In case you missed the ColdBox Connection webinar today and are dying to know all about LogBox, the enterprise logging library that can be used stand-alone or inside a ColdBox application, I have good news! Here is a link to the recording, my slide deck and most importantly ALL the sample code I used including the Pirate Log Formatter and the QR Code log appender.
ColdBox has an online meetup every other week called the ColdBox Connection. Just a note that the next one is this Thursday at noon Central time. I will be talking about LogBox-- the Logging framework that is built into ColdBox and also can be used as a stand-alone logging utility in a legacy app. See you there!
I am very excited to announce that ColdBox 3.0 has been officially released. After 6 milestone releases and 2 release candidates it is finally complete. I am especially proud to see this since a number of fixes, and code submissions of my own have worked their way into the ColdBox framework, Sample Apps, and Builder Extensions over the past 2 years. A brief list of new features in ColdBox 3.0 includes:
In a recent pissing match between ColdFusion and PHP, Jared Rypka-Hauer was demonstrating the performance of a function that generated prime numbers. The discussion really wasn't about the BEST prime generator as much as it was about how much ColdFusion can kick PHP's puny butt all over town. Never the less, I piped up in the comments to ask Jared to compare a prime number generator that I wrote a while back based on the Sieve of Eratosthene. After Jared asked some good questions about how my code worked I figured it was time I stopped high-jacking the comments of the PHP pooper train. I decided to spin off a new post to highlight some significant performance gains I was able to produce.
When catching an error in a CFC, I've always assumed that the exception object was a locally scoped variable, specific to that method call. Some interesting errors we received from the depths of our ColdBox framework made me start to question that. I concocted a test last night which appears to prove that your exceptions are not thread safe in a CFC stored in a persistent scope. (In CF8, at least)
It was very interesting to attend sessions that were not just about programming, but about the workflow we all deal with when it comes to working with our designers and prototyping applications. I also really liked the re-occurrence of topics centered around mobile development. I even found out about a local group call the Mobile Media Club that was founded by one of our speakers, Vince Vaughan. (No, not THAT Vince Vaughn)
I was able to meeting some cool people I had heard of before but never seen in person (like John Farrar and Andy Matthews) and some brand new faces I didn't even know existed (like Seb Lee-Delisle, Chris Griffith, and Vince Vaughan)
I'm hoping Kansas City will see some more quality training like this in the near future and will draw even more people.
A brief hiatus today from from the PCI Compliance series to issue a quick public service announcement. I was installing my free copy of SeeFusion today that I netted in the recent give-away WebApper had. Since the target machine was CF7 on a OpenSuse Linux with the JVM upgraded to 1.4.2_11, it was a "manual" install. Pretty easy-- copy a few jar files and edit a few configs. The problem was, SeeFusion wasn't able to connect to my debugging port to capture stack traces and I couldn't figure out why.
The next stop on our PCI DSS Compliance tour is disabling weak SSL versions and encryption ciphers. If your site is handling credit card payments, it is undoubtedly using HTTPS for at least the pages that collect payment information. I thought I had already taken care of this item, but I was apparently mistaken. Fortunately, this is pretty easy to fix and if you're on Windows I've even cooked up a quick and easy registry file for you to use.
As a web developer you have your share of demons you have to face. If your company processes credit cards, chances are your yearly PCI DSS compliance scan is one of those demons. I thought I would do a short series on a few security items I tightened down as a result of our last PCI scan. This is by no means a comprehensive list of everything needed to pass a PCI scan. If you want to know that and have time to read a 74 page PDF you can get a copy of the Spec at www.pcisecuritystandards.org.