» Fig Leaf Software Home

We've Got You Covered.

Wednesday, April 23, 2014

Top Three Reasons to Upgrade to Adobe Creative Cloud

If you are an Adobe product user, by now you have probably heard about the Adobe Creative Cloud, Adobe's subscription model for Adobe's world class creative tools: Photoshop, Illustrator, Indesign, Dreamweaver, Adobe Premier Pro, After Effects, Adobe Acrobat XI Pro, and Adobe Muse.

Adobe Creative Cloud represents a revolutionary change in Adobe's business model, and Adobe has already reported 2 million creatives leverage Adobe Creative Cloud tools for their photography, video, audio, and design needs.

I've been working with Creative Cloud for over a year now, and I'm excited to say that the product is awesome. There are so many benefits to joining the party and moving to the cloud. With Adobe's current 40% saving promotion going on until May 31st, there is no reason not to subscribe. Below, I highlight some of the key reasons that many of our customers have chosen to upgrade from Adobe Creative Suite to the Adobe Creative Cloud.

Automatic Updates
What version of Acrobat are you on? Do you have the newest features in Photoshop CC? With Creative Cloud, users don't have to worry about keeping up to date with new releases. The focus can remain on creating amazing content with Adobe because the products are in the cloud. When users subscribe to the cloud, Adobe products are automatically updated with software enhancements as they are released.

Not only are these updates convenient, but they can save money for many users. Each product usually has an individual fee to upgrade. However, while subscribed to the cloud users only need to worry about the cost per user, not per product.

Easy Deployment
With Adobe's Creative Cloud there is an administration console that allows the administrator to easily view who has what license and reassign them to another user as needed. When Fig Leaf started using Creative Cloud for our own creative use, the happiest person in the company was our Director of IT, Mike. Before Mike had to manage all of our licenses and keep track of the different Adobe products and when each needed an upgrade. Now that Fig Leaf is on Creative Cloud, Mike has more time and can manage our Adobe licenses with ease.

Support and Training 
Adobe offers a library of online tutorials for Creative Cloud products that are routinely updated. These tutorials are in addition to the full-time support line Adobe provides for Creative Cloud customers to answer any additional questions about Adobe products. Fig Leaf Software also offers the Creative Cloud for Teams, which gives users two one-on-one sessions with an Adobe product expert each year. Adobe has invested heavily in Creative Cloud, and if offering full support to help ensure its customers are happy.

Some of Creative Cloud's other noteworthy features include: up to 100GB/user of cloud storage, certain apps such as Lightroom now working on iPad, and has the ability to work without internet connection




[Written by: Arya Heidari]

Thursday, April 10, 2014

My heart bleeds for you (security-wise, anyway)

What is Heartbleed, and why should I care?

If you've paid any attention to tech news over the last few days, you may have heard of a serious vulnerability called Heartbleed. In a nutshell, this is a vulnerability found in OpenSSL. What's OpenSSL? It's the program used by many web servers to provide HTTPS access via Transport Layer Security (TLS, which we used to call SSL). In other words, when you open a browser and buy something on Amazon, or log into Google Apps, you're connecting to a web server that uses TLS.

Uh-oh, I use Amazon/Gmail/Facebook, do I have to worry?

The answer is, it depends! This doesn't affect your computer directly. But, it affects the servers that you connect to. It's possible that you could connect to a vulnerable server and enter your password, followed by an attacker connecting to that server and being able to read your password from the memory of the server! This appears to be pretty unlikely, but within the realm of possibility. If you've used these services lately, you might want to change your password as a prophylactic measure. Google has said that this isn't necessary for Gmail and Google Apps users, but it can't hurt - or can it? If a server was vulnerable, and that vulnerability led to another compromise, it's theoretically possible that the new exploit could capture your password even if the original one didn't! If you're feeling a bit woozy at this point, you're not alone.

Uh-oh, I run a web server myself! Do I have to worry?

Maybe. If your web server uses HTTPS, and relies on OpenSSL for this, and you're using OpenSSL 1.0.1a through 1.0.1f, you should definitely worry! These are the vulnerable versions of OpenSSL. If you're using one of those versions, you should upgrade to 1.0.1g if you're using precompiled binaries, or recompile OpenSSL. If you're recompiling it, you can either use the latest source or you can recompile your existing source with the OPENSSL_NO_HEARTBEATS flag.

