Less Everything Blog - Code

Patch your rubies

2008-06-25T18:54:00Z

You probably have heard by now that there are some security issues with all the versions of Ruby and that you should upgrade your Ruby to get the fixes. The holes mainly involve buffer overruns and a particularly nasty vulnerability that only affects non-Unix based operating system. These effect Ruby versions 1.8.5, 1.8.6, 1.8.7 and 1.9.0. (Since I only use 1.8.6, that’s all I’ll talk about here.) The solution is to update 1.8.6 to version 1.8.6-230. Unfortunately p230 breaks rails and almost everything else running ruby. So what is a boy to do? Well Hong Li has come to the rescue. He has back ported the changes to p111 so the rest of us can apply his patch and secure our 1.8.6 machines at p111. The fix involves downloading Ruby 1.8.6-111, patching the source, compiling ruby and restarting your apps.

Here is how you do it:

Run the following commands:


> wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p111.tar.gz
> tar zxvf ruby-1.8.6-p111.tar.gz
> cd ruby-1.8.6-p111
> wget http://blog.phusion.nl/assets/r8ee-security-patch-20080623.txt
> patch -i r8ee-security-patch-20080623.txt
> ./configure
> make
> sudo make install

Restart you mongrels and any other Ruby applications.

Notes:

While patching I would get the following:


index 410cc6f..c8278b7 100644
|--- a/lib/webrick/httpservlet/filehandler.rb
|+++ b/lib/webrick/httpservlet/filehandler.rb
--------------------------
File to patch:

* Just give it this path: lib/webrick/httpservlet/filehandler.rb

Sometimes the sudo make install would fail with an error:
```
/bin/sh: ./miniruby: No such file or directory
```
* Just run “make clean” and then ./configure, make, sudo make install again.

_{Thanks to Wilson Bilkovich for pointing me in the direction of Hong Li’s patch.}

Converting tzinfo from rails 2.0 to 2.1

2008-06-09T12:48:00Z

For those of you cool enough to have time zone support in your pre-rails 2.1 app, here is how you can convert the tzinfo stuff to the new way.

In you environment.rb, change config.active_record.default_timezone = :utc to config.time_zone = ‘UTC’.
In your application.rb change the set_timezone around filter to a before filter. Make sure it is called after there is a valid user.
- In that filter, you probably have two paths, one for a user and one for no user. Change the user line from TzTime.zone = user.tz to Time.zone = user.tz. Remove the other path, it’s no longer necessary.
In your users model you can remove the line that used to say: composed_of :tz, :class_name => ‘TZInfo::Timezone’, :mapping => %w( time_zone time_zone ).
- Just make sure the column that holds the time_zone info is called “time_zone.”
Remember the helper method called “tz” which converts the times in columns to the user’s time? Remove it, this happens automatically now.
Delete the tz* plugins.
If you had something like this in your view: <= time_zone_select ‘person’, :time_zone, TZInfo::Timezone.us_zones, :model => TZInfo::Timezone %> change it to <= time_zone_select ‘person’, :time_zone, TimeZone.us_zones %>.
Trevor Turk has created a nice little script that will migrate your existing users’ time zone data to the new format. (The string that holds the time zone data has changed in the new version, so we have to map the old strings to the new.)
- You will want to use the PseudoCursors plugin or the WIll Paginate pagination stuff instead of User.find.all.each so you don’t kill your server when running this migration.
- Thanks Trevor!

