Net::Amazon::S3 is a simple, easy to use, pure Ruby implementation of the Amazon S3 REST API. It aims to provide a more Rubyish interface to the S3 API than other libraries and has no non-Ruby dependencies, so it's completely platform-independent.

I wrote this because I needed an S3 library for Crackup and the existing libraries left much to be desired. They all seemed to be based on Amazon's horrible and unnecessarily complex Ruby example code, which was unsettling. To make matters worse, none of them supported uploading from (or downloading to) IO streams, which meant entire files had to be read into memory for transfer (not exactly practical when you're working with multi-gigabyte files).

The API presented by Net::Amazon::S3 is very simple and allows you to do some pretty useful things with S3 in only a few lines of code. It also supports uploading from IO streams and downloading in chunks, which means it's usable with any size file (up to the 5 GB limit imposed by S3).

Net::Amazon::S3 can be installed via RubyGems with just a few keystrokes:

gem install net-amazon-s3

Complete API documentation (including examples) is installed along with the gem, or you can read it online.

Update: Marcel Molina, Jr. from 37signals has released a new S3 library, AWS::S3, that's much more complete and (in my opinion) much better than Net::Amazon::S3. Since he said nice things when he emailed to tell me about his project, and since I like AWS::S3 so much better anyway, I won't be developing Net::Amazon::S3 further.

I've released the first version of Crackup, my simple solution for creating encrypted remote backups. Since I last mentioned it, it's been rewritten in Ruby (PHP was getting on my nerves). I've been using the rewritten version for my own backups for about a week now and I'm pleased with it.

Installing Crackup is easy as pie if you've got RubyGems installed:

gem install crackup

There's some very preliminary documentation (by which I mean basic command-line usage info) here. Real Soon Now I'll add some examples and a description of how the backups are stored so you can reverse engineer your backups in the unlikely event that I get hit by a bus, you lose your original data, and every copy of crackup-restore disappears off the face of the earth.

Slashdot has temporarily disabled comment threading because they've got so many comments that their comments table (which uses a MySQL mediumint for parent ids) has overflowed. This is one of those theoretical limits I've always tried to plan for in my own software but never imagined I'd actually run into. I bet they feel pretty silly right now.

Crackup is a pretty simple, pretty secure remote backup solution for folks who want to keep their data securely backed up but aren't particularly concerned about bandwidth usage.

Crackup is ideal for backing up lots of small files, but somewhat less ideal for backing up large files, since any change to a file means the entire file must be transferred. If you need something bandwidth-efficient, try Duplicity. Crackup is a quick and simple (but secure and reliable) hack that gets the job done, but not much more. My main reason for writing it was that I needed something similar to Duplicity that would work well on both Windows and Unix systems. Crackup runs well on Windows under Cygwin.

Backups are compressed and encrypted via GPG and can be transferred to the remote location over a variety of protocols, including FTP, FTPS, and SFTP.

I just put the finishing touches on the first usable version of the backup client a few minutes ago and it seems to work well. There's no restore client yet, but it'll be easy to whip up as soon as I get around to it (which will hopefully be before I need to use it).

Update: crackup-restore is now complete and is available in the SVN repository along with the rest of Crackup. Enjoy!

My Flickr API key stopped working a week or two ago. API calls just return an error message saying "Invalid API Key (Key has expired)". That's why there hasn't been a new picture on the photoblog in forever. Flickr's API key status page says my key is still valid and active. I've even created a new key, but it gets the same error.

I wrote about this in Flickr's FlickrBugs forum and got just one response, which is from someone having the same problem. Google searches turn up a few other people having the problem, but not recently, and I have no idea whether (or how) their problems were resolved. Has anyone else had this problem? What did you do to solve it? Does Flickr even care?

If this doesn't get fixed soon, I'm going to have to ditch using Flickr for the photoblog and go back to my old custom setup.

Update: A friendly Flickr employee was awesome enough to drop by and solve the problem (see the comments for details). Turns out the third-party Flickr.rb library I'm using has a bug and is sending its own (expired) API key instead of my active key. Not Flickr's fault at all. Thanks kellan!

I've interviewed what seems like an endless stream of web designers (emphasis on designers) over the last month or two, and they all seem to have one thing in common: they don't know what the hell they're talking about.

One of the technical questions I always ask and nobody ever answers correctly is, "What is the difference between a div and a span?"

Invariably, each candidate launches into a nervous, stuttering, uncertain description of how they use divs for certain things and spans for other things. When I ask why they use them for different things, the answer is always something along the lines of, "Um...I don't really know."

I had no idea that the level of basic HTML knowledge among people calling themselves web designers (and especially those calling themselves web developers, which is the position we're interviewing for) is so low. This is absolutely shocking to me. Some of the people I've interviewed have done very high-profile websites and have excellent design skills. The fact that they claim to know HTML without understanding this fundamental concept is surprising, absurd, and above all frustrating.

The difference between a div and a span is very simple. The HTML 4 specification has this to say on the subject (emphasis added):

The DIV and SPAN elements, in conjunction with the id and class attributes, offer a generic mechanism for adding structure to documents. These elements define content to be inline (SPAN) or block-level (DIV) but impose no other presentational idioms on the content. Thus, authors may use these elements in conjunction with style sheets, the lang attribute, etc., to tailor HTML to their own needs and tastes.
http://www.w3.org/TR/html401/struct/global.html#h-7.5.4

That's it. That's the answer. All I'm looking for are the words "inline" and "block-level". If you say those words in the correct order, you pass the test. A++++++, would hire again.

