Practical ProgrammingExperience is knowledge.
|
Ten years late, Macromedia/Adobe releases the next-gen ColdFusion Studio. The beta2 is available for free now so grab it while you can:
http://labs.adobe.com/technologies/coldfusionbuilder/
In addition to the provided dictionaries being great for spell-checking routines, if you have a large library of backed up files and ever forget the password you used on an archive your in for a long road ahead. Assuming an inability to discover any binary hack, and there is no alternative method, you might want to consider a Dictionary Attack as your next choice for recovery. Put simply, a Dictionary Attack is where you try a large list of previously generated words until you find one that works.
Since everyone has their own style and pattern to passwords you need to approach this with some careful planning… but here are some general-use dictionaries and word lists I found online.
you may want to consider utilizing this dictionary (and the other wordlists) as a starting point. You can then “upgrade” them by converting it to upper-case or a combination of cases subjectively depending on how you typically create your passwords. Either way, it’s a start in the right direction!
If a Dictionary Attack fails, your only option is going to be a Brute Force attack… which will take lots and i mean LOTS of time. You will need to consider every combination of lower-case/upper-case/numeric/symbol one at a time. If I recall my high school math correctly it’s the number of different characters (DC) to the power of the total number of characters (TC) in the password or DC^TC. Think about that, thats something like over 4.7 trillion combinations for an eight character password 
And thats assuming you KNOW the password is a full eight characters… otherwise its much more!
That having been said I’ve always been interested in this method since its pretty much an absolute guarantee, theoretically anyway, that it will at some point discover your old password even if it takes a thousand years with todays technology. In general though, most passwords, especially those of home users can be reasonably brute-cracked with enough know how. Large distributed systems are often if not as a rule always necessary and can help by spreading the workload, but you’ll need to have the know how to create the software, the equipment to manage it, and the network of people to help you run it.
Be very cautious about using any prebuilt “cracking” software… it takes too much time to isolate and make sure its not sending all your passwords to a hacker or doing something else that creates a huge security risk.. but if you can’t write your own software and have absolutely no other choice make sure you use an open source library with good references. Otherwise consider installing it on a virtual machine and lock it into an “island” where its on a completely different subnet or whatever.
For information on algorithums, and additional references:
Peace, and keep on coding!
I recently realized just how incapable notepad is.. if you need to open large text files you can forget it! A friend recommended NotePad++ as a replacement utility and I can say it works extremely well. I recommend checking it out if you do any computer work.
I was recently asked to create a knowledge base system at work… knowing that there were plenty mature open source projects that would work well, I opted not to write my own and instead chose one called MoinMoin.
To be honest I did not paticullary care what language it was written in (I can program in anything). My primary concerns were stability and simplicity. My decision in selecting MoinMoin was based primarily on the fact that the people who would be responsible for adding content did not have a solid grasp on basic web technologies, would have a difficult time learning HTML, and whom I did not trust to afford the luxury of a WYSIWYG editor.
MoinMoin allows new pages to be created simply by typing in the address you want, sub pages are created as subdirectories, and content is added in plain-text format using special identifiers which are later cast to html and styles (depending on which template you use). I felt that it included an adequate amount of embedded how-to documentation for them and that the syntax should be realitively easy for them to grasp in a short time.
I did have some issues with the install… but as usual, it was my fault and I soon had it running within its own application pool on IIS. I tested the system extensively for performance in cpu and memory overhead and it runs like a champ. Time will tell if the office actually uses it though 
If you have any suggestions, questions, or experiences setting up your own Wiki I would be happy to hear from you so please comment.
For additonal help with wiki selection I recommend an article published by O’Reilly: Choosing a WIKI
Many of you may already be well aware of google definitions… apparently its been around since 2007. I stumbled across this tonight (this morning) and thought it was pretty neat. The search format is as follows:
*notice the related search shown for “micah moore”. I guess I need a better last name.
This could quite easily be utilized for a dictionary feature inside your own software… granted its not a webservice, and there is no doubrt in my mind theres one out there, but it isn’t a far fetched idea to query the page and parse out the definition with a simple regex.
-peace & keep on programming
I am excited to announce that the programmers.org ColdFusion UDF Extension Library is now freely available.
Part of being a good developer is the act of working smarter and not harder. And there is no better way to accomplish this than through code reuse. Adding your own Extension Library to ColdFusion is a direct and powerful way to increase the speed and consistency of your development.
I cobbled together a few functions you may find useful this morning. As you can see they are simple, albeit useful, and so I wanted to share them here. Enjoy, and keep on coding!
/*
FUNCTION: ArrayFindString
PURPOSE: Searches inside the specified array (array_obj)
for a string matching string (str)
PARAMETERS: 1. array_obj: the array containing the strings you
want to try to match to str
2. str: the string you will be looking for in array_obj
RETURNS: boolean
NOTE: not case sensitive
*/
function ArrayFindString(array_obj, str){
var i = 1;
for (i = 1; i lte arrayLen(array_obj); i = i + 1)
if (array_obj[i] eq str) return true;
return false;
}
/*
FUNCTION: ArrayContainsString
PURPOSE: Searches inside the specified array (array_obj) for a
string that contains the string (str)
PARAMETERS: 1. array_obj: the array containing the strings you want
to try to match to str
2. str: the string you will be looking for in array_obj
RETURNS: boolean
NOTE: not case sensitive
*/
function ArrayContainsString(array_obj, str){
var i = 1;
for (i = 1; i lte arrayLen(array_obj); i = i + 1)
if (findNoCase(str, array_obj[i])) return true;
return false;
}
/*
FUNCTION: StringSearchArray
PURPOSE: Searches inside the specified string (str) for any
string matches contained in the array (array_obj)
PARAMETERS: 1. str: the string you will be searching inside of
2. array_obj: the array containing the strings you want
to look for in str
RETURNS: boolean
NOTE: not case sensitive
*/
function StringSearchArray(str, array_obj){
var i = 1;
for (i = 1; i lte arrayLen(array_obj); i = i + 1)
if (findNoCase(array_obj[i], str)) return true;
return false;
}
If your curious, I use StringSearchArray to control which areas of my application require user login:
...
