Tuesday, May 24, 2011

FreeMarker built-ins for security

FreeMarker (latest version is 2.3.18 released on 5/21/2011) has many built-ins for string. Few of them provides easy way to eliminate potential XSS attack using output filtering.

  • html
The string as HTML markup. That is, the string with all:
  • < replaced with &lt;
  • > replaced with &gt;
  • & replaced with &amp;
  • " replaced with &quot;
  • url
The string after URL escaping. This means that all non-US-ASCII and reserved URL characters will be escaped with %XX.
  • js_string
Escapes the string with the escaping rules of JavaScript language string literals, so it is safe to insert the value into a string literal. Both quotation mark (") and apostrophe-quoate (') are escaped. Starting from FreeMarker 2.3.1, it also escapes > as \> (to avoid </script>). Furthermore, all characters under UCS code point 0x20, that has no dedicated escape sequence in JavaScript language, will be replaced with hexadecimal escape (\xXX).

These 3 built-ins can be used a single filtering, or combined like below
<a href="http://hjzhao.blogspot.com/built-ins?name=${thename?url?html}" 
<td onclick="openURL(newpage?param=${value?url?js_string?html});">Click Me</td>

How to reboot WRT54G

I usually do a power adapter switch to get it rebooted. That needs to approach the physical router in different room. Did some search, and found there probably have 3 ways to reboot/refresh router.

Method 1 - Use hidden reboot page
After login to administration page (192.168.1.1) using admin/thepassword, then type hidden page
http://192.168.1.1/Reset.htm

Method 2 - Backup & Restore
Administration page: Administration -> Config Management -> Backup, then Restore using the backup file (config.bin)

Method 3 - DHCP release/renew
I am not sure if it solves some connectivity issue, will try next time. Administration page: Status -> Router -> DHCP Release/Renew.

Friday, May 20, 2011

Install Subclipse on Mac

Subversion (SVN)
Subversion (SVN) is a popular replacement for CVS, offering improved performance (courtesy of intelligent local caching and a database at back end), easy and fast branching. The official website is  http://subversion.apache.org/and the wiki page is http://en.wikipedia.org/wiki/Apache_Subversion. There are many version control systems, and most popular are VSS (Microsoft), CVS and SVN.
 
SVN Client
There are a bunch of clients to access SVN. Most frequently used might be TortoiseSVN, SmartSVN and some integration clients with Visual Studio and Eclipse. For Eclipse, there are two most popular clients: subclipse and subversive. I selected Subclipse which is from tigris.org.

There is a wiki page to compare different SVN clients
http://en.wikipedia.org/wiki/Comparison_of_Subversion_clients

By default Eclipse has built-in CVS client support, but for SVN, we need some efforts to set up Subclipse on Eclipse. The installation includes two major steps: "Adding subclipse to Eclipse" and "Install JavaHL".(JavaHL version should match Subclipse version)

Eclipse Version
I am using the latest Helios release as of May 2011.
Eclipse Java EE IDE for Web Developers.
Version: Helios Service Release 2
Build id: 20110218-0911

Add Subclipse to Eclipse

1. Help -> Install New Software... ->
From "Work with:" drop down list select Subclipse 1.6.x
Subclipse 1.6.x Update Site - http://subclipse.tigris.org/update_1.6.x/

2. Select required components under Subclipse category (See Figure 1) to install

Figure 1







3. Click "OK" on security alert dialog (See Figure 2) - Subclipse isn't digitally signed
Figure 2

4. Restart Eclipse to apply changes (See Figure 3)
Figure 3

Install JavaHL
1. What is JavaHL, and how to install JavaHL on different platforms, see JavaHL Wiki Page

2. Why JavaHL?
This is explained in JavaHL wiki page. For Mac OS X, we need it otherwise we will get below "Subversion Native Library Not Available" error (see Figure 4)
Figure 4

3. Download CollabNet Subversion (I downloaded Subversion-1.6.16-10.6.x.dmg for Mac OS X 10.6.7 version, they also need login to download which is not user friendly). The version is: Universal Subversion 1.6.16 Binaries for Snow Leopard (Mac OS X 10.6)

4. Install the Subversion, after installation, we will see new "/opt/subversion" created. For JavaHL, it is in /Library/Java/Extensions/libsvnjavahl-1.jnilib

4. Restart Eclipse to pickup JavaHL

Use Subclipse
1. Adding a project to the repository
To add a new project to your Subversion repository, right-click the project (in any of Eclipse's project views or the Navigator view) and choose Team > Share Project from the menu.

2. Use SVN Repository Exploring

3. Refer to right-click Team menu

For more info, please refer to http://www.ibm.com/developerworks/opensource/library/os-ecl-subversion/

Money tools and wasters

11 new tools for your money
  1. Pay your bills with gift cards - ChargeSmart and Plasticjungle.com
  2. Keep the lights on without going broke - BillFloat
  3. Protection from deadbeat roommates - Paydivvy (social billpay)
  4. Stop fraudsters in their tracks - Enter ID Analytics (identify fraud)
  5. Be the next Facebook - Enloop
  6. You've got money - Paypal (Money Messenger)
  7. Log in to Facebook ... with your eye - Eyelock from Hoyos Group, iris-scanning device
  8. Hire a personal bookkeeper - Balance Financial
  9. Making money lessons fun for kids - MoneyIsland from BancVue
  10. In debt? Weigh your options - DebtCoach from Bills.com and Experian
  11. Stop printing coupons - Clovr Media, Edo and Bankons

10 biggest money wasters
  1. Bundled cable or phone services
  2. ATM fees
  3. Lottery tickets
  4. Gourmet coffee
  5. Cigarettes
  6. Infomercial impulse buys
  7. Brand-name groceries
  8. Eating out
  9. Unused gym memberships
  10. Daily Internet deals

Tuesday, May 17, 2011

Install FreeMarker Eclipse plugin

FreeMarker is a Java Template Engine Library which is similar to Velocity. We have Eclipse plugin from JBoss Tools. We have two ways to install the plugin, one is using the Update Site, the other is to download and do standalone installation.

