We now bring in another part of of the security model: CAPTCHA
Let’s start with a defintion from Stackoverflow:
A CAPTCHA or Captcha is a type of challenge-response test used in computing as an attempt to ensure that the response is not generated by a computer. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.
I’m migrating from cf11 project to CF18 with the help of this resource (https://forums.adobe.com/message/10661306#10661306). I have kept a copy of cf11 neo*.xml files and uninstalled cf11. Proceeding further and installing cf118 and done kept the neo*.xml files in the cfuion/lib folder, I have done the configurations of IIS and CFAdmin properly. But after all the setup I’m facing Java.null.pointer exception. I have checked the java and jvm section of cfadmin where the JVM Argumentslooks like this (
I have found some UNNAMED values there. Is there some issue with the same?
There is a hibernate.hbm.xml file in my project config file, which is getting generated and if I remove that file then some abstract issue is thrown.
I have mentioned below the error which I’m getting. I have tried multiple ways to overcome it but cannot do it. Please help me with this. I’m new to coldfusion.
**************ERROR***************
“Error”,”ajp-nio-8018-exec-3″,”11/22/18″,”17:33:22″,dev_ASFKHN,”” The specific sequence of files included or processed is: C:****default.cfm” “ java.lang.NullPointerException at com.sun.xml.bind.v2.runtime.unmarshaller.StAXConnector$1.getPublicId(StAXConnector.java:101) at org.apache.xerces.util.SAXLocatorWrapper.getPublicId(Unknown Source) at org.apache.xerces.xni.parser.XMLParseException.<init>(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.processOneAttribute(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source) at org.apache.xerces.jaxp.validation.ValidatorHandlerImpl.startElement(Unknown Source) at com.sun.xml.bind.v2.runtime.unmarshaller.ValidatingUnmarshaller.startElement(ValidatingUnmarshaller.java:101) at com.sun.xml.bind.v2.runtime.unmarshaller.InterningXmlVisitor.startElement(InterningXmlVisitor.java:75) at com.sun.xml.bind.v2.runtime.unmarshaller.StAXEventConnector.handleStartElement(StAXEventConnector.java:261) at com.sun.xml.bind.v2.runtime.unmarshaller.StAXEventConnector.bridge(StAXEventConnector.java:130) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:460) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:435) at org.hibernate.boot.jaxb.internal.AbstractBinder.jaxb(AbstractBinder.java:171) at org.hibernate.boot.jaxb.internal.MappingBinder.doBind(MappingBinder.java:61) at org.hibernate.boot.jaxb.internal.AbstractBinder.doBind(AbstractBinder.java:102) at org.hibernate.boot.jaxb.internal.AbstractBinder.bind(AbstractBinder.java:84) at org.hibernate.boot.jaxb.internal.JaxpSourceXmlSource.doBind(JaxpSourceXmlSource.java:29) at org.hibernate.boot.MetadataSources.addDocument(MetadataSources.java:409) at org.hibernate.cfg.Configuration.addDocument(Configuration.java:462) at coldfusion.orm.hibernate.HibernateConfiguration.buildConfiguration(HibernateConfiguration.java:625) at coldfusion.orm.hibernate.HibernateConfiguration.initHibernateConfiguration(HibernateConfiguration.java:207) at coldfusion.orm.hibernate.HibernateConfiguration.<init>(HibernateConfiguration.java:180) at coldfusion.orm.hibernate.ConfigurationManager.initConfiguration(ConfigurationManager.java:68) at coldfusion.orm.hibernate.HibernateProvider.initializeORMForApplication(HibernateProvider.java:158) at coldfusion.orm.hibernate.HibernateProvider.beforeApplicationStart(HibernateProvider.java:72) at coldfusion.filter.ApplicationFilter.fireBeforeAppStartEvent(ApplicationFilter.java:750) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:362) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:162) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:30) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:96) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:226) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:426) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:844) “Error”,”ajp-nio-8018-exec-5″,”11/22/18″,”17:33:28″,dev_ASFKHN,”” The specific sequence of files included or processed is: C:*****default.cfm” “ java.lang.NullPointerException at com.sun.xml.bind.v2.runtime.unmarshaller.StAXConnector$1.getPublicId(StAXConnector.java:101) at org.apache.xerces.util.SAXLocatorWrapper.getPublicId(Unknown Source) at org.apache.xerces.xni.parser.XMLParseException.<init>(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.processOneAttribute(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source) at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source) at org.apache.xerces.jaxp.validation.ValidatorHandlerImpl.startElement(Unknown Source) at com.sun.xml.bind.v2.runtime.unmarshaller.ValidatingUnmarshaller.startElement(ValidatingUnmarshaller.java:101) at com.sun.xml.bind.v2.runtime.unmarshaller.InterningXmlVisitor.startElement(InterningXmlVisitor.java:75) at com.sun.xml.bind.v2.runtime.unmarshaller.StAXEventConnector.handleStartElement(StAXEventConnector.java:261) at com.sun.xml.bind.v2.runtime.unmarshaller.StAXEventConnector.bridge(StAXEventConnector.java:130) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:460) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:435) at org.hibernate.boot.jaxb.internal.AbstractBinder.jaxb(AbstractBinder.java:171) at org.hibernate.boot.jaxb.internal.MappingBinder.doBind(MappingBinder.java:61) at org.hibernate.boot.jaxb.internal.AbstractBinder.doBind(AbstractBinder.java:102) at org.hibernate.boot.jaxb.internal.AbstractBinder.bind(AbstractBinder.java:84) at org.hibernate.boot.jaxb.internal.JaxpSourceXmlSource.doBind(JaxpSourceXmlSource.java:29) at org.hibernate.boot.MetadataSources.addDocument(MetadataSources.java:409) at org.hibernate.cfg.Configuration.addDocument(Configuration.java:462) at coldfusion.orm.hibernate.HibernateConfiguration.buildConfiguration(HibernateConfiguration.java:625) at coldfusion.orm.hibernate.HibernateConfiguration.initHibernateConfiguration(HibernateConfiguration.java:207) at coldfusion.orm.hibernate.HibernateConfiguration.<init>(HibernateConfiguration.java:180) at coldfusion.orm.hibernate.ConfigurationManager.initConfiguration(ConfigurationManager.java:68) at coldfusion.orm.hibernate.HibernateProvider.initializeORMForApplication(HibernateProvider.java:158) at coldfusion.orm.hibernate.HibernateProvider.beforeApplicationStart(HibernateProvider.java:72) at coldfusion.filter.ApplicationFilter.fireBeforeAppStartEvent(ApplicationFilter.java:750) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:362) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:162) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:30) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:96) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:226) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:426) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:844)
And I intend to keep going as long as I’m able. I find it to be insightful, motivating, and totally worth the investment. That being said, I live in Vegas, so many of these years I didn’t have to hassle with transportation or lodging, making it an even greater value. But seriously… if you’ve ever been on the fence, go. It’s a great time and Adobe does a great job. Tell your employer to foot the bill as a professional development cost and team building exercise. It’s worth the investment.
