How to use Fraps to record video in DOSBox

You may get tons of lag when trying to record in-game video with Fraps in DOSBox. Here is what to do:

Make sure your game is running in opengl mode. Set your Fraps video to 75 frames per second. Enjoy.

ColdFusion Sample Code for Encryption, Decryption, SAML, Assertion, Certs, and Keys

I’ve been doing some work lately with ColdFusion CFML and SAML assertions.  I stumbled across a slide deck from 2013 that, I believe, is no longer being maintained.  This code could be useful for a lot of developers, so I decided to format it and post it here as a mirror.

This code is originally from Phil Duba’s presentation on “Beyond Encrypt() Asymmetric Encryption, Digital Signature, and more” from a CFML ColdFusion conference.

Some of these examples (at the top) use Java libraries that must be installed into your ColdFusion installation:

  • Bouncy Castle libraries
  • javax.crypto library

The SAML and XML examples use the Apache XML Security Library, now called Apache Santuario.  You need to download the BIN (not the source) files and install the following two into your ColdFusion installation:

  • serializer-2.7.1.jar – This version will be old, just use the latest
  • xmlsec-1.5.3.jar – This version will be old, just use the latest

I know this is a sloppy post, but I just wanted to preserve this code and make is searchable to other developers who might need it.  If you need additional help with XML and SAML in ColdFusion, this is the “go to” page.  Hopefully it will still be there when you need it.

?Download download.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
Lots of sample ColdFusion Encryption, Decryption, Signature, XML, SAML code
 
Example	Code From Session
 
Encrypt	with Key Code (in CFC)
 
public string function encrypt(keypath,message){
	var cipher = createObject('java', 'javax.crypto.Cipher').getInstance("RSA");
	var pubKeyFile = FileRead(arguments.keypath);
	var KeyFactory = CreateObject("java", "java.security.KeyFactory");
	var publicKey = KeyFactory.getInstance("RSA").generatePublic(CreateObject("java","java.security.spec.X509EncodedKeySpec").init(pubKeyFile.getBytes()));
	cipher.init(cipher.ENCRYPT_MODE, publicKey);
	var cipherText = cipher.doFinal(arguments.message.getBytes());
	return BinaryEncode(cipherText,"base64");
}
 
 
Decrypt	with Key Code (in CFC)
 
public string function decrypt(keypath,message){
	var cipher = createObject('java', 'javax.crypto.Cipher').getInstance("RSA/ECB/PKCS1Padding");
	var privKeyFile = FileRead(arguments.keypath);
	var KeyFactory = CreateObject("java","java.security.KeyFactory").getInstance("RSA");
	var specs = createObject("java","java.security.spec.PKCS8EncodedKey Spec").init(privKeyFile.getBytes());
	var privateKey = KeyFactory.generatePrivate(specs);
	cipher.init(cipher.DECRYPT_MODE, privateKey);
	messageBinary = BinaryDecode(arguments.message,"base64");
	dectyptedText = cipher.doFinal(messageBinary);
	return CharsetEncode(dectyptedText,"utf-8");
}
 
 
Encrypt	with CertiIicate (in CFC)
 
public string function encrypt(certpath,message){
	var cipher = createObject('java', 'javax.crypto.Cipher').getInstance("RSA");
	var certFile = FileRead(arguments.certpath);
	inputStream = createObject( "java", "java.io.BufferedInputStream" ).init(createObject( "java", "java.io.FileInputStream" ).init(javaCast( "string", arguments.certpath )));
	cf = createObject("java","java.security.cert.CertificateFactory").ge tInstance("X.509");
	cert = cf.generateCertificate(inputStream);
	inputStream.close();
	var publicKey = cert.getPublicKey();
	cipher.init(cipher.ENCRYPT_MODE, publicKey);
	var cipherText = cipher.doFinal(arguments.message.getBytes());
	return BinaryEncode(cipherText,"base64");
}
 
