Re: The long tail of ColdFusion fail
The bare minimum should at least be as I stated. Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 03:16, Raymond Camden raymondcam...@gmail.com wrote: As has been explained *multiple* times, there is no one solution (in terms of settings) that will work for everyone. Therefore there must be some position made where the software says, I'll lock down A and B, but I don't think I can *always* lock C. I *do* think that at the end of the installation, linking to the lock down guide would be useful. On Thu, Mar 27, 2014 at 10:12 PM, Maureen mamamaur...@gmail.com wrote: Honestly, if you are selling a software product that requires additional lock down after installation, you might could get the attention of those hiding in their cubicle by putting a large notice of such at the beginning of the installation instructions. No one should have to find out about software security issues from CNN. On Thu, Mar 27, 2014 at 7:57 PM, Wil Genovese jugg...@trunkful.com wrote: Honestly if these people are living under their cubicle desk then I have no clue how to get their attention. It's not as if no one is talking about ColdFusion security and certainly not as if the main stream news media is reporting security breaches. If someone chooses to stay uninformed there isn't much anyone can do to wake them up. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358166 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Except eveyone I know who has tried to follow the lock down guide has ended up with a broke cfserver. Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 02:43, Raymond Camden raymondcam...@gmail.com wrote: Playing attention to the requirement to inform these people about the need for extra lock down early in the process would be more effective in solving the problem than Adobe employees and evangelists ignoring the fact that these people exist and doing nothing more than yelling Um... who exactly is ignoring these people? You may argue the CF team should do *more*, but they are not *ignoring* anyone. The Secure Profile was a *big* step to try to help lock things down out of the box. Hiring Pete to write a guide, and hosting it, on *additional* steps was a good too imo. Can even more be done - maybe so. I'd like the installer to point to the lock down guide so folks know it exist. Rah, Rah, Adobe as if the company had no place in the solution. As if Adobe hasn't at least made an effort - oh wait - they did. Users must take some responsibility too, Maureen. You can't put it all on Adobe's shoulders here. If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358167 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
On Thu, Mar 27, 2014 at 8:14 PM, Raymond Camden raymondcam...@gmail.com wrote: Right - but you said Adobe was ignoring this. Please back your statement up. I said the CF team could possibly do more. But I do not agree that they are ignoring the issue. I did not say Adobe was ignoring the issue, I said that some employees and evangelists were ignoring that people existed who were not aware of the issue. And I meant mostly in this thread because of the three or so people who seem to think the current method of installing would be fine if the users would do their job with little acknowledgement of the company's role in the problem. A position that does not agree with you is not one of attack. Tone is everything. You can state a position that does not agree without getting snarky about it. Also - I do not blindly defend Adobe. I've got a *huge* history of reporting bugs, making suggestions, and generally trying to make CF a better product. If I thought the CF team was perfect then I wouldn't be trying to help improve it. That may be the case when you are at work, but I haven't seen it here much. You do a lot of good work for the CF community and I appreciate it greatly. But on this list, anytime I have posted a criticism of Abode products or procedures, I've gotten a face full of what feels like shut up and go away. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358168 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
nput solicited: List function support as member functions in CFML
G'day: I'm concerned about how Adobe have implemented the list-oriented member functions in ColdFusion 11. And I was hopeing to capture some community input as to what other people think, before raising it with Adobe: http://cfmlblog.adamcameron.me/2014/03/survey-lists-in-cfml-and-naming-of-list.html It'd be cool if you could take the time to complete the survey. Thanks. -- Adam ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358169 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Sorry, forgot to come back to this. This is not a false analogy because [etc] But it *is* a false analogy because it's generally a government requirement for people to be licensed to drive a car before they can use one, so it's reasonable to assume from the outset of the sale process that a minimum level of education is already in place regarding how a car works. This is not the case with CFML. I think, on the whole, physical object analogies made in the context of IT considerations have a lovely superficial warmth to them, but generally end up being pretty specious. -- Adam ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358170 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Moving part of my hosting business - thoughts about my plan please ...
Yes yes yes, I know its been done and done again here.I'd like to know the opinion of some of you who've been down this road a few times - its quite a while since I've moved hosts.. here's my issue: I need to move to a new hosting company from the one I have my small business sites on. These are the mom-pop businesses that make up quite a bit of my business.Typically they're relatively stable sites with a SQLServer2005 database in a shared hosting environment. My hosting wholesaler has pissed me off once too often and I am going to move that part of my business somewhere else. I am thinking of a virtual server in the cloud, moving to Linux and Railo from Windows2003 Server and ColdFusion. [A] OS move: I'm aware from past experience that I'm going to get some links that fail because Linux is case sensitive in filenames and Windows isnt. I've tried to be disciplined in using filenames because of that but I just know there are going to be some links or cflocations that fail on that account. Are there any other 'gotchas' moving from windows to linux? Is there any benefit of one flavour of Linux over another? [B] Server environment move: How about moving from ColdFusion (currently v9) to Railo?Is it REALLY compatible? Am i really likely to be able to just copy my files to a Railo environment and have most of them work ok? What's been your experience with that move? -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358171 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
After days of cringing as these emails come through, I am going to chime in briefly. If there is such a glaring hole in the Coldfusion platform, and there is a need for it to be filled, is there an obvious business/product opportunity here? The Coldfusion ecosystem is large, and as the title suggests, has a really, really long tail. (Says someone who finally shut down his last Coldfusion 5 system last calendar year) Would you people that think it needs work be willing to define the require functionality you think is missing? As in specific vulnerabilities, and suggestions for how to test it? I am sure there are solid developers here who, if they saw a compelling reachable product, might jump on this. And if it turns out to be doable and cost effective, i would also bet that Adobe (or one of their competitors, or both) might purchase that technology and bundle it in future versions. I am picturing a 2-fold system. A web-based scan for common vulnerabilities from outside, and a more detailed scan the system from inside. (There are a number of comparable systems out there. WordPress security scanners being a recently-in-mind example) Thoughts? I think a little more on-topic, a little less on-people would be nice. Jerry Milo Johnson ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358172 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Moving part of my hosting business - thoughts about my plan please ...
