Draconis Software Blog

Ruby's version of make, Rake, is an indispensable tool that all Rubyists should learn and use regularly. It's the perfect way to run all of those project-specific tasks like clearing the cache or removing stale session data.

Once you start using Rake, you'll probably find that you duplicate many of your tasks in all of your projects. It's not too much to copy often-used .rake files, but there is a better way. Sake (short for System-wide Rake) solves this. Once you install a Rake task into Sake's repository, it becomes available system-wide via the sake command.

Say you have a file named dbversion.rake, which finds the migration version of your database, as follows:

To install this system-wide, first install Sake by running gem install sake. Rubygems will download and install everything for you. Now you can install the Rake task into Sake by typing sake -i dbversion.rake. You can now run the db:version task inside any Rails app by typing sake db:version. Pretty neat, eh?

Sake has a few more tricks up its sleeve. You can view the rake tasks that are currently installed into Sake by running sake -T. It can also install tasks hosted on a remote web server by replacing the filename that appears after sake -i with the url. Check out the original blog post to read more.

Some other sites with info on Rake that I found interesting:

• Some useful Rake tasks from ERR THE BLOG
• A tutorial on Rake from Rails Envy
• A more in-depth view on Rake from Martin Fowler

Comments (1)

There's a good overview of antispam practices at Howto Forge today, detailing the various methods either currently in use (black/gray/white lists, applications, etc), and proposed (DKIM, etc).

In a world where spam is bound to hold such an important position,
methods of preventing it should also be given an increasing importance.
Some of the easiest and most widely used prevention methods are host
control solutions, Antispam applications and user education.

I'm particularly excited about Domain Keys Identified Mail (DKIM), which I wrote about recently. Such a method would be very useful in tracking down spammers and controlling the flood of junk they put out, though, as this article points out, it's not without it's limitations. "The main disadvantage of DKIM is that email messages can be significantly modified in certain situations (e.g. when being forwarded by list severs), causing the signature to be invalidated and the message to be rejected. A solution to this issue would be combining DomainKeys with SPF, because SPF is immune to modifications of the email data."

Check the article out - it's a good overview of what's currently going on, and perhaps may inspire you to try a different approach to your current antispam efforts.

In IT, many devices have an administrator password that, when forgotten, require some hoop-jumping to reset. Holding down the power button while booting the router/switch/etc, using a secret "back-door" password, or something similar is usually the norm. Not so with a Sony tape library, as this post at Everything Sysadmin shows. Talking to Sony tech support meant that, in order to reset the password on the tape library, it would cost $899 (escalating to Sony customer support dropped the price to $699):

The manual says that one can't reset the password and I should call my dealer. I figured they just didn't want the information spread around, so I contacted Sony and they gave me the right people to speak with. A very helpful person names Lucia informed me that I could send in the device and for only $899 they would reset the password. That seemed unreasonable, but escalating it brought me no joy. John Marshall, Customer Service/Support Manager at Sony ... was very polite and friendly, but was not able to tell me the secrets to doing the process myself. I even offered to sign a non-disclosure if the process was secret. No luck. He offered to reduce the rate to $699 but that was unstatisfactory.

That's an expensive password reset. Do you have a crazy password reset story? Let's hear it!

In continuing with today's security theme, here's a great set of 24 tutorials from Max Kiesler for AJAX programmers concerned with security (and who isn't?). "For the most part AJAX does not significantly increase the security vulnerabilities in most web applications. However, javascript, XML and asynchronous server calls do have potential holes if not properly implemented. If you're an application developer or security professional there are things to watch out for with AJAX applications."

If you're writing web code with AJAX, check these guides out.

Microsoft has published a paper called Microsoft Solutions for Security and Compliance, that's designed to "help IT managers and Microsoft customers meet specific IT compliance obligations that directly relate to major regulations and standards."

As the regulatory requirements become increasingly complex, a "big-picture" guide such as this, with ideas on how to implement them, can be a very useful resource for those in the SysAdmin business. The document discusses five major regulations and standards that are likely to affect your buiness:

• Sarbanes-Oxley Act (SOX)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• European Union Data Protection Directive (EUDPD)
• ISO 17799:2005 Code of Practice for Information Security Management (ISO 17799)

In addition to giving a succinct overview of the law you need to be aware of, Microsoft Solutions for Security and Compliance discusses what IT controls are and how they might be implemented in your organization. "IT controls regulate and guide the operation of IT in the organization, including all of the processes, and systems within it. These controls focus on processes that concern IT managers, including availability, change management, user provisioning, security, and so on. It is these controls that are the focus of this planning guide."
Another useful guide from Microsoft is their Security Risk Management Guide, which gives a useful overview of the process IT departments often implement to minimize organizational risk to data theft and other issues.

If you're in the IT biz, be sure to check these out.