Your browser is no longer supported! Please upgrade your web browser now.
Posts by Barry Hess:

Communicating Effectively With A Team Located Around The Globe

Though Harvest Headquarters are located in New York City, a few members of the team are located in different parts of the world, across the U.S. and Europe. Over the years, we have learned a thing or two about communicating efficiently over time and space. These tips are likely to be appropriate for all teams using electronic communication, but their value is magnified when drop-ins and phone calls are not an option. Continue reading…

Harvest on the command line: hcl

Last week we received an awesome email OpenSourcery‘s Alex Kroman. One of OpenSourcery’s Rails engineers, Zack Hobson, put together an addictive new way to interact with us: the Harvest command line (hcl).

If you are a command line junkie, hcl will be the sweetest Harvest high you have ever experienced. Check out some of the available commands.

Set up a project/task alias:

$ hcl tasks
1234 5678   The King Misc Miracles
1234 9876   Westley Resurrection
$ hcl set task.westley 1234 9876

Start a timer with a note using an alias:

$ hcl start westley resurrecting a mostly dead pirate

Start a timer without an alias:

hcl start 1234 5678 packing boxes after King's son fired me

Add notes to a running task:

$ hcl note Meeting about the greatness of true love.
$ hcl note Though it's not as great as a nice MLT.

Check out the GitHub repository for hcl for more details!

FutureRuby: A Programming Conference with Breadth

Just over a week ago I attended FutureRuby in Toronto, Ontario, Canada. From the single track of talks to the significant-other program to the unique post-conference parties, I have never participated in a better conference. I was especially pleased that four talks were being presented by Harvest customers.

The breadth of discussion at FutureRuby was incredible. If you are able to find a similarly diverse field of talks in a conference remotely near your area of expertise, I highly recommend it. You will be surprised to find how easily you can relate disparate topics to your career.

A quick rundown of presentations by Harvest customers after the jump.

Continue reading…

Ruby Denial of Service patch breaks BigDecimal to_f method

Harvest is built on the Ruby on Rails web framework, as such we constantly monitor for security issues with the framework and the language itself. A Ruby Denial of Service (DoS) vulnerability was announced almost 24 hours ago. The security of Harvest accounts is our top priority. All Harvest services were upgraded quickly to close this security hole.

Dee Zsombor, one of the Harvest’s prime hackers, uncovered further issues with the fixed Ruby version 1.8.7, which is patch level 173. This upgrade includes a flawed BigDecimal#to_f coercion method:

=> 10.3

We are fairly confident Harvest users are not interested in this bizzaro-world version of rounding.

If you are running a Rails application and you have applied the Ruby 1.8.7 DoS patch, we’ve got the fix for you. Place the following hack in your environment.rb file (or an initializer if you prefer):

if BigDecimal("10.03").to_f != 10.03
 class BigDecimal
   def to_f

If your interpreter is broken like ours was, this will cure what ails it. Big thanks to Dee for writing up this fix.

Be Defensive When Developing Against the Twitter API

Our humble apologies for yesterday’s hiccup, which saw thousands of Twitter expense and time entries duplicated in Harvest accounts which were linked to Twitter. We most regret the thousands of emails we delivered to your inboxes. The good news is that all duplicate entries have been rolled back and things are back in order.

Our code depended on Twitter’s API to filter out direct messages that had already been processed by Harvest. As of yesterday afternoon, we no longer depend on Twitter’s filtering options. Going forward, this type of failure in Twitter’s API will not impact Harvest users.

For those who are technical and curious, we’ve decided to get into the details a bit and let you know how it happened, and how we’re preventing it from happening in the future.

Continue reading…