On Fri, Mar 28, 2014 at 5:21 AM, Mike K wrote: I am thinking of a virtual server in the cloud, moving to Linux and Railo from Windows2003 Server and ColdFusion. We are working on a similar move with a client right now and here's what advise I can give based on the decisions we made. Only change one thing at a time. You're contemplating changing 3 things at a time. If you are going to most hosts, move hosts and stay on Win/CF for now. If the site is important to your business (and it sounds like it is) am a big proponent of only changing one thing at a time. It sounds like your real immediate problem is hosting, I would solve that problem first. If you want to manage the servers yourself, look at Amazon or RackSpace or one of the cloud providers and move to windows VMs running there. Moving to a VM should be relatively straightforward and since this is the most urgent thing, I would do this one first. It should be the quickest, though you may have to deal with things like getting outbound email routed/whitelisted properly. I would bet you are thinking about moving to Linux/Railo since you're about to be responsible for license costs all the sudden that you don't have and are not cheap. Valid reason, but I would wait. Pay the extra money for the short term and move the code over to Linux/Railo later. Moving to Linux/Railo is not a bad move at all, and you can probably do these at the same time. However, you're probably going to want to spend some quality time with the code first. Sometimes it's easy as cake and no modifications are required tot he code at all. Sometimes it's more complex. I'm guessing you'll want to move to something like MySQL or another lower cost DB server as well. Just make sure that you give yourself some time to play with the Linux/Railo setup before you make the final move. Lastly, you might take a quick peek at RightScale for cloud server management / configuration management. It's basically Chef/Puppet scripts you can glue together to automate server deployments across various cloud platforms. The single user version is free last time I checked. http://www.rightscale.com/ -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook http://www.facebook.com/cameroncf | twitterhttp://twitter.com/cameronc | google+ https://profiles.google.com/u/0/117829379451708140985 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358174 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Moving part of my hosting business - thoughts about my plan please ...
Mike, Based on what youve outlined below, and what youre already aware of, I would say the biggest challenge for your migration is going to be in migrating the databases from SQLServer. That one can tricky but there are a number of good tools out there to help you do that. In answer to your other questions: A) 1) The case-sensitivity is the big issue with existing apps. For relative paths in your apps, make sure you take a look at any hard-coded path delimiters as well and change back-slashes to slashes. The other challenges come on the differences in the configuration side of things. 2) Linux distros are a matter of preference, and the debate can rage on forever. That said, CentOS is the winner in my book, hands down, for Coldfusion web application servers and for most dedicated database servers. The distro is active, well maintained, and just about every module or library you would need is actively developed to be compatible with CentOS/RedHat. Ubuntu is a solid server distro as well, but falls a bit short to CentOS, IMHO, as a CF/Railo platform. B) Yes, the move is relatively painless - even more so with Railo 4 than it was with Railo 3. You may have some pain if you have apps that create or manipulate PDFs extensively for reporting or CFChart as you may find some differences in the way they are rendered. The unsupported tags list will help you there as it identifies where there are differences in functionality: https://github.com/getrailo/railo/wiki/CFML-tags-that-are-not-supported You will miss the ability to drop a CF application in to a new webroot and go, but configuring the server.xml file for a new site is relatively painless. You can also install mod_cfml to automate the process: http://www.modcfml.org/ A Control Panel is really helpful for administering multiple clients. VirtualMin is my preference among Linux CPs. HTH, Jon On Mar 28, 2014, at 5:21 AM, Mike K afpwebwo...@gmail.com wrote: Yes yes yes, I know its been done and done again here.I'd like to know the opinion of some of you who've been down this road a few times - its quite a while since I've moved hosts.. here's my issue: I need to move to a new hosting company from the one I have my small business sites on. These are the mom-pop businesses that make up quite a bit of my business.Typically they're relatively stable sites with a SQLServer2005 database in a shared hosting environment. My hosting wholesaler has pissed me off once too often and I am going to move that part of my business somewhere else. I am thinking of a virtual server in the cloud, moving to Linux and Railo from Windows2003 Server and ColdFusion. [A] OS move: I'm aware from past experience that I'm going to get some links that fail because Linux is case sensitive in filenames and Windows isnt. I've tried to be disciplined in using filenames because of that but I just know there are going to be some links or cflocations that fail on that account. Are there any other 'gotchas' moving from windows to linux? Is there any benefit of one flavour of Linux over another? [B] Server environment move: How about moving from ColdFusion (currently v9) to Railo?Is it REALLY compatible? Am i really likely to be able to just copy my files to a Railo environment and have most of them work ok? What's been your experience with that move? -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358175 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Maureen mamamaur...@gmail.com wrote: Honestly, if you are selling a software product that requires additional lock down after installation, you might could get the attention of those hiding in their cubicle by putting a large notice of such at the beginning of the installation instructions. No one should have to find out about software security issues from CNN. I would change the argument over to what happens when installing competing middleware. Are the alternatives to ACF any safer to install? What sorts of things do they do to minimize security issues on installation? How can ACF modify the installation process to maximize the security profiles up front? The ACF installation security profile doesn't matter if massive breach publicity makes large datacenters, government agencies, and ISPs to abandon the product. In public relations, logic isn't the primary driver. -- LinkedIn: http://www.linkedin.com/pub/roger-austin/8/a4/60 Twitter: http://twitter.com/RogerTheGeek Blog: http://RogerTheGeek.wordpress.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358173 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Moving part of my hosting business - thoughts about my plan please ...
