The other day I did a quick hack using Raindrop & Jetpack to get new mail notifications from Raindrop.  In total it took me less than an hour.  It’s no Joe Shaw hack, so I don’t expect to get in the paper for this but I figured I’d share anyway.

This Jetpack checks Raindrop to see if there are new messages and bubbles them up as notifications if there are.  Here’s the source code:

var messages = {}; 

function checkMail() {
 var api="http://localhost:5984/raindrop/_api/inflow/conversations/home?limit=10";
 jQuery.getJSON(api,
               function(data, textStatus){
                 jQuery.each(data, function(i,item){
                   if (item.unread) {
                     if (!messages[item.id] || messages[item.id] != item.messages.length) {
                       var n={title: item.subject,
                              body : item.messages[0].schemas["rd.msg.body"]["body_preview"],
                              icon : 'http://localhost:5984/raindrop/inflow/i/logo.png'};
                       jetpack.notifications.show(n);
                     }
                     messages[item.id] = item.messages.length;
                   }
               });
 });
}
setInterval(checkMail, 10000);

To try this out you’ll need Raindrop installed and running and Jetpack installed in Firefox.

Go to about:jetpack and copy the above code into the Develop tab, then click the try out this code link just below the Bespin editor.

If you don’t want to do all that you can just watch the video below (no sound, so you might want to play some music)

View on Vimeo.

It’s the holiday season yet again. Usually I participate in holiday charities though work, but this year there doesn’t seem to be much going on in the office beyond yearly charity contribution commitments. I got a catalog from Heifer International yesterday and after a little bit of background checking I’ve decided that this year I’m going to go with it.

I like the option of Bees in the catalog and the ability to donate as little as $10 for a concrete cause. You can find the online catalog on their website.

Before you make any contribution to a charity you should do a little homework, for reference “Things you need to know before giving to a charity”.

From wikipedia:

Heifer International works to ensure that the gift of each animal will eventually help an entire community to become self-sustaining. Animals such as goats, water buffalo and camels are “seven M” animals: they provide meat, milk, muscle, manure, money, materials and motivation. Once its immediate needs have been met, a family is free to sell any excess at market. Heifer International provides a breeding animal along with the gift animal so that it can produce offspring. Participating families are required to “pass on the gift”, that is: they must give at least one of the female offspring to a neighbor who has undergone Heifer’s training. In time, that neighbor will pass along one of the offspring of its animal, and so on.

A 2007 report by the Better Business Bureau’s Wise Giving Alliance (WGA) found that Heifer International met all of its standards for charity accountability

If you need any more encouragement, here is Alton Brown pitching for them.

stevenf:

Turtles all the way down:

I accidentally VNC’ed into the computer I was already using. And in that moment I saw God.

I knew there are some issues with using onRequest in your Application.cfc and web services, but I didn't think there were any issues with onRequestStart and ColdFusion 8 SOAP web services.

Today while working on one of my clients web services I started getting the error org.xml.sax.SAXParseException: Premature end of file. on any web service call. The web service worked fine a few days ago.

The problem was that another developer added the following to the existing onRequestStart:

<cfset var headers = GetHttpRequestData().Headers>

Apparently will cause bad things to happen. As a workaround I thought this would be a great use for the function IsSOAPRequest() added to CF7, I've never used it.

Well it turns out that IsSOAPRequest() always returns false in onRequestStart! (On ColdFusion 8, I haven't tested this on 9)

I ended up using arguments.targetPage to condition calling GetHttpRequestData() and all was well.

Here's the full stack trace I was getting:

org.xml.sax.SAXParseException: Premature end of file.
	at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
	at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
	at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
	at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
	at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
	at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
	at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
	at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
	at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
	at org.apache.axis.server.AxisServer.initSOAPConstants(AxisServer.java:345)
	at org.apache.axis.server.AxisServer.invoke(AxisServer.java:279)
	at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
	at coldfusion.xml.rpc.CFCServlet.doAxisPost(CFCServlet.java:270)
	at coldfusion.filter.AxisFilter.invoke(AxisFilter.java:43)
	at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273)
	at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
	at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
	at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
	at coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:27)
	at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
	at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.xml.rpc.CFCServlet.invoke(CFCServlet.java:138)
	at coldfusion.xml.rpc.CFCServlet.doPost(CFCServlet.java:289)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
	at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
	at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
	at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
	at jrun.servlet.FilterChain.service(FilterChain.java:101)
	at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
	at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
	at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
	at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
	at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
	at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
	at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
	at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
	at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

Coding Horror is usually a good read, sometimes it’s just way too long and I skip it, but there are a few posts that are memorable. The one from earlier this week called Parsing HTML the Cthulhu Way was spectacular.