<strike> h2. One unresolved problem: If you used something like the previous helper method to display the drop down of time choices you find that what is returned in the new list is significantly shorter, and they all have different values. E.G. in the old list you would find things like: “America/New_York,” “Africa/Ndjamena,” and “Etc/GMT-7” but in the new list the items are like this: “Eastern Time (US & Canada),” “Nairobi,” and “Wellington.” The problem is that we need to convert the values in our production apps to the new values. I haven’t figured out a way to do this yet. If you open script/console in a < 2.1 app you can find the old values are generated via: TZInfo::Timezone.get(TZInfo::Timezone.all_identifiers[0]), which returns the first time zone. The to_s and name methods are what get called on the object to create the value and text for the options. In a 2.1 app, TimeZone.all[7] is what get called to find the 8th time zone. (to_s and name are still what get called.) I haven’t yet figured out how to map the old to the new, assuming there is a way. If someone figures this out, please post in the comments and I’ll update this post. </strike>

One last bit of coolness.

The new method of doing time zones even works when rendering values from the model. So on those rare times when you need to render HTML from the model (like if you’re sending HTML via XMPP) you don’t have to jump through any hoops to make that happen.

Where do the hottest rails programmers sleep?

2008-05-20T20:05:00Z

Working With Rails is a community site for rails developers. We all put our stats there (to some greater or lesser degree). When I come across someone new I go to WWR to see their info. One of the cool things on the WWR site is the Top 100 Popular list. This is a source of amusement for those of us in the community. If you look at the list, you will see that I am currently number 42 and Allan is number 61.

I’ve always wondered which are the hottest cities for rails development. Surely the answer is Chicago, because David (1) lives there, but the other cities? San Fransisco, Seattle, San Diego, Jacksonville? Jacksonville? Yes, Jacksonville. We decided to find out, so we created Rails Cities.

This one page site looks at the WWR Popular page and sorts it based on city. The cities are ranked based on the number of people who are on the popular list. If two cities are tied, the lowest cumulative ranking bewteen the the two cities wins. Looking at the list it becomes apparent that many on this list do not keep their address current, hopefully they will now.

We get the data and regenerate the page every night. That’s it. Enjoy it.

Oh, and where does Jacksonville place? Currently number five; behind Chicago.

WeAllHateQuickbooks.com

2008-04-22T13:21:00Z

Here's a screencast of the css trickery from our newest app WeAllHateQuickbooks.com
Link to Screencast

The app scans Twitter.com for the word "Quickbooks" and displays the tweet.

How to convince developers to test.

2008-04-17T14:19:00Z

I was sent an email from a colleague asking about our testing philosophy and how we would get a developer to take a test driven development approach to writing code.

Here was his question:

Do you guys approach development with TDD/BDD?

If so, do you ever have any issues with developers slipping back into the ‘traditional’ modes of development? i.e. “Who needs these tests.. I’ll fix it if its broken”. Obviously, TDD is a concept where all involved really need to buy in – but it takes discipline. I was wondering if you guys simply run rcov now and again to check for coverage, review code periodically etc..

My response:

Everyone at Less breathes tests. We love them. In my experience the easiest way to make a developer fall in love with testing is to have them write tests on their own code. Assuming they know how to write tests, they will find bugs in their own code. Some mentoring may be required to teach proper testing.

If someone said to me “Who needs these tests. I’ll fix it if its broken”. I would reply, “It is broken right now. You just haven’t found the bugs yet.” If I was asked that question again I would start thinking that maybe that person isn’t such a good fit for Less. If finding their own bugs wasn’t inspiring enough, I would start thinking that maybe that person isn’t such a good fit for Less.

From our perspective a buggy app is not done, so we will keep fixing the bugs until the app is right. If your developer has already used up the budget writing the buggy code, then you, as the owner, are paying for the bug fixes. Writing tests either before, or while the code is being written ends up being faster and cheaper because when you ship you are done. Otherwise you can’t have a proper budget for a project and you are likely loosing out.

We use rcov to see if there is a test we are missing. There usually is one or two so we fill in the blanks. But we rarely get 100% coverage. 100% coverage feels good, but it does not mean the app is well tested, just well covered. Also, rcov only provides C0 coverage, so it can be fooled into reporting something is covered when it is not. (Does anyone know a C1 or C2 tool for Rails?)

