Authlogic is a handy plugin for shifting your user authentication, big or small, into an external dependency. Having it in gem (or submodule/plugin) form rather than generated code means as updates become available they are easily installed, since the codebase is separated from your own.

On a current green-field project I've switched from a home-rolled simple admin authentication solution to Authlogic. This took some fiddling as I don't get on well with Authlogic's style of documentation, but I expect that will improve with time and blogs.

I'm hesitant to give out security advice, but found the following useful. I kept hold of as many of my specs and features as was reasonable with the authlogic switch, while the hashing was now out of my hands there were still important criteria for how I wanted usernames, passwords and so on to behave at each MVC layer. In particular I don't want the attempted password to be sent back to the user as a field value when they fail to log in. While SSL offsets this somewhat I would rather have that data submitted once and not sent back. Also I don't see a use for the unencrypted password other than during validation and hashing at update or login.

A very simple fix for the view concern, found on slideshare.net is to set the view template value to an empty string.

<%= f.password_field :password, :value => "" %>

That's fine, but it's hardly in the MVC spirit. The model shouldn't be letting anything have the raw password. For example if you start adding more access formats you'd need to worry about it there. I think it's best to cut it off at source, with something like the following ActiveRecord hook in the model which acts_as_authentic

def after_save
  @password = nil
  @password_confirmation = nil
end

There is probably a better way to do this, but between that and the view value blanking my specs and features pass. If you're doing a lot before saving or leaving an unsaved model floating around bear this in mind.

Thoughts, comments & criticisms welcome.

While adding Textile to a resource following the outside-in BDD process described in the RSpec Book I found myself wanting to put a should_receive expectation on ActionView::Helpers::TextHelper#textilize

This left me somewhat confused, as I wasn't sure what to stub, and the book doesn't cover this. Google also drew a blank.

sticking a <%= inspect %> in the view and looking at the page source revealed an instance of ActionView::Base, which makes sense but was somewhat elusive. It also showed a @controller reference, which itself contains a @template reference. A consequence of this is that in your view spec you can get at the template with @controller.template

It turns out that within a view spec #template provides the relevant object. Thanks to Tim Riley for pointing this out.

For example:

it "should textalize the teaser and extra_content" do
  @service = mock_model(Service, :null_object => true)
  @service.stub!(:teaser).and_return 'a teaser'

  template.stub!(:textilize).and_return "textalised teaser"
  template.should_receive(:textilize).with @service.teaser

  render
  response.should contain("textalised teaser")
end

This kind of stubbing is useful as it checks that the view is calling the textilize method, part of the api, correctly, not whether RedCloth (or some other texitle gem) is doing its thing. Stubbing like this will, if nothing else, speed up the spec execution. Testing with input/output examples for the textilized data could go in the view spec, but api testing at that level seems out of place to me. Of course it should be tested at some level, e.g. with Cucumber. YMMV.

I spent last week shivering away with the Swine Flu. It wasn’t fun; but I knew something was coming & accordingly shut down jobs until I felt better, notifying the clients of the issue. This is planning: you do it because you know what’s coming.

Whilst convalescing, I read a fascinating discussion over on Jeffrey Zeldman’s blog. In this article, Zeldman publicised the fact that David Berlow of the Fount Bureau was proposing a new permissions table to OpenType. The idea is to be able to embed fonts into websites via @font-face whilst protecting the foundries from piracy. A permissions table would stop the font from, say, being downloaded & used elsewhere. Currently, only Microsoft’s EOT format allows for any protection from misusing the technology; it’s been around since 1997 (and it feels like it). Safari (for some time), Firefox (as of 3.5) & Opera (as of 10) support standard, naked type formats: Firefox 3.5 has just been released & Opera 10 will be released any day now. One may assume this is why there’s a sudden flurry of activity from foundries about the subject.

The name “David Berlow” may be familiar to you: he was interviewed in A List Apart back in April, where he started making this permissions idea & I wrote about that interview, and some of the reaction to it. Mark Pilgrim smacked it down pretty thoroughly, and with good cause: Mr Berlow’s suggestion would require that every computer on earth be altered. Not to mention virtually every font as well.