Many of the sessions at CF Summit can be advanced. Adobe tries to vary the content enough to keep it relevant and modern. I have attended sessions where I’ve looked around the room and seen glassy eyes all over the place as the presentation goes way beyond what you can reasonably cover in an hour. And I mean no offence to the presenters themselves. They are experts in their fields and they bring knowledge and experience in the subject matters being discussed that are invaluable. The issue I’ve recognized is that even though a session sounds interesting, and may be something I want to learn more about, the capacity of the audience to absorb may not be enough to keep up with the presentation. Also, many times I feel that the presentations assume that you have advanced knowledge and experience in ColdFusion already.
In my previous article My First Time I talked about how my learning of ColdFusion was based on necessity. I had a specific goal that I needed to accomplish and I turned to ColdFusion as the solution. It makes me wonder how many other people out there are simply trying to solve basic problems and feel like they need a masters in computer science to be able to do so. ColdFusion solves so many of these problems. Interacting with various web technologies; PDF integration, FTP, making HTTP calls, interacting with email, creating and consuming APIs… the list goes on and on. Anyone getting started without knowledge beyond basic HTML or CSS could easily get mired in the overwhelming possibilities of solutions that exist.
As such, I feel that what the conference needs is a ColdFusion 101 for beginners and people who aren’t as versed in ColdFusion or other web based technologies. This should probably be a pre-conference workshop. An all day session that starts with the basics of explaining how ColdFusion works on the server level; how it parses CFML into Java class files to act as page handlers. How it runs on top of Tomcat. How <cfoutput> parses the commands within it. These are all things that at one point or another none of us knew. How many first time developers are out there who know how to build web pages, but don’t know how to do the rapid application development we all love?
The goal of this session should be to get people started in ColdFusion at the ground level. To introduce new developers to the language. To grow the developer base by making ColdFusion a developers first language; not necessarily a language they learn later on. There are many ways to grow the community of ColdFusion developers. One way is to take a developer who knows ECMA script based languages and teach them ColdFusion. But another is to plant new seeds… to take potential developers and start them off using ColdFusion. The conference needs to address this critical market. I think the investment in trying to reach new developers would be worth it for the community at large.
Many of you are looking for a central location to find the full list of ColdFusion Updaters. We try to keep these updated for the core supported versions with links to the latest released updaters. These are a good place to look for the full list of updaters available on each version along with a download link to the .jar file.
Many of you are looking for a central location to find the full list of ColdFusion Updaters. We try to keep these updated for the core supported versions with links to the latest released updaters. These are a good place to look for the full list of updaters available on each version along with a download link to the .jar file.
I am new to this and in need of assistance with the ColdFusion API Manager. If I add a User (such as Publisher), I cannot use the login credentials to log back into the API Manager. I receive a “User not Authorized” error. When I adjust any profile settings, I receive a “Form Error.” Anyone with experience on this? Articles are tutorials? Thanks in advance
Picking up from where we left off on updating the docs with CFFiddle links, we have now extended the links to the following tag and function categories:
The next step is to insert CFFiddle links for the other tag categories, wherever possible.
As always, please use CFFiddle to test the samples. If there are sample(s) that you want to be modified/corrected, share the link in this thread or send me a mail, saghosh@adobe.com.
Please send us your feedback and suggest ways for a more fruitful collaboration.
With the 2018 release of ColdFusion, we have introduced the support for Server Auto-Lockdown.
Before going into the details, let’s understand what is Server Auto-Lockdown.
What is Server Auto-Lockdown?
Server Auto-Lockdown is based on the Lockdown Guide prepared by Pete Freitag for helping server administrators to secure ColdFusion Installations.
The installer guides the users to change some permissions in their system to secure their ColdFusion installation. A few settings that need to be changed are:
Set some OS level file system permissions
Change registry permissions
Configure Webserver
Change a few ColdFusion Administrator settings
Why Server Auto-Lockdown?
With the number of intrusions seen every-day across organizations, small and big, to startups to federal agencies and even nuclear installations, it’s obvious why a secure infrastructure is of paramount importance to any organization.
The lockdown guide was prepared to prevent hacks related to the entire server/system being taken hostage by hackers.
While the lockdown guide did its job as expected, the lockdown guide is manual and time-consuming. The entire process,
Involves more than 50 steps
Takes 4-5 hours for one successful lockdown of a server
Is error prone since each step must be performed with utmost precision
Has no fallback. If anything goes wrong anywhere, its advised to start over to not leave behind traces of any vulnerability
Involves identical steps for multiple setups. If there are multiple ColdFusion servers present in the organization, all the 50 steps will need to be performed on them separately which again will include all the pitfalls mentioned above
This motivated us to develop Server Auto-Lockdown. The Server Auto-Lockdown:
Performs all 50 steps automatically
Provides settings summary
Rollbacks to original configuration if the installer fails
Installs silently
Is available for all platforms
Takes 4-5 minutes compared to manually performing the steps
Provides an uninstaller to revert all your settings to its initial state
Provides logs to show each change made to the system during the installation
How Server Auto-Lockdown works?
We have prepared a separate installer for lockdown. It takes in a set of inputs required for us to lock down your ColdFusion server.
The installer needs to be run as Administrator after ColdFusion has been installed successfully.
The inputs to the installer are used to change/edit the permissions/configurations as mentioned in the Lockdown guide.
Server Auto-Lockdown installers are currently available for Windows IIS, Windows Apache and Linux Apache systems. We will be releasing the same for Mac and Solaris in a couple of months.
Installation Steps
The installation steps are written in our documentation for Server Auto-Lockdown at:
Review each step carefully before proceeding with the installation. This will prevent any wrong input being given which will render your ColdFusion installation unusable.
How to check if installation successful?
There are a few things you can do to check to see if auto-lockdown of your server was successful
Check the installer logs. The logs must not display any errors.
Check the custom logs that are created in the same folder where the installer log was created. The bottom of the log must display either:
Successfully locked down ColdFusion
Successfully locked down Apache server
Check the file system permissions for the websites/ColdFusion instance/Magic folders for connectors. They must change to the user-defined permissions as input during the ColdFusion installation
Check services/processes running using the user given as input during ColdFusion installation step
Check the value for /cf_scripts/scripts has changed in VDIR for IIS/Apache, and ColdFusion Administrator
My installation has Rolled back
If you see any of the lines shown below, your uninstallation was unsuccessful due to some issues. The log to check is the custom log created by the installer.
Rolling back any changes made during lockdown!
