ColdFusion 10: be prepared, Adobe is removing the downloads

G'day:
Amongst the (fairly muted) hubbub around ColdFusion 11 shipping today ("Announcing the launch of ColdFusion 11 and ColdFusion Builder 3"), Adobe slipped some bad news into the mix as well. In a few weeks they will be removing the ColdFusion 10 downloads from their site:

Availability of installers for CF10 and CFB 2.0.1
ColdFusion 10 installers and ColdFusion Builder 2.0.1 installers will only be available for download on adobe.com for a limited time – till the 14th of May, 2014. If you need these installers for later use, then please download them before the 14th of May, 2014.

Official word from Adobe PSIRT re Heartbleed and ColdFusion

G'day:
Adobe have completed their analysis of the Heartbleed issue in regards to their products, including ColdFusion, and have offered some guidance: "Heartbleed Update".

Bugs in iterator functions in both Railo and ColdFusion

G'day:
I decided to "do my bit" for the cfbackport project, and am looking at implementing the new collection iteration functions for older versions of ColdFusion. I'm aiming for CMFX6.0 onwards, but am having to guess at some of the language restrictions as I'm on my back-up laptop and only have CF10 & 11 to test with.

Closed:Deferred:EnhancementRequired:CantBeArsed:Adobe:ColdFusion

G'day:
Very disappointing action from Adobe today, regarding securing /CFIDE. Adobe have followed-up the ticket I discuss in "Encourage Adobe to relocate /CFIDE/scripts", 3732913:

And they've done this without any hint of an explanation - you know, having the professionalism (even the civility) to pop an explanatory comment in on the ticket.

So it all sounds like they just couldn't be arsed. I mean... "enhancement required"? Basically they're actually saying "we won't do this because it would require us doing some work". Heaven forbid.

Slack.

--
Adam

ColdFusion: Cracking good news regarding list member functions from Adobe

G'day:
See, it pays to moan and complain and to disagree with stuff:

Good work, CFML community. You did that.

And good work Adobe for listening to the community!

--
Adam

Survey results: Adobe's approach to client communications regarding security issues

G'day:
Well today's last minute push ("3") to get the survey over 50 results has worked. I've got 5679 (the number changed cos I started this on Fri, but finished it on Sun; the other responses came in during that period) now. So here're the results.

Just to remind you, the topic was:

This is just a quick survey to gauge how effective Adobe have been at communicating to their clients regarding security issues that have arisen in ColdFusion

Survey: Adobe's approach to client communications regarding security issues

G'day:
I haven't done a survey for a while! This is a follow-up to my earlier article "It is Adobe's fault, OK?", and just to capture the zeitgeist.

Update:

This survey is now closed. The results are here: "Survey results: Adobe's approach to client communications regarding security issues ".

So here it is: "Adobe Communications", and the description text is:

This is just a quick survey to gauge how effective Adobe have been at communicating to their clients regarding security issues that have arisen in ColdFusion

There's seven questions: all bar one can be answered via a mouseclick, and the last asks for a comment. There's other boxes for comments along the way too.

I will always remind people that I do not target a statistically meaningful demographic, nor do I gather enough results to be sensibly analysed, but it is nice to see other people's opinions on stuff sometimes.

So go fill it out if you like. I'll summarise the results when the response stream dries up.

Cheers.

--
Adam

ColdFusion 11: bug triage (and fixing?) seems to have stalled

G'day:
Ages back I wrote an article "212 untriaged ColdFusion 10 bugs", and indicated my horror at how many bugs in the current version of ColdFusion that Adobe had seen fit to simply ignore. I don't mean "not fix", I meant "just completely ignore; ie: not even acknowledge the bug had been raised".

I followed this up a coupla months later with "Bug watch: 212206 untriaged ColdFusion 10 bugs"; in that two months they had managed to triage a net of six tickets that had been raised.

Just a week later we were down to 165 untriaged bugs: "Good work Adobe ColdFusion Team!", and they had made good progress from there, getting it well below 100 untriaged bugs, and got it down to a low of 40 on Jan 22 this year. Again: good work!

It is Adobe's fault, OK?

G'day:
OK, so it's just reached the news media that a Citroën website was exploited via an unpatched ColdFusion security hole (The Guardian: "Citroen becomes the latest victim of Adobe ColdFusion hackers").

