OmbuLabs Blog

The Lean Software Boutique

Articles by Ernesto Tagwerker

Follow @etagwerker on Twitter

AWS S3 Policies for Carrierwave

When you create IAM credentials and policies for your app, you should make sure that they have access to the resources that they need and not more than that!.

This way, if anyone gets access to those credentials, the impact of this leak is reduced to the resources associated with them (and not all the buckets in your S3 account)

Read more »

Tips for Writing Fast Rails: Part 1

Rails is a powerful framework. You can write a lot of features in a short period of time. In the process you can easily write code that performs poorly.

At Ombu Labs we like to maintain Ruby on Rails applications. In the process of maintaining them, adding features and fixing bugs, we like to improve the code and its performance (because we are good boy scouts!)

Here are some tips based on our experience.

Prefer where instead of select

When you are performing a lot of calculations, you should load as little as possible into memory. Always prefer a SQL query vs. an object's method call.

Read more »

The Need for bin/start

Getting started with a new project should be as simple as possible, even for someone who is not technical. As a maintainer, you must make sure that anyone can clone your project and get it up and running in a few minutes.

After you clone a project, you should follow two steps:

  1. Setup
  2. Start
Read more »

Introducing Pecas: Dashboards for Freckle

At Ombu Labs we are big fans and happy customers of Freckle. We use their widget to track all the hours that we spend on client projects, open source development, and our own products.

Today I'm happy to introduce Pecas, time tracking leaderboards for Freckle! Pecas is an open source tool that integrates with your account and generates beautiful leaderboards per project and per teammate.

Here is a sample dashboard for all your projects:

A sample leaderboard in the Pecas web interface

On top of that, it will send you an email alert if you haven't tracked any hours during a work day. If it's a holiday, it won't bother you. :)

Read more »

DRY your tests

I'm a big fan of having small classes. I'm not a big fan of having huge specs for a small class/object. Every time I see an opportunity to DRY my specs, I take it.

Today I wrote a spec to make sure that we gracefully ignore SPAMmy contact requests in the Ombu Labs contact page. It initially looked like this:

test "gracefully ignores spammy requests with valid attributes" do
  @valid_contact = contacts(:two)
  attributes = @valid_contact.attributes
                             .merge(email_confirmation: @valid_contact.email)

  assert_no_difference("Contact.count") do
    post :create, contact: attributes, format: 'js'
  end

  assert_response :success
end

The new behavior adds a simple SPAM trap field that bots will usually fall for. If a bot is submitting the email_confirmation field (which is hidden by a CSS class), then it is SPAM and it gracefully ignores the request.

Read more »

The Joys and Woes of Pair Programming

There are a few agile practices that I really love. Pair programming is one of them.

We try to do it as much as possible at Ombu Labs. We usually keep the sessions under two hours and try to follow a regular schedule.

When we find ourselves blocked by a code problem, we use our daily scrum to coordinate a pairing session. It's quite a step up from rubberducking or using a cardboard programmer to find a solution to a problem.

@mauro_oto and I pair programming

The Joys

As a Senior developer, I find that pairing sessions are great for coaching Junior developers. I enjoy teaching them about best practices, design patterns, frameworks, languages, code style, XP, and TDD.

From the point of view of a Junior developer, I believe it's a great opportunity to learn from someone who "has been there before". When you program with someone with more experience, you will often learn about design patterns, elegant object-oriented solutions, tips and tricks.

Read more »

Introducing Infractores

I've always been a big fan of scratching your own itch. My latest itch was the insane amount of parking violations that I see everyday in Buenos Aires, near our office.

We decided to build a simple tool that would allow anyone with a Twitter account to report a parking violation. All you need to do is submit a geolocated tweet and a couple of photos (as evidence!)

Here is an example:

You can check out this tool over here: http://www.infractoresba.com.ar

This page shows all the parking violations reported by users to @InfractoresBA or with the #InfractoresBA hashtag. It's as simple as that.

Read more »

Our Hiring Process

This is our process to hire new team members at Ombu Labs. It's a process that we have been improving ever since we started our operations. It's very important for us to hire A players.

In this article I will focus on how we evaluate new developers, but parts of the process can be customized for other positions.

Read more »

The Landing Page MVP

There is no good reason why an MVP should take more than one month. If that happens, it means that the scope of the minimum viable product wasn't small enough.

You want to build the smallest feature set in order to start learning from your target market. It doesn't have to be feature complete. It doesn't even have to offer a feature. It doesn't even need to be a web-based MVP.

Read more »

10 Steps to Evaluate a Rails Project

It will come a time when you will have to decide whether to maintain a Rails project or not.

If you want to seriously consider it, you should follow these 10 steps:

1. Setup the development environment

Git clone the repository and try to start the server. Is the README clear enough? Can you follow the steps in the file and easily get started?

A lot of projects will have a README that is out of date and/or instructions that don't work right off the bat.

Most of the projects will define guidelines like these:

  • Configure your config/database.yml
  • Configure your .env file
  • Setup the database rake db:create db:migrate db:seed
  • Start the server rails server

The best projects will have a one-liner that will setup the entire environment for you.

