Thursday, August 28, 2003

CFYEILD

Here's an idea for a new tag in ColdFusion, CFYEILD. Consider a web site that receives a several concurrent requests. ColdFusion will create N threads to process the requests, if there are more than N concurrent requests, they sit in a queue.

The java thread object has a method called yeild() which when called allows other threads to run, it's kind of a way of saying, if anyone else want's to cut in front of me and take the processor go ahead. On unix the nice command allows you to lower the priority of a process.

What I'm getting at would be a way for a CFM file or application to tell the app server that, I'm not important, or perhaps, I am important. Perhaps you would say your main pages should have highest priority, while other pages may be queued longer.

Just throwing out an idea, not much of a priority for me, but perhaps some people would find it useful. I'd much rather see a CFIMAP in the next version of CF (BlueDragon already has a CFIMAP tag).

Wednesday, August 27, 2003

A Good, Free Log File analysis tool - awstats

There are a lot of free http log file analysis tools out there that haven't been updated since the mid 90's, awstats however is both free, and up to date. It looks a bit like web trends (though I haven't used web trends in several years). Here's an online demo. awstats can be used on several web servers including IIS, and Apache. You can either have generate static html files, or run with a perl script in the cgi-bin.

Here's a quick rundown of setting it up on unix/apache

Each virtual web site you want to track stats for should have a file /etc/awstats.sitename.conf the directives for the configuration file can be found here: http://awstats.sourceforge.net/docs/awstats_config.html they also provide a default conf file in cgi-bin/awstats.model.conf you can use this as a base.

Make sure your log files are using NCSA combined format, this is usually done in apache by saying CustomLog /logs/access.log combined you can use other formats but you have to customize the conf file.

You will probably want to edit the LogFile directive to point to where your logfile is stored, SiteDomain this is the main domain for the site, HostAliases lets you put in other domains for the site, and the DirData directive lets you specify where the awstats databases will be stored (each site will have its own file in the directory).

Once that is setup you will want to update the database this is done from the command line by running

perl awstats.pl –config=sitename –update 

Now copy everything in the wwwroot folder to a web root, and visit http://sitename.com/cgi-bin/awstats.pl if you want to view other domains use /cgi-bin/awstats.pl?config=othersitename

Where sitename would be the name of your config file awstats.sitename.conf

If you want to generate static html files run the awstats_buildstaticpages.pl script found in the tools folder. You have to give it the path to the awstats.pl perl script, and a directory to put the static html files in.

perl awstats_buildstaticpages.pl -config=sitename -awstatsprog=/web/cgi-bin/awstats.pl 
  -dir=/web/stats/sitename/

More setup info can be found here: http://awstats.sourceforge.net/docs/index.html

Moving SSL Certs from IIS to Apache

I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

  • Run mmc.exe
  • Click the 'Console' menu and then click 'Add/Remove Snap-in'.
  • Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
  • Select 'Computer Account' then click 'Next'.
  • Select 'Local Computer' and then click 'OK'.
  • Click 'Close' and then click 'OK'.
  • Expand the menu for 'Certificates' and click on the 'Personal' folder.
  • Right click on the certificate that you want to export and select 'All tasks' -> 'Export'.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
Next run openssl to extract the private key, and the cert file.
# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key

Wednesday, August 20, 2003

MyIE2 - IE Based fast web browser

MyIE2 released a new version of their web browser this week. I downloaded it today, and I'm quite impressed. MyIE2 uses MS IE to render and display content so everything that works in IE, works the same in MyIE. MyIE has a much smaller memory footprint than MSIE. I ran a quick test by visiting 3 web sites in both web browsers and recording the memory usage. MSIE was using 24MB of ram, while MyIE2 only used 8. In addition to being faster than MSIE it also has more features:

  • Tabbed Browsing
  • Support for IE Plugins (like the google toolbar)
  • Popup blocking
  • Ad blocking
  • Whois queries
  • Translation
  • Skinnable

It's a 1.7mb free download

Tuesday, August 19, 2003

SoBig - SoAnnoying

I was receiving the SoBig virus at a rate of over one message per minute today. Most of them were sent to pfreitag@cfdev.com I disabled this account today so I could get some work done. I am *not* going to enable that address again once the virus subsides, I mainly get spam and viruses sent to that address. So if you need to contact me use my primary address: pete at the domain cfdev with the .com top level domain (try and figure that one out spam harvesters!).

The Google API - CFX_Google

When the google api (an web service to use google's services) came out last year, I wrote a Java CFX tag called CFX_Google avaliable for free download with source code from cfdev. The CFX tag supports searches, and spell check, and returns results in a query object, there is an example and documentation.

