Colin Harrington

Archive for July, 2008

Flex doesn’t have a String#replaceAll()?

by on Jul.15, 2008, under Flex, RIA

Flex Logo on WhiteWhat?!?  I was shocked to learn that the latest Flex framework / Actionscript doesn’t have an equivalent for a replaceAll() on String.  I’m looking for a simple way to do replacements on a string.  Most of the languages that I’ve worked with have such a method or a library to provide that functionality.  PHP has the str_replace function, Java has a replaceAll() on java.lang.String, Python has it, C++ has libraries that readily provide this functionality, the System.String in the .NET framework(1.0,1.1,2.0, etc.) has a string#replace method, even in the RIA space, Silverlight has a replace method on System.String, as does JavaFX (java.lang.String).

After searching and reading for a while, the closest equivalent that I could find is a custom method that utilizes the split and join functionality like the following:

public static function StringReplaceAll( source:String, find:String, replacement:String ) : String
    return source.split( find ).join( replacement );

The preceding function came from from Jason Nussbaum’s blog post about Base64 encoding/decoding.   Others have used similar functionality like this post on flexfanatic. Its definitely better than while loop.

I also found that it is possible to utilize a RegExp within the String#replace function as shown on SCRIBBLE IT.  Basically the code would look like:

var str:string = "Somesilly String. silly!";
str.replace(new RegEx("silly", "g") " awesome");

With this pattern it can still be a one-liner, which should preform better than the split/join methodology, but I am still shocked that such a standard method isn’t in the framework.  I am a bit surprised by this finding.  is there a better way?  A good StringUtil Library or something similar?

25 Comments : more...

Grails (Jetty) and crossdomain.xml

by on Jul.13, 2008, under Groovy-Grails

Grails LogoThis last April I did a presentation at the Twin Cities Code Camp on Microsoft Silverlight and SOA with a Grails server.  I ended up writing a simple Grails application that used several web services to communicate to an in-browser Silverlight application.  I specifically wanted to show a Silverlight application interacting with non Microsoft Technologies.  I developed the Grails application on Linux on a different physical machine than what I used to develop the Silverlight application.

One of the Issues I ran into was that I was unable to make requests to the XML Web Services in the Grails application.  It puzzled me for a minute until a quick Google search turned up a simple issue: I needed a crossdomain.xml policy file (or the clientaccesspolicy.xml).  Flash/Flex users run into this all the time and thus most of what you will find is Flash centric.  What is the crossdomain.xml file?  Well its a way of restricting the domains that can access services.  Its basically a white-listing of domains that are allowed to access the services.  The browser and in-browser applications are supposed to respect the crossdomain.xml, and sometimes the Services (server-side) may protect themselves.  You can think of it as a robots.txt for Web services.

Great, I knew what the problem was, now how do I fix it?  I tried a few things, deploying to tomcat, but that didn’t work for me while I was actively developing the application.  Once I understood a little more about Grails and Jetty, I realized that I could just modify the Jetty server that launched when invoking grails run-app.  I simply had to add another context to Jetty, and bingo it worked.  Here is what I did:

I found Grails’ RunApp.groovy script (the one that gets invoked on grails run-app) which was located at $GRAILS_HOME\scripts\RunApp.groovy. (%GRAILS_HOME%\scripts\RunApp.groovy for you Windows folk ).  I had to simply create another context much like the Grails application context was being created.  Here is a stripped down example of what RunApp.groovy looked like. (modifications in Bold)

 * Gant script that executes Grails using an embedded Jetty server
 * @author Graeme Rocher
 * @since 0.4
grailsContext = null
rootContext = null
target( configureHttpServer : "Returns a jetty server configured with an HTTP connector") {
    server.setHandler( webContext )
    server.addHandler( rootContext )
target( setupRootWebContext: "Sets up the Secondary Root Context"){
    rootContext = new WebAppContext("${basedir}/web-app-root","/")


Most of the magic is in the rootContext = new WebAppContext("${basedir}/web-app-root","/") line.  Notice that I had to create a new folder ‘web-app-root’ which resided alongside web-app (I think I used web-app for a while too).  So this context responds to everything in the "/" domain which is the root of the site.  Once I put my crossdomain.xml file in that folder, I could access http://localhost:8080/crossdomain.xml and the services were then accesible via Silverlight — Yay!

I’m sure there are better ways of doing this, but this is what I did to get the job done.  Thanks to JT Dev for his most recent post, which reminded me that I was going to blog about this.  I basically did Solution #2 in his blog post on creating multiple jetty contexts.  Where was this post back in March?  Thanks JT for tipping me off to the Static Resources Plugin!



5 Comments :, , , , more...

Massive Internet Flaw :: DNS cache corruption?

by on Jul.09, 2008, under General

Big news today about a large security whole that affects the backbone of the Internet; DNS.  The Domain Name System or DNS is basically what translates readable names like to its corresponding IP address.  It is cornerstone to just about everything that we do on the internet.  This news is larger than the Debian, OpenSSL fiasco that I blogged about earlier.

