Coder's Revolution

Do you want a revolution?

Category Filtering: 'Technology'

Who's Had More Vulns- PHP, Java, or ColdFusion?

ColdFusion, General, Security, Technology

I get tired of people on complaining about ColdFusion as a technology choice because it's "so insecure".   I regularly am told that it has more holes, more vulnerabilities, and a worse track record than other platforms. That's why I compiled this quick chart showing the number of Common Vulnerabilities and Exposures (CVE) by year for CF as well as PHP and Java (as reported by cvedetails.com) which are two of the most-used languages on the web.  I also threw in Apache Tomcat for comparison since it completes in the web space and CF10 actually runs on a version of it.

 

Click to enlarge

So to break this down, the red line riding out on top with a huge spike in 2007, that's PHP.  The purple line coming out of the backfield for a solid lead (?) at the end is Java.  The yellow line is Tomcat who still manages 10-15 vulns a year (and the only one to go LOWER than CF.  And that green line on the bottom with the lowest number of vulns every year, and nothing even reported until 2006- that would be CF.

So, sure-- there's a lot more info than just the counts on the chart.  My point also isn't that PHP or Java are bad-- I'm just trying to make the point that oft-used technologies are targeted by crackers and nobody is perfect.  And according to this data, CF is doing way better than several of the main techs out there.  It should also be noted that CF, Java, and PHP were all created the same year-- 1995, so don't give me any of this "old" crap either.  (Tomcat was created in 1999)

References:

 

10

My "One Tough Puzzle" JavaScript Brute Force Solution

General, JavaScript, Technology
So, I've been sitting on this for months (because I'm lazy) and decided it's finally time to post it. My mother-in-law visited a while back and brought a puzzle for the kids to play with. It's called "One Tough Puzzle". It claims to have "more the 300,000 wrong ways, but only one right way to assemble it." Well, after fiddling with it for a while, I did what any code-blooded hacker would do and wrote some JavaScript to brute force solve it.
1

Call to Arms: We All Need to Evangelize

ColdBox, General, Technology
Prior to this week, there were Wikipedia entries for MockBox, CacheBox and WireBox, but they've all been deleted by Wikipedia. There still is an entry for the ColdBox Platform-- for now. It's also been marked for deletion. So has the FuseBox page. The main reason for the deletion notices is that those articles don't have enough notable third-party references to support them. Wikipedia moderators say those topics just don't have enough articles, news, and books written about them OUTSIDE of their own community, or for that matter; the ColdFusion community.
1

ColdBox 3.0 Has Gone Gold!

ColdBox, ColdFusion, General, Technology
I am very excited to announce that ColdBox 3.0 has been officially released. After 6 milestone releases and 2 release candidates it is finally complete. I am especially proud to see this since a number of fixes, and code submissions of my own have worked their way into the ColdBox framework, Sample Apps, and Builder Extensions over the past 2 years. A brief list of new features in ColdBox 3.0 includes:
0

ColdFusion's Heartbeat

ColdFusion, General, Technology
I jogged down the stairs, one arm over my head, as I pulled my coat on a sleeve at a time. Fishing the car keys out of my pocket with one hand, I leaned over my computer to tap in my E-mail password with the other. "Wow, 41 unread messages in the CF-Talk folder," I thought. "There must be a hot new topic on the list today." With a click I watched the new thread flow in. "Why i fear ColdFusion is on its last legs" "Oh Geez," I sighed, "Please not with this again!" There wasn't time to read all that right then. I'd have to catch up on this one later in the day when my absorption rate was higher.
11

Two Tips For Making Sure Your Mail Gets Sent

General, Networking, Security, Server Administration, Technology
A lot of you have web servers that double as mail servers to relay out mail from your ColdFusion applications. Even if you have a separate server that handles your mail relay, this post should still be helpful. The more and more that spam proliferates on the Internet, the more antsy ISPs get about blocking mail. There are a litany of reasons an ISP might reject mail from your server. GoDaddy has been one of the most annoying companies to deal with. There are two things I had to fix on my mail server before they would accept mail from my server. Reverse DNS and Helo host name.
4

Google Wave Invites

General, Google Wave, Technology
I had 16 Google Wave Invites show up in my Wave inbox today. If you've been wanting to try out Google Wave, the bidding starts at $5.00. OK, just kidding-- shoot me a message and I'll invite you if I have any left. :) 11/30 UPDATE: I'm all out of invites now, but I was able to hit everyone that asked so far. Remember it often takes several days to get the E-mail from Google. Enjoy!
17

A Look Into ColdFusion's Future (Again) Sully? Link? Storm?

Centuar, ColdFusion, General, Technology
Well, now that ColdFusion 9 is officially out the door (it's still hard to believe), have you thought about what you want to ask Santa for CF10? We're going to double digits, baby-- so it'd better be good! Yeah, I know-- who do I think I am? Honestly, I still feel like a kid after Christmas with enough new toys to keep me busy for a while. Even so, I can't help but wonder what's in store. Once again, I have found clues in Adobe's own words via the latest version of the ColdFusion Evangelism Kit.
12

So, I Wrote My First "Hello World" Android App...

AIR, Android, Flex, Java, Technology
My friend John dreams 3 or 4 get-rich schemes every week. Most of them involve technology, and he generally tries to talk me into helping him with them. He can never be dissuaded from the belief that each of his brainstorms are nothing short of an entrepreneurial pot of gold. These revelations, of course, come despite the fact that he has virtually no programming experience and even less start-up capital. Most of his recent ideas have all been centered around the new Google Android phones and the ability to write apps for them. After listening to him babble about Android app development for several weeks straight, I decided to download the Android SDK and play around with it.
4

Adam Lehman On The Future Of CF: Do You Want A Revolution?

ColdFusion, General, Technology
My busy schedule has kept me away from the blogoshpere the past couple months. I had heard of Adobe's layoffs but I was kind of depressed for a bit last night when I read that they had affected Jason Delmore, former Product Manager of CF. What a blow to the community that was-- and I just had the pleasure of meeting Jason at Adobe Max this year. I'm feeling better now though. As I continued reading, I went on to see that Adam Lehman, who followed in Ben F's footsteps as ColdFusion Evangelist, has stepped up into the role of CF Product Manger. I absolutely loved what he said on his blog. What hit home to me was when he likened the advance of CF to a Revolution.
4