First of all add the filters module to your app dependencies in appname/project/Build.scala.

import sbt._
import play.Project._

object ApplicationBuild extends Build {

  val appName         = "appname"
  val appVersion      = "1.0-SNAPSHOT"

  val appDependencies = Seq(
    // Add your project dependencies here,
    jdbc,
    anorm,
    <strong>filters</strong>
  )
}

Next create appname/app/Global.scala and extend the Global settings so that it uses the CSRF filter.

import play.api.mvc._
import play.api._
import play.filters.csrf._

object Global extends WithFilters(CSRFFilter()) with GlobalSettings

Now the CSRF tests will convey that you need to do the following in all your controllers that return a view with a form post.

def index = Action { implicit request =>
  import play.filters.csrf._
  Ok(views.html.index(CSRF.getToken(request).map(_.value).getOrElse("")))
}

and use the CSRF token in your view template as follows.

@(csrf: String)

@main("Welcome to Play 2.0") {</pre>
<style type="text/css" media="screen"><!--
      label{display: block}

--></style>
<div>
<h2>With token</h2>
<form accept-charset="utf-8" action="@routes.Application.save()?csrfToken=@csrf" method="post">
<label for="name">Name:</label><input id="name" type="text" name="name" value="" />

<label for="age">Age:</label><input id="age" type="text" name="age" value="" />

<input type="submit" value="Continue →" /></form></div>
<pre>
}

Relax you don’t have to call CSRF.getToken() in all of your controllers that present a form.  Fortunately there is a CSRF view helper that takes an implicit token so that you won’t need to set up the token in your controller and pass it to the view.  Instead you just have to declare the implicit token in the view and wrap your post action with the CSRF helper function as follows.

@(signInForm: Form[(String,String)])(implicit token: play.filters.csrf.CSRF.Token)
@import helper._

@implicitFieldConstructor() = @{
    FieldConstructor(bootstrapInput.render)
}

@main(Messages("shopanoptic")) {
    <div class="offset3 span6">
        <div class="well">
            <h3>@Messages("signin")</h3>

            @form(CSRF(routes.Session.authenticate()), 'class -> "form-vertical") {

                @signInForm.globalError.map { error =>
                    <p class="error">
                        <span class="label important">@error.message</span>
                    </p>
                }

                <fieldset>
                    @inputText(
                        signInForm("email"),
                        'placeholder -> Messages("email"),
                        '_label -> null,
                        '_help -> Messages("signin.your.email")
                    )
                    @inputPassword(
                        signInForm("password"),
                        '_label -> null,
                        'placeholder -> Messages("password"),
                        '_help -> Messages("signin.your.password")
                    )
                </fieldset>

                <div class="form-actions">
                    <input type="submit" class="btn btn-primary" value="@Messages("signin")">
                </div>
            }
        </div>
    </div>
}

Now you can protect your web application from one of the OWASP Top 10 security vulnerabilities.

The SDK can be used to manage encryption keys and specify originator controls for restricting access to content that is in motion, at rest, or in use.  The demand for these capabilities are becoming more apparent as employees adopt cloud services such as Dropbox for sharing files or use corporate email on their personal iPhones or Android devices.

The SDK has been integrated into our own product line of Secure Envelope applications for Windows, Mac, iOS and Android.  Supporting all of these platforms is a real challenge for the development team, but they have done an amazing job in demonstrating the versatility of the SDK for cross-platform development.  We have been attracting a lot of talented developers, and it is great to be working with a bunch of really smart people.  We do take our hiring seriously, and all candidates have to pass a coding challenge as part of the interview process.

The year ahead is going to be an exciting time for us at Covata.  We’ve got a lot planned on our roadmap for 2013, and we can’t wait to ship new products to our customers.  Please follow the Covata blog to learn more about the upcoming product releases.


$ lsmod | grep vmhgfs


And got a bunch of errors when trying to load the module.


$ modprobe vmhgfs


To install VMware tools follow the below instructions.

In VMware Fusion click on Virtual Machine -> Reinstall VMWare Tools. This will attach the VMware tools ISO to a CDROM on the guest VM. Mounting the CDROM doesn’t seem to automatically work on my set up so I had to manually mount it with the following command.


$ sudo mount /dev/cdrom1 /media/cdrom


Tip: You might need to try /dev/cdrom if /dev/cdrom1 doesn’t work for you.

Next you need to install linux headers and build essentials. Use the following commands to install these packages.


$ sudo apt-get install build-essential
$ sudo apt-get install linux-headers-`uname -r`


Now copy the VMwareTools tar ball to your working directory, and install it.


