gruchalski.com

Disclamer
In first words – no, of course it is not broken, it is working fine. But there is a specific issue with these two methods when the socket server is implemented incorrectly. I noticed I’ve been looking for the solution using these phrases and that’s why the post it titled like that.

I just finished writing an ActionScript 3 SWC library which is going to be used with Flex and Flash applications. The library uses Socket connection to provide some statistical information to the Java socket server. As part of the project I had to create simple socket server which simply writes what it gets to the standard output.

The code was working fine when running in Flex Builder debugger. However, as soon as I started the test application in the Flash IDE I found following problem:

• SWF was requesting policy file
• my Java socket server was serving policy file
• SWF was showing that it was connected
• any other messages sent to the socket were not coming through

Exactly the same problem appeared when I deployed Flex version on the external server. It worked while running in the debugger but not from the browser. So it was clearly something wrong with the socket server. Once the policy file was served any other communication wasn’t working. My socket server looked like this:

[sourcecode lang='java']
package uk.co.test;

import java.io.InputStream;
import java.io.OutputStream;
import java.net.ServerSocket;
import java.net.Socket;

public class SocketTest {
 public static void main(String[] args) throws Exception {
  System.out.println("Starting...");
  start();
 }
 public static void start() throws Exception {
  // create socket server
  ServerSocket ss = new ServerSocket(1234);
  for (;;) {

   System.out.println("Waiting for the client.");
   Socket cs = ss.accept();
   System.out.println("Connection...");

   InputStream in = cs.getInputStream();
   OutputStream out = cs.getOutputStream();
   boolean isConnected = true;
   StringBuffer soFar = new StringBuffer();
   byte b;

   while (isConnected) {
    // let it rest a bit:
    Thread.sleep(10);
    // read everything what's coming in:
    while ( (b = (byte)in.read()) > -1 ) {
     if ( b == 0 ) {
      // zero byte, process:
      String value = soFar.toString();
      // get the value
      if ( value.equals("
") ) {
       // policy file requested, sent the policy back:
       System.out.println("Policy file request.");
       String crossdomain = "";
       crossdomain += "";
       crossdomain += "";
       crossdomain += "";
       out.write(crossdomain.getBytes());
       out.write((byte)0);
       out.flush();
       System.out.println("Policy file sent.");

      } else {

       if ( value.equals("exit") ) {
        // if exit command received, finish:
        isConnected = false;
       } else {
        // just output the message:
        System.out.println(value);
       }

      }
      soFar.setLength(0);
     } else {
      // append the character to the buffer:
      byte[] buf = new byte[1];
      buf[0] = b;
      soFar.append( new String(buf) );
     }
    }
   }
  }
 }
}
[/sourcecode]

While looking for the solution I found the following article: Setting up a socket policy file server. Peleus Uhley from Adobe describes how to use policy files effectively. In What data is sent in the request and response? section of the article there is a solution..

Once Flash Player receives the socket policy file, it closes the connection and opens a new connection if the policy file approves the request.

Looking at the above socket server code I could now clearly see what’s wrong. Once the connection is accepted no other connections are coming in until the first client sends exit message. So I modified my socket server, here it is:

SocketTest.java

[sourcecode lang='java']
package uk.co.test;

import java.net.ServerSocket;
import java.net.Socket;

public class SocketTest {

 public static void main(String[] args) throws Exception {
  System.out.println("Starting...");
  start();
 }

 public static void start() throws Exception {
  // create socket:
  ServerSocket ss = new ServerSocket(1234);
  for (;;) {
   System.out.println("Waiting for the client.");
   Socket cs = ss.accept();
   System.out.println("Connection...");
   // create socket connection handler and run it in separate thread:
   new SocketHandler(cs);
  }
 }
}
[/sourcecode]

