Learning Javascript libraries

I first learned of dojo. I missed all the hype around jQuery, and blissfully started using one particular feature of dojox, the grid. To date dojox.datagrid is the only table based UI element that allows for read/write, each cell can call it's own UI for editing. I was able to make a change to the table on the screen, and have that call a php script that would write the change to my sql database.

jQuery, is rather different. This library stood out because of it's great selector. If I had to pick a favorate thing of jQuery, it would be selecting part of the DOM. While dojo let me replace standard UI with the dojo theme, there are now four themes to choose from, jquery does it in a way that keeps your code valid html. The advantage to dojo's technique is I can make a auto-complete element that calls an external URL without writing any code. jQuery does not make it so easy.

I recently decided I wanted to give YUI (Yahoo UI) a try. There is one thing you notice right away that's unique with YUI, it creates instances to do all of it's work. To fade out looks like this:

YUI().use('anim-base', function(Y) {
var anim = new Y.Anim({
 node: '#demo',
 to: { opacity: 0 }
 });
anim.run();
});

Other libraries would make this much simpler, see the same code in jQuery:

$('#demo').animate({opacity: 0 });

Do not think that one way is better than another just because it takes less code to do. Like valid html, making instances in javascript creates scope. If a project is being done by a large team, each team member only need to worry about individual instances, not the full code.

wget - new feature

I'm on an old mac, I don't have the latest OS, or many fancy features. But today I used port to update wget. OS 10.5.8 runs wget 1.10; 1.12 added the feature of downloading background images. Small but helpful update.

Why?

On October 30^th, Senator
Roland Burris [D-IL] introduced 20 new bills; all of which are
related to chemicals that are, or may be toxic. This seems very
odd... Making so many new bills is something quite visible; he knows
his future will be haunted by Blagojevich, regardless of the fact
that he was found to get his position without any signs of bribes. I
like to think Senator Burris is a good man. As far as I could find,
he did nothing wrong; he shares many of my political view points, so
I can't complain about him. However if any one could explain why so
many bills for related things were introduced all on one day
(especially considering he is a 1^st year senator) I'd
really like to know. The only posable link I could find is an
article from the tribune stating that Burris now matters because he
is a vote for healthcare, and votes in the senate are very important.

5-button mouse + firefox + mac?

when I switched to firefox 3 (in the beta testing days) I had a problem with my browser history buttons on my mac, they would not work! They worked in other browsers still, just in firefox it would give me this scroll courser called "autoscrolling".

This annoying feature is set here preferences->advanced->general. Also in about:config at general.autoscroll. I wish this could be set to one button; if middle-mouse did that --and nothing else-- I'd like that as a feature

agile keychain: decrypt in php

For those who don't know, 1password is a password manager like the one built-in to your browser; however this one, I feel, is quite secure; and it works across different browsers through plug-ins.
Agile Web Solutions originally used the key chain manager built in to Mac OS X. For a verity of reasons, they decided to make there own. They provide a good explanation of how this new key chain works, however they do not walk you through encryption or decryption of data you store in it.

This is my attempt:

there is a encryptionKeys.js file this is the first thing you will need to look at. Note it's JSON data. there is a list with two "encryption levels" The primary is encrypted with level "LS5". Each level has data and validation.

"list":[
{"validation":"U2FsdGVkX1...\u0000",
"data":"U2FsdGVkX1...\u0000",
"level":"SL3",
"identifier":"27..."},
{"validation":"U2FsdGVkX1...\u0000",
"data":"U2FsdGVkX1...\u0000",
"level":"SL5",
"identifier":"81..."}

Note:

1. the values for validation and data are way to long, that's why I only display the beginning and end of each.
2. I ignore the \u0000(null) at the end because it's not needed for PHP
3. the actual file is made up of one line; I broke it up to help you read it.
4. ls3 is designed to have a second password for your portable device that isn't as complex.
   

data is base64 encoded. Inside of that, the first 8 bytes of data is Salted__ This means the password needs to be salted. The salt is the next 8 bytes. The rest of the data is the "master password" cipher text.