Rolling back the changes because of Lockdown failure
A non-fatal exception at the bottom of the custom log we created
In this case, you need to identify the step where lockdown happened. The step can be seen in the log, and will be just above the lines mentioned. You need to fix whatever is mentioned and try lockdown again. If the issue persists, you can contact ColdFusion support for any help regarding this
I want to uninstall Server Auto-Lockdown
We also provide an uninstaller for the Server Auto-Lockdown installer.
It reverts all the changes made during the lockdown process to the initial state your system was in. Launch the uninstaller by double clicking the uninstaller and giving in a few details as required. These details are required as we do not store any passwords during the installation.
The uninstaller can be found at: [CF Home]\lockdown\[Instance locked down]\Uninstall
I want to install lockdown in multiple servers (Silent installers)
We also provide silent installers for lockdown. The properties required are shared in the documentation of Auto-Lockdown present here
The installers can be automated to install in any system with minimal changes required to the properties file.
Download the latest Server Auto-Lockdown installers from here
With the modernization of Adobe ColdFusion, we are witnessing some major improvements in many fields. Security is just one of many. Auto Lockdown features, Containerization and many more are visible as well. Let’s dive in and see what make CF modern and reliable.
Security
Security concerns are an important part of any programming language. No platform is 100% secure. But there are many tools and best practices out there to help you be as secure as you can be. Keeping a tight grip on security measures is pivotal to keeping CF alive. Nobody wants to use a very insecure development platform.
Auto Lockdown
With the release of ColdFusion 2018 came a new wave of security improvements. The new auto lockdown feature is one of them. This is a great new feature for those with security concerns. The days of having to manually lock down your server are in the past. With the new auto lockdown feature, you can implement lockdown of your production server with one simple click. Full lockdown procedures will be systemically applied making sure all security measures are fail-safe and within compliance. After the lockdown, all systems are continuously monitored for breaches and potential security threats.
Official Lockdown Guides
For those who prefer to lockdown their CF server manually there are the still the official ColdFusion Lockdown guides. A lot of CF developers don’t even know they exist. Or do but don’t use them in detail. They were written with the help of CF Security Guru Pete Freitag. The lockdown guides are free PDF downloads that show step by step procedures on locking down your server for tight security. Complete with screenshots. They cover everything including Apache and IIS. If everybody were to follow the guide, most ColdFusion hacks would not happen in the first place.
Adobe also released a new Security Code Analyzer. This is another top-of-the-line security update from Adobe. Every CF expert knows the weight that a great security system can carry. This tool pushes levels of security to a new level. It automatically scans and searches your application code for any existing security vulnerabilities and any potential security breaches. It determines the exact vulnerable code, type of vulnerability, and severity level. After all of that, the analyzer presents you with the option of removing and repairing the problem via recommended means. This may be the security tool that we have all been waiting on.
Maintain Consistent Server Architecture
This may seem like a no-brainer, but you would be surprised how many do not follow this simple best practice. You should maintain consistency throughout the development, testing, and live phases of your project. If you don’t have consistent development, testing, and production environments, you will constantly be fighting an uphill battle. A systemized workflow decreases your cost of time and money. It also increases your security and application performance.
Unused old code and even whole directories of “deadwood” not only create maintenance confusion, but they are also a security risk. Often older code is less securely written. Or might be a test version that comments out login checks. In my experience hackers often penetrate a CF server via deadwood code. The solution? Take the time to clean it up. And even better use a modern development workflow with Git that does not even copy test code to your production server.
You can increase CF server security even more by using CF security expert Pete Freitag’s tools
Reliability
What does it mean to have a reliable CF server? Reliability refers to the server’s ability to perform consistently according to specifications. Reliability is extremely important for ColdFusion. It can be accomplished in many ways. • Defensive coding, checking parameters against allowed ranges or values helps bugs from spreading between modules. • Using good CF error handling stops errors from totally destroying your user’s experience. • Over-engineering servers with more RAM, CPU than the minimum you need. • If you host with an ISP then use a dedicated or cloud hosting option rather than shared. • Clustering several servers using a load balancer, so if one goes down due to a crash or applying updates the other servers in the cluster keep your app live. You can cluster both CF server and database servers. • Hot backup of code and data • Regularly applying updates and hotfixes • Testing new code and updates on a staging server before deploying to production • Separating different apps or even parts of the same app between different instances of CF (on ColdFusion Enterprise) or on different servers increases reliability. If one app or part of an app crashes it doesn’t affect the others. • Containerizing your CF apps using Docker in the Cloud with auto scaling and auto failover adds to reliability. A reliable server can make sure that your CF application runs the way it is supposed to. 24/7. By maintaining reliable CF servers, CF can be more alive by building trust amongst users and fellow ColdFusion developers. “We’ve got some massive applications that are being built, that are driving business and really critical business for heavy hitting companies, right. And I think that’s where I’m proud to be a part of this whole initiative and I think that ColdFusion is certainly not dead and it’s growing for us. And it is a technology that I think people need to try it before they go ahead and put it down.” — Elishia Dvorak, Technical Marketing Manager at Adobe
Scalability means your CF app and server infrastructure can easily handle the extra load. Scalability is extremely important for mission-critical CF projects. You want your CF apps to be able to handle any amount of traffic that they come across without slowdowns or even worse server crashes. Scalable applications keep ColdFusion alive by providing you and and your clients with reliable performance. Without scalability, your CF app would be useless under peak load. Many of the reliability tips above help with scaling. Writing code and designing your database for scaling is also key. As is CF and JVM configuration. All CF servers need tuning to scale well. To find out if your CF app and servers scale before they get hit with real load, I recommend that you load test them with simulated traffic. There are many load testing software tools that you can use. From the free Apache JMeter to thousands of dollars for Micro Focus (formerly HP and Mercury) LoadRunner. You also want to simulate a realistic amount of test data. SQL statements that run fast with a hundred test rows of data may run slow as a snail when millions of rows are there. This also include coding a data archiving policy to move old data into backups. With traditional dedicated CF servers you also need to do capacity planning. Figuring out ahead of time how many servers you need for different load levels. So that you can buy and set them up weeks before they are needed. Fortunately, there is a another free tool that you can use to make your servers auto-scaling. Docker.
Containerize
So what is Docker? It runs your applications in virtual containers. It modernizes your legacy development and deployment processes. It makes your apps more reliable and scalable. Because when there is extra load, a new server instance can be automatically spun up in seconds. And if a server in your Docker cluster crashes, it too can respun up in seconds. Docker has been around since 2010, but it has grown in the CF world in the last few years thanks to CF server images for it and the CommandBox tool for installing them in containers in seconds. (More details on CommandBox in the next chapter) Containerization can do great things for you and your CF team: • Speed up the App Building Process for New Developers • Integrate Modern Methodologies and Automate Development Pipelines • Infinitely Scale your Apps in the Cloud • Provide an Integrated Security Framework Building modern apps is a crucial process for the future. They allow your apps to be run across a complex-hybrid cloud environment. This allows for better DevOps, and builds CI/CD (Continuous Integration/Continuous Deployment) apps more easily. Along with these benefits, you can take advantage of new innovations such as architecting your app using microservices.