$ cp /media/cdrom/VMwareTools-.tar.gz .
$ tar zxvf VMwareTools-.tar.gz
$ cd vmware-tools-distrib
$ sudo ./vmware-install.pl


This should initiate the install and configuration settings. I just accepted all the default values.

Now you should be able to access your host’s shared folder at /mnt/hgfs.

It looks like Joyent have provided those that bought into the Lifetime hosting deals another option, and that is to spin off the shared hosting services under the TextDrive name, and continue the lifetime hosting service with TextDrive. The TextDrive shared hosting services will be migrated to the Joyent Cloud. Of course some are speculating that the lifetime hosting terms (for as long as we exist) will transfer to the new entity, which may only exist for a short period of time, and thus cleanly bringing an end to the lifetime hosting commitment. I for one am championing the decision as I believe there is a sustainable business model for shared hosting services to be based on Joyent’s cloud infrastructure. Long live TextDrive!

Nick Carroll,

If we haven’t met, I’m Dean Allen, a founder of TextDrive, the shared hosting company started by Jason Hoffman and me in 2004. I’m also a founder and erstwhile President of Joyent, which some time ago merged with TextDrive, though I haven’t been active with that company for a while.

If we have met, I hope it went okay.

A couple of weeks ago I received, at the same time as Joyent’s shared hosting customers, a message announcing an end to support for shared hosting, affecting customers who’ve been with us for years, some of whom invested in accounts we had intended to support for the rest of the life of the company. The announcement struck many as abrupt. Some took it to be an abandonment of, if not an insult to, your good faith, written in marketing and lawyer speak.

I soon spoke with my friend Jason, who by then was deluged with abusive emails and imaginative threats. After I rubbed some salt in his wounds, we began imagining what it would take to continue providing what we’d intended all along to those who put their faith in us. After some wrangling, we’ve found a way to make it work.

I’d like to announce that on November 1st, 2012, TextDrive will relaunch anew as a separate hosting company, staffed and funded, run by me. Please consider the recently announced end-of-life for Joyent’s shared hosting customers now revised to be a continuation-of-life, to be carried out in the same friendly, creative, publishing-centered spirit of TextDrive’s early days.

No matter its humble beginnings, Joyent now operates in a very big arena, producing heavy artillery for the armies of cloud computing, and it’s been years since the company has been structured to service the retail hosting customer. Moreover, the servers on which your accounts still reside are old, slow, inefficient, and they go down on occasion. Everyone deserves better.

Current shared hosting customers can expect to have at least double the resources provisioned have now, running on vastly more stable and efficient infrastructure. Running, in fact, on the very heavy artillery mentioned above.

I intend to have all current paying and lifetime shared hosting customers moved from our old data centers to new, modern and efficient infrastructure by November 1. We’ll be doing all we can to automate the migration process and keep discomfort at bay. More communications and instructions on the migration process will follow. For now, know that Joyent shared hosting customers, whether paid or lifetime, are now TextDrive customers and that service will not be interrupted.

For updates and resources click here.

It gives me great pleasure to indicate that I’ll talk to you soon.

Dean Allen
TextDrive

I was disappointed to have received the below email in my inbox from Joyent this morning. I feel as though I was conned twice when I paid for the Mixed Grill, and then the Three Martini Lunch, both offering lifetime hosting for as long as the company exists. They were both big upfront payments for hosting, and the offer at the time was used to kickstart the Joyent business without giving up shares for capital. What is worse is that I recommended Joyent to friends, colleagues, and clients over the years which converted to paying customers for them. I now have to find a service provider that I can trust. Heroku and AWS are at the top of the list.

By the way, the one year of Joyent Cloud hosting was a real kick in the teeth. I can go to AWS instead and make use of their free usage tier for a year.

Dear Nick Carroll,

We’ve been analyzing customer usage of Joyent’s systems and noticed that you are one of the few customers that are still on our early products and have not migrated to our new platform, the Joyent Cloud.

For many business reasons, including infrastructure performance, service quality and manageability, these early products are nearing their End of Life. We plan to sunset these services on October 31, 2012 and we’d like to walk you through a few options.

We understand this might be an inconvenience for you, but we have a plan and options to make this transition as easy as possible. We’ve been developing more functionality on our new cloud infrastructure, the Joyent Cloud, for our customers who care about performance, resiliency and security. Now’s the time to take advantage of all the new capabilities you don’t have today. Everyone that’s moved to our new cloud infrastructure has been pleased with the results.