Even Jon Skeet cannot parse HTML using regular expressions. Every time you attempt to parse HTML with regular expressions, the unholy child weeps the blood of virgins, and Russian hackers pwn your webapp. Parsing HTML with regex summons tainted souls into the realm of the living. HTML and regex go together like love, marriage, and ritual infanticide. The cannot hold it is too late. The force of regex and HTML together in the same conceptual space will destroy your mind like so much watery putty. If you parse HTML with regex you are giving in to Them and their blasphemous ways which doom us all to inhuman toil for the One whose Name cannot be expressed in the Basic Multilingual Plane, he comes.

It just gets better from there. Which leads me back to my google reader inbox where Jay Huie shared a link to Parsing HTML in Python with BeautifulSoup. This reminded me of a little pet project of mine from a couple months ago. I had given up on it, due to parsing html formatted logs with regex. On monday after reading the coding horror article I dusted it off and was able to fix it up with beautiful soup within an hour.

All of this is a long way of saying don’t reinvent the wheel and if you need to work with HTML in python use BeautifulSoup.

Also all hail Cthulhu.

Demented and awesome at the same time.

Take that VMware!:

The Karate Chop:

vmware-cmd /vmfs/volumes///.vmx stop

or The Finger of Death (Be warned this no holds barred move will attempt to kill the VM instantly):

vmware-cmd /vmfs/volumes///.vmx stop hard

I think this may be a holiday project, I haven’t played enough with my Arduino and I think it might be a nice way to hassle the cat.

copycats:

Good Ol’ Fashion Rump Shaker by The Hood Internet
Good Ol’ Fashion Nightmare by Matt and Kim + Shake Your Rump by The Beastie Boys
(posted by Nathaniel James)

—

Edit: The original Beastie Boys song was “Shake Your Rump,” not “Rump Shaker” as previously noted. My bad, however this was posted during a bout of insomnia.

Well, it’s interesting.

Just as SSL Certificates were starting to become really inexpensive, they figured out a way to start charging more money again. Enter the Green Address Bar, Green Certs, or officially known as an Extended Validation Certificate (EV Cert)

The latest browsers will display these certificates differently than regular certificates. For example here's PayPal Extended Validation Certificate shows up green in FireFox 3.5:

A regular SSL certificate would look like this:

The following browsers display extended validation certs green: Internet Explorer 8, Firefox 3.5, Safari 3.2, Opera 9.5, and Google Chrome.

The Extended Validation Certificates do require you to provide more information in order to obtain one.

• You must be a valid and verifiable legal entity (Government agencies, Corporations, General partnerships, Unincorporated associations, Sole proprietorship's).
• The employment and authority of the person placing the certificate order must be verifiable.
• A legal opinion letter (from an Attorney, or Accountant) may be required to confirm that the requester has the authority to obtain SSL Certificate(s) on behalf of the company
• The entities must have a conformable physical existence and business presence.

Pricing of the extended validation certificates will typically be at least twice as much as a regular certificate. For example you can get a domain ownership verified SSL certificate from GoDaddy (not a green cert) for $29 a year. The lowest price I have seen for an extended validation certificate is $99/year at Godaddy

• Godaddy - Green Certs start at $99/year
• Verisign - Green Certs start at $995/year
• Entrust - Green Certs start at $275/year
• Thawte - Green Starts at $599/year

The risk in going with the lower priced certificate authorities is that their signing certificate may not be recognized by old software, which would give a warning that the certificate cannot be trusted.

http://www.flickr.com/photos/ame/ / CC BY-NC-SA 2.0

Shortly after I moved to Portland I was at a business conference telling co-workers how much I liked it. Another dude at the table was from San Francisco turned to me and said,

“Seriously? Portland, it has the worst of the weather and the worst food on the west coast, you could have at least made it to Seattle.”

