$theTitle=wp_title(" - ", false); if($theTitle != "") { ?> } else { ?> } ?>
by Andrew Johnstone
In: General
5 Nov 2005i18n & Flash
system.useCodepage = true;
Unicode or the traditional code page of the operating system running the Player to interpret external text files. The default value of system.useCodepage is false .
Text that you include or load as an external file (using the #include command, the loadVariables or getURL actions, or the LoadVars or XML objects) must be encoded as Unicode when you save the text file, in order for the Flash Player 6 to recognize it as Unicode. To encode external files as Unicode, save the files in an application that supports Unicode, such as Notepad on Windows 2000.
You should save the external file in UTF-8, UTF-16BE, or UTF-16LE format, using an application that supports the format. If you are using UTF-16BE or UTF-16LE format, the file must begin with a byte order mark (BOM) to identify the encoding format to the Macromedia Flash Player 6.
Reverse Proxies
Pass the source of the file into flash…
flash.swf?DataSource=./xyz
if (_root.datasource == null || _root.datasource == "") { _root.datasource = "IndexFlashData.php"; } // this.stop(); cgi = _root.datasource; this.loadVariables(cgi); this.onData = function() { this.play(); };
Flash and Action Replays
You can monitor the http request of a flash swf that uses loadvars; retrieve and manipulate the GET/POST request. In an instances of a small games, which revolves around highscores, it is relatively easy to manipulate the http request and inject your own scores. As such encrypting and decrypting the data that is transmitted to the server prevents, a very simple hack.
Monitor Http Headers with (LiveHttpHeaders)
Live Http Replay
In: General
24 Oct 2005After few weeks, into launch of a global application, I received word that a couple of employees have been unable to gain access to their internal networks in Europe, and are outside the realm of the global corporate intranet. A system is also in place to allow members to gain access to the corporate intranet, which was put in place by an external company called Scalable Networks.
This all works fine; however, there is a proxy in place that rewrites all URLs, which we were not involved with or any aspects of security. We did not know of a proxy’s existence until a week before launch. As such, the Proxy rewrites every URL using CGI, and JavaScript; the problem being is aspects such as Flash with the source of the data files loaded into Flash being embedded into Flash itself, and other areas that are dependant on JavaScript. Whilst the public site for the corporate intranet uses very limited amounts of flash and JavaScript, the admin section relies on a couple aspects of JavaScript to pull in data via AJAX, and utilises JavaScript to create a virtual FileSystem. All of which, the real path to the data is masqueraded by the proxy itself, and all paths that are referenced despite being relative result in a 404 error.
Now many aspects of the admin now appear to have to be rewritten or hacked to compliment the proxy in place.
An example is…
https://www.example.com/,host=intranet.domain.com,port=80,proto=http/https://www.example.com/,host=intranet.domain.com,port=80,proto=http/Style/Screen.css
A lesson learned is to always reference the data source of a flash file externally rather than embedding the location…
./Flash.swf?DataSource=/,host=intranet.domain.com,port=80,proto=http/DataSource.php&Debug=1&DebugFile=trace.php
As you can see even referencing files as relative will not work correctly, if the proxy cannot parse the URL.
In: General
17 Oct 2005Whilst developing with Apache, and IIS over a number of years, I have always found it frustrating to have to type and use a seperate port for the different web servers as you cannot bind to an IP Address with a single port, such as port 80. If you have tried to add multiple IPs, and bind to them, you may hav noticed this fail. This is due to a very simple configuration in IIS.
To Add multiple IP address’s, right click on your network adapter and click properties.
Enter the DNS information from your ISP, the default gateway, subnet, and your IP address.
Add an IP address, higher IP address than is required by DHCP such as 100+.
Open the command line, and run the following.
cd C:InetpubAdminScripts
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE
This disables IIS from listening to the default IP address and run .
%SystemRoot%system32inetsrviis.msc
Select the Default Web Site, and right click opening properties.
Set the IP Address to an IP that is free and does not already have a server listening on port 80. Clicking Advanced you can bind IIS to a number of IPs or Host headers (Domains [www.ajohnstone.com], leaving the host header blank sets it as the default address).>
Now open httpd.conf
Modify the line.
“Listen 80″ to “Listen 192.168.0.100:80″ with the IP address you wish to bind it to.
