Cerebrum

Disabling iPhone backups

iPhone applications like FileMagnet and DataCase have made me a happy camper. Those 350Mb of PDFs that I’ve never got round to reading are all now waiting for the delayed trains, delayed meetings, and occasional trips to the toilet that pepper my day. The iPhone’s a surprisingly decent e-book reader; I wouldn’t want to read War and Peace on it, but it’s good enough for 20-30 minute sessions.

It seems however that Apple didn’t consider people might use their iPhones to store large numbers of files.  Each time I connected to iTunes the entire contents of my phone was backed up regardless of the fact that no changes have been made since the last sync.  A full backup and sync was taking in the order of three to four hours.

Terminal to the rescue:

defaults write com.apple.iTunes DeviceBackupsDisabled -bool true

Announcing NSScotland

I don’t think there’s ever been a better time to be a Mac developer.

Market share is up; the mobile world is starting to get interesting; the cock-up that is Vista has rattled faith in Microsoft and Apple finally seem to be making a play for the gaming and enterprise markets.

With all that in mind, I’d like to announce NSScotland. The plan is to organize a Mac-centric developer group in Scotland with regular talks and sessions. There’re plenty of resources online if you’re into Cocoa or iPhone hacking but sometimes you just need to sit down and thrash out an idea over beer and some pizza: that’s what I’m hoping NSScotland can provide.

Mass attribute assignment in Rails

Over on less everything, Steven Bristol makes the very good point that Ruby on Rails’ mass-assignment shortcut can be horrible, horrible security hole. In many ways it’s a modern version of PHP’s register globals setting and most of us remember what became of that “feature”.

I do disagree with him on one point though; where he favours explicitly hiding attributes with attr_protected I’d much rather people started with everything hidden and chose to explicitly expose attributes with attr_accessible.

This has long been a bugbear of mine with Rails. So much so that the first plugin I wrote was explicit_assignment.rb, below

class ActiveRecord::Base
	attr_accessible
end

That might not look like much but it’s three powerful lines of code.

Calling attr_accessible with no parameters in Base effectively means all application models start life completely ignoring calls to model.attributes = attrs. If I want to use mass-assignment for any value I have to specifically ask for it.

class AppModel < ActiveRecord::Base
	attr_accessible :a_small_series, :of_accessible, :attribute_values
end

The only issue I’ve had is that this does tend to screw up a number plugin models that rely on mass-assignment. In this case all you have to do is read through all the plugins you use, make judgment calls on what should be accessible and update accordingly. What? You mean you don’t read every line of evey plugin you use? Nah, me neither, so I usually just change the explicit_assigment plugin to:

class AccessibleRecord < ActiveRecord::Base
	self.abstract_class = true
	attr_accessible
end

I then subclass all my application models from AccessibleRecord.

Yes, this is perhaps a bit verbose for a framework that prizes terseness and DRYness above all else but, if you value security too, I think it’s worth the extra text.

Scotland on Rails

NetNewsWire

It seems my misgivings about NetNewsWire are now redundant. I’m not going to use a system that stores plaintext passwords and payment details but I don’t have the any qualms about using a free service or app with a big-ass security hole in it.

I’ve shifted back from Vienna to NetNewsWire and I’m much happier for it. Vienna is a great product but I really missed NetNewsWire’s ability to sync feeds with the online reader and my mobile via Newsgator. There’s just one slight hack that’s needed to make it a bit better…

In synch-mode NetNewsWire doesn’t fetch feeds from each source: it reads Newsgator’s cached copy. This is generally a good thing; bandwidth costs are kept down for the authors and feed state is maintained between my devices. However, there are some feeds that lose value when they’re stale: server status logs and gone-in-a-minutes deals to name two.

So, how to get the best of both world: 99% of my feeds reading from Newsgator and 1% coming in fresh? NetNewsWire to the rescue!

NetNewsWire doesn’t just consume regular feeds: it can read “feed-like” output from local Apple or Shell scripts. That’s what we’ll use here to bypass Newsgator’s cache; although calling the one-liner a script is a bit of an overstatement.

#!/bin/sh  
#Saved in ~/bin/getfeed.sh
#Point a NetNewsWire "Special Subscription" at this script
#and pass the feed's URL as the first argument.
  
curl $1

Rebinding Spaces in Leopard

Dave Dribin (via Gruber) writes about the problems with Spaces, the new OS X virtual desktop manager. It’s an interesting read, but there’s one problem he mentions that’s readily fixable.

