Modernize or Die® - CFML News for January 19th, 2021 - Episode 87
2021-01-19 Weekly News - Episode 87Watch the video version on YouTube at https://youtu.be/DHO_LXiFHII Hosts:Gavin Pickin - Software Consultant for Ortus SolutionsBrad Wood - Software Consultant for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsOne way to say thanks back to Ortus Solutions, is to support CFCasts, which is releasing new content every weekPatreon SupportWe have 33 patreons providing 61% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!https://www.ortussolutions.com/blog/we-need-your-help News and EventsLucee Vulnerability now Public - Security researchers earn $50k after exposing critical flaw in Apple travel portalSecurity researchers have earned a $50,000 bug bounty after uncovering a critical flaw in Apple’s travel portal.Rahul Maini and Harsh Jaiswal were able to achieve remote code execution (RCE) by stringing together a string of vulnerabilities in order to exploit targeted domains.Lucee in the sky with exploitsIn a detailed technical write-up, Maini and Jaiswal explain how the early stage of their bug hunt narrowed their range of targets down to three hosts running on a content management system (CMS) which was back-ended by Lucee, a Java-based tag and scripting language used for web app development.https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal Apple RCE Write Up - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md Cbi18n V2.0.0 ReleasedThis module will enhance your ColdBox applications with i18n capabilities, resource bundles and localization. It supports traditional Java resource bundles and also modern JSON resource bundles.V2.0 includes a large contribution by Wil De Bruin. Release Notes: https://github.com/coldbox-modules/cbi18n/releases/tag/v2.0.0 ForgeBox: https://www.forgebox.io/view/cbi18n ColdBox V6.2.2 ReleasedToday we released ColdBox v6.2.2 as a minor path. Please update if you are affected by the issues shown in the release notes.https://www.ortussolutions.com/blog/coldbox-622-released Ortus Webinar - CommandBox Task RunnersFriday, January 22nd - 11:00 AM CDT (GMT -6:00)Have you ever wished you could create command-line programs using CFML, perhaps to automate a task or handle some long-running process? With CommandBox Task Runners, you easily can! Join Grant Copley for this month's webinar, where we take a close look at this powerful tool within CommandBox and how we can use it alongside our applications.with Grant Copleyhttps://www.ortussolutions.com/events/webinarsOnline CF Meetup - "Communication Skills for Technical Engineers a Developers", with Mark TakataThursday, January 21, 20215:00 PM to 6:00 PM CSTNo matter what language, framework or technical skillset you employ in your day-to-day work, the biggest differentiator among engineers, designers a developers is the ability to communicate and engage with end users, stakeholders and business analysts. In this talk, Mark Takata will cover how to improve your ability to communicate with those folks, become an asset for your team a company, and widen the available paths for your future career.https://www.meetup.com/coldfusionmeetup/events/275712862/ Online CF Meetup - "Securing a ColdFusion Application with Fixinator a FuseGuard", w/ Pete FreitagThursday, January 28, 202111:00 AM to 12:00 PM CSTIn this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.https://www.meetup.com/coldfusionmeetup/events/275825925/ ICYMI Online CF Meetup - "CF AMA: Ask Me Anything", with Charlie Arehart and Dan WilsonThursday, January 14, 202111:00 AM to 12:00 PM CSTJoin us for another CF “Ask Me Anything” session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever.Meeting: https://www.meetup.com/coldfusionmeetup/events/275569910/ Recording: https://www.youtube.com/watch?v=KH8-FRUP_Sc CFCasts Content UpdatesWhat’s new with ColdBox 6 - https://cfcasts.com//series/whats-new-with-coldbox6 - HTML QuickStart - Testing QuickStart - WhoopsSend your suggestions at https://cfcasts.com/supportConferences and TrainingVS Code DayJoin the VS Code team and community at a live event just for VS Code users. Get a glimpse of things to come and meet the team who works on VS Code every day.Watch live: January 27, 2021 from 8 AM to 10:30 AM PSTRe-stream (with live QaA): January 27, 2021 from 8 PM to 10:30 PM PSThttps://code.visualstudio.com/vscode-day DevnexusJoin the VIRTUAL ldev/golutionFeb 17 2021 - Onlinehttps://devnexus.com/Ortus