15
07
2008
Posted by: Colin in Flex, RIA
 What?!? I was shocked to learn that the latest Flex framework / Actionscript doesn’t have an equivalent for a replaceAll() on String. I’m looking for a simple way to do replacements on a string. Most of the languages that I’ve worked with have such a method or a library to provide that functionality. PHP has the str_replace function, Java has a replaceAll() on java.lang.String, Python has it, C++ has libraries that readily provide this functionality, the System.String in the .NET framework(1.0,1.1,2.0, etc.) has a string#replace method, even in the RIA space, Silverlight has a replace method on System.String, as does JavaFX (java.lang.String).
After searching and reading for a while, the closest equivalent that I could find is a custom method that utilizes the split and join functionality like the following:
public static function StringReplaceAll( source:String, find:String, replacement:String ) : String
{
return source.split( find ).join( replacement );
}
The preceding function came from Base64.as from Jason Nussbaum’s blog post about Base64 encoding/decoding. Others have used similar functionality like this post on flexfanatic. Its definitely better than while loop.
I also found that it is possible to utilize a RegExp within the String#replace function as shown on SCRIBBLE IT. Basically the code would look like:
var str:string = "Somesilly String. silly!";
str.replace(new RegEx("silly", "g") " awesome");
With this pattern it can still be a one-liner, which should preform better than the split/join methodology, but I am still shocked that such a standard method isn’t in the framework. I am a bit surprised by this finding. is there a better way? A good StringUtil Library or something similar?
No Comments »
13
07
2008
Posted by: Colin in Groovy-Grails
 This last April I did a presentation at the Twin Cities Code Camp on Microsoft Silverlight and SOA with a Grails server. I ended up writing a simple Grails application that used several web services to communicate to an in-browser Silverlight application. I specifically wanted to show a Silverlight application interacting with non Microsoft Technologies. I developed the Grails application on Linux on a different physical machine than what I used to develop the Silverlight application.
One of the Issues I ran into was that I was unable to make requests to the XML Web Services in the Grails application. It puzzled me for a minute until a quick Google search turned up a simple issue: I needed a crossdomain.xml policy file (or the clientaccesspolicy.xml). Flash/Flex users run into this all the time and thus most of what you will find is Flash centric. What is the crossdomain.xml file? Well its a way of restricting the domains that can access services. Its basically a white-listing of domains that are allowed to access the services. The browser and in-browser applications are supposed to respect the crossdomain.xml, and sometimes the Services (server-side) may protect themselves. You can think of it as a robots.txt for Web services.
Great, I knew what the problem was, now how do I fix it? I tried a few things, deploying to tomcat, but that didn’t work for me while I was actively developing the application. Once I understood a little more about Grails and Jetty, I realized that I could just modify the Jetty server that launched when invoking grails run-app. I simply had to add another context to Jetty, and bingo it worked. Here is what I did:
I found Grails’ RunApp.groovy script (the one that gets invoked on grails run-app) which was located at $GRAILS_HOME\scripts\RunApp.groovy. (%GRAILS_HOME%\scripts\RunApp.groovy for you Windows folk  ). I had to simply create another context much like the Grails application context was being created. Here is a stripped down example of what RunApp.groovy looked like. (modifications in Bold)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
/**
* Gant script that executes Grails using an embedded Jetty server
*
* @author Graeme Rocher
*
* @since 0.4
*/
…
grailsContext = null
rootContext = null
…
target( configureHttpServer : "Returns a jetty server configured with an HTTP connector") {
…
setupWebContext()
setupRootWebContext()
server.setHandler( webContext )
server.addHandler( rootContext )
…
}
target( setupRootWebContext: "Sets up the Secondary Root Context"){
rootContext = new WebAppContext("${basedir}/web-app-root","/")
}
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Most of the magic is in the rootContext = new WebAppContext("${basedir}/web-app-root","/") line. Notice that I had to create a new folder ‘web-app-root’ which resided alongside web-app (I think I used web-app for a while too). So this context responds to everything in the "/" domain which is the root of the site. Once I put my crossdomain.xml file in that folder, I could access http://localhost:8080/crossdomain.xml and the services were then accesible via Silverlight — Yay!