SocketHandler.java

[sourcecode lang='java']
package uk.co.test;

import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;

public class SocketHandler
implements Runnable {

 private Socket _client;

 public SocketHandler(Socket s) {
  _client = s;
  // create new thread from this instance and start it:
  Thread t = new Thread(this);
  t.start();
 }

 public void run() {
  try {
   // get client in/out:
   InputStream in = _client.getInputStream();
   OutputStream out = _client.getOutputStream();
   boolean isConnected = true;
   StringBuffer soFar = new StringBuffer();
   byte b;

   while (isConnected) {
    // let it rest a bit:
    Thread.sleep(10);
    // read everything coming in:
    while ( (b = (byte)in.read()) > -1 ) {
     if ( b == 0 ) {
      // zero byte, process what already came in:
      String value = soFar.toString();
      if ( value.equals("
") ) {
       // policy file requested, send it to the client:
       System.out.println("Policy file request.");
       String crossdomain = "";
       crossdomain += "";
       crossdomain += "";
       crossdomain += "";
       out.write(crossdomain.getBytes());
       out.write((byte)0);
       out.flush();
       System.out.println("Policy file sent.");

      } else {

       if ( value.equals("exit") ) {
        // exit command received, exit then...
        isConnected = false;
       } else {
        // just print the message to the stdout:
        System.out.println(value);
       }

      }
      soFar.setLength(0);
     } else {
      // append the char to the buffer:
      byte[] buf = new byte[1];
      buf[0] = b;
      soFar.append( new String(buf) );
     }
    }
   }
  } catch (Exception e) {
   // ignore
  }
 }
}
[/sourcecode]

The second socket server fixed the problem. It is working for connections with and without policy requests, from Flash IDE, Flex Builder and the browser.

It took me 5 hours to figure out the solution (process client connections in separate threads) so if you’re in the same situation as I was I hope this post helps you.

Right… just before SotR09 London I can’t get sleep. I just watched the Google Wave recording from Google I/O. After 5 minutes I had this feeling I’ve seen it somewhere already…, think, think! And BING ;) It was Microsoft OneNote.

All that real-time typing capabilities, dropping images, commenting is already in OneNote. Until I see and "touch" Wave I claim – Wave is OneNote on steroids. Is it going to be successful? I really don’t know, probably yes. I’m just not sure if I really want Google to know everything about me, where I go, what do I do in my spare time, what do I work on.

For a long time I couldn’t really understand what crossdomain.xml is for. Today, after finishing one the Flex projects I finally figured it out. At least one of two reasons. About 4 years ago Martijn de Visser described one of them – defending your internal network from the attacks. But there is another way reason why crossdomain.xml is good.

Let’s say I’m developing some smart module and I let people download and load it from their domains but there are some specific sites that I want to prohibit. I’m going to use this very simple module to demonstrate how this can be achieved.

[sourcecode lang='xml']


 

[/sourcecode]

Suppose that I let http://www.friend1.com and http://www.friend2.com use it but http://www.pron.com shouldn’t be allowed. When I modify the code a bit I will use Flash Player sandboxing to do so.

[sourcecode lang='as3']


 
  
 

[/sourcecode]

Next, I have to create following crossdomain.xml file:

[sourcecode lang='xml']

 
 
 

[/sourcecode]

The extended example in the conjunction with the above policy file protects this module from being used by the http://www.pron.com. When the module is created it simply calls home, policy file is returned and the module checks if the domain from which it is being used is allowed. Because http://www.pron.com is not on the list SecurityErrorEvent is fired and browser’s alert message pops up. Once the user clicks OK button he will be redirected to the module’s license. This is just a prototype but it should be quite solid.

I’ve created this code outside the IDE so it may have some bugs.

This approach should be very easy to apply in Silverlight as well.

It’s been a long time since I last blogged, I’ve been on holiday and following week was kind of busy. It turned out that in my last post, Thank you Adobe for removing me from feeds.adobe.com, I accused Adobe/feeds.adobe.com team of doing something that never happened. As johnb and Big Mad Kev pointed out the situation was caused by a failure in feeds.adobe.com system.