 
Decrypt	with Keystore (in CFC)
 
public string function decrypt(storepath,message){
	var cipher = createObject('java', 'javax.crypto.Cipher').getInstance("RSA");
	var KeyStoreClass = CreateObject("Java" , "java.security.KeyStore");
	var ksfile = CreateObject("Java", "java.io.File").init(arguments.storepath);
	var inputStream = CreateObject("Java", "java.io.FileInputStream").init(ksfile);
	var ks = KeyStoreClass.getInstance("JKS");
	var storepass = "xyz987"; //demo only do not hardcode
	var keypass = "abc123"; //demo only do not hardcode
	ks.load(inputStream,storepass.toCharArray());
	inputStream.close();
	var key = ks.getKey("cfobj",keypass.toCharArray()); //demo only do not hardcode
	cipher.init(cipher.DECRYPT_MODE, key);
	messageBinary = BinaryDecode(arguments.message,"base64");
	dectyptedText = cipher.doFinal(messageBinary);
	return CharsetEncode(dectyptedText,"utf-8");
}
 
 
Sign with Keystore (in CFC)
 
public string function sign(message,certpath){
	var signature = CreateObject('java',"java.security.Signature").getInstance("SHA1withRSA");
	// Get Keystore
	var KeyStoreClass = CreateObject("Java" , "java.security.KeyStore");
	var ksfile = CreateObject("Java", "java.io.File").init(arguments.certpath);
	var inputStream = CreateObject("Java", "java.io.FileInputStream").init(ksfile);
	var ks = KeyStoreClass.getInstance("JKS");
	var storepass = "xyz987"; //demo only do not hardcode
	var keypass = "abc123"; //demo only do not hardcode
	ks.load(inputStream,storepass.toCharArray());
	var key = ks.getKey("cfobj",keypass.toCharArray()); //demo only do not hardcode
	signature.initSign(key);
	signature.update(arguments.message.getBytes());
	realSig = signature.sign();
	return BinaryEncode(realSig,"base64");
}
 
 
Verify Signature (in CFC)
 
public boolean function verify(message,digitalSignature,certpath){
	var certFile = FileRead(arguments.certpath);
	inputStream = createObject( "java", "java.io.BufferedInputStream" ).init(createObject( "java", "java.io.FileInputStream" ).init(javaCast( "string", arguments.certpath )));
	cf = createObject("java","java.security.cert.CertificateFactory" ).getInstance("X.509");
	cert = cf.generateCertificate(inputStream);
	inputStream.close();
	var publicKey = cert.getPublicKey();
	signToVerify = BinaryDecode(arguments.digitalSignature,"base64");
	var signature = CreateObject('java',"java.security.Signature").getInstance("SHA1withRSA");
	signature.initVerify(publicKey);
	signature.update(arguments.message.getBytes());
	return signature.verify(signToVerify);
}
 
 
Create Assertion XML
 
<cffunction name="createAssertion" access="public" output="false" returntype="xml">
	<cfset var assertion = StructNew()>
	</cfset><cfset var assertionXml = "">
 
	<cfscript>
		assertion.nameID = "Phil"; //demo only do not hardcode
		assertion.IssueInstant = DateFormat(DateConvert('local2utc', Now()),'YYYY-MM-DDT') & TimeFormat(DateConvert('local2utc', Now()),'HH:mm:SS');
		assertion.dateTimeNotBefore = DateFormat(DateConvert('local2utc', Now()),'YYYY-MM-DDT') & TimeFormat(DateConvert('local2utc', Now()),'HH:mm:SSZ');
		assertion.dateTimeNotOnOrAfter = DateFormat(DateConvert('local2utc', DateAdd('n', 1,Now())),'YYYY-MM-DDT') & TimeFormat(DateConvert('local2utc', DateAdd('n',1,Now())),'HH:mm:SSZ');
		assertion.id = CreateUUID();
	</cfscript>
 
	<cfoutput>
		<cfxml variable="assertionXml">
			<samlp:response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="identifier_2" InResponseTo="identifier_1" Version="2.0" IssueInstant="#assertion.IssueInstant#" Destination="https://sp.example.com/SAML2/SSO/POST" >
				<saml:issuer>https://idp.example.org/SAML2</saml:issuer>
				<samlp:status>
					<samlp:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></samlp:statuscode>
				</samlp:status>
 
