Archive for May, 2004

It’s Cool Tool Friday!

Every Friday, I’m going to start posting about little tools I’ve found recently that make my job easier, allow me to stay better organized, provide me with new and interesting functionality, or otherwise make using a computer for a minimum of 12 hours a day more enjoyable. I’ll post both Mac and PC tools since I realize there are still some PC users out there. 🙂

If you have experience with the tool I’m posting about, please post a comment letting us know what you think of it. If you use a similar tool (on any platform), please let us know about that, as well. My goal is an ambitious one: to improve my readers’ productivity and efficiency by introducing and sharing new free or low-cost tools and functionality. Of course, my posts will hopefully just be catalysts — the comments will probably end up being the more complete story.

Let’s start with an easy one. Everyone uses instant messaging, right? (Is there anyone out there who doesn’t?) And may of us probably use clients capable of handling multiple protocols. I’ve used several, and my favorite is Proteus (OS X only). It’s extremely powerful, robust, aesthetic, and even a little bit fun (cool icons). I’ve been using it for about a year, but I recently upgraded to version 4.02 which is a big improvement. Lots of little bug fixes, and very nice enhancements. Proteus also has a pretty decent community in place to help out when things go wrong (which is very rare, but inevitable when using any “unofficial” messaging client).

What instant messaging client do you use? What do you like about it and hate about it? Anyone out there have any experiences with Proteus they would like to share? Is there another client I should be evaluating?

What Can You Do With Flash Video?

How familiar are you guys with Flash video? Do you have a good sense of what you can do with it? Well, just imagine everything you can do with Flash, then simply imagine integrating streaming video and audio. I mean real integration. Flash video doesn’t have to play all by itself off on its own. It can be integrated right into your applications, animations or presentations. It can be interactive, unconventional, creative, different, funky and amazing. Check out this online booklet which shows you some of the cools things you can do with Flash video, and don’t forget to visit the examples at the bottom of each page.

Has It Been 17 Years Already?

How many of you are in 17-year Cicada zones? We didn’t have many at first, we thought because most of the commercial and residential development around here happened about 15 or 16 years ago, so we figured they needed one more cycle to populate this area, however they have either migrated from other areas, or were just slow digging themselves out of the ground, because now they are everywhere! Wherever there are trees, there are always dozens cicadas in the air, and hundreds perched in each tree. Whenever you drive anywhere, you usually end up with about six or seven of them splattered across your windshield, or mutilated inside your grill. The males make a somewhat eerie hollow buzzing type sound which I think has been used in several B horror films, and can be heard all the time, whether you’re inside or out. They are, of course, harmless, and apparently nutritious, too, as the local paper has published some interesting 17-year Cicada recipes. As you can see from the picture below, they are also quite friendly and even loving. I caught these two out on my deck early this morning, holding hands, enjoying the romantic view, gazing into each other’s beautiful red eyes. They are apparently making the most of their only summer above ground.

You can learn more than you ever wanted to know about 13-year and 17-year periodical cicada here.

Macromedia ColdFusion Forums RSSified

Roger Benningfield of Big Damn Heroes has rssified all the ColdFusion forums except, mysteriously enough, the security forum. You can get the feed URLs from his post entitled “Minimalist RSS for the Macromedia CF Forums“. Be responsible, however. Roger warns, “Abuse them by pounding my server every few minutes and I’ll just drop the service entirely… the feeds only update every few hours, so don’t bother polling them more than that.”

This is a very cool service. Thanks, Roger.

OS X Vulnerability Not Patched

According to this CNET article, the security patch that Apple released last week to fix what is being called the Safari vulnerability (inappropriately named since every browser I tested is vulnerable) has failed to fully fix the issue. According to the article, “the biggest problem is that there seems to be no easy solution.”

According to an Unsanity spokesperson, “there’s lots of overlap between useful applications of this functionality and malicious ones, meaning that Apple can’t easily fix this without removing useful features from its operating system and from existing apps.”