Read more »

How to report a bug

The simplest way to contribute to an open source project is to file an issue. Here are a few steps for you to file issues that are useful for the project maintainers.

1. Make sure it hasn't been reported yet

A quick Google search should return one or more results about the issue. If it's user error, just change the way you are using the code and move on.

If that doesn't work, find the project (it's probably on Github) and search through open and closed issues. If it's filed and open, try to add more information to make it easier to solve. (Please please please don't just add another +1 to a series of +1s)

If you couldn't find any issues, submit an issue (Beware: some projects will encourage you to post to their mailing list before filing an issue)

2. Submit a useful issue report

Don't just post the title of the error and what you were doing when it happened.

Please be as specific as possible!

Post information about:

  • The environment (a snapshot of Gemfile.lock could help)
  • The error message (a good candidate for the issue's title)
  • The backtrace should always be included in the description
  • If there is some configuration involved, add it to the description

3. Bonus points

  • Try a couple of alternatives and see what results you get. Save all the output, which might be useful for the issue's resolution. I know that most of us try different solutions before filing an issue.

  • If you want to show the maintainer an example of the problem, you could create a sample application that generates the problem, using the same configuration and the same dependencies you have in your application.

  • If you found the problematic line in the library, you could enhance the tests to cover the scenario that you are seeing. The best libraries have near 100% code coverage, so adding another scenario could be easier than you think. You don't need to find the solution, but seeing a failing spec will definitely make it easier to find a solution.

4. Share your monkeypatch

Most of us will monkeypatch our application and move on. This sucks!

You should file the issue, so that other programmers will benefit from your "wasted" effort.

If you monkeypatched it in a horrible way, add it to the issue as well. The project maintainer or other programmers might find that it isn't such a horrible patch after all.

To sum things up

I've explained a couple of ways that you can make a contribution to an open source project. I started with the simpler steps and then I moved on to the more advanced contributions.

Ideally, detailed issue reports will become pull requests in the future. You (or someone else) might send the pull request, but it all begins with a detailed description of the problem you are seeing.

Don't just say "It doesn't work!", don't be that person! Next time file an issue so that we can all benefit from your pain.

Read more »

Adding Docker to a Ruby gem

As a maintainer of a few Ruby gems, I have to decide what is accepted and what gets rejected into the gems. The other day someone submitted a pull request to add a Dockerfile to DatabaseCleaner

I thought it was a good idea, because the current version of DatabaseCleaner requires you to have Postgres, MySQL, Redis, and Mongo up and running before you run rake.

Here are the steps:

  1. Download the Docker Toolbox, a 176+ MB package.

  2. Install the package, which will expand to 400+ MB in your filesystem.

  3. In the terminal: docker-machine start default

  4. Then within your project: docker-compose up (before this I had to run eval "$(docker-machine env default)" because of this issue). Get ready to wait for a few minutes while it sets up your virtual machine.

  5. Finally: docker-compose run --rm gem

Read more »

How to interact with hidden elements with Protractor

The other day I was trying to interact with a hidden file input field:

<div class="col-sm-3">
  <input class="btn btn-default" class="hidden" accept=".csv"  id="geofence_file_input">
  <a class="btn btn-default" id="textbox-for-geofencefile">Select File</a>
  <span ng-if="LineItemForm.augmentations.geofence.file"></span>
</div>

And the CSS:

.hidden {
  display: none;
}

Which caused this problem:

Failed: Wait timed out after 100015ms

Workarounds include displaying it, interacting with it, hiding it again, which I didn't like.

Read more »

Time and Material

As of 2016, we will no longer work with clients on fixed bid projects. They are not a good fit for us and we are not a good fit for them.

All of our clients are startups. Fixed bids are counterproductive for startups. They give the client a false sense of security and they punish changing requirements.

Fixed bids make clients think that their project will be finished in a fixed period of time if their requirements don't change while developing the project. That is a big if!

Read more »

Almundo's Bill Vulnerability

The other day my friend Juan Rossi reported a vulnerability in the Almundo billing system. Since then, the vulnerability has been fixed by Superfactura, their billing software provider.

Almundo is one of the biggest travel agencies in Argentina. Their site is among the 250 most visited websites in the country.

The vulnerability allowed anyone to download billing information about their clients by creating a pretty simple HTTP GET request. No programming knowledge required.

Read more »

The Lean Startup Way

At OmbuLabs we like to split our time working on our own products, client projects, and open source code. We have embraced the Lean Startup methodology not only for our own products but also for our client projects.

It is easier to apply the methodology to our own products than to our client projects. With our products, we decide what goals we want to reach and what experiments we are going to run to validate our hypotheses.

Read more »

How to Git push with blocked ports

Often times I find myself working out of a coffee shop with a terrible Internet connection. We have a nice office at OmbuLabs but there is still that Je ne sais quoi at coffee shops.

The cool thing about Git is that you can git commit all your changes while enjoying a cup of coffee and git push later (when you're back at home with a decent connection)

But what if you want to git push from the coffee shop? Sometimes the only ports that are open are port 80 (HTTP) and 443 (HTTPS).

Read more »