Thursday, July 31, 2008

Neat CFC timesaver for hacking

Once your Model Glue apps get bigger, it can take quite a while to reload the app each time you make a change.

There is a simple trick I have been using with Model Glue controllers for a while, a CFINCLUDE inside a function is still dynamically evaluated per request and isn't cached from startup like the controller CFC.

Just move your CFML logic into another file, CFINCLUDE it, hack away for a while and then copy back in once you have finished. I avoid a lot of framework reloads this way.

OpenLayers Architect

Erik Hazzard just posted an update about his GSoC 2008 Project OLArchitect.

OLArchitect is a web based gui/gui for building maps using OpenLayers, it's looking promising. No Mapguide support yet tho :(

For anyone who considering building a web based map interface today, OpenLayers is the must use Swiss Army knife for web mapping.

Forget using the Google Maps API, Virtual Earth, Yahoo or anything else. OpenLayers can handle all these different maps using one API.

It means you can change mapping providers or servers without having to re-code all your mapping javascript to another API.

If your a developer you will love this because all the support is there under a single API.

From the business side of things, not being tied to a propriety vendor API means your investment is more flexible and can easily respond to changes.

The future of mapping is open source!

Monday, July 28, 2008

SQL Injection, lets look at the php version

Following the attacking Coldfusion post over at 0x000000, which seems to of inpsired a lot of SQL injection attacks against CF sites, a new post PHP Logic Flaws goes through the whole problem of trying to make unbound sql secure, without ever mentioning that using bound queries would avoid all these problems...


iPhone edition of The Age is better than the real one

In yet another modern irony, in the race to support the iPhone ( and all other smartphones like my N95), The Age newspaper has a minimal ad-free 'mobile' edition that is much nicer than the current mess.

If you do plan on reading stuff like this with your N95, I would highly recommend using Opera Mini over the built in browser.

Most websites seems to have a mobile version under either and / or, personally I like the m. version, not as clear but easier to type!

Sunday, July 27, 2008

A Question for Emo Man

I have a question for Australia's Emo Man who is continually being asked about his Leadership.

Which of the following demonstrates leadership?

  1. Being at the head of the pack in terms of addressing climate change so you can advocate the big polluters to do the same.
  2. Waiting for the big polluters to change first before doing something
Brendan seems to be forgetting that Australia was the laughing stock of the world for refusing to ratify the Kyoto Protocol whilst trying to be taken serious on climate change. Kevin signed it, Australia got it's voice back.

You know, if your sit on your hands Brendan, you can't put your hand up to speak...

Do you want to be heard?

Friday, July 25, 2008


There's been a lot of SQL Injection attacks against Coldfusion following the attacking coldfusion article a few weeks ago. There are lots of very old CF apps out there and some newer ones which are a little slack when it comes to using CFQUERYPARAM.

I have a simple solution which could be easily added to Coldfusion. All we need is a STRICT option to disable cfml variables within CFQUERY, still allowing flow control tags, but any attempt at output in the cfquery will throw an error.

This could be configurable as STRICT, OPTIONAL or NONE at the server/application level and there could be an override option on the CFQUERY tag which would still throw in the STRICT mode.

With this enabled, testing any application for this problem would become a walk in the park.

Thursday, July 24, 2008

ABC Launches iView

The ABC in Australia just launched their Internet TV service, called iView.

It looks pretty nice, all done in flash (not silverlight!)...

still lacking the option to watch live TV over the net as of yet, but they do have Doctor Who!

Optus, please add this as unmetered content!

Using Coldfusion with Mapguide Open Source

A long time ago, back in the old days, when Mapguide was only available as closed source, windows only commercial product, Coldfusion (4.x C++ days) was bundled for free along with Mapguide.

As a result there are a lot of spatial shops who (have) used Coldfusion. Mapguide Open Source doesn't list CFML as one of development languages supported, it does however, support Java.

To get access to the Mapguide API in Coldfusion it's quite easy, simply copy the following directories over into your Coldfusion lib directory (just make sure you choose to also install the java api when you install the webserver extentsions).

copy 'C:\Program Files\MapGuideOpenSource2.0\WebServerExtensions\www\WEB-INF\lib\*.*' C:\ColdFusion8\lib

copy 'C:\Program Files\MapGuideOpenSource2.0\WebServerExtensions\Tomcat\bin\*.*' C:\ColdFusion8\lib

Restart Coldfusion and then you can start to use the Mapguide WebApi

To get started, this is how you initialise the connection the Mapguide server in CFML

// Initialise the webtier connection
webconfigloc='C:\Program Files\MapGuideOpenSource2.0\WebServerExtensions\www\webconfig.ini';

//Setup a session
mgUserInformation.setMgUsernamePassword(username, password);

//Create a session;

//Get the resource service

The examples are pretty much all in PHP, but that's pretty easy to translate to CFML. With the above example, you can then simply dump the resourceService to see what's available.

