Showing posts with label Community Members. Show all posts
Showing posts with label Community Members. Show all posts

Tuesday 17 June 2014

I'm not Ben Nadel (or Ray Camden)

Just a quick note. Ben Nadel has a feature on his blog to "Ask Ben" via which the community can contact him directly for help. I think Ray might also have this on his blog too.

However I'm neither of those people, and I won't help people if they come directly to me via email with their coding problems.

Thursday 10 April 2014

Oh, hohoho. You got me, CFHour

In slightly cliched fashion, I shall continue the overuse of this (mis)quote:
The reports of [CFHour's] death are greatly exaggerated.
It seems it was all a joke (not CFHour, I mean the announcement of their discontinuation), as they released another installment just now. I've not listened to it yet.

Yeah, so ignore this: "CF(Hour) is dead :-(".



Thursday 3 April 2014

Sunday 30 March 2014

Open Letter to site admins I might be contacting in the near future about the security of your ColdFusion site

If you are reading this article, it's probably down to one of two reasons:
  1. you're one of my regular blog readers, in which case this will have just found its way in front of you just like anything else I write;
  2. you are a person I have successfully contacted who - hopefully - the administrator of a ColdFusion-driven website that I have noticed as having some security issues.
The article is targeted at the second group of people. If I have contacted you directly, it is vitally important you read this, and follow-up on it.

Thursday 20 March 2014

An insight into the mind of a CFML developer

I was going to respond to this on the blog I found it (the Adobe ColdFusion one), but I'll do it here instead so I'm not polluting their blog with my anguish / irritation. Be warned: this is a fairly mean-spirited article, and singles out an individual.

Monday 3 February 2014

CFML: All shouty and bitey... and it's not even me doing it!

Scott and Dave (albeit: mostly Scott) from CFHour have a nice tirade in response to my recent article "CFML: where Railo is better than ColdFusion" this week: "Show #207 - Ryno, Rocks, Railo Rants, and Scott (Box)".

It's worth listening to (having first fast forwarded to about the 6m30s mark where the actual content starts; and the shouty bit about 5min after that) in conjunction with what I said in my article.

I'll not comment further as I believe their work stands on its own merit.


Wednesday 29 January 2014

State of the CF(ML?) Union survey 2014

Just a quicky... I was astounded to see that the CFUnited blog is still "a thing", but it is. And they're currently running a survey entitled "State of the CF Union".

I think the survey is misnamed for where the CFML community is at these days, but - having filled it out - it's clear it's not a ColdFusion-specific thing, it's actually targeted at the CFML community as a whole.

So whether you use ColdFusion or Railo or OpenBD... go and fill it in! And spread the word about it. I know how hard it is to get CFMLers to fill in a survey, so the CFUnited bods could probably use all the help they can get.



Friday 24 January 2014

Promoting Andy's Blog: "Version Control"

Make sure you read this blog post from Andy Allan: "Version Control". Especially if you don't use source control. If you know anyone who doesn't use source control: send it to them.



Tuesday 7 January 2014

ColdFusion: Participate in your community

One of the things a lot of the ColdFusion community members could do to improve things is... lift their game when it comes to being part of the community!

There's been a coupla examples over the last few days of this sort of thing:

Bug 3678476
Few Image functions are not shown in the Coldfusion image functions list


This URL should contain the below image function:

Rupesh commenting against bug 3678093:

cfloop does have a charset attribute which is used for reading the file. however this is missing from the documentation. This needs to be documented.

(my emphasis)

From Twitter:

(and even once I fixed this one, conversation continued as to how (not) good my fix actually was!)

But in all three examples the person writing is correct.

And all three examples are now fixed. Why? Because I just went in and bloody fixed them.

Tuesday 10 December 2013

Things I don't know much about: SEO and WordPress

A reader has sent me an email asking for help, but I don't know much about the topics they're asking about. So perhaps you lot can offer some insight...

Friday 15 November 2013

Simon Baynes

Just very quickly. My mate / colleague Simon finished at today, and moved on to a new position. It's not for me to share the details, but it sounds like a really good gig, and Simon's a good fit for it.

