Blog

In a recent pissing match between ColdFusion and PHP, Jared Rypka-Hauer was demonstrating the performance of a function that generated prime numbers. The discussion really wasn't about the BEST prime generator as much as it was about how much ColdFusion can kick PHP's puny butt all over town. Never the less, I piped up in the comments to ask Jared to compare a prime number generator that I wrote a while back based on the Sieve of Eratosthene. After Jared asked some good questions about how my code worked I figured it was time I stopped high-jacking the comments of the PHP pooper train. I decided to spin off a new post to highlight some significant performance gains I was able to produce.

When catching an error in a CFC, I've always assumed that the exception object was a locally scoped variable, specific to that method call. Some interesting errors we received from the depths of our ColdBox framework made me start to question that. I concocted a test last night which appears to prove that your exceptions are not thread safe in a CFC stored in a persistent scope. (In CF8, at least)

Today wrapped up the two-day Designer/Developer Workflow Conference here in Kansas City. A big thanks to Dee Sadler for putting it all together and to the awesome speakers. It was very interesting to attend sessions that were not just about programming, but about the workflow we all deal with when it comes to working with our designers and prototyping applications. I also really liked the re-occurrence of topics centered around mobile development. I even found out about a local group call the Mobile Media Club that was founded by one of our speakers, Vince Vaughan. (No, not THAT Vince Vaughn) I was able to meeting some cool people I had heard of before but never seen in person (like John Farrar and Andy Matthews) and some brand new faces I didn't even know existed (like Seb Lee-Delisle, Chris Griffith, and Vince Vaughan) I'm hoping Kansas City will see some more quality training like this in the near future and will draw even more people.

A brief hiatus today from from the PCI Compliance series to issue a quick public service announcement. I was installing my free copy of SeeFusion today that I netted in the recent give-away WebApper had. Since the target machine was CF7 on a OpenSuse Linux with the JVM upgraded to 1.4.2_11, it was a "manual" install. Pretty easy-- copy a few jar files and edit a few configs. The problem was, SeeFusion wasn't able to connect to my debugging port to capture stack traces and I couldn't figure out why.

The next stop on our PCI DSS Compliance tour is disabling weak SSL versions and encryption ciphers. If your site is handling credit card payments, it is undoubtedly using HTTPS for at least the pages that collect payment information. I thought I had already taken care of this item, but I was apparently mistaken. Fortunately, this is pretty easy to fix and if you're on Windows I've even cooked up a quick and easy registry file for you to use.

As a web developer you have your share of demons you have to face. If your company processes credit cards, chances are your yearly PCI DSS compliance scan is one of those demons. I thought I would do a short series on a few security items I tightened down as a result of our last PCI scan. This is by no means a comprehensive list of everything needed to pass a PCI scan. If you want to know that and have time to read a 74 page PDF you can get a copy of the Spec at www.pcisecuritystandards.org.

I jogged down the stairs, one arm over my head, as I pulled my coat on a sleeve at a time. Fishing the car keys out of my pocket with one hand, I leaned over my computer to tap in my E-mail password with the other. "Wow, 41 unread messages in the CF-Talk folder," I thought. "There must be a hot new topic on the list today." With a click I watched the new thread flow in. "Why i fear ColdFusion is on its last legs" "Oh Geez," I sighed, "Please not with this again!" There wasn't time to read all that right then. I'd have to catch up on this one later in the day when my absorption rate was higher.

A lot of you have web servers that double as mail servers to relay out mail from your ColdFusion applications. Even if you have a separate server that handles your mail relay, this post should still be helpful. The more and more that spam proliferates on the Internet, the more antsy ISPs get about blocking mail. There are a litany of reasons an ISP might reject mail from your server. GoDaddy has been one of the most annoying companies to deal with. There are two things I had to fix on my mail server before they would accept mail from my server. Reverse DNS and Helo host name.

I found an interesting little bug in the BlogCFC implementation of ColdFISH today. ColdFISH is a ColdFusion code formatting component that is instantiated once and cached as a singleton in the application scope in BlogCFC. The problem is, ColdFISH looks like it wasn't intended to be used as a singleton. It makes use of the variables scope to store the Java StringBuffer class it uses to gather up your formatted code as well as a number of other variables used to parse the code it is formatting. This means when two or more people hit a BlogCFC entry with larger code samples, race conditions exists.

I had 16 Google Wave Invites show up in my Wave inbox today. If you've been wanting to try out Google Wave, the bidding starts at $5.00. OK, just kidding-- shoot me a message and I'll invite you if I have any left. :) 11/30 UPDATE: I'm all out of invites now, but I was able to hit everyone that asked so far. Remember it often takes several days to get the E-mail from Google. Enjoy!