Practical Programming

Those of you who do any cf programming have undoubtedly referenced Adobe’s LiveDocs quite a lot… however I find the way the site is structured to be a little slow with the frames and directory tree view. I noticed CFQuickDocs embedded as the default ColdFusion help in Eclipse (with the cf plugin) and it is nice and speedy…. check it out if you have time:

http://www.cfquickdocs.com

Uncategorized

One of the drives in the programmers.org server decided to die last night as I was running defrag. Not a big deal, figured I could hot swap it out since I have plenty machiens to pull parts from. Unfortunately I discovered since the drive, while nearly exact in size and speed, was not compatible with an automatic-rebuild for this paticular raid card (PERC something or other).

After beating my head against the wall looking for a rebuild utility in the controller configuration application, I eventually discovered when the auto-rebuild fails you have to perform a manual rebuild with Dell’s OpenManage Software. I didn’t have this installed, go figure.

My apologies if you experienced any noticeable outtages.

Uncategorized

If you find yourself using terminal services a lot to manage various systems you will undoubtedly forget to logout of your sessions from time to time. Depending on the number of allowed and active sessions you could find yourself in a jam and unable to login.

I found myself in a jam and needed to restart terminal services remotely. Here is how I did it.

Yesterday evening, It occurred to me that a simple solution to this is to just restart the services from the command line. You might be wondering, since you can’t get in to run the command how this would work. You have two options:

1. Execute a command from a web script (if you have ftp or rds access to an application server like ColdFusion or ASP .NET) *see below for more info

2. Use PsExec (or PsService) part of the PsTools package from Microsoft. A nice collection of command line utilities for server administration I recommend you take the time to checkout.

To execute a command from a web script you will need to do two things. First create a batch file with the commands you wish to execute. Second write a script to securely execute those commands.

[remote.bat]

net stop “Terminal Services”

net start “Terminal Services”

REM echo reboot the machine

REM shutdown -r -t 0

[/remote.cfm]

<cfparam name=”url.key” default=”">

<cfif url.key eq “xya58IE9tsr”>

<cfexecute name=”#expandPath(”remote.bat”)#” variable=”foo”></cfexecute>

<cfoutput>#foo#</cfoutput>

</cfif>

—–

You will see the above script checks for a specific url.key in order to execute… you could easily limit this to a paticular IP or integrate another security method. Just remember not to leave it wide open or you just might have an unauthorized user executing your batch (probably on accident).

*Note that in this case the batch and cfm file reside in the same directory and execute permissions are given by default to each folder in CF. With ASP .NET you will need to make sure you have the ACL set correctly for IUSR or the Impersonated Account inside web.config.

—–

If you don’t have access to an application server, rember to consider PsExec as an option. It is a free tool from Sysinternals, but I recommend you download it as part of a collection of PsTools.

To stop Terminal Services remotely, run :

psexec \\servername net stop “terminal services”

To start Terminal Services remotely, run :

psexec \\servername net start “terminal services”

*don’t forget to add your user account information for this to work. its [-u] & [-p] respectively. See /? or check out the July 2004 issue of Windows IT Pro Magazine for Mark’s article that covers advanced usage of PsExec.

Uncategorized coldfusion, Microsoft, Remote, Server Administration

If you manage lots of SQL Servers no doubt you will have some DTS Packages to work with…. my new install of Sql Server 2008 did not come with the features necessary to work with legacy DTS. (nord did 2005, I understand its depreciated, but this is annoying.)

Don’t be fooled by the install… the Compatibility Tools aren’t enough to get up and running. I found these instructions by Microsoft, which require MANUAL copying of DLLS and such.

http://msdn.microsoft.com/en-us/library/ms143755.aspx

But although I was able to get DTS to work in 2005, the same is not true for me in 2008… It’s time for me to fire up a new VM, hopefully you will have better luck.

Uncategorized

I was unable to find an jQuery autocomplete / jQuery autosuggest plugin available that met my exacting standards. While there are a good number of plugins available in the plugin repository, they are either too large, poorly written, or simply do not work as expected. In addition to this, the ones I reviewed lacked extensibility and a good default configuration.

I decided to write my own jQuery autosuggest plugin (GSUGGSET), and give back to the community.

Download: jquery.gsuggest.js

Project Requirements

• memic the behavior of Google Suggest
• make implementation as easy as adding suggest=”yes” to an input:text
• allow for simple integration of ajax or inline datasets
• intelligent caching
• light weight

Default Configuration

• ‘debug’: false
• ‘url’: ‘/suggest.cfc’
• ’size’: 10
• ‘cacheenabled’: true
• ‘cacheaggressive’: false //false - when user press ESC cache set is deallocated, true - cache set exist for duration of session
• ‘cacheforward’:false, //true - complete cache dataset, false - incomplete cache datasets
• ‘casesensitive’: false
• ’sort’: true
• ‘css0′: {’position’:’absolute’, ‘z-index’:’1′, ‘display’:’none’}
• ‘css’: {’background-color’:’#ffffff’, ‘border’:’solid 1px #000000′, ‘margin’:’0px’, ‘cursor’:’pointer’, ‘color’:’#000000′, ‘padding’:’0px’}
• ‘highlight’: ‘#bcd5ff’

Usage Information

While I wrote this plugin to be as simple and intuitive to use, there are some things you should be aware of before using it.