I will also mention, that running on Windows doe snot need to incur any license costs Most VPS hosts will give you Windows Server Web Edition for free, and some can give ANY edition for FREE, because it doesn't cost them anything on your SPLA licensing model. You can also run Railo and CF together on the same server quite happily. On Fri, Mar 28, 2014 at 12:58 PM, Cameron Childress camer...@gmail.comwrote: On Fri, Mar 28, 2014 at 5:21 AM, Mike K wrote: I am thinking of a virtual server in the cloud, moving to Linux and Railo from Windows2003 Server and ColdFusion. We are working on a similar move with a client right now and here's what advise I can give based on the decisions we made. Only change one thing at a time. You're contemplating changing 3 things at a time. If you are going to most hosts, move hosts and stay on Win/CF for now. If the site is important to your business (and it sounds like it is) am a big proponent of only changing one thing at a time. It sounds like your real immediate problem is hosting, I would solve that problem first. If you want to manage the servers yourself, look at Amazon or RackSpace or one of the cloud providers and move to windows VMs running there. Moving to a VM should be relatively straightforward and since this is the most urgent thing, I would do this one first. It should be the quickest, though you may have to deal with things like getting outbound email routed/whitelisted properly. I would bet you are thinking about moving to Linux/Railo since you're about to be responsible for license costs all the sudden that you don't have and are not cheap. Valid reason, but I would wait. Pay the extra money for the short term and move the code over to Linux/Railo later. Moving to Linux/Railo is not a bad move at all, and you can probably do these at the same time. However, you're probably going to want to spend some quality time with the code first. Sometimes it's easy as cake and no modifications are required tot he code at all. Sometimes it's more complex. I'm guessing you'll want to move to something like MySQL or another lower cost DB server as well. Just make sure that you give yourself some time to play with the Linux/Railo setup before you make the final move. Lastly, you might take a quick peek at RightScale for cloud server management / configuration management. It's basically Chef/Puppet scripts you can glue together to automate server deployments across various cloud platforms. The single user version is free last time I checked. http://www.rightscale.com/ -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook http://www.facebook.com/cameroncf | twitterhttp://twitter.com/cameronc | google+ https://profiles.google.com/u/0/117829379451708140985 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358176 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I am picturing a 2-fold system. A web-based scan for common vulnerabilities from outside, and a more detailed scan the system from inside. Hi Jerry, you basically just described HackMyCF.com and their security scanner and monitoring tool. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358177 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Moving part of my hosting business - thoughts about my plan please ...
Having been there/done that myself, I would follow Cameron's described route. You don't want to be debugging so many different issues at once on an OS you aren't intimately familiar with (and maybe not familiar at all). You mentioned you are on Win2003. Have you by chance missed out on running CF on a 64-bit Win OS? That was like manna from heaven when I first switched. Consider a Windows VPS from Viviotech. They can license you a copy of CF Enterprise *very* inexpensively. They are surprisingly robust for the prices charged, they are CF-literate and an excellent firm on general principles. From there consider leasing another Windows VPS and put Railo on it (Viviotech will do this for you for a small setup fee or for free IIRC). Then tinker away, migrate a low-profile site over when you're ready etc. This is what I did with my personal sites. You could take it a step further and after mastering Railo, retire the Windows/Railo VPS, fire up one with linux and start over again on the tinkering so you limit your issues to that part of the change. If you need more horsepower and have the budget for a CF license, look at the blade servers at Cybercon; check out their hardware configs. I don't see how you can beat those prices. My servers there have been absolutely reliable. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358179 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. What does this matter when the bad juju blows back publicly on the product itself? Blaming the customer for problems in other channels typically doesn't tend to end well for the seller. Thats what I am seeing here. I know you're right... but is that relevant to long term sales growth? I'm no longer a full-time CF developer. I run a company whose focus has to be on customer service. I cannot imagine an approach like that surviving in my marketplace for long. So I'm not looking at this from a technical perspective. At its root this is not a tech problem at all. Its a problem with consumer perception of the product. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358178 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: The long tail of ColdFusion fail
I can't say I've read every post, but I have read most. One point I'd like to take up is this business of the CF install and security. I've seen all sorts of statements made about sys admins and their duties which as a past sys admin and IT Manager I found interesting. The idea that any application is installed on a server that is open to the internet, or even if used internally, should be installed in such a way that is open to hacking by default is, quite frankly, ridiculous. I have been responsible for corporate level global infrastructures including the use of firewalls, VPNs, etc. If you have ever worked with any high standard product you will be aware that features remained closed by default. You don't install a firewall and find all the ports are open and you have to select which to close, quite the reverse. The notion that it's the sys admins fault if a product installs in an unsecure way beggers belief. I recognise that PHP and .Net aren't exactly perfect, but for CF to have a backdoor entry point as standard in the install is plainly stupid and it has not helped sell CF as an option. Sure, not all sys admins have the sort of skill set one would expect, I have certainly come across a few of these in my 30 years in IT. However, a sys admin has plenty enough to deal with without being having intrinsically bad application installs thrown at him or her. My tuppenth. -- I am using the free version of SPAMfighter. SPAMfighter has removed 10670 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358183 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Dave wrote But I think there's an important difference in expectations between providing services and selling tools. My customers expect me to know how to do things right - to understand how my tools work. When you buy a tool, you are expected to know how to use the tool, and there is only so much the tool vendor can do to prevent you from misusing the tool. Dave as usual you are right ;-). BUT my counterpoint is your rightness in this point doesn't matter to the overall outcome: CF is still getting sucker-punched. And you cannot stop it from happening by pointing out - to the media who is delivering the blows - that someone else deserves that fist to the face. You further cannot stop it by insisting that only grownups buy and use the product. I had a retail product that needed a default url and a default path hand-input into Application.cfm, along with a couple other settings that decided how the app behaved. How tough can it be to type in a path on your own server? That you know already? And I wrote tons of comments into the file's code so it had a complete instruction manual inside, with examples, options... the works. All the 'developer' had to do was spend two minutes in that file and poof they had a fully working app. 3 how that went... I have to type whut? Where? Why? A path you say? What line is that on? The fact is to BE a developer in the first place they needed the skill to edit a CF file. It didn't matter. I sucked it up, acknowledged reality, wrote the installer and ... problem solved.. CF is in that boat now. --m@-- ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358184 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