One final gripe is the key bindings for Spaces. The only key bindings for switching desktops is Control + arrow keys … Ideally, I’d love to be able to configure “switch desktop” up/down/left/right; individually and to any modifiers + key I want.

This was the first problem I hit with Spaces. The key combinations Apple allow can’t be pressed with only one hand and that’s a major flaw. Dave wants Control + Option + e/d/s/f but I wanted an even simpler combination of Alt + Space to swap over (I only use two virtual desktops so the up-down-left-right navigation is overkill).

The solution I use is to have FastScripts and Applescript rebind the shortcuts to something more agreeable.

FastScripts really deserves a full post to explain how useful it is but in a single sentence: attach any script/program/whatever to any keyboard shortcut.

First off, I set the Spaces shortcuts to the unwieldy combination of Control + Alt + Command + arrow and F15 to swap over and get the overview, respectively. This keeps the “real” shortcuts out of my way in other applications.

Next, I save a couple of Applescript one-liners to ~/Library/Scripts/Spaces where FastScripts can bind them to my shortcuts of Alt + Space and Alt + Command + Space.

//Swap.scpt 
//spoof a keypress of Control + Alt + Command + arrow
tell application "System Events" to keystroke \
(keystroke (ASCII character 29) using \
{option down, shift down, command down})

//Activate.scpt
//'activate' Spaces
tell application id "com.apple.spaceslauncher" to launch

All joined up, it works like this.

• I press Alt + Space
• FastScripts intercepts and launches the linked script.
• The script sends Control + Alt + Command + arrow back to OS X.
• Spaces swaps desktop.

No problem, and it’s a simple matter to alter the FastScript trigger to use any shortcut you like.

TextExpander and Applescript

SmileOnMyMac have released TextExpander 2.0 with some rather cool updates including

• Autoloading snippets from a url
• Selectively enabling snippets per application
• Scripted snippets.

It’s the last one that’s got me really interested. TextExpander can now use the output of an Applescript as a snippet. Which means I can drag out an update to my post about nesting snippets.

In the original post I looked at building an email signature from sub-snippets for your email, url and telephone number. Now we can tie the sub-snippets into Address Book.app to ensure we have the most up-to-date information.

set myName to "Gavin Montague"  --change  to your name
set theGroup to "phone"     	--change to "phone", "email", "address"
set theLabel to "home page" 	--change to item label "home", "work", etc.

tell application "Address Book"
    set myItems to run script (theGroup & " of first person whose name =\"" & myName & "\"")
    value of first item of myItems whose label is theLabel
end tell

You can download some scripts if you want a sample set.

The technique can also be extended to pull in other peoples details too. My girlfriend’s mobile is now jaemobile; my office address is workaddress and it doesn’t matter if either one changes because I generally remember to keep Address Book up to date.

That’s pretty cool but it’s just the tip of the iceberg. Maybe an email footer that includes the number of unread emails you have (“Gavin has 100 unread messages, don’t reply unless you really need to”); perhaps a password generator script? What dynamic snippets would be useful to you?

Computer Arts Magazine should not be allowed serverside

Their designer-friendly description of Ruby on Rails:

Ruby is a practical AJAX application which combines a front end, a database and a server…

From Computer Arts Projects, January 2007

Even Microsoft hate Outlook 2007

For my sins, I’ve been working on HTML email design and distribution for a client and that means learning all about the kerfuffle over microsoft pushing email design back 5 years. The short version of the story is that Outlook 2007 uses the MSWord rendering engine where older versions used the Explorer Engine; the net result is that an HTML email will work in Outlook 2007 or everything else, but not both.

As the XBOX 360 eshot below shows, it’s nice to see that Microsoft are having to eat their own dog food too.

Forgot your password? No worries...

I’ve been meaning to upgrade to NetNewsWire 3.0 and tonight I finally visited Newsgator to make the purchase. Unfortunately, I couldn’t remember my account details. No worries: find the password recovery widget, click, enter email, typey-typey, click, wait for email.

As you requested online, we are sending your NewsGator Online credentials to you. They are as follows:

Username: <my username>

Password: <my plaintext password!>

Customer Support
NewsGator Technologies

If you’re a developer and that email doesn’t make your eyelid twitch then please take my advice:

Don’t write any sort of login system until you know that plaintext passwords are bad.

I’m extremely wary about giving any sort of personal details to Newsgator now, which is a shame: I liked NNW.