I’m sure there are better ways of doing this, but this is what I did to get the job done. Thanks to JT Dev for his most recent post, which reminded me that I was going to blog about this. I basically did Solution #2 in his blog post on creating multiple jetty contexts. Where was this post back in March? Thanks JT for tipping me off to the Static Resources Plugin!
1 Comment »
09
07
2008
Posted by: Colin in General
 Big news today about a large security whole that affects the backbone of the Internet; DNS. The Domain Name System or DNS is basically what translates readable names like colinharrington.net to its corresponding IP address. It is cornerstone to just about everything that we do on the internet. This news is larger than the Debian, OpenSSL fiasco that I blogged about earlier.
I first came across this when I read this article which was posted to Digg.com.
When I first logged into Ubuntu, I was notified that there were very important security updates by the bright red warning icon in the gnome panel. I was quite happy not to have annoying balloon pop-ups or tricky log-out buttons that hijack the computer to automatically install important updates. The Ubuntu security updates notified me that I needed to update bind9-host, dnsutils, libbind9, among others.
We have known that DNS poisoning was an issue, but recent findings combining multiple attack vectors revealed a gaping security hole. It was interesting to note that this ‘bug’ was a design descision and had to be patched across the board. I guess design bugs can be quite hairy since its baked into everyone’s implementation. All major vendors have to patch this hole due to the design nature of this bug.
According to the initial article, The details of the attack will be revealed in 30 days "at the Black Hat security conference in Las Vegas". It is very interesting to note the current DNS issues that have made headlines recently. Apparently ICANN itself had lost its own domain name according to this story care of MSNBC. According to that article icann.com and iana.com were both hijacked. This sounds more like proof of concept work to me.
I am not an expert in this area but from the bit that I do know, the possibilities are scary; Naming authorities being compromised, man in the middle attacks, etc. What if someone were to gain control of major certificate authorities like VeriSign? It is a little scary to think about what someone could accomplish unknown to the user. Online Banking, Corporate Communications, Secure Service Bus communications, what if these could be spoofed into being sent to the wrong place, or *through* the wrong place?
This could very well make it into our history books. I guess we will know more in 30 days.
Here is some extra reading on the subject:
The initial article ended with these words: "This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It’s more, but I can’t talk about how much more." which sounds very similar to Rusty Ryan’s line in Ocean’s Twelve "Look, it’s not in my nature to be mysterious. But I can’t talk about it and I can’t talk about why."
No Comments »
02
07
2008
Posted by: Colin in Linux, Ubuntu
 My experience in upgrading Ubuntu Gutsy Gibbon to Hardy Heron was a fairly smooth one. It was a straight forward process, The System Updater told me that there was a distribution upgrade. I followed the assigned steps and shortly had upgraded my whole system. The status bar was horribly in-accurate, changing from 4 minutes all the way to 54 minutes and back again in the matter of 30 seconds, but it was nothing that I haven’t seen on other operating systems.
The Installer maintained all of my current customizations (since they are in my home directory ~/ ). I was surprised to see that even my Compiz settings were all exactly how I had left them. I was happy that the Installer asked me what to do with merge conflicts in my /etc files, (samba.conf, php.ini, apache2.conf, etc.). There were only a few things that I had to tidy up
- Configuring the Launch Size of my Terminal window (Ubuntu Forums)
- blacklisting the pcspkr kernel module (by adding the line "blacklist pcspkr" to /etc/modprobe.d/blacklist - see ubuntuforums for more discussion)
I can now reliably use the standby functionality. I have a dual Monitor setup and it works well.
Is Ubuntu ready for mom? no, but its definitely on the right course! In my opinion, ubuntu is ready for the little brother, and the wife of a geek. It doesn’t test the Mom test, nor the Grandma test yet.
*Update* After a few months of using Hardy Heron, I have realized that Linux is my primary OS. I’ve taken the jump - its working out great. I still have some things that I would like to see ironed out a bit more, but its worth much more than I paid for it!!
It had been a while since I re-imaged. I finally got a chance to buy a larger hard drive for my laptop. I was suprised on how easy it was to get NTFS rw support with linux using NTFS-3G. I decided a while ago to give Windows and Linux each their own partitions along with a shared Data Drive now in NTFS.
