The reason I post this is because even if you already applied the hotfix for this issue, it is quite likely you need to reapply it. Adobe updated the hotfix but did not send a notification so if you were early on the bandwagon fixing this issue, you may find, like I did, that your server was still vulnerable.

Get patched! It’s just unzipping and copying some files so don’t dilly dally…

That is, until Remy Sharp sorted it out two weeks ago by manually constructing a __utm.gif reference that uses an image inside of a <noscript> tag. The code is straightforward but I’ve ported it to CF as a shortcut if you find yourself in the same situation. Check Remy’s post for the details.

<cfsilent>
<cfscript>
var_utmac = 'UA-12345-6'; // your identifier
var_utmhn = 'http://www.mydomain.com'; //enter your domain
var_referer = CGI.http_referer; //referer url 

var_utmp = '/noscript'; //this example adds a fake file request to the (fake) tracker directory

var_utmn = randRange(1, 9) & randRange(100000000, 999999999); //random request number
var_cookie = randRange(10000000, 99999999); //random cookie number
var_random = randRange(1000000000, 2147483647); //number under 2147483647
var_today = int(getTickCount()/1000); //today
var_uservar = '-'; //enter your own user defined variable

urchinUrl = 'http://www.google-analytics.com/__utm.gif?utmwv=1&amp;utmn=#var_utmn#&amp;utmsr=-&amp;utmsc=-&amp;utmul=-&amp;utmje=0&amp;utmfl=-&amp;utmdt=-&amp;utmhn=#var_utmhn#&amp;utmr=#var_referer#&amp;utmp=#var_utmp#&amp;utmac=#var_utmac#&amp;utmcc=__utma%3D#var_cookie#.#var_random#.#var_today#.#var_today#.#var_today#.2%3B%2B__utmb%3D#var_cookie#%3B%2B__utmc%3D#var_cookie#%3B%2B__utmz%3D#var_cookie#.#var_today#.2.2.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)%3B%2B__utmv%3D#var_cookie#.#var_uservar#%3B';
</cfscript>
</cfsilent><cfoutput><noscript><img src="#urchinURL#" /></noscript></cfoutput>

If you’re wondering what is the deal with the two randRange()s concatenated together, it’s because ColdFusion’s randRange() function doesn’t like numbers greater than 2,147,483,647. In order to get a number up to 9,999,999,999, I’m putting the two together.

You can read some more behind the values attached to the image at http://code.google.com/apis/analytics/docs/tracking/gaTrackingTroubleshooting.html.

Thanks to everyone on the Transfer list!

<cffile action="read" file="#expandPath('bouncedetector.xml')#" variable="xmlBD" />
<cfset xml = xmlParse(xmlBD) />
<cfset arr = xml.beans.bean[1]["constructor-arg"].list.xmlChildren />

<cfset sigs = arrayNew(1) />
<cfloop from="1" to="#arrayLen(arr)#" index="ii">
	<cfset n = {signature = arr[ii].xmlChildren[1].xmlChildren[1].xmlText
			,weight = arr[ii].xmlChildren[2].xmlChildren[1].xmlText } />
	<cfset arrayAppend(sigs, n) />
</cfloop>

<cfset bd = createObject("component", "bouncedetector") />
<cfset bd.init(mailBounceSignatures = sigs) />

But seriously, just drop in Coldspring!

Support open source authors and support Transfer creator Mark Mandel.

I go to FUSE gym which is a crossfit-style circuit training gym. Consider reading Motorsport Fitness Manual if you want more details and programs.

I love my Polar heart rate monitor. It’s an indispensable tool for exercising… if you’re working out and not using an HRM, you’re not getting the most you can from your time in the gym or on the trail.

Update!

I have added a second graph – this time it’s the last two hot laps of the session from the data acquisition system which shows relative performance. As this was my first session in an unfamiliar car at a racetrack I haven’t been to in 3 years, I was trying different lines and approaches. Clearly some parts of each lap were better than others.

That’s why I was surprised to get an email this morning from my buddy Trevor Peace who found our project for the 2005 DARPA Grand Challenge not just online but actually still functioning! Fun to reminisce!

We built a real-time Flash leaderboard that showed where the automated vehicles were on course from a GPS location feed. This was one of the few projects that I worked on that was an “event”. E.g., it wasn’t launched and then took on a life of its own. Instead, the shelf life for this was just a few weeks with a particularly important 36 hours during the race through the desert near Primm, Nevada. That kind of pressure brings new emphasis on testing. Especially when your customer is the Department of Defense!

