Today I looked at the new iPhone features built into Dashcode, Apple’s development environment that was originally created for Dashboard Widgets. Upon loading the application, I was presented with three new iPhone development options: Custom, Browser, and RSS.

Development

While Custom is going to give you a blank template to work with and Browser gives you a basic list view for you to fill in with your own content, the RSS template provides you a pre-coded environment to add your RSS feed and publish to your website. Today I decided to make my own iPhone version of this website.

Just like creating a Dashboard widget, you have the ability to change fonts, colors, image, and much more. Using the predefined template, I modifed the colors and background to match the look and feel of the full site you’re probably viewing this on right now. Having only used Dashcode once before to create a Podcast widget for OS X, I found no issues creating a mobile website for the iPhone. All the menus and toolbars are the same, though the library of items you can add to your mobile site are different (for good reason, of course).

As you develop your iPhone mobile RSS page, you can test it inside of the Aspen Simulator — an iPhone running on your computer (I mentioned this in the last entry). Each time I made a major change to the operation of the mobile page, I would click on the Run button, view it inside the Simulator, and operate it just like it’s on my mobile phone.

Deployment

Once I was satisfied with my changes, I went to the file menu inside Dashcode and clicked on the Deploy option. I then chose to save it to my desktop where I would be able to take it and upload it to my website.

After upload it to the labs.blackice912.net site, I decided to launch it on my actual iPhone to see the results. It turns out the results were pretty bad. No news loaded at all. I then tested it inside the Simulator and got the same results. Why was it working on my computer but not once I published it to the internet?

Well after activating the debug mode inside of Mobile Safari, I found out why. As I should have remembered, you cannot have JavaScript on one site grab data from another site. It is cross site scripting and can be considered dangerous. Realizing this, I moved the code over to blackice912.net and launched it with success.

So are there ways to use a RSS feed that is hosted on another site and use it? With the addition of PHP, yes you could do this and not run into that issue.

Conclusion

Apple has really done a lot of things right with this new SDK. While I still need to do some more investigation into the native application side of it, I am impressed with what I have seen today. You can really create a powerful web application with the SDK today and an even better one once the 2.0 firmware hits phones in June.

If you’re interested in seeing the mobile site I created, visit blackice912.net/mobile on your iPhone/iTouch or in Safari. It will not load properly in any other browser!

While I’m not writing this to inform you about ways to scare friends and family, the title could be true if the following idea was used in a sinister way.I am working on creating a very clever security system in my apartment. This is mostly for fun, but it does have practical applications. More on that when I spend more money on the project.

As a part of this security system, I want the ability to talk (or spook) to whoever is in my apartment. If I get a message that my door has been opened, I want to give the intruder the sense that there is someone around and completely aware of what is going on. There are other practical applications too, such as monitoring kids while you’re away to make sure they aren’t in a yelling match or make sure the babysitter isn’t being a bad example.

I figured the best way to provide an example of this was to show it in action. I have recorded a video which shows me calling a telephone number and Trixbox kicking into action. I will explain how this is done after the video:

So how does one pull off something like this? Well first you need to make sure that your Trixbox has an inbound telephone number (you can get a cheap 800 number from sites such as Vitelity) so that you can actually interact with your system. Once you have that figured out, you need to add a custom extension in the extensions_custom.conf file. An example entry would look something like this:

[custom-intercom]
exten => s,1,Set(__SIPADDHEADER=Call-Info: \;answer-after=0)
exten => s,2,Set(__ALERT_INFO=Auto Answer)
exten => s,3,Set(__SIP_URI_OPTIONS=intercom=true)
exten => s,4,ChanIsAvail(SIP/4587&SIP/9321,js)
exten => s,5,Macro(user-callerid,)
exten => s,6,Dial(Local/4587@from-internal,,A(beep),)
exten => s,105,Macro(vm,4587,BUSY)
exten => s,106,Wait(5)
exten => s,107,Macro(hangupcall,)
exten => s,hint,SIP/4587&SIP9321

In the above example (which was originally posted on the Trixbox forums by another user), 4587 is the extension I am calling and putting into speakerphone/intercom mode, while 9321 is the extension I am calling from.

After you have the code added to extensions_custom.conf, you must add a Custom Destination. If you were to use the above code, your custom destination would be something such as:

custom-intercom,s,1

Now you can finish up by adding a new inbound trunk and setting the Caller ID Number to your mobile phone number and setting the call destination to your new Custom Destination you just setup. This will make sure that calls will only go to intercom/speakerphone mode when you call and allow all other calls to route normally.

The above method is pretty secure unless someone figures out your mobile number and the phone number associated with Trixbox, as many VoIP services allow you to enter fake caller id information (which can be useful in the correct and honest conditions).