Good Gawd! Some of you are like a dog with a bone. The facts: 1) Something Happened 2) It Got Publicized 3) There Are A Lot of Ticked Off People We can debate who is at fault until we are blue in the face. The fact of the matter is, all of it is in the past. We can not change the past. Adobe (the CF product team) is aware of everyone's concerns, and are evaluating strategy *for the future*. You have all said your piece here, in the very public openness of the web, where Google will pick it up and run, and allow the naysayers to say see, even their own community... Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. I promise you that it is a much more valuable use of your time, and your valid, constructive criticism might actually get met with an official response and/or action. Now, you are welcome to flame me here, but *I* promise *you*, you will just be wasting keystrokes. Spend 'em in the bug tracker. Steve 'Cutter' Blades Adobe Community Professional Adobe Certified Expert Advanced Macromedia ColdFusion MX 7 Developer http://cutterscrossing.com Co-Author Learning Ext JS 3.2 Packt Publishing 2010 https://www.packtpub.com/learning-ext-js-3-2-for-building-dynamic-desktop-style-user-interfaces/book The best way to predict the future is to help create it ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358185 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
You have all said your piece here, in the very public openness of the web, where Google will pick it up and run, and allow the naysayers to say see, even their own community ^^ +1 ^^ cfhorse beaten=true dead=true / cfabort ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358186 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
it doesn't take any expertise, this is the whole point, anyone can do it (badly) sure something may break by being locked down, but as I said earlier, you have 2 choices.. 1. out of the box install, not secure, but your site works just fine.. So nothing to learn unless you choose to. User continues in blissful ignorance. 2. out of the box, locked down and secure, but site may break, so you have to learn something about CF security to get it working. Learning is required and not optional, user has now learnt something new and has a secure system. surely this is a no brainier. On Fri, Mar 28, 2014 at 4:01 PM, Dave Watts dwa...@figleaf.com wrote: If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. What does this matter when the bad juju blows back publicly on the product itself? Blaming the customer for problems in other channels typically doesn't tend to end well for the seller. Thats what I am seeing here. I know you're right... but is that relevant to long term sales growth? I'm no longer a full-time CF developer. I run a company whose focus has to be on customer service. I cannot imagine an approach like that surviving in my marketplace for long. So I'm not looking at this from a technical perspective. At its root this is not a tech problem at all. Its a problem with consumer perception of the product. Like you, I'm in a business that has to focus on customer service. But I think there's an important difference in expectations between providing services and selling tools. My customers expect me to know how to do things right - to understand how my tools work. When you buy a tool, you are expected to know how to use the tool, and there is only so much the tool vendor can do to prevent you from misusing the tool. Application servers are inherently complex, and it takes a certain level of expertise to set them up. There's no getting around that. I agree that Adobe might be able to do a couple of things to make the process easier, but I think those things might also have unintended consequences - breaking existing applications, etc. In the end, security is going to rely on the knowledge of the administrator and developers. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358182 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
sure something may break by being locked down, but as I said earlier, you have 2 choices.. 1. out of the box install, not secure, but your site works just fine.. So nothing to learn unless you choose to. User continues in blissful ignorance. 2. out of the box, locked down and secure, but site may break, so you have to learn something about CF security to get it working. Learning is required and not optional, user has now learnt something new and has a secure system. surely this is a no brainier. This explains why absolutely no one uses Windows web servers. After all, that's how Unix web servers always worked, pretty much. You had to know what you were doing to get them working. I can see now why Windows never got any market share. (note: this is not an endorsement of one or the other, just an observation) Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358187 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Application servers are inherently complex, and it takes a certain level of expertise to set them up. There's no getting around that. You're right. However, there are two approches that can be taken in installation procedures. One year ago I had to move from a W2003 to a W2008 server and to a new version of IIS. I discovered that in Windows and IIS every thing was locked and blocked and nothing was working out of the box. I had to learn every thing since IIS 7 is completely different. So I had to unlock, give permissions etc. until I could have a site operational. On the other hand, the CF server was operational right away, but then I had to secure it. So you're right when you say that it takes a certain level of expertise, but this level can be used in two different directions. The first is secure by default, the second more like usecure by default The first may be more frustrating, but the second is kind of more dangereous. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358188 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
I think you will find many folks already did that years ago, myself included. On Fri, Mar 28, 2014 at 5:38 PM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Good Gawd! Some of you are like a dog with a bone. The facts: 1) Something Happened 2) It Got Publicized 3) There Are A Lot of Ticked Off People We can debate who is at fault until we are blue in the face. The fact of the matter is, all of it is in the past. We can not change the past. Adobe (the CF product team) is aware of everyone's concerns, and are evaluating strategy *for the future*. You have all said your piece here, in the very public openness of the web, where Google will pick it up and run, and allow the naysayers to say see, even their own community... Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. I promise you that it is a much more valuable use of your time, and your valid, constructive criticism might actually get met with an official response and/or action. Now, you are welcome to flame me here, but *I* promise *you*, you will just be wasting keystrokes. Spend 'em in the bug tracker. Steve 'Cutter' Blades Adobe Community Professional Adobe Certified Expert Advanced Macromedia ColdFusion MX 7 Developer http://cutterscrossing.com Co-Author Learning Ext JS 3.2 Packt Publishing 2010 https://www.packtpub.com/learning-ext-js-3-2-for-building-dynamic-desktop-style-user-interfaces/book The best way to predict the future is to help create it ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358189 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