Simon was the Technical Architect at, and was responsible for hiring me. I did not report to him directly, but we worked reasonably closely on various projects over the last almost four years.

Thursday 10 October 2013

ColdFusion: Why weI fight

G'day, and apologies to Frank Capra for trivialising his work.

An alternative title for this article could be "Readers: can't live with 'em... can't kill 'em". But I liked the Capra allusion which popped into my head initially, even if it does self-aggrandise what I do here "somewhat".

Can I please remind you lot of something. At the top right of the page you are reading, second paragraph, it says this:
I tend to be a bit "forthright": I think CF is a good product, but I won't blindly defend it in all circumstances, and I have been quite critical of ColdFusion and Adobe at times. This will come out occasionally here: I make no apology for it.
It says that on every page of the blog. And I put it there on every page for a reason.

First: a digression. The back story of this blog - and the gist of the title - is this.

I have been in the ColdFusion community since about 2001 (working with CF since 2000, but was unaware of the community at the time). I have enjoyed reading the various blogs that have come and gone, but they all and one common thread: they were always - or at least almost always - never in the slightest bit critical or questioning of what Macromedia / Adobe were doing with ColdFusion. The general approach of the CF community seemed to be blind adulation, matter-of-fact stick to examples of how the code worked, or stony silence when something was a bit rubbish. No-one ever seemed to go "Oi, WTF is going on with this?"

I had been thinking about starting a blog for a number of years, but for a while I was suffering from imposter syndrome, and thought I'd probably only have enough material for about half a dozen posts, and then run out of steam. Plus it would simply not be of any benefit to the community. Plus I have the attention span of a goldfish, and lose interest in stuff fairly quickly.

But whenever it was - a year or so ago - I decided, screw it... I'm fed-up with where Adobe is taking this community (or more to the point: I'm fed up with that the community seems to be sleeping through this happening), and I perhaps do have an interesting alternative spin on what's going on in the CFML world, so I'll write it down. My position has always been to question what's going on, rather than just sit idly by watching it but not saying anything because I'm too darn polite (like an awful lot of people seem to be). The raison d'ĂȘtre for this blog is kinda "well someone's gotta say something". gets a code editor

I'm just wading through the overnight Tw@tter Chatter, and noticed this from Russ:

Tuesday 23 July 2013

ColdFusion: I've come to a conclusion

This is something that I've been mulling over / worrying about / contemplating for a coupla months now. I find myself poised over the keyboard frequently about to write this increasingly often. And Rob Glover is to thank for making the comment on Twitter that made me think "actually, yeah..."

This is my conclusion. I now believe Adobe is doing more harm to ColdFusion and CFML in general than they are good. And I think it's time - for the benefit of CFML as a language - for them to pull out. There's a few reasons for this.

Firstly, whilst they are "mothership", the language is just not going to go anywhere. As far as I can tell, no-one involved in the Adobe ColdFusion Team actually uses CFML as a matter of course, and I think the entire business unit is completely detached from the community. Worse, what they are doing on a day-to-day basis is Java. Whilst Java is a great language, it's not even remotely the same in intent as CFML is, and - worse - Java is a behemothemic (I made that word up) old juggernaut which works in a completely different way than the spritely languages that compete in the space CFML is struggling to be relevant in. Adobe don't (seem to ~) know how CFML is used, what the target market is, and what they should do with it to keep it relevant.

Secondly... $$$. I guess this makes sense. Adobe are not in the business of making a great language, they're in the business of making money for their shareholders. To do this, they need revenue, and to have revenue, they need to sell licences. Because they're in the software selling business. Unfortunately the people they market CF / CFML to are the people who pay for the licences, and all they need to do is to generate enough smoke, and angle the mirrors in the right way, and the licence-purchasing decision makers will re-up their licences. Especially if - and I think this is where the bulk of Adobe's ColdFusion revenue comes from - the person signing the cheques (dear god, I actually typed in "checks" then, initally) is doing so on behalf of some US government agency, and there's very little oversight on the sort of money they're paying; and what's more important to them is continuity, not innovation.

