Paul Alkema

Discussions on Web Development and Security

Paul Alkema

Mura CMS vs Wordpress vs Magento

December 06, 2013 · By Paul Alkema · No Comments

I received this email last week and I thought it was an interesting question. Please note, the original email has been changed slightly, to protect this individual from being identified.

Hi Paul,
I read your July 2010 article on ColdFusion v PHP, and am curious if there may be any updates on your opinions.

Our website ( which is a shell (link to three other separate sites)uses PHP and Joomla CMS.  Due to serious hacking issues precipitated by use of an old version of Joomla (1.5) we have decided to rebuild our site rather than upgrade.  I had an analysis completed; one option mentioned is ColdFusion together with Mura CMS, a second option is PHP with Joomla 3.1.  Do you have any opinions or comments that may help with our decision..?

This was my reply....


In my opinion, the best open source CMS option out there is by far Wordpress. Now I know your probably not a huge fan of php technologies especially after what happened but the key is to make sure you upgrade as often as possible. Now, looking briefly at your site, it looked somewhat like an ecommerce website, for ecommerce my personal favorite is Magento.

As far as Mura CMS and ColdFusion goes, I have been writing ColdFusion for 6 years now, it's a great language but if I was to start over, I wouldn't use anything ColdFusion based. The reason being, although it's a great language and is pretty easy to learn, there are SO few people who actually know it that it makes finding people who support ColdFusion sites almost impossible. If your contracting this through an agency, as long as your with that agency there probably won't be a problem with this however, most companies I've worked at liked to change agencies every few years just to keep the blood flowing. So many agencies honestly don't know ColdFusion and just butcher sites up which behind the scenes just makes things more expensive to support.

My recommendation would be to go with a solution that's either .net, php or completely custom. The major downside to open source technologies is that everyone and their mother have access to your code and there are hundreds and thousands of automated hack-bots that are constantly looking for out of date open source scripts to just automatically hack them. This is actually why I tend to go toward custom rather than open based code systems.

Another issue with open code systems, is that they become difficult to upgrade to new versions as custom modification are made; especially if these custom mods weren't implemented properly. Having said that, I've used Magento and Wordpress dozens of times and never had issues and as long as I made my mods correctly, the upgrades could just occur from inside of the admin console and it was always a breeze.

Hope this helped!
Paul Alkema

So what are your thoughts? Do you agree with my advice, or do you think ColdFusion is the way to go?

No CommentsTags: ColdFusion

How To Spoof Any Email | Send Emails To Anyone, From Anyone, Anonymously

May 02, 2013 · By Paul Alkema · No Comments

How To Spoof Emails

Spoofing emails used to be a pain, you needed to find an open relay server and build an application that used that open relay server to send email on behalf of a specified email address.

Well things just got a whole lot easier. is a communal inbox that’s open to the public. One special feature of this, is the ability to send email however, one awesome feature of this is that the emails don’t need to come from anyone specific, but can be sent from the email address specified. IE; you can spoof someone’s email, without having to find a relay server and build an application to do it, this application is already built and open to the public. Best of all, this service is completely anonymous and according to the website, doesn't save any information about the emails being sent.

[

No CommentsTags: Security

What Ever Happened To Geocities?

April 22, 2013 · By Paul Alkema · No Comments

Is Geocities still around? When I was 15, my first website was at Geocities. I think this is what started my interest in web development, although I look back on that now and don't really see that as being web development at all, it was still my first website.

In 1999 Yahoo bought Geocities, ten years later in 2009, I received an email from Yahoo, notifying my that my account was going to be closed as they were closing all Geocities accounts.

So, there in is the question, what ever happened to Geocities?

[

No CommentsTags: Misc

Kali Linux Review

April 22, 2013 · By Paul Alkema · No Comments

On March 27th Offensive Security released a new version of Backtrack. Because they made so many changes from the last version, they changed the name to Kali Linux. The new version is faster, more than 300 tools, easier to update, Debian compliant and the install is a breeze.

In addition, they created a new website dedicated to Kali Linux which is excellent considering the old backtrack website really needed a facelift. But hey, give me more than 300 tools in linux distro, who am I to complain?