I first came across this when I read this article which was posted to

When I first logged into Ubuntu, I was notified that there were very important security updates by the bright red warning icon in the gnome panel.  I was quite happy not to have annoying balloon pop-ups or tricky log-out buttons that hijack the computer to automatically install important updates.  The Ubuntu security updates notified me that I needed to update bind9-host, dnsutils, libbind9, among others. 

We have known that DNS poisoning was an issue, but recent findings combining multiple attack vectors revealed a gaping security hole.  It was interesting to note that this ‘bug’ was a design descision and had to be patched across the board.  I guess design bugs can be quite hairy since its baked into everyone’s implementation.  All major vendors have to patch this hole due to the design nature of this bug.

According to the initial article, The details of the attack will be revealed in 30 days "at the Black Hat security conference in Las Vegas".  It is very interesting to note the current DNS issues that have made headlines recently.  Apparently ICANN itself had lost its own domain name according to this story care of MSNBC.  According to that article and were both hijacked.  This sounds more like proof of concept work to me. 

I am not an expert in this area but from the bit that I do know, the possibilities are scary; Naming authorities being compromised, man in the middle attacks, etc.  What if someone were to gain control of major certificate authorities like VeriSign? It is a little scary to think about what someone could accomplish unknown to the user.  Online Banking, Corporate Communications, Secure Service Bus communications, what if these could be spoofed into being sent to the wrong place, or *through* the wrong place?

This could very well make it into our history books.  I guess we will know more in 30 days.

Here is some extra reading on the subject:

The initial article ended with these words: "This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It’s more, but I can’t talk about how much more."  which sounds very similar to Rusty Ryan’s line in Ocean’s Twelve "Look, it’s not in my nature to be mysterious. But I can’t talk about it and I can’t talk about why."

3 Comments :, more...

Easy Ubuntu Upgrade :: Hardy Heron Hits Home! Hurray!!

by on Jul.02, 2008, under Linux, Ubuntu

Good work!! -> Credit to experience in upgrading Ubuntu Gutsy Gibbon to Hardy Heron was a fairly smooth one.  It was a straight forward process, The System Updater told me that there was a distribution upgrade.  I followed the assigned steps and shortly had upgraded my whole system.  The status bar was horribly in-accurate, changing from 4 minutes all the way to 54 minutes and back again in the matter of 30 seconds, but it was nothing that I haven’t seen on other operating systems. 

The Installer maintained all of my current customizations (since they are in my home directory ~/ ).  I was surprised to see that even my Compiz settings were all exactly how I had left them.  I was happy that the Installer asked me what to do with merge conflicts in my /etc files, (samba.conf, php.ini, apache2.conf, etc.).  There were only a few things that I had to tidy up

  • Configuring the Launch Size of my Terminal window (Ubuntu Forums)
  • blacklisting the pcspkr kernel module (by adding the line "blacklist pcspkr" to /etc/modprobe.d/blacklist – see ubuntuforums for more discussion)

I can now reliably use the standby functionality.  I have a dual Monitor setup and it works well. 

Is Ubuntu ready for mom?  no, but its definitely on the right course!  In my opinion, ubuntu is ready for the little brother, and the wife of a geek.  It doesn’t test the Mom test, nor the Grandma test yet. 

*Update* After a few months of using Hardy Heron, I have realized that Linux is my primary OS.  I’ve taken the jump – its working out great. I still have some things that I would like to see ironed out a bit more, but its worth much more than I paid for it!!

It had been a while since I re-imaged. I finally got a chance to buy a larger hard drive for my laptop.  I was suprised on how easy it was to get NTFS rw support with linux using NTFS-3G.  I decided a while ago to give Windows and Linux each their own partitions along with a shared Data Drive now in NTFS.

So the Partition Table looks like this: 

$ sudo fdisk -l /dev/sda

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2d24c9d9

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        6266    50331613+   7  HPFS/NTFS
/dev/sda2            6267       15150    71360730    7  HPFS/NTFS
/dev/sda3           15151       23942    70621740   83  Linux
/dev/sda4           23943       24321     3044317+   5  Extended
/dev/sda5           23943       24321     3044286   82  Linux swap / Solaris 

 Here is a good article about setting up NTFS Support in Ubuntu.  Linux is getting better every Day.

3 Comments :, , , more...

Configure PHP per Apache Virtual Host

by on Jul.02, 2008, under General

Yea I know… PHP.  Please don’t shoot me.  Its not as groovy as say … Groovy or Ruby, but it can get the Job done.  I just found out how to configure PHP per virtual host. I guess I knew that it was possible, I just did not know how to do it.  Tomorrow I’m planning on forgetting how to do it and have to look it up again, which is exactly why I’ll blog about it :-).

So Basically you can set specific PHP.ini settings in the virtual host definition.  There are other ways of configuring PHP, but this one seems to be aligned to virtual hosts and is the right tool for the job I had to do.

PHP alania tipped me off to’s article on the subject.  It would look similar to:

    DocumentRoot "C:\non\aya\business\public_html"
        Allow from all
        php_admin_flag short_open_tag off

Don’t forget that you could also configure PHP on the fly (while its running/executing) by utilizing the ini_set() function.

Happy PHP-ing!


Leave a Comment :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!