				<saml:assertion Version="2.0"ID="#CreateUUID()#">
					<saml:conditions NotOnOrAfter="#assertion.dateTimeNotOnOrAfter#" NotBefore="#assertion.dateTimeNotBefore#”>
						<saml:audiencerestriction>
							<saml:audience>Vendor</saml:audience>
						</saml:audiencerestriction>
					</saml:conditions>
 
					<saml:attributestatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
						<saml:attribute Name="uid">
							<saml:attributevalue>#assertion.nameid#</saml:attributevalue>
						</saml:attribute>
					</saml:attributestatement>
				</saml:assertion>
			</samlp:response>
		</cfxml>
	</cfoutput>
 
	<cfreturn assertionXml>
</cfreturn></cfset></cffunction>
 
 
Sign Assertion
 
<cffunction name="signAssertion" access="public" output="false" returntype="string">
	<cfargument name="assertionXml" type="xml" required="true">
	</cfargument><cfargument name="storepath" type="string" required="true">
 
	<cfscript>
		//ingest the xml 
		samlAssertionElement = arguments.assertionXml.getDocumentElement();
		samlAssertionDocument = samlAssertionElement.GetOwnerDocument();
		samlAssertion = samlAssertionDocument.getFirstChild(); //create the neccesary Java Objects 
		SignatureSpecNS = CreateObject("Java", "org.apache.xml.security.utils.Constants").SignatureSpecNS;
 
		/*SigSpecNS*/
		TransformsClass = CreateObject("Java", "org.apache.xml.security.transforms.Transforms");
		SecInit = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
		XMLSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");
 
		//set up the signature 
		sigType = XMLSignatureClass.ALGO_ID_SIGNATURE_RSA_SHA1; 
		signature = XMLSignatureClass.init(samlAssertionDocument, javacast("string",""), sigType); 
		samlAssertionElement.insertBefore(signature.getElement(),samlAssertion.getFirstChild()); 
 
		//set up signature transforms 
		TransformsClass = CreateObject("Java","org.apache.xml.security.transforms.Transforms"); 
		transformEnvStr = TransformsClass.TRANSFORM_ENVELOPED_SIGNATURE; 
		transformOmitCommentsStr = TransformsClass.TRANSFORM_C14N_EXCL_OMIT_COMMENTS; 
		transforms = TransformsClass.init(samlAssertionDocument); 
		transforms.addTransform(transformEnvStr); 
		transforms.addTransform(transformOmitCommentsStr); 
		KeyStoreClass = CreateObject("Java" , "java.security.KeyStore");
 
		//ingest your previously created keystore
		ksfile = CreateObject("Java", "java.io.File").init(arguments.storepath);
		inputStream = CreateObject("Java", "java.io.FileInputStream").init(ksfile); 
		ks = KeyStoreClass.getInstance("JKS");
		kspw = "xyz987";
		ks.load(inputStream,kspw.toCharArray()); 
		keypw = "abc123"; 
		key = ks.getKey("cfobj",keypw.toCharArray()); 
		cert = ks.getCertificate("cfobj"); 
		publickey = cert.getPublicKey(); 
		signature.addDocument("", transforms);
 
		//optionally include the cert and public key. I’ve not used, don’t know if common practice or not
		signature.addKeyInfo(cert);
		signature.addKeyInfo(publickey);
		signature.sign(key);
	</cfscript>
 
	<cfreturn toBase64(toString(arguments.assertionXml), "utf-8")></cfreturn>
</cfargument>
</cffunction>
 
HTTP Post Binding Example
 
<cfoutput>
	<form action="http://vendorUrl.com/SAML" method="post" id="samlForm">
		<input type="hidden" name="SAMLResponse" value="#assertion#" />
	</form>
</cfoutput>
 
<script type="text/javascript" language="javascript">
	$(document).ready(function() {
		$("form#samlForm").submit();
	});
</script>
 
 
SAML Verify
 
<cffunction name="verify" returntype="boolean">
	<cfargument name="assertionResponse" type="string" required="true">
	</cfargument><cfargument name="certpath" type="string" required="true">
 