I’d only been a resident for a couple weeks and didn’t have the ammo to back up what I thought was a pretty decent scene. Since then I’ve come to know and love Portland food. There were tons of hidden gems, but they are becoming less hidden. In particular the Portland Food Carts are pretty awesome. In no particular order:

• PDX Food Cart Pool on Flickr
• MSNBC on PDX Food Carts
• MSNBC on foodcartsportland.com
• Gourmet on Portland Street Food
• NYTimes Video on Portland’s Food Cart Scene
• FoodCartsPortland.com

Impossible Things #2. Lovely song by Looper which is really 1/4 of Belle & Sebastian.

Buy at lala

Here are the slides for my Writing Secure CFML presentation given to the New York City ColdFusion Users Group November 10th, 2009. Enjoy.

Build a Cheap But Powerful Boxee Media Center - Boxee - Lifehacker:

Some notes on turning a beige box into a boxee powerhouse. Kinda challenges my Tivo / pyTivo / NAS setup. I’m thinking the Dell Zino HD might make a better machine (pricewise at least) but some quick…

So on I’m torn on this, on one hand … Dude, it’s journey. On the other hand this is what happens when you let Matt & Kim make records.

Side note, if you go to the youtube page there are seriously a ton of ukulele covers of ‘Don’t stop believing’ . This is why we can’t have nice things.

In general I like mint’s infographics a lot. This one just doesn’t click with me though. I’m not grokking tax units or the amount of their income which is making up their share of the total.

Dude, this is flocking is amazing.

Do you access a WordPress installation on a web server without HTTPS? If so, your passwords are sent in plaintext every time you login, register for accounts, add new users through the admin interface, and change user passwords.

Unfortunately, if you use a professional web host, there is a good chance that you are stuck in a situation where you use WordPress for your blog or website but cannot use HTTPS to secure your access to your WordPress installation. This can be caused by anything, such as: HTTPS is simply not offered, HTTPS costs quite a bit extra to have enabled, your WordPress installation is in a shared hosting environment, or multiple domains you own are tied to your hosting account in a way that complicates the issuing of certificates and setup of HTTPS.

Fortunately, there is a solution (actually, one of many) for WordPress fans to improve the sending of passwords over HTTP.

Semisecure Login Reimagined is a plugin for WordPress that implements client-side (browser-side) encryption in JavaScript, complete with the use of nonces to prevent against replay attacks (note that this plugin is NOT designed to necessarily protect against session hijacking). My installation instructions are at the bottom of this post.

Plugin Details:
About link: WordPress Plugins Directory/Semisecure Login Reimagined
Requires WordPress version: 2.7 or higher
Tested with WordPress version: 2.8.6 by me
Plugin homepage link: Moggy’s Website/Semisecure Login Reimagined v3
Author homepage link: Moggy

Description of plugin from the WordPress plugin directory:

“Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.”

Automatic installation instructions:

1. Login to your WordPress installation through the admin interface as one of your administrator-privileged users (http://your-site-url-here/wp-admin/), and be sure to do this from a trusted, non-public Internet connection, on a private network and not over a wireless connection.
2. Click on Plugins on the left navigation bar.
3. With Plugins selected, there should now be an Add New link just beneath Plugins in the left navigation bar. Click on Add New just beneath the word Plugins.
4. On the Install Plugins page under Search, be sure that Term appears in the drop-down (else click the drop-down arrow and select Term) and then enter in the search box to the right of Term “semisecure login reimagined” exactly as shown (but without the quotes). Click Search Plugins.
5. In the search results, Semisecure Login Reimagined should appear. All the way on the right-side of that result should be an Install link. Click on Install.
6. In the box that appears, click on the (red) Install Now button.
7. On the results page, click on Activate Plugin. You now have secure login wherever available, but we can do better (so keep reading the following steps).
8. Click on Plugins on the left navigation bar.
9. Under Semisecure Login Reimagined, click Settings to edit that plugin’s settings.
10. Note the Wikipedia quote stating, “RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030.” In the Number of bits drop-down, select the number of bits you wish for the encryption to use. 1024 is the default (faster performance) but is likely to be easily-crackable by the end of 2010, 2048 is considerably better at present, and 3072 might be even better (but will have slower performance). You should pick what you feel most comfortable with, or if you are unsure and this is for a blog that you and possibly a few others manage I would recommend picking 2048 for better security and a slight performance decrease (only during authentication).
11. Click the Generate Key button.
12. Click Misc Settings up near the top of the page.
13. Check the box next to Encrypt passwords when managing users?. Congratulations! Now not only are your initial login passwords encrypted, but also passwords entered when adding new users, changing passwords, etc.
14. (If you experience problems logging in, likely due to caching issues, set the Nonce setting to Asynch (Ajax). Otherwise, you can probably just leave this setting as-is.)
15. Click the Update Options button.

