Werx Limited

We make IT work.

WP-QREncoder Wordpress Plugin

Mar 4

Posted by wes in php, software development | No Comments

I managed to get an Android powered phone recently and quickly discovered the Barcode Scanner app is a common and seemingly preferred method of encoding and transmitting data in the Android community (and others as well I’m sure).

In less than a week I’ve grown to love the Android platform and I’ve already got a few ideas for some Android apps to write. But first I wanted to make sure I could post links to my apps using handy-dandy QR-encoded images easily within Wordpress.

So, borrowing somewhat from the WP-Footnotes plugin I set about to create the first rendition of the WP-QREncoder plugin for Wordpress.

This plugin is capable of encoding any string of text (specific use case is a URL) and is still in it’s infancy so I would appreciate any feedback you might have.

Download WP-QREncoder plugin here.

For more information (including usage) see the plugin’s permanent page here.

Oh, and here’s an example of the plugin in action:

  • Share/Bookmark

Tags: , , , ,

What do I do if my account’s been hacked?

Feb 23

Posted by wes in hosting, security | No Comments

A friend of mine recently asked me via Facebook what he should do if someone he didn’t know and wasn’t friends with on Facebook was able to access private information in he and his wife’s Facebook and email (and presumably other) accounts. Since this is a fairly common concern and question I figured I’d post my response below. Enjoy!

Most likely they have your password (which they might have gotten from a virus, trojan, back-door-worm, or something else.

While anti-virus is great (at this point I feel obliged to mention my employer, McAfee) one area constantly overlooked are apps on Facebook which are malicious. I just got through telling my wife not to install apps on FB unless she absolutely had to (which means, something you will use and use constantly). I used to be bad about installing all the poll and quiz applications on Facebook I came across until I went back through my installed apps one day and noticed that many of them weren’t even named the same thing they were named when I installed them.

So if you are worried that someone has hacked your online accounts the best thing to do is to immediately change all of your passwords. Make sure you use a strong password too (that goes for your wife as well as you).

Also, I highly recommend going through your Facebook applications and uninstalling anything you don’t use as they could be used to harvest your information. Not that you should remove them all (I love Mafia Wars) but if you were to read what a developer has access to you’d certainly think long and hard about each application you install ;-)

Finally, (for the super-paranoid) if you are using a wireless router you should certainly be using some form of wireless encryption (hopefully not WEP because it is vulnerable to attacks). Otherwise all of your information is being transmitted in the clear and can be easily captured with minimal effort.

It’s possible that this person might be getting your personal information another way (via ESP perhaps? :-P ) but I think the most likely culprit is your computer/network security.

There’s more that you can do to harden your systems against attack, but these are the most often used avenues of attack. If your adversary is a hacker let me know and I’ll continue listing things you can do to make your systems secure.

Good luck!

Next, we’ll look into some security products and practices that can help you secure your systems.

  • Share/Bookmark

Tags: , ,

Governments calling citizens to ditch Internet Explorer

Jan 28

Posted by wes in hosting, it industry, security | No Comments

Google was recently hit by an exploit McAfee has named “Aurora”. This exploit involves all versions of Internet Explorer (though version 6 is getting most of the attention) which has prompted the governments of France and Germany to warn it’s citizens not to use Internet Explorer at all.

Microsoft initially tried to claim that this exploit was trivial but has since issued an out-of-cycle emergency patch for all versions of Internet Explorer.

Looks like now is the perfect time to switch to one of the more superior browsers like Chrome or Firefox.

Here’s a video detailing how this hack works in action in case you are like me and interested in the juicy technical details:

  • Share/Bookmark

Tags: , , , ,

Passwords revisited

Jan 26

Posted by wes in hosting, it industry, security | No Comments

An analysis of 32million leaked passwords provided some interesting insights into the password selection practices of users. Among the key findings are:

  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.
  • Recommendations for users and administrators for choosing strong passwords.

Also, here are the top 10 most commonly used passwords they found:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

I’ve said it before, the first step in computer security is having a strong password policy.

  • Share/Bookmark

Tags: ,

Simple JSON-RPC updated to 0.9.5

Jan 12

Posted by wes in java, software development | No Comments

The simple JSON-RPC package has been updated to 0.9.5 It has undergone some extensive refactoring and now includes documentation, and an example project. The source to this package is also available here.

For more information (and for future updates), visit the new project page here.

If you are interested in using, contributing to, or reporting bugs for this project, contact us!

  • Share/Bookmark

Tags: , , ,

Password policy: Creating and remembering strong passwords

Jan 12

Posted by wes in hosting, security | 2 Comments

Passwords are often the weakest part of any security system, partly because we don’t take the time to make them strong enough, change them very often, or use the same one all over the place.

