dans.blog


The miscellaneous ramblings and thoughts of Dan G. Switzer, II

Thunderbird v1.5 Released!

Thunderbird v1.5 was released today. I use Thunderbird for my day job and have been anxiously awaiting the next release. Here's a break down of some of the new features from the Mozilla website:

Here's what's new in Thunderbird 1.5:

  • Automated update to streamline product upgrades. Notification of an update is more prominent, and updates to Thunderbird may now be half a megabyte or smaller. Updating extensions has also improved.
  • Sort address autocomplete results by how often you send e-mail to each recipient.
  • Spell check as you type.
  • Saved Search Folders can now search across multiple accounts.
  • Built in phishing detector to help protect users against email scams.
  • Podcasting and other RSS Improvements.
  • Deleting attachments from messages.
  • Integration with server side spam filtering.
  • Reply and forward actions for message filters.
  • Kerberos Authentication.
  • Auto save as draft for mail composition.
  • Message aging.
  • Filters for Global Inbox.
  • Improvements to product usability including redesigned options interface, and SMTP server management.
  • Many security enhancements.

The Rumbling Edge has more detailed lists of new features and notable bug fixes.


Microsoft releases "official" WMF patch

A follow up from my blog post on Wednesday. Looks like peer pressure really got to Microsoft. An official patch to the WMF vulnerability was released late yesterday. If you don't have your PC set to automatically update, make sure to go visit the Windows Update site (make sure you're using Internet Explorer) and patch your system ASAP.

So much for Microsoft sticking to their patch release schedule. Personally, I'm glad they didn't wait. They should be releasing patches as they're available. If corporations want to wait and release things on a schedule, that's fine, but let us contractors and personal users fix our computers as quickly as possible.


WMF Hotfix for nasty Windows vulnerability

This isn't exactly breaking news, but there's a very nasty bug in Windows 2000, XP and 2003 that has just recently been revealed being called the "WMF vulnerability." The bug has to do with a vulnerable function in GDI32.DLL library that can allow a malicious hacker/web site to install a virus/spyware on your computer.

What makes this bug extremely dangerous is any program that views images (such as Internet Explorer, Firefox, etc) is vulnerable.

Microsoft is claiming that there will not be an "official" patch for this bug until next week. However, this thing is nasty enough that everyone running Windows 2000, XP or 2003 should take some kind of action now.

more…


TIP: Query Analyzer - Selective Query Results

I've been using the Query Analyzer that comes with Microsoft SQL Server 2000 since it was first released and just discovered this trick today.

TIP: Query Analyzer - Selective Query Results
If you ever wish to run just a subset or portion of a query, highlight the portion of your query you want results for and click the "Execute Query" button (or hitting [F5].) Query Analyzer will then run just the portion of SQL code that's selected and display the results in the Results Grid.

This works great if you want to see what a query is doing without the where clause, or perhaps to see the results of an inner select statement. In the past I was always copying these to a new window to run. No more!

more…


Problems with CFINCLUDE & UTF-8 files...

I was talking with a friend this afternoon and we were discussing an issue his client was having. They were using the <cfinclude> tag to read in a UTF-8 file to display some "cached" data but were having a problems. It turns out that any actual UTF-8 encoded characters were not displaying correctly, because the included files were written with <cffile>, which does not write a BOM (Byte Order Mark) when saving UTF-8 data.

Fortunately, Tim Blair had already run into this problem and come up with a solution for writing UTF-8 files that have a BOM. I've taken his code and wrapped it up into a UDF:

function fileWriteUT8(sFilePath, sInput){
    // declare jWrite object
    var jWriter = "";
    // create the file stream
    var jFile = createobject("java", "java.io.File").init(sFilePath);
    var jStream = createobject("java", "java.io.FileOutputStream").init(jFile);
    // output the UTF-8 BOM byte by byte directly to the stream
    jStream.write(239); // 0xEF
    jStream.write(187); // 0xBB
    jStream.write(191); // 0xBF
    // create the UTF-8 file writer and write the file contents
    jWriter = createobject("java", "java.io.OutputStreamWriter");
    jWriter.init(jStream, "UTF-8");
    jWriter.write(sInput);
    // flush the output, clean up and close
    jWriter.flush();
    jWriter.close();
    jStream.close();

    return true;
}

more…


New Version of Fiddler HTTP Debugging Proxy Available - Critical Security Update

I just noticed that there's a new version of Eric Lawrence's Fiddler HTTP debugging proxy available. This update claims to be critical security update and it's recommended you update immeditately.

For those of you who don't know, Fiddler is a great way tool for monitoring the HTTP traffic on your box. If you're doing any kind of RPC (web services, Flash remoting, AJAX) over HTTP, then this application is a must have.

Here's what's in the new version:

more…


BufferOverflowException when invoking ByteArrayOutputStream.toString() on large arrays in CFMX 6.1

I'm working on project that involves us transferring large XML files between a client application and the server. In order to increase bandwidth efficiency, we're using gzip on the XML data to shrink the file size down. This works great as we're seeing about an 80% shrink in file size.

