Thursday, January 31, 2008

Flash Hacks: Call Arbitrary JavaScript!

In the past I've been annoyed by the lack of HTTP header access in Flash. Turns out there are some hacks you can do to get around it. Let's say you want the URL of the web page that loaded the SWF. This would be the referrer of the HTTP request that loaded the SWF. Flash should provide access to that, but it doesn't because some browsers don't provide it this info. That's ok, you can get to it:
var hostPageUrl:String = ExternalInterface.call("window.location.href.toString");

That's right, you can "call" a JavaScript expression, not just a function defined on the page. Of course the key is that everything in JavaScript (and in ActionScript too) is a function. So any JavaScript expression is a function and thus invokable via ExternalInterface. You can see where this is going! Let's say you want the query string of the host page's URL:
var queryString:String = ExternalInterface.call("window.location.search.toString");

This will give you something like "?param=value&foo=bar..." What about the referrer of that page? 2EZ:
var referrer:String = ExternalInterface.call("document.referrer");
This is a classic case of Too Much Information, really. You are able to execute arbitrary JavaScript, ExternalInterface acts like an eval(). So you can do arbitrary badness like modify the DOM. You can also access cookies (document.cookie).

Of course the key to all of this is script access. The SWF needs to have it. If the SWF is from the same domain as the web page, it gets this by default. If not, then you need to set allowScriptAccess="always". That gives the SWF the keys to the kingdom, if you will. Of course you could use an IFrame for the SWF and sandbox it in.

Dumb Baseball Analysis

The world is full of dumb baseball analysis. The popularity of fantasy sports has only lead to greater proliferation of this strain of stupidity. Here is some from a fantasy baseball newsletter I got this morning:

Question: Which players' new addresses have affected their Fantasy value the most?
Answer: Dontrelle Willis -- Only the Yankees scored more runs in the AL than the Tigers last year, and Willis brought Cabrera (who led the Marlins in batting average, homers, RBI and walks last year). Willis will also have an established closer (Todd Jones, whom he pitched with three seasons ago) and he won't be asked to lead the pitching staff anymore. He had some personal problems that might have attributed to his down season, but now, with less responsibility deeper back in the rotation, he can just pitch.

This nugget of wisdom is from David Gonos who holds the highly regarded title of "Senior Fantasy Writer" for CBS Sports. Now I will give him one thing, Willis will be playing for a team that scores more runs, so this should help his win total. That will increase his fantasy value. But what is this garbage about an established closer, ahem Todd Jones? Mr. Jones will be 40 in April. His ERA over the last three years is 2.10, 3.94, 4.26. His K/BB: 4.43, 2.55, 1.44. His GB/FB: 2.04, 1.85, 1.51. This guy is a disaster about to happen. Now the Marlins have the 29 year old Kevin Gregg who had a 3.54 ERA and 87 K in 84 IP last year. I'm not saying he's great, but compared to Todd Jones...

The Todd Jones stats raise another issue. Look at that 2.10 ERA he had three years ago. That was when he was pitching for Florida. His numbers have obviously declined since. Some of this can be attributed to age, but some of it must be attributed to switching to the AL. Guess what, Willis is making the same move. Would it really be shocking if his ERA went up from its already not-fit-for-fantasy-baseball 5.17?

Finally, you gotta love the last bit of logic from Mr. Gonos. Dontrelle won't have as much pressure on him because he will be at the back of the rotation. Maybe Mr. Gonos should get a new title "Senior Fantasy Psychiatrist."

Ok, now all of that being said, I would expect Dontrelle to post better stats then he did last year. This has very little to do with switching teams (though the extra run support should mean wins, as mentioned earlier.) He had bad luck last year. His BIPA was .311. In other words, of all the balls put in play (not strikeouts, walks, or home runs) there was a .311 probability the ball was a hist. This is very high for a pitcher, but pitchers have very little control over this. It is mostly a matter of luck. You can control strikeouts, walks, and home runs, but it's hard to control singles vs. ground ball outs, or a double vs. a fly-out. Of the 42 NL pitchers who pitched enough innings to "qualify" statistically, that is the third worst BIPA, behind only Matt Belisle and Scott Olsen. So if he just gets a little better luck, i.e. less balls in play are hits, then he will see significant improvement. Whether that is enough to overcome the move to the AL remains to be seen.