Strong passwords which include a combination of upper and lowercase letters, numbers, punctuation, and are not based on a dictionary word are often not very easy to remember. And if it’s not easy to remember, chances are we’ll either end up writing it down (bad idea!) or we’ll choose a simpler password. Additionally, since we are often faced with a myriad of sites which all require separate accounts (and passwords), using different passwords for each site we use tends to fall by the way side in favor of convenience.

It doesn’t have to be like this.

Here’s a technique I’ve found helpful for creating strong, easy-to-remember passwords. It involves coming up with a unique method of transforming a simple word into a strong password using a few simple rules. The beauty of this system is that, unlike a strong password generator, the passwords you come up with using a system like this are easy to remember and can be unique to each site you use them with.

Here are a few other strong-password-generating ideas:

No matter what you choose to use to help you generate strong passwords. It’s always a good idea to check your password’s strength to gauge how hard it would be for an attacker to guess your password.

  • Share/Bookmark

Tags: , , ,

Topic survey

Jan 8

Posted by wes in general, hosting | No Comments

What topics are you most interested in knowing more about? Take a minute to fill out the following short survey and let us know!

  • Share/Bookmark

Tags: ,

Taming the blogosphere with Google Reader

Jan 5

Posted by wes in general, hosting, it industry | 1 Comment

What are blogs?

Many of you are wondering what the big deal is with blogs. Well here is a short video on blogs and why they are important/useful:

What’s so great about blogs?

Aside from being able to access specialized information put out on a regular basis, there is one other reason I enjoy reading blogs and consider them to be an essential element in our modern forms of communication.

Blogs help you connect with people.

You learn a lot about someone’s character, thoughts, and passions if you follow what they say on their blog. The trouble is that since blogs are generally authored by one person on individual website it can become time consuming and cumbersome to visit each blog you’re interested in to check for and read any new posts.

How can I keep up with blogs?

The easiest tool I’ve found to help bring a variety of different blogs together into one place is by utilizing the RSS feed offered by most blogs.

Google Reader is a web-based RSS reader which requires a Google account and a little bit of setup, but once you get it going its pretty much automated and will allow you to check a number of blogs without having to spend time visiting each and every website to get updates.

Here is a short video to help you get started with Google Reader:

  • Share/Bookmark

Tags: , ,

New Year’s Resolutions

Jan 1

Posted by wes in general | No Comments

According to surveys, only 12% of new-year’s resolutions are actually kept. So I’m not going to try and beat the odds by offering another list of items here.

However as someone who loves getting things done, I figured I would switch gears a bit and offer some productivity tools/methods I’ve found to be particularly helpful.

Inbox Zero

I went to lunch once with a well known speaker, Mike Licona, who lamented that he had almost 2,000 undread and unprocessed emails in his inbox.

While I don’t get nearly that many emails, I have been using a simple email management system known as Inbox Zero that helps me quickly process, sort, and manage my digital communications. Since telling Mike about Inbox Zero, he has managed (after some initial effort) to keep the number of unread messages in his inbox close to zero (hey, it improves your chances of getting a response from him).

Here is a video of Inbox Zero’s creator, Merlin Mann, giving a Google Tech Talks presentation about it:

Getting things done

Getting things done is a pretty simple program aimed at helping you optimize your workflow to help you get more things done.

I like this system because it works with any personality type and accounts for both short-term and long-range planning. It also has a very low learning curve, overhead, and since it does not focus on any single set of utilities or tools it is very adaptable.

Here is an excellent presentation of getting things done by it’s creator, David Allen:

Six sigma

A very popular system among large businesses is Six Sigma. Originally developed as a manufacturing process designed to eliminate manufacturing defects, it has since been adapted to a more general set of principles which can help you have a lot more consistency when it comes to the work you produce.

Six sigma can get pretty complicated, job boards are filled with management requirements of the various “levels” of six sigma experience. However here is a simple introductory video by Kaj Ahlmann of Six Sigma Ranch and Winery. In this video Kaj, one of the founders of Six Sigma, uses his hobby of wine making as an example of six sigma principles:

Hope these methods help you become productive in the new year!

  • Share/Bookmark

Tags: , , , ,

Simple Java implementation of JSON-RPC

Dec 29

Posted by wes in java, software development | No Comments

Preamble

Explanation of standard formats and protocols:

  • JSON (JavaScript Object Notation) is a lightweight1 data-interchange format with language bindings for C, C++, C#, Java, JavaScript, Perl, TCL and many others.
  • JSON-RPC is a simple remote procedure call protocol similar to XML-RPC although it uses the lightweight JSON format instead of XML.

What is it?

