Coder's Revolution

Kansas City Designer/Developer Workflow Conference: Success!

Sun, 20 Jun 2010 23:02:00 -0500

Today wrapped up the two-day Designer/Developer Workflow Conference here in Kansas City. A big thanks to Dee Sadler for putting it all together and to the awesome speakers. It was very interesting to attend sessions that were not just about programming, but about the workflow we all deal with when it comes to working with our designers and prototyping applications. I also really liked the re-occurrence of topics centered around mobile development. I even found out about a local group call the Mobile Media Club that was founded by one of our speakers, Vince Vaughan. (No, not THAT Vince Vaughn) I was able to meeting some cool people I had heard of before but never seen in person (like John Farrar and Andy Matthews) and some brand new faces I didn't even know existed (like Seb Lee-Delisle, Chris Griffith, and Vince Vaughan) I'm hoping Kansas City will see some more quality training like this in the near future and will draw even more people.

JVM Args Don't Like Line Breaks

Sat, 30 Jan 2010 23:44:00 -0500

A brief hiatus today from from the PCI Compliance series to issue a quick public service announcement. I was installing my free copy of SeeFusion today that I netted in the recent give-away WebApper had. Since the target machine was CF7 on a OpenSuse Linux with the JVM upgraded to 1.4.2_11, it was a "manual" install. Pretty easy-- copy a few jar files and edit a few configs. The problem was, SeeFusion wasn't able to connect to my debugging port to capture stack traces and I couldn't figure out why. [More]

PCI DSS Compliance Part 2 - Weak SSL And Ciphers

Fri, 29 Jan 2010 23:44:28 -0500

The next stop on our PCI DSS Compliance tour is disabling weak SSL versions and encryption ciphers. If your site is handling credit card payments, it is undoubtedly using HTTPS for at least the pages that collect payment information. I thought I had already taken care of this item, but I was apparently mistaken. Fortunately, this is pretty easy to fix and if you're on Windows I've even cooked up a quick and easy registry file for you to use. [More]

PCI DSS Compliance Part 1 - Predictable Session ID Vulnerability

Thu, 28 Jan 2010 22:24:00 -0500

As a web developer you have your share of demons you have to face. If your company processes credit cards, chances are your yearly PCI DSS compliance scan is one of those demons. I thought I would do a short series on a few security items I tightened down as a result of our last PCI scan. This is by no means a comprehensive list of everything needed to pass a PCI scan. If you want to know that and have time to read a 74 page PDF you can get a copy of the Spec at www.pcisecuritystandards.org. [More]

ColdFusion's Heartbeat

Sat, 23 Jan 2010 00:50:00 -0500

I jogged down the stairs, one arm over my head, as I pulled my coat on a sleeve at a time. Fishing the car keys out of my pocket with one hand, I leaned over my computer to tap in my E-mail password with the other. "Wow, 41 unread messages in the CF-Talk folder," I thought. "There must be a hot new topic on the list today." With a click I watched the new thread flow in. "Why i fear ColdFusion is on its last legs" "Oh Geez," I sighed, "Please not with this again!" There wasn't time to read all that right then. I'd have to catch up on this one later in the day when my absorption rate was higher. [More]

Two Tips For Making Sure Your Mail Gets Sent

Mon, 07 Dec 2009 22:31:00 -0500

A lot of you have web servers that double as mail servers to relay out mail from your ColdFusion applications. Even if you have a separate server that handles your mail relay, this post should still be helpful. The more and more that spam proliferates on the Internet, the more antsy ISPs get about blocking mail. There are a litany of reasons an ISP might reject mail from your server. GoDaddy has been one of the most annoying companies to deal with. There are two things I had to fix on my mail server before they would accept mail from my server. Reverse DNS and Helo host name. [More]

BlogCFC Code Formatting Not Thread Safe (With Example)

Thu, 03 Dec 2009 16:58:00 -0500

I found an interesting little bug in the BlogCFC implementation of ColdFISH today. ColdFISH is a ColdFusion code formatting component that is instantiated once and cached as a singleton in the application scope in BlogCFC. The problem is, ColdFISH looks like it wasn't intended to be used as a singleton. It makes use of the variables scope to store the Java StringBuffer class it uses to gather up your formatted code as well as a number of other variables used to parse the code it is formatting. This means when two or more people hit a BlogCFC entry with larger code samples, race conditions exists. [More]

Google Wave Invites

Mon, 30 Nov 2009 00:15:00 -0500

I had 16 Google Wave Invites show up in my Wave inbox today. If you've been wanting to try out Google Wave, the bidding starts at $5.00. OK, just kidding-- shoot me a message and I'll invite you if I have any left. :) 11/30 UPDATE: I'm all out of invites now, but I was able to hit everyone that asked so far. Remember it often takes several days to get the E-mail from Google. Enjoy!

