Thursday, March 25, 2010

Law Enforcement Appliance Subverts SSL | Threat Level |


That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.

Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.

At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.

Well this is lovely. Just lovely.

Tuesday, March 23, 2010

CouchDB basics for PHP developers

However, every once in a while, you work on a project
where you probably think to yourself, "Why am I doing all this work?" The
project you're working on contains very simple bits of data or data that's
difficult to predict — you might get different data fields on
different days or even from transaction to transaction. If you were to
create a schema to predict what's coming down the pike at you, you'd end
up with tables that have lots of empty fields or lots of mapping tables.

This is an excellent intro to CouchDB even if you aren't a PHP developer.

Monday, March 22, 2010

OpenBD CFML Debugger Released

Hot off the engineering presses from the OpenBD project is the new browser-based OpenBD debugger. The debugger is an OpenBD plugin so like all plugins, you simply drop a JAR file in your WEB-INF/lib directory and it's installed. No arduous configuration, just drop the JAR into your project and you're debugging. Best of all, it's completely free.

The debugger has all the features you'd expect in a debugger, such as being able to set breakpoints, step over/step through, break on exceptions if you so choose, and the ability to inspect the state of all your variables while your code is running. Fantastic stuff. Watch the video to see how slick this is.

What I really love about the debugger, in addition to how dead simple it is to get up and running, is how familiar it will be to CFML developers. You don't have to go digging around in tiny little Windows inside Eclipse to see what's going on in your code, you see everything in a browser window, and the variable values look like CFDUMP output.

If you've been put off by the complexity of other debuggers in the past the OpenBD Debugger is WELL worth a look. Previously I was only using a debugger when I absolutely had to, but because it's so amazingly easy to use, the OpenBD Debugger will become a regular part of my development process.

Go to the OpenBD download page and click on the "Official Plugins" tab to grab the debugger (and the latest nightly, since the debugger doesn't work with the official 1.2 release) and give it a whirl. This is one of those tools that now that I've been using it for a bit, I can't imagine developing without it.

Free awk script: Convert IIS log file to NCSA common format

# This awk script takes a Microsoft IIS Web server log file in the default format
# and converts it into NCSA common format.

Very handy and very fast. I used this to convert some IIS logs for load testing since JMeter doesn't like the default IIS log format.

Sunday, March 21, 2010

Using OpenBD on Google App Engine? Please let me know!

Peter Farrell and I are working on our "Living in the Cloud: CFML Applications on Google App Engine" presentation for cf.Objective(), and we'd love to include a mention of any sites out in the wild that are using OpenBD on GAE. So if you're using OpenBD on GAE for production sites or even just some experimentation with all the cool possibilities available on GAE, please let me know!

You can leave a comment here or send an email to matt at mattwoodward dot com. Thanks!

Java Install Failing With install.sfx Error? You're Probably On the Wrong Architecture

I'm getting a RackSpace Cloud server set up for a side project, and when trying to install Java on Ubuntu Server and I was getting the following error:

./install.sfx.3763: not found

Since I'm not the one who ordered the cloud server I wasn't sure if it was 32- or 64-bit, but given the modest amount of RAM we're allocating I was guessing it was 32-bit.

Turns out I was wrong. I decided to try the 64-bit Java installer and it worked fine.

So if you get the mysterious install.sfx error when installing Java you're probably using the installer for the wrong architecture. Grab the "other" installer for your situation and it'll likely solve the problem.

I guess you could also ask the person who ordered the server whether it's 32- or 64-bit, but where's the adventure in that?

Friday, March 19, 2010

Interview: Eben Moglen - Freedom vs. the Cloud Log

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it. But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Excellent interview with Eben Moglen about the state of freedom in the age of social networking. Make sure to read the second page too--there are some surprisingly revolutionary (and simple!) ideas about how to turn the current situation on its head so we can get the benefit of social networking without giving up so much control and freedom.

SheevaPlug - Linux Computer in a Wall Socket

Came across this in another article I'll blog about in a bit--amazingly cool.

Wednesday, March 17, 2010

Location of Grails Webapp When Launched from SpringSource Tool Suite

I'm having trouble getting SpringSource Tool Suite to compile and deploy a Java class located in a Grails project's src/java directory when I run the application from within STS. This is particularly odd given that I have a ServletFilter in this same location (albeit a different package) that gets compiled just fine, so I decided to dig into things a bit and figure out where STS deploys projects when you do grails run-app. This way I could at least see whether or not the class was getting deployed and if my class not found exceptions were related to some other issue.

