Sunday, August 19, 2007

Speeding up adobe reader 8

So I just went through the hassle of re-installing windows XP after a well needed upgrade. I'm still going through the process of re-installing the programs that I need to use from day to day and as the PDF file format is ubiquitous, you can't get away from using it really. I didn't bother looking for another reader other that the Adobe product, which is fine anyway, once it's loaded all those damn API's!

I've set about removing/disabling the API's I don't need to speed up the loading time. I found this page http://lifehacker.com/software/tweaks/speed-up-adobe-reader-8-263500.php which mentioned disabling the accessibility API. I moved it into a new folder and cut the loading time in half.

I moved the Annots.api which I think has something to do with stamps. Also moved the ReadOutLoud.api and MakeAccessible.api. This didn't make much of a difference to the start time but I'll keep slowly removing api's. One that did make a big difference was the PPKLite.api. This seemed to halve loading times once again. There is some loss in functionality, i.e. Adobe-Policy Server secured documents, PKI, encryption/decryption, etc. but if these features aren't of concern to you then it's no problem.

I've read other sites suggesting removing all but 3 API's but this seemed a bit extreme, I'm going to look into this further and see what else doesn't need to be there for me and I'll add to the post as I find out more. If you've got any tips, please comment.

Update (24th Aug 07) - So I've started having a problem with AdobeUpdater.exe becoming a huge CPU hog after opening reader. It's nasty, you can't even force quit the process, even on the cmdline using TASKKILL. After reading another blog, GameProducer.net, it seems to be a general problem with reader, something that I may not have broken just playing with. Anyways, I'm going to try to get to the bottom of this before I ditch reader altogether in favour of Foxit :)

Found out some more about the other api's. eBook.api is the DRM plug-in for using protected documents... trash it. DigSig.api is the digital signature plugin for signing documents but probably relies on the PPKLite api anyway and few will ever use this... trashed. DVA.api analyses documents to ensure they meet PDF specification and EScript.api allows JavaScript in PDF doc's (ECMAScript) so we'll leave these ones for now. EWH32.api allows PDF docs to be viewed within a browser, make your own choice here but I think I can do without that... trashola. HLS.api is some search highlighting thing for web searches within a web browser... bye bye. ImageViewer.api for multimedia stuff... hmmm, keep it simple adobe, it's just a reader... in the bin. IA32.api is internet access for acrobat, hopefully moving this will solve the updater issue I'm having! Multimedia.api... no prizes for guessing this one... gone! PDDom.api is more to do with accessibility... moved. Checkers.api actually seems to be important, I'll leave this for now. reflow.api adjusts content width to fit the window so I'll leave this too. SaveAsRTF.api... another no brainer, might need this functionality so I'll leave it too. Search.api is probably worth keeping also and maybe even Search5.api for now. SendMail.api lets you send the current document as an attachment through a mail client... who can't do this themselves? see ya! Spelling.api... I'm not creating documents and I've filled in all of one PDF form in my life... terminated! Updater.api has to go if the blog I mentioned earlier is anything to go by.

Anyway, I'll probably update this once more. Either the CPU hog issue is fixed and reader runs much lighter or I'm going to Foxit! hehe

2007 - Sept - 13: Update, the CPU issue with updater is still a problem, don't know what broke it but when I have more time I'll look into it. If you've seen this problem and know how to fix it, please post a comment!

Wednesday, August 15, 2007

Excellent Cheat sheet Resource

I was introduced to a fabulous resource for cheat sheets recently.

http://www.ilovejackdaniels.com/cheat-sheets

Check it out, there's cheat sheets on SQL Server, HTML, Regular expressions, Ruby on Rails, ASP/VBScript, JavaScript, MySQL, CSS, PHP and many more...

Tuesday, August 14, 2007

Scary XSS worm vid

In case you haven't noticed, there is a distinct video theme to my last few posts. There's a video I found on another site (I think it was xssnews or something like that, although it seemed to be down recently) about an xss worm vulnerability in a messaging app called meebo. The video shows how easy it is to exploit but does not show the actual final exploit code in keeping with responsible disclosure that most security experts adhere too.
http://milw0rm.com/video/watch.php?id=71
Check it out, it's pretty interesting (and scary). A good example of the dangers of rich user interfaces seen in web 2.0 apps if not properly secured.

cfAjaxProxy Tag

Here's a youtube video I found that gives a quick tutorial about using the cfAjaxProxy tag that is new to ColdFusion 8 to add some simple AJAX functionality...