1. out of the box install, not secure, but your site works just fine.. This is the Adobe's approach 2. out of the box, locked down and secure, but site may break, so you have And this is Microsoft's You're quite right. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358190 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Imagine a family buys a car, and by default the airbags and anti-lock breaks are not enabled. Indeed, they are in the trunk, under the spare tire, but it's up to you to go to the manufacturer's site and download instructions to install them ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358191 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. What does this matter when the bad juju blows back publicly on the product itself? Blaming the customer for problems in other channels typically doesn't tend to end well for the seller. Thats what I am seeing here. I know you're right... but is that relevant to long term sales growth? I'm no longer a full-time CF developer. I run a company whose focus has to be on customer service. I cannot imagine an approach like that surviving in my marketplace for long. So I'm not looking at this from a technical perspective. At its root this is not a tech problem at all. Its a problem with consumer perception of the product. Like you, I'm in a business that has to focus on customer service. But I think there's an important difference in expectations between providing services and selling tools. My customers expect me to know how to do things right - to understand how my tools work. When you buy a tool, you are expected to know how to use the tool, and there is only so much the tool vendor can do to prevent you from misusing the tool. Application servers are inherently complex, and it takes a certain level of expertise to set them up. There's no getting around that. I agree that Adobe might be able to do a couple of things to make the process easier, but I think those things might also have unintended consequences - breaking existing applications, etc. In the end, security is going to rely on the knowledge of the administrator and developers. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358181 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
but for CF to have a backdoor entry point as standard in the install is plainly stupid and it has not helped sell CF as an option. This is exactly the point. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358192 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
if you think no-one uses Windows web servers then you are wrong, very wrong. It would seem you also think that Windows is not locked down by default, that may have been true once upon a time, but is no longer the case and hasn't been for many years.Certainly since Windows Server 2008, you must specifically choose which roles to install, everything is not installed by default, the firewall is also installed and enabled by default with only the basic required services allowed through and networking is also disabled. On Fri, Mar 28, 2014 at 5:52 PM, Dave Watts dwa...@figleaf.com wrote: sure something may break by being locked down, but as I said earlier, you have 2 choices.. 1. out of the box install, not secure, but your site works just fine.. So nothing to learn unless you choose to. User continues in blissful ignorance. 2. out of the box, locked down and secure, but site may break, so you have to learn something about CF security to get it working. Learning is required and not optional, user has now learnt something new and has a secure system. surely this is a no brainier. This explains why absolutely no one uses Windows web servers. After all, that's how Unix web servers always worked, pretty much. You had to know what you were doing to get them working. I can see now why Windows never got any market share. (note: this is not an endorsement of one or the other, just an observation) Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358193 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Imagine a family buys a car, and by default the airbags and anti-lock breaks are not enabled. Indeed, they are in the trunk, under the spare tire, but it's up to you to go to the manufacturer's site and download instructions to install them ;-) Obviously none of you have ever owned a Jeep :D When Im not hacking on servers - http://www.jeepforum.com/forum/f96/bug-out-build-1568531/ Just Empty Every Pocket Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 28, 2014, at 12:58 PM, Claude Schnéegans schneegans@internetiq.trunkful.com wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358194 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
2. out of the box, locked down and secure, but site may break, so you have And this is Microsoft's It's Microsoft's approach ... now. But it took them a long time to get there. And the sheer weight of legacy code probably had something to do with that. And I think Microsoft server products got quite a bit of market share for just working out of the box. I don't know how successful they'd have been if they'd originally been more like Unix servers. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358195 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I see lessons in seeing sarcasm are needed Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 28, 2014, at 1:02 PM, Russ Michaels r...@michaels.me.uk wrote: if you think no-one uses Windows web servers then you are wrong, very wrong. It would seem you also think that Windows is not locked down by default, that may have been true once upon a time, but is no longer the case and hasn't been for many years.Certainly since Windows Server 2008, you must specifically choose which roles to install, everything is not installed by default, the firewall is also installed and enabled by default with only the basic required services allowed through and networking is also disabled. On Fri, Mar 28, 2014 at 5:52 PM, Dave Watts dwa...@figleaf.com wrote: sure something may break by being locked down, but as I said earlier, you have 2 choices.. 1. out of the box install, not secure, but your site works just fine.. So nothing to learn unless you choose to. User continues in blissful ignorance. 2. out of the box, locked down and secure, but site may break, so you have to learn something about CF security to get it working. Learning is required and not optional, user has now learnt something new and has a secure system. surely this is a no brainier. This explains why absolutely no one uses Windows web servers. After all, that's how Unix web servers always worked, pretty much. You had to know what you were doing to get them working. I can see now why Windows never got any market share. (note: this is not an endorsement of one or the other, just an observation) Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358196 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
if you think no-one uses Windows web servers then you are wrong, very wrong. Uh, yeah, I know that. That was my point. It would seem you also think that Windows is not locked down by default, that may have been true once upon a time, but is no longer the case and hasn't been for many years.Certainly since Windows Server 2008, you must specifically choose which roles to install, everything is not installed by default, the firewall is also installed and enabled by default with only the basic required services allowed through and networking is also disabled. I guess you can interpret many years however you like, but the simple fact is, from the beginning and through the majority of the lifespan of Windows servers, this was not the default. And I don't think Windows would have been nearly as popular for servers if it had started out that way. The fact that things worked by default gave Windows market share. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358197 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