	<cfscript>
		xmlResponse=CharsetEncode(BinaryDecode(arguments. assertionResponse,"Base64") ,"utf-8"); 
		docElement= XmlParse(xmlResponse).getDocumentElement();
		SignatureConstants=CreateObject( "Java", "org.apache.xml.security.utils.Constants"); 
		SignatureSpecNS=SignatureConstants.SignatureSp ecNS; 
		xmlSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");
		xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig##","Signature").item(0),javacast("string","")); 
		keyInfo=xmlSignatureClass.getKeyInfo();
		X509CertificateResolverCN = "org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver";
		keyResolver=CreateObject("Java", X509CertificateResolverCN) .init(); 
		keyInfo.registerInternalKeyResolver(keyResolver); 
		x509cert = keyInfo.getX509Certificate();
		isValid = xmlSignature.checkSignatureValue(x509cert);
 
		//Don’t forget to validate the Conditions and Attributes
		return isValid;
	</cfscript>
</cfargument></cffunction>

First Little Free Library in Stamford, CT Project

I am building the first Little Free Library in Stamford, CT.  I’ve got a Kickstarter campaign currently running in order to make this happen.

library
If your friends and family won’t hurt you for spamming them, please feel free to post the link to your Twitter feed of Facebook page.  I posted in Craigslist and sent a note to our local newspaper as well, in order to generate interest.

Kickstarter link: https://www.kickstarter.com/projects/1854144603/little-free-library-stamford-ct

I am also planning to connect the library to the internet by running some low voltage power out to the installation.  After that, I can either use a wirelessly connected Arduino to log the opening and closing of the door… or possibly an old Galaxy S2 phone to mount a wireless HD camera.  Neat stuff.

No more free LogMeIn – Some alternatives

Well, I just saw that LogMeIn free is going away.  I suppose I should be grateful that I was able to use this service without any charge for that past many, many years.  Thanks for that.  However, I still don’t want to pay for this service… as I only use it a couple of times per year.  So, like you, I am on a search for a free alternative that isn’t complicated to set up like purely utilitarian options like VNC.

Here are some possibilities:

If you want to explore further, consider this fully sortable list of remote desktop software.  Good luck.  Let me know what solution you decided upon.

Getting Started with the Arduino

Lately I’ve been getting really interested in small electronics projects.  I’m finally making a real push to actually begin to understand electronics.  It is slow going, but I am making progress.  My first project is getting an Arduino to run indefinitely using solar cells and a battery.

For this project I am using the following items:

I hook everything up and let my Arduino run a small sketch to flash LEDs and it ran for about 4 days.  I ran it 24 hours and had the solar panel just inside my kitchen window where it received about 5 hours of rather direct sunlight per day, if it wasn’t cloudy.

Because this didn’t work, I disconnected the Arduino just to see if the panel could keep the battery charged on it’s own.  So far, after a few days, the battery has remained steady at 12.75v, so I think that is a good sign.

Why has Firefox become such a nanny?

Firefox has been bugging me so much lately with its “nanny” behavior.  It seems to constantly shut down add-ons (plug-ins) “for my protection”, sometimes without any obvious way for me to turn them back on again.

The latest annoyance for me occurred when Firefox recently shut down THE MOST USEFUL plug-in I have ever installed: The Camelizer.  This plug-in will allow you to see the price history of any product on Amazon.com.  I but from Amazon a lot, and the prices fluctuate.  It is incredibly valuable to me to know whether or not the price of an item has recently increased or decreased.  You can even use their website to alert you when prices drop below a selected threshold.

So Firefox updated itself recently… AGAIN.  By the way, what the frig is up with all of the Firefox updates?  Has your user experience ever changed for the positive after a Firefox update?

Firefox now tells me that The Camelizer is “not compatible” with the latest and greatest version of Firefox that looks and acts no differently from the last version.  Under the “add-ons” menu I can see that Camelizer has been disabled for my protection, and there is no way to reactivate it.

Well I found a way.

Here is how to reactivate any plug-in that Firefox claims is not compatible with Firefox.

  1. Type “about:config” in your address bar and hit Enter.
  2. Bypass the warning screen.
  3. Type “compat” in the search bar.
  4. Locate the setting called something like “strict add-on compatibility mode”.
  5. Double click the default value of “true” to set it to “false”.
  6. Your installed add-on will instantly come back to life.

