since we use Rails on this project (Duh) we had to choose between the existing MongoDB adapters for rails:

MongoMapper – Which is pretty slick, has some plugin support but also replicates some of the familiar ActiveRecord functionality like: Dirty Attributes, Dynamic finders and magic timestamp attributes.
Mongoid – the new child, missing some features from MM (dirty attributes, dynamic finders for example) but does cover some ActiveRecord wonders MM doesn’t: Versioning, named scopes and better validation options. MongoId also supports a master/slave infrastructure which might be useful.

We decided to go with Mongoid due to the fact that i kind of like the code base better. Yes, it’s young and not perfect but i still get the impression of “we should do this thing right” rather than the “I want everything now” approach (again, a matter of personal preference at the end, keep your flames away).

Our Goal: Authentication System

This is kind of funny, but this is our 3rd project that relies on MongoDB, and yet the first one to actually require authentication of some kind.

Before getting into the options we have to choose from on the ruby library scope, there’s a point to be made on our decision to use MongoDB as the database of choice:

We want to :)

Yeah, i know this is not enough and basically not a really good reason, but considering the fact that the other option we have is to use another relational database just for the user model sounds pretty ugly but with that being said, we might result just back to that.

Current state of Authentication gems/plugins in Rails

There are several widely used authentication libraries: Authlogic, RestfulAuth and the NiftyGenerators generators, and warden/devise that play around the Rack spaces.
While trying to use Authlogic and RestfulAuth we came across some serious difficulties due to the fact that those 2 libraries are simply, way over, deep in ActiveRecord.
We tried some hacking around but when we figured out it ain’t going to go anywhere anytime soon, we pushed it out to a side project and hopefully some day we’ll release those libraries with some decent Mongo based support.

As for warden/devise, they are simple to use and devise even has a MongoMapper extension but since we decided not to use MongoMapper it had zero contribution to our efforts.
Personally, i am not a fan of Rack based authentication management. Not going too deep in it i’ll just say that it feels like authentication/registration belongs on another level than on the actual request level (authorization can easily fit right in there on the other hand). On top of that i added some weird feeling when looking into the actual code base that looked rather constricted (yet effective) and the fact that i know some people that are having constant issues with those gems.

The lone survivor to this library hunting massacre was NiftyGenerators, being really simple and has absolutely no strings attached to the actual ORM in use, it was chosen to be the base line for our authentication system.

Yes, we will have to code all those fancy shinies the other libraries magically weld into our code (Activation, confirmation etc. etc.) but it really feels like that something needs to be done with MongoDB on that matter.

Setting up MongoId

Install

First thing you really want to do is to add mongoid and maybe the mongo_ext gems to your gemfile and after run bundle install:

Side note: you should consider specifying a version on your own file, this is just for example.

Configuration

first, create config/database.mongo.yml:

next, you’ll need to remove your active_record framework initialization from config/environment.rb

DO NOT REMOVE database.yml, some plugins still need it there even if you don’t use it (Cucumber’s generators for example)

Now add an initializer to load your Mongo environment on config/initializers/mongo.rb:

Side note: make sure you are pointing to your own YAML configuration file.

Nifty Generators – Authentication

Make me some skeletons!

To generate the user model, sessions and the entire Nifty authentication entities, run:

Some files will be created but the operation will die out with uninitialized constant Rails::Generator::Commands::Base::ActiveRecord. Yeah, it’s right, we don’t have active record around and we are not going to use migrations at all since we use Mongo.

We need to create our user.rb manually.

Create user.rb manually

This is our user.rb matched to mongoid’s limitations:

2 notes on that model:

attr_accessible – Mongoid does not support attr_accessible, we’ll have to find another way to handle that (that of course, before we patch Mongoid).
Validations – some validations in the original NiftyGenerators’s model, have the :on => :create option, which Mongoid does not support. That’s why we added the check_password custom validator, and we run it only if it’s a new_record?. Yeah, another patch will come soon.

attr_protected for Mongoid::Document

So after we found out we can’t use attr_accessible with Mongoid, we had to see how can we implement it. Personally, i prefer attr_protected over attr_accessible since i always forget to add new fields to the list, which when dealing with mongo it is even easier to forget due to the lack of migrations.
Futher more, there are usually less fields you want to block than those you actually want to pass so it makes more sense to keep a short list rather than a long list.

We extended Mongoid::Document with Mongoid::Document::ProtectedAttributes to allow the usage of attr_protected and we created it in lib/mongoid_protected_attributes.rb:

We need to require it in order for it to work so we’ll add this to our Mongo initializer in config/initializers/mongo.rb:

Now we simply add this on top of our user.rb:

Yay! now we can haz attr_protected.