Also, in theory, it's possible that an attacker was able to read some data on your server before you fixed it. This could be anything stored in memory: user passwords, database credentials, even the private key used by your TLS certificates! There isn't really a fix for that other than to change ... everything. Have fun!

What web servers rely on OpenSSL?

Pretty much everything except Microsoft Internet Information Server (IIS), as far as I can tell. Apache on Unix and Windows use OpenSSL. You can either upgrade to a newer version of Apache, or you can upgrade your OpenSSL libraries. It's pretty easy to do this on Windows, at least. You can download OpenSSL for Windows separately from Apache, and copy the DLLs and openssl.exe into the appropriate location within your Apache directory. You can identify the version number for the files in Windows Explorer by right-clicking and viewing Properties.

One of the two OpenSSL DLLs on Windows, showing the version number
The two DLLs on Windows are libeay32.dll and libssl32.dll - even apparently on 64-bit Windows.

You can test your web servers. There are a few online testing tools for Heartbleed. I've been using this one. There are also downloadable test tools suitable for use within private networks, as well, including the source for the one linked in the previous sentence, and this one. There's even a "bulk" testing tool, masscan, which can be used. This can actually be used to retrieve data from memory on a vulnerable server.

Wait, you mean only Microsoft IIS is immune to this?

Yes. Don't be smug, though. Just savor the moment quietly.

I'm running an SMTP/IMAP/SSL VPN/FTP/stunnel server. Do I have to worry?

Unfortunately, yes. Lots and lots of servers use OpenSSL for TLS, and TLS is used with lots of network protocols. Fortunately, most versions of OpenSSL aren't vulnerable - again, only 1.0.1a through 1.0.1f.

If you're using Adobe Connect and have it installed on your own network, you may be using stunnel with it to handle TLS. If so, you may need to replace the OpenSSL libraries there as well. This only applies to locally-installed Connect servers, not those hosted by Adobe or other vendors.

I'm using OpenSSL in a client to connect to another server. Do I need to do anything?

As far as I can tell, you are under no direct threat unless you connect to a server that is attacking you. But you can and should upgrade your copy of OpenSSL to prevent even that possibility. If you're using the free, open-source OpenVPN client, you can upgrade to the latest version and read about how the vulnerability affects OpenVPN. Similar upgrades are also available for other OpenSSL VPN clients like Viscosity and Tunnelblick.

[UPDATE - I've received additional information about client vulnerabilities from a security professional acquaintance - I am not a security professional, just a very scared system administrator - and it appears that clients can, in fact, be attacked via MITM - a compromised server is not necessary. So, at a minimum, update your client OpenSSL libraries too.]

I'm using a firewall/antispam/search appliance. Am I in trouble?

Many appliances that use OpenSSL are actually still using older versions like 1.0.0. Check with your vendor, though! For example, I work a lot with the Google Search Appliance, which can use TLS for serving secure results, access to the admin console, access to Version Manager, and feed submission. So, after reading about this vulnerability and then changing my underwear, I asked my Google support rep about it. I was relieved to learn that no supported versions have this vulnerability on ports that are sometimes exposed to untrusted networks - secure serve and admin console. That said, there is a vulnerability on another port that should never be exposed to an untrusted network, and Google will be releasing a patch shortly.

I'm using a cloud environment like Amazon AWS or Google Cloud Platform. What about me?

If you're running Amazon Linux AMIs 2013.03 or later, they have vulnerable versions. It's easy to upgrade them, though, using a simple yum update command and restarting affected services. The same is true for Google Compute Engine users. There's a vulnerability for Google Cloud SQL users, but you can block access to affected ports from untrusted networks - and you should be doing that already anyway.

My server was vulnerable. I've fixed it. But how do I know whether the vulnerability was exploited before I fixed it?

This is a good question! Unfortunately, I don't have an answer. I haven't found any way to identify this yet at the web server level.

Are there any lessons from all this?

While this is a very serious incident, I think these kinds of things are simply unavoidable. Systems are very complex and diverse, but they often share a lot of the same core components. But the same lessons we've learned in the past still apply here: defense in depth, regular password changes, proper network access controls, and so on, can mitigate the risk of these problems in many cases. Good luck, and be careful out there!

