Rails Nokogiri 'document already has a root node'

I'm attempting to master Ruby on Rails for a personal project and I'm not ashamed to say that I'm finding the learning curve rather steep in places.

One such place is in the generation of XML code using a builder. The advice on the web seems to strongly recommend Nokogiri, so this is what I tried to use. I ensured my Gemfile was correctly updated and ran bundle install

However, two main stumbling blocks exposed my Rails ignorance: how to properly call the XML builder from within the Rails controller, and how to cope with the dreaded cryptic 'document already has a root node' error.

The first one must be a common rookie mistake. The scaffold-generated controller had this default respond_to snippet:

respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @thing }
end

It appears what this does is to ask Rails to convert @thing into an XML representation of @thing. This is not what I wanted and it took a while to realise why my XML building code in both thing.xml.erb and thing.xml.builder were being completely ignored.

Fixing it was simple enough, remove the render block so that it reads as:

respond_to do |format|
format.html # new.html.erb
format.xml
end

This will now search for the .erb and .builder files. Time now for my next ignorant mistake.

If you call Nokogiri::XML::Builder from within a .builder file, it will fail with a 'Document already has a root node' error message.

It took me a long time to work out why. I checked my code, I copied the examples on the Nokogiri tutorials, tried various configurations and just could not find the solution. Google searches on "rails3 'document already has a root node'" did not clarify the situation either, with the few hits that showed up remaining unanswered.

Well, the solution is very straightforward: it appears Nokogiri barfs in this manner when you try running in from a .builder file. Move the code to a .erb file, and it should work fine (though you'll need to wrap it all in a %lt;%= %%gt; construct).

Simple when you know how, frustrating and tiring when you don't.

Nokogiri's slogan is: XML is like violence - if it doesn’t solve your problems, you are not using enough of it.

I clearly hadn't been using enough then...

Christmas gift ideas for 2010

Christmas is fast approaching and as usual, we're now starting to think (panic?) about which Xmas presents to buy for our family and friends.

As usual at this time of year, my gliding club has announced a set of trial flight vouchers for consideration as unique Christmas gifts and presents. Whether looking for a special Christmas gift for your girlfriend or boyfriend, or a Xmas present for your husband or wife, please do spend a moment looking at their range.

Merry Xmas everybody!

Creating a Word label in Applescript

In my line of work, I regularly have to send evaluation units out to prospective customers. They email me their address and I then generate a label in Microsoft Word to print off and attach to the envelope/box I'm sending.

As I do this reasonably often, and as I use an Apple Mac, I thought this would be a great excuse for creating an AppleScript program to automate the process for me.

I couldn't find examples of this in the wild, so I include the code as a starting point for anyone attempting something similar.

I've added it as an Entourage script (see image above), but it should also work in other applications just as well.

(*
    Create Word label from selection v1.0

    Created:    2010.09.02
    Modified:    2010.09.02
*)

on run
    
    (* Grab the selected text *)
    
    set theText to ""
    tell current application
        try
            set theText to the selection
            if theText is "" then
                error
            end if
        on error
            display dialog ¬
                "This script works on text selected in a message." buttons {"OK"}
            set theText to ""
        end try
    end tell
    
    (* Launch Word, confirm label positioning and generate label *)
    
    try
        if theText is not "" then
            tell application "Microsoft Word"
                activate
                
                (* Collect label Row & Column data from user and ignore non-numerical entries *)
                
                display dialog "Enter label row:" with title "Label Row" default answer "1" buttons {"Set..."} default button 1 giving up after 5
                try
                    set labelRow to (text returned of result) as number
                on error
                    set labelRow to 1
                end try
                
                display dialog "Enter label column:" with title "Label Column" default answer "1" buttons {"Set..."} default button 1 giving up after 5
                try
                    set labelColumn to (text returned of result) as number
                on error
                    set labelColumn to 1
                end try
                
                (* The magic command and pixie dust... *)
                
                create new mailing label document mailing label object address theText single label yes row labelRow column labelColumn
                
            end tell
        end if
    on error
        display dialog "There was an error creating the label." buttons {"OK"}
    end try
    
end run

Fellow pilot?

I noticed a curious blog entry recently - I guess another glider pilot?

I will keep an eye on them and see if I can work out who they are - it is likely to be another member of the same gliding club I go to. Curious.

Birthday gift ideas

Struggling for a Birthday gift idea or present? Well, if you live near to Cambridge, Bedford, St. Neots, Biggleswade, Huntingdon, Royston or Peterborough - or for that matter, anywhere within Cambridgeshire, Bedfordshire, Huntingdonshire or even Essex, why not try a unique birthday gift idea?

A glider trial flight voucher is being offered at Cambridge Gliding Centre suitable for those who have everything and/or are tricky to buy birthday gifts for.

Cambridge Gliding Centre Open Day

It's that time of year again - Cambridge Gliding Centre is holding an Open Day! This year's open day will be held on the 9th May, 2010.

I didn't make it last year, but this 2010 Open Day looks to be well attended. I'm looking forward it very much and hoping the weather holds out for it.