If you have questions or corrections to this entry, please let me know by leaving a comment. Also if you’re tempted to call the number listed in the video: I registered it for this video and it has since been decommissioned.

If you have tested the latest addition to the labs (see: New lab added: Live Mail), you would have noticed that there is a captcha (human verification) used to protect against bots creating e-mail addresses for worldwide domination. I could have created my own captcha in PHP, but I decided to use reCAPTCHA.

What’s so special about reCAPTCHA? Well in addition to protecting your registration, comments page, e-mail address, or wiki, it also helps the Internet Archive with it’s project of scanning old books for reading and archiving. Every time you use reCAPTCHA for verification, you’re helping to correct a word that was scanned into a computer but could not be read correctly by that system’s OCR (Optical Character Recognition) software.

If you’re interested in helping out a great site like the Internet Archive, I’d suggest checking this out. reCAPTCHA is compatible with various development languages and web applications such as WordPress.

Today, after much work to convert my code that relied on Neowin’s backbone to help control the system, I have added my system which ties into Windows Live Custom Domains (see: Windows Live Custom Domains Is Cool) and allows you to create a custom e-mail account that is powered by Windows Live Mail.

This registration application gives you the chance to see how you can integrate Windows Live Mail into your site by giving your visitors an e-mail address that has some relation to your domain. At Neowin we provide a variety of domain name choices for members and some exclusive ones for subscribers. All of our e-mail domains have the Neowin name in them and provide recognition of our site to the users who exchange messages with these e-mail address.

If you don’t want to invest resources into running a full e-mail server but want to offer extra site service, Custom Domains is the way to go.

Feel free to give the Live Mail registration a try at the labs site: Live Mail @ blackice912 labs

The above article, courtesy of IBM, is a good read if you’re looking at using a framework to support your coding ventures. It’s a lengthy read and gets a bit technical, but I recommend it.

Read the article

While I am not a big video posting person, I was made aware about the open source FLV player through a colleague of mine that had customized the style of the player. Had it not been for the information obtained when you right clicked on it I would have been fooled into thinking he wrote it from scratch.

This player, designed by Trent Tompkins, is a very easy way for those of us who aren’t Flash designers to get our content out there while making the wrapper (player) around our content look good at the same time.

As a test, I recorded a short clip, converted it into a FLV file, and uploaded it onto this site. Below are the results:

The video may have been a little dark (my fault, poor lighting) and a little spooky, but it took me a few seconds to make the video, a few more to convert it, and no more than a minute to upload and add the code above!

So for those of you who are looking into dipping your toes into video content publishing, I advise you take a look at this excellent player.

As both a Mac and PC user, I need a way to quickly jump between both systems on my monitor which has multiple inputs. Since Multiplicity still hasn’t crossed the pond, I’m left with limited options.

Enter Synergy - A system to share your keyboard, mouse, and clipboard between multiple computers.

Synergy is a great tool, but isn’t the most user friendly when it comes to configuration.

1.  section: screens
2.    applecomputer.local:
3.    windowsxp-e2m9su4nlc:
4.  end
5.
6.  section: links
7.    applecomputer.local:
8.     left = windowsxp-e2m9su4nlc
9.    windowsxp-e2m9su4nlc:
10.    right = applecomputer.local
11. end
12.
13. section: options
14.    relativeMouseMoves = true
15.    keystroke(control+f1) = ; lockCursorToScreen(toggle)
16. end

Above is my configuration file for Synergy (computer names changed to protect the innocent). It’s fairly simple. The top section (section: screens) identifies the computers in our setup (lines 2 and 3). We have both an Apple Mac and Windows XP computer.

The next section (section: links) tells us how the two screens link together. Line 7 tells us the computer name and line 8 tells Synergy that when our mouse hits the left side of the screen, jump over to the Windows XP machine. Lines 9 and 10 tell Synergy that moving the mouse to the right side of the screen on our Windows XP computer will take us back to our Mac.

Lines 1 through 11 is all you really need to get it working. You could leave it with those lines and be content with the functionality. At least until you try and play certain full screen games.

You see, some PC games move you around the level based on the acceleration of the mouse and the direction it is accelerating in. While using Synergy, your mouse is told what X and Y coordinates it should be at on your screen. This really messes up games such as Half Life 2. You will literally find your character in a spasm of sorts.

To fix such an annoying issue, you have to tell Synergy to lock down the mouse. What this lock down will do is both prevent the mouse from exiting to your Mac screen and enable relative moves (the acceleration we were talking about earlier). To do this, we have to add a new section (section: options) and tell it to enable relative moving (line 14) and assign a hotkey to enable or disable this (line 15). In the example above, I am using CTRL+F1. If you are using a Mac as your Synergy server, you will most likely have to use CTRL+FN+F1 to activate the hotkey, as F1 on my keyboard is brightness control which is overridden by the FN key.