$data = base64_decode('U2Fsd...');

Next, find the key from the password-based key derivation function(PBKDF2) which takes the password, and the salt, and creates pseudo random data suitable for a key. So you take the salt from bytes 8-16 of data, the master password you chose for your key-chain, do the standard 1,000 iterations, and request 32 bytes of output. You break that into two 8-byte parts, the key and IV for the master password cipher text. Then you take your AES-128 CBC function, and decrypt the master password.

$masterSalt = substr($data, 8, 8);
$key = pbkdf2('your password',$masterSalt,1000,32);
$masterPassword = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($key,0,16), $unsalt, MCRYPT_MODE_CBC, substr($key,16));


This master Password is 1K of random data. This random data is thrown through the following function to get the key and IV for an entry:

function OpenSSLKey ($masterPassword, $salt) {
$salted = $masterPassword . $salt;
$result = md5($salted, true);
$result = $result . md5($result . $salted, true);
$key = substr($result,0,16);
$iv = substr($result,16,16);
return array('key' => $key, 'iv' => $iv);
}


Before using this function; you will need the salt for the key you wish to decrypt. Going back to the folder you found encryptionKeys.js in, there you will find a bunch of files with UUID names. Open one you would like to decrypt, and look for encrypted. This is the encrypted portion of the entry.

{"keyID":"815...",
"locationKey":"mysite.com",
"encrypted":"U2FsdGVkX1...\u0000",
"typeName":"webforms.WebForm",
"openContents":{"usernameHash":"9dd...",
"passwordStrength":3,
"contentsHash":"6556992c...",
"passwordHash":"5b406abcd1..."},
"location":"http://forum.mysite.com",
"uuid":"EDF5CD8C7838...",
"updatedAt":1227833665,
"createdAt":1227833665,
"title":"My account for mysite.com's forum",
"folderUuid":"C46..."}


from there you will need to take encrypted, uudecode it, and grab the salt. THEN you can use the function from above to decrypt it.

$site_salt = substr($mysite_encrypted_data, 8, 8);
$site_cipher_data = substr($mysite_encrypted_data,16);
$itemarray = OpenSSLKey($masterPassword,$site_salt);
$masterPassword = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($key,0,16), $unsalt, MCRYPT_MODE_CBC, substr($key,16));
echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $itemarray['key'], $site_cipher_data, MCRYPT_MODE_CBC, $itemarray['iv']);





wrong way to load XML in JavaScript

There are many examples of how to load an XML file in JavaScript, they include the load function of type document:

try //Internet Explorer
{
xmlDoc=new ActiveXObject("Microsoft.XMLDOM");
}
catch(e)
{
  try //Firefox, Mozilla, Opera, etc.
{
 xmlDoc=document.implementation.createDocument("","",null);
}
  catch(e)
{
    alert(e.message);
}
}
xmlDoc.async=false;
xmlDoc.load("localfile.xml");

safari will error out on the last line of this code. xmlDoc.load is not part of the w3c standard. Instead use xmlDoc.open.

 req = false;
// branch for native XMLHttpRequest object
if (window.XMLHttpRequest) { // Mozilla, Safari, ...
 req = new XMLHttpRequest();
 } else if (window.ActiveXObject) { // IE
 try {
  req = new ActiveXObject("Msxml2.XMLHTTP");
 } catch (e) {
  try {
   req = new ActiveXObject("Microsoft.XMLHTTP");
  } catch (e) {}
 }
}
if(req) {
 req.onreadystatechange = processReqChange;
 req.open("GET", "localfile.xml", true);
 req.send("");
}


function processReqChange() {
   // only if req shows "loaded"
if (req.readyState == 4) {
   // only if "OK"
   if (req.status == 200) {
       parseXML();
    } else {
       alert("There was a problem retrieving the XML data:\n" +
           req.status);
    }
}
}

This method is called from loadXMLDoc and is passed the string to the URL. Then the code it will execute when the file is opened will be at parseXML(). Also, make note that in this second example, if you want to run getElementsByTagTame, you will want to rn them on req.responseXML instead of xmlDoc.

AJAX on free hosting

a lot of ISP's offer free hosting, you expect a little less for a free account, however I did not expect that the MIME type for .xml files would be text/plain. I was blown away! That was enough for req.status != 200. While some browsers support an override of MIME type, IE does not. So bottom line, no AJAX support. However if you are using a free host, you are not going to have server-side scripts touching the XML either. So hard coding the data into the document worked just fine for me.