Archive for the ‘Development’ Category

« Older Entries
Oct
28
2009

Fuzz Testing for Reliability

In a course on writing secure software here at University we looked into the practice of fuzz testing. That is, generating arbitrary information to be used as inputs for software. Apparently this is a very high cost:benifit practice in secure software development and testing.

Around 1990 the National Science Foundation provided grants for research regarding operating systems reliability testing, one culmination of efforts was presented in a paper written by Barton P. Miller, Lars Fredriksen and Brian So; (Paper). In this work the claim was made that many of the assumed reliable operating system utilities could be broken using the basic technique of fuzzing:

Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33% of the utility programs on any version of UNIX that was tested. This report describes these tests and an analysis of the program bugs that caused the crashes.

For our purposes we created a quick program in C, and used a simple bash scripting test bench to perform many iterations of each test:

fuzz — Source for the fuzzer, used by the following script. Very limited functionality, by no means is this a product for use in any setting other than academic investigation.

(more…)

Posted in Security | No Comments »

Aug
09
2009

Creating a Custom EditForm for a SharePoint List

There is a saying that goes “when you have a hammer, everything looks like a nail”. In the case of SharePoint lists sometimes they get carried away from  their designed nature and used to store massive data sets. The more columns loaded into a list, the slower it typically performs. This is especially the case for ‘lookup’ columns which may query lists other lists (or even itself) and return a massive data set that needs to be rendered as user controls.

Once traveled down this road the only preventative maintenance you can do is clean up and move your data to another location (relational database) or create some custom forms for your users to access. These forms can display a subset of the lists fields so that a user may be access something more performant for their purposes. This is a very simple task when you realize how to do it, screen shots will explain this quite quickly: (more…)

Posted in Microsoft | No Comments »

Aug
09
2009

Customizing the SharePoint List Menu Bar

Microsoft’s SharePoint services are very good at meeting some generalized needs for information storage and organization. I won’t go down the rabbit hole of discussing how SharePoint lists should never be used to represent data that is inherently relational. Given that you can get a site up and running in a matter of seconds it is very difficult to customize and extend the out of box functionality. One particular need people might have when using SharePoint lists is to modify the default menu buttons. In particular we created several new display and edit forms for a monolithic list we were using, we needed a way to let users navigate to these customized pages.

In this article I will explain how to take the standard menu bar like this:

StandardMenuBar

Standard menubar might not provide enough functionality.

Through post-processing DOM Manipulation accomplish something like this:

CustomizedMenuBar

Added new buttons, removed one, and created a second row.

I tried to write these customization scripts in a manner that would allow for them to re-usable by someone else for the same purposes. They are separated into two files, one is a toolkit containing common functions used through this hack and the other is the actual ‘main’ which contains all page specific information.

Firstly lets look at where to put the code in at; every list creates a DispForm.aspx which is filled with bunches of <asp:content> tags. We need to put a link to the javascript customization files in between on of these <asp:content> tags to make sure it gets executed on the users page. For my purposes I put the calls inside the the “PlaceHolderTitleAreaClass” like this:

<asp:Content ContentPlaceHolderId=”PlaceHolderTitleAreaClass” runat=”server”>
<script id=”onetidPageTitleAreaFrameScript”>
document.getElementById(“onetidPageTitleAreaFrame”).className=”ms-areaseparator”;
</script>
!– Call to the Customization Script –>
<script src=”http://prod.servername.intranet.local/resources/script/toolkit/toolkit.js”>
<script src=”http://prod.servername.intranet.local/resources/script/sharepoint/customization.js”>
!– End Call to Customization Script –>
</asp:Content>

You can see here I am linking to my javascript toolkit, which has many of the common functions I use, and the particular pages customization script. First lets look at the customization script. This will help you to see what I am doing on the page, I caution you however that this will appear as an extreme hack… mainly because it is.

customization.js — Download this file and I will explain what I am doing as you read through.

iD is a variable that we are storing to represent aspx pages overall ID.

source is a variable that we are going to store the return address for any of the links that we are building.

tableID variable is the specific html id of the table that we will be manipulating, this has to be hard coded in the customization file. Basically you need to find the parent table of the control we are modifying, I will leave you to figure this out.

We are going to get the html element table and start modifying the dom. From here on you should be able to see how iterated through using two worker functions; addButton and addSeperator.

toolkit.js — Download this file and I will explain what I am doing as you read through.

The functions and their comments should be most likely self explanatory except for addButton which might look quite daunting. This is because I tried to follow the convention of how they have created the container for buttons. I nested the concatenation like the html should appear for readability, but to me it still looks like junk and I wrote it.

