Earlier this year, my manager asked me to research Javascript framework to be used in our applications.

I proposed jQuery since it seems to be getting lots of love around CF community. Another reason (quite selfishly) was: I want to learn another framework and growing my repertoire of skills (if I wanted to play it safe, I’d recommend Prototype and Scriptaculous since I have used them quite a lot on previous position).

I knew it was a good bet proposing jQuery but man, I just realized how amazing it is coding in jQuery.

Yesterday, I was re-writing a piece of javascript validation. Basically the code is meant to check a multi select field, it needs to find out whether the selected options is between 1 to 4. So below is the comparison on how would you find the number of options selected in a multi select using non framework approach and jQuery approach.

The old plain (read pain) javascript:

var CareerOne_type_id=document.getElementById('CareerOne_type_id');
var CareerOneTotal=0;

for (var i=0; i <e;CareerOne_type_id.options.length; i++) {
    if(CareerOne_type_id.options[i].selected) {
        CareerOneTotal++;
    }
}

The new code in jQuery:

var CareerOneTotal = $.map($('#CareerOne_type_id :selected'), functon(e) { return $(e).text(); }).length 

I love it! It’s so beautiful.. 

I almost wish that I do lot more jQuery and less ColdFusion

I’ve come to this realization, if you are a ColdFusion developer (esp if you’re a new to it), you might be disappointed with the reality in Australia.

Working on Legacy Applications

You’ll most likely have to work on legacy applications built pre-CFC days (pre 6.1MX). Spaghetti codes abound. Unlike on the other parts of the world, where companies are writing apps in newer CF versions, using frameworks and best practices. This is also my suspicion, I believe in Australia there’s a smaller percentage of fresh CF developers compared to UK or US for example, this limits the possibility of being exposed to best practices (my bias is the younger you are, the more tuned to best practices you are -> the younger you are the more likely you are to read books and blogs).

Resistance to OO and Frameworks

Most ColdFusion frameworks are following some OO approaches anyway, so I lump OO and frameworks together.

You’ll suggest moving to more OO approach as well as using frameworks, for long term benefits. But this will mean re-write and re-architect the application. Management asks why, the app is working, it does what it does, what’s wrong with that?

Even if they are agree in moving to OO and/or frameworks, you’ll find these problems:

1. Not many ColdFusion developers (speaking from the experience of 1 and 8 months working in ColdFusion) know or have used ColdFusion frameworks nor OO before (in fact finding a decent ColdFusion programmer is actually quite hard in Sydney, let alone one that uses frameworks and knows OO).
2. You want to be mentored by the senior developers or system architect on these areas, but they have no or little experience on them.
3. There’s no framework training available in Australia yet, at least in Sydney. In one of the job interviews that I had this year, I was asked whether I know any Model-Glue training in Australia, obviously this guy is keen getting his developers to work in framework but finding it hard to get his developers trained.

In places like US for example, I think there are little problems with the points above.

We really need new applications written incorporating best practices and what’s possible in ColdFusion. We need the legacy applications to be re-vamp. We also need pre CFMX developers to at least be trained in OO (I believe Rocketboots has some courses on this). Only then you can entice fresh blood to come and develop in ColdFusion, or in my case to stay and develop in ColdFusion and not moving to Java, .NET, PHP or even Rails.

This post is password protected. To view it please enter your password below:

Password:

If I were in charge of a team/company, how would I rally your troop in the wake of people leaving?

What do I need to do to contain the damage? Not only damage to the business but more importantly the damage to the team’s morale.

How would I dispel the compounded negativity? How would I prevent other to follow suit?

I need to address the team with the following:

1. Honestly admit that there is something wrong
2. Quickly do a survey on what people are feeling, it has to be anonymous otherwise the quite ones won’t speak up their mind
3. Hold a meeting with the team to address the issues from the survey and work it out from there
4. Ask what sort of environment or working condition that the team would be comfortable and happy with. If this is not aligned with business expectations, then something got to give, perhaps adjusting business expectations is less costly than employee leaving.

I need to retrospect what is it that my company can offer that other companies can’t? And nowadays in the candidate tight market, attractive renumeration alone is not enough.

I also need to do research on who will poach the talents from my pool and what do they offer that I don’t at the moment?

After the dust settled, I would need to inject some positivity, I probably suggest a team building activity, but not just a once off, it needs to be regular. At my old workplace, weekly soccer and daily coffee breaks helped people bound very well. I would have more non work related conversations more with the team, I need my team to be comfortable talking to me about their concerns. I need to be able to read the signs of someone looking to leave and do something about it and not to be caught off guard.

It’s really tough, but this is dangerous situation, it needs to be managed not ignored. 

Just thinking out loud and shaping myself to simply not just only being able to identify problems but to provide solutions. Anyone can find problems, but not many want to find solutions.

I put forward a suggestion for us to have some sort of bookshelf at the office and we can stack it with books. I was thinking that by reading more all of us can improve together.

But then our manager chuckled and said one thing that hits me "who have time to read?". He is absolutely right! 

I regretted putting the suggestion, in few seconds my utopian development dream crashed by the harsh reality sigh.. no time..

There was (or is?) a wave of SQL injection attacks apparently targeting ColdFusion sites in the past few days.