Docker vs Vagrant
Some CFers use Vagrant for virtualized machines. But, there are huge advantages of Docker over Vagrant. If you are managing multiple VM’s, then maybe Vagrant is for you. But for most CFers, making the switch to Docker is the logical choice. Docker Containers can manage your apps much more efficiently and save resources while doing so.
Why use CF in the Cloud?
Docker makes it easy to run CF in the Cloud. So why is using a CF in the cloud great? • Lets you get your applications up and running with minimal upfront cost of new dedicated servers. • Allows for great immediate scalability of your application. • Improves operational efficiency, productivity, and agility These can all be accomplished through using Docker with any cloud provider such as
While Ortus CommandBox has provided unofficial CF images for Docker for several years, the official Adobe Docker image for CF 2018 just came out. However, Adobe fell short on cloud pricing because it still uses perpetual pricing on most cloud providers (ie you pay by the server). So if you need ten extra CF containers for 3 hours during the SuperBowl ad that your company displays, you need to pay for ten extra ACF licences — rather than the more common cloud pricing model of paying by the hour of use. This gives the free open-source Lucee a tremendous advantage for auto scaling. The only form of cloud pricing available for ColdFusion currently is via AWS (Amazon Web Services) Marketplace. This is pricing in which you pay by the hour. Adobe could help keep CF more alive by teaming up with Docker and providing cloud pricing on all cloud providers. Deployment One big issue CF developers have is choosing their form of deployment. The most popular option is for In-House hosting. But the trend is to outsource hosting to an ISP or the Cloud. Here are the options:
To put this in a metaphor, shared hosting is like a hostel dormitory. You share a room with all the other people. If someone gets drunk and throws up on the bunk bed, you have a problem. A managed server is like an apartment complex where there are other apartments but they are walled off from each other. A dedicated machine is like having a detached house — you have to furnish it and fix the faucet when it leaks. Still some work, but you don’t have to worry about your bed being vomited on. Cloud hosting is like having a virtual dedicated house — one that you can instantly clone for more space when a horde of out of town guests arrive.
Flexible Container Cloud Hosting
As mentioned earlier, the number one solution for software deployment is containerization using Docker. There are several orchestration layer tools that you can use to make it even more powerful: • Kubernetes • Heroku • Dokku A Docker orchestration layers lets you configure your application load between containers. If it reaches a certain threshold, then orchestration can automatically deploy another CF server with your app code “pre-installed” in the image. There is automatic load balancing between all containers running your app. This gives an unheard of level of flexibility.
Modern Testing Environment
Using a modern testing environment is critical to keeping CF alive. The lack of a mature testing environment can lead to absolute chaos during the run-up to deploying new code. Minimize the amount of resources you will spend going back to revise broken code. This also prevents established bugs from spreading by detecting them early. There are many quality improvements that are made through using modern testing such as: • Code Coverage • Automated Testing • Code Review • Bug Modeling and Prevention Use portable testing environments — such as CF Builder– as well. The benefit to using portable environments is making the reuse of the development environment configuration much easier. A typical set up includes: • A staging server where you test (ideally using Docker to mirror your production setup) • A Continuous Integration tool such as Jenkins that automatically pushes new changes for testing • Automated testing using TestBox • Automatic reporting of any bugs and preventing buggy branches being merged into production code Poor Testing and Deployment Poor testing and deployment can trip up and injure a project on the last lap of the race.
Lucee is popular among the CF community due to its ease of use and it being free. According to the 2018 State of the CF Union, 40% of CFers use Lucee 5. That is an astounding number. Improving Lucee would definitely keep CF alive.
“We’re also a member of the Lucee Association, so I’m really proud to be involved with that and to help open source software stay alive and, perhaps, one day, that side of CFML will be what keeps CFML alive. That’s what I hope. I hope Adobe ColdFusion never does drop it and that it remains strong and all of those things, but for us, we’re really proud to be a part of that and to contribute to that to make sure it doesn’t die.” — Dominic Watson, Technical Director at Pixl8 Interactive
Lucee contains everything you need as a developer to get started with ColdFusion and do much of what Adobe ColdFusion does. It runs most ACF code without change. Lucee uses the same tag-based language as ColdFusion as well as a full set of script based features, therefore making programming easy. Using Lucee, promotes using CFML thus, promoting the use of Adobe ColdFusion as well. Because it is free, Lucee tends to be where new CFML users tend to start. So supporting Lucee is a great way to help keep ColdFusion alive. “More support of Lucee. I think there’s a very strong argument to be made that the most exciting things that are coming out of the CFML world are happening with Lucee. The pace of developments, the implementing of best practices, and from the broader software world. More of this is happening with Lucee. Of course, Lucee is more friendly to cloud environments just because of the fact that it’s an open source software product.” — Patrick Quinn, CoFounder, CEO and CTO of Webapper
Free version of Adobe ColdFusion? Some new users to CFML may be driven away by the cost of the platform (currently $2499 for Standard and $9499 for Enterprise edition). And perhaps they don’t feel that they would use all the features in CF 2018. Of course, the developer edition is free and you can host your CF apps at ISPs for low monthly fees. One thing Adobe could do to keep up with Lucee and eliminate these problems is to promote their own free version. Call it CF Lite. This would have the basic necessities to use CFML. This could encourage beginner developers to use CF. After outgrowing CF Lite, users could be more motivated to swap over to the Standard or Enterprise editions. It could also be given away as part of Adobe’s current education outreach program. Graduating developers would already be comfortable with the basics of CFML. This would make the transition into full Adobe ColdFusion that much easier. And this could help to combat Adobe’s losses to Lucee.
More Open Source CF Modules
More open source CF projects help other CFers develop apps faster. When you can plug in an existing tested module rather than coding it yourself, you save time and bugs. One of the best places to find open-source CF code is ForgeBox. ForgeBox has hundreds of modules for CF already and is growing. If Adobe were to show support to ForgeBox, CFlib and other CF code repositories, which would encourage more CFers to create new packages to share. That would help make CF more alive.
Join the CF Alive revolution
Discover how we can all make CF more alive, modern and secure this year. Join other ColdFusion developers and managers in the CF Alive Inner Circle today.
Get early access to the CF Alive book and videos
Be part of a new movement for improving CF’s perception in the world.
Contribute to the CF Alive revolution
Connect with other CF developers and managers
There is no cost to membership.
Originally published at teratech.com on November 29, 2018.
We have been at this for a couple of months, so it is really exciting to finally have a functioning application to show. Everything up until now has been changes to database, changes to beans, changes to resources, changes to `application.cfc`.
