In 2007, we were developing an in-house Ruby on Rails CMS, first named Data Carton. Casein was the codename we used for the framework built with it and since then we’ve been using this for building CMS solutions for many of our clients. It has been re-designed, reworked and undergone many iterations, but we’re now finally at the stage where we would like to share it with interested developers.

We put the codebase on GitHub a few months ago, but because of client projects and other distractions (e.g. Blueprint), we didn’t find time to announce it. So here it is in all of its glory: the Casein framework available as open-source.

Get more information and download at: www.caseincms.com

We host a lot of websites for our clients in various data centres around the world. These of course have state-of-the-art backup systems in place ensuring vital information can be restored in the case of earthquake, fire, civilian uprising or (behold) an act of God.

However we wanted more granularity and control over when and how our client’s data could be restored. A truck crashing into our server racks might be covered, but how easy would it be to rollback the data to this-time-yesterday if valuable content was accidentally deleted or that last “about us” paragraph erroniously edited via the CMS was actually a lot better.

We’ve been working on a solution for the last few days and are proud to launch our Milkmaid Backup technology today! Our new system automatically mirrors and safeguards our client’s data allowing non-fatal, but annoying mistakes to be reversed.

It’s currently in its infancy, but we soon hope to integrate the service into our Data Carton CMS giving clients complete control (think Apple Time Machine, but for websites).

If you have a website solution with us right now, then your data is now just a little bit safer!

We are midway through a large project at the moment. It’s our biggest Ruby on Rails project for a client to date and consists of a front end and an administration area based on our DATA CARTON technology. Early on we faced several organisational conflicts between these two opposing forces.

Our DATA CARTON framework was adverse to settling in directly with its public facing companion, our models (while obviously the same) were actually required to be configured in subtly different ways, and with multiple developers and designers working together, we decided to split them into two applications both pointing at the same database.

While these logical units promised simpler security, cleaner directory structures and more streamlined development, we hadn’t tried this before but decided to just forge ahead anyway. These are the problems we encountered and how we solved them:

1. Logins

Our front end is community-based and all users of the system from newsletter subscribers to administrators share a users table. The first thing we did after pointing our database.yml file at the same database was to try logging in to both applications with the test user we had created. After only a 50% success rate, we traced the problem to our password encryption method that uses a mixture of the user’s password choice, a salt and an application specific key string. Different keys are going to result in different hashes and incompatible authentication routines in the applications. A quick switch to using identical strings and we were successfully creating users and logging-in in all possible combinations.

    def self.encrypt(pass, salt)
        finalString = pass + 'somekey' + salt
        Digest::SHA1.hexdigest(finalString)
    end

2. Sessions

Our next thought was ’sharing sessions would be nice’. Linking administrators directly to the backend from their frontend toolbar without having to login again, passing secret messages back and forth, that sort of thing. Rails offers cookie-only sessions or database based ones. Using the more data-sensitive one is a simple matter of uncommenting these lines from the application’s environment.rb:

    config.action_controller.session_store =
        :active_record_store

Then in the same file (environment.rb) you’ll find your session security key and secret:

    config.action_controller.session = {
        :session_key => 'some_secret_key',
        :secret      => 'some_secret_hash'
    }

Rails generates both of these automatically when creating your application. They are sent with every non-GET request (i.e. PUT, POST, DELETE) to verify your session and protect against cross-site forgery (there’s actually a few fiddly issues with getting in-place edits working while using this method, but I’ll save that for another post).

The important thing here is to again make sure all keys and secrets are consistent across both applications. So pick one and copy it across. Once you’ve synchronised your environment.rb session settings, you’ll need to uncomment and duplicate your session secret from the top of controllers\application.rb too. Now you’re sharing sessions!

	protect_from_forgery :secret => 'some_secret_hash'

3. Subdomains

We quickly realised that our session sharing was not going to be as smooth as first anticipated, as we typically run our client’s backends on an admin subdomain (i.e. http://admin.abcdefg.com) and as cookies don’t take kindly to being requested by subdomains that haven’t sent them, we still didn’t have our single login functionality.

After much brainstorming and hunting around, we eventually found this genius configuration option that (notice the all important ‘.’ prefix) makes the cookie available to all subdomains on a domain. Finally we had truly shared sessions.