While it’s true that it may be tricky to address the issue the OS level, patching the browser is pretty straightforward. I guess the problem is that Apple can’t patch all the browsers you have installed on your machine, so they feel they need to fix it at a lower level, which is fair enough. In the meantime, don’t wait around. There are several fixes out there, the easiest of which is posted right here on this weblog (as long as you are using Firefox, or don’t mind switching to it).

Debugging Flex Applications on OS X

I had been under the impression that logging messages to a text file from Flex applications using the trace statement was not possible on a OS X, however I recently discovered that it works just fine, as long as the Flash debug player is configured properly. I’ll explain how to get it to work shortly. First, a little background:

Since Flex applications are not authored in the Flash IDE, they are a little trickier to debug than standard Flash applications in some respects. There is no output panel to capture and display debug statements from within your ActionScript code like there is in the Flash IDE. Thanks to the Flash debug player, however, Flex developers still have an easy way to debug their applications. The debug Flash player is capable of appending the output from trace statements to a local file, which is just as good — and in some ways better — than using the Flash output panel.

The issue, however, is getting this to work on OS X. OS X is not a supported platform for Flex, however it makes a very good Flex development platform, nonetheless (thanks to the fact that Flex is implemented in Java). Since it’s not a supported platform, documentation on debugging Flex applications on OS X is scarce, or possibly nonexistent. Fortunately, as I recently discovered, it’s perfectly possible. Here’s how to get it to work:

  1. The first thing you need to do is install the debug player. The debug player comes with Flash MX 2004, and by default, is located in /Applications/Macromedia Flash MX 2004/Players/Debug. Close all your open browsers and install the debug player, but don’t reopen your browser yet. The next step is to configure the debug player.

  2. Create a file called mm.cfg in the directory “/Library/Application Support/Macromedia”. The file should contain the following:


    There are many other options you can use to configure the debug player. See the tutorial entitled “Debugging Client-Side Code in Flex Applications” for more information.

  3. Open your browser now. You must open your browser after creating the mm.cfg file, and every time you make changes to the mm.cfg file, you have to restart your browser because the debug player only reads the configuration file once when it starts up.

  4. Put a trace statement somewhere in a Flex application, and load the application up in your browser using the debug player. To ensure the debug player was installed correctly, right-click (or control-click) on the Flex application, and make sure you see the “Debugger” option. It will be grayed out, which is fine, as long as it’s there. Now check in the same directory as your mm.cfg file for a file called “flashlog.txt”. It should contain the text from your trace statement.

To change the location of the flashlog.txt file, add the following line to your mm.cfg file (with the appropriate changes for your machine):

TraceOutputFileName=Macintosh HD:Users:cantrell:tmp:flashlog.txt

Notice that you must use colons (“:”) rather than slashes (“/”) as path separators, and that you have to give the full path, including the volume name (usually “Macintosh HD”).

While developing Flex applications, you might want to get into the habit of “tailing” your log file, which means using the “tail” command to keep an eye on it, like this:

[wednesday:tmp]$ tail -f flashlog.txt

The -f flag tells the tail command to refresh and show any additional data that is append to the file as soon it is written (as opposed to you having to constantly reload the file manually). Just keep a terminal window open as you develop, and you should be able to debug your Flex applications just as well as your Windows-using counterparts!

The Change is All Counted!

In honor of the last day of community week, I will be giving away a free DRK to Steve Nelson. My change jar contained exactly $363.75 worth of change, and Steve’s guess was $362.56, making him off by only $1.19. Congratulations, Steve! I’ll be contacting you directly.

Now for some other interesting statistics:

Total number of entries: 76 (between comments and personal email)

Highest guess: $764.19 (I wish!)