However, I was running into a problem trying to expand the GZIP file on the server. I wanted to expand the file directly to a string in memory—avoiding writing the file to disk. By using a ByteArrayOutputStream I read in the GZIP file using the java.io.FileInputStream and java.util.zip.GZIPInputStream. I then used the toString() method on the ByteArrayOutputStream to convert the OutputStream into a string ColdFusion could use.

On files under 10MBs, I wasn't having a problem but on some really large files I was getting a strange java.nio.BufferOverflowException error when trying to convert the OutputStream to a string. Turns out there appears to be some kind of threshold between CFMX and Java.

more…


Firefox - Upgrade JavaScript Console Extension

Jim Rutherford over at Digital Media Minute blogged about a next generation JavaScript console which is a Firefox v1.5 extension called Console².

This extension adds a lot of necessary functions to the Firefox JavaScript Console window (which is renamed "Error Console") such as: sorting errors, filtering errors by type (CSS, JS, XML) and you can even search over the errors.

One tip, the "Clear" button isn't on the toolbar by default. To add it you'll need to right-click the toolbar and choose "Customize". Not sure why they didn't add the "Clear" button by default—seems like a button that's absolutely necessary. I know it's a button I use pretty much any time I have the JavaScript console open.


Cool Firefox Extension - foXpose

The Viamatic foXpose plug-in is an extension for Firefox v1.5 that will show all your open tabs in single window with thumbnail previews of the window.I've seen this blogged about a lot recently, but finally tried it out based upon an IM from Cameron Childress.

I was worried that the plug-in would be too CPU intensive, but it does really seem to negatively affect my performance in Firefox. Plus, it's really slick being able to see thumbnails of all my open tabs.

You can activate foXpose by either pressing [CTRL]+[SHIFT]+[X] or by clicking the pane icon in the lower-right hand corner of the window.


Possible Buffer Overflow Bug in Firefox v1.5

John Dowdell posted about a possible buffer overflow bug in Firefox v1.5.

I'm not sure why you wouldn't cap the document.title object at 256 or 1024 characters. There's really no reason why you should be able to dump that many chars into that property anyway.

So, if you find Firefox v1.5 is crashing everytime you start the application, try deleting your history.dat. Actually, I'd recommend renaming it to history.bak that way you don't lose everything if it doesn't fix the problem.


TIP: Adding "Command Prompt Here" Context Menu

I often find myself needing to open up a command line on a specific directory. Since Windows Explorer is almost always open on my machine while I'm developing, it makes perfect since that I'd want to use Windows Explorer to open up a command line prompt in a specific directory via the context menu. How can you do this you ask? You edit the registry.

This is not a new tip. It's been around since Windows 95. There's even been a Microsoft PowerToy that does this for every version of Windows, but essentially all it does is create some registry entries for you. I prefer manually editing the registry, as I then have complete control over how I want the listing to appear.

  1. Open regedit
  2. Navigate to HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell
  3. Create a new key called command prompt
  4. Your default value should be Command Prompt Here
  5. Create a new key called commandunder the command prompt key
  6. Your default value should be cmd.exe /k pushd %L

more…


A FPS Shooter Example Using Firefox v1.5 Without Plug-ins!

I caught this on Blogzilla. If you have Firefox v1.5, this is very cool. The <canvas> tag looks pretty slick, but since only Firefox supports it, I can't see much use for it right now.

New in Firefox 1.5 is support of the <canvas> tag, which is a new HTML element that can be used to draw graphics using JavaScript. It's not SVG, even though it overlaps functionality with SVG.

Rafael Robayna has created a simple painter demo. A little more detailed is the first-person shooter demonstration.

While both are a little slow and not so smooth, it's still cool to see something like this is possible.

More on <canvas> tag:
Mozilla Developer entry for Canvas
Mozilla Wiki entry for Canvas


Firefox v1.5 Released

Firefox v1.5 is being released today. The website still says RC3 is the latest build, but you should see an official announcement later today (probably between 6pm-9pm EST.)

Download Firefox v1.5 (English) now.


MS SQL 2K Bug: Query with Large IN Clause Results in Stack Overflow

On a site I'm managing, there's a query that was written by another developer that I've been trying to speed up. The query searches over a text column in a MS SQL 2k database. The table this column is in contains several million records and the query performance isn't up to par.

Anyway, I've been trying anything I can think of to increase performance over this query. Oddly enough, in gentle testing using SQL Query Analyzer it was indicating I might get better performance from this operation by spitting thing into two seperate queries. This lead me to find this bug:

BUG: Query with Large IN Clause Results in Stack Overflow

more…


Eyetrack III - Revealing how user's view a web page...

I actually came across this article several weeks ago, but just never came around to blogging about it. Eyetrack III has released their results from their latest testings and the results are pretty interesting, but not exactly surprising.

In a nutshell, this survey tracked users and the movement of their eyes when viewing a web page. Here is a diagram of how most users tended to first scan a web page:

User's Eye Movement Pattern

more…