Jason Dowdel asked me today if the tag was up to date. Our zip file includes the googlelib.jar file dated May 2002, the latest google api contains a googlelib.jar file dated Aug 2002. You should be able to replace the googlelib.jar file we provide with the latest jar from google without problem. I will update the zip on our site when I have a chance.

Monday, August 18, 2003

Real World Linux Security

Linux Security I read part of Real World Linux Security this weekend. It's a very detailed book that covers a wide range of security topics, from an author with lots of security experience. Some of the topics include adaptive firewalls (that log and block out intruders), how to be prepared in the event that a breach does occur, how to find Trojan's that may have been left after an attack, how to setup a fairly secure online ordering system that stores credit card numbers, and so on. From Amazon:

A hands-on guide to protecting Linux data from security risks. Introduces readers to the seven deadly sins of Linux security, showing how to set up firewalls, break in case studies, block spam, develop internal security policies, and recover from an intrusion quickly.

Thursday, August 14, 2003

Cross Platform Techniques

The post I lost earlier today due to the power outage had a simple way of checking to see if your on a unix OS at runtime, and also some tips for writing cross platform coldfusion.

<cfset isUnix = Left(cgi.cf_template_path, 1) IS "/">

<cfset pathSeperator = "\">
<cfif isUnix><cfset pathSeperator = "/"></cfif>

<cfoutput>
Running UNIX: #YesNoFormat(isUnix)# <br />
Path Seperator: #pathSeperator#
</cfoutput>

The first line check to see if we are running unix by checking the first character of a path, if it begins with a /, then we are running unix. You can also do something like this isUnix = server.os.name IS "UNIX" to set that variable, but I think my method may be a nudge faster because it doesn't deal with a synchronized scope (server scope), and it's checking a smaller string.

The next two lines find the path seperator using the same techinique, there are several ways of doing this as well, you can use the java System properties hashtable for instance. It should be pointed out that CFFILE and CFDIRECTORY will accept front slashes on windows, so one option is to just always use / to keep your apps cross platform, this can create messy paths sometimes however..

It is not very difficult to write cross platform applications in CFML as long as your aware of the differences on windows and unix, here are some of the common gotcha's

  • Application.cfm - Application.cfm must have the exact case I'm using here.
  • OnRequestEnd.cfm - Also must have the case I'm using here.
  • CFINCLUDE Template Case - The template path in your CFINCLUDES is case sensitive on unix, you can use my coldfusion code review tool to find templates with incorrect case, as well as missing templates. It will also check the case on your Application.cfm and OnRequestEnd.cfm files in addition.
  • Links, Images case sensitive - All paths to links, images, stylesheets, must be case sensitive as well, there is a workaround for this one however. If you install mod_speling in apache it will redirect the client to the proper page. This may not work all that well for images, stylesheets, or form posts however.
  • CFEXECUTE - CFEXECUTE will still work on unix but the applications your executing may not.
  • COM - not supported on unix.

So those are the main issues in porting a windows CF app to unix, the main thing to remember is case sensitivity.

got power?

I just got my power back about an hour ago (I'm in Syracuse NY). I was in the middle of posting a long blog entry when we lost our internet connection this afternoon, and I lost the entire post when I submitted it, I'll rewrite it later... Our office still had power when I left, but as I biked (I cycle to work whenever I can) out of the city, I could see street lights out, there was a bad accident in one of the intersections too. I was able to bike right through, but cars had to be detoured. I can imagine its much crazier in NYC though!

Wednesday, August 13, 2003

Search Engine Safe URL's in Apache 2

I've figured out an easy way to employ search engine safe url's on unix and apache2. It has always been possible to implement them with mod_rewrite, but its difficult to do globally for url's like this: www.site.com/page.cfm/id/4

Here's the script

<cfif NOT Find(".", cgi.path_translated)>
	<cfset webroot = GetPageContext().GetServletContext().getRealPath("/")>
	<cfset query_string = RemoveChars(cgi.path_translated, 1, Len(webroot))>
	<cfset urlArray = ListToArray(query_string, "/")>
	<cfset urlArrayLen = ArrayLen(URLArray) - 1>
	<cfloop index="i" from="1" to="#urlArrayLen#" step="2">
		<cfset url[urlArray[i]] = urlArray[i + 1]>
	</cfloop>
</cfif>

So you just need to include that in your Application.cfm, or in pages that need to use search engine safe url variables. NOTE that I'm pretty sure this will only work on Apache 2, and may need some tweaking to get it to work on windows with apache (probably just have to make sure the paths use /). This was tested on Apache 2.0.46 on Redhat9, it also works in a multi-homed environment (virtual hosts). One thing it will ignore are query string's with dot's in them.