Workshops - Dates coming soon - Quick- CommandBox Zero to Hero- ColdBox Zero to Hero- ColdBox Hero to SuperHeroOrtus’s Possible Conferences for 2021Dates subject to changeDue to Online conference overload, we are thinking about not expanding the number of events, but more content in more timezones with a different format.ITB - Developer Week Style?? With some European Timezone Friendly slots from our European Community MembersMay 2021ITB LatamDecember 2021More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Trying to get CFML on the listhttps://github.com/tech-conferences/conference-data/issues/1837 Blogs, Tweets and Videos of the WeekBlog - Ben Nadel - Array.Sort() Operator Has Trouble With Return Values Between Zero And One In Lucee CFML 5.3.7.47As it is documented, the Array.sort() method (and arraySort() function), when given an operator to execute, are supposed to return the values -1, 0, and 1 when comparing two values within the collection. Documentation aside, the .sort() method is actually much more flexible than that, allowing for almost any number to be returned. This is why we can implement our sort operator using math. However, playing fast-and-loose with the return value can result in funky edge-cases, such as accidentally returning a value that falls outside of the INT space. Last week, I ran into yet another such edge-case. Apparently, the Array.sort() operation does not like handling decimal values between 0 and 1, such as 0.345 in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3968-array-sort-operator-has-trouble-with-return-values-between-zero-and-one-in-lucee-cfml-5-3-7-47.htm Blog - Ben Nadel - Escaping The Build Trap: How Effective Product Management Creates Real Value By Melissa PerriLast week, in the InVision Architecture Office Hours meeting, Shawn Hartsell recommended the book, Escaping the Build Trap: How Effective Product Management Creates Real Value by Melissa Perri. I'm not a Product Manager; but, the way Shawn talked about the book - touting "outcomes" over "output" - it tickled my curiosity. So, over the weekend, I picked it up and gave it a read. And, I must say that I loved it. One the one hand, it gave me a lot more insight into what Product Managers do and how they operate within a company; and, on the other hand, it gave me a lot more insight into how company culture plays into effective product development. And, unfortunately, how a toxic company culture can stifle innovation and adaptation. It's a quick read - definitely one that I would recommend to any technology team that builds a product or a service for customers.https://www.bennadel.com/blog/3967-escaping-the-build-trap-how-effective-product-management-creates-real-value-by-melissa-perri.htm Blog - Ben Nadel - Generate And Incrementally Stream A ZIP Archive File On-The-Fly In Lucee CFML 5.3.7.47The other day, in the InVision Architecture Office Hours meeting (which is, by far, my favorite meeting of the week), I was talking about how amazing it is that GitHub allows you to download a ZIP archive file of any repository, despite the fact that some repositories are many Gigabytes in size. One engineer (I can't remember who) theorized that GitHub might be generating the ZIP on-the-fly and just streaming the response back to the browser. This concept tickled my curiosity, and I wondered if I could generate and stream a ZIP archive file on-the-fly in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3965-generate-and-incrementally-stream-a-zip-archive-file-on-the-fly-in-lucee-cfml-5-3-7-47.htm Blog - Ben Nadel - Using Both STORED And DEFLATED Compression Methods With ZipOutputStream In Lucee CFML 5.3.7.47 In yesterday's post about generating and incrementally streaming a Zip archive in Lucee CFML, I used the default compression method - DEFLATED - in the ZipOutputStream class. However, as I've discussed in the past, "deflating" images within a Zip archive can be a waste of CPU since most images are already compressed. As such, I wanted to quickly revisit the use of the ZipOutputStream, but try to archive images within the Zip using the STORED (ie, uncompressed) method in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3966-using-both-stored-and-deflated-compression-methods-with-zipoutputstream-in-lucee-cfml-5-3-7-47.htm Tweet - Luis Majano - Investment in ForgeBox@ortussolutions invested $30K into FORGEBOX in 2020 to help the #cfml #codlfusion community modernize =g forgebox.io