This isn’t the only problem, however. In the comments to Zeldman’s article I pointed out that it’s far too late for foundries to make such proposals: all modern browsers now support @font-face. To expand upon what I wrote there, the time for making these proposals should have been made back at least in 1998, when the @font-face was definitely part of the W3C’s CSS2 specification. And remember, if 1998 is the date of the recommendation, you can be goddamn sure that they were talking about it for years beforehand.

I apparently irked Berlow. He became quite defensive that until recently, foundries didn’t know how browser vendors would deal with fonts; and moreover, like other industries, he just wants to protect his IP. At first I thought that, in my feverish state, I had been a dick, but looking back, he simply didn’t get what I was saying. No matter the mechanism by which a browser deals with a font, @font-face has been with us for over a fucking decade. Foundries have had plenty of time to do something about it.

The best scenario for some sort of “webfont”, protected format would be to strongarm all the browser vendors into supporting it; suppress all the browsers out there that now support naked fonts; update every browser with webfont-“enabled” (one might say DRM-crippled) versions; and then hope for the best. Good luck with that. Let me reiterate what I’ve said before: this horse has long since bolted. If the foundries have pursued actions, they’ve been very slow and, worse, ineffective.

And as for Berlow’s concern about protecting his IP: well, they’ve had at least a decade to think about how to do this. A less charitable man than myself might think they were hoping this whole “fonts on the web” thing would just go away. Instead, they should have planned for this: full @font-face support was coming, and they knew it.

So bring on TypeKit. Where of course you’ll rent & not simply pay for the fonts you use. I have sympathy when people want to protect their IP, but Jesus H. Christ in a chicken basket, they’ll do anything to stop use from being straightforward.

That the recent brouhaha over the death of XHTML2 is totally overdone. After all, the spec was so fucking obtuse & abstract that no browser vendor was going to implement it.

I mean, the authors wanted to get rid of the IMG tag, fer chrissakes!

So Obama makes a speech at the University of Cairo (an excellent speech, in fact). You can always control what you say, but you can’t control who attends to your saying it:

Palestinian militants from the Popular Resistance Committee watch the televised speech of US President Barack Obama in Gaza City, Thursday, June 4, 2009.

Click on that link. You’ll not be sorry.

Well Uni is over now for me (ceremony pending) and life out of the city is a lot quieter.

I've decided to keep busy with a few events coming up this year, two rails specific and one on more general web design topics:

Rails Camp UK:

FOWD Tour - Leeds:

Take a look, there may be something you fancy.

I'm currently in the process of setting up a Rails 2.3 stack from scratch, and a few things have changed since the last couple of projects I worked on were tooled up.

One thing which has certainly changed for better is binding rspec, ZenTest and Growl together, previously I posted on some work-arounds for missing messages, adding images, and various other bits ad-hoc. This functionality is now all produced by installing the autotest-growl gem which may also be found on github. Take a look at the readme.rdoc

Of interest to me in particular were changes to ~/.autotest

Mine was quite something previously,

#!/usr/bin/env ruby
# Symlink this to ~/.autotest
require 'autotest/redgreen'
require 'autotest/fsevent'

AUTOTEST_IMAGE_PATH = File.dirname(File.symlink?(__FILE__) ? File.readlink(__FILE__) : File.expand_path(__FILE__))

module Autotest::Growl
  def self.growl title, msg, img, pri=0, stick=""
    system "growlnotify -n autotest --image #{img.inspect} -p #{pri} -m #{msg.inspect} #{title.inspect} #{stick}"
  end

  Autotest.add_hook :ran_command do |autotest|
    filtered = autotest.results.grep(/\d+\s.*examples?/)
    output = filtered.empty? ? "" : filtered.last.slice(/(\d+)\s.*examples?,\s(\d+)\s.*failures?(?:,\s(\d+)\s.*pending)?/)
    if output =~ /[1-9]\sfailures?/
      growl "Test Results", "#{output}", "#{AUTOTEST_IMAGE_PATH}/fail.jpg"
    elsif output =~ /pending/
      growl "Test Results", "#{output}", "#{AUTOTEST_IMAGE_PATH}/pending.jpg"
    else
      growl "Test Results", "#{output}", "#{AUTOTEST_IMAGE_PATH}/ok.jpg"
    end
  end
end

Autotest.add_hook :initialize do |autotest|
  %w{.git .svn .hg .DS_Store ._* vendor}.each {|exception| autotest.add_exception(exception) }
  false

now replaced with

require 'autotest/growl'
require 'autotest/fsevent' #osx specific file changed event notification
Autotest::Growl::show_modified_files = true #which changes prompted the autospec run
Autotest::Growl::remote_notification = true #networked growl, to work-around disappearing notifications
Autotest.add_hook :initialize do |at|
  %w{.git .svn .hg .DS_Store ._* log}.each {|exception|at.add_exception(exception)}
end

The FSEvent gem is well worth a look if you develop on OSX 10.5 (Leopard), it switches autotest from polling your hard drive (i.e. thrashing) to working with the OS's event notification system. Design patterns strike again!