Unfortunately some of our sites were not immune to this attack, because apparently these are olders apps built on the days where cfqueryparam either didn’t exist or not widely used.

I am just wondering whether this is the case where ColdFusion developers take security for granted because ColdFusion is meant to be secure right? I mean you did pay for the server.. I remember back on my PHP days, when we have to write our own sanitizer to handle form inputs, because we know security is an issue with PHP.

Although it’s easy to get angry with the attackers, but not having your application secured thoroughly is also plain silly. You are asking for it, and you get it served.

There is no longer excuse for not using <cfqueryparam>, at least now everyone sees the need for it.

A simple short term solution at the moment is to filter SQL keywords in URL and FORM scope (variant of EXEC especially). A longer term solution would be to scan the older applications for queries with cfqueryparam and make it mandatory now for cfqueryparam to be used.

Come to think of it, this was a very clever attack and quite harmless in a way, no drop tables or anything nasty like that. It served as timely reminder for us (and to me as well) to not taking security for granted in whatever platform you are developing. Thank you hacker, but I hope you go to jail for this.

http://www.builderau.com.au/usergroup/. Have been attending few Adobe UG meetings, maybe it’s time to have a look at the Java one.

Last week was probably one of the most unproductive and frustrating weeks that I’ve been in. I spent 70% of my time Googling around, trying different things around,

I was assigned a project to integrate our system with an overseas partner, the integration will be facilitated via web services. And our partner web services are secured via SSL. I’ve done quite a few web service integration work, but doing secure web service over SSL is something new for me.

During the course of the week I hit so many walls (if you are only interested in ColdFusion and SSL version 3 (SSLv3), skip to the appropiate section below):

Problem 1: Registering certificate to Windows

Ok disclaimer first, as mentioned earlier, I really have little experience with SSL, certificates and all the like. So I googled A LOT and trying things frantically as well. To be able to connect to our partner web services, I had to create a private key (this is to be kept secret) and a Certificate Signing Request (CSR), for the partner to sign.

The partner returned a signed certificate from the CSR, and basically I need to install this to my machine. Now this was the major first roadblock that I have, it took me and lead developers on the partner’s side about 2 days to solve.

We thought once the certificate installed we can just use it to browse the web service site, but whenever I entered the URL, I was always prompted with an empty list of certificate to choose from to secure the connection.

Found out that not only that I have to install the certificate, but I also need to combine the certificate with my own private key, the result of this would be a PKCS12 file, I use OpenSSL again to do this. And after installing the PCKS12 to key store, the certificate appears on the list. 

Problem 2: ColdFusion and SSL version 3 (SSLv3)

To cut the story short, CFINVOKE up to ColdFusion 8 doesn’t support SSLv3 (although apparently the CFHTTP does, haven’t checked myself). It is still on the wish list for ColdFusion 8 see no 35.

And how do you know that the web services you’re trying to invoke are using SSLv3? If the web service expects you to supply a certificate when invoking its functions that it’s probably SSLv3. More information on this read Steven Erat’s from talkingtree blog especially: this entry. Special thanks for Mark Kruger from ColdFusion Muse blog, who has kindly replied to my questions,.

So I made the decision to use .NET to consume the web services and then use ColdFusion to call this .NET object. Glad to say that this approach works, but it wasn’t easy process as:

1. I haven’t done much .NET programming
2. I encountered some frustrating issues with CF8 and .NET integration

I think I will explain how the .NET looks like on another post, but if you are desperate please feel free to contact me I am sure I can give a snippet or two.

Suggested to my boss today that he should offer the developers an extra monitor for a dual monitors setup.

He took my suggestion and asked who want to have an extra monitor, to my surprise it’s only me and the QA guy that want it. I am really puzzled, I thought everyone would just jump to the offer.. Very strange..

I think the current project that I’m working on is one of the most difficult and frustating projects that I’ve ever been into.

Spent 2 days trying to make CF8 and .NET talks to each other in different environment.

On my local machine, everything is fine. Then I move the project to development server, it didn’t work, I’ve got this cryptic message from CF when invoking the .NET component:

System.NullReferenceException: Object reference not set to an instance of an object.

After hours of debugging, found out that it is caused by one of the inner class on the .NET cannot be instantiated (perhaps it wouldn’t take me that long to figure this out if I know .NET better). So problem fixed.

When moving to staging environment, guess what, it didn’t work again, different error message was thrown. It was something in the line of DotNetClassNotFoundException. Again spent hours playing with jnbridge config to no avail.

Luckily I remember the thread at CFAussie on similar issue. To debug CF8 & .NET issues, someone (Joel) suggested to look at jnbproxy.exe.config to see what .NET runtimes supported.  And this was the answer to my problem, I couldn’t see runtime version v2.0.50727 (.NET framework 3.5) on this config file. So I thought maybe added these lines to the config file and restarted .NET service would solved it, but alas it didn’t. So further googling around this time with keyword DotNetClassNotFoundException, found that I had to re-install CF8 .NET service to get the newly added .NET framework recognized (I think it was suggested on that CFAussie thread as well). So I uninstall the .NET service and download the CF8 .NET service installer and install it again. And yes, now CF8 and .NET talking nicely to each other.