Sunday, January 27, 2008

Blogging for Obama

Barack Obama certainly had an impressive victory yesterday in South Carolina. I am definitely rooting for him over Hillary Clinton. Now I voted for Bill Clinton twice. I turned 18 and in 1992 and so it was the first time I could vote. However, I cannot support Hillary because she voted for the war. Obama correctly says that many Democrats supported the war initially because they were afraid to look weak. Is that really a quality you want in a president? Of course the alternative is that she really agreed with the President or that she was stupid enough to be fooled. Whatever, so soup for Hillary. I don't care who your husband is.

And speaking of her husband, what the heck is going on with their campaign against Obama? Bills saying that Obama winning South Carolina was not a big deal because Jesse Jackson won South Carolina 20 yeas ago is an obviously racist statement. It's saying "any black candidate can win South Carolina." It makes me ashamed that I once voted for Bill Clinton.

Running 2008

You might have noticed my Nike+ widget has disappeared from the blog. That's because my Nike+ has disappeared from me when I run. It started getting very unreliable when I was running. After three or four 9-10 minute miles, it would suddenly say I was popping off 7 minute miles. I have no idea if it is a problem with the transmitter or the iPod unit. Either way, there was no point in using it if it was giving me wildly inaccurate statistics.

I am definitely still running. I took a bit of a break after the half-marathon in October. I never stopped, but I dialed things back to around 10 miles or so per week. I will probably run the same races I ran last year, so a 10K in May and a half-marathon in October. I would really like to do another half-marathon in July at the San Francisco marathon, but that's always a challenge from a logistical standpoint.

Friday, January 25, 2008

Cute EcmaScript

The following is a nifty trick that works in JavaScript, but you should be able to tweak it slightly to work in ActionScript as it leverages EcmaScript features.


function Train(){
this.name = "Choo Choo";
this.show = function(){
return this.name;
};
};
var engine = new Train;
engine.name = "Orient Express";
function go(){
alert(engine["show"].call(engine));
}


What is cool is that you can access a function just like any other property of the object. So the go function could take a parameter that would be the name of the function to call on the engine object. It's like reflection, only better.

Thursday, January 24, 2008

Some Love for Microsoft

I got Office 2008 for my MacBook, and I have to say, I love it so far. Actually, I should say that I love PowerPoint and Entourage, as those are the two programs I have used a lot so far.

PowerPoint -- This is mostly a case of lowered expectations... A lot of the older bugs I used to experience with PowerPoint have been fixed. It works better (perfectly) with some of the templates I use from work, especially those that involve integration with Excel. This should have been the case with Excel 2004, but it was not (the templates were made with Excel 2003 on Windows of course.) This fact alone gives PowerPoint 2008 a huge edge (for me) over Keynote or NeoOffice. I might still use Keynote if I was making a presentation for a conference or the like, but when doing "work", PowerPoint wins easily.

Entourage -- This is the really big winner. This beast works flawlessly with Exchange. I put in my email address and said "use Exchange". It prompted me for my domain and password, and everything just worked. All of the features of Outlook that I use work fine. Many of the features are much better on Entourage. Case in point, auto-complete on addresses. Our Exchange server stores names like Galpin, Michael. So if you start to type "Michael" then "Galpin, Michael" will be a hit on the "M" but not on "Mi" etc. Entourage 2008 is definitely smarter than Outlook 2003 (haven't used Outlook 2007 enough to say about it.)

I generally use Word and Excel more than PowerPoint and Entourage/Outlook, so I will definitely be giving them a workout soon. Finally, as for the UI... I like the switch to the metal look that is the de facto on OSX now. I actually like the ribbon in Office 2007, so I was a little disappointed that it was not used. However, there is very nice consistency between Office 2008 and Office 2004.

So kudos to Microsoft for making a great product for the Mac.