End of Part 1

By now you should be able to register and log in successfully, you might want to have an application_controller that has some or all of those methods:

On the next post i’ll cover our fight to enable confirmation/activation.

Bag O' Links - 4/3/2010

2010-03-04T00:00:00-05:00

Testing Facebooker in Rails – Facebooker claims another victim, this time it’s Ryan Bigg that puts up a hell of a fight.
CDN Catalog – CSS and Javascript CDN resources.
Performance tuning for Passenger – some good tips.
Google’s SEO report card – an internal document that is supposed to point some good SEO practices.
Quick RVM rundown – easy tutorial on installing multiple versions of ruby on your machine.
MongoDB and MySQL play along with DataMapper – this is actually quiet a nice solution.
Designing web links – a definitive guide – a smashing note from SmashingMagazine.
Crazy CSS3 stuff – seriously impressed.
Design patterns for noSQL databases – important read if you are going to use it.
Unobtrusive, yet explicit – UJS in Rails3.
What SecondLife can teach you about scaling – a lot, and even Microsoft has some good pointers.
SeriesSeed – some documents to help you in the process of financing your startup, incorporation and stuff included.

Treasures

validates_timeliness – Date and time validation plugin for Rails 2.x and allows custom date/time formats (in case you use a string input too, and not one of the Date/Time selectors).
Rubex – In the past few days Rubular was sick, this is a simple sinatra replica you can use instead.
erector – Erector is a Builder-like view framework
ambitious_query_indexer – another attempt to get a hit on database indexes in a Rails application.
seo_checker – check your rails apps SEO grade.
jasmin-ruby and jasmin – DOM-less simple JavaScript testing framework.

Bag O' Links - 1/3/2010

2010-03-01T00:00:00-05:00

Customized Google forms with Heroku – google say no to themes and fancy stuff? Nic says Aye!
3 firefox hacks for some speed – nice, but i think the thing you want the most is a 4GB< dev machine.
Launching a Rails Application – Checklist – a rather old entry form PlantArgon but still catches, we should probably post ours too.
The maintainability of Unit Tests – long runs and test breaking when you refactor your code can simply be a reference to you, doing it wrong. but good points overall.
Writing shoulda macros – a brief tutorial.
Command line utilities for Mac OS – geeks unleashed.
AgileZen? – might be a nice tool, if i’ll get overconfused with PT.
Fear and loathing in Javascript DSL – love your rubies.
Eloquent Javascript – a book that aims to teach javascript programming, looks pretty solid with a nice coverage on it.
Rapid prototyping with HAML, SASS and Ruby – argh, i don’t like either HAML or SASS (yeah, i know), but this article does show some nice time saving techniques for those of you that prefer to burn in hell :).
How Node.js saved my application – a really nice use case on a Rails application.
Node.js, Redis and resque for scalability – a really nice wrap by Paul Gross, design a nice web server with those tools to empower scalability.
Web focused git workflow – deploy / work / manage simple sites with git.
Schema-free mySQL vs. NoSQL – Igvita with another one of his “print-and-get-it-gold-framed-asap” posts, this dude is simply one of the best.
Practical examples of CSS3 – enough with round corners already!
Deploying MongoDB in production – Some important notes from BoxedIce’s experience.. some very disappointing limitations on Mongo there.
HAProxy 1.4 – the awesome load balancer is now with mysql health checks.
A smart robots.txt – get yourself a shiny new robots.txt
Under 600px, a different ‘fold’ perspective – a neat perspective about layout design.
High availability principle: request queuing – a good brief explanation and some others are there too.

Treasures

OpenLayers – or the main page, a javascript mapping API, looks promising but as always almost, documentation sucks.
SnippetStash – another charm by bphogan, this time it’s a convenient tool to keep snippets around. beats gist since you can write a more visible descriptive text.
Canable – simple permission system for rails.
AuthlogicGenerator – Generate a complete Authlogic stack with authentication, activation and password reset.
960static – generate static websites with 960.gs and StaticMatic.
Command line gists – i didn’t know it’s out there.
CorMVC – jQuery MVC framework – it’s been a while since i started looking for some javascript MVC resources, this might be reasonable.
Delorean – a space/time continuum abuser in ruby.
Main – a class factory and dsl for generating command line programs real quick.

Using Sinatra to test remote services in Rails

2010-02-27T00:00:00-05:00

A few weeks ago i was chatting with Ryan Bigg about one of his projects, and he was contemplating about the fact he couldn’t find a decent way to test a remote XMLRPC service handling in that application.

