Blog

10
April 2014

Gavin Pickin

Heartbleed - Heartbeats - and other Heart filling stories

CFML Server, cfObjective, Chit Chat, ColdBox, Conferences, OpenSSL, Server Admin

Yes, I still have a heartbeat, although my blog didn't have much of one for a while, that is true. The heart filling story, is that my mum and dad flew in the day after my last blog post, so I've been spending a lot of time with my parents, sharing experiences with their grandchildren. They live in New Zealand, so they do not visit too often, and my busy life got even busier. I have been busy, but you have to wait and see the fruit of my labor, more about that below. Of course, this week, you can't go far without talking about Heartbleed, so I have a few tips for those of you fighting Heartbleed too.

First, most importantly, Heartbleed. If you didn't hear about it already, I'm not sure why you're hiding under a rock, but still reading my blog. Its a massive dangerous security hole, and the worse part, 66% of the internet is vulnerable, and it leaves no trace, so everyone has to fix it, and re-key everything touched by openssl, since your private keys might be in the wild now.

I had to do my due diligence, and have been working on our servers, being Centos 6.5, we were running a compromised of openssl. One thing to remember with Red Hat and Centos, they do not continue to update the versions of their products, like openssl, instead, they backport the security fixed. So, 1.0.1e is a compromised version, Centos backported the fix, and if you do a simple yum update openssl - it will update to 1.0.1e-16.el6_5.7 which is patched. Knowing this, its simple to remove the exploit, and remove future risks of keys being released, UNLESS you have other modules and packages that need to be updated too.

httpd uses mod_ssl to serve pages by ssl, and if you only update openssl, without mod_ssl you will still be vulnerable.
You can test your servers with this tool: http://filippo.io/Heartbleed/
I am usually weary of websites that test for vulnerabilities, because they can build up a list of vulnerable sites, but this one seems to be the most reputable one around.

Ok, now we're discussed heartbleed, and the heart filling story of my parents coming to see their grandchildren, and my heartbeat, now we can talk about what work I've been slaving away on.

This week, speaker's slides were due for cf.Objective() presentations, so the awesome Content Advisory Board can review them. This was a pressing deadline, with my talk being a 5 day course jammed into 60 minutes, it was really hard to fit the content in, focusing on making sure the content met the description for the session, and what would give the attendees the best value out of it. I ended up meeting the deadline, and feeling great about the content, and I can say I have added some ColdFusion 11 material that I had not found anywhere else on the internet yet. I worked hard to extend my presentation to include ColdFusion 11, even though I hit some roadblocks, and I could not find much online, so I tried a few things, and I got lucky. My presentation will help you get CF9, CF10, CF11, Railo and a Railo Cluster all running on the same machine, serving files through apache, differentiating CFML engine based on the apache virtual hosts.

If you aren't going to make it to cf.Objective(), you will have to wait a little longer for all those juicy details, if you are at cf.objective(), look me up in the schedule, and come support me.

I have also been preparing for another conference, Into the Box, happening in Bloomington, MN, the day before cf.objective(). I am presenting one session, Just Mock It, and co-presenting another, Meet the Family, where you can get a quick overview and introduction to some of the ColdBox standalone libraries, and how you can quickly add them into any project, even a framework free legacy app, and harness the power of these enterprise stand alone products.

Most people make one major invalid assumption about ColdBox - You have to use all of ColdBox or none of it. - THIS IS NOT TRUE

ColdBox has several powerful and completely separate standalone products, that can help you add value to your project quickly and easily, whether you have no framework, a homebrew framework, an old framework, even something new and awesome like fw/1.

Meet the Family will try and help everyone see the power of these standalone libraries with a getting started guide to get them up and running, each library in 10 minutes, with time for questions. We have been building a legacy app, and since I am new to using the ColdBox libraries, I thought it would be best for me to design this legacy no framework app, and in the presentation, we'll show you how to add TestBox, WireBox, CacheBox and LogBox, to transform your app, adding lots of enterprise level power, while not re-inventing the wheel.

Framework One has integrated TestBox recently, as Sean Corfield stated "Why reinvent the wheel when there are quality packages available". Sean also added WireBox so you can choose between DI/1, WireBox, and although not recommended, ColdSpring.

If you're going to make it to cf.Objective(), come a day early, enjoy 14 great sessions, for a great price, and better value with a lot of sponsor goodies, including business cards and hackmycf subscriptions to name a few.

http://www.intothebox.org

Want a sneak peak at our Meet the Family Presentation - Here is a screenshot.

22
March 2014

Gavin Pickin

Conferences - Amazon AWS Summit in San Francisco and Brackets Meetup at Adobe

Chit Chat, Conferences, Server Admin, Steals and Deals, Tools and IDEs

Its a busy week next week, driving to LAX and back Monday with my Family flying in to spend some time with the kids, Tuesday, I'm driving to San Francisco for an action packed Wednesday. If you didn't read the title, then I'll spell it out to you.. Wednesday, 26th of March 2014, Amazon has their Free Amazon AWS Summit. Its a day packed full of amazing sessions, so I can learn anything and everything I need to about everything AWS... and after that, I have to decide between Amazon Social and Brackets first Hackathon.

21
March 2014

Gavin Pickin

Conferences - 2014 NC DevCon - Have you say and make it the best NC DevCon yet

CFML Language, Chit Chat, Conferences

Conference season is about to go into full swing, especially for the ColdFusion community. cf.Objective() and Into The Box are coming up quickly in May, get your tickets and book your flights. Scotch on the Rocks is down to 14 tickets last I saw, so if you intend to go, snatch one up quick. Next in the line of CF Conferences I believe is NC DevCon, and they have released a survey, to get the community input, to make this years NC DevCon as good as can be.