When I heard there was a new version of Backtrack, I almost fell off my chair. I've been on some hacker forums, specifically and many of them have nitpicked it, in my opinion, people like what they know and when things change, many people don't like change.

What i've found, is the new version of Kali Linux is at least for me, much faster, more reliable and the tools are much more up to date.  I did a fresh install on one of my "Test" boxes and the install was much more smooth than I've had installing Backtrack. I've run it virtualized since then and found it awesome virtualized as well.

If you havn't already, I would highly recommend downloading it. Do it now!

No CommentsTags: Security

Automatically Crack All Wi-Fi Routers WEP Key's With Only 30 Seconds worth of Work

February 15, 2013 · By Paul Alkema · No Comments

There are many ways of cracking WEP keys and gaining access to Wi-Fi access points. I don’t recommend doing this unless you have permission to do so from the owners of those access points.
The method that I’ve used for years was to use a combination of tools that are included in BackTrack. These tools include airmon-ng, airodump-ng, aireplay-ng and of course aircrack-ng. Although this is an excellent way of doing this,  if you haven’t done it this way I would highly recommend learning how to do it this way however, this method will not be covered in this tutorial. however does have an excellent article on this method that I highly recommend reading at some point.

[

No CommentsTags: Security

How to install Backtrack with VirtualBox. - The Hackers Linux Distro

February 14, 2013 · By Paul Alkema · No Comments

This tutorial goes over the basics of running Backtrack 5 on VirtualBox. In this tutorial I’m using Backtrack 5 R3 and VirtualBox 4.2 on Windows.

[

No CommentsTags: Security

Dump or list all ColdFusion Variables in all scopes.

May 16, 2011 · By Paul Alkema · 116 Comments

Dump or list all ColdFusion Variables in all scopes.

On some occasions you may run into issues where you need a variable but your not sure what scope it’s in. Well I’ve found the code below extremely helpful for finding what scope the variable I’m looking for is in.

	<cfdump var="#getPageContext().getBuiltInScopes()#"/>

Basically the function, “getPageContext().getBuiltInScopes()” will list all variables in all scopes.

Enjoy! :)

116 CommentsTags: ColdFusion

Get Drive Letter With ColdFusion

May 03, 2011 · By Paul Alkema · 53 Comments

I ran into an issue recently where my production server's code used a different drive letter than my development environment. A small handful of applications relied on that drive letter and would break if the drive letter wasn't changed before deployment. In these specific scenarios, I couldn't call expandPath() or getTemplatePath() directly because the application wasn't in the root of the website.

My solution to this issue was to put the code below in my application.cfm / application.cfc file which sets an application variable called "driveLetter" to the applications current drive letter; then I call the application variable instead of the static drive letter that could change.

Get Drive letter

If you want to get the drive letter once, you could use do something like below.

	<cfset variables.driveLetter = listGetAt(expandPath('\'),1,'\')&'\' />

Get drive letter, then set application variable.

Below is the exact code I used in my application.cfm file to set the application variable initially, that way I don't have to run the script every time.

	<cfif !isDefined('application.driveLetter')>
		<cflock scope='application' timeout='5'>
			<cfset application.driveLetter = listGetAt(expandPath('\'),1,'\')&'\'/>

53 CommentsTags: ColdFusion

960 CSS Framework

November 30, 2010 · By Paul Alkema · 73 Comments

About 960

I was recently introduced to a css framework called 960. At first I was EXTREMELY skeptical, but after using it and actually looking at the code behind it, I have officially become a 960 fan.

First off, let me start by saying this css framework isn't going to solve all of your css issues but it will most definitively help. The way that 960 works is it puts everything into a grid. You have 3 options, the 12 column grid, the 16 column grid and the 24 column grid. I personally prefer the 16 column grid but it's really just a personal preference.

A down side to using 960 is that it restricts your design to this grid. This in my opinion makes things look really nice and organized but some designers might not like having this limitation. Another downside is that you really need to be disciplined to not add any margin or padding on the left or right of any of your div's as this breaks the grid.

