dans.blog


The miscellaneous ramblings and thoughts of Dan G. Switzer, II

MD5 Collision Attack Code Released

I missed this on Slashdot (since I rarely read it anymore,) but thanks to Cameron's blog post I caught this piece of news. The first code has been released that shows how to find collisions in the MD5 algorithm. Essentially this means two completely different source files can be salted to produce the same string. In a nutshell, if you're relying on an MD5 hash to gaurentee the integrity of a file, you have problems—especially if you're relying on it producing unique, secure hash strings.

For a good layman explanation of the problem and the exploit, Magnus Daum & Stefan Lucks have published a really good article over at CITS titled Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss".


The Regex Coach - Interactive Regular Expression Builder

Looking for help building Regular Expressions? The Regex Coach looks like a very promising tool for doing just that. The program is designed to specifically mimic the Perl RegEx Engine, but it should be helpful for other languages as well (like Java, Python, PHP, etc) that use Perl-like syntax. I came across this useful looking tool in a message that came across CF-Talk recently.


Upgrade to Firefox v1.07 Immediately - Severe Security Hole Found

For all of you running Firefox, you really should upgrade your version immediately. The Washington Post has reported a severe security hole that can allow a malicious hacker to take control of your PC.

Upgrade to Firefox v1.07 now by downloading it from the Firefox Product page.


Updating Symantec AntiVirus Definitions On An Hourly Basis

My boss wanted to make sure that on one of our servers we were updating our Symantec Anti-Virus definitions on an hourly basis. By default the Symantec Anti-Virus Client will only allow you to do a LiveUpdate once per day. Fortunately, there's a command line tool called VPDN_LU.exe which you can run to do silent updates.

Here are the command line options for the VPDN_LU.exe tool:

/fUpdate
Filter out definitions updates
/fVirusdef
Filter out new AntiVirus definitions updates
/s
Retrieve definitions and product updates in silent mode.

more…


BlackDog - Portable USB-Powered Linux Server...

Came across this pretty cool little product called BlackDog. It's basic a 400Mhz PowerPC Processor with Debian-based Linux in a plug-n-play USB box. Could be very useful portable development server. Check it out.

BlackDog offers open source developers an exciting new platform for mobilizing software applications. BlackDog represents a new breed of device that redefines what a 'computer' is. It can be programmed to carry your applications, data, web sites, desktop look and feel, with you, wherever you may go.

Develop applications and deploy them on BlackDog then launch and automatically project them onto a Windows PC. Design an interface, spin and run a web site, run a video game.

Program It — Port It — Plug It — Pull It, throw it in your pocket and do what you will with it — With BlackDog you 'can' take it with you!


Firefox Tip: Use Multi-line URLs When Pasting Into The Address Bar

Andrei Zmievski posted a cool little blog entry on how to get Firefox to parse a mutli-line URL. This tip is very handy when cutting and pasting URLs from an e-mail or from a message board where the URL spans multiple lines.

Here's another Mozilla/Firefox tip: if you copy a URL wrapped over multiple lines from somewhere and try to paste it into the address bar, you will end up only with the first line of it. To fix it, go to about:config and change editor.singleLine.pasteNewlines setting to 3 or add:

user_pref("editor.singleLine.pasteNewlines", 3);

to your user.js file. Now all the line breaks will be removed upon pasting.

This has always been a big pain in the arse. In the past I've always ended up having to open up a text editor, paste the URL and then strip out the new lines. This will be a real time saver!


Is This Really Mac OS X v10.4.1 Running On A PC?

Gizmodo posted a screen shot of someone supposedly running Mac OS X v10.4.1 via a VMWare session. While I'm hoping this news is true, I'm suspected this is probably a fake screenshot. I've looked through VMWare's web site and can't find anything about upcoming support for the Mac OS X. I suspect this is just a rumor based on the fact that Apple has announced their plans to move to Intel-based processors.

However, the fact that Apple is making this move, it would see feasible that you could write a virtual machine to emulate the Apple specific hardware. It sure would be nice to be able to open up an Mac OS VM to test sites on the Mac. ;)


Getting A Thread Dump From CFMX Using StackTrace...

Brandon Purcell spawned off a serious of interested blog posts today when he posted his Obtaining a Thread Dump with ColdFusion or JRun running as a Windows Service. He talks about called StackTrace which you can use to get a trace dump of any running Java process (including applets running in the browser.) I download the application, but have yet to install it.