Testing remote service calls like a boss is achieved by using FakeWeb which is pretty awesome when you work in front of a REST web service of something like that, but it does have a really big -1 on it: It binds a mocked response to a specific url, and you can’t add more responses for that url based on parameters.
Meaning, basically, that if you want for example to test a web service that requires POST requests to a specific url, FakeWeb just won’t cut it.

So basically, Ryan suggested an idea that seemed nice at the moment: add a Rails metal Rack app to handle those requests.

Awesome idea, but a few setbacks:

If you don’t want that application to run on other environments, you’ll have to scope the behavior to the test environment only, simple? yeah. but personally i don’t like having if Rails.env == "test" in my code.
Since we are trying to mock a webservice, we’ll have to add different handlers in that metal application which can lead to a long, ugly, conditional and eye-ripping unmaintainable code.

So there I thought, why not just initiate a Sinatra application as part of your tests, and easily manage that sinatra as the mocked web service? WIN.

I created the SinatraFakeWebService gem that provides a simple interface to instantiate that Sinatra application and to manage the mocked webservice interface.

Installation

Install the gem:

sudo gem install sinatra_fake_webservice

If you use bundler or such:
gem 'sinatra_fake_webservice', :group => 'test'
should do it.

Usage

In your test_helper.rb or the Cucumber/rSpec equivalent:

and tests:

todos

If this would be proven as useful, i’ll probably add a better DSL for the interaction other than the ugly Net::HTTP all over.

Bag O' Links - 23/2/2010

2010-02-23T00:00:00-05:00

Israeli web design – a really good writeup on SmashingMagazine on the difficulties of
20 Free fonts for your headlines – most of them are nice, keep in mind readability is an important aspect of headlines.
Rail 3 upgrade handbook – out and for only 12$, worths it.
Using long methods name for better readability – longer methods names == reader have a better chance of knowing what they do.
Speeding up XML responses in Rails – switching the backend to Nokogiri. i’d add that a smart caching tactic would make even more sense.
Learn to test your code – a good advice for new developers.
Pure CSS3 charts – quick tutorial.
Rails, Slashdotted, no problem – how PivotalLabs handled a traffic boost on a client project.
Using a 503 HTTP response in your application on maintenance – sounds good.
Browser wishlist – Steve wants a few more things done better, me too.
Bling gem management – bundler isn’t even stable yet, and there’s already a replacement.
From Textmate to Vim – move from Textmate to vim, easily.
Javascript overload patterns – how to implement overloading in native javascript.
Let’s make a framework – DailyJS are going though a javascript framework development, interesting.
Recipes for using noSQL solutions – get help to decide if your project should use a noSQL solution.
Scalable web architecture library – lots of good reads of many use cases.
avoiding rails 3 dependency hell with rvm – skip hell and rest.
Hourly rate survey – weird actually, i don’t think it can point out something beyond particular reference.
make a better MooTools code – good tips.

Treasures

toadhopper-sinatra – Post Hoptoad notifications from Sinatra.
Currencies – Money gem gets currencies. win.
Converting CSS/HTML to inline CSS – easily make email templates.
Selectoracle – translate CSS selector statements to english/spanish.
query_trace – a new version for this great tool.
cassandra-ec2 – easily deploy a cassandra cluster on EC2.
PaperTrail – Track changes to your models’ data. Good for auditing or versioning.
local-routing – Detects and handles locale from request URLs, prepends locale for generated URLs by wrapping itself around Rails ActionController::Routing methods.