Log out, log back in, and on the login page you should see a little message stating, “Semisecure Login is enabled,” just below the Password entry box. Congratulations, your passwords are no longer being sent in plaintext!

If you like this tutorial, please share it with others, link to this post, and let me know!

This FNR I continued work on the blinky blink NXT LED fish! I added wheels to it, sensors, and the NXT brick. Basically, this now makes it a ‘portable fish tank robot’!

The idea stemmed from the want to make a robot that can drive around on a table but not fall off. In particular, the table would be the table for the Autonomous Robotics Club at the admissions open house activity fair

Ultrasonic sensors are usually the best for this, since it depends on distance. Though, one could easily make a mechanism to trigger a touch sensor… or one could use a light sensor, but there is more possibility for error with a light sensor.

The design right now has the ultrasonic sensor sticking out more that that, since it wasn’t far enough out… this means that sometimes the NXT couldn’t tell the motors to stop in time, and it would fall off the table.

The motors are geared to be fast, since I want it to be fast like a fish!

The screen displays the ‘water level’ for the LED fish. In the picture, it used a method of drawing the level line by line, but I later refined it so that it uses a rectangle, and increments 3 pixels more so that it’s noticable when one presses the button.

The robot can zip around pretty quickly, which produces some interesting artsy stuff:

The LED fish are on the back of the robot, and the speed of their blinks is determined by how much ‘food’ they have. The more food, the more fast it is, the less food, the slower it is. When you press the button to feed the fish, it makes a bloop sound

The LED fish is what makes this project. No one can resist the power of super-cute LED fish. They’re just so happy!

Here’s a video of the robot in action. It’s running the old program, but it’s all pretty much the same thing

The code for this is pretty cool. The NXT can handle up to 10 different simultaneous tasks! I use this to check the sensors for food and water, drive the robot, and blink the LED fish at the same time. Now, I’m still experimenting with the code, which is why there are bugs, random functions, and no comments in it.

Eventually, I want to have the robot able to drive around in a square (a big square) autonomously. The square is around one of the dorm buildings, so there’s brick walls, stairs, fences, and people to avoid. I think it would be cool because the square is just so confusing at first. You can walk around it 5 times, and still think that you have gone somewhere.

Since a lot of smart people do this, if a robot does it we could imply that it is smart! Bahaha! Logic prevails!

I mentioned that this was originally intended for the activities fair. I also had MANOI there, doing its handshake routine! It went really good. We had a good 15 people show interest, which is surprisingly more than the orchestra, and the tables adjacent to ARC.

But, the table got hit by a frisbee. (Yes, my robot got hit by a frisbee) So, thanks to the jerks at the frisbee club, they messed up MANOI’s other knee (the good one– or what was the good one). So now MANOI has two bad knees, and can’t walk. The goal that I just obtained got wrecked. By a frisbee. Frisbee sucks, really bad.

(so, don’t join frisbee club, they’re morons)

This dude was selling kissing lessons. With out teeth $29 with teeth (some of them) $12.

topherchris:

All the East Coast people are asleep. Let’s talk shit about them.

Chilli pepper things at the Pike’s Place Market.

copycats:

Burning Down The House (Live) by Dave Matthews Band
originally by Talking Heads
(via mitchellgoldstein)

 What really changes? What stays the same?

Consider the statement "We live in interesting times". Is that true? But was that also true 10 years ago? 20 years ago? 100 years ago? 1000 years ago? you get the point. Do we really face harder challenges today than they faced 100 years ago? The challenges are different, but there are also so many commonalities. Let's consider first some of those commonalities that I think are too often ignored. We are so quick to notice the differences (in technology, etc.), but I think we don't put enough thought into the things that stay the same. First, and one of the most important things that are very common throughout history is people. People haven't really changed all that much. There has always been people that have tried to be helpful and people that have tried to hurt. Human nature is there, we all have strengths and weaknesses, and so it has been with the people that have gone before us. People need to interact with others; that hasn't changed. The types of interactions may change, but people still need to communicate with others in one way or another (If only simply to get food or other goods at the store). 