foldersNoLogin = arrayNew(1);
foldersNoLogin[1] = "/login";
foldersNoLogin[2] = "/registration";
</cfscript>
<cfif not isDefined("session.loggedin") or session.loggedin eq false>
<cfif not StringSearchArray(cgi.path_info, foldersNoLogin)>
<cflocation addtoken="no" url="/login/">
</cfif>
</cfif>
At one point or another you’ll be faced with figuring out how to accept secure payments from your website. As with most things, once you know the basics it isn’t quite as daunting as you might expect it to be. But before you get started remember that the things you will need like a Merchant Account (from a bank), an Online Payment Gateway (such as Authorize.net), and SSL Certificates cost money. Prices vary, but the average cost of a merchant account runs around $100.00 for setup, and the Online Gateway will typically have a minimum monthly fee of $30.00 and a cost per transaction anywhere from 10 to 20 cents. SSL Certificate prices are all over the board depending upon who you go with but a good price is $200.00 a year. (Expect to pay more if you go with a name-brand company like VeriSign or want extra features.) Obviously these prices are subject to change quite radically (and vary widely depending upon who you decide to do business with) so you will need to shop around and decide what fits best for you. Make no mistake you should know exactly whos services you will be using and exactly how much it is going to cost BEFORE ever starting development on an e-commerce website. period.
Although there are three methods of implementation, we will be looking at the Advanced Integration Method (aim). Other options are available if you wish to have orders take place on a third party site, or enter transactions in manually. I recommend the Advanced Integration Method because it allows you to incorporate the POS directly inside your own website or application; providing a professional stream lined interface where all the transactions take place in the background with no interruption to the user.
For those of you who prefer to RTFM, take a look at The AIM Guide PDF.
The basic process of communicating with a payment gateway is simple. You send in a request for a POS and it responds back with the result. That result will contain sale deatils, for example, wether or not the credit card was accepted, and if not the reason why. In our case we will be sending our payment request via post data to:
In upcoming articles I will walk you through the basic steps using Coldfusion:
Expect to see these published on Wednesday, 11/26/2008. In the meantime feel free to ask any questions and I will do my best to help out.
Note:
Although this article covers the defacto authorize.net implementation (which by the way works with almost every online payment gateway since they are usually resellers of authorize.net), you may wish to take a look at Google Checkout. As the service is relatively new, there are some current promotions and discounts in place. I haven’t looked into the product heavily but it looks fairly solid and the idea of not having the liability of holding credit card numbers, etc…. can take a lot of weight off your shoulders.
In my next article I will cover tying in shipping services through UPS or FEDEX to round out the e-commerce experience. Please feel free to ask any questions before hand if you can’t wait.
Tip:
If you don’t already have a good traffic base coming to your website, don’t go spending the money and using the time to build a payment infrastrcuture. New companies often make the mistake of spending money up front assuming “if we build it they will come”… unfortunately they quickly learn the hard way this is far from the truth.
If you have already managed to establish a good traffic base or have marketing material ready to roll out take the time to double check your work. It only takes one bad experience for a user to never come back… work all the kinks out, do user studies, and make sure your hardware and software can support a sudden influx of customers without going down.
Calculating the distance between zip codes is not nearly as difficult as you might expect. To get started you will need two things:
You can obtain a free zip code databse from Popular Data.com, or you may wish to try the US Census Beurau. Google (and a few other companies with mapping software) also has GEO Code/Data available but make sure you check the license agreement carefully.
Once you have all your data imported into your preferred database and you have a form setup to accept a Starting and Ending Zip you need to integrate the formula into your program. Enter the Haversine formula to the rescue.
Here is a SQL implementation that works fantastic for me:
CREATE function [dbo].[geoDistance] (@lat1 decimal(9,6), @lon1 decimal(9,6), @lat2 decimal(9,6), @lon2 decimal(9,6))
returns float
as
begin
declare @result float
declare @r int
declare @kmpm float
declare @lat1R float
declare @lat2R float
set @kmpm = 0.621371192
set @r = 6371
set @lat1R = radians(@lat1)
set @lat2R = radians(@lat2)
set @result = acos(sin(@lat1R)*
sin(@lat2R)+cos(@lat1R)*
cos(@lat2R)*cos(radians(@lon2-@lon1)))*
@r*@kmpm
if @result is null set @result = 0
return @result
end
Here are some links to code in various other languages:
*It is worth mentioning that the earth is not a perfect circle, so you should expect an inaccuracy somewhere around 2% depending upon where you are on the globe. For those who need more accuracy (about 3mm) check out the Vicenty’s Formula (which is based on the ellipsoidal model of earth).
Forwarding your emails to your cellular phone is incredibly easy as all major carriers associate an email address directly with your telephone number:
Here are the major ones:
AT&T: phonenumber@txt.att.net
T-Mobile: phonenumber@tmomail.net
Virgin Mobile: phonenumber@vmobl.com
Sprint: phonenumber@messaging.sprintpcs.com
Verizon: phonenumber@vtext.com
Nextel: phonenumber@messaging.nextel.com
Life is the game that must be played.Edwain Arlington Robinson
