That got me to thinking… what status codes does ColdFusion throw an error for when throwonerror is set to yes? Here’s the list for every HTTP status code:

CFHTTP with throwonerror=”yes”

I also ran it with throwonerror=”no”, which has almost the results you would expect with the exception of code 411:

CFHTTP with throwonerror=”no”

Notice Status Code 411 doesn’t return a numerical status code but rather a string “Connection Failure. Status code unavailable.” The FileContent is set to “Connection Failure” while all other status codes are left blank (assuming that the request doesn’t return any data, as my test script does). Good to know.

Problematic SSL Certificates

For processing credit cards and payment processing transactions in general, the most insidious error I have run into is the “I/O Exception: peer not authenticated” error. This basically means ColdFusion is unable to read and authenticate the SSL certificate and initiate a secure connection. Generally this is either a self-signed certificate or, these days, a wildcard SSL certificate. Interestingly, ColdFusion handles these scenarios a little bit differently depending on how throwonerror is set:

In summary, using throwonerror=no looks reasonably safe but you still must account for the catch-all COM.Allaire.ColdFusion.HTTPFailure. My battle-tested code (which has processed more than $15MM) suggests you also need to check for coldfusion.runtime.RequestTimedOutException which is a different kind of exception when CFHTTP times out or the page times out.

So seems to be the mental state of David Epler as he has been driven to build the “Unofficial Updater 2“. It is an Ant script on steroids bundled in a JAR that knows how to go out and fetch all of the updates from Adobe.com and apply them to your CF8 or CF9 server installation.

I’m not going to belabor the awesomness; here’s how to get your server up to date in about 5 minutes:

1. Start by verifying your current security issues, use Pete Freitag’s HackMyCF.com for a baseline
2. Backup your /opt/jrun directory (just be safe): tar -cf /opt/jrun4
3. Download the Unofficial Updater from http://uu2.riaforge.org/
4. Run it: java -jar Unofficial-Updater2.jar text
5. Tell it where stuff lives in your installation (it knows how to handle Standalone, Jrun Multi-server and EAR/WAR installs)
6. Wait about 4 minutes for it to finish grabbing everything and install…
7. Re-run HackMyCF.com and BOOM! Rest easy, friend.
8. Proceed to have David Epler’s baby

Please Adobe, please send David a big check so you can take his IP and use it for your next update, mmmm kay?

This year I was lucky enough to drive with Tiger Racing in their 2006 BMW M3. Compared to the low-horsepower cars I typically drive, this 400+HP car with 10″ slicks and big Brembo brakes was a completely different animal, and it was fast. Even at a comfortable enduro pace to preserve the car and exercise caution when passing, the M3 is capable of running lap times 12-15s/lap faster than my Spec Miata. It also sounds absolutely glorious.

Here are a few laps of in-car footage from my stint driving just after sundown into the darkness. Driving at night is one of my favorite times: you settle into a rhythm and just click off the laps (click through to see a larger version and make sure to enable HD):

I was in the car for 2.5 hours until earlier damage created a mechanical issue that forced us to retire. This was the team’s 8th running of the 25 Hour and it’s their first retirement which speaks to the great job they do before the race each year. The car is prepared by Bavarian Tuning in Santa Rosa and TC Design in Milpitas, CA. Big thanks go out to the crew – one of the best in the paddock – and my fellow drivers John Larson, Billy Maher and Tony Colicchio for inviting me to be part of the team!

For some amazing photos, check LifeBlasters.com write-up of the event.

Once home I searched for a database of conjugated verbs to make flash cards that, rather than working with infinitives, would read simple actions like “They walk”, “He used to sing” or “We would have spoken” and the reverse would have the proper Spanish conjugation. Despite my uber Google skills, I was unable to find any non-commercial products. However, I did come across one great resource that had the data I needed.

Fred Jehle, formerly a professor at Indiana University-Purdue University Fort Wayne, published approximately 600 verbs, fully conjugated in all moods and tenses, on his website in 1998. The resource helped students improve their verb use in addition to a variety of notes on other aspects of the language. I contacted Mr. Jehle to inquire if a database of his verbs were behind the scenes but unfortunately only the static web pages exist.

Out of curiosity, I opened up a couple of pages to see what the source HTML looked like and, luckily, it was pretty uniform. I broke out my editor and wrote a script to read in each page, parse out the various conjugations and dump them in to a (PostgreSQL 9.x) database. The roughly 600 verbs converted to 11,467 combinations of moods + tenses.

In coordination with copyright holder Professor Jehle, this data is available free of charge via a Creative Commons license for anyone to use for non-commercial purposes so long as you provide attribution. If you alter, transform or build upon this work then you may distribute the resulting work only under the same license.

My thanks go to Mr. Jehle for quickly answering my questions and allowing me to publish the data for other would-be Spanish students. I recommend that you also check out his website for additional Spanish content at http://users.ipfw.edu/jehle/VERBLIST.HTM.

