ColdFusion Security Issue - FCKEditor
Many blogs are reporting this, and frankly I don't have more to add to the already good reports out there, but be sure you read and respond to this new issue involving FCKEditor. Details:
CF8 and FCKEditor Security Threat
ColdFusion 8 FCKeditor Vulnerability
Please help spread the word.
Converting ColdFusion data for jQuery Plugins - An example
Kerrie asks:
A couple of weeks ago, I read a post you wrote on jQuery and form validation... really peaked my interest so I've been taking a look at not only the validation plugin, but many of the other great jQuery plugins... I found this one last night, and its perfect for an app I'm working on, but I cannot figure out how to return the output of a query to populate the list. In the demo they are returning the results of tvshows.php. I noticed a number of other folks were having the same problem but no solution. Might you have a few spare moments to take a look??
Kerrie, don't feel alone. I've noticed this in a few other jQuery plugins. The author will give you an example of the JSON they want, but they don't describe the JSON in pure data forms. So for example, if the JSON string is an array of strings, they don't say that. They just show it and assume you know that is how arrays are represented in JSON. JSON may be easy, but I definitely can't parse it in my head quite yet. Lets take a look at what the plugin wants:
Query of query issue with where clause/joins
A user reported this to me earlier in the week. I was sure he was wrong until I confirmed it myself. Imagine you have 2 queries you want to join using a query of query. Here is a quick sample.
Quick example of Java via ColdFusion - Reading FLV Metadata
Earlier this week a reader asked if there was a way to read FLV Metadata via ColdFusion. There isn't anything built in (that I know of!) so I did a quick search for a Java solution. I think people forget how easy it is to use Java via ColdFusion. Even if you have no intent, or care, to read FLV Metadata, please read on as the general technique is something I've done many times in ColdFusion, and could be helpful to anyone looking to do something not directly supported via CFML.
Important RIAForge Updates
Today I released two important updates to RIAForge, both thanks to Nathan Mische.
The first change is the addition of Akismet spam protection to the blogs and forums. RIAForge gets hit pretty hard by spammers, so the hope is that this will reduce some of that traffic. Yes, there is an add for Wordpress at the bottom, but for a free Akismet license, I think this is a fair trade and it will really help out project owners.
On the flip side, I've heard time and time again from visitors that we need a way to flag/rate/etc projects to help signify active projects from abandoned sites. I've said that I refuse to do this manually. We are currently at 724 released projects and there is no way I'm going to spend my time going through them and chastising project owners to update their work. (Especially when I have some 'dusty' projects myself.) Today we added a simple little modification that I think will help out. When browsing projects by category, or in search, and when viewing the detail of a project, an "active" project will have (Active) after the name. "Active" is defined as simply being updated in the past 30 days.
It isn't a perfect system - but I think it works well, especially in search. I'd like to add to this a ratings system and flag highly rated projects. So with once glance you can easily see which projects are being updated often and which have high reviews from users.
Anyway, onward and upward. Big thanks to Nathan, and hopefully the ball will keep rolling.
Are you aware of the MIME/File Upload Security Issue?
I had heard a few rumblings of this recently but had not really paid it much attention. Mike emailed me today and described how he was hacked pretty badly by it. I'll share his email and then add some notes to the end.
Ask a Jedi: CFAJAXPROXY and Managing Callbacks
Yaron asks:
I'd like to know what your preference is for using cfajaxproxy. In JavaScript, do you create one global proxy object and reuse it throughout your script? Or do you create a new proxy object within every function that generates a proxy call?
The reason I'm asking is I had multiple concurrent proxy calls that had their callback functions mixed up. Meaning, one functions makes 2 async calls with two separately defined callback functions. Unfortunately, one callback function received the input from another. Weird.
Ah, asynchronous network calls. Life would be a heck of a lot easier if everything was synchronous. Let's dig a bit into what Yaron found in case it doesn't make sense.
MAX 2009 ColdFusion Unconference - Call for Speakers/Comments
MAX is still a few months away (and I've yet to finish my presentations for CFUNITED), but it's time to begin early planning for the ColdFusion Unconference. Last year I think things went well, but there are some changes I'd like to make.
First - I booked every single possible hour (except for 2-3) with sessions. While I think this was good, it didn't leave much time for ad hoc sessions or just general bull sessions. What I'd like to do this year is leave something like 30% of the time open. This will be for any possible topic, and could be a good way to hash out ColdFusion 9 stuff that I assume will be fresh on people's minds. I'm also a big fan of show and tell. I'd like to offer some opportunities for folks to just plug in a laptop and show what they have been working on. Again, if ColdFusion 9 is out by then, or in public beta, this could be a great way to show the new shiny stuff off. Thoughts on this? Should I leave even more time open? Less?