I might not be, but Gavin is...

G'day:
A few days back I got a bit shouty about not being a dead CF installer storage facility: "Things I am not...".

Gavin, who is a much nicer person than I am, has - instead of just complaining about stuff like I do - done something about it, as detailed here: "CFML Server - A Different type of ColdFusion Repo - ColdFusion Installs". Gavin has created an online repository (via copy.com), of old ColdFusion installer files. He's got a range of installs for various versions back to ColdFusion 5, as well as a mix of operating systems and bitness (what's the technical term to describe the concept like "32-bit" or "64-bit"?) of the OS architecture.

Slow news day & Adobe charging twice for CFML features

G'day:
You'll be pleased to know that Brendon McCullum got his 300 runs, becoming New Zealand's highest scorer for an innings, finally falling on 302. New Zealand declared on 680, which is their highest innings score in test cricket. We now have 56 overs to bowl India out to win the match. Which is seeming possibly on the cards as they are already 28/2: "McCullum, Neesham bat India out".

Increasingly the news media is relying on Twitter banality for its news content, and - whilst not a news organ - I don't see why I should be any different. So today's article is brought to you via a comment on Twitter.

I think I'll stop reporting ColdFusion 10 bugs & submit them as CF11 feature requests... since that's what's happening anyways :(
— James Moberg (@gamesover) February 18, 2014

James raises a very good point, and one I've been meaning to comment on for a coupla months now. Adobe are currently working through their bug backlog, and a lot of bugs are being fixed, with the comment of "this will be available in the next major release of ColdFusion" (ie: ColdFusion 11). That has a veneer of good news about it, but let's stop to think about this.

ColdFusion 9 and ColdFusion 10 are the current versions of ColdFusion. They are both still within their standard support phase (ColdFusion 9 until 31/12/2014, and 10 until 16/5/2017. Ref: "Adobe products and Enterprise Technical Support periods covered under the new Lifecycle Policy").

re: "Oi! You Bloody Wankers! [etc]"

G'day:
Thanks to Andrew Myers for spotting this one. It seems even Adobe (inadvertantly) agree with this sentiment:

Right there. On the home page of their own documentation site.

Brilliant.

Cheers for giving me a smile today, Andrew.

--
Adam

Another update regarding the cookie issue on Adobe websites

G'day:
Last week I posted this article: "Update regarding the cookie issue on Adobe websites". This related to the ongoing problem the Adobe websites have had recently wherein if one was logged into one (eg: the ColdFusion 10 docs site, the bug tracker or the Adobe ColdFusion forums), then when one hit another site one needed to log-in to, one found one's self in an endless redirection loop. And that update was just letting everyone know I was in touch with Adobe about it.

Well the good news is it's fixed.

The Adobe guys took this very seriously - perhaps too seriously as my email was CCed to the Adobe CIO at one point (she deescalated it again fairly quickly ;-) - and they seem to have got it sorted out.

So this is just a "cheers" to everyone @ Adobe who had a hand in this, and thanks for sorting it out so quickly once it got in front of you.

Righto.

--
Adam

Rakshith is mistaken about the release schedule for ColdFusion 11

G'day:

First things first:

To demonstrate a point, I am going to release this blog article with one title, post my usual Twitter status update, and ask someone to "retweet" it. Then I shall be changing the title subtly... and the title change will reflect the title I actually want the article to be seen as. This is to demonstrate that once someone says something on the internet, it stays said. The original title was unfairly harsh, and a slight overstatement (although not actually inaccurate). By design.

Today I wondered out loud on Twitter whether the ColdFusion 11 pre-release lifecycle seemed longer than usual. Brian Klass set me straight on that:

@dacCfml Previous cycles have been in the 10-12 month range. CF11 is following the same path.
— Brian Klaas (@brian_klaas) January 17, 2014

And, indeed, having done some homework, I am well off base with my instinct. I'll get to that. That's only tangential to what this article is about.

By the pricking of my thumbs, something ColdFusion 11 this way comes...

G'day (and apologies to WS):
This appeared in my Twitter in box over night:

@dacCfml @am2605 Unlocked it. It was locked coz it is currently being edited with the upcoming CF Public Beta Information.
— Frank Jennings (@fermatjen) January 16, 2014

Hopefully this means we might be graced with a public beta of ColdFusion 11 presently. Anyone else heard any rumours or noticed any action on this?

