Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Got an app in mind?

Since 2010, I have crafted apps for mobile and web for clients around the world via my consultancy — Inertialbox. My specialities include Rails, client-side Javascript frameworks such as Backbone & Ember.js, TDD/BDD, and DevOps — just to name a few.

We should talk.

HOWTO: Setting up HTTPS (SSL/TLS) with Nginx & Rails

Screen shot 2015 09 23 at 22.54.02

In this article, I dive into the intricacies of creating a self-signed SSL certificate for local development & testing, working with CA-bundles (intermediate certificates) when purchasing your production SSL certificate, and how to configure Nginx so that its SSL options are configured for improved security (and performance).

I also provide an Nginx configuration that I am currently using in production for a client's eCommerce application.

Creating a self-signed Certificate

The following is a summary of the steps detailed in the Heroku Devcenter. I will first go over this step-by-step and then show you how it could be done as a one-liner.

Generate private key

A private key and certificate signing request are required to create an SSL certificate.

Start by creating the private server key. During this process, you are normally asked to enter a specific passphrase, which we have skipped ...(continued)

Tumi's ID LOCK Technology, just another Faraday cage. For your wallet.

552a8a0393ad1.jpg e600

Here's an interesting twist on protecting your cards that have RFID chips for NFC. Tumi are promoting what they call 'ID Lock'.

This item offers added security with protection against identity theft. It features an exclusive and patent pending technology that shields your personal information encoded on credit cards, passports and other forms of identification from would-be thieves using invasive communication and electronic data reading devices.

Basically metal threads that work to act as a Faraday cage. That's pretty neat.

Rails Master Class: Effectively Using ActiveRecord Callbacks

When it comes to ORM's, ActiveRecord is personal favourite of mine especially considering features such as AREL an AR Callbacks. In solving challenges, there's always multiple ways of skinning a cat, and here I will show you some interesting issues I've tackled today — and how I approached this from a troubleshooting aspect, and the steps I took literally in my head.

Come on Short Round, join me on a riveting adventure!

With great responsibility, comes great use of the around filter

Today I was troubleshooting an issue seen on a client's staging server, which pulls in Agents over an API. One particular issue was that emails were being sent out with invalid login credentials, when I was pretty sure those records were being persisted — even though I did not write the original implementation of this feature.

      before_validation :generate_password

      def generate_password
        if self.password.nil?
          self.password = ...(continued)

HOWTO: Chosen.js for Multiple Select fields with Search in Autoglym Professional

Screen shot 2015 08 19 at 17.36.57

I didn't have much time to build this feature, and hit the interweb for multi-select options and stumbled on the fantastic Chosen.js. Since I was working on Rails 3.2.x app at the time, I went with https://rails-assets.org/

source 'https://rails-assets.org' do
  gem 'rails-assets-chosen'

...and simply loaded chosen into the JS and CSS Sprockets manifests.

Since I was in a hurry, I kept things simple, and my JS looked like

    $('.chosen-select').on('change', function(e, p) {
      var interests = $(this).val();

Also, rather than going with a full-blown ERB approach, when working with JS I find it easier to go with straight markup at times, although there's nothing stopping one from converting this example into ERB.

Before adding in chosen, I had ...(continued)

From Rails to Fulltime eCommerce Development on Solidus, a Spree fork


For the past 2-years, I've been working as a Senior Rails Developer for an award winning Digital agency based in the UK, and have had the pleasure of making an impact on global brands such as Autoglym UK.

During the last year I've dabbled in various languages from Swift, to Elixir, and even a little bit of Rust, but I think I've made the most advances in building and maintaining app stacks with Ansible, futhering my "DevOps" skills.

However, there comes a time when one must move on to bigger and better things. Thanks to a particular Ruby Hero, he put me in touch with a fantastic group of talented developers working on a fork of Spree, called Solidus. I have a sneaky feeling there's a reference to 'Solius Snake' somewhere.

Well, I'll be working fulltime on Solidus pretty soon, and am absolutely excited.

Dissecting The Latest Spree and Solidus API Security Vulnerability

Screen shot 2015 07 24 at 23.38.42

Even though this vulnerability was announced on July 17th, I just happened to stumble on a tweet about it.

The important bit to look at in the source is this

diff --git a/api/lib/spree/api/responders/rabl_template.rb b/api/lib/spree/api/responders/rabl_template.rb
index 4a061f4..0b0d31c 100644
--- a/api/lib/spree/api/responders/rabl_template.rb
+++ b/api/lib/spree/api/responders/rabl_template.rb
@@ -14,7 +14,7 @@ module Spree

         def template
-          request.headers['X-Spree-Template'] || controller.params[:template] || options[:default_template]
+          options[:default_template]

So, it makes sense that any template can be asked for either via the X-Spree-Template header or template param.