Thirdly. And this is how I came to this conclusion, remember, so this is the third reason that influenced me to think the way I do: Railo. I've been using Railo since it came on the scene, but only in the capacity of reading the mailing list and testing stuff out. I have never had any of my apps running in production on Railo. This is not slight on Railo, it's just that I have always worked for ColdFusion shops; licences already purchased. But over that time I've seen Railo arrive as the third possibly-viable CFML solution (after ColdFusion and BlueDragon... the New Atlanta one, not the Alan Williamson one, which came along around about the same time as Railo?), and then surpass BD (closed or open) becoming the second player in the CFML market, to now pretty much being the leader in the CFML community. I don't mean in revenue, or in "stature", but in importance. Basically I've gone from not giving a shit what Railo might have to say about CFML, to not giving a shit what Adobe might have to say about it (I never gave a shit about BD, for varying reasons). This is partly because Adobe hardly ever say or do anything sensible / useful about CFML other than when there's a release cycle on, and more recently because what Railo is saying about CFML and the CFML community just makes sense. Whereas everything out of the Adobe stable these days is going more and more heavily on the marketing smoke and mirrors, and is almost entirely without substance.

Fourthly I've been looking at other languages recently. I'm a slack-arse when it comes to forwarding my career prospects: I'm good at CFML and that finds me work. Well has done so far. I'm lucky in that regard (although I will never become a rich person with my work ethic, I at least have a place to hang-out and write code every day ;-). So I've pretty much focused on CFML and enough JS to get by over the last decade. However now that I'm looking, what I do see out there is every other relevant language just does stuff better than CFML does these days. It's a complete frickin' myth that CFML is still this quickest-to-market / rapid-development language. It might be so in the context of "my simple website", like what CFML used to excel at ten years ago, but in the context of doing more than "making it easy to generate HTML", even my superficial knowledge of competing languages reveals that CFML is basically irrelevant in that space now. Now I'm not saying some stuff on a line-of-code-by-line-of-code basis is simply easier to do in CFML, but I really think ColdFusion is lacking the bigger picture here. Plus it just moves too damned slowly to keep up. THat and when they do decide to do new stuff, it's crap like <cflclient> (ColdFusion 11's apparent marquee feature) which seems to be a wizard for writing JavaScript for mobile apps. In CFML. What? Are you lunatics, Adobe?

Update: <cfclient>? Wah?
Someone asked what I'm on about with this mention of <cfclient>. It was mentioned on a slide in a presentation I saw at cf.Objective() of new features coming to ColdFusion 11. There was also discussion of the CF -> Mobile functionality in the same presentation, and again at Scotch on the Rocks. I do not claim any specific knowledge about the functionality other than what's in the public domain via those sources.

The shining light here for CFML though, is Railo. They listen to their developers / their community. They do Railo (and accordingly CFML ~) consultancy, so they know what people on the ground are actually doing, and they enhance then language in ways that will benefit professional CFML developers. They seem to look at what other languages are doing, and consider those features for Railo / Railo's CFML. They keep the language alive and moving. They seem to give a shit about CFML (the Adobe ColdFusion Team seem to be interested in CFML because it pays their salary, and not really beyond that. Well that's my impression).

So here's what I think. Adobe? Give up on ColdFusion and CFML. You're not helping.

And Railo? Screw what Adobe might have done / might be doing with CFML. Take the language as your own (that sounds more melodramatic than I intend it to, but you get the idea).

What do you think?


Saturday 20 July 2013

Reaction to / plug for recent 2DDU podcast

This isn't some attempt at a controversial reaction to something someone else in the community has said, it's just that the 2DDU podcast blog is a bit exclusive in that it requires a Facebook login to comment. And I do not have a Facebook account.

Thursday 18 July 2013


I'm a bit late with this as it happened a week or so ago, but I just noticed I've been prattling away on this blog for a year now.

Apropos of nothing, here's some mostly useless information about this blog.