Certainly not expecting the volcanic ash to disrupt the open day - it's too high to affect us and we certainly don't have the jet engines the commercial airlines have.

Still, it should prove to be a fun event - see you there, perhaps?

Basic aerobatics course

Glider aerobatics course = flying lessons doubleplusgood, if you'll forgive the New-speak!

I've had a whirl at these and I must say they are not as easy as they look: loops, chandelles and other basic aerobatic manoeuvres are covered in this superb basic aerobatics course.

Don't get me wrong, aerobatics are not for every pilot, but they do teach some excellent skills. I can't wait till the next lesson.

Over Carnival

The days are growing longer, which always puts me in a good mood. This year, like a few before it, I'll be going to the Over Carnival, which is held on the 17th of July this year. An unusual name, Over is a small village in Cambridgeshire, with a unique history and community spirit. The Over Carnival is over 20 years old and attracts over 4,000 people!

The village name is rather special. When the police helicopter flies over the village, I always imagine the radio chatter to be "Police kilo yankee, what is your position, over?" and they reply "Over Over, over!".

To be fair, that isn't proper radio etiquette, but I like the joke.

The Over Carnival this year has it's own theme. Find out more at the Over Carnival website.

Father's Day flying gift ideas

Following on from my last post, it appears that the gliding club is doing the same for Father's Day. In other words, will offer a trial flight gift voucher for Father's Day too.

Finding an interesting and thoughtful gift for Father's Day is perhaps easier than for Mum - football tickets, or a nice bottle of wine, perhaps - but surely what he wants most is the chance to fly? Certainly that would be number one on my list, though I'm a pilot. But seriously, almost all fathers will appreciate a trial flight.

Again, I wish them success with this campaign - the more trial flights we have, Father's Day or otherwise, the more revenues we generate, the more members we recruit and generally the more flying we all do. Not bad, eh?

Mother's Day Gift Ideas

I always struggle when it comes to Mothering Sunday - or Mother's Day, as it has become known. Buying my Mum an interesting and thoughtful gift is harder and harder each year - a bunch of flowers and some chocolates just doesn't meet the grade. This is why it was interesting to see my glider flying school offering Mother's Day gift vouchers. This is ideal if your mother is local to Cambridge or Bedford and keen on trying something new - which mine is - but I know that it may not appeal to all mothers.

Still I wish them all the best with this campaign - the more trial flights we have, the better services the club can offer.

In the doghouse: Barclaycard

ATTN: Elaine Mockler, Customer Service Director, Barclaycard

I travel a fair bit for work, racking up considerable expenses all over Europe in the process. A long time ago, a good friend of mine gave me a tip: always use a different credit card for expenses and avoid using your own cards as much as you can. This is excellent advice and has helped keep me sane in many different and trying situations. Like this latest episode with Barclaycard.

For the second time in less than a year, my Barclaycard has been compromised - much to my annoyance and disgust. I am disgusted that my card security can be broken so often and so quickly. Working in Information Security, I am perhaps more careful than most: I encrypt my electronic data whenever and wherever I can, I shred all semi-official and official letters, and I am very careful as to how and when I purchase on-line. Further, I do not share my personal data if I can avoid it, actively opting out of information requests wherever possible.

However, without me breaking the law by faking or hiding my identity, many aspects of my true personal identity are available for all to see. Electoral rolls, birth/marriage/death certificates (the original joiner/mover/leaver lists?), and numerous other widely-accessible databases can be rapidly used to identify exact address, date of birth, and mother's maiden name, for example.

So for a bank just to rely on this exact same data is criminal.

This is how my card was compromised:

1. Somehow my card number and full name were intercepted. How I do not know, but I suspect it could be one or more of the following: dodgy WiFi service, hacked online database, physical swipe at restaurant/hotel, or the bank's internal/outsourced card management division (Indian call-centre perhaps?).
   


2. With this information, an identity profile is quickly assembled, e.g. using the tools and databases mentioned above.
   


3. Fraudster then phones the corresponding bank (easy to identify from the initial Visa card numbers, the first few digits match the specific issuing bank).
   


4. Fraudster then has to answer the address, DoB and Mother's maiden name trio to authenticate themselves.
   


5. Fraudster then can change the victim's address, credit card limit, contact details, etc. Even request a new card, an additional card holder, etc.
   


6. Fraudster then can start shopping online (typical 'cardholder not present' transaction) and have the goods delivered to the new address (which is fake, disused, or otherwise untraceable to the fraudster himself). And yes, it's normally a 'him', rarely a 'her'.
   

The attack would have succeeded were it not for the following. Barclaycard has an automated text message service to advise you of changes of address. This simple little tool allowed me to respond and shut the attack down before the fraudster could complete the scam.

So why is Barclaycard in the doghouse? I should be pleased with this service, right?

Wrong! Let me detail the many reasons...

(By the way, the number in the text message of course did not seem like a typical Barclaycard phone number and I proceeded very carefully to ensure that this was not a different scam, i.e. pretend to be the bank and grab all the data that way. As an aside, many people fall for this scam each year - we are not used to the bank proving they are who they say they are. If they led by example on this, we would not fall for this kind of scam nearly as often.)