--
Adam

Update regarding the cookie issue on Adobe websites

G'day:
If you're a regular on more than one of the Adobe main website, Adobe ColdFusion forums, ColdFusion bug tracker and/or a contributor to the Adobe ColdFusion 10 documentation site, you'll be aware there's an issue with how Adobe handles cookies between their sites, and how it f***s everything up when you try to login to one site having already got a cookie from another one of their sites.

Suggested trivial changes to the Adobe ColdFusion bug tracker

G'day:
This is more just a list of stuff for Rakshith's attention than anything relevatory. There's a few small tweaks to the bug tracker which would be useful.

ColdFusion: Participate in your community

G'day:
One of the things a lot of the ColdFusion community members could do to improve things is... lift their game when it comes to being part of the community!

There's been a coupla examples over the last few days of this sort of thing:

Bug 3678476

Title
Few Image functions are not shown in the Coldfusion image functions list

Description
http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSc3ff6d0ea77859461172e0811cbec12207-7ffd.html#WSc3ff6d0ea77859461172e0811cbec12207-7ffa

This URL should contain the below image function:
ImageGetIPTCMetaData
ImageGetEXIFMetaData

Rupesh commenting against bug 3678093:

cfloop does have a charset attribute which is used for reading the file. however this is missing from the documentation. This needs to be documented.

(my emphasis)

From Twitter:

Come on adobe. Your #coldfusion documentation sucks. The code examples for cfcontinue on both cf9 and 10 don't even use it!
— Steven Neiland (@sneiland) January 6, 2014

(and even once I fixed this one, conversation continued as to how (not) good my fix actually was!)

But in all three examples the person writing is correct.

And all three examples are now fixed. Why? Because I just went in and bloody fixed them.

ColdFusion: contempt of court

G'day:
Be forewarned. If you're the sort of person who reacts poorly to me being a meany, then can I just refer to this this right now: "Why weI fight" (and this blog's communication policy), and perhaps you oughtn't bother reading this. I do call into question someone in our community's professional capabilities here. And some of you might not like that. [shrug].

I am reproducing this here, as some of it has already been redacted by Adobe. I understand why they have done this: fair enough.

Here's an exchange in the comments (OK, not the best place for me to have posted some of this, I know) against bug 3648781: "Closures cannot be declared outside of cfscript".


Rupesh Kumar (RK):

11:02:55 PM GMT+00:00 Jan 1, 2014

It is not about half implementation at all. Outside cfscript, functions are declared using cffunction tag. Now how do you define the closures in tag syntax? The only way to do that would be using an ugly mix of script and tag which would look like

<cfset c = function(){
    var a = something;
    var b = foo();
    return a * b;
}>

To me, this syntax looks confusing. Given that more and more new code is being written in cfscript, I feel we should not mix script and tags in this way. Deferring it for the time being and we will revisit this later.

Adam Cameron (AC):

3:01:16 AM GMT+00:00 Jan 2, 2014

It's just an expression like any other sort of expression, Rupesh.

You can't say "oh, this sort of expression is OK in a CFSET statement, but this other sort of expression? No, can't do one of those". That's ridiculous.

By way of comparison, this already works fine in Railo. But then again they're not quite so judgemental/patronising as to what will / won't look "too complicated" for CFML developers.

I think if it looks complicated *to you*, you probably should not be making decisions as to what does and does not go into the language.

--
Adam

Bouquet for Adobe: Frank Jennings is a star

G'day:
Myself along with a coupla others gave the poor quality of the ColdFusion docs a bit of a battering on Twitter last night:

Now that the @coldfusion documentation is a wiki, we can go in and add egg to @Adobe's face where appropriate: https://t.co/ARQzcQ8g0M
— Adam Tuttle (@AdamTuttle) December 19, 2013

.@fermatjen, can you pls kick someone in Bangalore up the arse and get them to finish their docs? https://t.co/uuhkI3taYz cc @ColdFusion
— Adam Cameron (@dacCfml) December 19, 2013

@dacCfml Don't you love it how they say it's a wiki but the public cannot edit it? Seen so many inconsistent examples I've wanted to fix.
— Indy (@Indy_Griffiths) December 19, 2013

And it continues...