But there has been no UI to speak of; that was deliberate. There is a wall between front end and back end development. This has some consequences. We are not going to be asking ColdFusion to generate HTML. It is just going to be delivering data. The HTML has to be generated via Javascript on the frontend. There are a lot of mature technologies that do that. The application is going to be using VueJS.
Back in the day, I was all in on the Commodore Amiga. In the late 80’s / early 90’s it was a beast of a machine. Imagine a 14 megahertz processor that could power full screen 600 x 400 animation at a full thirty frames a second, and without breaking the budget. I had two machines… an Amiga 500 and an Amiga 2000 that had a Video Toaster in it. (Seriously… click that link and watch the demo. It looks tacky and campy by today’s standards, but in 1992, that was the pinnacle.) The Amiga was amazing, and I was a zealot. Windows? Sucked. Macs? Too expensive. The Amiga was the way to go. Powerful. Inexpensive… clearly the best choice to get anything done quickly, efficiently, and professionally.
I may have been under 20 years old and a little opinionated on the way I saw the world. But I digress.
The Amiga had a problem. And it was its owners; Commodore. Their lack of marketing and understanding of how good of a product they had on their hands, along with supply line constraints caused the ecosystem to wither, and eventually, die. I held out and used my A2000 right up to the point Windows 95 came out. Then, the Windows operating system had (more or less) caught up to the point where sticking with the Amiga wasn’t feasible. And then I switched.
That was a humbling decision. The platform that I coveted and preached the benefits of was unsustainable and I had to let it go. I honestly believed that it was the superior technology; but it wasn’t meant to be.
When I first started with ColdFusion, it seemed like there was nothing it couldn’t do; and indeed, I relied on it for a lot of things. Many things I no longer would dream about having ColdFusion handle. I was heavy on Flash Forms back in the MX 6.1 and MX 7 days. I wouldn’t even consider something like that now. I don’t typically use <cfform> either, except when I encounter it in legacy code. There’s just different ways to handle those sort of interactions.
I’ve seen developers who tend to stagnate. My current contract position was started in 2000, and has been ever-evolving legacy code from developers who have not had the time, or taken the opportunity to expand the types, styles, and methods they use to build web pages. Each page is a silo. There’s no methodology. Queries are inline. It works… but it’s a very old way of programming. The lead developer still uses Dreamweaver CS 3 as their editor because… well, it supports the style of programming they learned in 2000 and never evolved from.
Today, I’m much less of a zealot. People have asked me, “are you a PC guy, or a Mac guy?” I respond, “I’m a computer guy.” The bottom line is that these devices we use are tools, and choosing one over another is largely a matter of preference. That being said, I personally prefer Macs but I don’t begrudge anyone their choices for the technology they prefer. Like Android over iOS? Great! It’s an excellent platform. Prefer Node over Vue? Awesome! Both have their advantages. Use the tools that work best for you.
The same goes for application and web development. ColdFusion is (and will likely continue to be) the most important tool in my toolbox. It just does so !@#$% much, so well, and so effortlessly. But at the same time, I try to advocate for whatever tools get the job done, as I stated before, quickly, efficiently, and professionally. Currently my toolbox tends to be heavy on ColdFusion, jQuery, Bootstrap, Node, and Angular. They’re the tools I need to get my task done… and they do a damn good job.
Until one of them becomes unsustainable, and I need to move on once again. Technology is organic; and I’ve learned over the years to grow with it. Failing to do so will earn me the fate of my beloved Amiga.
Imagine this… there’s three big banks in the world. That’s it. A huge, for-profit, commercial bank that controls most of the money in the world, a second, scrappy for-profit bank that’s trying to compete with that first bank, and a third non-profit bank that has a tremendous amount of support and love from the community, but doesn’t have the pockets of the for-profit banks. Now imagine that scrappy bank goes under. Competition suffers. More pressure is put on the non-profit. The largest bank gains more power over the world’s currencies. Choice goes away. The giant bank can charge whatever they want because really… what are your other options?
A similar scenario is happening online. This week, Microsoft announced that it was going to shutter EdgeHTML in favour of Chromium in future upgrades and versions of Windows 10. This is not good for the Internet at large. As much as I rely on Google, I no longer trust them to stay true to their “do no evil” mantra of the early 2000’s. With Chromium being the lions share of the browser engines available, that choice, freedom, and motivation to innovate goes away a little more.
Remember this madness?
(In my best old man voice) Of course you don’t you little millennial bast’id with your social media, and your always online, and your stupid hairdos… get off my lawn! Let me give you a little history lesson. Back in the day, there were basically two browsers: Netscape and Internet Explorer. When Microsoft really pushed IE hard in the faces of computer users everywhere, they pleased the developer community by making cool new features that flew in the face of W3C standards. This caused a lot of websites to build two versions; an IE version that was cooler and more cutting edge; and a Netscape version that didn’t have all the new hotness.
A major issue with that scenario was that until a major competitor came along (in the form of Firefox to compete with IE 6) there was no real reason on Microsoft’s part to innovate the browser. As time went on, IE became more bloated, and unable to keep up with emerging standards to the point where it imploded and had to be rebuilt from the ground up with the EdgeHTML engine. However, now that Microsoft has chosen to shutter EdgeHTML, and Chromium and Mozilla are the only two major browser engines available, history seems doomed to repeat itself. Indeed, it’s already happening with some developers focusing their development on Chrome speculative features that aren’t ratified by the W3C.
So how does this tie into ColdFusion?
It’s pretty simple actually… I don’t want to go back to the Netscape/IE days. Building disparate versions of sites for different browsers sucked. Hard. I do want standards that get adhered to… and I don’t want Google to be the gatekeeper of those standards. I want those standards certified by an independent, not-for-profit organization that’s doing it out of passion; not out of a sense of how much additional PII they can glean from their users. I want Adobe and ColdFusion to know how to build their future products to adhere to internationally ratified and accepted standards; not what some commercial enterprise decided they could push out in their latest release that isn’t supported anywhere else.
As much as I dislike IE, and wanted to see it die, Edge gave me hope that the spirit of competition would help drive innovation.
This article is inspired by the hardworking Adobe CF team members who are giving sessions at the upcoming CF India Summit. Many sessions will be given on new features and advancements that they have worked so hard to implement into Adobe ColdFusion and CFML. These newest advancements in our platform and language make me ask:. How can we keep up with all this tech change?
Have you ever looked towards the future curious to what may be in store?
Of course. We all have.
As a matter of fact, looking ahead to future advancements is a driving force of human nature as a whole. Without foresight, there would be no wheel, calendar, or mathematics. Certainly, computers and associated software could not exist.
In a 1968 book titledToward the Year 2018, a group of 12 technological experts sat down in a think tank to hash out their predictions for the year 2018.