They're asking for ideas on track ideas, and more specifics on given tracks to what type of content for those categories. They also want to know if there are certain sponsors you want to see there or not, and most importantly, whats days make it more appealing.

Take your time, and fill out the survey, the more information, the more the committee can do to shape it to meet our wants and needs.Its a short survey, well worth the time, so fill it out, and spread the word.

https://docs.google.com/spreadsheet/viewform?formkey=dFdVcWhBb2xJWTVSZFIybHJxWEh1Unc6MA

19
March 2014

Gavin Pickin

Cold Fusion Builder - A seriously destructive bug makes it into Version 3

CFML Language, CFML Server, Techie Gotchas, Tools and IDEs

I mentioned in a previous blog post about some Bugs in CF Builder, although, overall, so much happier with the product than I was with previous versions. The quick file closing is amazing, something I would always dread, but that is gone now, so thats a big plus. I am also seeing less drag on the intellisense like features and lookups, so speed is improving on the whole, but some lil editor bugs here and there.

The big items that I hated in 2, is still in 3... and has caused some headache, heartache, and seriously pissed off several devs I know. I updated the bug today, since Adobe couldn't reproduce it, and I put a video on Youtube to explain the process and show the bug itself, at its destructive best.

13
March 2014

Gavin Pickin

CFML Language - Talking to Elishia Dvorak from Adobe + ColdFusion about the Edu + Intern Program

CFML Language, CFML Server, Online Interactive Learning

Recently on Twitter, there was some talk about today's ColdFusion evangelist, and who that is. Eventually we tracked down Elishia Dvorak @elishdvorak, who is Adobe and ColdFusion's US representative, who deals with Sales, and the new Education Program, as well as support and everything else. Once we had identified her, we gave her a few jabs about her number of tweets, and then let her be. Elishia posted a tweet

11
March 2014

Gavin Pickin

Mobile Development - JSON vs JSONP with Ajax calls and ColdFusion CFC Components

Android, CFML Language, Cordova / Phonegap, IOS, jQuery, Techie Gotchas

I had mentioned that I am getting setup and writing some HTML5 / Javascript / CSS / Phonegap / Cordova Apps, and along with these types of apps, you will start to use Ajax to make server api calls to keep your fresh and up to date. I ran into a hurdle today when making some Cross Site Ajax calls, and decided I would share my findings.

First, you might ask, if I'm making a native app, why are you worrying about Cross Site Ajax calls? And you would be correct, with the app deployed on a Android or IOS device, those Cross Site Scripting issues do not exist. I decided I wanted to develop my apps to be deployed on our dev servers during development and testing, and wanted them to work as well as they could (obviously certain device api's would not be available), so I wanted to look into using JSONP to solve my cross site scripting issues. Using json a lot, and with most of my sites calling the same server for api calls, I have heard of JSONP, but not actually implemented it myself… so here goes.

10
March 2014

Gavin Pickin

Charity Corner - Diabetes and Fly a Foul Mouthed Fusioner Fund

CFML Language, cfObjective, Charity Corner, Chit Chat

EDIT - Please go to support Jared here instead

Tomorrow I have a meeting with one of my new Charity Corner businesses tomorrow. I have decided to try and help out the community by dedicated so many hours a month to help local charity and non profit groups trying to get up and running. Tomorrow, I'm meeting with a brand new Non Profit who's mission is to help run camps and events for young and old Diabetics (type 1 and 2), in our region, where there are no Diabetic groups currently running. With parents suffering from Type 2, and one of my Sisters a life long Type 1 sufferer, I thought it was a worthy candidate for this months project. While thinking about this Charity project, I thought of another one, that the ColdFusion community might be interested in.

In our small but powerful ColdFusion community, our currency seems to be based on Virtual Thank you's, and Beer… surprisingly, a lot of beer. I am saddened to say, one of our biggest contributors to the community of late was thinking about cashing in some of this currency, but was sad to know, that the Airlines, will not take a series of IOUs, even those IOUs for beer.

07
March 2014

Gavin Pickin

Dev Ops - From Mail Logs to DB Stats in a CFML Dashboard - Part 5

CFML Language, Server Admin

Its been a month since my last post in this series, so if you weren't reading my blog then, jump back into late Jan early Feb, and catch up on where we are at. We've done some testing, and we ready to clean up our log file import into the database.

05
March 2014

Gavin Pickin

Migrating to Railo - Is ColdFusion Forgiving or Sloppy?

CFML Language, CFML Server, Migrating to Railo, Techie Gotchas

Over the long never ending migrating from ColdFusion to Railo (a lot of legacy sites mentioned in several other blog posts), I have seen a pretty interesting trend. I was discussing with a friend today, who migrated one of their sites from ColdFusion to Railo just this week, and we were discussing the issues they faced, and how they compared to what I have seen… it was interesting, and it got me thinking… run for cover, me thinking is dangerous.

03
March 2014

Gavin Pickin

Setting up my MBP For Mobile Development - IOS Android Cordova Node Ionic

Android, Cordova / Phonegap, Ionic, IOS, Node.js, Tools and IDEs

After months of playing with this, and playing with that, I have a few apps I have to actually get built, wrapped in cordova / phonegap and out to the app store and the many customers, waiting to download them. As usual, I want to document the silly little stuff you do to get things all setup, just in case Android destroys my Mac, I need to set it all up again. I have installed and played with some of these tools before, but I decided to start fresh, so follow along.

Blog Search