Click on the "menu" button on the bottom-right to see other related videos...

Monday, August 13, 2007

New Curtin TV Campaign

Just wanted to embed the new Curtin University TV Ad (my old uni). The main Ad aired on August 12. It's a little controversial and a refreshing approach to the usual uni advertisements around this time of year... see for yourself...





Monday, August 6, 2007

Best Firefox extensions

Just wanted to list all the firefox extensions I use (or have used/tried in the past). There are a lot of good ones out there but it's sometimes hard to find good descriptions of what they actually do or a review of them. I will add to the post as I get time or from feedback I get.

Colorful Tabs
Alright so this isn't the most amazing extension but it grabs most peoples attention straight away and can be quite useful when you turn one of the few features on. You can have the colours done by doman. So if you have a few tabs from the same site open, they'll get coloured the same which helps grouping. Another tip that has nothing to do with the extension is that firefox allows you to drag tabs around to where you want them (at least in 2.0+, haven't tried in 1.5+). Just grab the tab and drag it to the other tabs of (similar) interest.

Download Statusbar
This extension places downloads on a little bar at the bottom of the browser (the size of the "find" bar). It is less in your face than the standard download manager and is pretty cool but it does fill up if you've downloaded many things and can have strange outcomes as it follows the active window. Not for everyone but give it a shot.

Firefox Showcase
Very cool way to quickly preview all your open tabs on one page. It will generate thumbnails of all the current tabs to show on one page, you can then click on the one you want to go to or close it from there. It's pretty quick and a great add-on.

del.icio.us Bookmarks
If you're not using del.icio.us yet, what the hell are you doing??? Seriously though, del.icio.us is (AFAIK) a yahoo thingy to allow you to store all your bookmarks online. No more going from computer to computer without access to all your favourite bookmarks. It allows you to view all your bookmarks on one page and to categorise them using tags. Very powerful and useful. The del.icio.us Bookmarks add-on completes the experience, making it so simple to add and view all your bookmarks. This has to be one of the best product/extension combinations out there. Go sign up now if you haven't already and start using the extension!

Firebug
Since I'm starting to get heavily involved in web development, it should be no surprise that a lot of my extensions are web dev tools. Firebug is one of the best. So powerful and not just limited to JavaScript (although much of it's best use is in debugging JavaScript and making changes on the fly). You can view the HTML and CSS of any page also and make changes which are rendered in real time right in front of you. It can highlight the CSS for you so you don't need to keep uploading/reloading etc. It's there right in front of you. Also the network monitor gives you an awesome breakdown of how the page loads, what takes the most time to download and how big each element is. A must for any developer or anyone that is curious and wants to have a play.

Web Developer
This is another really powerful extension. It allows you to turn off and on various things like JavaScript and CSS. So you can see how your pages degrade if viewed by browsers lacking support for various things (you could even browse this way if you're a security nut, although the NoScript extension is probably better for that). Again you can view the DOM as well as a mapping/visualisation of the CSS elements.

That's about all I have at the moment. Will try to add more soon. Stay tuned! If you've got any that I've missed, let me know!!

Saturday, August 4, 2007

Website security and stolen data

So today I got a call that few like to get....

A company I bought some products off advised me that they'd had their data stolen and my credit card number was among the list.

At first I was more bothered because of the late time of the call, I felt sorry for the poor guy trying to run a small business and now having the unenviable task of needing to call all his customers. I mean, it's inconvenient having to cancel my credit card (thank god no dodgy transactions had taken place yet) but really not a lot of harm has been done. I guess there is potential for harm still as the people that collected the details could use the addresses to stake out local residents and wait for the new cards to come in (but I would think this was an offshore operation).

The worse thing is that most people use the same, or similar username/password crudentials for all the accounts the have. This worried me a bit but I realised that only a couple of not very important accounts were the same.