We can make a difference in the world. Individually we make choices everyday that affect others, in positive or negative ways. If you keep an eye out, you will notice so many friendly people in the world. People that help others, that are polite to one another, that hold doors or simply caution others of possible dangers. Even if you don't keep an eye out, you will probably see people that don't seem so friendly, those that are angry with things, frustrated, in a rush, busy, and just not happy with the situation that they are in. They may just be having a bad day and are not reacting well to it. They may in general feel bad about there circumstances. You know what I mean. We are all like these people from time to time. Hopefully not all the time though. Both of these types of people affect the world.

Our surroundings change, technology advances, but people are not that much different than people thousands of years ago. We still all have a choice each day to positively or negatively affect those that we come in contact with. Both or contagious. Contagious like the cold or the flu :) We can pass friendliness to others and they may not catch it, but a lot of people will. And that alone can make the world a better place to live in. 

These are my thoughts, but I draw inspiration from others that I come in contact with, things I read, and simply by living. I don't remember everything or everyone, but that doesn't mean that those things or person's didn't have an effect on me. Some things that come to mind related to this specific topic. Nathaniel LaGarry, who goes to my church, once gave a nice speech on society and specifically mentioned the concept of how we think we live in the hardest times, etc. and how that probably isn't necessarily true. I have read the blog of Bruce Schneier, a respected security professional, and I really think he makes some good points on people's perception of terrorism. For a good example of his opinions take a look at this article titled Beyond Security Theater. The basic idea is that terrorism has been very much made into movie plots and the actually reality of terrorism is much harder to accomplish than is perceived. And that simply taking away freedoms and acting different is not helpful compared to using old fashion investigation, emergency response, etc. My explanation is a very oversimplified, but hopefully enough to get you to want to read more. Finally, another story from the Bible comes to mind. The story of the first people born. God created Adam and Eve, but they had kids. Their first kid was Cain and there second kid was Able. Cain killed Able. The first man born was a murderer. Adam and Eve probably tried to be the best parents they could be. They (literally) talked to God. Cain and Able talked to God too. Able made an offering that was pleasing to God, but Cain's offering was not pleasing to God. Cain got upset and although he talked with Able, he ended up killing him. I think the reason that I am reminded of this story is that people are just people, doing the best they can with what they have. We all make mistakes and get angry with others. How we react to things really matters. Obviously we can see that Cain reacted very badly, but we can affect others just as much, both negatively and positively, simply with our words and our actions. I had a math teacher in high school that said "10% of life is what happens to you and 90% is how you react". There is a lot of truth in that. There's a song by John Lennon that has the words "Life is what happens to you when are busy making other plans". 

Make the most of life. When life gives you lemons make lemonade. Being nice is contagious :)

I am happy to announce today the release of FuseGuard Web Application Firewall for ColdFusion!

FuseGuard 2.0 is the new name for Foundeo Web Application Firewall, but we did a bit more than just change the name!

The biggest new features added to version 2 are the Web Based manager, and the database logger. The web manager main function is to provide reporting for the attacks against your server, but it also allows you to view configuration, and manage users.

Here are some screen shots:

The database logger currently supports logging to a MySQL, SQLServer, or Apache Derby database. We have made it really easy to create a database, and datasource using the embedded Apache Derby database support in ColdFusion 8 and 9 (just give it your coldfusion administrator username and password, and a datasource name).

On the security side of the product, the biggest improvement there is the File Upload Filter. This filter can block a file upload request before your cffile tag is executed based on a whitelist, or blacklist of file extensions that you specify. This means it can block those pesky MIME type spoofing attacks, and even the execute before delete vulnerability that caused Ben Forta's site to get hacked (existed prior versions of FCKeditor and Galleon Forums)

We also lowered the price on the standard version from $500 to $349, and the server edition was lowered from $1299 to $999

I would like to invite you to check it out and request a demo!

heather-rivers:

“It’s like there’s a gap. For the first couple years that you’re making stuff, what you’re making isn’t so good, okay … it’s not that great. It’s really not that great. It’s … it’s trying to be good, it has some ambition to be good, but it’s not quite that good. But your taste, the thing that got you into the game — your taste is still killer.”