Also update the “NameVirtualHost *:80″ in the same fashion to “NameVirtualHost 192.168.0.100:80″
Now open the hosts file. (C:\WINDOWS\system32\drivers\etc\hosts)
127.0.0.1 localhost 192.168.0.99 IIS 192.168.0.100 Apache
now restart apache and your set.
In: General
17 Oct 2005When adding an application mapping for aspnet_isapi.dll, I noticed when invoking an webservice IIS would throw a 404. This is due to a flag being set to 5, which is the default. Either by editing the MetaBases XML in IIS6 or modifying the MetaBase in IIS5 with MetaEdit. You can alleviate this by setting the flags to 1 rather than 5…
.asmx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
ScriptMaps=".asa,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE .asax,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .ascx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .ashx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .asmx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .asp,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE .aspx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .axd,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .cdx,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE .cer,C:\WINDOWS\system32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE .config,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .cs,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .csproj,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .idc,C:\WINDOWS\system32\inetsrv\httpodbc.dll,5,GET,POST .licx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .rem,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .resources,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .resx,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .shtm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST .shtml,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST .soap,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .stm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST .vb,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .vbproj,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG .vsdisco,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG .webinfo,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG" WAMUserName="IWAM_DESTINATION" WAMUserPass="4963446270000000220000004000000068e601bbb4cd522a30c1ca97ae55868624ec7c6aec49da59aac18be039b5b0fc195649004e0044003efa28484ba3debde850c532c04d1fd358ac8a336aa43edd350be4a651de10b0012adadff0af6f380669ca5a86da004d61ed65ac4c2d8bfda776313e37d30109" WebSvcExtRestrictionList="1,*.dll 1,*.exe 1,C:\WINDOWS\system32\inetsrv\ssinc.dll,0,SSINC,Server Side Includes 1,C:\WINDOWS\system32\bitssrv.dll,0,BITSEXTS,BITS Server Extensions 1,C:\WINDOWS\system32\inetsrv\asp.dll,0,ASP,Active Server Pages 1,C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll,0,ASP.NET v1.1.4322,ASP.NET v1.1.4322 1,C:\WINDOWS\system32\inetsrv\httpodbc.dll,0,HTTPODBC,Internet Data Connector 1,C:\PHP\Distributions\php-5.0.4-Win32\php5isapi.dll,1,,PHP 0,C:\WINDOWS\system32\inetsrv\httpext.dll,0,WEBDAV,WebDAV 1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\_vti_aut\author.dll,0,Windows SharePoint Services,Windows SharePoint Services 1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\_vti_adm\admin.dll,0,Windows SharePoint Services,Windows SharePoint Services 1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\shtml.dll,0,Windows SharePoint Services,Windows SharePoint Services 1,C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\isapi\owssvr.dll,0,Windows SharePoint Services,Windows SharePoint Services 1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\fpcount.exe,0,FPSE,FrontPage Server Extensions 1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\shtml.dll,0,FPSE,FrontPage Server Extensions 1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_adm\admin.dll,0,FPSE,FrontPage Server Extensions 1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_aut\author.dll,0,FPSE,FrontPage Server Extensions 1,C:\Program Files\Common Files\microsoft shared\web server extensions\50\isapi\_vti_adm\fpadmdll.dll,0,FPSE,FrontPage Server Extensions" >
In: General
17 Oct 2005A colleague recently asked me, how he could Change the Drive Letter of a Mounted Device, when he removed a Device. I’m not sure of a reason to do this, however for future reference, i’ll leave a note here…
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\C: HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\D: HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\E: HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\F: HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\G:
Simply rename the Value Name of each Key in the registry using regedit.
In: General
17 Oct 2005Lately, I have been having a few problems with a very strange quirk, and have not been able to find the source of the problem as of yet. Currently I am authenticating over Netilla and also through Swivel implementation . All of this works correctly, however when NT Auth is enabled IE either hangs or throws a DNS error. I’m not sure exactly, how hosting & operations have implemented NT Auth, so i’ll have to look it up when i’m able to access the VPN and update this accordingly. Although this seems like a possibility.