With these updates I gave an old project a spin to see what would happen, and voila, the specs ran as they should, coloured and all.

A particular error I was receiving before doing this update was

script/autospec 
(Not running features.  To run features in autotest, set AUTOFEATURE=true.)
(Not running features.  To run features in autotest, set AUTOFEATURE=true.)
loading autotest/rails_rspec
/Library/Ruby/Site/1.8/rubygems/custom_require.rb:31:in `gem_original_require': no such file to load -- autotest/redgreen (MissingSourceFile)
    from /Library/Ruby/Site/1.8/rubygems/custom_require.rb:31:in `require'
  …
    from /usr/bin/autotest:19:in `load'
    from /usr/bin/autotest:19
Unable to find autotest.  Please install ZenTest or fix your PATH

The culprit being redgreen, which can be uninstalled when using the new ZenTest.

Well, I may like to dabble in the occasional Separated at Birth series, but Totally Looks Like has some particularly incredible juxtapositions:

Totally Looks Like nails the uncanny resemblance between Quentin Tarantino & Squiggy from Laverne & Shirley

Alas, poor Quentin. It’s been hard to take him seriously for a long time now, but this may be the final nail in the coffin.

Could humans at any point in history, given the right information, construct an electronic communication network? To test this hypothesis, Substitute Materials will attempt to build a functional electric battery and telegraph switch from materials found in the wilderness, using no modern tools except information from the internet. The telegraph will be a first step towards an ahistorical internet.

What the author doesn’t say is that he’s doing this in the wilderness while wearing a business suit.

And that he couldn’t find any flint to make a good ax—he had to order it from the Internet.

I foresee much time spent reading this site.

We’ve recently completed (and had printed) a couple of new A4-sized posters for the University of Sheffield, one advertising a series of lectures by the renowned philosopher Stephen Stich & the other promoting an MPhil degree in Political Theory.

Before we continue, you may wonder: why A4? Isn’t that small for a poster? It is, but not in the context of a university department bulletin board with lots of competing notices. If your poster is too large, it may not even be placed on the board; and even if it is, a larger poster will soon be covered up by other notices. So an A4-sized poster is about as large as you can safely make it.

Judging from this use-case, you might also conclude that creating a striking effect for your poster would be crucial: one that makes your notice stand out from the dozens of other notices. And you’d be right.

Stich Lecture Series

This was a rush job: I had 24 hours to go through the process of commission, design approval & printing. What’s worse, I was suffering through the worst flu I’ve ever experienced. What’s worst is that I was handed a huge wodge of text & only two source images. Luckily one image was large enough that it was feasible to expand it further to print quality.

With such a timeframe & under those conditions, you are subject to severe constraints. Constraints are sometimes wonderful & this was one of those times: it helps guide you quickly down the path towards a decent design.

Some of the constraints were posed by the photo. It was black & white and couldn’t be expanded further without risking pixellation. Also, the picture wasn’t fully optimal because a critical element—the top of Steve’s head— was cut off. So immediately we know that the poster should be black & white (to match the picture), it shouldn’t rely too much upon the picture to give it visual interest (because it was small) & that we were going to have to distract the eye from the missing top of Steve’s head.

When you’ve got a lot of text and your photo is small & suboptimal and you’re limited to black & white, then you’ve got to rely upon typography & stark contrast to attract the viewer’s attention. Black text on white is too common: reversing this will catch the eye. Using chunky typography, I covered the top of Steve’s head with his surname & used the look on his face to draw the viewer’s eye towards the explanation for lecture series.

The result is pretty good, I think, and certainly eye-catching, but it’s a little conventional. Had I more time, I would have made that chunky typography a lot chunkier: it would have taken up about half of the poster. But time was a real constraint here.