Watch this, okay? Especially you creative types. It’s important.

Dead on.

So this blog is dead for the time being. I’m posting on a regular basis to twitter nowadays, so check me out there.

My twitter stream.

I will be speaking at the New York City ColdFusion Users Group meeting tonight at 6:30pm on Writing Secure CFML.

We will discuss several web application vulnerabilities that ColdFusion developers need to be aware of, and how to prevent them from being exploited in your Web Applications.

I have a few Foundeo ColdFusion Firewall t-shirts to give away, and we will also be raffling off a copy of it.

Foundeo will also be giving a world premiere of what we have been up to! Hope to see you there!

10 Geeky Laws That Should Exist, But Don’t | GeekDad | Wired.com:

Magnificent list of should be laws. in particular I like: 2. Lucas’s Law: There is no movie so beloved that a “special edition,” prequel or sequel cannot trample and forever stain its memory. 9….

Earlier this year, Michael Pollan posted a request for reader’s rules about eating on Well, Tara Parker Pope’s health blog. Within days, more that 2,500 responses were received. Here are 20 of Pollan’s favorites.

I’M NOT SLACKING… (on blogging). OK, well, seeing the title of the blog post pretty much means that I am slacking (on blogging). BUT I’VE BEEN DOING SO MUCH AWESOMENESS THAT IT NEVER STOPS IN TIME TO BLOG!!! WAHJKFHJKASLJKF!

Here is what I have been up to the past 4 weeks (in chronological order from oldest to newest):
- Got serial data (from BubbleBoy’s LDR) to go into Matlab very easily
- Read lots of robot books
- Wrote a paper on the ethical dilemmas of the 3 Laws
- Got iRobot to work (drive in a straight line)
- Got MANOI to walk
- Worked on a presentation for the paper
- Programmed MANOI to shake hands for the presentation (and I did this like 5 hours before the presentation and had a potential disaster, but it worked in the end)
- Worked on a cookie mover robot
- Got a CMU cam
- Ran a Girl Scouts Robotics Activity (cookie mover robot)
- Working on a MATLAB program for BubbleBoy that can make it speak, play songs on iTunes, use AI
- Working on a Processing sketch that displays RSS feeds, nicely

That’s 12 blog posts that I have to write! They are all really cool too… I think the programming MANOI to shake hands will be the funniest blog post.

This also means that I have achieved a goal that I have had for 3 years… MANOI can walk!

I’m also continuously working on improving my code from the summer that socializes a social robot using an artificial society. One of the main differences is that in the summer it only worked for 1,000 iterations. Now the program can do over 1 million iterations… until infinity! So I have to make the patterns more evident and last longer… which is a trial and error thing, really.

More later!

List of animals with fraudulent diplomas:

From the article:

In several cases, pet animals (most often cats) have successfully been “enrolled” in suspected diploma mills in order to investigate or demonstrate the fraudulent nature of the degrees issued by those institutions. Several such cases have received extensive media attention, and at least one cat’s degree helped lead to a successful fraud prosecution against the institution that issued the degree.

My question is why cats?

VMware ESX and ESXi Scripts & Resources:

I can’t even deal with how intense this guy is. vGhetto scripts to reimplement a lot of vSphere functionality. Of particular interest is ghettoVCBg2.sh but there is a lot of impressive stuff in here…

Anxiety - Lightweight To-do Management:

Nice todo manager, good options for how to bug you and how to get out of the way. Other features include integration with OS X calendar / mail backends and being free as in beer. I’ll see how long it…

The power of @clarkbw as seen by google analytics. I wrote up a quick post on running raindrop on ubuntu and this is what happened, I went from zero readers, to several hundred, down to about 20.

Rad.

At 8 AM on Friday morning, Joelle and I were at the Verizon store in Camillus checking out Verizon’s two new Android-based phones: the Motorola Droid and the HTC Droid Eris. Joelle got me the Droid as an early Christmas gift and, at the request of Ryan, I’m taking some time to post here about my initial experiences with the phone.