Now, as you can imagine, some of these ideas have not happened. For example, anti-gravity belts and man-made hurricanes are still figments of our own imaginations–unless we’re talking about Spanx and global warming. But others… well, they’re pretty spot on.
3D televisions are now available at retail stores worldwide. Picture telephones have become a reality with programs such as Skype and Facebook. And text messaging has become so commonplace that is it slowly taking over as the primary form of communication between individuals. But one prediction from Toward the Year 2018 affects us as IT professionals and CIOs more than anything.
The Internet.
Since the release of this book, the pace at which our technology has expanded has been next to immeasurable. New systems and products are released every day in a hope to make our world bigger, faster, and stronger.
And we as CF developers are right in the thick of it all.
Looking ahead to the 2018 CF India Summit, I noticed something rather interesting on the schedule. The docket is full of sessions on upgrades, new features, and version news. These advances may seem just like common patches or simple fixes to us. But they are much more than that. They are a symptom of a problem known as Tech Info Overload.
Yes. Tech evolution can be a problem. But only if you let it.
“Putting broadband communications, picture telephones, and instant computerized retrieval in the hands of such an organization is like feeding pastry to a fat man. It is ‘much too optimistic’ to assume that these same technologies would entail the ability to use them wisely. Applying technology, like all human efforts bears bittersweet fruits.”
-Andrew Oettinger, Harvard Scientist
The truth of the matter is this:
The advancement of technologies is a double-edged sword.
On one side, new breakthroughs can help us to be more secure, efficient, and productive.
But on the flip side… They can cause you hang ups and setbacks.
Normally, these setbacks are not caused by the tech itself. They are essentially caused by the failure of us to adapt to the changes. If we decide to stay outdated to current technologies, we will get left behind. Plain and simple.
This is particularly true for the IT industry. Can you imagine if your business was still running Windows 3.1 and executing old DOS commands to run shareware? Or if you were still collecting AOL CD-ROMs trying to get that newest version? (To be honest, I kinda miss that old dial-up connect sound sometimes…) Point is that you would have been left behind. Just a blip on the radar and no more.
We know what we need to do to though. Stay up to date. Yet, this is much easier said than done.
Even the most tech savvy of us will fall behind. And that’s ok to an extent. It’s not our faults necessarily. Technology is just changing at an unprecedented rate. It may seem like each and every day, we need to change just to stay current.
Let’s take a look at 3 MAJOR changes to Adobe ColdFusion in just the past 5 years alone.
1. Cloud computing
Five years ago if you would have asked me about the cloud, my answer would be hazy at best. Sure, we all understood the importance and the impact that it would eventually make. It was only used in limited applications. But nowadays… cloud computing is the norm. It’s become the new paradigm shift like that of the Virtual Machines of the 1990s.
There are 4 primary choices of hosting.
Shared Hosting
Managed Servers
Dedicated Machines
Cloud hosting
As of now, the most popular choice of hosting is in-house hosting. Yet, the current trend seems to be moving towards the cloud. To put this all in an easy to understand metaphor:
Shared hosting is like a hostel dormitory. You share a room with all the other people. If someone gets drunk and throws up on the bunk bed, you have a problem. A managed server is like an apartment complex where there are other apartments but they are walled off from each other. A dedicated machine is like having a detached house — you have to furnish it and fix the faucet when it leaks. Still some work, but you don’t have to worry about your bed being vomited on. Cloud hosting is like having a virtual dedicated house — one that you can instantly clone for more space when a horde of out of town guests arrive.
The cloud and cloud technologies are also lending a hand to one of CF’s hottest new advancements. Containerization.
Platforms such as Docker can increase your CF computing abilities through:
Speeding up the App Building Process for New Developers
Integrating Modern Methodologies and Automate Development Pipelines
Infinitely Scaling your Apps in the Cloud
Providing an Integrated Security Framework
Building modernized apps is a crucial task for the future. Here soon legacy CF apps will be rendered near useless with the growth of both CF and integrated technologies.
According to John Marcante, CIO of Vanguard, the cloud is a force to be reckoned with. He states, “The growth of cloud computing services has fueled the global economy, produced new ways of working and enabled companies to capitalize on global markets. For startups all over the world, cloud computing has been a catalyst, powering them with the low cost, distributed, resilient, compute utility they need to innovate.”
In February 2001, The Agile Manifesto was created. According to the authors, they did not agree about much. Agile methodologies were still largely undefined at that moment. Yet, this group of 17 authors came together around 4 basic principles:
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
An agile process normally consists of five separate stages. This cycle will then repeat itself until project completion.
The Plan
The Design
Development
Implementation
Evaluation
This particular sequence becomes exceedingly useful in software development. Especially when it comes to testing. Using a modern testing environment is critical to software engineering (and keeping CF alive).
Use portable testing environments — such as CF Builder — as well. The benefit to using portable environments is making the reuse of the development environment configuration much easier.
The lack of a mature testing environment can lead to absolute chaos during the run-up to deploying new code. Agile testing plans include many different types of testing avenues including TDD and more notably BDD.
Another way to increase your agility when it comes to testing is to take full advantage of automation. But…
According to the 2018 State of the CF Union, 44% of CFers polled do not automate or use CI deployment tools. If you are not automating your builds, you are missing out on saving time and improving your deployment and testing process.
However, for those who use CI tools, Jenkins seems to be the most popular tool of choice.
Agility lends much to your company as well. It no longer benefits strictly the development team allowing for:
Increased Flexibility
Increased Transparency
Increased Productivity
Minimizing of Missed Goals
Higher Quality Projects
Increased Client Satisfaction and Engagement
Tom Soderstrom, IT Chief Technology Officer for NASA’s Jet Propulsion Laboratory, believes these changes in DevOps are the possibly the biggest changes we have been experiencing recently.
“The way we handle development is the biggest change. Today, we iterate very quickly and develop minimum viable products to measure the user response as quickly as possible. We use Agile development and incorporate developments from others, so we can change direction with little impact.”
The Internet of things (IoT) is the network of devices, vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data.
To put this in layman’s terms…
You probably have some smart objects. We have desktop computers, laptops, smartphones, even smartwatches. But a smart lamp? Or just a smart light bulb?
Let’s call these lamps and light bulbs “dumb” objects. Now, what if we could take these dumb things and make them smart? How neat would that be?
But as many of you know, this is already happening. Through technologies such as Amazon Alexa and Echo devices or Apple HomeKit, modern homes are being transformed into those found only in science fiction novels.
This concept is the Internet of Things. And we as CF developers are playing a part in its creation.
At the 2017 CFCamp in Munich, Evagoras Charalambous gave a presentation on the foundation of using ColdFusion to build Alexa skills. He focused first on defining your app on the Amazon Development Portal. Next, he discussed how to make the skill talk to your ColdFusion code. He provided a sample CF project for the user to take away and use to develop their own app.