I was quite surprised that this occurred because the website certainly looked professional, had the usual "secured by whatever images", was standards validated and had the processing taken care of by a merchant site (which are usually quite good with security). Only after the fact did I come back and read the the privacy policy and found that credit card numbers and other information was stored by the website itself with the reasoning to do with speeding up error tracking or transactions that were knocked back.

Personally, I would do anything possible to not require credit card information to be stored in the site database. It's just too risky. People also tend to trust the magic padlock too much, SQL injection attacks can still occur over https connections. In fact it makes it harder for intrusion detection software/hardware to track because all the transmissions are encrypted.

I also noticed that the site was done in PHP. Don't get me wrong, I love PHP and think it's great for quickly getting sites done and the number of really good frameworks available for it is awesome. But the problem is that if the developer doesn't have a good grasp on security techniques/methodologies, then it can leave a lot of holes open as the default security isn't great. It's not the fault of the language, just it's use in the implementation.

I tend to prefer inherently more secure languages nowadays, especially ColdFusion if you haven't noticed by the previous posts. I have to use it at work and have come to really appreciate it. It is very well structured, has introduced a lot of OO features, has great validation functions, deals with datasources like nothing I've ever known and can integrate with Java or .NET components now too. It's not perfect and using tags for everything can get annoying (although there are cfscript tags for writing stuff that looks more like actual code and many functions that feel java-ish too :) but overall I recommend giving it a try. Very easy to pick up.

Man I've gone off topic... oh well

Wednesday, August 1, 2007

iPhone security problems?

Was reading up on security focus recently (one of my fave sites) and noticed quite a few iPhone posts of late.

The phone's already been opened up to try to find security flaws, etc. http://www.securityfocus.com/brief/538 So there seem to be issues with Safari (although this is not an iPhone specific problem) as well as bluetooth (good old bluetooth hacks, will they ever end? hehe). The researchers still indicate that it is one of the most secure smartphones out there ( http://erratasec.blogspot.com/2007/07/our-first-iphone-bugs.html ).

Interestingly, Apple is handling the updates through iTunes which seems like a great idea considering carriers aren't set up to do this properly and most mobiles don't have a good firmware/software update model. Although the choice to run all processes with full admin privileges seems a tad crazy! See here... http://www.securityfocus.com/brief/552

Apparently there will be more information released tomorrow by one researcher so that should be interesting.

Monday, July 30, 2007

iTunes slow with large music library?

I was just posting to see if anyone else had any issues using iTunes with a large music collection (say 80Gb+ of mp3s). iTunes seems to grind to a halt with a large library and to me it seems because the library is stored in a flat file (an XML file, the location of which I forget). Winamp and WMP10 seem to be quite efficient at searching a large library which leads me to think they have some form of light database running to achieve this performance.

Anyone else had a similar issue? found a way around it? It's a shame because it's the best software to interface with the iPod (not surprisingly). Just wish it handled large collections better...

CFUG-WA Special Meeting

I've recently joined the CFUG-WA (ColdFusion User Group of Western Australia) mailing list and saw that they'll be holding a special meeting on Tuesday the 8th of August, 5:30pm for 6pm start. The meeting is to promote the launch of ColdFusion 8 and is aimed at being more of a trade show style event for clients, managers and users of over languages too.

Check out http://cfugwa.com

Sunday, July 29, 2007

Best Anime of the Moment

Okay, so this is a bit of a break from the Coldfusion posts I've done lately but it's one of my interests and I just wanted to put it out there I guess...

Anyways, Naruto Shippouden is doing okay, it started off a lot better (or maybe all those crappy filler episodes of the original series lowered the standard severely!) and has slowly gone downhill, but only a little bit. I quite like Sakura in this series.

Then there's Bleach which was one of my favourite series but it also seems to be flailing at the moment with some filler eps, hope that doesn't go on too long! I want more Arrancar action!

But this leads me to my favourite series at the moment by far! Claymore!

If you haven't watched this yet, what are you doing? It's only up to about 16-17 episodes at the moment but this series is excellent in every way!