The upside, is that it really helps things to be pixel perfect and consistent. I've had issues before with css where in one spot something might be 10px away then on a different page it's 11px away. Why? Usually something stupid; 960 will usually take cialis super active care of these types of issues. Also, it really helps css be more cross compatible.

How To Use It

In this example I'm going to explain how to create a basic header, body, footer template.

Lets start by importing the 960 grid onto our page. You should download the zip file located on 960's website and import the css into your file. You should also create a css file specific to your page, I'm going to use the file custom.css in this example.

 <link rel="stylesheet" href="css/reset.css" /> <link rel="stylesheet" href="css/960.css" /> <link rel="stylesheet" href="css/custom.css" /> 

In my custom css file I put classes used to define the height and background colors of each divs. Most of the time defined heights are not necessary as content that is normally inside of the div created my height however my example contains no content so this was necessary. When using 960 adding margin or padding, top and bottom are allowed along with adding defined height however margin and padding on the left or right side along with defined widths are not recommended as this breaks the 960 grid.

 /* sets background color to gray */ body { background-color:#CCC; color:#FFF; } /*set foreground color to white */ .container_16 { background-color:#FFF; } /* set heights and backgrounds for my containers. */ #header { height:120px; background-color:#000; } #nav { height:32px; background-color:#999; } #body { background-color:#FFF; min-height:400px; } #footer { background-color:#666; min-height:154px; } /* set heights and background colors for my children divs. */ #body div{ margin-top:10px; background-color:#333; height:380px; } #footer div { margin-top:10px; background-color:#CCC; height:134px; } 

The html for this is very basic; Just 4 divs with the container_16 class. This class is used only on containers where you want the full 16 column with.

 <div class="container_16" id="header"> Header </div> <div class="container_16" id="nav"> Nav </div> <div class="container_16" id="body"> Body </div> <div class="container_16" id="footer"> Footer </div> 

When we put divs inside our containers we need to use the grid_## class. This class should only be used inside of the container class and if the number proceeding the underscore is less than 16, than it should always be used in conjunction with other divs that equal 16. Also, one of the awesome things about 960 is that not only can you use divs to do some of these things but you can use li's, h1's, h2's and pretty much any other html tag.

 <div class="container_16" id="header"> <div class="grid_16"> Header </div> </div> <div class="container_16" id="nav"> <ul> <li class="grid_2"> Nav 1 </li> <li class="grid_2"> Nav 2 </li> <li class="grid_2"> Nav 3 </li> <li class="grid_2"> Nav 4 </li> <li class="grid_2"> Nav 5 </li> <li class="grid_2"> Nav 6 </li> <li class="grid_2"> Nav 7 </li> <li class="grid_2"> Nav 8 </li> </ul> </div> <div class="container_16" id="body"> <div class="grid_4"> Body Column 1 </div> <div class="grid_4"> Body Column 2 </div> <div class="grid_4"> Body Column 3 </div> <div class="grid_4"> Body Column 4 </div> </div> <div class="container_16" id="footer"> <div class="grid_4"> Footer Column 1 </div> <div class="grid_4"> Footer Column 2 </div> <div class="grid_4"> Footer Column 3 </div> <div class="grid_4"> Footer Column 4 </div> </div> 

There is more to it, but this is the basics so PLEASE, make sure you check it out. I really think it could make your life easier. 960's website


73 CommentsTags: CSS · Misc

Google Creates Car That Drives Itself

October 12, 2010 · By Paul Alkema · 27 Comments

Is Google actually working on a car that will drive itself? On Oct. 12th 2010 on the official Google blog they announced that they are working on a self driving car. A car that drives itself! Not only did they say that they’re working on this awesome car, but according to their blog, they already have a working prototype.

"So we have developed technology for cars that can drive themselves. Our automated cars, manned by trained operators, just drove from our Mountain View campus to our Santa Monica office and on to Hollywood Boulevard. They’ve driven down Lombard Street, crossed the Golden Gate bridge, navigated the Pacific Coast Highway, and even made it all the way around Lake Tahoe. All in all, our self-driving cars have logged over 140,000 miles. We think this is a first in robotics research." - Google

27 CommentsTags: Misc