Code reviewing is actually very hard to do well. I admit that I am not the best at doing code review, so we don’t use it a lot. Code review is very good for making sure the code is good in general terms. Checking for obvious things, are finders being scoped or is security being applied properly. But reviewing the code diff between revision 737 and 738 may be tricky enough that you approve something that has a new bug in it.

Rails Tip: Always Scope Your Finders

2008-04-10T16:06:00Z

It is easy to open a security hole in your Rails application. Fortunately, by scoping your finders, it is also easy to write your code without opening it.

Here is an example. Let’s say you have a expense tracking application and the url is /expenses/151. Obviously this calls the expenses controller with a params[:id] = 151.


#bad:
def show
  @expense = Expenses.find(params[:id])
end

#good:
#@user is the logged on user.
def show
  @expense = @user.expenses.find(params[:id])
end

The scoped finders actually add the proper where clause to the sql. It happens automatically. Without scoping the expense finder, anyone can see anyone else’s data. Generally you will want to set this up as a before filter.

This also works for nested routes. Let’s say the url is /invoices/25/line_items/87:

class LineItemsController < ApplicationController
  before_filter :setup
#snip many lines

  protected
  def setup
    @invoice = @user.invoices.find(params[:invoice_id]) unless params[:invoice_id].blank?
    @line_item = @invoice.blank? ? @user.line_items.find(params[:id]) : @invoices.line_items.find(params[:id])
  end
end

You don’t have to use the @user variable. In Less Accounting we use sub-domains for each business. Since each business may have several users, all the controllers are scoped around the @business variable, which is determined by the sub-domain of the url. The @business variable itself is scoped by the @user variable.

Redirect from www to non-www using Nginx

2008-04-09T12:14:00Z

Let’s say you want to redirect users from the www sub-domain of your website to direct access via the non-sub-domain url. Nginx makes it really easy to do.

Just add this to your server{} block:

if ($host != 'your_domain.com' ) {
    rewrite  ^/(.*)$  http://your_domain.com/$1  permanent;
 }

This actually will redirect any sub-domain to the non-sub-domain url.

But what if, like Less Accounting, your site has user accounts for sub-domains or you have other valid sub-domains, but you still want to get users away from www?

Just add this to your server{} block:

if ($host = 'www.your_domain.com' ) {
    rewrite  ^/(.*)$  http://your_domain.com/$1  permanent;
 }

Git HOWTO Start a new project based on an other project

2008-04-04T17:52:00Z

In my previous article we talked about how to use git and github. In this article we’ll talk about how to make a project that is based on another project.

The scenario: There is an existing open source project that you would like to use as the starting point for your new killer web 2.1 website. You are the bomb. I’m going to use one of my existing open source projects so you can all play along at home.

Note:

If you haven’t read the previous article, please go do so now.
This assumes that you are using github. (I still have some invites, so if you’d like one, just send me a note).
You are using git 1.5.4 or greater on your local machine. (git—version)

Here we go

Go to github and create a new repo.
- Make sure you follow the instructions, doing the local git init through the git push origin master.
- You now have a fresh repo for you new fancy almost funded web 2.2 website. You are the man.
git remote add stevenbristol git://github.com/stevenbristol/lovd-by-less.git
- Now you have two remotes. One to your origin and one to the lovd-by-less master.
git pull stevenbristol master
- this gets the lovd-by-less source and puts it into your local directory.
git push
- This will push your changes to your master.
- What!? I didn’t commit anything, what’s going on here? When you did the remote pull, the files are automatically comited.
git fetch stevenbristol
- Git magic is happening right now.
git branch stevenbristol stevenbristol/master
- This creates a tracking branch.
git branch
- See all of your branches.
git remote
- See all of your remotes.
git checkout stevenbristol
git pull
- Nothing to pull because there have been no changes since the previous pull (step 3).
- Notice that we didn’t have to specify which remote to pull from, as we would have if this had been a normal branch created with git branch -b.
git checkout master
- Back to your master.
- Now you can git (sic) to work building your ultimate about to be tech crunched web 2.3 website. Everyone is jealous of you. And you love it.