I wanted to verify this, and spun up a copy of Spree I had on my disk, and toyed a bit with a spec, asking for the README.md file in the Spree app rep ...(continued)

Autoglym Product Reviews, Now Get Replies

Screen shot 2015 07 24 at 19.44.26

I wanted to feature some work that I did on the Autoglym app today, specifically adding some minor functionality within Spree. Having spent about 7-months rebuilding a Rails 2.x eCommerce site in Rails 4 means this was a nice change of pace.

The Autoglym app already associates user reviews with products, and today I simply associated those reviews with a reply, so that AG staff can reply to reviews (especially negative feedback?). Part of the scoped work called for Markdown support, which I baked in quite quickly thanks to the excellent Redcarpet gem.

On the frontend, it's some simple SASS styling and visibility logic baked into the view partial. Rather pleased that I was able to turn this around a bit quicker than originally estimated in the 'sprint' scope as well.

Freelance 101: Early Warning Signs of a Troublesome Client

29821232 bad news depressed mature man in shirt and tie talking on the mobile phone and touching face with ha stock photo

Working freelance is never easy, one needs to exercise a bullshit meter at all times, and today mine went off big time.

Having posted my available for work during US hours, I picked up a lead on Twitter. Single dev based in Tokyo, looking for a full-time Ruby dev to offload work to.

Initial emails seemed promising, even though I explained that I couldn't do full-time, but I could do 25 hrs/week. I always make it a priority to work with clients, and this is the first time a client wasn't willing to work with me. More on that shortly!

As far as I'm concerned, a lead (and deal) is never done, until the contract is inked and my advance hits my account. This is quite simply, your very first bullshit test, and an important one to safeguard not only yourself but your time as well. I always ask for an advance as a 'smoke test' to check if the potential client is someone who's serious about the work, or someone looking to simply take advantage of another developer. ...(continued)

Reaching Half a Million Views on YouTube

Screen shot 2015 07 11 at 19.43.06

It has been 9 years since I started actively pursuing my interest in watches. During this time, I have dedicated photographs to watches that were once part of the collection, and later parted with — as well as pieces currently in my small stable.

My first attempt at a watch review was when I got my third Rolex, a two-tone yellow gold and steel GMT-II with Ceramic bezel. At the time, it really was quite special, considering that it had the newer CNC'd bracelet where all the links, steel & gold (18k), were solid instead of hollow like the older stamped bracelet, movement improvements, and much more. These 'improvements' continue in current production Rolexes, and some of these are impervious to the untrained eye or non-WIS (Watch Idiot Savant).

I reca ...(continued)

Stripping sensitive details copied from terminal STDOUT by piping via sed in Mac OS X

Having run into an issue today, I wanted to contribute some error details to an issue on Github, and wanted to strip out details from the output that I'd copied in iTerm.

I was able to pipe the contents of my paste buffer (clipboard) through sed to perform a regexp based search & replace, and pipe the cleaned output into TextMate.

$ pbpaste | sed "s/inertialbox/foo/g" | mate

Here's the output!

ERROR in ./~/css-loader!./~/sass-loader?outputStyle=expanded!./src/styles/Imagebox.sass
Module build failed:
      Invalid top-level expression
      in /Volumes/foo/hack/node/react-webpack-example/src/styles/Imagebox.sass (line 1, column 1)
 @ ./src/styles/Imagebox.sass 4:14-298
INFO [karma]: Karma v0.12.37 server started at http://localhost:8080/
INFO [launcher]: Starting browser PhantomJS
INFO [PhantomJS 1.9.8 (Mac OS X 0.0.0)]: Connected on socket VvzYKnxwnjInFmolV93m with id 20249201
PhantomJS 1.9.8 (Mac OS X 0.0.0) ERROR

Faking APIs in Development and Staging

Riddle sinatra lg

Having used Webmock and VCR in past projects, there have been times when I'd spawn an instance of Sinatra, just to hit an API end-point, but this is certainly a better way to go about it.

module FakeMovieFacts
  class Application < Sinatra::Base
    get "/movies/:movie_name/actors" do
        actors: [
            name: "Actor 1",
            character_played: "Character 1"
            name: "Actor 2",
            character_played: "Character 2"

Initialize this as a new gem with bundle gem fake_movie_facts and extract FakeMovieFacts::Application (above) into fake_movie_facts/lib/fake_movie_facts/application.rb and add a config.ru file to the root of the repo

# config.ru

$LOAD_PATH << File.expand_path("../lib", __FILE)
require "fake_movie_facts/application"

run FakeMovieFacts::Application

You can either run th ...(continued)

Post Archive