State of the CF Union 2016 Survey results are in
Posted by
Brad Wood
Feb 24, 2016 09:50:00 UTC
Michael Smith has released the full results of this year's State of the CF Union survey over on the TeraTech blog. I enjoy seeing this data every year as a framework author since it helps us know what engines and types of OS to target with our products. This year, there's a full write up and a little commentary on each graph. Note the write up is spread across two blog entries:
http://www.teratech.com/blog/index.cfm/2016/2/19/State-of-the-CF-Union-Survey-2016--Results
http://www.teratech.com/blog/index.cfm/2016/2/19/State-of-the-CF-Union-Survey-2016--Results-Part-II
Notable bits of data were:
- CF9 is finally falling behind CF10 and CF11. This is good since we'll be dropping support for CF9 in ColdBox soon
- Lucee has left Railo usage in the dust, and a solid amount of people are already using Lucee 5
- Still a lot of people out there using no framework at all or FuseBox! Of course, I assume this isn't new dev, but rather the same old legacy apps that have been around for years
- A lot of people not using a DI framework. Kind of curious if they're not using CFCs at all.
- Really surprised how many people still use Notepad++ for dev.
- The "How many years have you used CFML" graph is very depressing. Very little new blood coming into CFML.
- Love how many people are using CommandBox. I'm so pleased to see it being useful for the CF world
- A decent chunk of Amazon EC2 users, but it's clear most CF shops aren't doing cloud deploys. Not sure if Adobe doesn't focus on cloud because their users don't care, or if it's the other way around.
- Surprised to see how many home-grown REST frameworks there are. I can't imagine a world in which you wouldn't waste more time doing that from scratch than to drop in something quick and easy like ColdBox 4's REST routing. There's so much out of the box to be gained.
- There's a decent chunk of CF devs in very large companies, but the majority are in small business's with 1-20 total employees. That's interesting since it's not where I would have pegged most CF devs to be.
- The comments are very interesting too. Lots of love for Lucee and lots of frustration for Adobe.
OK, well there's my thoughts. Head over and check out the data yourself.
Comments are currently closed
AJ Mercer
The low numbers entering CFML was concerning for me too.
I think if you looked into people's home grown ReST I think you will find it is just pretty URLs that return JSON
Todd
"The "How many years have you used CFML" graph is very depressing. Very little new blood coming into CFML."
I used that same graph to illustrate why CF is dying to my company. Very little new people coming in, tons of dinosaurs lurking about in the background. When you're an exciting language, you want the 0-3 years to be jam packed with crazy numbers.
Again, this poll is hardly accurate, but I have a feeling that the real numbers are even more depressing.
Aaron
Thanks for the post Brad.
I'll add to the FUD here - and directly contradict the "ColdFusion does not use OpenSSL"
ColdFusion 9 & 10 ship with OpenSSL binaries C:\ColdFusion10\cfusion\db\slserver54\bin\ssleay32.dll C:\ColdFusion10\cfusion\db\slserver54\bin\libeay32.dll
And thanks to Gerts Ralio post We know that C:\ColdFusion10\cfusion\lib\bcprov-jdk14-139.jar uses OpenSSL too
As Gert mentioned Tomcat can be built with OpenSSL support: https://wiki.apache.org/tomcat/Security/Heartbleed While it's unlikely the custom tomcat build that ships with CF uses it, it's still possible.
And for the CF9 people here is how to enable OpenSSL in JRun http://helpx.adobe.com/legacy/kb/ssl-jrun-web-server-connector.html To take away from the above FUD - The DDL's that ship with CF are older, unaffected versions. I don't know about the JAR, or where it's used, but that is probably safe
I hope the above is enough to prove that the tweets from the CF team and the advise from PSIRT are incorrect. Additionally there are configuration of JRun and tomcat that use OpenSSL.
In my mind I have always had major issues with how Adobe approches security for CF. There is such secrecy surrounding it that it makes my job as a CF Administrator incredibly difficult - There is never enough information released for me to be able to analysis if our production servers have been exploited. Microsoft takes the opposite approach, and their descriptions of the issue are very very clear.
Adobes handling of this issue is the final straw for me. When CF9 support ends (if it hasn't already) I'll be moving to Railo - I can simply no longer risk Adobes approach to security matters.
Dawesi
Ironic you say "Surprised to see how many home-grown REST frameworks there are. I can't imagine a world in which you wouldn't waste more time doing that from scratch than to drop in something quick and easy like ColdBox 4's REST routing. There's so much out of the box to be gained."
then you say use our home-grown REST framework... lol #toofunny
and I don't use ColdBoxes REST routing as it's not a good fit, tried it, massaged it, but wasn't a good fit, so came up with something with much less overhead than that or taffy.
The other reason people might roll their own is that they don't need a fully-fledged ResT implementation because they're just doing something super basic. No need for a nail gun to fix a picture frame ;-)
I think the survey targets the 'small' group of devs that read cf blogs and feeds. most read generic technology or programming blogs, and that's where cfml 'champions' need to also be posting their articles, not just on their blogs.
Brad Wood
@dawesi Thanks for the comments.
> then you say use our home-grown REST framework
I'm not sure where I said that unless you mean the part where I said people should use ColdBox. Let me be clear, ColdBox (nor FW/1 nor Taffy.io) are "home grown" frameworks. The major differences are:
> I don't use ColdBoxes REST routing as it's not a good fit
I'd be curious to hear what didn't work. ColdBox's routing is based on a community project by Adam Fortuna called from years ago called ColdCourse. We've improved it over the years to follow the same standards and patterns in other major frameworks such as Ruby On Rails and Grails. It's pretty industry standard.
> No need for a nail gun to fix a picture frame
Except the alternative is that you either hit it with a rock, or build a sawmill, cut down a tree, turn a handle on a lathe, and forge a hammer head out of iron and make a hammer first. :)
> I think the survey targets the 'small' group of devs that read cf blogs and feeds.
I would agree, it's very hard to get a good distribution on any survey let alone a CF one. I do think TeraTech has one of the largest CF mailing lists out there so they probably do as good of a job as anyone I can think of in the CF space.