So the Partition Table looks like this:
$ sudo fdisk -l /dev/sda
Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2d24c9d9
Device Boot Start End Blocks Id System
/dev/sda1 * 1 6266 50331613+ 7 HPFS/NTFS
/dev/sda2 6267 15150 71360730 7 HPFS/NTFS
/dev/sda3 15151 23942 70621740 83 Linux
/dev/sda4 23943 24321 3044317+ 5 Extended
/dev/sda5 23943 24321 3044286 82 Linux swap / Solaris
Here is a good article about setting up NTFS Support in Ubuntu. Linux is getting better every Day.
No Comments »
02
07
2008
Posted by: Colin in General
Yea I know… PHP. Please don’t shoot me. Its not as groovy as say … Groovy or Ruby, but it can get the Job done. I just found out how to configure PHP per virtual host. I guess I knew that it was possible, I just did not know how to do it. Tomorrow I’m planning on forgetting how to do it and have to look it up again, which is exactly why I’ll blog about it :-).
So Basically you can set specific PHP.ini settings in the virtual host definition. There are other ways of configuring PHP, but this one seems to be aligned to virtual hosts and is the right tool for the job I had to do.
PHP alania tipped me off to PHP.net’s article on the subject. It would look similar to:
<virtualhost>
DocumentRoot "C:\non\aya\business\public_html"
ServerName www.somesite.com
ServerAlias somesite.com
<directory>
Allow from all
php_admin_flag short_open_tag off
</directory>
</virtualhost>
Don’t forget that you could also configure PHP on the fly (while its running/executing) by utilizing the ini_set() function.
Happy PHP-ing!
No Comments »
This last week (the 13th of May 2008) they announced a jaw-dropping security hole in the Debian OpenSSL package. This Bug was introduced on May 2nd 2006 (relased in September?) and fixed on May 13th 2008.
What was the Bug? Basically the randomness of the key generation processes was severly inhibited, thus making it feasible to guess (by brute force) the private keys. Someone commented out a block of code that was nessesary to guarentee the randomness of the key that was to be generated.
#ifndef PURIFY /* * Don’t add uninitialised data. MD_Update(&m,buf,j); /* purify complains */ */ #endif
Ok what does that mean? It means that someone could listen in on your communications that you thought were secure. Sniff passwords, ssh into machines you don’t own, etc.
I was happy to get an urgent update from the Ubuntu update manager in such a short amount of time. I like that I was able to patch my systems so quickly. I am floored that this bug was allowed to happen for the last 2 years 
Many people have explained the fiasco/bug in more depth; here are some of my favorites
I explained in a previous post on distributed computing, that one of my parallel programming courses in college required us to find the seed and depth of a sequence of random numbers (very similar to the generation of rainbow tables or brute force password/key checking). I’m sure that a few slight modifications to that code and I would have a workable, scalable and efficient brute force attack. Am I going to do this? no. Can you have the code? Yes…and by yes I mean no. Realistically anyone skillful enough to capture and stage an attack would have the skills to formulate this on their own.
H D Moore over at metasploit - calculated that it would take his 31 Xeon cores approximately 2 hours to brute force 2048bit RSA Keys, and ~ 100 hours (3100 CPU hours) to brute force a 8192 bit RSA key path, and 100,000 hours (3,100,000 CPU Hours) to brute force a 16384 RSA Key assuming the max-breadth to find the pair.
With a tool like Amazon’s Ec2, this would allow you to scale this application as far as your pocket book would allow :-) Well there is an actual limits, but it could be expanded by Amazon to handle your requests.
I’m thinking something along the lines of 10,000 Extra large instances. So that would be 80,000 cores, which would handle the 3,100,000 CPU hours in just 38.75 hours (yea, I know Ec2 core != Xeon … its just for illustration). 3,100,000 hours of computing could be completed in just over 3 days!!!! with Amazon’s current pricing model, it would end up costing you $8000 per hour to run those 10,000 Large instances. So the total bill (not including storage or testing time) would be around $310,000 to complete the processing. I guess I have better things to do with $310k. $310 is the most that you would pay, statistically you’d end up paying ~ $160k if you had to average it out. and that for 16384 bit RSA key pair. the most common would be 1024 or 2048 bit RSA keys.
For a large organization such as the government, this would be cake money. I’d be willing to bet that they already have much more computing horsepower than Amazon has at the disposal of EC2. I love open source projects, but with so much going on at many levels, open projects can leave themselves open to bugs like this. I guess thats why many projects go for the benevolent dictator approach. Someone has to understand, and coordinate the project as a whole. It will be interesting to see the fallout of this issue.