On 03/28/2014 10:52 AM, Dave Watts wrote: This explains why absolutely no one uses Windows web servers. Some data on this topic: http://news.netcraft.com/archives/2014/03/03/march-2014-web-server-survey.html IIS looks great in the all sites category but is seemingly dead in the Active sites category. I am particularly amused by the last category where NGINX has more marketshare then IIS in the top million busiest sites. Warm Regards, Jordan Michaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358198 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
It's Microsoft's approach ... now. But it took them a long time to get there. You're probably right. The point here is that it is taking even a longer time to Adobe. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358199 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
OMG You mean ColdFusion 11 is public :P Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Sat, Mar 29, 2014 at 4:38 AM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Good Gawd! Some of you are like a dog with a bone. The facts: 1) Something Happened 2) It Got Publicized 3) There Are A Lot of Ticked Off People We can debate who is at fault until we are blue in the face. The fact of the matter is, all of it is in the past. We can not change the past. Adobe (the CF product team) is aware of everyone's concerns, and are evaluating strategy *for the future*. You have all said your piece here, in the very public openness of the web, where Google will pick it up and run, and allow the naysayers to say see, even their own community... Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. I promise you that it is a much more valuable use of your time, and your valid, constructive criticism might actually get met with an official response and/or action. Now, you are welcome to flame me here, but *I* promise *you*, you will just be wasting keystrokes. Spend 'em in the bug tracker. Steve 'Cutter' Blades Adobe Community Professional Adobe Certified Expert Advanced Macromedia ColdFusion MX 7 Developer http://cutterscrossing.com Co-Author Learning Ext JS 3.2 Packt Publishing 2010 https://www.packtpub.com/learning-ext-js-3-2-for-building-dynamic-desktop-style-user-interfaces/book The best way to predict the future is to help create it ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358200 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I doubt it would have made any difference as there still would have been only the same choices, and the reasons for choosing Windows over Linux or Others would have remained the same, for folks that wanted a simple GUI to work either vs command line. On Fri, Mar 28, 2014 at 6:04 PM, Dave Watts dwa...@figleaf.com wrote: 2. out of the box, locked down and secure, but site may break, so you have And this is Microsoft's It's Microsoft's approach ... now. But it took them a long time to get there. And the sheer weight of legacy code probably had something to do with that. And I think Microsoft server products got quite a bit of market share for just working out of the box. I don't know how successful they'd have been if they'd originally been more like Unix servers. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358201 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I am particularly amused by the last category where NGINX has more marketshare then IIS in the top million busiest sites. I'm not all that surprised. Very busy sites are likely to have better infrastructure. Nginx makes a very good reverse proxy for internal servers. I have a customer in the top 10k Netcraft ranking doing exactly that, using IIS and CF internally, and exposing them to public access only through reverse proxies. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358202 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
consider this Imagine a family buys a car, and by default the airbags and anti-lock breaks are not enabled. Somewhere deep in the manual is a mention of following a safety setup guide and You are expected to follow this guide make changes to your car to make it safe and secure. Now imagine there is a family out in that car one day, they crash and every dies because they did not read that guide and did not setup their anti locking breaks and airbags. would you say serves them right, they should have done the safety setup procedures, anyone who doesn't know that shouldn't be driving a car or is it more likely that you will blame the manufacturer for for not making the car safe to begin with. moral: most people who drive a car knows how they work, most people who run a server (VPS) is a security expert or even a sysadmin. Cloud/VPS hosting is so common these days, that every tom dick and harry has one, and they no barely anything about running a server. they either installed CF themselves, or asked their host to do it, who also knows nothing about CF. I expect anything I buy to be safe and secure by default, whether it be a car, a lawnmower or ColdFusion, even if I do have the common sense to check it beforehand. On Fri, Mar 28, 2014 at 2:49 PM, Money Pit websitema...@gmail.com wrote: If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. What does this matter when the bad juju blows back publicly on the product itself? Blaming the customer for problems in other channels typically doesn't tend to end well for the seller. Thats what I am seeing here. I know you're right... but is that relevant to long term sales growth? I'm no longer a full-time CF developer. I run a company whose focus has to be on customer service. I cannot imagine an approach like that surviving in my marketplace for long. So I'm not looking at this from a technical perspective. At its root this is not a tech problem at all. Its a problem with consumer perception of the product. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358180 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
On 03/28/2014 11:13 AM, Dave Watts wrote: Very busy sites are likely to have better infrastructure. IIS can function great as a reverse proxy. You'd think these companies would want to save the cost of training their employees on new web servers/proxies when they could simply use IIS for this task. Warm Regards, Jordan Michaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358203 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
The idea that any application is installed on a server that is open to the internet, or even if used internally, should be installed in such a way that is open to hacking by default is, quite frankly, ridiculous. I've got bad news for you. Stick this in Google: [product] default vulnerability and prepare to be amazed. Some suggestions: PHP, IIS, Apache. Not all allow remote users to execute arbitrary code, but plenty do. I have been responsible for corporate level global infrastructures including the use of firewalls, VPNs, etc. If you have ever worked with any high standard product you will be aware that features remained closed by default. You don't install a firewall and find all the ports are open and you have to select which to close, quite the reverse. I submit to you that it should not be surprising that products explicitly designed for security purposes, like firewalls and VPNs, will be expected to be secure by default. The notion that it's the sys admins fault if a product installs in an unsecure way beggers belief. No, that's not the sysadmins' fault. But leaving a product at the default install state on an untrusted network - that IS the sysadmins' fault. How is a sysadmin going to make sure that the developers' applications are secured properly, if he doesn't know enough to secure the one web application that's packaged with the product? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358204 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Jordan and Dave, Thanks! You just helped me solve a totally unrelated problem on an IIS site with a lot of static content requests. Ive got several servers using Apache as a reverse proxy to NGINX but I dont know why it didnt occur to me to look in to doing the same for IIS... Jon On Mar 28, 2014, at 2:31 PM, Jordan Michaels jor...