I use FireFox and install the latest JBoss Tools 3.2 version (as of May 2011) on MacBook Pro. Here are the steps to install FreeMarker IDE and documentation:
 

1. Get the Update Site URL
From "Update Sites", mouse over a stable version and right click to "Copy Link Location"
http://download.jboss.org/jbosstools/updates/stable/helios/

2. Configure Update Site
Eclipse -> Help -> Install New Software... -> On the popup "Available software" dialog, click "Add..." button to add a repository -> Input name "FreeMarker" or whatever you want, then input the site from step 1

3. Install "FreeMarker IDE"
From "Application Development" category, select "FreeMarker IDE" to install.
Install FreeMarker IDE plugin

4. Install "FreeMarker documentation"
This is a separate download http://freemarker.org/download/editor/fm-eclipse-help.tar.gz from FreeMarker official site. It requires some manual work after download (see README.txt in the package).

5. Restart Eclipse
After restart Eclipse, we can get "Syntax highlight, syntax error indicator, outline view, code completion for macro names and bean property names." when edit *.ftl (FreeMarker template) files. And we can also see documentations and offline websites from Eclipse Help system.

Wednesday, May 4, 2011

Understanding Roth 401(k) and Roth IRA

Roth 401(k) is another after-tax contribution to 401(k), which has earning tax-free advantage with qualified distributions.Qualified distribution – two conditions must be met:

  1. distribution taken after five-year period, and
  2. distribution taken after age 59½, or due to death or disability
Roth 401(k) contributes to IRS limit (e.g. for year 2011)
Pretax contributions + Roth 401(k) contributions ≤  $16,500 (under 50)
                                                                            $22,000 (age 50+)

Roth 401(k) has Required Minimum Distribution
Required Minimum Distributions (RMDs) generally are minimum amounts that a retirement plan account owner must withdraw annually starting with the year that he or she reaches 70 ½ years of age or, if later, the year in which he or she retires. However, if the retirement plan account is an IRA or the account owner is a 5% owner of the business sponsoring the retirement plan, the RMDs must begin once the account holder is age 70 ½, regardless of whether he or she is retired. [See http://www.irs.gov/ for Retirement Plans FAQs regarding Required Minimum Distributions]

Besides Roth 401(k), we have other contributions like Pre-tax, After-tax, matching contributions and rollover. The key difference among them is about tax strategy on contributions and earnings.

  • Pretax contributions: taxed on the way out (for both contributions and earnings)
  • Roth 401(k) contributions: taxed on the way in (for contributions, tax-free for earnings for qualified distributions)
  • After-tax contributions: contributions taxed on the way in, earnings taxed on the way out
  • Matching contributions: similar to pretax contributions, cannot be Roth 401(k) contributions though company matching is for both pretax and Roth 401(k)

Roth IRA:
  • After-tax contributions
  • Has certain income limit (higher income cannot open Roth IRA)
  • Has IRS limit ($5,000 if age 49 or younger, $6,000 if age 50 or older)
  • Has no Required Minimum Distribution
  • Cannot be rolled into Roth 401(k)
  • Tax-free for earnings for qualified distributions - same as Roth 401(k)
    • distribution taken after five-year period, and
    • distribution taken after age 59½, or due to death or disability 
Note: There is a tax advantage for beneficiary if convert 401K/IRA to Roth IRA before die.

Monday, May 2, 2011

How to remove duplicate emails in outlook

Today I created a new pst file to hold upcoming new emails, so I tried to move all emails from remote exchange server to local pst file (local personal folder). Unfortunately I did one copy then did the move, so in old pst file I got 2 copies of one email, these duplicate emails doubled the size of pst. I firstly think I can sort by date, and they manually delete them. Sorting by time can work, because duplicate email has same subject, same timestamp, and so on.  However, there are more than one thousand email, I could not remove duplicate emails in this way.

After asking Google, there are couple of commercial software is able to do this. However, there is a free outlook COM addon which is called Outlook Duplicate Item Removal (ODIR). It actually not only supports emails, but also supports other outlook items like appointments, tasks, contacts and etc. For receiving emails, it uses internet email ID (unique email identifier) to determine if there are duplicate emails in inbox. I downloaded it from http://www.vaita.com/ODIR.asp and started the removal effort.

Installation is easy as other windows program though it requires to close outlook for installation. Following the instruction and launch outlook then I can see new menu item "ODIR". However, clicking the "Removing duplicate items..." from ODIR menu takes a very long time to respond on my PC (Windows XP SP3, outlook2003), but finally after many minutes wait with patience, I saw the UI of this addon. From there, I can select the folder which needs removal.After submit the removal request, it is pretty fast to get the job one (created a new folder and moved all duplicate stuff to this new sub-folder). However, opening the ODIR window was a big problem for me.

I will try to uninstall ODIR after finish the removal, or at least disable this add-on.