java.policy file

While it’s not preferred or even ‘secure’, sometimes the need arises to ‘open’ up the Java security model.   Fortunately this is an easy task.

This is located in a file named ‘java.policy’ in the “JRE/lib/security” folder.

Default file (from JRE 1.5.0.x) resembles the following…

// Standard extensions get all permissions by default

grant codeBase “file:${{java.ext.dirs}}/*” {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See “http://java.sun.com/notes” for more information.
permission java.lang.RuntimePermission “stopThread”;

// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission “localhost:1024-“, “listen”;

// “standard” properies that can be read by anyone

permission java.util.PropertyPermission “java.version”, “read”;
permission java.util.PropertyPermission “java.vendor”, “read”;
permission java.util.PropertyPermission “java.vendor.url”, “read”;
permission java.util.PropertyPermission “java.class.version”, “read”;
permission java.util.PropertyPermission “os.name”, “read”;
permission java.util.PropertyPermission “os.version”, “read”;
permission java.util.PropertyPermission “os.arch”, “read”;
permission java.util.PropertyPermission “file.separator”, “read”;
permission java.util.PropertyPermission “path.separator”, “read”;
permission java.util.PropertyPermission “line.separator”, “read”;

permission java.util.PropertyPermission “java.specification.version”, “read”;
permission java.util.PropertyPermission “java.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.specification.name”, “read”;

permission java.util.PropertyPermission “java.vm.specification.version”, “read”;
permission java.util.PropertyPermission “java.vm.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.specification.name”, “read”;
permission java.util.PropertyPermission “java.vm.version”, “read”;
permission java.util.PropertyPermission “java.vm.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.name”, “read”;
};

The replacement to remove all restrictions…

grant {
permission java.security.AllPermission;
};

Just be sure to restore your settings back to ‘normal’ before visiting any untrusted websites or java applications.

MSIE6 background-image caching (or lack of it…) and flickering

This has been an annoyance of this (IMHO very buggy) browser since it was first beta tested. Earlier (5.x) and newer (7.x) versions do not exhibit this problem.
For some reason Microsoft developers broke the caching mechanism for background images, particularly when defined in CSS. This makes for slow screen painting as well as wasted network traffic as each occurrence of the image becomes a new HTTP request to the webserver. This also causes a notable delay in those images painting on the screen and ‘flicker’ when the images are used in CSS rollover effects. Since the image obviously isn’t changed it results in many ‘HTTP 304 Not Modified‘ entries in the server logs.

Fixes…

1. You CAN/SHOULD set the Expiry for the images, however this can be problematic. Since I typically run Apache HTTPD, those instructions follow:

a) Set an explicit expiry time based on MIME types in the http.conf file.

[instructions in separate post]

b) Enable .htaccess for the server and allow its usage in individual folders on the server.

[instructions in separate post]

c) Use client-side technologies to hack around the problem…. you can use many CSS tricks, but I’ve found that JavaScript is the easiest (most compatible) method.

Add the following to a method executed in the onload event of the page…

<script type=”text/javascript”>
try {
document.execCommand(‘BackgroundImageCache’, false, true);
} catch(e) {}
</script>
NOTE: MSIE will execute the Javascript, Mozilla and other browsers will throw an exception and wind up in the catch block… which ignores the problem.

UPDATE:
With the use of conditional comments, this can be added to an MSIE specific JS file, or even better an MSIE specific CSS file containing the following:


html {
filter: expression(document.execCommand("BackgroundImageCache", false, true));
}

REFERENCES:

OpenDNS

I’ve used EveryDNS (free service) for years to host my DNS services.    Recently I found that they now offer public DNS service for lookups as OpenDNS.   While I still run my own private DNS server for caching and various private addresses.  I now do a simple forward lookup to their servers to gain the extra services they provide… notably Phishing  and typo protection.

Setup is very simple for most users, and even a non-technical person should have no problems following their installation instructions for a single computer/device or an entire network.
Happy networking!!!

Windows file cleanup/housekeeping

Since I routinely run WAMP servers (see previous article) and develop primarily on Windows machines, I find that a lot of garbage remains on these machines. Often these files are created temporarily and not deleted and/or are created for some perceiver performance gains. Additionally, its often nice to schedule cleanup operations for times when you are not using the machine…. here’s a few common items to consider.

@echo off echo ======= DELETES =========
del /q %windir%*.log
del /q %windir%*.tmp
del /q %windir%securitylogs*.*
del /q %windir%SoftwareDistributionDataStoreLogs*.*
del /q %windir%msdownld.tmp*.*
del /q %windir%$hf_mig$*.*
del /q %TEMP%msdownld.tmp*.*
del /q %TEMP%*.dat
del /q %TEMP%*.log
del /q %TEMP%*.tmp
del /q %TEMP%*.xpi
del /q %TEMP%sess_*.*
del /q %TEMP%logs*.*
del /q c:*.log
del /q c:logs*.*
del /q /s %USERPROFILE%*.dmp
del /q /s %USERPROFILE%SIDisttemp*.*"
echo ======= Prefetch ==========
del /q %windir%Prefetch*.*
echo ======== DEFRAG ===========
%windir%system32defrag.exe c: -f -v >%TEMP%batch_defrag.txt
echo ========= done ============

Options….

echo ======== ANALOG ===========
cd c:analog6.0 analog +glocalhost.cfg
echo ========== IP =============
%windir%system32ipconfig.exe /all > %TEMP%batch_ip.txt
echo ======== NETSTAT ==========
%windir%system32netstat.exe -a > %TEMP%batch_netstat.txt

NOTE: this entry will be updated occasionally!

