Ok, well it isn't exactly what we want, but it shows that the development community is thinking beyond Apple's stranglehold on iphone OS. According to Wired, Tobias Schneider has written a javascript runtime engine for processing .swf files that is compatible with iphone.

» Click Here to read the rest of this post

Seems like lots of people are having a problem with Railo configured for multiple websites on a single host, but also need to support AMF via BlazeDS.

The common symptom is when you restart railo services, sometimes you will get a big error instead of your web page that says something like:

Here is what I found to work for me:

1. Read this post by Roland Ringgenberg at the railo google group and follow the directions to install the java jar and edit the flex/services-config.xml file:

2. For me, railo runs on port 8600 internally, and I have IIS configured to serve up content. BlazeDS however doesn't get mapped through IIS, so you need to talk on the native port (again, for MY configuration, YMMV). So to access it, i needed to open TCP port 8600 through the firewall.

3. Once i could talk to the server over port 8600, I changed my flex app that uses remoting to point to http://myserver:8600/flashservices/gateway/ and eveyrthing worked great!

One other interesting observation... When using Flash remoting with CF7/8/9, you can talk to your CFCs and invoke methods that are set to "public." With BlazeDS, your methods need to be marked as "remote" to be accessible. Minor syntax difference, but a huge impact on security. make sure you secure your CFCs!

Now that Railo 3.1 is out, I think we will see a jump in commercial usage. I have done a few installs on production machines now, and wanted to point out a security note.

By default when you install Railo 3.1 (with caucho) on Linux (prob the same for OSX), it adds the following to your apache httpd.conf file:

The bottom one is the problem -- it enables CauchoStatus by default. That means that you can open up a web browser to http://your.host.com/caucho-status and see status info, but there is a lot of detailed info there, including the names of each of the hosts you configured in resin, so people can snoop and see all the railo-enabled sites on that machine. This might also give a would-be-attacker the info they need to plan a DOS attack, SQL injection attack, etc.. especially since they can see how the server is responding to their attacks. Pessimistic, I know, but who can you trust on the Internet anymore ? Kid hackers are emerging just following directions posted online, and some don't even really know what they are doing, but they are causing trouble for you and I. Better to be safe.

So the simple fix is to update your httpd.conf file and set the status option to no:

For those so inclined, check out Nessus, an open source vulnerability scanner, which picked this up on one of our servers.

This seemingly simple task was more work than I expected. Here are some of my notes in the hopes that this helps somebody. If it does, and you want to donate to my cause, or just encourage me to keep blogging about stuff like this, email me :)

Ok, there are a bunch of sites out there, that helped me get 75% of the way. Download the RPMs, try to install, and error, dependancies i've never seen before.

This tutorial got me 75% of the way:

http://www.lampdeveloper.co.uk/linux/installing-php-525-suhosin-php-eaccelerator-on-centos-4-with-yum.html

(By the way centos 4 and RHEL4 are pretty much the same, but this is focusing on the specifics for RHEL4)

All said and done, here are the RPMs I ended up needing (to get to 90% success)

• php-5.1.6-3.el4s1.10.i386.rpm
• php-cli-5.1.6-3.el4s1.10.i386.rpm
• php-common-5.1.6-3.el4s1.10.i386.rpm
• php-gd-5.1.6-3.el4s1.10.i386.rpm
• php-ldap-5.1.6-3.el4s1.10.i386.rpm
• php-mysql-5.1.6-3.el4s1.10.i386.rpm
• php-pdo-5.1.6-3.el4s1.10.i386.rpm
• php-pear-1.4.11-1.el4s1.1.noarch.rpm

FYI Don't be daft and ask me for download links, if you need to know where to download these, google for it, took me all of 3 minutes. Some of them came from all over.

Now when you try to install these, you get the dreaded dependancy error:

Needs libmysqlclient.so.15

So i went searching, and ended up finding this gem:

MySQL-shared-compat-6.0.10-0.rhel4.i386.rpm

which installs multiple mysql version libraries. That did the trick, and a simple "rpm -U *.rpm" >> success

cheers

Ok folks, here are my preso files for my CF United 2009 talk on Google App Engine and Flex. Is this the final version? Sure. Until I change it. I shall resist doing that...

Here is the powerpoint presentation download: 294_Andrew_Schwabe_Google_App_Engine_Flex.ppt

Here is the full download (warning, this is big!) Contains all 4 google app engine java projects, all 4 flex projects and the powerpoint file. The download is big because of all the jar files. I will try to have a USB key with me so if you want a super fun time instant copy instead of downloading it, I should be able to do that.

Full download (94MB, zipped): CFun09_GAE_Files.zip

For those of you web surfers interested -- demo 4 project includes a fix for allowing Flex app using AMF to retrieve Google Account information (using ajax and a custom auto servlet) so your Flex apps can determine if you are logged in, and get your user identifier if you are logged in.