Thanks to Josh Owens who keeps answering my git questions and made this post possible.

Git got gooder. Textmate Support!!

2008-04-04T13:08:00Z

You all know how to use git, and now there is a Textmate bundle to make git even easier to use. Go here and follow the instructions. That’s all. Enjoy,

New Rails Envy Podcast is out -- Starring Me!

2008-03-26T13:46:00Z

Go to http://www.railsenvy.com/ to hear the latest episode of this great podcast. This week I was a guest host.

Passisizzle FTW!

Got Git? HOWTO git and github

2008-03-25T13:19:00Z

Background:

Last week we released the open source social network Lovd By Less. Almost immediately we had requests for people wanting to add code back into Lovd. Lovd had been housed in a private svn repository and distributed via a zip file. This was really good for me, but not so for people that want to take the current version, build on it and later merge whatever newer version of Lovd is available into their app. Although I hadn’t yet tried git I knew that it made this sort of branching a lot easier than subversion, so I decided to try it.

Getting started with Github:

Github is the new cool git repository website (social network for geeks). I asked a friend for an invite and got started. Creating a github account and repository is really easy. The instructions are well laid out. The last step is to export your svn repo into the git directory and then commit and push. I’ve been told that if anyone needs a git invite to let me know and I’ll be given invites to send out. So let me know.

Now what?

So now I had my git repo setup on github and I started sending out the repo’s public address. And before I know it I had my first patch. Now what? I read Dr. Nic’s blog post about git when it came out, so I went back and read it again. After reading a few times I realized two things: (1) That git is very complicated and (2) Dr. Nic is a way bigger StarWars geek than I ever gave him credit for. I called my friend Josh Owens (of the Web 2.0 Show) and asked for some help. Josh talked me through my first merge and push, but I still didn’t quite get it. The next day I was trying to merge another patch (branch) and since Josh wasn’t around I went into #github where Tom Preston-Werner (mojombo) helped sort me out quite a bit.

Disclaimer:

I am still new at git so I may have things wrong, so if you find an error or omission, please say so in the comments.

Git explained (I think):

Understatement: Git is very different from Subversion. Git is a distributed source control system, which means you can work disconnected from the main repo (branch) and still commit. But you commit to your local repo (branch). The basic flow is (some crucial steps have been left out for now. I’ll fill those in later. Don’t use the following as a step by step guide, that comes later):

git clone. This basically tells your local git to go out an pull the files from the server.
Make your changes.
git commit. This commits your files to your LOCAL repository, not the one on the server.
git push. This “pushes” you committed changes up to the server.

OK, so far so good. This feels a lot like svn. So much that it’s time to get overconfident and think we get git. But we don’t. And our confidence is about to be shaken like a dry martini.

But I have my own repo and people are trying to commit to me. What do I do, how does that work?

You are the master:

In git everything revolves around branches (github calls them forks¹). When you create a git repo, that main branch is called “master.” Your master branch is kind of like what trunk is in svn. When someone wants to fork/branch your master, they go to your page in github and click the fork button. Now they have a fork/branch of your master branch. When they are ready for you to check out their changes and merge theirs back into your master they’ll send you a message via git hub. You’ll get this message in your inbox and have no idea what to do with it. Cool.

The first thing to notice is that the url for their branch looks a lot like the url to your master. My “public clone url” is git://github.com/stevenbristol/lovd-by-less.git. Dr. Nic’s looks like this: git://github.com/drnic/lovd-by-less.git. The similarities matter.

To get Dr. Nic’s branch and merge it into my master I do the following (let’s assume I have my master cloned to /lovd):

NOTE: Put the contents of this pastie in the top of your ~/.bash_profile file to see which branch you are currently working in. This is demonstrated in the examples below. The part in parens is the branch. (Another version of the same thing.) (After changing your ~/.bash_profile file you’ll either have to restart terminal or source the file to see the changes.)

