RoR-e

Today ror_ecommerce's rail4 branch has been tagged as 2.0.0.beta1. All deprecation warning have been resolved and all test pass. This release will now have ruby 2.0 be the supported ruby version and the project has been upgraded to rails 4.

I'm guessing people will want to hear about the pain points to upgrading a large project to rails 4. So the remaining of teh post will highlight my findings.

Strong Parameters

I had originally thought the upgrade would be much more smooth to simply add the protected_attributes gem. It appears to just be the same functionality as rails 3 right? WELL, not exactly. The problem has to do with the gems in your project. You can expect maintainers of gems to support rails4 (and have rails 4 branches of the gems). You can not expect them to support the protected_attributes gem. Hence the guy maintaining protected_attributes either have to cover a bunch of "one off" issues or there are going to be cases where things just won't be supported.

Instead of looking into every gem that has issues working with protected_attributes, upgrading to use strong parameters is an option that should be best long term and in this case for the short term.

I had originally thought the admin area could be ignored but it appears passing raw parameters blows up. So the main task was to edit every controller with a create or update action. In most cases I created a prvate method called allowed_params like the following:

def update
  @address = current_user.addresses.new(allowed_params) 
  #...      
end      

private

def allowed_params
  params.require(:address).permit(:first_name, :last_name...)
end

I had two gotchas. First nested forms were not always working. I don't know the exact issue but luckily this only effected forms in the admin area. Given that it was just the admin my work-around was to use:

private

def allowed_params
  params.require(:address).permit!
end

Yes I did try the examples for nested forms but that didn't work out of the box in my case.

The second Gotchas was forgetting about my custom setters. For example a Purchase order form has a "receive_po" field that the receive_po method handles. I had to remember all teh use cases where forms used custom setters and put those params within the permitted params.

This was/is tedious work but generally the process was pretty quick.

GEM Upgrades

Some gems that needed to be upgraded were compass, database_cleaner, friendly_id, sass-rails and ZenTest.

 gem 'compass-rails', :git => 'git://github.com/milgner/compass-rails.git', :branch => 'rails4'

 gem 'database_cleaner', :git => 'git@github.com:bmabey/database_cleaner.git'

 gem "friendly_id", :git => "git@github.com:FriendlyId/friendly_id.git", :branch => 'rails4'

 gem 'sass-rails',   '~> 4.0.0.beta1'

 gem "ZenTest", '4.9.1'    

Deprecation Warnings

Wow I can not explain the number of deprecation warning I had at first. Most were straight forward to address.

First it was obvious authlogic and awesome_nested_set had issues. Luckily I found two pull requests that addressed the issues. I simply added the following to my gem file:

gem 'awesome_nested_set', :git => "git@github.com:cschramm/awesome_nested_set.git", :branch => 'rails4'

gem 'authlogic', :git => 'git@github.com:christophemaximin/authlogic.git', :branch => 'fix_deprecated_with_scope'

These solutions looked simple enough and will probably be added to the gems soon enough.

---

Next up were Deprecation Warnings internal to the ror_ecommerce app. Luckily these were pretty straight forward to address. I need to give credit to the rails core team for explaining the solution to the issues within the warning log. Just following those instruction was pretty straight forward.

One warning I didn't expect had to do with a reg-ex I had.

 The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?

This is a security threat having to do with using a reg-ex that allows multiple lines in a field and hence add "something bad" like javascript. Very interesting... I'm glad to see the rails team protecting me from myself. Thanks. To read more take a look at this article: http://homakov.blogspot.co.uk/2012/05/saferweb-injects-in-various-ruby.html

Conclusion

The upgrade process did take some time but was pretty straight forward. I recommend upgrading to any app in production within a month of the final rails 4 release. This was not the same headache that upgrading from Rails 2 to Rails 3 was.

Also the forced security model with strong parameters might make beginners have a larger learning curve but it REALLY is great for enforcing security. I was not a believer until I started applying the upgrade.

GREAT job to everyone that contributed to Rails 4!

I love writing open source code. The Ruby community is great because its open source community. It gives me the ability to write code without a deadline. It also allows me to write on a codebase I generally like. Sure there will always be pain points in any code base. After two years you should always look back and say,

Why did I do that?

All being said, sometimes it feels very un-appreciated. Yesterday, I had a request to fix a feature that is optional and honestly not used by many people. (If people are using it they fixed the issue with one line of code) So anyway, I get the request and the email comes across as... YOU BETTER FIX THIS OR ELSE!

My first thought was... Well I bet you can guess. I then stopped and gathered myself. At the end of the day this person probably was under a deadline and didn't know what to do. Instead of looking into the problem, they probably got frustrated and sent an email.

The fix was simple and I completed in less than 10 minutes. Verifying the fix setting up the environment took much longer than the fix itself. All this being said, next time you ask someone to fix a problem, try to put yourself in their shoes.

If it is open source code the person may have never been paid to write the code. The person you are requesting to do work is probably very busy. Your wording should be appreciative. Also after the fix, say thank you. It really does mean a lot. I've been guilty of this but I sincerely try my best.

All being said, I love feedback on my projects. Even if it does point out a bug. The way you word things does mean all the difference.

