Categories
Coding How-To ruby ruby on rails WebApps

Upgrade Your Rails Facebook App to SSL

On October 1st of this year, Facebook will be requiring that all apps on Facebook must support HTTPS (SSL).

I’ve provided a guide below which I’ve used for apps I’ve worked on that are Rails based.

This guide shows you how to change your Rails Facebook App into an app that supports SSL using Passenger and Apache2.

Step 1: Get an SSL cert or roll your own.

Dreamhost.com made it very easy to add an SSL cert for just $15.00 / year.

I tried out my app out using a locally signed certificate which seemed to work just fine:

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 2: Install and compile Apache 2

Get the latest version of Apache: http://httpd.apache.org/download.cgi.

Configure and compile Apache:
./configure –prefix=/usr/local/apache2 –enable-rewrite –enable-so –enable-ssl
make && make install

Step 3: Configure your Rails app

gem install passenger
passenger-install-apache2-module

Step 4: Edit your Apache 2 config files:

Edit httpd.conf. For example:

LoadModule fcgid_module modules/mod_fcgid.so
LoadModule passenger_module /Users/jimbarcelona/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.8/ext/apache2/mod_passenger.so
PassengerRoot /Users/jimbarcelona/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.8
PassengerRuby /Users/jimbarcelona/.rvm/wrappers/ruby-1.9.2-p290/ruby


    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all


Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf


IPCCommTimeout 40
IPCConnectTimeout 10

# TODO: change this to production if you are on production
DefaultInitEnv RAILS_ENV development
SocketPath /tmp/fcgidsock

Edit extra/httpd-vhosts.conf:


  ServerName berkeley.l33tcave.com
  ServerAdmin wwwadmin@berkeley.l33tcave.com
  DocumentRoot /Users/jimbarcelona/rails_apps/github/hipsterhookups.com/public
  ErrorLog /usr/local/apache2/logs/rails_error_log
  RewriteEngine On
  
    AllowOverride All
    Options -MultiViews
  
  RailsEnv development

Edit extra/httpd-ssl.conf:

#   General setup for the virtual host
DocumentRoot "/Users/jimbarcelona/rails_apps/github/hipsterhookups.com/public"
ServerName berkeley.l33tcave.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"

# needed for rails
Options Indexes ExecCGI FollowSymLinks
RewriteEngine On
RailsEnv development


AddHandler fcgid-script .fcgi

  
    AllowOverride All
    Options -MultiViews
  

Be sure to add your SSL certs in the httpd-ssl.conf too!

Step 5: Start Apache

# check syntax
apachectl configtest
# start apache
apachectl start

Step 6: Go to facebook and use https for canvas URLs

Categories
Uncategorized

25 super engaged followers thanks to BestCoworking

This is a quick plug for the BestCoworking group on Facebook. I got 25 really super engaged and diverse followers in about 1 hour of engaged social media effort. I skipped lunch, and it was worth it!

I want to thank Stacey Soleil for putting this group together.

Categories
Social Media TechBiz

3 Things The Social Network Taught Me About Startups

Spoiler Alert: You’ve been warned.

If “The Social Network” has a subliminal message, it’s this:

“Swinging for the fences means forgetting about everything they taught you in business school, and if you went to business school, you are fucked.”

1.Lunch Meetings and Face to Face is for losers.

If you are going to New York to talk to ad men, you are just cosplaying “Mad Men.” In fact, any social interaction that isn’t mediated and accelerated through something like Flowtown, or Salesforce, or LinkedIn is just that, cosplay. If you are doing business over lunch, then you might as well be dressing up for Renn Faire.

The lesson of this is one of the pivotal scenes in “The Social Network.” Not to give away too much, but in the movie, Fincher and Sorkin take great pains to show what happens to someone who doesn’t get it, even if he’s a co-founder. This person who didn’t get it has a business degree from Harvard, and went to New York to make deals for selling ads on Facebook.

2. Coders can do it faster and better than biz dev or people who cannot code.

Coders code much faster than any “traditional” business arrangement. If you have an idea, and cannot code it, you can never be relevant if you are swinging for the fences. Case in point: The Vinkelvoss twins did have the “idea” for a social network, but so did everybody and their grandma at the time, but execution is very different. Most business folks focus on the idea and the revenue model. The example with Facemash.com in the movie showed that this idea is flawed. Why? Making waves in society with technology will always be faster than a revenue model.

3. Our capacity for having the wisdom to understand the technology we create outstrips the rate at which we create technology.

If this is the case, then the point that the character of Sean Parker pushes throughout the movie, that putting ads on a site is like ending a real cool party at 11 pm, is something all startups swinging for the fences have to take to heart.

EDUARDO: Settle an argument for us, would you? I say it’s time to start making money from TheFacebook but Mark doesn’t want advertising. Who’s right?
SEAN: Neither of you. TheFacebook is cool, that’s what it’s got going for it… You don’t want to ruin it with ads because ads aren’t cool. It’s like you’re throwing the coolest party on campus and someone’s telling you it’s gotta be over at eleven. You don’t even know what the thing is yet.

Great point, Sean. I mean look at what ImDB.com has become because of that ad revenue pop-up model of business. ImDB is so ugly and not cool.

Categories
WebApps

The Funny Video of You Malware linked on Facebook

If you don’t already know, there’s malware going around through Facebook.

It starts off with the subject of:

i found a video with you in my camera.

You click on the link and you are led to a bunch of domains. One controlled by some ISP in Colorado, and then very-funny-webs.com . Do an nslookup on that one. Then you’re led to a server in Beijing and then finally to some poor computer that’s been hacked on port 7777.

Whatever you do, do not click that link!

Where was I? That computer automatically downloads a payload called: flash_update.exe

This is where things get interesting.