I did this with The Camelizer and it immediately started working without any issues.  It is perfectly compatible with Firefox.

Almost makes me want to start using Chrome.

Please say NO to new gun legislation

Crime rose during the Clinton assault weapon ban, and it dropped (and keeps dropping) since the ban expired. Historically we see crime rise when stricter gun controls are put in place.

Yes, a lot of people die in gun related incidents, but a lot MORE people die in vehicles.  If Obama and Biden believe that action should be taken immediately if it means saving even a single life, then I look forward to their legislation and executive orders for:

Bad things happen and no amount of regulation can change that.  Newtown was tragic, but it will happen again.

Criminals don’t care about new laws.  Gun laws only serve to disarm law-abiding citizens.

“Laws that forbid the carrying of arms…disarm only those who are neither inclined nor determined to commit crimes. Such laws make things worse for the assaulted and better for the assailants; they serve rather to encourage than prevent homicides, for an unarmed man may be attacked with greater confidence than an armed one.” – Thomas Jefferson’s “Legal Commonplace Book”

For every Newtown and Columbine, there are PLENTY of these stories you don’t hear about:

So many facts directly oppose the need for new gun legislation, they are simply too vast to detail here.  Just look it up.

Chris Roberts’ Star Citizen

I just funded my first Kickstarter project, and I’m not supposed to see a “return” for 2 years!  I just couldn’t resist pushing Chris Roberts’ “Star Citizen” game along.  This is the guy who created the Wing Commander series as well as Freelancer.  I first played the original game on a 386 PC in 1990.  Back then I loved pretty much everything published by Origin, including Wing Commander.

If you loved Battlestar Galactica, you will probably love this Star Citizen trailer.  Remember, the game doesn’t come out for another 2 years!

Everything about this looks (and sounds) awesome.  However, being me, there were a few things that stood out to me as worth arguing about within this fictional world.

  1. Can the pilots “scramble” their spacecraft any more slowly?
  2. There would be no need for a guy on deck to be waving a spacecraft into a parking spot within the hangar deck.  All of that crap would be automated.  In fact, the entire “landing” sequence would be automated.  Besides, the pilot wouldn’t be able to see the guy on the ground due to poor visibility… check the video and you will see.
  3. That far in the future there would be no need for such scatter-shot firing. Computers and AI would be able to predict the precise location of a moving object to a high degree of probability. If the blasters were mounted on powered gimbals, virtually every shot would be a hit.  It would just be a matter of powering through shields and armor.

    The visuals where the space around the capital ship is peppered with blaster fire is neat, but quite silly, wasteful, and completely unnecessary.

I hope there are beam weapons in this game.  I’ve always felt beam weapons were more realistic.  This is the type of weapon that turns on as a solid beam and sort of sweeps across the target, slicing through it and whatnot with a loud, deep, “BMMMMMM” sort of noise.  Cool stuff.

 

Found some old gaming friends in the closet

I found a box full of old games and manuals in my closet.  Boy do these bring back memories.  I could talk about these games for hours with anyone who would listen.

 

The Wii U has nothing for me

I am a long time gamer and Nintendo fan, but I see nothing interesting about the Wii U.  I guess I actually feel that way about a lot of new technology.  The Wii U assumes that you are a typical American techno-consumer.  It assumes that you subscribe to premium cable, have a Tivo, and actually watch a bunch of television.  Who has time for that?  There are so many entertainment choices available today, it seems strange to select the one medium that completely lacks interactivity.

Nintendo Wii U

One of the “ways you can use” the Wii U is to control the on-screen action by swiping on the display.  Ugh.  Why would I ever want to do this when there is an analog joystick one inch away?  Handheld devices use swiping and on-screen controls because there is no other choice… not because it is a better method of control!

And the whole thing is just odd.  Is it a hand-held?  Is it a TV remote?  Is it really much different than a Wii?  I can’t imagine anyone taking this on the train with them during a commute.  The only good thing I can see coming out of this is the probability that the Playstation 3 and the XBox 360 will drop further in price… enough that I might actually buy one and take advantage of the vast library of existing used games for those systems.