We appreciate and value you as one of Joyent’s lifetime Shared Hosting customers. As this service is one of our earliest offerings, and has now run its course, your lifetime service will end on October 31, 2012. However, we believe that you will enjoy the new functionalities of the Joyent Cloud. To show you our appreciation, as one of Joyent’s lifetime Shared Hosting customers, we’d like to offer you a free 512MB SmartMachine on the Joyent Cloud for one year. Use this promotional code to redeem the offer.

### PROMOTIONAL CODE REMOVED ###

To find out more about the Joyent Cloud and your options, please follow this link to our migration center for additional details.

Sincerely,

Jason Hoffman
Founder and CTO
Joyent
jason@joyent.com

Why is the media industry getting excited about HTML5?
HTML4 was first published in 1997 with the intent of providing a universally understood language for publishing information for global distribution. HTML5 is the evolution web developers needed to build apps instead of documents. HTML5 enables developers to break free of the limits they were used to when building web applications. Developers now have ways to store information on the device for offline use, have access to media, and can create visuals within the browser using HTML5 technologies. This opens up the potential for video, games, and rich web applications running in the browser on multiple platforms and across many devices without plug-ins.

Lessons learnt with HTML5 Video
In practice using HTML5 video exposes a number of challenges in dealing with an emerging technology. There is fragmented support for video codecs between the main browser implementations. You need to support at least two video codecs (H.264 and WebM or Ogg) in order to play video across most HTML5 compatible browsers. HTML5 video also doesn’t support adaptive bitrate streaming such as HTTP Live Streaming or Smooth Streaming, nor does it support DRM protection schemes for premium video content. For these we will still need to rely on Flash.

Moving forward with HTML5
HTML5 is still a long way off from achieving the W3C Recommendation status. However, Google, Mozilla, Apple, Opera, and even Microsoft are rapidly providing implementations of the new standard. Check out http://html5test.com/ to see what features your browser supports and how it scores out of a total of 475 points. You may be surprised by how much or how little your browser supports of the new specification. For example, the highest scoring browser is Google Chrome 17 (374 points), followed by Mozilla Firefox 11 (335 points), and Opera 11.60 (329 points). Microsoft takes the wooden spoon award for having the lowest scores for IE 6 (25 points), IE 7 (26 points), and IE 8 (41 points). The biggest challenge with developing HTML5 apps is providing support for legacy browsers and dealing with nuances between browsers and versions of browsers. This should be expected as early adopters of an emerging web technology.

The problem I was experiencing behind my corporate firewall is that I need to authenticate using the windows domain prepended to my username. It seems that you are not able to have a backslash in your username when setting your http_proxy environment variable using the below format.

http://username:password@host:port/

In other words I was getting strange errors when using the following in my .bash_profile.

export http_proxy=http://domainusername:password@host.com/

You can’t escape the backslash, nor wrap everything in quotes etc. The only solution I came across was to use an NTLM authentication proxy such as CNTLM, which is a fast NTLM authentication proxy written in C. The Ubuntu package is described as follows.

Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, authenticated connection caching, ACLs, proper daemon logging and behaviour and much more. It has up to ten times faster responses than similar NTLM proxies, while using by orders or magnitude less RAM and CPU. Manual page contains detailed information.

It can be installed using the command, but you’ll need to do this when you are connected directly to the internet, and thus bypassing your corporate proxy!

sudo apt-get install cntlm

You will then need to configure CNTLM by modifying the config file at /etc/cntlm.conf. You’ll need to specify your windows domain login credentials in the config file.

Once configured, restart CNTLM using the command:

sudo /etc/init.d/cntlm restart

Once CNTLM has been configured and restarted, you can then update your http_proxy settings to use http://localhost:3128, or whatever port number you used in the CNTLM config file. By default CNTLM listens on port 3128. Now you will be able to use apt-get, but this time behind your corporate proxy.

Checkbox allows you to take a photo of your task list, add checkboxes to the photo, and track the tasks that you have completed.

Use Checkbox to quickly capture your shopping list on your fridge, the meeting actions jotted on your notebook, or the menu of your favourite restaurant. Then turn the photo into a checklist by adding checkboxes to items in the photo that you want to track. Simply tap on the checkboxes to keep track of tasks that you have previously completed.

Find out more about Checkbox

Estimation Deck provides a set of fibonacci numbers that can be used during an Agile estimation session. This application allows the Agile professional to swipe through the deck of cards until the desired estimate is found for the proposed story. Tapping on the estimate card will flip the card to hide your estimate from your colleagues. Tapping the back of the card will flip the card again to reveal your estimate to the group.

Use the settings to switch between Fibonacci, t-shirt sizes, and powers of 2 decks.

Find out more about Estimation Deck