Matt Woodward's Blog

That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.
Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.
At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.
The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass…

However, every once in a while, you work on a project
where you probably think to yourself, "Why am I doing all this work?" The
project you're working on contains very simple bits of data or data that's
difficult to predict — you might get different data fields on
different days or even from transaction to transaction. If you were to
create a schema to predict what's coming down the pike at you, you'd end
up with tables that have lots of empty fields or lots of mapping tables.

via ibm.com
This is an excellent intro to CouchDB even if you aren't a PHP developer.

via alan.blog-city.com
Hot off the engineering presses from the OpenBD project is the new browser-based OpenBD debugger. The debugger is an OpenBD plugin so like all plugins, you simply drop a JAR file in your WEB-INF/lib directory and it's installed. No arduous configuration, just drop the JAR into your project and you're debugging. Best of all, it's completely free.
The debugger has all the features you'd expect in a debugger, such as being able to set breakpoints, step over/step through, break on exceptions if you so choose, and the ability to inspect the state of all your variables while your code is running. Fantastic stuff. Watch the video to see how slick this is.
What I really love about the debugger, in addition to how dead simple it is to get up and running, is how familiar it will be to CFML developers. You don't have to go digging around in tiny little Windows inside Eclipse to see what's going on in your code, you see everything in a browser window, a…

# This awk script takes a Microsoft IIS Web server log file in the default format
# and converts it into NCSA common format.

via alan-ng.net
Very handy and very fast. I used this to convert some IIS logs for load testing since JMeter doesn't like the default IIS log format.

Peter Farrell and I are working on our "Living in the Cloud: CFML Applications on Google App Engine" presentation for cf.Objective(), and we'd love to include a mention of any sites out in the wild that are using OpenBD on GAE. So if you're using OpenBD on GAE for production sites or even just some experimentation with all the cool possibilities available on GAE, please let me know! You can leave a comment here or send an email to matt at mattwoodward dot com. Thanks!

I'm getting a RackSpace Cloud server set up for a side project, and when trying to install Java on Ubuntu Server and I was getting the following error:

./install.sfx.3763: not found
Since I'm not the one who ordered the cloud server I wasn't sure if it was 32- or 64-bit, but given the modest amount of RAM we're allocating I was guessing it was 32-bit. Turns out I was wrong. I decided to try the 64-bit Java installer and it worked fine.So if you get the mysterious install.sfx error when installing Java you're probably using the installer for the wrong architecture. Grab the "other" installer for your situation and it'll likely solve the problem. I guess you could also ask the person who ordered the server whether it's 32- or 64-bit, but where's the adventure in that?

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it. But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

via h-online.com
Excellent interview with Eben Moglen about the state of freedom in the age of social networking. Make sure to read the second page too--there are some surprisingly revolutionary (and simple!) ideas about how to turn the current situation on its head so we can get the benefit of social networking without giving up so much control and freedom.

via openplug.org
Came across this in another article I'll blog about in a bit--amazingly cool.

I'm having trouble getting SpringSource Tool Suite to compile and deploy a Java class located in a Grails project's src/java directory when I run the application from within STS. This is particularly odd given that I have a ServletFilter in this same location (albeit a different package) that gets compiled just fine, so I decided to dig into things a bit and figure out where STS deploys projects when you do grails run-app. This way I could at least see whether or not the class was getting deployed and if my class not found exceptions were related to some other issue. Turns out if you watch the console as the app launches you get a big clue. Well, the answer actually. I'm on Ubuntu so in my case, my project was deployed to /home/mwoodward/.grails/1.2.1/projects/PROJECT_NAME/resources, so I poked around in there to discover that it even creates the package for my Java class but alas, there's no compiled class in the package. At least I confirmed I'm not losing my min…

A new site launches today aiming to be the definitive resource for developers who want to run Apache Tomcat in large scale production environments. Sponsored by SpringSource, tomcatexpert.com will provide a central point for the Tomcat community.

via java.dzone.com
Just launched today but given that it's being sponsored by SpringSource, I'm sure this will evolve into a fantastic resource very quickly.

In addition to the CronPlugin there are a couple more additions to Open BlueDragon this weekend: a SpellCheck Plugin, and a RenderInclude() function. As you might guess from the name, the SpellCheck Plugin allows you to check the spelling of text from within your CFML applications. It ships with an American English dictionary, but you can register your own dictionaries in either OpenOffice format, Mozilla XPI format, or use a simple array of words. Usage couldn't be simpler:

<cfscript>
textToCheck = "Pleze chek mi speling.";
results = SpellCheck(textToCheck, "english-us");
</cfscript>
SpellCheck() takes the text to check and the dictionary (or multiple dictionaries) against which to check the text, and it returns an array of structs with these keys:
originalWord - the misspelled wordpositionIndex - the position of the first character of the misspelled word in the string being checkedsuggestedWords - an array of strings that are suggested corrections for t…

From OpenBD




Jump to: navigation, search
Category:CronPlugin

The CronPlugin makes the management and scheduling of tasks much easier within OpenBD.
Inspired from the simplicity of the /etc/cron.d/ subdirectories, this plugin brings the ease of that method to the CFML developer by allowing them to simply drop files into pre-defined folders that will be automatically run, without needing to wrestle with external scheduling jobs or CFSCHEDULE.
The plugin will automatically create the necessary directories if they do not already exist. You set this directory by making a call to CronSetDirectory(). This directory location will persist over server restarts.

For example making a call with:
CronSetDirectory("/cron.d")

will create the following directory structure within the web app directory.

/<webapp>/
/<webapp>/cron.d/cron.5min/
/cron.15min/
/cron.hourly/
/cron.daily/
/cron.weekly/
/cron.monthly/


After…

via groovymag.com
The March edition of GroovyMag is available and includes an article I wrote entitled "Grails for Switchers," which is my account of what I learned while first learning Grails.
If you're at all interested in Groovy or Grails you need to subscribe to GroovyMag. It's a great way to learn more about Groovy and Grails and keep up with what's going on in the Groovy/Grails community.