So I've been in e-commerce for a few years now. My intent has been multi-fold but I've realized I have not told the world my intent.

1. Wanted to make a better e-commerce solution than Spree
2. Find a business Partner
3. I was looking to raise my billing rate

I'd say that is the correct order. When I started this project I was using Spree on a daily basis for my daytime job. At the time Spree was very bad to work with. I have not used it recently so I can't tell you how good or bad it is these days. I still believe it's concept is fundamentally flawed but it is much better than it was when I was using it. BTW: I say fundamentally flawed because if they make a design flaw they can't back the change out without causing serious breakage with current users.

My second intent was to find business partners. Although many people have stepped up for several reasons none could perform there end of the bargain. Ironically none actually supplied Product to sell. I've been in business with 4 companies. One for over a year. None could supply any product. One actually has product now but that happened about 20 months after I left. 20 months to supply product is not acceptable in my opinion. Another company looks like it should have their product ready soon but I felt they were close to delivering product for almost a year now.

Finally, an indirect consequence of building a large open project was that my billing rate went up. I wasn't even thinking about this until after I released the software but I will admit, it is a welcomed consequence. =)

So Now...

So now my number one intent has changed to finding the best product/sales partner I can find. I'd say their Product Sourcing and "eye for good product" is the most important quality. Without product sales isn't really needed. I really do want a person that understands sales and marketing but this is also an area I can bring something to the table so it isn't the main quality I am looking for.

Please send me an email directly drhenner at ror-e.com. Or click "contact us" link to the right. I'm in SF currently and I'm guessing there are a lot of people with the talent I am looking for here.

Its been about two year since ror_ecommerce has been open sourced. Since then I've had the joy of helping and getting help from many developers and business folks. Luckily the biggest near-term challenge is determining when we call ror_ecommerce 2.0. Given that the software changes in small pieces no single change will be large enough to label as 2.0. Adding a major amount of documentation might actually be the trigger more than just software itself.

Currently, the software is solidifying and instead of feature building the focus is on cleaning older code up. Fortunately many of the models have 50 or 60 lines of documentation before you start diving into real code. Unfortunately that documentation is not picked up by the YARDocs. I've found having the docs live in the code is most likely the best way to document everything. However the goal is to eventually have a documentation page much like stripe's documents. It won't be easy to maintain but the payoff for developers will most certainly be worth it.

The current things on the top of the ToDo list include:

• Documentation
• Referrals
• Reports
• Cleaning up the code
• Making a multi-tenant version of ror-e

Don't forget to check out the demo.

• Username = test@ror-e.com
• Password = test123

I'd love to hear some feedback about features and the direction of the project. I can't guarantee we will work on your specific "wish" but ask and you might be surprised.

I've been working with a lot of CTO's and consultants in the past couple years. One reoccurring trend I find is that success does not align with a great technologist at CTO. That does not mean a CTO should be a bad technologist or that a great CTO can't be a great technologist. However, you can have a great technologist that is a bad CTO.

A CTO's role is to:

• Understand Business goals
• Understand how to get a tech answer:
  • Hire great technologists
  • Understand who has a better answer than yourself
• Know how to say no to good tech and focus on business goals

A great consultant will almost always recommend the latest and greatest technology. Sometimes just so they can play with the latest tech toys. That is great for a consultant but a CTO understands how to say no.

Lets say your whole tech team knows:

• Vanilla jQuery / javascript
• *.erb
• css (without a framework like bootstrap)
• Pivotal Tracker
• mySQL

A consultant might come in and say I can go faster if we use:

• coffee script
• *.haml
• sass (with twitter bootstrap)
• Mingle
• postgres

A good CTO should sit down with the consultant and either pick one thing that adds business value or tell the consultant they are not the right guy for their team. The disruption to change so much to your team's stack might make the consultant more efficient but it comes at the expense of your team's efficiency. It might be that the consult just wants to bill you while learning one of these technologies also. Hence, it could be a lose lose situation.

Picking a consultant means picking a guy that will not add so much complexity that it kills your current team. Consultants can be great at explaining to tech value to any new technology. A CTO needs to be able to explain the short and long term business value.

All this being said the same consultant that is bad for your business today, might be great for your business after you have updated your tech stack in the future.

---

Don't hand your first Tech guy the CTO role!

Another thing I see is that the first tech guy on a team is given the CTO role. Please, PLEASE, For the love of god PLEASE STOP!!! This might turn out to be a good thing but do you really know if it is a good choice? Probably not! Hire a guy and promote if they deserve the CTO role. If they can't deal with other developers or don't deliver then you have a chance to hire someone that does deserve the position.

Unfortunately there isn't a position above CTO. That first hire might be perfect as a developer but not as the CTO. So please hire wisely. Good Luck!

I'll keep this post short. Version 1.2 of ror_ecommerce has been released.

This version highlights a brand new look and feel to the admin area. This work was spearheaded by Dean Perry. If you have not heard of Zurb Foundation you really need to take a look at it. All I have to say is Twitter bootstrap "eat your heart out." The admin work took several months so a double thank you to Dean is deserved!

There were also several bug fixes in this version.

Soon more additions in Translations, documentation and easier use of things like Stripe and FeeFighters Samurai will be added.