Anyway, Brandon's post spawned off an interested post by Steven Erat in which he points to the Debugging Stack Traces in ColdFusion MX technote on Macromedia's web site.

Both of these posts are worth reading and will definitely be useful for debugging in those times were CF crashes unexpectedly.


Remote Control You User's PC via a URL...

Sean Tierney blogged about a pretty cool little open source project called UltraVNC Single-Click.

Basically if you're running Windows and you need tech support from me, I point you to an executable on my site and it gives me VNC control over your system. What this means is no more 30min tech support sessions with relatives walking them through the process of troubleshooting a faulty device driver or some other obscure problem over the phone ("what do you see now?"). No matter what computer they're working on you send them to a URL and take control of their system remotely and let them watch how you fix it. And if you want to take it a step further and preserve the solution as a movie so they can reference it later, use this cross-platform VNC2SWF screen recorder (like camtasia only for a VNC session).


Text Fades For Scrolling Content...

Simon Collison blogged a pretty cool CSS technique he called Image fades for overflow: auto. Essentially this technique allows you fade the text as it nears the edge of the box before it would hide from view. Here's the image Simon shows on his site:

This technique could probably use some improvement. It's probably something you could wrap up in a JS library to apply to elements automatically. Regardless, it's a cool looking effect. Kudos to Simon!


CFEclipse BER Now Available via CFEclipse.org

Spike Milligan posted on his blog today that CFEclipse has completely moved to CFEclipse.org. He's no longer going to be offering nightly builds/bleeding edge releases (BER) on his site. The good news is, you can now get the BERs directly from CFEclipse.org.

See the Downloads page for instructions on how to download stable and BER releases automatically using CFEclipse.


Install Multiple Version of Internet Explorer On You PC!

You learn new stuff every day. Thanks to Brendan Smith for pointing out to me that some creative web guys have come up with a solution for running multiple versions of IE on a PC without having to run anything in a virtual machine.

Ryan Parman over at skyzyx.com has been nice enough to encapsulate all the version in nice little zip files that you can just extract to a directory and run. It doesn't appear that people have 100% success using this hack, but it seems to work for most people. The only noticable issue is that the "Help > About" will always list the current version of IE installed, but apparently the user agent reports back the expected results.

Download Standalone Microsoft Internet Explorer v3 - v6

more…


Old News, News To Me: IE7 Being Released For WinXP SP2

Ok, this is I guess is old news, but it's news to me. Apparently Microsoft has changed their stance on releasing another version of Internet Explorer for their current OS line.

Originally, Microsoft had taken a stance that IE 7 would be a "Longhorn" (now officially named Windows Vista) product only and that v6 was going to be the last release for all current versions of the Microsoft OS. It's now looking like that stance has changed.

Building on those advancements, Gates announced Internet Explorer 7.0, designed to add new levels of security to Windows XP SP2 while maintaining the level of extensibility and compatibility that customers have come to expect. Internet Explorer 7.0 will also provide even stronger defenses against phishing, malicious software and spyware. The beta release is scheduled to be available this summer.

more…


Using XML Entities To Define "Variables" In Your Documents...

Wayne Graham has posted a nice blog entry on how to use XML entities to provide "dynamic" variables in your XML documents. The article is really geared towards users using the CFMX Model-Glue framework, but the technique of using XML entities will work with any XML document.


Fiddler - Great Free HTTP Proxy/Monitor for Windows...

I ran across this a reference to Fiddler a couple of days ago and I downloaded it, but hadn't had a chance to install it and evaluate it. I just figured I'd play around with it the next time I needed an HTTP proxy/monitor. Well, this morning I finally had a need for one.

This morning a friend of mine pinged me over IM having a problem using cfform to generate a Flash-based form that was talking w/a CFC. He had a simple example that was working, but when plugged into the live content it wasn't.

Anyway, a quick look w/the Firefox Live HTTP Headers extension told me that his Flash form wasn't seeing his CFC. Easy enough fix—or so I thought. After changing the path to the CFC it still wasn't working, although I could tell the Flash form was now seeing the CFC because I could see the 200/OK responses. However, I couldn't actually see what data was coming back from the server.

more…