Turns out if you watch the console as the app launches you get a big clue. Well, the answer actually. I'm on Ubuntu so in my case, my project was deployed to /home/mwoodward/.grails/1.2.1/projects/PROJECT_NAME/resources, so I poked around in there to discover that it even creates the package for my Java class but alas, there's no compiled class in the package.

At least I confirmed I'm not losing my mind. Now to solve the mystery of why STS isn't compiling and deploying that class.

Tuesday, March 16, 2010

A New Apache Tomcat Community: | Javalobby

A new site launches today aiming to be the definitive resource for developers who want to run Apache Tomcat in large scale production environments. Sponsored by SpringSource, will provide a central point for the Tomcat community.

Just launched today but given that it's being sponsored by SpringSource, I'm sure this will evolve into a fantastic resource very quickly.

Sunday, March 7, 2010

New OpenBD Goodies: SpellCheck Plugin and RenderInclude() Function

In addition to the CronPlugin there are a couple more additions to Open BlueDragon this weekend: a SpellCheck Plugin, and a RenderInclude() function.

As you might guess from the name, the SpellCheck Plugin allows you to check the spelling of text from within your CFML applications. It ships with an American English dictionary, but you can register your own dictionaries in either OpenOffice format, Mozilla XPI format, or use a simple array of words.

Usage couldn't be simpler:

textToCheck = "Pleze chek mi speling.";
results = SpellCheck(textToCheck, "english-us");

SpellCheck() takes the text to check and the dictionary (or multiple dictionaries) against which to check the text, and it returns an array of structs with these keys:

  • originalWord - the misspelled word
  • positionIndex - the position of the first character of the misspelled word in the string being checked
  • suggestedWords - an array of strings that are suggested corrections for the misspelled word
Very slick and easy way to add spellcheck capabilities to your CFML applications.

The RenderInclude() function is a CFSCRIPT version of the CFINCLUDE tag so you can include templates within CFSCRIPT and have the code in the included template be rendered and returned as a string.

renderedOutput = RenderInclude("/path/to/template.cfm");

All the new functionality that has been added to OpenBD in the past few months has been an incredible asset to my CFML development, and I'm really excited to see more and more plugins being created. Plugins are an easy and extremely powerful way to add new functionality to the OpenBD engine. Reminds me that I need to get back to work on my CFTWITTER plugin to finish that out!

Saturday, March 6, 2010

CronPlugin for OpenBD

From OpenBD

Jump to: navigation, search


The CronPlugin makes the management and scheduling of tasks much easier within OpenBD.

Inspired from the simplicity of the /etc/cron.d/ subdirectories, this plugin brings the ease of that method to the CFML developer by allowing them to simply drop files into pre-defined folders that will be automatically run, without needing to wrestle with external scheduling jobs or CFSCHEDULE.

The plugin will automatically create the necessary directories if they do not already exist. You set this directory by making a call to CronSetDirectory(). This directory location will persist over server restarts.

For example making a call with:


will create the following directory structure within the web app directory.


After this, you can simply drop .cfm files into each of these directories and they will be run at the allocated time. There is no need to restart the engine, or re-call the CronSetDirectory(); it will automatically be picked up.

Everytime the plugin executes one of these files at the desired time, a copy of the output is retained. Within the OpenBD working directory, a similiar structure is created but under the plugin-cron directory, where you can view the results of each file.

This plugin triggers the main OpenBD CFML engine directly, without having to go out and back in via HTTP. This makes it highly efficient and removes a lot of the overhead associated with other schedule methods.

This plugin operates with the nightly build post 4th March 2010 and can be installed by simply copying the .jar file into the /WEB-INF/lib/ folder of your web app.

[download the plugin]

Pages in category "CronPlugin"

This category contains only the following page.


Another awesome plugin for OpenBD. Some really slick possibilities here, and my favorite thing is that FINALLY we have a way to run scheduled tasks without them simply being a scheduled HTTP call. The CronPlugin processing the CFML code in the engine directly.

Note that this doesn't replace the traditional scheduling, but it's another option that will work really well for a lot of use cases.

Tuesday, March 2, 2010

March GroovyMag Available -- Includes My "Grails For Switchers" Article


The March edition of GroovyMag is available and includes an article I wrote entitled "Grails for Switchers," which is my account of what I learned while first learning Grails.

If you're at all interested in Groovy or Grails you need to subscribe to GroovyMag. It's a great way to learn more about Groovy and Grails and keep up with what's going on in the Groovy/Grails community.