The Home Screens

These are the home screens on the Droid. There are three available and you switch between them by dragging your finger across the screen. You can put shortcuts to any applications you like anywhere on these screens as well as widgets that serve various purposes. You can see that I have a few shortcuts on my middle home screen (which is the main one) and on the top of each screen is a widget.From left to right: the Facebook widget which shows status updates from your friends, the Power Control widget which allows you to switch wi-fi, bluetooth, GPS and syncing on and off, as well as adjust the screen brightness (this is one of the best widgets I’ve found since these are otherwise buried in the settings menu, this is included by default as part of the OS), and finally the Weather Channel widget (which I have recently replaced with the Weather Bug widget). I’ve read elsewhere on the internet that having a lot of widgets can slow the phone down considerably and can also be a battery drain so I’m going to try to stay away from using them too much. The last picture on the right is a shot of the phone while locked. Touching and sliding the unlock symbol to the right will, obviously, unlock the phone. This screen looks slightly different if you have a security code set. In that case you would see a 3×3 grid of dots which you have to connect in the special way you picked in order to unlock your phone. You can also put the phone on silent by touching and dragging the speaker to the left.

The Phone

Next is the phone application itself. The dialer is easy to use and the tabs across the top of the screen make it easy to view your call log, choose from your contacts and access your favorites. The second picture is what the screen looks like when you’re receiving a call. To answer, touch and drag the green button to the right (to ignore, do the opposite). While you’re in a call, the screen shows who you are talking to and gives you options related to the phone call. You can easily add a person to the conversation using the “add call” button (a feature I have not tested), end the call, go to the dialpad (to enter DTMF tones at an automated menu, I assume), mute, and go to speakerphone.  One thing that’s really sweet is that the phone automatically turns the screen off while it’s touching your face (meaning you’re talking on it) and turns the screen back on when you pull it away from your ear (so you can end the call or whatever else you need to do). This prevents accidental button presses and works very well in my experience.  That last shot is just what the screen looks like after you end the call.

Miscellaneous Menus

These are just a few screen captures of random menus and such on the Droid. The settings menu obviously contains any setting you could ever hope for, including the SD card and phone storage settings. That shot shows how the Droid is limited to storing applications on its internal memory rather than utilizing the included 16GB SD card. This is an odd restriction but doesn’t seem to be a big deal so far since I have 10-15 apps installed and have barely used any of the internal memory. The apps menu lists out every app you have installed. Shortcuts can be dragged off of this menu and onto the home screen for easy access. That last shot is of the Android Market where you can search for applications to fill your every need.

The browser and other stuff

Here’s a shot of the browser in landscape mode. As you can see the entire width of the website is visible and you can zoom in by double tapping on the screen. The next shot is of the battery use menu which shows what applications/services are using your battery. As you can see the screen is the biggest culprit (I’ve since been trying to keep the screen brightness way down) with wi-fi being a close second. The last one here is the text messaging interface which is pretty simple but displays your texts in a conversation format, which is a big step up from my Windows Mobile phone.

Bonus Material

Those are most of the key things I’ve discovered so far. Below you’ll find a gallery of pictures with all the ones I’ve showed you so far with a few more I didn’t. One thing I didn’t take time to mention was the Barcode Scanner application which is capable of scanning normal barcodes found on items in the store (as seen in my picture where I scan the barcode on my propane canister and then have the app look it up on Google) as well as special 2D QR codes which can contain other data such as a URL. Below is the QR code that links to the Barcode Scanner on the Android Market. Scanning this code with the app will give you the option to open that application’s page in the Market. Edit: to download this application, search for “barcode scanner” in the Market; the application is named exactly that and will show up in the search results.

You’ll also find a couple bonus pictures in the gallery of my favorite novelty application so far. If you’ve watched any Star Trek you’ll recognize it as a Tricorder. It uses realtime data from the phone’s various sensors to fill the screen with all sorts of graphs and numbers, which is pretty awesome. Another application I really like is Gmote. Installing this application on your phone, coupled with a server component running on your computer, gives you full control of your desktop from the comfort of your living room couch. It has built-in compatibility with VLC (unfortunately, not Media Player Classic) and has the ability to control the mouse and keyboard of your computer using the screen as a touchpad and either the phone’s physical keyboard or the onscreen keyboard.

I am very impressed with this phone so far. It’s fast, easy to use and a lot of fun to play with. The only thing I haven’t liked so far is the battery life, but I have a feeling that will get better once I’m not playing with the phone every minute. If you have any questions please post them in the comments and I’ll do my best to answer them. Now, the gallery.

It’s a busy day on the internet. (via FFFFOUND)