The credit card compromise failed this time simply because the fraudster made a mistake. Next time, he'll change the mobile phone number first. Then, later, he will change the address and perform the remaining actions.

Barclaycard do not have an automatic letter or email service to query a change of mobile phone number. This is so very wrong...


Furthermore, after this latest compromise, Barclaycard finally offered me the chance to add a password on to my account. If this had been implemented when the account had been first opened (as I requested), or after my previous card had been compromised, I may feel better disposed towards them. But relying on the publicly known trio of questions (address, DoB, mother's maiden name) is wrong, wrong, wrong!

To add further insult to injury, after setting a password on my account, they sent me a new, replacement card attached to a cover letter. This card apparently needed activating before use, which you do by calling a specific phone number. Whether this call really activates the card or not, I cannot say. I doubt it though, as it actually isn't a service run by Barclaycard, but by a card protection and insurance company trying to sell you credit card and identity theft protection.

The irony is not lost on me.

Of course, this service has to go through the motions of authenticating me, so imagine my surprise when, yes, they only need the new credit card number (supplied on the card and also helpfully printed on the letter as well - why?!?), your name (printed on the letter), your address (yup, on the letter) and your DoB (oh, about 5 seconds to look up online). No account password, and for a change, no mother's maiden name either.

How exactly does this authenticate me as the correct recipient of the credit card?!

And of course, the card's CVC number has been printed in an ink that seems to run sufficiently well to leave a very readable mirror image on the letter itself.

All in all, Barclaycard score a 3/10 for credit card security.

How could they improve? Here are some starting points:

1. Change the authentication mechanisms. Drop the insecure triad and move to something only I (or very few people) would know: name of my first pet, my second car, my first kiss, etc.


2. Never, ever, print the full credit card number in correspondence (use **** **** **** 1234 instead, for example).


3. Never outsource your credit card authentication service. Ever.


4. Send a letter to the old address, a text to the old mobile number, etc. when these contact details are changed


5. Authenticate yourself to your customers - prove that you know a shared secret (a password, but in reverse, for example). Train your customers to expect this every time you contact them. With time, they will grow to expect and demand this - reducing fraud


6. Finally, prosecute these fraudsters. Stop accepting the current levels of fraud and invest more in combating this. It will gain you good publicity and attract/retain customers. And investors.

Apple Tablet - truth or fiction?

Rumours, unofficial leaks, more rumours and possibly even officially-sanctioned leaks from the notoriously tightly managed MarComms engine at Apple.

Do we know what's coming? Not really. We think we do, but the reality is that hype is dominating all facts at the moment, and that is just how Apple likes it. Each article, each blog (yes, just like this one) and each tweet that's issued grows the steadily-building excitement and anticipation, rising into a crescendo just at the time the announcement eventually takes place.

Beautifully done, Apple.

Interestingly, we won't care that much for the details when they finally arrive. We didn't really pay much attention to which CPU supplier the Apple iPhone used, or how long the MacBook Air's batteries would last, or the exact screen size they have. That's not what Apple is selling - it's the whole experience, a mix of genius marketing pizazz and excellent usability. Form and function are taken to a new level each time, and we lap it up.

And rightly so. It's the Apple overall experience that has won the most converts, not the features or technology. This is why Google's Nexus One is being roasted by users and media alike. Nice phone, some nice features, fantastic brand recognition, but somehow lacking in a holistic user experience. It will sell, but it will be tagged as the poor man's iPhone. Ouch.

Curiously, whatever Apple eventually launches, it will be revolutionary - the hype and their attention to detail will make it so. In fact, it may not even be a iTablet, iSlate or iPad, but something different altogether.

What if it were a new laptop, or a new version of Apple TV? Would this tablet hysteria hurt this? Yes and no. Apple probably wouldn't have allowed the hype to grow so out of control if there weren't a tablet in the works, would they? Well, this may prove very difficult to do in reality, other than by the controlled leak method mentioned above - and certainly no such articles have appeared. If they had though, would the madding crowds have noticed? Would the frenzied masses have rebelled when Steve pulled out a completely different object? Pitchforks and flaming torches this way, please...

The real danger is if the new tablet fails to live up to expectations. It is a crowded market, but it is also a market that's crying out for true innovation. The products out there are keyboard-less laptops or overgrown phones (usually ebook readers), or mini-laptops (i.e. netbooks). There is little to write home about, so most hopes are pinned on Apple to revolutionise and dominate this marketplace.

It would be a painful and expensive mistake if they don't reach the heightened mass expectations. Something tells me they will reach and exceed them though. That's what Apple does.

Bronze Exam coming up

I've been reading a number of gliding books recently, preparing for my Bronze Exam. Once I have this, plus pass the skills test and gain the cross-country endorsement, I shall be able to soar away and land-out, sorry, I mean explore the countryside!

I've been doing this at home, but the examination and flying tests will be at the local glider flying school, i.e. Cambridge Gliding Centre.

They are also promoting the idea of buying trial flight gift vouchers for your loved ones. A sort of Valentine's Day gift idea, if you like. Personally, I think I'd just buy one for my own!