I will write up an article explaining how this works when I have more time, but for now enjoy the code.

Tuesday, August 12, 2003

Google Calculator
To use Google's built-in calculator function, simply enter the expression you'd like evaluated in the search box and hit the Enter key or click the Google Search button. The calculator can evaluate mathematical expressions involving basic arithmetic (5+2*2 or 2^20), more complicated math (sine(30 degrees) or e^(i pi)+1), units of measure and conversions (100 miles in kilometers or 160 pounds * 4000 feet in Calories), and physical constants (1 a.u./c or G*mass of earth/radius of earth^2). You can also experiment with other numbering systems, including hexadecimal and binary.

That's quite a handy feature, but I was dissapointed to see that it cannot solve simple algebra problems such as: x+5=10. Still very clever on google's part.

Worm's a comin'

Feel's like a storm is brewing, I've gotten a few emails today from various security lists about the W32/Blaster worm. This worm effects Windows NT 4, 2000, 2003, and XP, here's the info from M$. Block ports 135, 139 and 445 (RPC DCOM) in your firewall.

By the way here are few security mailing lists you should be on if you run windows and or you have a computer connected to the internet:

Thursday, August 07, 2003

Searching without Verity

Sometimes you need to search a database query without using verity. In general Verity should be used when possible, because it will yeild much better results, at better performance than the solution I'm about to show. But there are reasons for not using verity, for instance compatibility with BlueDragon, a highly customized search query, or a shared host that doesn't allow it.

Single keyword searches are easy using the LIKE operator in SQL WHERE column LIKE '%something%'. If you need to search using multiple keywords, its a harder. Here's an exmple

 SELECT stuff FROM table
 WHERE column LIKE '%#Replace(Trim(q), " ", "%' OR column  LIKE '%", "ALL")#%'

Here column would be the database field your searching and q would be your search string. Basically that code replaces all spaces with:

%' OR column like '%

So if your search string is "Monday Tuesday" the resulting query would be:

WHERE column LIKE '%Monday%' OR column LIKE '%Tuesday%'

You can ofcourse easily replace the OR with an AND, or use a variable.

Tuesday, August 05, 2003

Classpath Migration Issue in CFMX 6.1

I Installed CFMX 6.1 on our live server today, and found that my Java classpath settings had been screwed up during the migration process. All the slashes were missing in the path, so a path like c:\java\activmail.jar would show up as c:javaactivmail.jar in 6.1.

The server in question was running Win2k, which had been upgraded from CF5 - CFMX - Updater 3 - CFMX 6.1 in its lifetime. Just keep an eye out for it after you install, and backup your settings before upgrading.

Update
Rob Brooks-Bilison had already run into this. The solution is to use front slashes. So if you have set any custom classpaths in CFMX on windows convert the slashes to forward slashes before upgrading.

Another Update
Debbie Dickerson pointed out on the CF-Talk mailinglist that this is in the CFMX 6.1 known issues document. Issue 53031

Updating ColdFusion Studio / Homesite for CFMX 6.1

If your going to apply the Homesite CFStudio Tag Updater for CFMX 6.1 make sure you first apply the CFMX 6.0 tag updater it doesn't appear that the 6.1 updater is cumulative.

CFML Language History

Macromedia's web site is going to be busy today, lots of new stuff on there today. They released a CFML Language history document, that details the changes since CF 4.01. That is handy for me because I usually have to write CFML code that runs on multiple versions. I'm sure many consultants, and free lancers work with several different servers as well. Hopefully this will be integrated into the live docs soon.

Dan G. Switzer, II pointed this out on the cfguru list, thanks!

RedSky at Night Sailors Delight!

Macromedia Released ColdFusion 6.1 early this morning (code named RedSky). I'm really impressed with it, and I will be updating our server with it today.

Several people have posted blog entries about it already.

  • Dan G. Switzer, II keep a list of all related articles
  • Sean Corfield has several posts including DevNet articles, and info about the new LiveDocs site (which his team worked on, good job)

Friday, August 01, 2003

Interim RSS Feed

I have a RSS feed for this blog again - you can use it until I move the blog somewhere else: http://www.wcc.vccs.edu/services/rssify/rssify.php?url=http%3A%2F%2Fcfm.blogspot.com