Watch the larger version on contour.com.

I’ve participated three times: crewing for a Subaru WRX, driving in an 1989 BMW M3 and managing a 1995 BMW M3. This year I’ll be driving a second time in an 2005 BMW M3 in the ES class with Tiger Racing. ES is for unlimited cars: slicks, dry-brake fueling, air jacks, four-wheel tire changes, 400HP, the works. This is going for the overall win, the glory and the 11-foot trophy that NASA gives the winning team. We’ll be competing against Porsche GT3 Cup Cars, a Super Truck and who knows what else will come out of the woodwork before the event begins. Previous years have featured Daytona Prototypes in the mix so anything is possible.

I’m very excited to be part of this team – their organizational skills, people and overall demeanor are professional but friendly and I know many of the crew and other drivers from previous track events making it an easy environment to get up to speed. Last Friday we shook the car down at Thunderhill. I got in the car about an hour before lunch to get oriented with the car. Coming from primarily driving Spec Miatas where we turn around 2:07s at Thunderhill, this car has some serious juice!

I got to work over the next seven laps and brought my times down to a high 1:53 before disaster struck: the motor exploded, filling the cabin with smoke and sending me off track. I coasted up to a flagging station so the corner worker could assist in case the car caught on fire but, minus the hole in the engine, no additional drama. While this ended our day prematurely, it was a blessing in disguise that it happened a month before the race and not on the test day, or worse, in the first six hours of the race itself. The motor is already out of the car and a spare is being readied. Very nice work by Chris Watson at Bavarian Tuning.

New Helmet

I’m sitting in my office writing this post while I’m wearing my new SA2010 Stilo ST4F helmet from SafeRacer. I’ve got my custom molded earplugs in and my balaclava to make sure everything is comfortable. I’ll be driving the Tiger Racing BMW M3 for as long as 3.5 hours at a time: comfort isn’t a convenience, it’s a necessity. A headache in 30 minutes would be a cranium splitter after all that time in the rough, buzzy car. A lot of places won’t let you return a helmet but SafeRacer will let you try it on and return it if it doesn’t fit (did the same thing when I was shopping for race suits). They have free shipping on orders over $99 so there’s only a minimum amount of cost to send something back if it isn’t the right size or fit. Stilo helmets are quite new in the US, I’ve only ever seen one in person, so it’s not like I could run down to the local speed shop and try one on. I’m very satisfied with the fit and features: built-in radio electronics, forced air and quick-disconnect drink tube are all awesome options. If you order from SafeRacer and are a road racer, be sure to specify that you want the road race electronics package rather than the rally electronics.

Skip to :22 if you’re impatient. Never unbuckle your safety equipment on track unless you’re on fire. It doesn’t matter if you’re in a Formula 1 race or a 171-car themed nutjob race.

Upgrade to CHKUSER 2.0.9

CHKUSER 2.0.9 includes one update that is very important to us: CHKUSER_DISABLE_VARIABLE. This enhancements allows us to disable CHKUSER checks for certain relays. In our case, our web application servers relay mail and sometimes the TO address is invalid. Without this change, CHKUSER would deny even sending the email so bad emails would queue up on the web servers. What we want to happen is for the mail server to accept them, bounce them and let our bounce handling routines run notifying the sender of the bad address. Here’s the necessary steps:

1. Download development package qmail-toaster-1.03-1.3.21.src.rpm which includes the CHKUSER 2.0.9 code and a few other enhancements (see this thread)
2. rpm -Uvh qmail-toaster-1.03-1.3.21.src.rpm
3. bunzip2 /usr/src/redhat/SOURCES/qmailtoaster-1.3.2.patch.bz2
4. vi /usr/src/redhat/SOURCES/qmailtoaster-1.3.2.patch
5. Search for “/* #define CHKUSER_DISABLE_VARIABLE” and remove the comments, save
6. Search for “/* #define CHKUSER_ENABLE_USERS_EXTENSIONS” and remove the comments to re-enable dash-aliasing
7. bzip2 /usr/src/redhat/SOURCES/qmailtoaster-1.3.2.patch
8. cd /usr/src/redhat/SPECS
9. rpmbuild -bb –with cnt50 –target i686 qmail-toaster.spec
10. rpm -Uvh /usr/src/redhat/RPMS/i686/qmail-toaster-1.3.2.rpm

Note, I’m running on x64 CentOS 5. For some reason I had to specify the target as i686 as without the target it wanted to generate an i386 binary while everything else is i686. I didn’t know if that would cause problems so I specified the target explicitly.