MPhil Poster

The second poster here is for the promotion of a degree offered jointly by the departments of philosophy & politics. We were to employ a really striking image that’s somehow relevant to the subject. My initial to represent the result of a broken political process: images ranging from protests, revolution, police in riot gear, bombed-out cities, etc. I also immediately thought of Orwell’s memorable line from 1984: “If you want a picture of the future, imagine a boot stamping on a human face—for ever”.

Any of these images would certainly contribute to a striking poster, but the approach was ultimately rejected as inherently faulty. I might have put out an unintentionally negative message: “Join us & together we’ll destroy the world”. So a re-think was definitely in order!

I came across an intriguing image of anti-Communist graffito on iStockphoto, one that still cleaved to my original idea of portraying a broken political process, but the action portrayed here was more positive. Here, the notion is of casting aside what didn’t work as the initial part of the transition to something that did. And of course, what do you need to make that transition successful? Why, lots of people with MPhils in political theory, obviously!

To keep to the conceit that the poster was itself political graffito, I opted to place the title in a hand-drawn stencil typeface. And finally, the actual content of the poster was placed on a semi-transparent bed.

By the way, if you’re a graphic designer in the Sheffield area & need digital printing done quickly, consider ASAP Digital, who printed both posters. Their quality is excellent & their turnaround time is fantastic.

There are moments when I’m really happy not to live in the US any longer. This is one of them, because I simply know that if I lived & worked there, I’d have to make an eagle-based logo for a consulting company. Because, as I’m sure you’ve twigged, they’re keen-eyed consultants who know what’s what.

And not because they’re nearly extinct.

Using innovative typography on websites is close to my heart. But its development has been sluggish at best, due in part to the virtually non-existent actions of font foundries. Their inaction is in part understandable: the licensing issues aren’t easy & naturally enough foundries don’t want to give up being paid for what they do, because if a font is on a website, chances are that you can rip it off. Even if you use something like Cufon, which is a pretty cool-looking, Javascript-based encoded siFR alternative, you’re likely to be able to re-engineer the font.

It’s tempting to view font foundries—like Adobe—as big, faceless monolithic corporations who have their own profits in mind, not the use of their fonts in innovative ways. But the truth is that they’re usually quite small & by ripping them off you’re hurting “the little guy”. So how do you resolve this issue? Well, in an interesting interview between Jeffrey Zeldman & the Font Bureau’s David Berlow, Berlow suggests creating a new table for fonts which defines permissions for online usage. On the face of it, this sounds like a decent idea, but the problem is it’s an idea that’s come far, far too late: that particular horse has bolted. Foundries should have closed that gate back in, oh, 1990.

Which is where Dive Into Mark’s foundry screed comes in. Unlike many screeds, it’s really worth reading because he makes very cogent, stark points. For one, Berman’s permissions table suggestion would break every font-consuming application on every platform on every computer on Earth. Mark also points to the future:

Dynamic web fonts are coming. Actually they’re already here, but most of Our People haven’t noticed yet. But they will, and that’s going to be a huge boon to somebody. I see you’ve decided that it won’t be you. Well, have fun shuffling your little bits of metal around. The rest of us will be over here, using the only fonts we’re allowed to use: Everything But Yours.

Mark’s point is really important: by defining some licensing in the most boneheaded manner possible (really simple example: not allowing some fonts be embeded in PDFs), type foundries have shot themselves in the foot. Unless they change—and fast—they’re going to be left behind.

Here we see some really close (and obvious) parallels with the machinations of the music industry, the movie industry & even the newspaper industry. All of these “content owners” (and isn’t that a generic expression) are so paranoid about “giving away” their work that they’re earning the enmity of anyone who comes into contact with them. And like the music, movie & newspaper industries, I suspect that type foundries are going to see their business models change dramatically—and they’ll not have had the initiative to have a hand in that change.

Like books? Like photography? Like art? Let’s mix all three of them. Thomas Allen’s book art photography is a wonderful series where Tom takes different pulpy book covers & with some judicious slicing makes a fantastic new work out of it.

Thomas Allen’s “Fury” (2006)

Truly fantastic stuff.