Of course, this is only one of the five or so technical questions that every candidate gets horribly wrong. Next time I'll write about the differences between absolute, relative, fixed, and static positioning in CSS.

Update: About an hour after posting this I interviewed another candidate over the phone and he aced all my questions. First time that's ever happened. I should have blogged about this sooner.

One application sorely missing from the default set of apps on the Sidekick is a simple alarm clock. Sure, there’s a calendar application that can be used as an alarm clock in a pinch, but it’s really too complex for a simple morning alarm. Since I depend on my phone to wake me up every morning, I wrote myself an alarm clock application, which I’ve dubbed (for reasons that I hope are obvious) “Alarm Clock”.

The more I develop for the Sidekick, the more I like it. Once you get the hang of the process, development goes very quickly. I can see why there’s such a large development community for this phone in spite of its closed nature.

Update: Stop asking for developer keys. Seriously. I cannot create a developer key for you and I will not give you mine. If you want an alarm clock and you don’t have a developer key, download Time Traveler from the catalog. Stop pestering me, you ignorant bastards.

I finished my first application for the Sidekick this afternoon: a simple client that periodically reports the phone’s uptime to a script running on my server. I tested it extensively on the hiptop emulator provided with the SDK, and when I was satisfied with it, I sent it off to Danger as part of my request for a developer key (which is necessary in order to install unsigned software on the actual phone).

Within an hour or so, Danger had approved my request (on a Saturday, no less!). Now, for the small price of voiding my warranty, I can install whatever I want on my phone. Result!

I’m very pleased so far with the Danger SDK, their API, and especially the incredible support on the developer forums. Thanks to the excellent documentation, I’ve only had to resort to posting questions on the forums twice so far, but each time I got a helpful response from a real live Danger developer almost instantly, even after hours on Friday and on a Saturday. That’s pretty impressive.

My only real complaint is that the resource editor included in the SDK is a buggy piece of crap with an almost unusable UI (a real surprise coming from Danger), but I think I’ve finally learned how to avoid making it angry. When all else fails, I can at least edit the resource files by hand.

I’ve been digging deep into the innards of MediaWiki, the software that powers Wikipedia and hundreds (thousands?) of other wikis, for a new website I’m working on. I chose to use MediaWiki because it’s one of the most featureful wikis available, yet isn’t so complex that it takes forever to customize.

Unfortunately, while it’s a nice enough application on the outside, MediaWiki’s insides are complete shit. The code is a horrendous mess, but that’s not the worst thing about it. The worst thing is that it’s a badly-architected horrendous mess.

There are places where the developers make feeble attempts to separate logic from presentation, which in many cases just ends up making things more complex, because you end up with a sort of pseudo-separation where some parts of the presentation layer are separate, while others (a lot of others) are still embedded in the logic.

For example, each section of the sidebar is defined in a completely different part of the application. One section is defined in, of all places, a language file. Another is defined in a skin template. Yet another is embedded in a PHP include deep in the heart of the application. It’s ridiculous.

I was also shocked to discover a directory named maintenance, which is included in the web root of the application and contains hundreds of command-line PHP scripts intended to be run only by administrators. One of them is named eval.php. Guess what it does?

The only thing keeping the public at large from executing these scripts over the web is an .htaccess file. That’s fine if you’re using MediaWiki on an Apache server configured to allow .htaccess overrides, but what if your server isn’t Apache? What if it’s not configured to allow overrides? I didn’t see anything in the install docs that warned me I needed to secure this directory.

Here’s a nice little snippet from MediaWiki’s default skin class, MonoBookTemplate:

<div id="p-cactions" class="portlet">
    <h5><?php $this->msg('views') ?></h5>
    <ul>
<?php      foreach($this->data['content_actions'] as $key => $tab) { ?>
         <li id="ca-<?php echo htmlspecialchars($key) ?>"<?php
          if($tab['class']) { ?> class="<?php echo htmlspecialchars($tab['class']) ?>"<?php }
         ?>><a href="<?php echo htmlspecialchars($tab['href']) ?>"><?php
         echo htmlspecialchars($tab['text']) ?></a></li>
<?php       } ?>
    </ul>
  </div>
  <div class="portlet" id="p-personal">
    <h5><?php $this->msg('personaltools') ?></h5>
    <div class="pBody">
      <ul>
<?php       foreach($this->data['personal_urls'] as $key => $item) { ?>
        <li id="pt-<?php echo htmlspecialchars($key) ?>"<?php
          if ($item['active']) { ?> class="active"<?php } ?>><a href="<?php
        echo htmlspecialchars($item['href']) ?>"<?php
        if(!empty($item['class'])) { ?> class="<?php
        echo htmlspecialchars($item['class']) ?>"<?php } ?>><?php
        echo htmlspecialchars($item['text']) ?></a></li>
<?php      } ?>
      </ul>
    </div>
  </div>

Notice the lovely mixture of HTML into a PHP class, as well as the complete lack of sensible formatting. This is just a tiny sample; there’s lots more.

In spite of all this, I’m still going to be using MediaWiki, because, sadly, it’s the best thing out there at what it does. That should tell you a lot about the general quality level of open source PHP applications.

It's incredible how many people are paid to write articles about programming despite knowing fuck all about the subject. Take a look at a site like PHPBuilder.com and poke through some of the example code in the articles. Most of the time it's absolute dog shit. I guess this is because the good programmers are being paid to write software, while the bad programmers are being paid (a lot less) to write articles about programming.

There's a real lack of articles written by good programmers, which is why sites like The Old New Thing and Joel on Software and Why's (Poignant) Guide to Ruby are such treasures.