Wednesday, July 23, 2008

New facebook design has teething issues

I can't log into the facebook at the moment, I keep getting redirected between the old and the new site, eventually, I get the nice graceful error message in Firefox "Redirect Loop."

Spying with livehttpheaders, I can see the site redirecting me back and forth between between the old and the new home...

Some older browsers needed to be killed when they hit something like that..yuk!

GET /home.php HTTP/1.1

HTTP/1.x 302 Found
Date: Wed, 23 Jul 2008 04:19:03 GMT
Server: Apache/1.3.41.fb1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

GET /home.php HTTP/1.1

HTTP/1.x 302 Found
Date: Wed, 23 Jul 2008 04:18:57 GMT
Server: Apache/1.3.41.fb1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Cnection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

and back to were we came from and over and over and over again

ah well, time to get back to work done.... I haven't found a fix yet either

Of course there's no refer being passed and thus no sanity check to see if it's redirecting in a loop....

There's a nice analysis of how bloated Facebook currently delivery method is over at nerdlife, basically it's the sheer volume of javascript, css and images required for a single page.

That's why facebook really suffers from bandwidth congestion, like when your housemate is downloading heaps on Bittorrent without limiting the bandwidth use

Saturday, July 19, 2008

Mapguide Tile Cache Seeder

I just uploaded the first cut of my Tile Cache Seeder to the Mapguide wiki.

It uses Openlayers and basically will pan and scan over your entire map, thus
seeding the tile cache. It can also be used with any tiled map accessible via Openlayers.

I did try using the Facilities Map Tiling Engine but it was difficult
to get working and wouldn't work with a remote server without playing around with a
firewall, whereas, this pure client side solution just works :)

Friday, July 18, 2008

Serving Mapguide Tiles via Apache

A while ago on the Mapguide Internals list there was a discussion about tiling and Jason Birch mentioned it would be good to be able to serve tiled maps directly from the webserver.

This has a number of advantages

  1. By serving directly via apache, cache headers are added which makes tiled maps proxy-able
  2. The Mapguide server process isn't involved which frees up Mapguide server processes
So I got inspired and set to it, my examples uses the sheboygan example

I extended the support for Mapguide tiles in openlayers with a boolean flag called 'useHttpTile' which when set to true, calculates tile url to match the internal tile cache pathing, as used by the TileService. The layer url becomes the exposed directory like /sheboyganTiles/
var layerOptions = {
singleTile: false,
useHttpTile: true,
buffer: 0]

The next step was to expose the specific tile cache directory via Apache. Rather than exposing the entire TileCache directory which is a potential security risk, I choose to simply expose a single map's tilecache directory.

I added these lines to http.conf
<Directory "C:/Program Files/MapGuideOpenSource2.0/Server/Repositories/TileCache/Samples_Sheboygan_MapsTiled_Sheboygan/">
Options Indexes
ErrorDocument 404 /mapguide/seedSheboyganTile.php
Header set Cache-Control "max-age=86400, public"
AllowOverride None
Order allow,deny
Allow from all
Alias /sheboyganTiles/ "C:/Program Files/MapGuideOpenSource2.0/Server/Repositories/TileCache/Samples_Sheboygan_MapsTiled_Sheboygan/"
When the tile is missing, it redirects to a php error handling script. It extracts the tile details from the image path, calls the Mapguide API and then returns the tile.

Initially I was redirecting to the Mapguide Server url, but Jason tweaked the script to call GetTile. This removes the number of http requests when seeding.

Error messages are set in the http status header, coz usually these requests will be images (hence html won't be displayed) and they can be seen when using livehttpheaders.

Sunday, July 13, 2008

Yey another lame attack on Coldfusion

I have been following the 0x000000 # The Hacker Webzine blog for a while and was really dumbstruck when i read the following article Attacking ColdFusion.

It was one of the lamest "security" notes I have read in a while, utterly rubbish, valid, but there's nothing really Coldfusion specific in there and all the potential holes described some require some dumb configuration changes or setup.

Sure there are might be some old vulnerable apps out there, as there are for php or asp, but best practise is oft discussed & preached in CF land and the same criticism's could be applied to most programming languages ....

I wait with baited breath to hear of exploits that were reported to Adobe, fixed and then rolled out as a update being publicised....

meanwhile, CF continues to be a pleasure to work with :)

Friday, July 11, 2008

Whats the point of a 'low impact' ETS

The climate change debate just gets dumber and dumber down under.