This definitely got me to further my thoughts on Open Source Software.
What do you think?
5 Comments »
 When I was studying at Bethel College (now Bethel University) located in Arden Hills, Minnesota, I took a class called on Parallel Programming taught by Dr. Brian Turnquist. I have to say that this class was my favorite. I would stay up late just to solve the problems and projects that were presented to us. I loved it!!!
We had a 40 CPU Beowulf cluster that we were able to work with. It was a pretty standard AMD Dual Processor Configuration on a 10/100mbps ethernet network (which was usually the bottleneck). Several students had the opportunity to help design and setup the cluster. The cluster had its own housing inside one of the Computer Science labs.
We ended up writing C++ programs that utilized MPI to communicate. We ran calculations, rendered fractals, and simulated breaking passwords in a distributed form; Well maybe not passwords, but finding the seed and depth of how to replicate a series of "random" number’s generated by the stock random number generator could be easily substituted with other code . I won’t get into how important the RNG (Random Number Generator) is to our modern systems (1,2) but it was a fun exercise none-the-less. I ended up using the cluster briefly to render some intensive POV-Ray Fractals (See the contest results).
I’ve always loved the concept of distributed computing. I was really excited when I learned of Amazon’s Elastic Compute Cloud (EC2). The concept of Pay as you go applied to Distributed computing is an interesting one! And having a top-tier datacenter and Simple Storage Services (S3) makes it an attractive solution. The concept of building scalable web applications is one that has caught my eye.
I have some good ideas on how to utilize this service but haven’t made time to finish the concepts. The Amazon Web Services crew have really started to round out ther services with the announcement of Persistent Storage for EC2 and SimpleDB. Persistent Storage is, in my humble opinion, one of the last things that they needed to solve to service a fully viable, scalable, pay as you go/grow computing platform.
No Comments »
 This past weekend I spoke at the Twin Cities Code Camp. It was a Blast. My Presentation was Microsoft Silverlight and SOA. Its new technology so resources at this point are few and far between. Silverlight itself is only a a 2.0 Beta 1 stage.
During the presentation, I highlighted Silverlight’s abilities to consume and invoke web services. I wanted to show cross-domain services calls where the server is a non-microsoft based application.
I developed a RESTful Server application in Grails on Linux.
The demo Silverlight application is a Video Podcast Administration Application. I specifically wanted to show several client side methods of invoking web services. I didn’t want to focus on any fancy visual effects video transformations etc.
Here is code for the Grails Server.
Here is the Silverlight Application code.
My Presentation is in a Google Doc.
I had a blast at Code Camp, It sounds like something I’ll probably do again.
I might also put a short video together to show its functionality for Inetium. I’ll be sure to post it here.
Cheers!
1 Comment »
14
04
2008
Posted by: Colin in General
 I really enjoy using Firefox. I have recently re-imaged my laptop after a hard drive upgrade. I use Firefox quite Heavily. I will frequently have one hundred of tabs open especially when I go through my reading materials for a week.
I noticed on both Windows and Linux (Ubuntu) that my firefox sessions would hang after I crossed a certain threashold. I have other browsers that I popped open to check to see if it was application or network specific. Epiphany IE and Safari all worked flawlessly so it had to be specific to Firefox.
my first reaction was to pop open about:config (more) and start poking around the network settings, network.http.max-connections and the like seemed to have no effect. Alas google remided me of the network.http.pipelining (more) it basically allows for multiple requests to be executed at once. This is especially important when using both Gmail and Google Reader and Digg which all utilize ajax calls in the background.
No Comments »
01
04
2008
Posted by: Colin in General
Its been a fun April 1st 2008! I’ve Rick Rolled (definition) numerous people, and still have a friend believing that my wife and I are pregnant (right after talking about April Fools jokes.) But my measly measures aren’t fit to stand up to some of the grandiose pranks out there today.
My Favorites have been (So far)
Last year I had my wife up in arms over Goole’s TiSP. She refused to allow a cable to hang in the toilet. By the end I was trying to give it away by saying, "its only available today April 1st 2007." It took a while but she eventually calmed down and laughed about it with me.
Happy April Fools Day!
No Comments »
« Previous Entries
|