So, in recap we essentially are hacking up the menu item on each client after the page loads. This is a nasty hack in my opinion and I would much rather have modified the actual control, however the way that SharePoint was designed makes it very difficult for a developer who doesn’t have access to the whole production environment. Over a period of about a year we didn’t see any data corruption from building out the aspx links in this manner, I would consider this hack safe for the data in your list and unobtrusive enough that someone with limited access (ex. SharePoint Desginer) can get it in place.

Posted in Microsoft | No Comments »

Jul
09
2009

Install (Set up) Aptana Studio on Ubuntu x64 Revisited

Aptana Studio just updated to version 1.5, this means great things for the native linux users! Now all you need to do is simply extract the tar some place and run the AptanaStudio script. For my purposes I extracted the tar to my desktop then:

sudo mv ~/Desktop/Aptana\ Studio\ 1.5/ /usr/local/aptana
sudo ln -sf /usr/local/aptana/AptanaStudio /usr/local/bin/aptana

Now you can run Aptana Studio by typing ‘aptana’ in your terminal or create a nice menu icon for the program. Happy developing!

Posted in Development Environments | 4 Comments »

Jun
16
2009

O/R Mapping with the iBATIS Framework and iBATOR (iBator, MySQL, Spring)

When working on a software system that is backed by a persistence layer such as a database the developers need to mitigate that connection through some means. Object-relational mapping gives developers the ability to interact with an object instead of sql queries, stored procedures or something else.

The iBATIS framework provides data mapping in a simple and flexible manner and mitigates the transfer of data between your objects and relational database. You can use the full power of SQL without writing a single line of JDBC code. With iBATIS data access objects you can abstract the persistence implementation of your application. Coding to the DAO’s provided by iBATIS will enable your project to be dynamically configured to use different persistence mechanisms through one common interface.

iBator is a code generator for iBATIS. It will introspect a database schema and generate iBATIS artifacts. iBator can be run as a plugin for eclipse, once configured to the database any changes in tables can be quickly enveloped in the iBATIS layer by simply running the iBator generator over the changed database (can also be run as an ant task or a stand alone JAR).

For this project we will be working with Eclipse, iBator, MySQL and Spring. I will be using an example project that I am working on with some friends codenamed ‘chapplet’.

(more…)

Posted in Java | 10 Comments »

May
01
2009

Install (Set Up) Git and Gitosis on Ubuntu

Git is a free distribution revision control initially created by Linus Torvalds for the Linux kernel development. Git is different from subversion in several was, a good solid reference for explanation can be found from a 2008 RailsConf talk on Git by Scott Chacon: (Link).

I will be using Gitosis for this setup, Gitosis is a tool written for Git that helps in the setup of secure access controlled repositories. It will manage multiple repositories under one user account on the host machine. Using SSH keys to identify users, your repositories will be securely accessed and controlled. One large advantage to Gitosis is that your users will not need shell accounts on the machine to access repositories, they will however speak to a singular account what will not allow arbitrary commands.

Git is very local in nature, with remote distributed features. One major thing to wrap your head around is that git resides on your machine and tracks files locally, so if you create a new file and want git to track that file you need to let git know through the add command. Git also has remote locations that give it the ability to push to a, you guessed it…, remote location. You can add many remotes, typically you will see the “origin” remote location in most projects, we will be using origin in this article.

Before you start with this, note that I will try to explain every step as best possible. Some of the other guides out there will lead you along without the explanation, do yourself a favor and avoid the temptation to try and do this quickly… understand as much of git as possible, it will save you time down the road.

(more…)

Posted in Development Environments, Networking | 15 Comments »

Apr
23
2009

Install (Set Up) OpenGoo on Ubuntu

OpenGoo is requires PHP 5.2+, MySQL 4.1+ and Apache 2.0+ so to get your AMP stack installed you can run the taskel command here:

sudo tasksel install lamp-server

Now there are more things you might want to address regarding that install, there is quite a bit of configuration that I hope to cover in a later post. The default install should be adequate except for a change to the php setup, you will want to edit the /etc/php5/apache2/php.ini file. Find the “memory_limit=” line so that you can modify it from probably 16MiB to 32MiB, OpenGoo requires at minimum 10MiB but we moved this to 32MiB just to be safe. Also you will want to install the gd module for php:

sudo apt-get install php5-gd

Once that is completed you can move on to the install. First thing will be to create a schema in your database, and a user that has access to that schema. I suggest giving the user access specifically over the localhost connection and none other. Once the database is prepped you just need to download opengoo and unzip it into a folder in your webroot. Navigate to this folder using your web browser and opengoo will ask you for some database credentials… and your finished.

If you have any tips and tricks with this software I would be happy to hear about it!