I said in one of my earlier articles that I've learned more about ColdFusion since I started this blog than I had in the preceding few years. This continues to be the case, and I've learned a bunch of good stuff about Application.cfc, ColdFusion regexes, JSON (grumble), REST, interfaces (in general, as well as ColdFusion's inplementation of them), and various other odds 'n' sods. Even some web sockets stuff, whilst troubleshooting that security issue from a coupla weeks back. I've also used Railo a lot more, and had a look at Coldbox. Beyond ColdFusion I've also started dabbling with PHP and Ruby. It's been cool! I hope some of it was useful to you, or at least slightly interesting. Or killed some time whilst you tried to decipher what I was wittering on about.

To close, I'd like to say special thanks to a few people whose participation in this blog has been helpful, interesting or thought-provoking. In no particular order, and it's certainly not an exhaustive list:
  • Chris Kobrzak
  • Sean Corfield
  • Andrew Myers
  • Bruce Kirkpatrick
  • Brad Wood
  • Andrew Scott
  • Adam Tuttle
  • Ray Camden
  • Gavin Pickin
  • Jay Cunnington
  • Simon Baynes
  • Duncan Cumming
  • Brian Sadler
There's been a bunch of great input / correction / sanity-checking / bullshit-detection done by a heap of other people too.  Cheers to everyone who's participated here.

And now on to year 2...


Monday 8 July 2013

Quick note: CFLib now accepting ColdFusion-10-specific UDFs

This should possibly have happened a while back, but I suspect no-one's mentioned it until recently, so nothing was done about it.

When one submits a UDF to CFLib, one needs to specify which ColdFusion version it is for. It was possibly a bit of an oversight that until now "ColdFusion 10" was not on the selection list. It is now, and CFLib has had it's first submission (and approval) of a ColdFusion-10-specific UDF, from James Moberg: isImageCMYK().

There's a bunch of interesting stuff ColdFusion 10 can do with function-expressions, callbacks and closures, so perhaps you have a treasure trove of ColdFusion 10 stuff sitting on your hard drive that the community could benefit from? If so, please consider submitting it to CFLib. Cheers.

I'll have a poke around and see if I do. Although I've not done anything "production ready" on ColdFusion 10 yet.


Thursday 4 July 2013

Repro case for "contains" pseudo-reserved-word interfering with Mockbox

This is mostly for Brad Wood, but it might be of passable interest to others, so I'll plonk it here.

Yesterday's article discussed how contains is kind of a reserved word, but kind of not in ColdFusion (it's just not in Railo). I observed to Brad that this actually bites us on the bum with Mockbox, and he asked for more info, so here it is.

Basically we use a caching system which has a method "contains" which checks to see if there's an item with a given key already in the cache, before trying to fetch it. We've actually since revised this approach, but we have some legacy code still using methods called "contains". So we need to unit test them, and indeed their responses play a part in other methods we test. When testing these other methods which use the caching system, we mock-out the cache, and the methods within it, and we use Mockbox to do this. Mockbox is cool, btw. You should be using it if yer not already.

We're still using Mockbox 1.3 (more about why further down), and it is impossible to directly mock a method called contains using Mockbox. We've worked around this, but it took a bloody long time to work out what the hell was going on, and that there was working-around to do.

Sunday 30 June 2013

Web socket security issue: risk assessment & findings

Yesterday I engaged in some unrepentant shock tactics, writing an article entitled "Security warning: stop using ColdFusion web sockets right now". This warning arose from my initial investigations into an apparent significant security hole in web sockets, as reported by Henry Ho on Stack Overflow. I have checked into things more thoroughly, and here's the details of my findings.

Firstly, I have considered how responsible I am being by publishing this material. But I have concluded my readership is far less than Stack Overflow's, so the vulnerability is already public. Plus I think it would be helpful for people to know what they're up against. Plus - unabashedly - I hope the "publicity" will encourage Adobe to deal with this ASAP.

Threat summary

OK, so what's the story? Basically ColdFusion 10's web sockets have a couple of significant security failings, and some other unhelpful quirky behaviour as well.