Bag O' Links - 16/2/2010

2010-02-16T00:00:00-05:00

Installing MongoDB on MacOS – me thinks it’s the simplest way i came across.
On domains and databases – a nice (and long) presentation by Ben scofield on an alternatives to relational databases in common domains.
Why i find MySQL to be so bad – a nice writeup by my friend @idokan, he finds MySQL to be disturbing sometimes and provides some good points.
Learn you Haskell – I started playing with Haskell a few months ago, i must say it’s a pretty nice language although syntax is hard for the Rubist that i am, Hubris seems to allow me to enjoy both worlds tho.
wtfJS – a man’s struggle against Javascript weirdness.
Passenger heart ruby-debug – how do people live without it.
The hidden cost of Javascript – Carlos attempts to perform real benchmarking taking more variables in mind. on another note IBM is trying to “compare between leading javascript libraries” out there.
HTML5 WebSQL – Another shiny HTML5 API magic, and it’s just what i asked for christmas! another db to maintain!
Quick way to create RSS feeds in Rails – now we haz it.
Seeking a database that doesn’t suck – so am i (loving Mongo now btw). Author does have a good overview of the current actors out there, even if his personal opinion is sometimes incorrect.
Bundler Schmundler – someone is not happy about current changes and approach with Bundler, i must say that in general i can’t seem to understand the need to break backward compatibility so fast and so hard.
Riak – an interesting late joiner to the party of document storing databases, there is a Ruby client named Ripple too.
Safe action caching with Memcached – preventing Memcached from going crazy over silly chars getting in the way.
Git autocomplete in MacOS – OH YEAH.
Plugin authors: Towards a better future – some instructions on the recent Rails 3 related plugin approach changes. Again, was breaking backwards compatibility right here and now was necessary?.
Applying mathematics in web design – golden ratio hits again.
Textmate + ruby1.9.1 + rvm – @pjammer makes them play nice.
Indexing as a Background process on Mongo – now available at stores near you.
MongoDB’s single server durability – explained.
Javascript is the most misunderstood language – is it?
Lears CSS positioning in 10 steps – i love the new wave of small “tour guide” web apps to learn stuff.
Congratulations – @ryanbigg on possible choices in the life of a developer, and how a proper methodology can get you want you want and need.
Redis presentation – use cases – nice.
Lots of other noSQL presentations – woot.
Example apache configuration for Rails on Passenger – including some caching headers and extra mods.
Real time cramp app on Rails3 – a quick example.

Treasures

HighFive – HTML5/CSS3/jQuery goodness for Rails.
Carmen – A simple collection of geographic names and abbreviations for Rails apps (includes replacements for country_select and state_select).
roo – Roo provides an interface to Open Office, Excel, and Google Spreadsheets.
PlotKit – javascript graphs and plots.
Harmony – Javascript + DOM in your ruby, the simple way.
Nanoc – another quick publishing tool in Ruby, jekyll style.
Contacts – A universal interface to import email contacts from various providers including Yahoo, Gmail, Hotmail, AOL and Plaxo.
RockingChair – An in-memory CouchDB implementation in Ruby for Couchrest and SimplyStored.
Redweb – a web interface for Redis.
Quantity – Quantity descriptions for ruby.
BGrepeat – backgrounds, lots.

Bag O' Links - 9/2/2010

2010-02-09T00:00:00-05:00

Feels good to be back on a Bag o Links routine.

Get your database size rake task – a little toy i made and Mike improved, additions are welcome.
How facebook uses erlang for real-time chat – erlang jabber implementation, that’s got to be good.
MapReduce for idiots – or just for those who never took the time to read.
MongoDB vs. CouchDB vs. Mysql – mongo is fast indeed, but the atomic actions benefits of Couch are still appealing.
Memory leaks in Javascript – how to prevent and identify possible leaks and probably save a few Firefox users out there.
Why Javascript’s ‘this’ breaks – when window, object or scope wins.
Javascript objects, a simple example – yes, it is simple.
MongoMapper and MongoSphinx, a party! – make sphinx play nice with mongo.
Paginating with CouchREST and will_paginate – Overriding WillPaginate::Collection.create is the solution i guess.
Rails 3 links and resources – from rubyinside, here’s another one from Yehuda Katz on the new Bundler and real life usage.
How to upgrade plugins for Rails 3 – also, remember to update the record on RailsPlugins
Why Ruby? series – method arguments – a nice series of posts covering that dude’s view on Ruby.
The building blocks of ruby – Yehuda shows the power of blocks in a set of nice examples.
Extending native objects in Javascript – prototyping for beginners.
Dynamic methods in Ruby – javascript style – nice, a bit kinky… but nice.
Rolling coke can CSS – nice.
What pythonists think of Ruby – peepcode writeup.
CloudFront – no brainer CDN for S3 – A very fast change that can help many, but i am still having trouble with CloudFront’s expiry options that do not fit any case.
mr.flow – compose MapReduce modules online.
HAML sucks for content – some good points added to the ongoing war.
CloudXL – Cloud service providers – a list of Cloud service providers around, filterable too.
Downtime postmortem – oneforty went down, this is how they are learning from it.
How Farmville scales – the most annoying (and largest) facebook game scaling solutions.
52frameworks – HTML5 + CSS3 framework.
Anatomy of a perfect sidebar – woork’s magic.
Why Riak for your next Rails app is a good idea – Chris takes another direction in the noSQL land.
Fake it till you make it – a faker rake task.