Give Your Opinion, Get SeeFusion For Free

Sun, 29 Nov 2009 15:43:00 -0500

Our friends at Webapper are giving away free copies of SeeFusion (an awesome ColdFusion server monitoring tool) to the first ~~100~~ 200 people to take their survey on ColdFusion consulting. Go check out here: http://www.webapper.com/blog/index.php/2009/11/25/coldfusion-survey/ UPDATE: Webapper is now going to give away SeeFusion to the first 200 people to take their survey. Can't beat that!

Google AdSense Servers Tripling My Traffic?

Sun, 08 Nov 2009 23:15:00 -0500

I threw some AdSense ads on my site the other day. I don't think I'll be getting rich any time soon though. I'm up to 58 cents so I figure I'll be seeing a check from Google in about 8 years. :) Anyway, while troubleshooting an error in my blogCFC I noticed I kept getting each error E-mail three times. Looking at the User Agent showed that "Mediapartners-Google" was hitting every URL I hit twice. Incidentally, I have two Google ads on every page of my site. [More]

When GoDaddy Becomes NoDaddy

Sun, 08 Nov 2009 01:52:00 -0500

Some time ago GoDaddy manged to get the IP address of my VPS in their little black book and began refusing to receive any mail which originated from it. Unfortunately for me, I use GoDaddy for my E-mail hosting and that meant I stopped getting all E-mails that were sent from my server. A couple weeks ago I got around to calling them to see just what was going on. I would rather mud-wrestle a large sea-sick crocodile before repeating this tedious conversation with their bumbling excuse for tech support. Here are the details of my correspondence with them. [More]

MS SQL Server Table Variable And Nested Select Gotcha (Bug?)

Tue, 27 Oct 2009 22:54:00 -0500

My coworker found this interesting little SQL Server behavior today that was quite startling at first glance. It's like punching 2 + 2 into your calculator and having the result come back as 5. After pin-pointing the cause for the behavior, it ALMOST makes sense... except for the fact that it doesn't make sense at all. It involves a randomized sub-select and table variables. [More]

A Look Into ColdFusion's Future (Again) Sully? Link? Storm?

Sat, 24 Oct 2009 01:24:00 -0500

Well, now that ColdFusion 9 is officially out the door (it's still hard to believe), have you thought about what you want to ask Santa for CF10? We're going to double digits, baby-- so it'd better be good! Yeah, I know-- who do I think I am? Honestly, I still feel like a kid after Christmas with enough new toys to keep me busy for a while. Even so, I can't help but wonder what's in store. Once again, I have found clues in Adobe's own words via the latest version of the ColdFusion Evangelism Kit. [More]

Sequoia Voting System Witch Hunt, err... Study Project

Wed, 21 Oct 2009 01:15:00 -0500

Matt Woodward pointed out this Slash Dot article today about the accidental release of code from the Sequoia Voting Systems and a web site dedicated to studying that code. Apparently the Election Defense Alliance obtained a copy of the election data for Riverside County, California. It came in the form of a Microsoft SQL Server backup that was SUPPOSED to have all the code such as stored procs and triggers redacted. I wandered over to the "Sequoia Voting System Study Project" and scored me a copy of the data. [More]

Taming The Header Output Of CFHTMLHead and CFAjaxProxy

Tue, 20 Oct 2009 22:14:00 -0500

Tags like CFHTMLHead, CFAjaxProxy, and CFAjaxImport don't output their content into the regular ColdFusion output buffer. Instead they put their contents into a special header buffer which is dumped into the beginning of the output right before the request is sent back to the client. But what if you want control over where their output goes? CFSaveContent doesn't work on these bad boys. And even worse, <cfcontent reset="yes"> doesn't get rid of their output. The other day I got bit when trying to return the HTML of a rendered view via a proxy in ColdBox as a JSON string. The JavaScript output of the CFAjaxProxy tag was being appended to the beginning of the response and causing the result to not be valid JSON. [More]