Last week, the greatest client in the world & I travelled to London to the Internet World exhibition. Ian asked me about whether it was worth it. Let me try to paint a picture for you:

Imagine a world where you’re selling digital services. Purely digital services—no hands-on gadgets or anything. Now imagine that to sell digital services, which of necessity work over the Internet, you’ve decided that, instead of [just] pitching on the Internet, you’ll go to an exhibition hall. Ignore the fact that this seems pointless. How do you get people to come to your stall?

• No nonsense: Big flat computer screen & a few sweaty nerds with the stink of doom clinging to them;
• Silly gimmicks: Ice cream, smoothies, chocolate, all for the high, high cost of enduring a sales pitch;
• Proximity to Sensuality: Scantily-clad women! Talking to you! Example: dancing girls were dancing, unenthusiastically shouting “Wooo!” whilst in midriff shirts reading “The firewall is dead. Long live the firewall”

Now imagine an exhibition where there are talks given in different theatres. There are six overarching subjects—each with incoherently-assembled themes like “Web 2.0, Social Networking, Usability, Design & Build Theatre ”—and you only design five icons for them:

Couldn’t you spring for a sixth icon? You have no idea how many problems this caused.

The presenters of these seminars were given 25 minutes to talk (like “How we redesigned Virgin for SEO”), but they all—to a man—decided not to give away any of their secrets. Fair enough, but reflect that these people genuinely thought this was somehow going to magically turn into a selling opportunity, simply by stating claims backed with little substantiation, just assertions.

Now imagine a group of people telling you that the greatest way to sell services is online, but decide to do it in a grey hall, having paid thousands to rent their stalls & assemble their marketing junk, as people (including yours truly) shuffle listlessly about.

Finally, the easy part: imagine that, after having walked around for hours & listened to God knows how many awful (truly, truly awful) marketing sessions, you have used your 3" x 1.5" notebook to fill up only 2 pages’ worth of interesting information, because that’s all it was really worth.

So, yeah, it was teh suck.

Unfortunately I’m currently nursing a particularly nasty flu right now, but I couldn’t let the day pass without comment. As of today, Argument from Design is ten years old. Let the confetti fly! And before I say anything else, I want to say a big thank-you to all our clients over the years: we literally couldn’t have done it without you.

Headlong

I didn’t know what I was getting into: that was part of the fun. I was an “accidental entrepreneur”.

After getting my second master’a degree, I worked for a very large organisation—a university. Large organisations can provide a lot of security, but—for me, at any rate—I find them frustrating for their inability to move quickly. Anything I wanted to do had to go through a number of committees, the decision-making process took a year & in the end the answer would be “no”. Plus, I was the lone arty guy in a department full of techies. I often felt like the odd-man-out.

So I decided to leave. Figuring that a small organisation would be more nimble than a large one, I started working for a local graphic design firm. But while small may equal nimble, small doesn’t necessary equal good & it doesn’t necessarily equal a good fit. Whereas in my last job I was the arty guy in a sea of techies, I was now the tech guy in a…well, pond… of arty types. That wasn’t a great feeling (I’m always misunderstood!), but what was awful was the eventual realisation that the owners didn’t have a clue how to sell websites to their clientèle— and that moreover, I couldn’t go out to help sell the new service. I found myself doing more & more print work in Quark XPress & (shudder) FrameMaker. And I learned a lot about how not to run a business. Whilst a small company can be more nimble, it can quickly manoeuvre itself into the ground.

I spent a month or so moonlighting, building up some work & laying the ground so I could start immediately: building a website & portfolio of my own immediately available upon hanging out my shingle. I planned to leave the design firm in June, but the company, not having sold any websites in a year (in 1999, mind you—the height of the dot-com bubble!) let me go.

So that was it. I was off—off on my own. I was frightened & oh my God did I make mistakes. But they were my mistakes. That was truly liberating.

The Value of the Ever-Changing Landscape

Web development is a fantastic business—if you like constantly learning new things. That’s one of its greatest attractions to me, along with the potentially close association of art & technology. And we’re only now entering into a golden age, with a combination of powerful tools for layout (like CSS), interactivity (like Javascript libraries) & back-end development (thanks to clean, clever frameworks like Ruby on Rails). But of course it won’t stop there. All these things will be refined & engender new tools.

There’s something humbling—and exhilarating—about a field that changes so much year upon year. I wouldn’t have it any other way.