Brendan "EMO MAN" Nelson now wants a low impact ETS in 2012

ETS means Emission Trading System

I think he's missed the point, the only reason you have an ETS is to force change through simple economics. Sure, it can be abused, but the intent is important.

A low impact ETS will achieve nothing, it has to be broad, it has to be painful or there's no point.

Brendan (and the liberal party) have never understood what leadership is about. Waiting for developing countries to implement an ETS is just plain stupid. Australia is already economically damaged because we have waited so long to put an ETS in place.

2012 is too late, 2010 is still to late but reasonable, either way the blood is still on the Liberals hands for the damage to the Environment and the Economy (the first one is more important BTW Brendan)

don't forget who ran the country for the last decade either Brendan! Guilty!

Had the Liberals actually done something about this, Australia would of already been well down the track to reducing our dependence on coal, but they didn't and we still are...

and sticking with the leadership theme (I'm ranting, i know) after seeing Malcom Turnbull the other night on Lateline, I'm even more depressed....

Kevin Rudd last year wanted to show he was greener than anybody else and so he said, "I will do it better than that, I will do it in 2010." He had no basis for knowing he could do it in 2010. And our only point is the scheme should be launched when it's ready.

don't you just love the sense of urgency in his attitude? Leadership is about setting goals and then making them a reality.

Keep up the good work Kevin Rudd! don't let the dithering idiots distract you :)

FDO Database provider performance problem

There was a thread over on the FDO User Mailing list a few weeks ago about PostGIS performance problems

If you follow the thread, there is some discussion of how the provider accesses data, it seems that rather than accessing columns by index, they are accessed by column name which is a lot of overhead (ie string matching).

This is the exacerbated by the select * from table approach used in Mapguide which really slows things down when accessing tables with lots of ADMP metadata columns as used with Autodesk Map.

An easy workaround is to create a view which only contains the columns you need for your layer.

Wednesday, July 09, 2008

FusionHDTV PIP Quickstart

I have a DVICO dual digital 4 which i am running under XP so I'm using the bundled FusionHDTV program (v3.68 which crashes a fair bit, whilst still showing tv until you press close). I wanted to use it with Linux, but there aren't any drivers available for the latest revision of the card.

I found it a little confusing to start with, the manual was a bit lacking but the FAQ on the site seems to cover most common things.

The first thing which made me scratch my head was the the control panel has the extended menu hidden by default. Where is the EPG (Electronic Program Guide) button ?

To open it, click the 'up arrow' or caret under the rewind button.

There are a number of options here like EPG and PIP (Picture in Picture)

If you click the PIP button, a smaller window will be overlaid in the corner of the main channel, with an extra menu in the bottom right hand corner. You can change the PIP channel by clicking on the channel

Then a list of the channels pops up to select from.. Simple

There are other buttons on the extended menus but i'll leave that up to you to explore :)

What I would love to know is how to show the EPG on my TV screen via S-VHS and not on the primary LCD screen, you know, so i can couch surf.. grr anyone?

Tuesday, July 08, 2008

Queensland Spatial Industry Conference 2008

I'm heading up to the Gold Coast next week for the Queensland Spatial Industry Conference 2008.

Sam Majid and I will be presenting as part of WORKSHOP 8,
OPEN SOURCE GEOSPATIAL: HOW CAN YOUR ORGANISATION TAKE ADVANTAGE? which is being sponsored by Autodesk Australia and supported by the Open Source Geospatial Foundation.

The future of mapping is open source, so if your are interested in learning more about Mapguide and other open source mapping projects like Openlayers, come along!

Friday, July 04, 2008

Australian Public Ticketing Madness

There is some sheer and utter madness going on down under...

Public transport is pretty common around the world, but for some reason the State governments here like the pain and expense of attempting to develop their own ticketing systems, over and over again....must be all the free lunches

Currently Victoria and New South Wales are developing their own systems, Myki and TCARD respectively.

What an utter waste of time and money.... two expensive systems which are going to be most likely 'incompatible', 'late' and out of date on implementation...

Time to consider nationalising public transport, lets face it, the states are failing miserably, they don't have the cash balls to build new public transport and it's the only way we are going to really get things moving...

Lets consider making public transport free nationwide.. Save a few billion bucks on these dumb new ticketing systems, plus the saving on inspectors and the whole ticketing infrastructure.

It does mean we are going to open the flood gates when it comes to public pressure for new train lines and the like, but lets face it, we need it.

Public transport is becoming free in Melbourne by stealth, it's quite common to get to a train station or tram and find the machine don't work...