The Economics of Dr. Paul

My biggest reason for supporting Ron Paul is because I am sure he will get us out of Iraq. The war in Iraq is the most important issue of the day. It is the first time in America's history that we have attacked another country without provocation, conquered the country, and the installed a government there backed by our military. Everything else pales in comparison to Iraq.

However, Dr. Paul is also well known for his economic principles. I don't always agree with all of these, so I thought I would dissect his new plan for economic revitalization.

Also, I would like to openly challenge my "collectivist" friend to give his own thoughts on Dr. Paul's plans.

Tax Reform -- This is the biggest part of his plan, clearly. Now several of his tax cuts sound a lot like typical Republican "Reaganomics". For example, eliminate taxes on dividends and savings, eliminate capital gains tax, accelerate depreciation on investment, repeal the estate tax. All of these would benefit wealthy individuals and corporations much more than middle class Americans. The idea is that they would encourage economic growth.
In principle, I favor the first two issues. Taxes on dividends, savings and capital gains are all cases of double taxation. You pay taxes on your income. You take some of that income and invest it, and then get taxed again on that investment. Yes, this will favor the rich, but so what? Do we support something that is logically unfair just because the unfairness is concentrated on a minority group (rich folks) ?
I am more neutral on the other two issues. Reducing corporate tax rates seems like a more direct way to encourage growth, but I would probably put much lower priority on this. The estate tax is "unfair" in the sense that it only taxes estates worth over $2M. It is also a case of double taxation. Again, this would benefit the rich (folks with estates worth over $2M) more than anybody else, but so what? Also, hard coded numbers like $2M are always dubious. You could live where I live and have an estate worth over $2M without being very rich at all.
Spending Reform -- I definitely favor reducing overseas commitments. Well in particular, just get us out of Iraq and stop spending $800M/day there. Freezing non-defense and non-entitlement seems a little too cut n' dry. I would favor freezing or cutting many of those things, but maybe not all. It's hard to know, and hence my reservation from using a simplistic qualifier like "non-defense and non-entitlement."
Monetary Policy Reform -- Yes please! People should know what the heck is going with the Fed (or any other powerful agency.) How can you oppose this? As for allowing precious metals to be used as money ... it would be an interesting experiment to say the least.

Regulatory Reform -- I definitely favor repealing Sarbanes/Oxley. I can tell you first hand that this has a hugely negative effect on companies big and small. It was a classic case of knee-jerk legislation. Now for "Remove Costly and Unnecessary Federal Regulations"... sounds good on paper! More details should be given. I do favor HR 1869, though.

IE Flash Bug

Take a look at this page, and view its source. The key is this little bit o' JavaScript:

function loadSwf(){
window.location.hash ="mark";
var str="<embed src='http://gglabs.com/~clg/flash/YouTube.swf'
type='application/x-shockwave-flash' wmode='transparent' height='800'
width='800'></embed>";
document.getElementById("container").innerHTML = str;
}


What does this do? If you are on IE, then it changes your URL to http://whatever#mark, if http://whatever was your original URL. It then drops a chunk of HTML into the page that embeds a Flash movie. What makes this interesting is if you look at the title. It is not "Test Page" as it should be. Instead it is "Test Page#mark".

This only happens on IE, but on both IE6 and IE7. I'm certain this must be documented somewhere...

Why does this matter? Well it is very common to use hashes to keep track of page history in Ajax apps. For example, in the above app let's say that I write some page initialization code that looks for #mark in the URL. If it finds it, then it goes ahead and loads the SWF. This allows the page to bookmarked and enables browser history (there's actually more you have to do for browser history on IE, but that is another topic.) In this example, we are just loading a page element dynamically, but you can imagine how useful this is for Ajax apps.

So if you are using this technique for managing history/bookmarks and happen to have a SWF on the page, you get crazy page titles. If you think this is a cooked up example, there is actually an example of this "bug" right now on a beta version of a certain high traffic page on the web...

Tuesday, January 22, 2008

Galpin on Rails on IBM

A couple of pieces that I wrote on Rails appeared on IBM at the end of last year. I didn't even realize it until today when somebody emailed me about one of the articles.

The first article is part one of a four part series on using Rails, XForms, and DB2's PUREXML tables together. I also wrote part two, but another writer wrote parts three and four. Only part one is up so far.