WAMP Servers

I often find myself administering WAMP (Windows, Apache, PHP/Perl/Python, mySQL) servers…. usually this occurs because it is better ‘supported’ (or perhaps ‘tolerated’) configuration in a corporate alternative to the more common LAMP (Linux… etc.) variety. This gives you the benefit of a centrally controlled operating system while maintaining a mostly open source server environment. Albeit with Microsoft’s poor security record, you’ll be patching it a LOT!

Many common distributions exist… here’s some helpful resources with downloads:

If you are a Java shop, you might also consider the following…

Configuration of each of these is a topic in it’s own right. If you need a shortcut to development, you may want to check out this!

Good luck!!!

CSS2 Colors

CSS Level 2 defines several additional color names that represent the special system-specific colors used by the operating system. These names should look look very familiar to prior developers of “Fat Client” software, primarily VisualBASIC and PowerBuilder.

NOTE: These work with MSIE 5.0+ and Mozilla/Netscape 5.0+, prior browsers “try” to interpret these colors as hexadecimal RGB (Red/Green/Blue) equivalents, resulting in a huge mess.

The colors shown below will be mapped from your current operating system settings and as such MAY vary from computer to computer!

CSS 2 Color Name Example (Using Background-color) Description
ActiveBorder Active window border.
ActiveCaption Active window caption.
AppWorkspace Background color of multiple document interface.
Background Desktop background.
ButtonFace Face color for three-dimensional display elements.
ButtonHighlight Dark shadow for three-dimensional display elements (for edges facing away from the light source).
ButtonShadow Shadow color for three-dimensional display elements.
ButtonText Text on push buttons.
CaptionText Text in caption, size box, and scrollbar arrow box.
GrayText Grayed (disabled) text. This color is set to #000 if the current display driver does not support a solid gray color.
Highlight Item(s) selected in a control.
HighlightText Text of item(s) selected in a control.
InactiveBorder Inactive window border.
InactiveCaption Inactive window caption.
InactiveCaptionText Color of text in an inactive caption.
InfoBackground Background color for tooltip controls.
InfoText Text color for tooltip controls.
Menu Menu background.
MenuText Text in menus.
Scrollbar Scroll bar gray area.
ThreeDDarkShadow Dark shadow for three-dimensional display elements.
ThreeDFace Face color for three-dimensional display elements.
ThreeDHighlight Highlight color for three-dimensional display elements.
ThreeDLightShadow Light color for three-dimensional display elements (for edges facing the light source).
ThreeDShadow Dark shadow for three-dimensional display elements.
Window Window background.
WindowFrame Window frame.
WindowText Text in windows.

Cheers!

Auto focus ‘first visible’ form field on page…

Occassionally there comes a need to set the focus within a web page to the first ‘visible’ form field, here’s the most convenient I’ve found thus far…

Implementation:
1. Add the following Javascript to the HEAD section of your page.

function formfocus() {
if(document.forms.length > 0)
{
var formElements = ["text", "checkbox", "radio", "select-one", "select-multiple", "textarea"];
var form = document.forms[document.forms.length-1];
for (var j = 0; j < form.elements.length; j++)
{
var field = form.elements[j];
for(var x = 0; x < formElements.length; x++)
{
if (field.getAttribute("type") == formElements[x])
{
field.focus();
return false;
}
}
}
}
}

2. Add the function call to the BODY tag…

<body onload="formfocus();">

That’s it! Enjoy!

Proxy Auto-config

There comes a need for many organizations (or individuals) to establish proxy servers on their network. This is usually done for reasons of security or network topology. While the use of proxy servers simpifies some aspects of networking, it comes at the cost of maintaining the browser configuration of every network device (usually browsers). Netscape provided a mechanism to automate much of this problem by allowing the browser to retrieve the proxy configuration from a centrally managed server.

The proxy autoconfig file is written in JavaScript, it should be a separate file that has the proper filename extension and MIME type when provided from a webserver.

The file must define the function:

function FindProxyForURL(url, host)
{
...
}

1. FILENAME EXTENSION:
.pac

2. MIME TYPE:
application/x-ns-proxy-autoconfig

3. REFERENCES:

4. ApacheHTTP config.

Add the following to the httpd.conf file:

Redirect permanent /wpad.dat {yourdomain}/proxy.pac
AddType application/x-ns-proxy-autoconfig .pac

5. EXAMPLE:

/* 'proxy.pac' - This is the main function called by any browser */
function FindProxyForURL(url, host)
{

if (isPlainHostName(host) || // No Proxy for Non FQDN names
shExpMatch(host, “*.localnet”) || // No Proxy for internal network
shExpMatch(host, “127.0.0.1”) || // No Proxy for LocalHost
shExpMatch(host, “localhost”) || // No Proxy for LocalHost
shExpMatch(host, “mailhost”) || // No Proxy for MailHost
dnsDomainIs(host, “giantgeek.com”) || // No Proxy
return “DIRECT”;

else {
return “PROXY proxy.giantgeek.com:8080; PROXY proxy.giantgeek.com:8090; PROXY proxy2.giantgeek.com:8080”;

} //End else

} // End function FindProxyForUrl

NOTE: Also see my ‘WPAD’ blog entry.

PHP on Apache 2.2 (Win32)

This came as a shock to me a while back, when i started evaluating an upgrade to Apache 2.2 from Apache 2.0.58. It seems that PHP doesn’t ship with a handler for Apache 2.2, as such after a huge headache and little bit of searching I found this article and downloads available at http://www.apachelounge.com/

It should also be added that other great binary assets are available at these sites/