@viviotech.net wrote: On 03/28/2014 11:13 AM, Dave Watts wrote: Very busy sites are likely to have better infrastructure. IIS can function great as a reverse proxy. You'd think these companies would want to save the cost of training their employees on new web servers/proxies when they could simply use IIS for this task. Warm Regards, Jordan Michaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358205 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I also once had a client who did this, they were Linux heads who thought that hiding the sucky insecure windows/cf server behind a linux server and doing a reverse proxy would make it secure. But of course it didn't as everything still works the same way, the SQL injections still got through, the insecure file upload forms still allowed files to be uploaded, which could then be executed as they had cfexecute and cfregistry enabled. the worse thing is this was the governments hosting dept :-) On Fri, Mar 28, 2014 at 6:13 PM, Dave Watts dwa...@figleaf.com wrote: I am particularly amused by the last category where NGINX has more marketshare then IIS in the top million busiest sites. I'm not all that surprised. Very busy sites are likely to have better infrastructure. Nginx makes a very good reverse proxy for internal servers. I have a customer in the top 10k Netcraft ranking doing exactly that, using IIS and CF internally, and exposing them to public access only through reverse proxies. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358206 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I also once had a client who did this, they were Linux heads who thought that hiding the sucky insecure windows/cf server behind a linux server and doing a reverse proxy would make it secure. There is no such thing as make it secure, of course. But it is more secure. It solves one specific security problem - preventing executable code from being directly accessed from an untrusted network. But of course it didn't as everything still works the same way, the SQL injections still got through, the insecure file upload forms still allowed files to be uploaded, which could then be executed as they had cfexecute and cfregistry enabled. So what you're saying is that, despite the fact that the environment was (more) secure by default, developers accidentally wrote exploitable code? I have the feeling there's some lesson to be drawn from this. I wonder what it is? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358207 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
A locked door is useless if you leave the windows open. Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 19:09, Dave Watts dwa...@figleaf.com wrote: I also once had a client who did this, they were Linux heads who thought that hiding the sucky insecure windows/cf server behind a linux server and doing a reverse proxy would make it secure. There is no such thing as make it secure, of course. But it is more secure. It solves one specific security problem - preventing executable code from being directly accessed from an untrusted network. But of course it didn't as everything still works the same way, the SQL injections still got through, the insecure file upload forms still allowed files to be uploaded, which could then be executed as they had cfexecute and cfregistry enabled. So what you're saying is that, despite the fact that the environment was (more) secure by default, developers accidentally wrote exploitable code? I have the feeling there's some lesson to be drawn from this. I wonder what it is? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358208 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
OMG You mean ColdFusion 11 is public :P I'm hearing Stroz in the back of my head... 10.5 10.5 have a great weekend! -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358209 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Re: The long tail of analogy hell. On 3/28/14, 4:42 PM, Russ Michaels r...@michaels.me.uk wrote: A locked door is useless if you leave the windows open. Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 19:09, Dave Watts dwa...@figleaf.com wrote: I also once had a client who did this, they were Linux heads who thought that hiding the sucky insecure windows/cf server behind a linux server and doing a reverse proxy would make it secure. There is no such thing as make it secure, of course. But it is more secure. It solves one specific security problem - preventing executable code from being directly accessed from an untrusted network. But of course it didn't as everything still works the same way, the SQL injections still got through, the insecure file upload forms still allowed files to be uploaded, which could then be executed as they had cfexecute and cfregistry enabled. So what you're saying is that, despite the fact that the environment was (more) secure by default, developers accidentally wrote exploitable code? I have the feeling there's some lesson to be drawn from this. I wonder what it is? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358210 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
If you pound sand long enough it might turn into glass. Or not. One of my favorite quotes from a friend I used to work with was: Is the juice worth the squeeze?. Southern wisdom at it's finest. G! -- Gerald Guido Twitter https://twitter.com/CozmoTrouble Blarg http://www.myinternetisbroken.com Facebook https://www.facebook.com/gerald.guido.9 On Fri, Mar 28, 2014 at 7:21 PM, Bobby bo...@acoderslife.com wrote: Re: The long tail of analogy hell. On 3/28/14, 4:42 PM, Russ Michaels r...@michaels.me.uk wrote: A locked door is useless if you leave the windows open. Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 19:09, Dave Watts dwa...@figleaf.com wrote: I also once had a client who did this, they were Linux heads who thought that hiding the sucky insecure windows/cf server behind a linux server and doing a reverse proxy would make it secure. There is no such thing as make it secure, of course. But it is more secure. It solves one specific security problem - preventing executable code from being directly accessed from an untrusted network. But of course it didn't as everything still works the same way, the SQL injections still got through, the insecure file upload forms still allowed files to be uploaded, which could then be executed as they had cfexecute and cfregistry enabled. So what you're saying is that, despite the fact that the environment was (more) secure by default, developers accidentally wrote exploitable code? I have the feeling there's some lesson to be drawn from this. I wonder what it is? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358211 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
There are people doing that, and their entries are being closed without comment, even when they request comment. So what's the point? Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. On Fri, Mar 28, 2014 at 10:38 AM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358212 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
For the Love of God On Fri, Mar 28, 2014 at 8:30 PM, Maureen mamamaur...@gmail.com wrote: There are people doing that, and their entries are being closed without comment, even when they request comment. So what's the point? Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. On Fri, Mar 28, 2014 at 10:38 AM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358213 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
Oh, does he work at Adobe now? On Fri, Mar 28, 2014 at 5:35 PM, Jerry Milo Johnson jmi...@gmail.com wrote: For the Love of God On Fri, Mar 28, 2014 at 8:30 PM, Maureen mamamaur...@gmail.com wrote: There are people doing that, and their entries are being closed without comment, even when they request comment. So what's the point? Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. On Fri, Mar 28, 2014 at 10:38 AM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358214 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Moving part of my hosting business - thoughts about my plan please ...