The second article is the third tutorial I wrote on using Eclipse as a web development platform. Part one was about using Eclipse for Java web development, and part two was on using it for PHP development. The last tutorial is on using Eclispe (via RadRails) for Rails development. Note, the link for part two shows the intro page to part one. If you login, it correctly gives you part two. Clearly some kind of technical glitch for IBM!

Crossing Lines

Today I did something that I never thought I would do. I registered Republican. Is this because I have suddenly decided to oppose gay marriage? Or maybe I am favoring tough immigration laws? Oh it's gotta be that I am suddenly in favor of the war in Iraq! Maybe I have finally realized the value of the Patriot Act!

Obviously it is none of those. Nope, I am a Republican for a few weeks just so I can vote for Ron Paul. I do not consider myself a Paul fanatic (of which there are quite a few) by a longshot. I like Paul primarily because he is the candidate most likely to end the war in Iraq, and I think that is the most important issue.

It was difficult for me to re-register just to vote for Paul. I don't like his chances of winning the Republican nomination at this point. He is obviously a huge longshot. However, the Republican party is in disarray, so I think there is a small chance. With no clear front runner, a surprise showing by Paul on Super Tuesday (California is part of that craziness now) would make a big difference.

The other factor that weighed heavily on me is that I would really like to vote for Barack Obama against Hillary Clinton. Again the issue is the war. Obama is so clearly more opposed to the war than Clinton is, that I really want him to win against her. On one hand he is a better chance of winning the Democratic nomination than Paul does of winning the Republican nomination, but I thought it was time to take a chance on a longshot.

Thursday, January 17, 2008

NFL Playoffs

I was listening to sports radio (stupid me) and heard the following:

Caller: "Everyone wants San Diego to beat New England this weekend."

Host: "That is ridiculous. That is like saying that everyone wants Tiger Woods to miss the cut at the Masters. No. Everybody wants Tiger Woods to lose by double-bogeying the 18th hole in the final round of The Masters. Tom Brady is the Tiger Woods of the NFL."

Huh? First off, people hate Tiger? That is news to me. I didn't think anybody rooted against Tiger. Maybe some folks have a different favorite golfer, and root for that golfer over Tiger. I have always liked Phil Mickelson because he's a lefty, and I golf left handed. I like Mike Weir for the same reason! But who hates Tiger Woods? Fuzzy Zoeller maybe?

Next, Tom Brady is the Tiger Woods of the NFL? Now this is just stupid. Tiger is the most talented golfer out there, and nobody could claim that Tom Brady is the most talented quarterback, and certainly not the most talented football player.

Quick question... What is the difference between last year's Patriots and this year's Patriots? Is it A.) Tom Brady B.) Bill Bellichick C.) Randy Moss D.) Electronic Surveillance ... Alright I know, trick question. Anyways, it is obviously Randy Moss. Oh, and a whole lot of points and wins to go along with Randy Moss. If I would have had a vote for NFL MVP it would have gone to Moss.

Don't get me wrong, I wish the Dolphins had Tom Brady at QB! But I just don't see him as Tiger Woods. Then again I was never a big Joe Montana fan either, and Montana is clearly the QB that Brady is most similar to.

I was disappointed that Indianapolis and Dallas both lost. They were clearly the two teams with the best chance of beating New England. I don't know how anyone can see an extremely wounded San Diego can go into Foxboro and come out with a win... Green Bay and New York could actually be a pretty close game, but San Diego would be favored against either of them. Remember, the NFC has been a lot weaker than the AFC for many years now, kind of like the AL vs. the NL in MLB or the Western conference vs. the Eastern conference in the NBA...

Monday, January 14, 2008

Language Wars 2008

Two interesting blogs inspired this post. First, there is the amazing analysis of the great Neal Gafter. And then there is the insightful rant of Rick Hightower.

I have to admit that I am getting on the Scala bandwagon. Here is why I think Scala is important. Note, most of this is just me ripping off Neal Gafter :-)

There is great potential in languages with control abstraction. Scala is just such a language. It is possible to implement the actor model, a shared nothing, message based design for parallel computing, in Scala. This is not possible in Java. You can do it in Groovy, sort of, but it can be awkward. The reason for this is simple. If you have a object call method call closure (for example) the closure can return control back to the object in Scala, but only to the method in Groovy. The extra control structure coupling in Groovy makes some aspects of control abstraction awkward at best.