This was not the end of IoT in ColdFusion however. The topic stuck like like glue and made another major showing at this year’s 2018 CF Summit in Las Vegas. This time Mike Callahan covered everything from consuming utterances, intents, and slots. Attendees also walked away with a custom framework and all the information needed to start constructing Alexa skills.
However, this IoT is not without its issues. The key among these being cybersecurity issues. Some believe that these can be alleviated via Blockchain.
A blockchain is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. Once designed for the protection of cryptocurrency in 2008 by Satoshi Nakamoto, blockchains have since evolved. Newer blockchains are now used for a myriad of applications particularly the IoT. Just remember there is no silver bullet for IoT issues, but blockchains do offer hope.
But why use blockchain with CF? How is that relevant?
Mike Brunt breaks down blockchains in one of my podcasts. One of his biggest reasons for using blockchain with CF is that Blockchain uses RESTful API technology. As we all know (or should for that matter), building RESTful APIs is a breeze with ColdFusion– particularly when using Ortus Solution’s ColdBox MVC.
Why is Tech Changing So Fast and How I can Keep Up?
The growth and capacity of digital devices are just bonkers. In a previous world-changing industrial revolution, growth was measured on an arithmetic scale. A scale that shows a constant linear growth. Yet, the digital era is breaking traditional laws. Growth can only be fathomed on geometric scales. On these scales, the constant factor is no longer added year after year. Instead, the factor is now multiplied! In order to even show this progress linearly, logarithmic functions must be incorporated.
This digital revolution is not only surpassing traditional laws but creating new ones. Moore’s Law illustrates the effects of technical progress of microprocessors. Moore’s Law is named after Intel co-founder Gordon Moore.
As you can see, tech is not moving one step at a time. It is moving in leaps and bounds. But why?
This can be explained by three separate conditions.
Advancements are taking place at different speeds particularly in hardware and software development. This creates gaps between new components and older ones. These gaps need to be overcome somehow. So… this leads to the development of new concepts of modularization, substitution, and adaptation techniques.
Sometimes, the invention of something so innovative–such as lasers and microprocessors– leads to the development of many more uses. The development is actually consumer driven. People always want bigger and better things.
The third condition relies heavily on the previous two. Due to the stimulated growth from the first two conditions, any new product entered into the world today must anticipate the world it will be released in. That’s why each new smartphone or computer is always top of the line. The most basic of tech 5 years from now will be very close to the supercomputers of today.
Needless to say… keeping literal pace is actually impossible.
But that does mean we can’t stay up to date. We just need to realize what needs to be prioritized.
Priority Upgrades for CIOs
With so many changes and upgrades available, how do you even know where to begin?
Check out this survey conducted by TechTarget. They polled nearly 300 IT professionals– including CIOs and IT chiefs– regarding the IT Priorities of 2018.
These are just some recommendation priorities from other IT pros, but they are pretty good rules to follow.
Funny thing is that this also applies specifically to our wants and desires as CF developers. When polling CF’ers prior to the release of CF 2018, Rakshith Naresh found that 71% of everyone polled wanted NETWORK PERFORMANCE UPGRADES.
When they applied these changes in the release of CF2018, many of these performance upgrades were implemented through IT AUTOMATION–i.e. The Auto Security Lockdown feature and Performance Monitoring Toolkit.
Security was not mentioned directly on this list though. Security, however, is often worked into the other priorities as you can clearly see with ColdFusion 2018. So, keeping your network up to date actually will help prevent security concerns. This is important as security threats often evolve just as fast as the tech they affect.
What’s Next?
The real question now is:
What’s next?
In all reality, we have no way of knowing. Perhaps, a true AI lies just around the corner in wait. Maybe a grand unified programming language?
Either way, how are we supposed to keep up with it?
There’s only one could answer to that question. We do the best we can.
As previously stated, this article drew inspiration from the many different new features and upgrades that will be showcased at the CF India Summit. These include:
Geek Out with the Smart Language Additions in ColdFusion 2018
Vijay Mohan: Vijay works with Adobe ColdFusion Engineering group as a Computer Scientist. His focus area is ColdFusion Language components. He holds B.E in Computer Science & Engineering. He has good experience working on Java/J2EE, Javascript, JSF, Oracle techstack (ADF, Oracle DB) , Rest, SOAP, Hibernate, Spring, MySQL, Redis, RabbitMQ, Spring StateMachine etc. He likes to delve deeper into various techstacks and explore what’s new. He is an avid reader and active technology blogger. He takes deep interest brainstorming over design and architecture of software components. At leisure, he likes traveling, badminton and music.
Ashudeep Sharma: Ashudeep is working as a developer in ColdFusion Engineering team primarily focusing on Databases and Language.He has worked on diverse products with exposure to distributed systems, query engines, data stores, Big Data, Compilers. During his free time he enjoys playing sports(Cricket/Baddy/Volley etc), sometimes listening to light music and reading experiences on Quora.
Making Your Applications Fast and Furious with the New Performance Monitoring Toolset in CF 2018!
Nikhil Dubey: Nikhil works in Adobe ColdFusion Engineering Team as a Software Development Engineer. His latest work is on Performance Monitoring Toolset which comes bundled along with ColdFusion 2018. His responsibilities also include language changes, code coloring, autocomplete and various other features of ColdFusion Builder. His areas of interests are ColdFusion, Java, Elasticsearch and Machine Learning. In free time, he loves to read/watch news, cricket and Indian politics.
Mayur Jain: Mayur works with Adobe ColdFusion Engineering team, as Computer Scientist. His focus areas are Web Services (REST & SOAP), PDF and Spreadsheet components of ColdFusion. He is also involved in design and development of ColdFusion API Manager. Mayur enjoys exploring latest development in the field of Programming Languages and Machine Learning. He holds B.Tech in Computer Science and Engineering.
Developer Insight into Why Applications Run Amazingly Fast in CF 2018
Venkata Pavan Kumar Sannisetty: S V Pavan Kumar currently works as a developer at Adobe and contributes to ColdFusion. He loves to develop new features & securing the things. He looks after many aspects of ColdFusion such as Security, Session Management, Net Protocols (HTTP, FTP etc.) & many more. He also contributed to many features of API Manager for providing security to the published API’s. In free time he loves to read fiction and play cricket or table tennis.
Speed Up Your Programming With All New Adobe ColdFusion Builder 2018
Poonam Jain: Poonam has been working with Adobe for 6 years. She has worked across teams such as ColdFusion, which she is currently part of, and Acrobat. Her area of expertise is developing web applications and automation. Despite being a working mother to a 3-year-old daughter, she finds time to nurture her creative skills. She is an avid yoga follower as well.
Originally published at teratech.com on December 7, 2018.