Posted in Development Environments | 2 Comments »

Mar
09
2009

Install (Set Up) Jflap on Ubuntu

Jflap is great software for experimenting with formal language topics, you can construct and test examples and view them in a visual manner that would take way too much time on paper. Jflap handles the following language topics:

  • Nondeterministic Finite Automata
  • Nondeterministic Pushdown Automata
  • Multi-tape Turing Machines
  • Grammers, Parsing and L-systems

(more…)

Posted in Languages and Compilers | No Comments »

Mar
08
2009

Install (Set Up) WordPress from Subversion

This is a quick and simle guide, installing from subversion is fantastic because you pull down the most recent version from the beginning and doing updates is as simple as running another subversion command in the webroot. Make sure you have subversion installed by running this command:

sudo apt-get install subversion

Get WordPress Files

So to install wordpress from subversion go ahead and make a directory someplace in the webroot and run this command to pull down wordpress:

svn co http://svn.automattic.com/wordpress/trunk .

Now remember that trailing period, that will specify to copy to the directory that you are in.

So when you want to do an update all you have to do is go back to that directory in which you pulled down wordpress and type:

svn up

Prepare the Database

The very basics, you need to create a new schema and user, give that user permissions to the schema from a local connection. I would supply some pretty pictures for this right now but for some reason I cannot connect to my own database at the moment…. Grrr. I will solve that later

Setup a configuration file

You should still have your terminal in the directory the blog was in, now we have to setup a configuration file to finish the install. Run this command to move the sample configuration file to the configuration file that wordpress is looking for:

mv wp-config-sample.php wp-config.php

Now you need t o edit that config file to have the proper variables for your database.  Here is an example, most of the settings are strait forward however you may want to change your table prefix for security/database reasons:

define(‘DB_NAME’, ‘putyourdbnamehere’);

define(‘DB_USER’, ‘usernamehere’);

define(‘DB_PASSWORD’, ‘yourpasswordhere’);

define(‘DB_HOST’, ‘localhost’);

$table_prefix  = ‘wp_’;

I typically install all blogs to a single schema in the database, so changing the table prefix is something that is very important so they can all co-exist.

Posted in Server Administration, Web Development | No Comments »

Feb
26
2009

Install (Set up) Aptana Studio on Ubuntu x64

I have used Aptana Studio in the past under windows and loved the development environment… especially code completion for the fancy javascript libraries. Aptana is really easy to install under windows but its a little less easy under linux (at least until someone in the ubuntu realm packages it).

UPDATE: With the new Aptana Studio these directions are obsolete, see here.

JVM

You will need the jvm to run aptana, some of you might do what I do on a new ubuntu install and get the ‘ubuntu-restricted-extras’ however aptana requires a 32-bit jvm to operate. Run this command to pull down the 32-bit java6 binaries:

sudo apt-get install ia32-sun-java6-bin

*Not Required* Now if you want to run everything on your machine under this jvm then you can run this command to switch to the 32-bit jvm:

sudo update-alternatives –config java

This will give you a screen where you can select from the jvm’s installed.

XULRunner

XULRunner is a runtime environment that has replaced mozilla’s gecko environment. You will need to nab XULRunner 1.8.* even though your machine probably already has XULRunner 1.9.* installed. The new XULRunner is not compatible so you will need to download a 1.8.* version from mozilla directly. Unzip the contents of the tar.gz and move them to a /usr/lib directory, I unzipped my tar.gz to my desktop:

sudo mkdir /usr/lib/xulrunner-1.8.1.3
sudo cp -R ~/Desktop/xulrunner/* /usr/lib/xulrunner-1.8.1.3

Get Aptana and move it to the proper place

Now go and download aptana and unzip it onto your desktop. Then run the following command to move aptana from your desktop to the /usr/local directory.

sudo mv ~/Desktop/aptana /usr/local

Create a Launch Script

Create the following launch script in the aptana directory (/usr/local/aptana) name it aptana.sh or something else that makes sense to you.

#!/bin/sh
MOZILLA_FIVE_HOME=/usr/lib/xulrunner-1.8.1.3
if [ $LD_LIBRARY_PATH ]; then
LD_LIBRARY_PATH=$MOZILLA_FIVE_HOME:$LD_LIBRARY_PATH
else
LD_LIBRARY_PATH=$MOZILLA_FIVE_HOME
fi
export MOZILLA_FIVE_HOME LD_LIBRARY_PATH
/usr/local/aptana/AptanaStudio -vm /usr/lib/jvm/ia32-java-6-sun/jre/bin/java

You will then want to change the permissions of the script to make it executable:

sudo chmod a+x /usr/local/aptana/aptana.sh

Now with that script you can create a symbolic link to the /usr/local/bin directory and/or add a item to your menu:

sudo ln -sf /usr/local/aptana/aptana.sh /usr/local/bin/aptana

I did both just to try them out and it works great.

Happy Coding!

Resources:

Installing Aptana Studio Standalone on Ubuntu Intrepid 64bit (Aptana Forums)

Installing Aptana Studio on Linux (Aptana Documentation)

Posted in Development Environments | 1 Comment »

« Older Entries