And then there are pattern matching (no not regexp) and case classes... The point is that there are syntactical advantages in Scala that make it possible to handle concurrent programming in a completely different, more scalable way. So it is not just about lines of code and what not, it is about being to do practical things in a better way.

Now Rick's main point in his rant, is why invest in JRuby and Scala when there is Groovy. Hopefully I've given at least one reason why Scala has potential that Groovy does not. When it comes to Ruby, the answer is less technical and more social.

On the technical side, it is very conceivable that by the end of the 2008, the absolute best way to deploy a Rails application will be to use JRuby. That is partially because of the current state of native Ruby interpreters, but also just because of how powerful the JVM has become. Sun really wants this to be the case, and here is why.

Sun knows what it takes to introduce a new language and platform and make it the de facto standard in the industry. It is very hard and expensive. They have done it once, and it cost them dearly. Java cannot stay at the top forever. They do not want to fight this battle again. However, if they can get the Rails on JRuby scenario described above to exist, then they could "stay on top" without having the fight all of the battles this time. They let the Rails community do it for them. They let guys like DHH and Martin Fowler win over the hearts and minds, while they simply concentrate on making JRuby run screaming fast.

But wait, there's more. Sun really wanted NetBeans to be the premiere Java development platform, but IBM beat them with Eclipse. They get a second chance if Ruby becomes the new de facto standard, and this time they have a head start on IBM. Sun is imagining a future where there are armies of IT developers writing Rails apps using NetBeans and deploying them to Glassfish.

Now all of the above may be possible, maybe even easier, with Groovy. But then they have to fight the language wars all by themselves. They have to win over the hearts and minds of developers to get them to use Groovy instead of C# or PHP.

That is why it makes more sense for Sun to back JRuby than to back Groovy.

That is also why you should not expect Sun to get behind Scala until they have no choice.

Sunday, January 13, 2008

Googling MTOM

I use MyBlogLog to see the traffic stats to my blog. I noticed a lot of the referrers each day were from a Google search for MTOM. The search has one of my blog entries about an article I wrote on MTOM. I found it funny that my very short blog entry about the article shows up higher in Google than the actual article itself. The article has a lot more about MTOM and is linked to by my blog. Shouldn't that make it rank higher? The cynic in me thinks that my blog ranks higher because it is on the Google owned Blogger...

Thursday, January 10, 2008

Scala

There is a lot of hype this year about Scala....

0E75B649-4C2E-411D-AFE3-ED1D90C2E19D.jpg

Heck, even al3x is talking about it. As someone who has no problem being called a Java guy, but has been doing a lot of work in ActionScript and Ruby recently, I am intrigued at Scala. However, I was also intrigued by Groovy a couple of years ago, and was mostly let down by it. Still, I have a strong feeling that I will wind up either writing about Scala this year or use it for a small project of some sort.

Flash and HTTP Headers Redux

A few months ago I wrote about the lack of access to HTTP headers in Flash. I recently came across some other people talking about this. This has caused debate about Flex being able to support REST.

The opinion seems to be that Adobe does not allow this because not all browsers will provide this information to the Flash player. I have not seen a list of what browsers have this limitation, though I will speculate it must be older versions of popular browsers... Some of the evidence of this is that this is provided in AIR. In AIR, it is the runtime itself that makes HTTP requests. In a SWF running in a browser, the runtime relies on the browser. So restrictive browsers could be an issue on a SWF, but never for an AIR app.

Could another reason be security? In particular, cookies are passed back-and-forth via HTTP headers. There are numerous cases of cookies being stolen by malicious JavaScript, which has total access to HTTP headers. Adobe made a lot of significant security improvements between Flash Player 8 and 9. In a world of mashups, are they better off continuing to deny access to HTTP headers?