[Note: cross-posted on Dave's personal blog]

Wednesday, April 9, 2014

Generate an Excel File from a Tree Panel / Tree Grid!

Recently I was tasked with building an application whereby the user could export report data contained within a  treegrid to Microsoft Excel. Under normal circumstances, I would have used a server-side approach using ColdFusion’s robust functionality. However, in this particular case, we were using .NET and frankly, I wanted the middleware developer on the project to stay focused on building the core .NET CRUD webservices that were required for the project.
treegrid

To read more please visit: Druck-I.T.

Wednesday, April 2, 2014

Integrating Ext JS 4 and the TinyMCE 4 Rich Text WYSIWYG Editor

TinyMCE is generally considered to be one of the best WYSIWYG browser-based editors that’s currently available. Not only does it have a ton of native features, but it also has an extensible plugin architecture that enables developers to add additional functionality with relative. One of it’s best features is the ability for a user to expand the editor to full-screen, thereby enabling a much better user experience. It also has a copy/paste plugin that can filter out nasty extraneous Microsoft Word markup.
TinyMCE is open-source and has LGPL and Commercial licenses available.
Image
Oleg Schildt was gracious enough to develop an Ext extension for TinyMCE 4, which we improved by adding the following features:
  • Making the class a lot more developer-friendly by adding config attributes to load plugins and automatically instantiate associated buttons
  • Added ICE version control plugin support (depicted above)
  • Automatically load TinyMCE from the CDN if not present
  • Added autoFocus param to prevent automatic focus on instantiation
  • Added dynamic show/hide of header & footer on focus / blur
We also created a custom a Sencha Architect user extension to support it, as well as bundled all of the source code into an Ext JS 4 “package” for easy deployment to your Sencha Cmd-based apps.
A few geeky technical points:
In order for a Sencha Architect user extension to operate properly, the Ext class must not be reliant on external javascripts. Therefore, we threw a little kludge into our codebase that “tricks” Architect into thinking that we’re instantiating a simple textarea:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
// architect design canvas runs pages with
// a url starting with "ionp"
 
if (location.href.indexOf('ionp') == 0) { 
 
    // kludge for sencha architect canvas
 
    Ext.define('Ext.ux.form.TinyMceTextArea', {
        extend: 'Ext.form.field.TextArea',
        alias: 'widget.tinymce'
    });
 
} else {
 
    // actually load the class
 
    Ext.define('Ext.ux.form.TinyMceTextArea', {
 
        extend: 'Ext.form.field.TextArea',
        alias: 'widget.tinymce'
 
        // define the "guts" of the class here
    });
}
In order to make the component more “developer-friendly”, we used Ext.loader.loadScript() to load the TinyMCE and ice plugin scripts automatically. Note that ICE requires jQuery (for now):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
if (!window['tinymce']) {
    Ext.Loader.loadScript({
        url: '//tinymce.cachefly.net/4.0/tinymce.min.js',
        onLoad: function() {
            if (window.loadIce) {
                Ext.Loader.loadScript({
                    url: '//code.jquery.com/jquery-1.9.1.min.js',
                    onLoad: function() {
                        Ext.Loader.loadScript({
                            url: '//code.jquery.com/jquery-migrate-1.0.0.js'
                        });
                    }
                });
                Ext.Loader.loadScript({
                    url: 'packages/TinyMCE/resources/ice/ice-master.min.js'
                });
                Ext.Loader.loadScript({
                    url: 'packages/TinyMCE/resources/tinymce/plugins/ice/plugin.js'
                });
            }
        },
        scope: this
    });
}
And finally, we packaged everything (including the Sencha Architect plugin) into a Sencha package, which enables you to combine your component’s source code, related design assets, and (optionally) Sencha Architect plugin into neatly organized folder structure. Note that in the following screenshot, you can configure the TinyMCE editor plugins and other attributes by filling out a simple configuration form.
Sencha Architect Integration

So what are you waiting for?
[Written by: Steve Drucker]
[Cross-promoted: Druck-I-.T.]

About Us

Fig Leaf Software is an award-winning team of imaginative designers, innovative developers, experienced instructors, and insightful strategists.

For over 20 years, we’ve helped a diverse range of clients...

Read More

Contact Us

202-797-7711

Fig Leaf Software

1400 16th Street NW
Suite 450
Washington, DC 20036

info@figleaf.com