Just a quick tip since I didn’t find this to be well documented anywhere and someone else probably has this exact same problem. Frequently, I display time and date on a page. I used to do it like so:
#dateFormat(now(),'dddd, mmmm d, yyyy')# at #timeFormat(now(),'h:mm tt')#
…but why use two functions when you can use one, right? So I tried using the following:
#dateTimeFormat(now(),'dddd, mmmm d, yyyy at h:mm tt')#
But got briefly stuck when the ‘t’ in the date mask was getting translated to “apm” instead of the literal “at”. I said to myself, “Self… you need to escape those literal characters.” I came up with this:
But received the same result. As it turns out, in this case, double quotes and single quotes are important. The quick tip here is: escaping literal characters in a dateTimeFormat() mask requires the use of double quotes outside the mask and single quotes to escape your literal characters.
Programming with Adobe ColdFusion is like creating a masterpiece. We, as developers are creative; solving problems and crafting with code the way an artist would with oil and canvas. I sincerely believe that it is the desire of every developer to not only create something wonderful, but to create it in a simple, elegant, and beautiful way.
I have a keen appreciation for software (and hardware) design aesthetic. I feel a sense of awe when I come across an application and I can tell that it is well designed, well thought out and has been meticulously considered from every perceivable angle so as to create a flawless, polished experience. I can tell when an application was clearly defined, well planned, and given the proper time to develop properly, and it’s amazing. In an ideal world, applications have a clear scope of work that was poured over again and again to make sure nothing was missing, and the development team was given as much time as they needed to create a refined and beautifully crafted piece of art.
But we don’t live in an ideal world, do we? We have budgets. We have incomplete scopes of work. We have half-thought out ideas that didn’t consider a great number of requirements. We have bosses who think week-long tasks “should only take a couple of hours to bang out, right?” We have clients who make requests that were due the moment they conceived them. As a developer, we sometimes frequently need to sacrifice creating something in a beautiful way and need to settle on “doing whatever it takes to get the job done as quickly as possible.”
So we hit our keyboards and implement non-elegant, hacky solutions. We start writing code without knowing what the end-result needs to be. I’ve been told to “add another field to the table” when there’s another field in another table that already has the data we’re trying to manage. It’s frustrating; but sometimes, for the sake of business, you need to just get the job done; and the artist inside me dies a little every time.
Here’s an example. One of the clients I work with has a website that contains links to another website. All of these links are hard-coded to “http://”. They want to make them all “https://” based links. Seems simple, right? Global search-and-replace and we’re done. But here’s the rub… we also have links in database records that are stored. Ideally, that data is updated as well.
The lead developer has spent the day building a ColdFusion based tool to be able to search and replace values in the database. It’s elegant and beautiful, and works well, and took him a lot of time, and is completely replaceable with an HTTP redirect from http to https. If the directive was to fix the data, his solution is what we would need. But the directive was not to fix the data; it was to make the links land on an https page. An http redirect is ugly, and doesn’t solve the problems with the underlying data, but it gets the job done and takes less than five minutes. He’s about 6 hours and 50% complete with his project. I respect his desire to create a work of beauty and elegance; but there’s other priorities that are not getting done while he’s building his art.
One of the reasons I am a big proponent of ColdFusion is that it makes creating art easier. Doing things well, even in ColdFusion, takes time and consideration; but CF makes it faster and easier. Getting things done can be quick and dirty… and CF still makes it faster and easier. The dichotomy of getting things done and doing things well is something I think many programmers struggle with every day. It’s a delicate balance that frustrates me all the time.
Many of you might be interested to have more clarification around our support policies and time periods, especially with newer version releases and pending core support deadlines. Hopefully, this post will guide you through the support policies and different types of support options available.
Which versions of ColdFusion are supported?
Each release of ColdFusion includes five years of core support with an additional year of optional extended support. Please see the current schedule here for timelines.
What is the difference between core support and extended support?
Core support includes quarterly hot fixes and security patches along with phone and email-based support under the support plan policies.
Extended support is best-effort support intended to assist customers in migration to a core supported version and DOES NOT INCLUDE security patches or hot fixes. If you have an issue with a version of the software within the extended support period and have purchased an extended support or TAM support plan the support team will assist to provide a workaround and help resolve your issue to the best of their ability. If the issue is a new bug or has received a hot fix in a later version, the remedy will be a recommended upgrade to the newer version. It is advised to be familiar with core support timelines and plan for migration upgrades prior to the end of core support deadlines.
If you are using a version of ColdFusion that is beyond the supported dates, you will not be entitled to support for that version even if you do have a valid support plan. Valid support plans entitle support to core supported versions, or in the case of extended support best-effort assistance.
What types of support plans are available for ColdFusion?
Gold Support
Gold Support provides hot fixes and security fixes along with 24×7 support with Service Level Agreements (SLAs) outlined below. Please see below for a matrix of support SLAs. Gold Support can be purchased with upgrade or new licenses, or within 30 days of license purchases.
Platinum Support
Platinum Support provides hot fixes and security fixes along with 24×7 support under the SLAs outlined below. Platinum support is purchased as a bundled package with Maintenance Upgrade Plans and must be purchased with upgrade or new licenses, or within 30 days of license purchases. Platinum level M&S must be purchased through a volume license program.
Technical Account Manager (TAM) Support Program
The TAM Program is a support service uplift which provides higher SLAs and a dedicated support channel for direct access to expert support resources. This program also provides a more proactive level of support, with architecture and upgrade guidance planning. TAM support can also provide best-effort level assistance on migration projects with older versions of ColdFusion that our out of the core/extended support matrix and ineligible for Gold or Platinum Support.
For information on the different SLAs and support plan deliverables, please see the following document:
You can email the support team at cfinstal@adobe.com including your support agreement number or order number. Your designated support contacts should be registered using this
Enterprise Support Contacts form. If you have not yet submitted it, feel free to send it into the support team.
What support is available through Amazon AMI instances?
Adobe ColdFusion Amazon AWS AMIs receive Platinum level support for core supported versions of ColdFusion. After the core support period is over, AMIs will not be refreshed.
What is the cost of support?
Gold and Platinum level support plans are variable and typically based on a percentage of the licensing cost. They can also vary from the uplift in services that are available from various partner resellers.
TAM support plans are offered on a yearly renewal for the dedicated resource uplift.
A support plan is tied to each license, and for the support plan to be valid all licenses of ColdFusion owned must have support. For example, if you have 5 licenses of ColdFusion, 5 support plans must be purchased. Partial numbers of support cannot be purchased. For example, if you have 3 licenses under one business unit in the same organization and 4 licenses under another business unit all 7 licenses must have support.
For a support quote, please contact Grp-cfsalesteam@adobe.com with your order or license information including the total quantity of licenses owned.
ROT13 stands for Rotate 13. It takes every character in a string and moves it down the alphabet 13 places. If it falls off the end it wrap around to the front. It is the quintessential bad encryption algorithm. Why 13 places? It serves as its own decrypter.