Previous post is totally my fault, I should have ask what happened before writing my post. It is a lesson for the future. I’m leaving that unfortunate post on my blog but I updated it with the explanation and link to this post.

Update: it turned out that removal of my blog from feeds.adobe.com was caused by a failure of the site’s database. I have published a blog post Adobe and feeds.adobe.com team, please accept my apology explaining what exactly happened.

I have to say I am really disappointed with this move. I really did not expected that. About a week ago my blog was approved for feeds.adobe.com. I just checked, when I try to ping my blog from here I see:

Adobe Feeds is not currently aggregating this site. If you would like your site to be added, use the Adobe Feeds Feed Submission Form to submit it for approval.

Now the question is, is this because of this post? I expected to be a persona non-grata in the ColdFusion community because of what I have been saying in the past. But that?! After Ben Forta answered my question with the statement that is now quoted all over the internet I asked:

Is this an official statement?

The answer was short: Yes. So what happened to the don’t kill the messenger rule?

Today I got my hands on fresh Windows 7 RC so I decided to give it a shot. I installed it on VirtualBox 2.2, VM with 1GB of RAM and I have to admit, I am impressed.

There is no visible changes in the UI, the only thing that’s changed is the installer, it is really nice, much nicer than any previous installer. But here is the thing, I couldn’t really enjoy it too long. Installation took only 22 minutes. I wanted to see how quick it is on the boot time. Fresh start, with login screen, 47 seconds… The interface is responsive straight away. That is very good result for Windows running on only 1GB of RAM. I would love to see it on a physical machine.

First impression – I like it. It feels like it is ready to rock. If I just wasn’t in love with Ubuntu… :)

Tom Chiverton has logged a support request in Adobe JIRA for Flex Builder for Linux. Quick recap – a week ago Ben Forta being asked what is the status of Flex Builder for Linux answered: the project is currently on hold. There is not enough requisition for the product to continue its development.

Developers want Flex Builder for Linux! Show your support, vote for it: http://bugs.adobe.com/jira/browse/FB-19053!

More information:

• http://thefalken.livejournal.com/86693.html
• /2009/04/22/flex-builder-3-for-linux-on-hold/

For the domain this blog is running on I have a separate GMail account, I wanted my server to relay all email there. I was searching quite a lot for detailed info on how to set up postfix correctly but could not find any. All information was scattered across different blogs, websites, forums. I just achieved the target and I thought I will share what I just learned.

All command below were executed under the root account. If an account used is not root use sudo and make sure it is a sudoer.

Confirm that the openssl is installed and if not, install it (on my Ubuntu 8.10 I had it installed by default). If CA certificate was not generated before it is time to do it. On Ubuntu it is nothing else than running following command from the terminal:

[source lang='bash']
/usr/share/ssl/misc/CA.sh -newca
[/source]

If an error is returned it may suggest that the CA.sh script is somewhere else. To find it simply execute following:

[source lang='bash']
find / -name 'CA.sh'
[/source]

and run the first command again with correct CA.sh path. While generating CA certificate the script will ask some questions, just follow the instructions, it is really short and painless process.

The next step is to install postfix.

[source lang='bash']
apt-get install postfix
[/source]

Answer the questions using default options, it appears that in most cases they are fine. Just make sure first question is answered with Satellite system option.

To make sure this process is going to work postfix must be configured with SASL and TLS support and on Ubuntu it was by default, indeed. It can be verified with following command:

[source lang='bash']
ldd /usr/lib/postfix/smtp
[/source]

Look for the line starting with the libssl. I bet it will be there. BUT if not, postfix must be reconfigured with SASL and TLS. Here is just one of the articles of many I found showing how to do it: Setup Email Services on Ubuntu Using Postfix (TLS+SASL).