All of that being said, I recently ran across another case where this causes problems. I had a SWF that could be loaded by two different pages. It needed to show slightly different features depending and have a different look and feel depending on what page it was on. The easiest thing to do would have been for it to "know" what page was loading it by looking at the referrer on the HTTP request that loaded the SWF. This is a header of course, and thus not available. Instead a FlashVar could be passed in to tell the SWF what to show. That's a better way to do it, but required changing the code of the page hosting the SWF, which was not an option. The hack that had to be used was to have to logical copies of the same SWF, foo_A.swf an foo_B.swf. The SWF could then look at its this.loaderInfo.URL to figure out what to show.

Wednesday, January 09, 2008

Wii Games

I got a Wii as an early Christmas gift. I have to say that after being away from gaming for almost four years, I am really impressed where things have gone. I have had as much fun playing the Wii with my family as I did playing Street Fighter on the Nintendo with my friends back in college. That is saying a lot! Here are my games so far:

Wii Sports -- Everyone has this one, and everyone has been praising it since it came out. All I can do is echo the praise you have to give Nintendo for not only coming up with this beauty, but also for packaging it with the Wii.

PBA Bowling -- My wife liked bowling so much that we picked up this game when we got the Wii. It is a harder bowling game, but not really much more fun than the bowling that came with Wii Sports. The graphics are nice though and funny characters.

Guitar Hero III -- I had never played Guitar Hero before this, and I can see why it has been such a huge success. Unlike a lot of Wii games, it is not really a great game to play with friends. That's alright, it is incredibly addictive and fun. I got so into the songs on here, that I had to buy several of them off of iTunes.

Lego Star Wars -- This game is a lot of fun. It's simply the Star Wars saga with Lego graphics. Very simple, but still cool. The best thing is getting to use the Wiimote as a light saber. I told my wife "I've been waiting for a game like this for 30 years!"

Madden 2008 -- I haven't played this much yet, as my wife bought it for me the day we were flying back from Florida. She had wanted to buy it for me for Christmas, but it was very hard to find in Florida. I have only played one game, but the controls rock! There are a lot of things you can do, but they are (surprisingly) very intuitive. I can't wait to play a Franchise or a Superstar.

Iowa and New Hampshire

It's a new year, and an election year. So time for some politics.

The Iowa Caucus and New Hampshire Primary were both mildly interesting. Iowa was interesting because of Mike Huckabee. It's amazing to think about just how diverse the Republican Party is. In many ways it is much more diverse than the Democratic Party (of which I am a registered member of.) I don't think anyone really thinks Huckabee could be win the Republican Party nomination, yet he won pretty easily in Iowa. And he won because of "evangelical/born again" vote. Will future generations look back and marvel at how the religious right and big business were allied together to dominate politics in America. And face it folks, the Republican Party has dominated for a long time now. One could argue that if it wasn't for the divisiveness of Ross Perot, the Republican Party would now be in its 28th consecutive year in the White House.

Anyways, the New Hampshire Primary was interesting because of Hillary Clinton. You have to wonder if her "moment of vulnerability" was simply a brilliant political move. It certainly seemed to give her a victory, and one could argue that a victory for Barack Obama in New Hampshire would have given him an unsurmountable advantage.

Finally, both elections were interesting because of Rudy Giuliani. He may prove to be a brilliant strategist by just punting on the early races and betting that there will be no clear front runner. This only works if he can win Florida and many of the Super Tuesday states. The whole thing reminds me of some kind of game theory problem I had to solve in college. Speaking of which, I once wrote a paper on the absurdity of Iowa and New Hampshire playing such important roles in American politics. If Giuliani winds up being the Republican candidate, he will make my position paper obsolete.

One last thing to note ... Ron Paul. As an understated supporter of Dr. Paul, I was sad to see him only register around 10% in both Iowa and New Hampshire. You would think that such fervent supporters and the money they have raised for him would be able to turn into enough publicity to get his word out, and in turn gain some votes. He actually did quite well among younger Republicans in New Hampshire, but this just once again proves that the "young vote" is irrelevant. It's hard for me to see Paul endorsing another candidate and thus using his followers to give somebody else a decisive advantage, so in the end all of the electronic buoyed hyped of Ron Paul could be for naught. That's too bad.