/luvd(master) $ git remote add drnic git://github.com/drnic/lovd-by-less.git
/luvd(master) $ git pull
/luvd(master) $ git checkout -b drnic/master
/luvd(drnic/master) $ git pull drnic master
[look at the files, rake, test, etc]
/luvd(drnic/master) $ git status
/luvd(drnic/master) $ git checkout master
/luvd(master) $ git merge drnic/master
/luvd(master) $ git status
/luvd(master) $ git commit -a
/luvd(master) $ git push

Step 1 tells my local git repo to add a new remote repository. This means that the same repo can pull and push to two different server². There is nothing analogous in svn. The syntax is “git remote add {name} {url}.” I am naming this remote “drnic,” because I am going to pull his branch.
Step 2 simply pulls my local master. This is like doing an svn up. I do this because I gave commit rights to someone else and I want to make sure I have the latest changes in my local master. Step 4 also does a pull, but there we have to specify where we are pulling from. Here it defaults to the “origin,” which is my git master on github.
Step 3 is a bit confusing because I am not doing anything like an svn checkout. A git checkout basically changes the branch I am working with. The -b switch means to create the new branch³. Notice that in steps 1 -3 I was in branch master (master) but after I “git checkout drnic/master” I am in branch drnic/master (drnic/master⁴). Get ready: Rather than have each branch in a different directory on the file system, all the branches live in the same directory. What? Exactly. Try this: Open Textmate and open a file that you know has changed between the two branches. Now go in to terminal and “git checkout {other branch}.” Go back to Textmate and notice that the file did actually change. What? Exactly. Isn’t this cool? But it means you must use the .bash_profile hack to know what branch you’re working in. Other wise you will go crazy. You can also do “git branch” which will tell you what branches are available locally and which one you are in.
Step 4 just says pull all of the files from the remote repo named “drnic” (which we created in step 1) and the branch, in this case “master.” Syntax: “git pull {name of remote} {name of branch}.” This is kind of like an svn checkout.
Step 6 shows which files have modifications. If you didn’t change anything then you can go on to step 7, otherwise you might have to git commit to your local branch of drnic’s branch of your master. (Don’t feel bad if you have to reread that a few times :)
Step 7 puts us back in the context of our master branch.
Step 8 merges the local drnic branch into our master branch.
Step 10 commits all unadded files to the local master repo. Unadded? Yes, in git a file with local modifications needs to be added back into the repo for committing. You can do this with “git add {file}” or just git commit all the added and unadded files.
Step 11 pushes your local changes back to your origin (master branch on github). Now other may fork/branch your master and start again. Easy right?

You just want to patch some else’s repo:

This is really simple. Here are the steps:

Go to github and click the “fork” button.
git clone git://github.com/stevenbristol/lovd-by-less.git
cd lovd-by-less
Make your cahnges
git status
git commit -a
git push
go back to git hub and click the “pull request” button.

I’m guessing that by now this is really clear.

Step 1 will create you own fork of the repo where you can make your changes. Click this on the person’s page you want to fork from.
Steps 2-7 you should understand by now. (I hope. :)
Step 8 will send a message to the person notifing them that you have something for them to see. Click this from your repo page.

References:

Notes from Dr. Nic:

¹ Technical not correct. “Within a repository/clone you can have branches. A fork is a clone of a repository. Its a conceptual thing.” He continues, “I could manually create a fork by cloning 1+ branches from a target repository, then push that repository to my own remote repository. At this stage, I’ve theoretically got a remote clone of your remote repo. “Forking” is a nice word for this.” This is how someone can take Lovd, put it in their own private repo, build their app on top of Lovd, and easily get the latest patches from Lovd into their new killer app.