Second - last year I was mistaken about lunch. I had thought lunch would be served at the Unconferences. This year there is no question about it - it won't be happening. So the lunch slot will always be open. Personally I plan on just bringing some food over and hanging out with the CF peeps, since we are, of course, the coolest kids on the block.
Speaking of food - some of the other Unconferences offered their own coffee and snacks. I'd like to open the Unconference to corporate sponsorship. I'm not 100% sold on this, but if a company would like to buy coffee and donuts, and maybe pizzas, I'd definitely be willing to let you speak for a few minutes at the start of each day (and to put up a small sign, whatever, something tasteful ;). I don't think the presence, or lack thereof, of food and drink will be a huge thing, but I thought it might be nice to have.
Third (or fourth? Lost count) - last year I included topics that were not 100% ColdFusion. I think this was a good idea as I think we need exposure to other technologies/subjects/etc. Any opinions on that?
So... thoughts? Comments? If you would like to speak, please go ahead and post a comment with a) your topic idea and b) your 'bad' times. Bad times being times when you are presenting at MAX or want to attend a session. I'll just pick a time outside of that to slot you in and we can hash it out later.
p.s. Also note this year I'll have not one but two helpers. Scott Stroz has offered to give me a hand again, and Charlie Griefer is my official Grunt Brute (my term, not his). CJ has offered to do anything and everything I demand of him, so I fully expect to take advantage of that and make him regret the day he met me. Just kidding. (Mostly. ;)
ColdFusion Portal Update
Just a quick note to let folks know that I've updated the ColdFusion Resource Portal. I don't think folks visit this site very often. I created it mainly because I had trouble finding things on the Adobe site. I noticed how well Flex.org organized important links for Flex dev so I created a similar set of links for the CF portal.
In this update I switched over the Spry tabs to jQuery UI tabs. I didn't remove Spry completely though - it is still being used to load the RSS feeds in the right hand column. I also removed a lot of content that can be found elsewhere. So for example, I no longer list blogs, but rather tell people about ColdFusionBloggers. Ditto fur User Groups - most groups are now listed at Adobe Groups, so I simply let folks know where to go.
I hope people still find this little site useful!
iPhone 3GS - So far, so good
I wanted to give folks a quick update on my experience with the new iPhone 3GS. With the expensive (for some) upgrade price, I know people aren't sure if it is worth the upgrade. Here is what I've found so far. First though - note that I had a first generation iPhone. What seems really great for me may not be so great for folks already on a 3G phone.
1) Network Speed I guess I shouldn't be too surprised, but, I had heard that 3G wasn't "too big" of a jump over Edge. Maybe it isn't, but it certainly feels a heck of a lot zippier. The main applications I use with a lot of network activity are Twitterific, Maps, and Safari. All of them run much faster now. I was particularly surprised by Maps. I had it tracking my car and it updated our position in real time. (I wasn't driving. :) I was also impressed by the directions. I hadn't used it before, but I can see using it a lot more now that I know how it works.
Unfortunately, the main site I use for mail, GMail, has recently taken a step back in functionality. A few weeks ago they changed things up a bit, and since then, I've seen some odd behavior. Sometimes simple mail messages just refuse to load. Sometimes the entire web site refuses to load. This isn't 3GS issue, but whatever they did recently seems to have made things a bit flakey. When it works, it works great.
2) Application Speed This seems to be a bit hit and miss, and probably depends a lot more on the application's code base then anything else. Peggle (darn good addictive game) loaded up 10X faster than it normally did. Other applications seem a bit faster, but in general, I'd say things feel about 2X faster. 2X faster is nice - real nice, just don't expect the same boost over everything. The camera is nicer - but I still wish it ran faster.
3) Compass It works. Meh. If I get lost, I'll appreciate it.
4) Video It works, and works well. I was surprised with how nicely it handled offering to upload the video to YouTube. The whole conversion and upload process took about 3 minutes. The quality isn't great, but I'll have my iPhone around a lot more than my Flip camera (and the quality seems about the same).
5) Battery Life I don't know about others, but this seems to be the biggest disappointment. I haven't done any scientific testing, but it just seems like it hasn't improved at all. Whereas everything else seems nicer, faster, shinier, the battery seems to be the exact same as before. My real "test" for this was my last flight to California. I watched video for a good chunk of the trip like I normally do ("Last Man on Earth", good Vincent Price film, and the last 40 minutes of the Dark Knight) and the battery seemed just as drained as it normally is (around 45%). I expected a lot more here.
6) Misc Not that it's important, but the speaker is way loud. Loud as in the first time I got a text message I jumped about five feet. I guess that's good, but I've always relied on vibrate to notice incoming calls.
So overall, I'm very happy with the upgrade. I was lucky enough to get a good price for it (299), and I probably would have paid a bit more too (although as a consultant I can write it off as a business expense).
p.s. Some "apps" that I really need to pick up but haven't yet - Wolfenstein3D and Space Ace. Anyone tried them yet?