With this basic setup you are ready to have the best of both worlds. Well, maybe.

You see, Synergy is not without faults. Quite often I will be in Windows XP playing a full screen game with my mouse locked down to that screen when my Mac will pop up an alert that requires my input (such as a firewall request). When this happens, Synergy likes to give keyboard control back to the Mac — essentially creating a really hard time to get keyboard control back to the Windows XP computer. The only solutions I have found so far is exiting my PC game with the mouse and closing Synergy’s tray icon or unplugging the network cable on either of the computers, thus disrupting the Synergy connection between the two.

Even with it’s faults, it is still one of the only options for cross-platform control without opening the second computer in a VNC connection of some sort. It is also decently feature filled as well. If you have a chance, check out the configuration guide on Synergy.

The Apache module mod_rewrite is one of those things that many people don’t use or don’t know how to use properly. It not only helps your website with Search Engine Optimization (SEO), but makes your overall site look cleaner. Wordpress has built in support for mod_rewrite and I am taking advantage of it here, but it’s also something I’ve started using full time with any coding projects I take part in.

First lets look at a sample implementation of mod_rewrite. In this example we are imagining our .htaccess file is located in the root of our public html folder:

1. <IfModule mod_rewrite.c>
2. RewriteEngine on
3. RewriteRule Pattern Substitute
4. RewriteRule ^folder-a/([a-z.0-9]+)$ hidden-a/image/$1
5. RewriteRule ^about$ modules/plugins/index.php?mod=about
6. RewriteRule ^folder-c/([0-9]+)$ hidden-c/?id=$1
7. </IfModule>

Lets start with lines 1 and 7: While you probably don’t need these if you’re going to run the script on your site only and not distribute it, it’s best to include them as a habit anyways in case you do develop a script you want to give away.

Next we get to lines 2 and 3: Line 2 basically tells mod_rewrite to turn on while line 3 tells it we will be doing pattern substitution (replace X with Y). Nothing we really need to worry about.

Lines 4, 5, and 6 are where the fun begins. Right off you see that each line begins with RewriteRule, which tells mod_rewrite that this line contains URL modification commands. The next part always starts with ^ and ends with $ (like a container). The data contained in this part is basically our “if ($X = $Y), then grab data from $Z” line. The final part is our $Z line, as we are grabbing the actual data from the location mentioned in this part. A more detailed explanation follows.

PART A	    PART B		    PART C

RewriteRule ^folder-a/([a-z.0-9]+)$ hidden-a/image/$1

In line 4 we are telling the system to look for calls to folder-a and anything after it that contains a lowercase a through z, a period, and the numbers 0 through 9. If these parameters match, load the actual data located at hiddena/image/$1, but replace the $1 with the information that came after folder-a. So as an example: If your user requests http://yoursite.com/folder-a/foo.jpg, your site is going to return http://yoursite.com/hidden-a/image/foo.jpg. As this all happens server side, your URL stays nice and clean.

In line 5, we have a very basic example. If someone loads the about directory on your site, it automatically returns modules/plugins/index.php?mod=about. This is a nice way to hide those ugly variables and long URLs. Wouldn’t you rather have http://yoursite.com/about rather than http://yoursite.com/modules/plugins/index.php?mod=about? Some may argue that such an example is over stretching things a bit, but the point is getting across.

Line 6 is a lot like line 4. If something after folder-c matches the numbers 0 through 9, grab the data from hidden-c/?id=$1 and replace $1 with the numbers we grabbed after folder-c.

So mod_rewrite is a great way to have clean URLs. Can it also improve your script security? To a point, yes. Now as I mentioned above earlier, I am really just a beginner to mod_rewrite — I’ve only been using it less than a week. However so far I have not found a way to find out the true URL of a script that is hiding behind mod_rewrite. I know a few sites that use it and the only way I have been able to find the true URL was to have direct access over SFTP. Because of this advantage, you can use mod_rewrite to help secure input validation. By no means am I suggesting you should depend on mod_rewrite to validate all variables passed through the URL, but every extra bit helps.

Lets look at like 6 as an example. In this line I am telling the code to only pass information along to my hidden-c folder if the data after folder-c is a number. It doesn’t matter how long or short the number is, it just has to be a number. If someone were going to attempt a SQL injection attack, mod_rewrite would not pass the data along as the conditions in the string would not match what we have setup.

I hope that helped some of you better understand mod_rewrite. For more detailed information, please check out this full document on the mod_rewrite feature.