² “A “remote” repo and a “local” repo contain the same information about the commits etc. The difference is that a “local” repo has a checkout of one branch plus a .git folder containing all the commit info. The remote repo just contains the commit etc information, but no checkout (see “git checkout—bare” I think creates a remote repo that you could host on from your laptop’s ~/Sites folder for example.”

³ ””git checkout -b drnic/master” – I tend to use “local/drnic/master” now – using local/ as a namespace to separate it out from any clashes with the remote repo. I think this is different from my original blog post.”

⁴ “The -b switch means to create the new branch, based on the current branch.”

What if it's nil? What if it's method is nil?

2008-03-12T12:37:00Z

Chris Wanstrath wrote a nice little post about a method he created called try(), I thought this was pretty cool, but I really want to be able to specify the return value if the object is nil. Plus, what if I want to use this sweetness on a method? So I wrote two methods to do just that:

class Object
  def if_nil out = nil
    return out if nil?
    self
  end

  def if_method_nil method, out = nil
    return out if nil?
    return send(method) if out.nil?
    return out if respond_to?(method) && send(method).nil?
    send method
  end
end

And here are some tests for them, which illustrate their usage:


  def test_if_nil1
    n = nil
    assert_equal nil, n.if_nil
  end

  def test_if_nil2
    n = 1
    assert_equal 1, n.if_nil
  end

  def test_if_nil3
    n = :yo
    assert_equal :yo, n.if_nil
  end

  def test_if_nil4
    n = nil
    assert_equal 'blah', n.if_nil('blah')
  end

  def test_if_method_nil1
    n = nil
    assert_equal nil, n.if_method_nil(:to_s)
  end

  def test_if_method_nil2
    n = 1
    assert_raise NoMethodError do
      n.if_method_nil :yo
    end
  end

  def test_if_method_nil3
    n = 1
    assert_nothing_raised do
      assert_equal '1', n.if_method_nil( :to_s)
    end
  end

  def test_if_method_nil4
    n = 1
    assert_nothing_raised do
      assert_equal '1', n.if_method_nil( :to_s, 'blah')
    end
  end

  def test_if_method_nil5
    n = nil
    assert_nothing_raised do
      assert_equal 'blah', n.if_method_nil( :to_s, 'blah')
    end
  end

Use attr_protected or we will hack you

2008-03-11T15:47:00Z

A good friend of mine recently asked me to look at his open source project and tell me what I think. While looking through the very nice code I discovered a security hole and promptly created a user account with administrative privileges using one command.

Here is the command:

curl -d “user[login]=hacked&user[is_admin]=true&user[password]=password&user[password_confirmation]=password&user[email]=hacked@by.me” http://url_not_shown/users

That’s right, that’s all it took. Try it. Take this line and point it at your favorite website and see if you can create an admin account.

There are a few easy things anyone can do to prevent this hack. In order of importance:

Use attr_protected.
Don’t use mass assignments for your users table.
Don’t have a users controller.
Split the users table into a users table and a profiles/people table.

At Less we do all four.

Use attr_protected

The attr_protected method in Rails will prevent the fields from being assigned via mass assignment. Here is an example:

Bad:

class User < ActiveRecord::Base
#no attr_protected here
#this will allow the creation of your hacked admin user
end

class Users < ApplicationController
  def create
      @user = User.create params[:user]
  end
end

Good:

#this will not allow the creation of your hacked admin user
class User < ActiveRecord::Base
  attr_protected :is_admin
end

class Users < ApplicationController
  def create
      @user = User.create params[:user]
#user is created, but the is_admin flag is not set
  end
end

Wasn’t that easy? You should all do this.