“You can produce a problem by pressing reload fast and often. The connection is forced into reset each time, and sometimes Internet Explorer is sending a msg3 to an apache process that didn’t send the msg1 yet. I’m not sure weather this is an apache or Linux or IE problem. It could be resolved by caching credentials, which is unsafe and involves neat things like file locking and mmap(). “
using mod_ntlm_winbind
AuthName "NTLM Authentication thingy" NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user require user
In: PHP
17 Oct 2005PHP-5.1.0RC3 just released 20 minutes ago:)
http://downloads.php.net/ilia/php-5.1.0RC3.tar.bz2
6f48ee0b43f54dff8f9e683d337885c1http://downloads.php.net/ilia/php-5.1.0RC3.tar.gz
7091baf5ebb8b93d715ac5e9dd4b7ce3
“I anticipate
a final RC candidate to be released no later then October 31st, 2005.
This will then be followed by 5.1.0 stable within 1-2 weeks.”, Ilia Alshanetsky
In: PHP
28 Aug 2005With the recent release of PHP 5.1.0 RC1, I have noticed a release of Zends Session Clustering that their marketing team had mentioned was due for a release (I assume this to have been delayed). Whilst I have been using standard file based session’s for an on going project, I hit an unusual stumbling block with a very expensive operation to create sessions in a clustered enviroment. Unfortunately I never did find the cause as to why session start caused such overhead, however this was ironed out. It will be interesting to see how Zends Session Clustering would work inline with this project.
Reading through some documentation i’m a little apprehensive as to Zends solution for Session Clustering.
In this module sessions “reside” on the server where they were first created. These sessions are subsequently delivered to other servers in the cluster, by having the alternate server request the session data from the original server. This means a fully distributed solution – delivering high performance, linearly scalable solution utilize existing hardware investment, while ensuring the ability to continue growing.
Zends Session Clustering utilizes a daemon to allow clustering of sessions, currently our in our enviroment sessions are persisted to one dedicated server, the master.
After reviewing MultiMap, I decided to demo StreetMap and in conclusion they both have fantastically appalling interfaces. Whilst MultiMap’s implementation appears to be more flexible allowing information to flexible, these interfaces demonstrate the extreme basics of their services. The only information required to implement a store location facility is a PostCode, Longitude and Latitude and the only information worth while is currently the information I found from the royal mail for PAF data. The only value I have found in these services are the use of the mapping functionality and is the only reason I am using there trialing there services.
I recently started playing with a couple trial accounts from multi-map for a client of ours. I was quite surprised it is actually running Coldfusion and MySQL. Whilst I have heard of MySQL supporting GIS and Spatial data, I have never seen an implementation or known of one until now.
Whilst playing with Multimap I found a couple bugs within 5 minutes, the first being a problem with some calculations on tabular data types with CF complaining about LEFT(MID etc…
The other was a rather poor implementation of their user interface. I generally do things backwards and as a result rather than clicking through step 1 – ~6 I started at 6. This resulted in CF having trouble with creating a table in MySQL and obviously thowing an error. From what I can gather it is a very simple implementation, of which lat and lon coordinates are populated from their data.
Data
Bug One (MySQL Table Creation)
As you can tell this is a really poor interface, apparently they were reviewing the current interface according to one of their technical guys… If you skip a step you will most likely thow an cold fusion error:(
I implemented my own version, however the data I acquired was inaccurate and varied within roughly 1-2 miles as well as being a very limited on the amount of information it contained. I also received the sample RAW PAF (Postcode Address File) data from the Royal Mail, and having a look through seems very detailed, although not quite what I was looking for…
All credit due to the Multimap staff, as they managed to fix both bugs within the hour.
Some Costs for Multimaps services, the two I was interested in were Inline and StoreFinder. There are two seperate costs the first being per usage. Of which the costs are as follows:
Fee Schedule
No set up costs or annual license fee for this service. Buy deliveries in advance.
Advance purchase of map deliveries:
20,000 deliveries : £500
50,000 deliveries : £1000
100,000 deliveries : £1800
200,000 deliveries : £3000
500,000 deliveries : £5000
And Annual Fees…
“Annual fees for services are charged per template set required. Use of maps in multiple countries carries an extra annual fee of £1,000 per country (a cap can be discussed).
HTML Storefinder £3,500
XML Storefinder £4,000Adding filtered search from £500 for HTML versions”
I have been a developer for roughly 10 years and have worked with an extensive range of technologies. Whilst working for relatively small companies, I have worked with all aspects of the development life cycle, which has given me a broad and in-depth experience.