I love the simplicity of JSON-RPC when it comes to rapidly devloping cutting-edge web applications.

I recently decided to start writing more server-side code in Java servlets in order to take advantage of cloud-based infrastructures such as the Google App Engine. Until now I have written my web applications using PHP as the server-side language. Specifically using frameworks such as Symfony or Kohana, which makes writing simple JSON-RPC services relatively trivial.

So I started looking for a simple JSON-RPC system I could use in Java to abstract my business logic classes from the mundane tasks associated with handling web requests. I found several packages which all claimed to implement the JSON-RPC protocol via Java servlets, however they seemed to require far more by way of setup than I wanted and they all seemed to require the developer to write applications to their specific implementation’s standards.2

So I decided to write yet another Java implementation of the JSON-RPC specification myself with the following goals in mind:

  • Easy to implement. Setup for this package should be kept at a minimum. This includes both development as well as production setup.
  • Easy to code in. Application developers using this class should not need to know much about JSON-RPC beyond exposing methods in their code that can be called remotely from other applications via the web.
  • Non-invasive. Developers using this implementation should be able to reuse plain old Java object (POJO) classes as much as possible, making the transport layer of JSON-RPC as transparent as possible.

With these goals in mind I set off to develop the package com.werxltd.jsonrpc to be a simple wrapper designed to be used inside of a standard .war project.

Setting it up

You can either download the .jar file here to include in your project manually or (and this is my preferred method) you can import the com.werxltd.jsonrpc package as a dependency in your Maven-managed project by specifying the following in your project’s pom.xml configuration file:

<repositories>
    <repository>
        <id>werxltd</id>
        <url>http://maven.werxltd.com </url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
        <releases>
           <enabled>true</enabled>
       </releases>
    </repository>
</repositories>

<dependencies>
    <dependency>
        <groupId>com.werxltd</groupId>
        <artifactId>jsonrpc</artifactId>
        <version>0.9</version>
    </dependency>
</dependencies>

Next, you’ll need to specify endpoints in your .war file’s web.xml configuration file. Here’s an example:

<web-app>
    <servlet>
        <servlet-name>example</servlet-name>
        <servlet-class>com.werxltd.jsonrpc.RPC</servlet-class>
        <init-param>
            <param-name>rpcclasses</param-name>
            <param-value>YourClass</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>example</servlet-name>
        <url-pattern>/example</url-pattern>
    </servlet-mapping>
</web-app>

That’s it! Now your project is configured to filter all requests sent to /example through the JSON-RPC class which examines the class name you passed in (in this case, YourClass) for public methods it can expose. An instance of your class is created internally if your class is not static and it will remain in memory throughout the life of the servlet. Any exceptions your class generates are gracefully wrapped inside a JSON-RPC error message for proper handling upstream.

Using it

While the setup is pretty much straightforward, due to the loose typing found in JavaScript (and, as a result, JSON) there are some caveats in how methods are called. Specifically in how arguments are passed to those methods.

Scanned methods are stored internally with a signature consisting of the method name and how many arguements that method accepts. When a JSON-RPC request is made, the servlet determines how many parameters were included and attempts to match the method requested with a corresponding internal method which has the same number of parameters/arguements.

Because parameters are passed in via the web, only Java primitive data types along with three others, JSONObject, JSONArray and java.lang.String are accepted as valid parameter data types.

If a match of method name and number of parameters is found, an attempt is made to parse the passed-in data into the method’s required type. Any methods which accept as their first parameter a parameter of the JSONObject type, this method automatically takes prescience over all other parameters.

To use the JSON-RPC interface from another application, you must pass a valid JSON-RPC object to your final servlet as a parameter named “json” via either GET or POST. Here is an example of the valid JSON-RPC object you need to pass:

{
    "method":"add",
    "params":[1 2 3]
}

This JSON-RPC implementation accepts either named parameters or positional parameters like the ones shown above. Here is a named parameters example:

{
    "method":"echo",
    "params":{
        "text":"testing"
    }
}

The road ahead

Future development of this class will include more formalized access between the JSON-RPC layer and the underlying classes.

I’m also planning to post the Javadocs and the source to an example project that utilizes the JSON-RPC transport package.

Hope this helps someone else. I’m looking forward to using this class as a central component in many rich web projects I have planned.

  1. Lightweight in both size and resources required to process data encoded in JSON vs. XML. []
  2. I did find this project after finishing the first revision of my class. It looks great and like it would do much of what I wanted, however the code is proprietary. After I finish documenting my classes I plan on releasing them under an OSI-approved licence. If you are interested in helping me with this project, feel free to let me know! []
  • Share/Bookmark

Tags: , , , , , , , , , ,