Lowest guess: $98.00

Most scientific guess: 1 penny weighs 2.5 grams. 1 nickel weighs 5.0 grams. 1 dime weighs 2.268 grams. so 1 penny + 1 nickel + 1 dime weighs 9.768 grams and is worth of $0.16. 1. assume the collection is random, but no Quarter; 2. assume the jar itself weighs 2 pounds (just a wild guess … if this is not close enough, the guess won’t). 35.5 – 2 = 33.5 pounds = 33.5 * 453.6 = 15195.6 grams. 15195.6/9.768 * 0.16 = $ 248.90

Runner up for most scientific guess: Other than myself, 63 guesses placed. Lowest 113.08, highest 764.19…Most guesses are placed between the 300 and 400 (21 of them). Average value is $334.60. Now, if we sample the coin count from the well lit part of the picture we assume that 35% pennies, 26% nickels, 22%dimes and 17% quarters jar contains. Distributing the total weight to coin types and calculating the actual values with per coin type unique wieght gives us $360.00. I will go with the average of these 2 values, so my guess is $347.30.

Least scientific guess: $123.45

Most important lesson learned: Next time, just use Coinstar! (As Sam warned.)

Thanks for playing, all! It was fun (except the counting part)!

It’s Not Just Safari That’s Vulnerable

By now, I’m sure most Mac users are aware of the significant Safari security vulnerability which allows the “disk” and “help” protocols to be used in concert to execute arbitrary code on your machine after being automatically downloaded from any arbitrary website. In fact, the “disk” protocol is not even necessary; you can simply use the “help” protocol to execute commands which clicking on this link demonstrates (don’t worry — it will just run the uptime command, but I think it makes a pretty potent point).

So far, Safari has been taking all the heat, but this morning, I discovered that Firefox is vulnerable, as well. Since I use Firefox rather than Safari, I thought I could click on an example of the exploit, and simply download the code for inspection, however imagine my surprise when the code actually executed! (Firefox users, click on the link above to verify.) I immediately set out to find a way to protect Firefox from such attacks.

The solution I came up with seems to work perfectly so far, only takes a few seconds to implement, and doesn’t require installing any third-party software as other solutions I’ve seen do:

  1. Go to /Applications/
  2. Open all.js in any text editor, though preferably vim. 🙂
  3. Search for the term “protocol-handler”.
  4. Under the two lines addressing “mailto” and “news”, add the following lines of code:

    pref(“” , false); // disable help protocol
    pref(“network.protocol-handler.external.disk” , false); // disable disk protocol

  5. Restart Firefox.
  6. Open up this blog entry again and notice that the link to the example exploit no longer works. I have checked three different example exploits (two of which use meta refresh tags rather than direct links), and none of them worked once the code above had been inserted.

Please pass this information along to other Mac/Firefox users. If you’re a Safari user, now is a good time to switch to a secure version of Firefox. If you find any issues with this change, simply back it out and let me know, though so far, it seems to work perfectly.

Note that this fix has only been tested with version .8 of Firefox.

ColdFusion MacroChat Today

I think this is likely to be the coolest MacroChat yet. At 12:00 PM Pacific (3:00 PM Eastern), Ben Forta, Tim Buntel and Dave Gruber talk ColdFusion and answer community questions. To participate, go to:

Other MacroChats for today (Thursday):

CSS for Dreamweaver
A free presentation by Macromedia Dreamweaver Product Evangelist, Greg Rewis
Thursday, May 20, 2004
9:00 AM PT/12:00 PM ET

Delegating Web Content Updates with Macromedia Contribute
A free presentation by Macromedia Product Manager, Lawson Hancock
Thursday, May 20, 2004
10:00 AM PT/1:00 PM ET

Director MX 2004 New Features, Putting It All Together
A free presentation by Macromedia Product Engineer, Thomas Higgins
Thursday, May 20, 2004
3:00 PM PT/6:00 PM ET

Customizing and Extending Dreamweaver MX 2004
A free presentation by Team Macromedia member, Danilo Celic
Thursday, May 20, 2004
4:00 PM PT/7:00 PM ET

Using Google to Search Your Own Machine

The New York Times has an article (registration required) about a piece of software Google is rumored to be about to release which will be capable of searching your local machine, either instead of, or in addition to, the Web. According to the article, it’s a defensive move to try to keep Microsoft from taking over the search industry by integrating search functionality into the OS like they did the browser back in the Netscape days. Of course, with the way Longhorn keeps getting postponed, it might 2010 before we see any such technology, but I certainly applaud Google’s proactive thinking.