Treasures

sogger – a StackOverFlow growler
html_press – API and Rack middleware for HTML compression with caching support.
auto-session-timeout – this is a JQuery version, original is a prototype version.
toto – quick blog on Heroku.

GitHub post - Afterthoughts

2010-02-08T00:00:00-05:00

My lat ‘Bye Bye Github’ post caused a far more mess than i initially intended it will, my one and only goal by posting it was to express my thoughts as a user, thoughts which apparently came out a bit too harsh and i am sorry if it hurt someone, i wasn’t aiming for that.

I felt like it is necessary that i will explain things a little more and maybe put an end to this witch hunt that was swirling in both of Github’s direction and mine.

Most people came to realize somehow that i demand SLA for 7$/m, Well, i’m not. Although i do not hold the 200$/m plan on the other hand, i’d like to think that it’s reasonable to want leap in expected level of service once you start taking money from people, and again when you start hosting Mission Critical apps. It’s no secret that i am not the only one disappointed with Github’s uptime history. Yes, they always explain what caused the downtime and I’m glad that they do, But explaining what’s wrong isn’t enough, though.

They try, i know, they have the parts there that show that they really try to make things better, like DRBD, but when things go wrong everything breaks anyway. Basically it’s like making backups but never testing them, and that is the thing that annoys me the most, You can easily compare that to my mistake in my deployment process on those 3 projects that got delayed this week.

I am absolutely sure Github will get better, they have some awesome people working there and they are hosted in a wonderful place but it has nothing to do with the fact that i can always “go somewhere else where they have better uptime and reliability” until the reach my personal service requirement as a paid service.

Yes, it is my responsibility as a business owner to choose the right tools and craft the right processes in order to provide a sustainable toolset for my clients and team members.
All the backups in the world, 500 mirror sites and nothing else couldn’t have helped me get my deployments out because i needed a way to pull from the master, and because of my buggy process (weird situation as it is) regardless Github’s outage i was delayed by 2 hours.

The basic problem was the fact we work as an international team, although usually it works amazingly well. When you need a 24/h development cycle in your team, having 50% of the team still working when the other half is sound asleep in the other side of the world is a wonderful thing. The problem started when one on my Israeli developers (GMT – 5), had committed his last feature to master and acknowledged that i can issue a move to a staging server, ready to deliver a copy to the client as the contract expect.

Up until early this morning I didn’t keep the SSH keys for all the developers machines so when my developer went to his long overdue vacation (leaving the laptop at home obviously) i was left with no access to his local copy, Github being down, and overall stuck. Yes, this is a faulty project management. Yes it is already fixed in the form of adding another remote repository on CodebaseHQ and having all keys (except that guy’s) set on my machine as well.

Coming to think about it, even if the basic process error was indeed mine as a project manager, i expect a high service level from every service and get i pay for. This is why i am driving a mercedes and not on a bus, this is why i live in a house with impact windows and this is why i use a Mac and not Windows.

I can’t create a fault tolerant procedure for every in house project, it would cost a lot more than we can back up and i will spend a lot more time on it than working on our projects and this is why we pay 3rd parties to take those internal processes out of our hand and deliver us a product back.

I don’t see the reason of holding a double or a triple safety net for everything that we do in here, will i need 2 accountants now? a generator in addition to UPSs? it is very hard to draw the line where you fully trust a service you pay for and when you don’t and how you feel about it even.

Today, Github contact me to explain their side of the deal and also offered to park my account for a few months as an act of good service. Although it was very nice of them (as usual, their support was always awesome) i decided not to take it, keeping in mind it might seal this whole thing with an ugly stamp. Thank you Github, but we’ll just have to meet again in 3-6 months.

I hope this will bring an end to this whole thing, tomorrow it’s back to “Bag o Links” routine.

As a last note, I got all kinds of responses, thought it might help to clear those out:

“Git is decentralized, how did you screw that up?”

Yes, that’s true. i covered the reasons why it couldn’t have helped me in our specific situation.
Yes, we should have thought about it earlier and we’ll have to change that in order to make a smoother slide next time.

“He should have just installed Gitosis”.

Again, why should i bother when there are services our there offer to do all the hard work for us? assuming i ask one of our developers to install gitosis, being payed 75$/h it should take apprx 6 minutes a month to maintain it in order to match Github’s lowest offer. makes sense? not for me. some people, including me, prefer to pay money for a properly designed git workflow than to deal with the hassle of doing it themselves. I would happily pay Github even 4 times the current rates they are taking if i was certain it would grant me my peace of mind.

“Fix your grammar”

Sorry, not a native english speaker.

“If you want SLA, pay for it!”

I will, where?