Month: May 2013

Chrome Not Displaying All Flash Objects On My Page

Post author By johncongdon
Post date May 31, 2013
No Comments on Chrome Not Displaying All Flash Objects On My Page

So, I had a very strange thing happening only in chrome. Phoneburner.com has a way for people to record voicemail messages that they want to leave while making phone calls. On the page that lists them for the members to listen to before using, we do a simple object embed of a small flash player.

This has worked flawlessly for a long time. All of a sudden, we noticed in Chrome that some would randomly not show. In this one account, there are about 20 of these embedded flash players and only 3-5 would show up. The weird part is that if I refreshed, a different mix of 3-5 would show. Some would disappear, others would appear.

There were no errors in the Developer Console. I played with the flash plugins and noticed if I disabled both, reloaded the page, and then enabled the plugins all would show up…

Debugging things that don’t make sense is VERY difficult. So I went to the javascript console and decided to use jQuery to hide them all and then reshow. Sometimes that worked. Ok… getting closer, CSS may be the answer. I then tried just showing, not hiding first. Most would show, but not always all of them. But if I ran it a few times, they would eventually all show up. WTF?!?!??!!

So I added a dirty hack to make it work.

$().ready(function()
{
$(“object”).css(‘display’, ‘inline’);
$(“object”).css(‘display’, ‘inline’);
$(“object”).css(‘display’, ‘inline’);
$(“object”).css(‘display’, ‘inline’);
$(“object”).css(‘display’, ‘inline’);
$(“object”).css(‘display’, ‘inline’);
});

Tags flash, Javascript, jquery, object element

Programmer's Mindset Security

Encryption: Trust The Experts, Don’t Roll Your Own

Post author By johncongdon
Post date May 24, 2013
No Comments on Encryption: Trust The Experts, Don’t Roll Your Own

I recently practiced my Tek13 presentation at my SDPHP user group. What I really like about user groups is the interaction and discussion that often ensues about the given topic. At the time, one of the members asked me about trying to outdo your adversary with what amounts to “Security by obscurity”. He was asking about MD5 hashing multiple times to throw off an attacker. My response was not a good enough reason, but it was the best I had at the time, which was “it’s not a good idea, it won’t do you any good.”

After thinking about it, I have a good reason why now. I will try to put it into words here.

First, security algorithms are all about best practices and trusting the experts. Meaning, everything we use today is open source and has been tested by the brightest. Encryption algorithms are very hard to understand, so we shouldn’t try to do it ourselves.

Now for the real explanation. Hashing just gives us a value, also called a digest. At the end of the day, at least when it comes to passwords, attackers just want access to the system, not necessarily the password. Sure, they would love to have that as well, but it’s not necessary. Attackers can also rely on hashing collisions to give them access. Let me try to demonstrate.

A hash collision is when two different strings give you the same digest. So trying to secure your passwords by obscuring the method used, doesn’t really help you here. All I need to do is find any string that when hashed gives me the proper value.

In the end, follow best practices and use bcrypt now. Don’t try to make md5 or sha1 work for you in this scenario. Trust the experts… rolling your own is a bad idea in this area.

Programmer's Mindset

Tek13: My Goals Realized

I just left Chicago after attending my favorite conference, php|tek. This is an event that has become near and dear to me, and I am so grateful that the musketeers have stepped in to make sure that it continues running.

I first attended back it 2010, and have continued to grow ever since then. When I say grow, most people will immediately assume that I have become a better developer, and while that is true, I have grown in more important ways. I have become less introvert (notice I did not say that I have become an extrovert). But I have learned to not shy away nearly as much. I have grown to respect myself enough to know that I am more than I think I am.

In 2010, I decided that I wanted to speak at a conference one day. I feel I did it the right way by starting off with my local user group. I didn’t jump right in and try to tackle a conference. Starting with the user group gives you a great intermediary step. You probably know many of the members in the group, and it is usually smaller than a conference.

I was privileged enough to give two presentations this year at tek. My first one, which I felt more prepared for was a little shaky, and I knew it. 🙁 I did not take any offense to some of the criticism that I received. I blame it partially on being the first time I have used a mic, and hearing yourself and knowing that I did not want to over modulate, I tended to speak more monitonely. I am upset with that fact… I also tended to go through my slides faster than I should have. I just needed to take more deep breaths and slow myself down. Overall, I am pleased with the results, and on a scale of 1 (I passed out) to 10 (I knocked it out of the park), I would give myself a 5.1. I know there is a ton of room for improvement in my public speaking, and I will do that.

My second talk was much better for the most part. I did no use a mic this time, as the room and number of people were much smaller. I am very happy that Beth Tucker-Long, joined in for a couple of reasons. She was the only one to tell me that I needed to speak up. It’s very easy to start off talking strong and projecting, only to end up trailing off into a conversational voice. My overall energy level during this talk was much better, and I felt like I was having a conversation. I hope I was less monotone, and better paced. What I really like about presenting is the ability to have a conversation with the entire group where I get to learn as much as I may have taught. If there is one thing I know, it’s that everyone has something to share. Just because you go to a class to learn, there is probably something you know that can help the entire class (including the teacher).

I set some of my personal goals down on paper last year, and at this point have realized almost all of them. I have been published in a PHP magazine (twice I may add), I have lost a bunch of weight (2 pounds to reach the goal I set), I spoke at a conference, among others. Time to break out the pen and write some more down. Beth and I discussed this and she mentioned maybe adding “book author” to the list… Intriguing.

Thank you Musketeers.