The lack of permanence on the web makes me envious of people who work with their hands for a living. I’m sure this is a “grass is greener” feeling but the kind of work where you physically create or sell something has a lot of appeal to me at this stage of my life. It’s also a lot easier to explain to your grandparents.

ARMSTRONG: I said, “Is it in USA Today, for example?” And Bill’s like “Um…It’s on the cover every day.”

Imagine a Lance Armstrong unaware that his leading the TdF is a big story in the US. Hard to picture now, isn’t it?

I started following some professional auto racers on Twitter recently and noticed that every single one of them was following Armstrong. It led to me picking up this magazine at REI awhile later. I have much respect for anyone who utterly dominates a sport be it Armstrong in cycling, Schumacher in F1 or Tiger in golf but the interesting storytelling of Armstrong’s first run for the victory was enlightening.

People like to think (and TV certainly condones the idea) that success arrives on a horse in the night to the chosen ones. Bullshit. If you aren’t out riding 120 miles on your bike in the rain every day of the week for 10 years, you don’t get to beat Lance Armstrong.

Just remember when you’re struggling to be check if it’s a dip or a dead end.

First, to actually generate the files, one of the targets for my Ant script is “localdeploy” and my development.properties file has all Windows paths that point to my local webroot with a directory for my static assets. The “magic” is in my Model-Glue application config file where I have a couple of properties:

<entry key="CDNURL"><value>cdn-mybucket.s3.amazonaws.com</value></entry>
<entry key="CDNZURL"><value>cdnz-mybucket.s3.amazonaws.com</value></entry>

One is for gzipped assets and one is not. As part of my theming system, I have a controller with this routine that runs on every request:

< !--- determine HTTP/HTTPS and current WEB_HOST --->
<cfif cgi.server_port_secure>
<cfset arguments.event.setValue("CurrentRootURI", "https://" & getThemeService().getConfig().getConfigSetting("WEB_HOST")) />
<cfif findNoCase("gzip", cgi.HTTP_ACCEPT_ENCODING)>
<cfset arguments.event.setValue("CDNURL", "https://" & getThemeService().getConfig().getConfigSetting("CDNZURL")) />
<cfelse>
<cfset arguments.event.setValue("CDNURL", "https://" & getThemeService().getConfig().getConfigSetting("CDNURL")) />
</cfif>
<cfelse>
<cfset arguments.event.setValue("CurrentRootURI", "http://" & getThemeService().getConfig().getConfigSetting("WEB_HOST")) />
<cfif findNoCase("gzip", cgi.HTTP_ACCEPT_ENCODING)>
<cfset arguments.event.setValue("CDNURL", "http://" & getThemeService().getConfig().getConfigSetting("CDNZURL")) />
<cfelse>
<cfset arguments.event.setValue("CDNURL", "http://" & getThemeService().getConfig().getConfigSetting("CDNURL")) />
</cfif>
</cfif>

Basically we’re checking for HTTP vs. HTTPS and whether or not the client can support Gzipped content (signaled by the Accept header). Then my HTML wrapper just uses those parameters:

<link rel="icon" href="#CDNURL#/favicon.ico" type="image/ico" />

At this point you should recognize that every static asset MUST have a prefix that points at your CDN. You can hardcode it, make it dynamic like I have, or something else altogether but you need a way to point every request for a static asset off to the appropriate location.

Generally when I’m developing locally I actually use my staging environment CDN. This helps me prove that it works when accessed remotely. But if I want to use my local environment during a more substantial build out, I just set my CDNURL and CDNZURL to empty strings and all of my references suddenly evaluate locally:

<link rel="icon" href="/favicon.ico" type="image/ico" />

I use directories on my CDN like /global, /js, /css and /gfx so to make it all work seamlessly locally, I have a few Apache alias statements in my httpd.conf for the VirtualHost:

# CDN
Alias /gfx "C:/Documents and Settings/brian/My Documents/web/cdn/gfx"
Alias /js "C:/Documents and Settings/brian/My Documents/web/cdn/js"
Alias /css "C:/Documents and Settings/brian/My Documents/web/cdn/css"
Alias /global "C:/Documents and Settings/brian/My Documents/web/cdn/global"

Note that an added benefit of this which I touched on in my last post is that if Amazon S3 should suffer a major outage, I can reconfigure my production app to have empty strings for the CDN and CDZ URLs and use a locally stored copy of the assets on our regular web servers. It’s trivial and adds a layer of reliability for a system that we don’t manage directly.

Hope that fills in the missing blanks!