Don’t use mass assignments for your users table

No where in your code should you allow the users table to use mass assignments. What this means is that when a user account is created, assign each field individually. Here is an example:

Bad:

class Users < ApplicationController
  def create
      @user = User.create params[:user]
  end
end

Good:

class Users < ApplicationController
  def create
      @user = User.new
      @user.login = params[:user][:login]
      @user.password = params[:user][:password]
      @user.password_confirmation = params[:user][:password_confirmation]
      @user.save
#user is created, but the is_admin flag is not set
  end
end

I know what you’re thinking “Steve, that is too many lines of code, can’t we use the built in stuff that Rails gives us to make thing easy?” My wife’s cousin is an Assistant Warden at a prison in Texas. While taking a tour I noticed a sign that says “Security is not convenient.” This is also true for security code. It is more lines of code, it is harder to write, it should fail securely.

If you need to have an admin screen where admins set is_admin on users, then that action should also not use mass assignment and it should be protected so that only users who are already is_admin can access it.

Don’t have a users controller

This one is stupid. Obfuscation is the worst form of security, but combined with the others it is not too bad and worth doing. This will prevent all the script kiddies I just created from attacking your site because they will not know the name of the controller to hit. Of course if they just looked at the url that your signup form submits to they will know. That is why this is the weakest form of security. In fact it’s so weak it’s not really even security.

Split the users table into a users table and a profiles/people table

Keep user settings that the system needs in the untouchable users table and user configurable settings in a separate table called profiles or people or something. Doing this means the only place the users table gets written to is on account creation and if you have an admin screen. The fewer access points you have, the safer you are.

It also means that for profile data, you can use your profiles controller which allows mass assignment and keep the code nice and tight.

Why are you still reading? Go, fix your code right now. My spider is already loose, looking for your rails app.

Go fix it already!!

I've found the holy grail...

2008-03-06T16:21:00Z

IE6 PNG Transparency Fix for Repeating Background Images

****Update: its not actually repeating, its scaling the image which give the appearance of repeating vertically.

This hack is for making transparent pngs, actually transparent in IE6 when used as a repeating background. I'm sure most people have a hack they use for transparent png images in the html for IE6. This isn't another fix for that, again, this is for background images that repeat.

First, put a conditional statement in your head to display this hack when IE6 is used. Inside of this conditional statement you will insert the hack.

filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/images/transparent_bg.png', sizingMethod='scale');

Now, I haven't experimented much with this, with certain images, in certain situations this can give the appearance of a repeating background.

In your normal css sheet it's business as normal, just place the background in the css and have a nice day. Below is an example of the conditional statement and the css hack.

here are some screen captures, notice the "rocks" in the background behind the black background.
Firefox Capture
IE6 Capture


<!--[if IE 6]>
<style>
#IE_blows {
height: 100%; 
filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/images/transparent_bg.png', sizingMethod='scale');}
</style>
<![endif]-->

/* put in normal css sheet */
#IE_blows { 
  background: url(/images/transparent_bg.png) repeat-y;
}
/* put in normal css sheet */

****Update: its not actually repeating, its scaling the image which give the appearance of repeating vertically.

I've found the holy grail...

2008-03-06T16:03:00Z

IE6 PNG Transparency Fix for Repeating Background Images

This hack is for making transparent pngs, actually transparent in IE6 when used as a repeating background. I'm sure most people have a hack they use for transparent png images in the html for IE6. This isn't another fix for that, again, this is for background images that repeat.

First, put a conditional statement in your head to display this hack when IE6 is used. Inside of this conditional statement you will insert the hack.

filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/images/transparent_bg.png', sizingMethod='scale');

Now, I haven't experimented much with this. I haven't tried X and Y repeating, if you do try this, post the results as a comment on this blog post. However it does work great with standard repeating of a background image.

In your normal css sheet it's business as normal, just place the background in the css and have a nice day. Below is an example of the conditional statement and the css hack.


<!--[if IE 6]>
<style>
#IE_blows {
height: 100%; 
filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/images/transparent_bg.png', sizingMethod='scale');}
</style>
<![endif]-->

/* put in normal css sheet */
#IE_blows { 
  background: url(/images/transparent_bg.png) repeat-y;
}
/* put in normal css sheet */