    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.
        update( :session_domain => '.abcdefg.com')

4. Migrations / Models / Helpers / Deployment

The remaining issues are ones we are still facing and gradually solving. These tend to be less of a technical matter and more of an organisational one. We’re quickly establishing rules for how we order the migration files, share some models while keeping the security sensitive ones separate, bundling all of our helpers up into libraries and unifying deployment. We’re not quite there yet, but I’ll be sure to share our assumptions and solutions soon.

This article was first published on www.russellquinn.com in January 2008.

We’ve recently increased our team size to match the increased workload and the latest person to join us is Jakob Ingvorsen. Jakob is a Danish designer who has just returned from three years in London and is very excited to be sat pride-of-place in the window, just below our sign. He’s taking to his new role as face of the company extremely well and if you walk down Gothersgade soon, be sure to give him a wave. When the fame gets too much he sneaks off to the meeting room at the back and sketches ideas for fridge magnets:

You’ve all met Xi Chen before, but we’re excited to announce that he recently became a full employee and will be continuing his excellent work on DATA CARTON. Here he is standing proudly in front of the result of an (very) extended design meeting:

Finally, we’ve still been hard at work with DIY at the weekends and here’s the latest results… suspended lighting!

Hello.

Neglecting your website or blog is either the sign of a lackadaisical attitude or the result of being excessively busy. Luckily for us it’s the latter, but it’s still not an excuse and we’re very, very (very) sorry.

We’re currently working ourselves to the bone on projects ranging from super-tech software engineering to painting jagged wooden shapes – just the way we like it. Spoiled Milk is also on the the verge of some rather exciting developments, which will be revealed shortly… possibly accompanied with confetti. Until then we’ll leave you with a photo montage of general affairs:

1. We recently hired a new programmer. His name is Xi Chen and he’s currently working soley on DATA CARTON, which is truly exciting. He’s also very friendly and brings chocolates to meetings:

2. Our recent record cover artwork for Marvel Hill is still attracting attention and was featured in this month’s KBH Magazine (available from most Copenhagen cafés). This will be followed by a small piece in GAFFA sometime in the new year:

3. Our building seems to be CURSED! The latest fire outbreak was inside Casper’s computer. Yes inside! Flames started licking the underneath of his desk one quiet afternoon, without any warning. Luckily killing the power at the main fuse box extinguished the blaze, but we were very nearly all toast! The computer itself has been condemned to a premature grave. Bizarrely Casper was the last to notice and was still working as his machine melted around him:

4. Finally, we’ve spent a few weekends applying our vague knowledge of DIY to the studio and we now have shelving, coloured walls, a glossy door and more! We’re currently scouring local loppemarkeder for a cosy sofa to make all these late nights a little more comfortable:

Speak soon,

Spoiled Milk xx

We’ve devoted some serious development time this week to Data Carton, our new hosted CMS system. The first iteration of the interface has been finalised and it has already progressed from this to something usable:

Project page showing ‘form’ menu and tear-off data type ‘tools’

An example of the automatic code generation

Our new favourite interface design technique may have been born from a temporary lack of writing space in our new studio, but even when we do get around to covering a wall with blackboard paint, coloured card may be here to stay.

Armed only with a box of scrap offcuts and a paper trimmer, we were soon physically laying out screen after screen for Data Carton. Being able to actually reach out and touch your tabs, forms and widgets makes the whole process a lot more tangible, and switching things around when left-should-be-right and right-should-be-left is of course a breeze. Dry-wipe begone!

We’d like to introduce our latest software project in development – Data Carton.

Data Carton is a lightweight, self-hosting CMS system aimed at freelancers and small studios who don’t want to worry about databases or server scripting too much.

Tired of overbearing content management systems with feature overkill and installation requirements? Are you a designer who can cope with XHTML and CSS, but server-side scripting and dynamic content is not your forté? Then Data Carton is your solution. It will let you construct your data layout via an intuitive drag-and-drop interface and then generate the relevant code to copy and paste into the website. The system will also allow the final client to login and modify the data.

1. The feature list will be small.

3. The interface will be lovely.

Please sign up to the mailing list to be kept informed of the project’s progress.