1. The dataset used by the plugin must be a JSON String Array.
2. There are two ways to assign a dataset to the input:text:, Inline & AJAX
3. The nosubmit attribute you see in the examples above prevents the form from submitting when enter/return is pressed. This overrides the default browser behavior, but it is up to you to decide if you want to use this.

————————————

A. Using an Inline Dataset

An inline dataset is one that does not make a round trip to any server to get a collection of data used for the suggest-box. To use this, simply add the parameter suggestvalue=”" to your input:text. Note, the suggest_value must be a JSON Array.

html: <input type="text" name="attorney_name" value="" size="100" suggest="yes" suggestvalue='["Micah","Shawn","Charles"]' nosubmit>

*The sugget_value does not need to be sorted, thats handled automatically.

B. Using an Ajax Dataset

An AJAX dataset is one that communicates with a server in the background to get a collection of data (when necessary thanks to caching) used for the suggest-box. To do so, you will need to pass the address of your ajax call (wether that be a cfm page, asp .net, php, whatever) to the URL Config Option.

jQuery(document).ready(function(){jQuery.gsuggest({'debug':true,'url':'myAjaxPage.aspx'})});

That page will receive two url parameters in its get request: value & method. value is the value of the input:text after keyup and should be used to execute a query and return a JSON String Array. method is an identifier to allow multiple queries to be executed inside a single ajax page. I prefer to have all of my suggest queries in one file, suggest.cfc, and you will see that reflected in the defaults.

html: <input type="text" name="attorney_name" value="" size="100" suggest="yes" nosubmit>

MIT License/GNU License

http://www.opensource.org/licenses/mit-license.php

http://www.gnu.org/licenses/gpl.html

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so.

jQuery Google Suggest

10 years in the making, but the standards body finally agreed. Here it is:

http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf

Uncategorized

Ten years late, Macromedia/Adobe releases the next-gen ColdFusion Studio. The beta2 is available for free now so grab it while you can:

http://labs.adobe.com/technologies/coldfusionbuilder/

Uncategorized

In addition to the provided dictionaries being great for spell-checking routines, if you have a large library of backed up files and ever forget the password you used on an archive your in for a long road ahead. Assuming an inability to discover any binary hack, and there is no alternative method, you might want to consider a Dictionary Attack as your next choice for recovery. Put simply, a Dictionary Attack is where you try a large list of previously generated words until you find one that works.

Since everyone has their own style and pattern to passwords you need to approach this with some careful planning… but here are some general-use dictionaries and word lists I found online.

• http://coast.cs.purdue.edu/pub/dict/wordlists/
• http://coast.cs.purdue.edu/pub/dict/

you may want to consider utilizing this dictionary (and the other wordlists) as a starting point. You can then “upgrade” them by converting it to upper-case or a combination of cases subjectively depending on how you typically create your passwords. Either way, it’s a start in the right direction!

If a Dictionary Attack fails, your only option is going to be a Brute Force attack… which will take lots and i mean LOTS of time. You will need to consider every combination of lower-case/upper-case/numeric/symbol one at a time. If I recall my high school math correctly it’s the number of different characters (DC) to the power of the total number of characters (TC) in the password or DC^TC.  Think about that, thats something like over 4.7 trillion combinations for an eight character password And thats assuming you KNOW the password is a full eight characters… otherwise its much more!

That having been said I’ve always been interested in this method since its pretty much an absolute guarantee, theoretically anyway, that it will at some point discover your old password even if it takes a thousand years with todays technology. In general though, most passwords, especially those of home users can be reasonably brute-cracked with enough know how. Large distributed systems are often if not as a rule always necessary and can help by spreading the workload, but you’ll need to have the know how to create the software, the equipment to manage it, and the network of people to help you run it.

Be very cautious about using any prebuilt “cracking” software… it takes too much time to isolate and make sure its not sending all your passwords to a hacker or doing something else that creates a huge security risk.. but if you can’t write your own software and have absolutely no other choice make sure you use an open source library with good references. Otherwise consider installing it on a virtual machine and lock it into an “island” where its on a completely different subnet or whatever.

For information on algorithums, and additional references:

• http://en.wikipedia.org/wiki/Brute-force_search

Peace, and keep on coding!

Uncategorized

I recently realized just how incapable notepad is.. if you need to open large text files you can forget it! A friend recommended NotePad++ as a replacement utility and I can say it works extremely well. I recommend checking it out if you do any computer work.

http://notepad-plus.sourceforge.net

Uncategorized