For any IP address we want to bypass the CHKUSER checks, we simply add an entry to /etc/tcprules.d/tcp.smtp with a RELAYCLIENT variable. An entry might look like:

192.168.0.1:allow,RELAYCLIENT=""

Finally, the RPM update for qmail-toaster overrides your SSL certificates for SMTP. To restore my real certificates, I had to perform the following steps (lifted from coregilmore.com):

# cp /etc/httpd/certs/mail.msr.com.pem /var/qmail/control/servercert.pem
# ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem
# chown -h qmaild:root /var/qmail/control/clientcert.pem
# chmod 400 /var/qmail/control/servercert.pem
# qmailctl restart

mail.msr.com.pem is simply a single concatenated file containing your key, certificate and any intermediate certificates (required for registrars like Go Daddy for example):

# cat /path/to/ssl_cert.key /path/to/ssl_cert.crt /path/to/gd_intermediate_bundle.crt > /var/qmail/control/servercert.pem

Updated Mailfilter Script

We also expanded our mailfilter script to be a little bit smarter and handle DSPAM better. Here’s the latest:

SHELL="/bin/bash"
import EXT
import HOST

VUSER=`echo ${EXT%-*}`
export VUSER
USERHOME=`/mail/bin/vuserinfo -d $VUSER@$HOST`
export USERHOME

MARKTIME=`date +%s.%N`
UNIQUE=`date +%N`

logfile "/var/log/maildrop/mailfilter.log"

# Test for the existance of the Junk directory.  Create it if it doesn't exist
VERBOSE=1
log "$VUSER@$HOST[$UNIQUE] : Start user filter"

# make sure the Junk folder exists and is subscribed too
`test -d $USERHOME/Maildir/.Junk`

if ( $RETURNCODE == 1 )
{
    `/usr/bin/maildirmake -f Junk $USERHOME/Maildir`
    `echo INBOX.Junk >> $USERHOME/Maildir/courierimapsubscribed`
}

# make sure the retrain folder exists
`test -d $USERHOME/Maildir/.JunkRetrain`

if ( $RETURNCODE == 1 )
{
    `/usr/bin/maildirmake -f JunkRetrain $USERHOME/Maildir`
    `echo INBOX.JunkRetrain >> $USERHOME/Maildir/courierimapsubscribed`
}

# now analyze the SA header
if (/^X-Spam-Status: Yes/)
{
        log "$VUSER@$HOST[$UNIQUE] : SpamAssassin found SPAM"
        to "$USERHOME/Maildir/.Junk"
}
else
{
        # spamassassin thinks its ham, which means nothing, because SA sucks
        # so now we check with dspam

        # warning: exception must have one space and then the curly bracket or else syntax errors are generatead
        exception {
                xfilter "/usr/local/bin/dspam --deliver=innocent,spam --stdout --user $USERHOME"
        }

        if (/^X-DSPAM-Result: Spam/)
        {
                # dspam says spam
                log "$VUSER@$HOST[$UNIQUE] : DSPAM found SPAM"
                to "$USERHOME/Maildir/.Junk"
        }
        else
        {
                # ham in both places, deliver
                log "$VUSER@$HOST[$UNIQUE] : DSPAM found HAM (returncode = $RETURNCODE)"
                if (/^X-DSPAM-Result: Innocent/)
                {
                        log "$VUSER@$HOST[$UNIQUE] : HAM includes X-DSPAM-Result: Innocent"
                }
                else
                {
                        if (/^X-DSPAM-Result: Whitelisted/)
                        {
                                log "$VUSER@$HOST[$UNIQUE] : HAM includes X-DSPAM-Result: Whitelisted"
                        }
                        else
                        {
                                log "$VUSER@$HOST[$UNIQUE] : HAM does NOT include X-DSPAM-Result: Innocent/Whitelisted"
                        }
                }
                to "$USERHOME/Maildir/"
        }
}

Since we’re dropping SpamAssassin, this file could be streamlined to be DSPAM specific but it doesn’t hurt to leave it in the event we decide to re-enable it at a later date. Simply save the script somewhere and enable it via a .qmail file in a user directory with the following:

|preline /usr/bin/maildrop /path/to/mailfilter-to-spam-plus-dspam

Here are some links to building “mileage runs” – intentionally bad airline itineraries designed to rack up additional frequent flyer miles. Also in the list below are some unique or useful itinerary planning tools. I was particularly blown away by ITA’s Matrix which lets you specify how many hops, on what airlines, in what class of travel and with what connections to build a trip. These will come in handy when I get on the Amazing Race.

• InsideFlyer article on mileage runs – with links to tools
• FlyerTalk mileage run tools – an epic list of tools
• FlyerTalk mileage run strategy – how one MR fanatic goes about booking his trips
• Travelocity DreamMap – display cheap trips on a map using a starting location, show where you can go on the cheap
• HappyFlier – strategies on finding routes
• ITA Software’s Matrix Planner – lets you specify arcane airline codes to build exactly the route desired and price it
• Great Circle Mapper – for sticking in a flight route like SFO-LAX-IAH-MCO and figuring out the total miles. 2,570 if you’re counting.
• Fare Codes, Award calculations, Mileage charts