0000040: 0e1f ba0e 00b4 09cd 21b8 014c cd21 5468 ……..!..L.!Th
0000050: 6973 2070 726f 6772 616d 2063 616e 6e6f is program canno
0000060: 7420 6265 2072 756e 2069 6e20 444f 5320 t be run in DOS
0000070: 6d6f 6465 2e0d 0d0a 2400 0000 0000 0000 mode….$…….

Also, the dirty work of ruining your day is done here:

0003470: 0000 0000 08f1 0000 0000 0000 4b45 524e …………KERN
0003480: 454c 3332 2e44 4c4c 0041 4456 4150 4933 EL32.DLL.ADVAPI3
0003490: 322e 646c 6c00 5553 4552 3332 2e64 6c6c 2.dll.USER32.dll
00034a0: 0000 4c6f 6164 4c69 6272 6172 7941 0000 ..LoadLibraryA..
00034b0: 4765 7450 726f 6341 6464 7265 7373 0000 GetProcAddress..
00034c0: 5669 7274 7561 6c50 726f 7465 6374 0000 VirtualProtect..
00034d0: 5669 7274 7561 6c41 6c6c 6f63 0000 5669 VirtualAlloc..Vi
00034e0: 7274 7561 6c46 7265 6500 0000 4578 6974 rtualFree…Exit
00034f0: 5072 6f63 6573 7300 0000 5265 674f 7065 Process…RegOpe
0003500: 6e4b 6579 4578 4100 0000 4973 5769 6e64 nKeyExA…IsWind
0003510: 6f77 0000 0000 0000 0000 0000 0000 0000 ow…………..

The code seems to be messing around with your DLL’s in Windows which is bad. I’m on OS X, so I lucked out.

Anyway, I hope this piece of Malware didn’t get you and I hope those assholes burn in hell.

If anybody can add more details about how this malware works, please let me know.

Categories
TechBiz

Keeping It Real On Social Networking

I un-friended 50 people today and it feels good.

I applauded Twitter’s decision in July of 2007 to change “friend” to “follow”. It took one more falsehood out of the pile of lies that is the Internet.

I had to look at my Twitter followers and who I was following. I did the same with Facebook. I saw quite a few spammers, posers, users, and those who were a combination of all three.


A pic of how easy it is to fake friendship
figure 1. It’s easy to fake friends.

There was one person, who shall remain nameless, that really used me and hurt me. This person has managed to “friend” the top people in the Web 2.0 industry and has made it appear like s/he was the friend of all these top people thanks to carefully placed comments and strategic friending on Twitter, Facebook, Flickr, and Upcoming.

Imagine my embarrassment when I showed up at a function with this person and my real friends revealed that they didn’t know this person at all.

Anyway, one of my goals is to keep my Twitter and Facebook connections real and I won’t hastily add “friends” anytime soon.

It’s a sad thing that nobody reads Book 8 of Aristotle’s Ethics anymore.

Here are two quotes that serve as a commentary of our age of easy friending:

“Those who quickly show the marks of friendship to each other wish to be friends, but are not friends unless they both are lovable and know the fact; for a wish for friendship may arise quickly, but friendship does not.”

“Those who are friends for the sake of utility part when the advantage is at an end; for they were lovers not of each other but of profit.”

And what am I going to do about it?

I’m planning on making a social network where it’s actually difficult to friend people. The idea is that you can’t be someone’s friend unless you complete a task that shows your friendship for someone and have that verified.

Crazy?

Yes.

Doable?

Definitely.

Let me know if you want to work on this project.

Categories
How-To TechBiz WebApps

Migrating to the Newest Youtube API

You’ve got until August 30th, 2008 to migrate your code to the latest Youtube API. After that date, your current code base might not work.

I used 3 important coding concepts while working on migrating my Youtube Facebook App to the newest Youtube API:

Youtube

The strategy pattern allows you to define common behaviors that will be shared among your set of classes. In this case, I’ve got a class for the old Youtube API, and a class for the new Youtube API. Although the URLs used for accessing the two APIs are different, I’ll define a method common to each class for accessing URLs. In this case it’s the setURL method.

In PHP I do this like so:


interface apiCalls
{

public function setUrl();

}

The factory pattern allows me to create an instance of an object for using the old API or the new API on the fly. Factory methods just return the new instance of an object.

$dynamic_fave = FaveFactory::Create(“cyphgenic”, ‘yes’, 2, ‘on’, ‘2.0’);
$dynamic_fave->setUrl();
print $dynamic_fave->url . “\n”;

$dynamic_fave = FaveFactory::Create(“cyphgenic”, ‘yes’, 2, ‘on’, ‘1.0’);
$dynamic_fave->setUrl();
print $dynamic_fave->url . “\n”;

If you take a look at the code I’ve got and compare the old version with the new one, you can also see that I’ve cleaned up the nested if-else statements with arrays.

BAD NESTED IF-ELSE:

      if ($showUploaded == 'on') {
        $method   = "youtube.videos.list_by_user";
      } else {
        $method   = "youtube.users.list_favorite_videos";
      }

YAY! NO IF-ELSE:

      $h_method['on'] = "youtube.videos.list_by_user";
      $h_method['off'] = "youtube.videos.list_by_user";
      $method = $h_method[$this->showUploaded];

Below are the links to the bits of the code that I had to migrate. I just use one particular method, setUrl() as an example.

You might be wondering why two classes for the old and new API. If any new features need to be coded, or bugs need to be fixed in either API, I can do so within a particular class, and not add more obfuscation to the code. The two classes don’t violate the DRY principle because each models a particular thing.

Privacy Preference Center

Necessary

Advertising

Analytics

Other