It's about half human-half demon (Yoma) bounty hunters that work for a large organisation, hunting down full yomas hiding in villages and towns. They are called silver-eyed witches because of their looks obviously and in case you didn't guess are all female warriors. They are able to call on their yoma powers when needed but risk "awakening" if they go past a certain limit (not time based, more percentage of yoma abilities used). The awakened Claymores are very powerful and it usually takes the highest 5 hunters to take them out.

The story follows the number one ranked Claymore and a young girl, who was abused by a yoma beforehand, that follows her around. The focus changes after several eps but I won't say much more apart from, go get it! Best series at the moment, hands down!

Got any other good series at the moment? Add a post as I'm always on the look out. Not really into the lovey ones etc. But good action ones, definitely! Or even more obscure ones, like Mushishi.

Coldfusion MX 8 beta

So after all my woes trying to get ColdFusion MX 7 installed with the standalone web server etc. on my MacBook Pro at work and the dodgy PC on XP here at home, I found another blog (http://www.talkingtree.com/blog/index.cfm) that was talking about the ColdFusion MX 8 beta trial over at Adobe Labs, http://labs.adobe.com/technologies/coldfusion8/ and I figured, "what the hey? I'll give it a shot!".

This time I just tried on the dodgy PC again. I uninstalled the non-working ColdFusion MX 7 set up I had, restarted and tried again with the MX 8 installer. First time, everything perfect, just how it should be, the install worked and I was able to just straight into the CFAdmin page! What a relief, I finally have a development environment at home to test things out on!!!

I recommend you give it a shot as I heard in the CF Weekly podcast that there's a fair few new features. I'm going to investigate them and post as I go I guess...

Saturday, July 28, 2007

Installing Coldfusion MX 7 on MacBook Pro

I had a nightmare trying to install coldfusion mx 7 on my MacBook Pro laptop at work. I thought it would be easy enough to quickly install it so I could do some local development... not so!

I just tried installing the developer edition as a stand alone server but got an error at the end saying something like, "you've successfully completed the first step in installing coldfusion, however, the ColdFusion service does not appear to be running, the web server connectors did not install successfully.... etc.".

Since ColdFusion is all Java-based nowadays, it can run in any J2EE application server which is really cool. By default, it will use macromedia JRun for the cold fusion server/service. I think the first problem was that my mac had the 1.5 JVM and it seems that only 1.4.2 is supported. I've read a few other blogs, http://www.talkingtree.com/blog/index.cfm/2006/5/17/CFMX-MacOSX-JVM142 and http://disorganism.com/past/2007/2/7/coldfusion_installer_problems_on_intel/ were a couple that helped me understand the issues.

It seems that there is a symbolic link (CurrentJDK i think) that points to the JVM. So an option that a few people used was pointing to the 1.4.2 JVM. I would've tried this but I was lacking sudo privileges and couldn't be bothered finding out passwords or getting support to elevate my privileges. I looked into a start-up script someone wrote (neatly packaged in a .dmg even) but still had no luck. It seemed to start JRun from the 1.4.2 JVM in another way and then try to start the coldfusion server. The other option was to use another j2EE server like tomcat but I was out of time to look any further into it.

I thought I'd try it at home on an older PC that I use for testing/development and hosting a couple of half-finished websites. I thought since it was on windows (for now, soon to be on linux) that it would be easy to install. No such luck! Same message at the end of the install, although in this case I was able to launch JRun, just not the coldfusion server!... argh! I even tried running it on the tomcat server I already had installed for my Java dev. I got much further, i.e. actually being able to process CFML pages but I couldn't reach the administrator and hence, couldn't set up my datasources, etc. Doh!

I guess I wasn't overly surprised that this PC didn't run too well as it's already serving up JSP and PHP. I even attempted to get an ASP module happening through Apache but that didn't quite work out.

I guess it's a bit frustrating that I haven't been able to set up coldfusion at home for a bit of fun that isn't real work... If anyone's had better successes than I, please post and let me know how you went about it...

Monday, March 5, 2007

My first post

Well this is my first post to kick things off, I'll try to add stuff as I have time (which is pretty limited at the moment thanks to a little 18 month old fella, hehe)...