Thank you everybody, I'm glad I asked.I have changed my plan now. Cameron and others made a good point. I was trying to do too many thing at once. My plan now is to get a new hosting environment as similar as possible to my current one, so its gives me the most chance that I'll be able to just copy everything over and most of it will work as is. Then work from there on the transition to Linux or the cloud and Railo in two more steps. Thanks to a suggestion from another member of this list off-list I'm not going with the cloud just yet, I'll go with a VPS at Viviotech and work from there. So far every question I've asked they have said yes we can do that all you do is Once again this group helps me out. In this case, I can see if I had gone with my original plan, it MIGHT have worked out ok, but with my luck the odds were that it would give me a lot of grief before it was all said and done.Thank you all I'll let you know how it all turns out. Cheers Mike Kear On Sat, Mar 29, 2014 at 2:12 AM, Money Pit websitema...@gmail.com wrote: Having been there/done that myself, I would follow Cameron's described route. You don't want to be debugging so many different issues at once on an OS you aren't intimately familiar with (and maybe not familiar at all). You mentioned you are on Win2003. Have you by chance missed out on running CF on a 64-bit Win OS? That was like manna from heaven when I first switched. Consider a Windows VPS from Viviotech. They can license you a copy of CF Enterprise *very* inexpensively. They are surprisingly robust for the prices charged, they are CF-literate and an excellent firm on general principles. From there consider leasing another Windows VPS and put Railo on it (Viviotech will do this for you for a small setup fee or for free IIRC). Then tinker away, migrate a low-profile site over when you're ready etc. This is what I did with my personal sites. You could take it a step further and after mastering Railo, retire the Windows/Railo VPS, fire up one with linux and start over again on the tinkering so you limit your issues to that part of the change. If you need more horsepower and have the budget for a CF license, look at the blade servers at Cybercon; check out their hardware configs. I don't see how you can beat those prices. My servers there have been absolutely reliable. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358215 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. Bugs happen... as a developer I'm sure you've had clients bring bugs to you and you've asked them to provide additional information so they could be reproduced and fixed. It wasn't their job per se, but it happens to all of us. One of the companies I work with was all geared up to move a fairly large e-commerce network from CF8 to CF10 when we ran into an issue with the 404 handler (see https://bugbase.adobe.com/index.cfm?event=bugid=3488063) which had been previously reported to Adobe, but they were having trouble reproducing it internally. I spent a lot of time setting up test cases and bolting on debugging tools, gathering packet captures, getting traces from IIS, and digging way deeper than I ever thought I would. After lots of rounds of back and forth with Adobe engineering, they will soon be releasing* an update to the Tomcat connector for CF10 and I'm sure it'll make its way into CF11 as well. Anyone who's run into the connection reset issue when using a CF-based 404 handler will soon have a fix for that problem. It wasn't my job to help them troubleshoot this and create a reproduction scenario and work with them to test potential solutions (heck, we even paid for the privilege through a platinum support contract), but we needed that feature to work properly, so we did what was needed to help them fix it. Sorry, I get annoyed whenever I hear people say not my job. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358216 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
Maureen, This is one of my extreme pet peeves with Adobe, in the last 10+ years, is the length of time it takes from a bug being reported to being fixed is in the years, not days or months, but literally years. I have bugs that where reported in the 2006-2008 days, that are still not fixed in ColdFusion 11. As a developer how does that give me any confidence in the product? Yes it is a perception, but it is a much too common perception I come across by other developers I talk too when it comes to ColdFusion. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Sat, Mar 29, 2014 at 11:30 AM, Maureen mamamaur...@gmail.com wrote: There are people doing that, and their entries are being closed without comment, even when they request comment. So what's the point? Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. On Fri, Mar 28, 2014 at 10:38 AM, Steve 'Cutter' Blades cold.fus...@cutterscrossing.com wrote: Review the install of the now public beta. Write down a list of faults/suggestions. Go file it in the bug report tool. Let everyone know that it's there for vote and comment. Everyone then go vote and comment. If you do it right, and you give it full court press, maybe we can get at least partial response before they take the server to full product. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358217 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
Justin, yes I reported this too Adobe during the ColdFusion 10 beta. I can confirm and hope that by the fact that the ticket has been marked fixed, that this is now in ColdFusion 11 as a fix. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Sat, Mar 29, 2014 at 2:58 PM, Justin Scott leviat...@darktech.orgwrote: Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. Bugs happen... as a developer I'm sure you've had clients bring bugs to you and you've asked them to provide additional information so they could be reproduced and fixed. It wasn't their job per se, but it happens to all of us. One of the companies I work with was all geared up to move a fairly large e-commerce network from CF8 to CF10 when we ran into an issue with the 404 handler (see https://bugbase.adobe.com/index.cfm?event=bugid=3488063) which had been previously reported to Adobe, but they were having trouble reproducing it internally. I spent a lot of time setting up test cases and bolting on debugging tools, gathering packet captures, getting traces from IIS, and digging way deeper than I ever thought I would. After lots of rounds of back and forth with Adobe engineering, they will soon be releasing* an update to the Tomcat connector for CF10 and I'm sure it'll make its way into CF11 as well. Anyone who's run into the connection reset issue when using a CF-based 404 handler will soon have a fix for that problem. It wasn't my job to help them troubleshoot this and create a reproduction scenario and work with them to test potential solutions (heck, we even paid for the privilege through a platinum support contract), but we needed that feature to work properly, so we did what was needed to help them fix it. Sorry, I get annoyed whenever I hear people say not my job. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358218 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CAN THIS PLEASE BE THE END? Re: The long tail of ColdFusion fail
The scenario you describe is vastly different than me telling my clients if they want the next version of my software to be secure they have to download and install a beta with known problems, test it, record flaws, suggest features and solicit votes for those flaws to be fixed and the features to be added. And then when they do that, I give them no feedback on their submissions. Not gonna play. This is my last post on this topic. On Fri, Mar 28, 2014 at 8:58 PM, Justin Scott leviat...@darktech.org wrote: Also, QA and debugging are usually paid positions, except for open source software. If Adobe wants to make CF open source, I will be happy to volunteer some time to help fix it. Otherwise, not my job. Bugs happen... as a developer I'm sure you've had clients bring bugs to you and you've asked them to provide additional information so they could be reproduced and fixed. It wasn't their job per se, but it happens to all of us. One of the companies I work with was all geared up to move a fairly large e-commerce network from CF8 to CF10 when we ran into an issue with the 404 handler (see https://bugbase.adobe.com/index.cfm?event=bugid=3488063) which had been previously reported to Adobe, but they were having trouble reproducing it internally. I spent a lot of time setting up test cases and bolting on debugging tools, gathering packet captures, getting traces from IIS, and digging way deeper than I ever thought I would. After lots of rounds of back and forth with Adobe engineering, they will soon be releasing* an update to the Tomcat connector for CF10 and I'm sure it'll make its way into CF11 as well. Anyone who's run into the connection reset issue when using a CF-based 404 handler will soon have a fix for that problem. It wasn't my job to help them troubleshoot this and create a reproduction scenario and work with them to test potential solutions (heck, we even paid for the privilege through a platinum support contract), but we needed that feature to work properly, so we did what was needed to help them fix it. Sorry, I get annoyed whenever I hear people say not my job. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358219 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