Once postfix is running:

[source lang='bash']
cd /etc/postfix
mkdir certs
cd certs
openssl genrsa -out itchy.key 1024
openssl req -new -key itchy.key -out itchy.csr
openssl ca -out itchy.pem -infiles itchy.csr
nano main.cf
[/source]

To search for the string in nano use CTRL+W. Look for myhostname key. I have a mx.gruchalski.com value but gruchalski.com would work just fine. Next important bit is mydestination key. I have changed it to smtp.gmail.com and I will explain why in a second. Last key to change is the relayhost. Set it to [smtp.gmail.com]:587. At the end of the file add following lines:

[source lang='bash']
# auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd

# tls
smtp_use_tls=yes
smtp_sasl_security_options=noanonymous
smtp_sasl_tls_security_options=noanonymous
smtp_tls_note_starttls_offer=yes
tls_random_source=dev:/dev/urandom
smtp_tls_scert_verifydepth=5
smtp_tls_key_file=/etc/postfix/certs/itchy.key
smtp_tls_cert_file=/etc/postfix/certs/itchy.pem
smtpd_tls_ask_ccert=yes
smtpd_tls_req_ccert=no
smtp_tls_enforce_peername=no
[/source]

CTRL+O to save and CTRL+X to exit.

At this point /etc/postfix/sasl_passwd file does not exist yet, so:

[source lang='bash']
nano /etc/postfix/sasl_passwd
[/source]

Add these two files:

[source lang='bash']
gmail-smtp.l.google.com user@gmail.com:password
smtp.gmail.com user@gmail.com:password
[/source]

Make sure that the correct credentials are set. Save, exit the file and execute:

[source lang-'bash']
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix reload
apt-get install mailutils
[/source]

It is time to test postfix, that is why I installed mailutils.

[source lang='bash']
echo "Testing relay from terminal" | mail -s "Test relay" to@email -f from@email
[/source]

Well, the -f option is not going to work here anyway but it does not brake anything either :) If an email did not arrived please check /var/log/mail.log for details.

And now an explanation why mydestination key was changed. Let’s say my server name is funkyserver.com and from the terminal or Apache web server I am sending an email to d’oh@funkyserver.com. But I have a d’oh user on the server as well. Postfix is going to think oh, hang on mate, my name is funkyserver.com and you are sending an email to the user who BELONGS TO ME! I am so smart, I am not going to send it via GMail, I will just drop it to the /var/mail/d’oh mailbox!. That email will not appear in GMail. By changing mydestination I am telling postfix do not try to be smart dude, just send it to the outside world and let the others make the decision what to do with it.

The last thing to make sure is that the correct real name for the www-data account (used by Apache) is set. When a sent email is received it will have www-data-real-name <gmail@email> in the from field. By Changing it to WordPress for example, recipients will see it as WordPress <gmail@email> and not www-data <gmail@email>.

What about iptables and security? To make sure no one is going to use postfix as an open relay if it is incorrectly configured, just execute:

[source lang='bash']
iptables -I INPUT -p tcp --dport 110 -i eth0 -j DROP
[/source]

and save iptables rules.

Earlier this month I mentioned I have found an issue with mx.controls.textClasses.TextRange class. This problem was identified on Linux (Ubuntu 8.10 and 9.04 using Flash Player 10,0,22,87) and could not be replicated on Windows Vista and 7 with latest Flash Player. I had no chance to test it on OSX.

To visualize the problem I am using the code from my previous article, Building an SQL tokenizer in Flex, ported to AIR. I am just using a bit more SQL code. Once the application is started, placing the cursor in the TextArea and hitting CTRL+A causes the AIR application to be unresponsive. It stays like that for about 20, 30 seconds, in fact any attempt to change the selection repeats the issue.

The source of the test application can be downloaded from here. I tried logging a bug but it appears I can create an account in Adobe JIRA but I am not allowed to log in.

This post is an introduction to the next post that I am going to publish within next few days. It describes one of the features of MySQL on AIR, SQL code tokenizer, used for code coloring.

For those who have no idea what a tokenizer is there is a great introduction on Wikipedia. In a few words, the tokenizer is used to classify parts of a input data by splitting it to smaller chunks. Those chunks may be later used in a variety of ways, for example implement code coloring. This is what I am going to show further.
Read more »