Helps us by joining, supporting (patreon.com/ortussolutions), publishing, spreading the word! https://twitter.com/lmajano/status/1350119562105249792https://twitter.com/lmajano Blog - Ben Nadel - Using FrameworkOne (FW/1) Layouts To Strip Whitespace In Lucee CFML 5.3.7.47At InVision, we use FrameworkOne (FW/1) as our ColdFusion / CFML web application framework. With FW/1, you can define a Controller, a collection of Views, and a Layout for a given feature-set. The Views get rendered and then "rolled up" into the Layout (optionally) at which point they are served to the client. Yesterday, I came up with a fun use-case for Layouts - I had to generate a View that had a lot of data on it (it was a report). So, in an effort to minimize the number of bytes that I was sending over the network, and to minimize the client-side DOM (Document Object Model) structure, I used the FW/1 Layout to strip out whitespace from the response. I had never used FW/1 in this way before; so, I thought it might make for an interesting demo in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3964-using-frameworkone-fw-1-layouts-to-strip-whitespace-in-lucee-cfml-5-3-7-47.htm Blog - Charlie Arehart - The next version of CF (after CF2021) is to be code-named Project Fortuna (not Athena)This a correction and expansion to news I shared here yesterday: first, the next release of CF will be code-named Project Fortuna, not Athena. I will explain that in a moment. Second and more useful, I can also share more here about what’s planned for the new release.https://coldfusion.adobe.com/2021/01/next-cf-version-code-named-project-fortuna/ Podcast - Working Code Podcast - Episode 005: Monoliths vs. MicroservicesMonoliths are bad! Microservices are good! These are the "obvious" truths that many engineers hold close to heart. So, why is it that I've been slowly merging some of my Microservices back into my Monolith? It turns out that a Monolith - like a Microservice - is a valid architectural choice that carries its own set of pros and cons. And, for me, my team, and our particular set of skills, the Monolith is proving to contain the right set of trade-offs.This week, the crew talks about my journey; why InVision started using Microservices in the first place; and, what made us realize that it was time to start pulling services back into the core Monolith. There are no hard truths here - only thoughtful, context-aware considerations.https://www.bennadel.com/blog/3963-working-code-podcast-episode-005-monoliths-vs-microservices.htm Blog - Ortus Solutions - ColdBox V6.2.2 ReleasedToday we released ColdBox v6.2.2 as a minor path. Please update if you are affected by the issues shown in the release notes.https://www.ortussolutions.com/blog/coldbox-622-released Blog - Charlie Arehart - Did you know there’s far more to the CF docs than just the CFML Reference?Are you making full use of the ColdFusion documentation?I see many people labor and suffer in their use of ColdFusion (or failing to take full advantage of it) because they tend to use search engines like Google to find information, only to be led often solely to the CFML Reference. That’s not all there is to the CF docs, folks! And you shouldn’t stop there. You wouldn’t try to learn a language from reading a dictionary, or put a tool together using only a parts list, would you?https://coldfusion.adobe.com/2017/11/did-you-know-theres-far-more-to-the-cf-docs-than-just-the-cfml-reference/ CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 78 ColdFusion positions from 45 companies across 43 locations in 5 Countries since July 1st 202014 new jobs this weekFull-Time - Sr. Software Engineer - ColdFusion/Java at West Palm Beach, - United States Full-Time - ColdFusion Developer at Costa Mesa, CA - United States Full-Time - ColdFusion Developer at Seattle, WA - United States Full-Time - ColdFusion Developer at Raleigh, NC - United States Full-Time - ColdFusion Developer at Atlanta, GA - United States Full-Time - ColdFusion Developer at United States - United States Full-Time - ColdFusion Developer at Austin, TX - United States Full-Time - ColdFusion Developer at Scottsdale, AZ - United States Full-Time - ColdFusion Developer at Irvine, CA - United States Full-Time - ColdFusion Developer at New York, NY - United States Full-Time - Adobe Coldfusion Programmer at Washington, DC - United States Full-Time - REMOTE ColdFusion Developer at Frederick - United States Full-Time - ColdFusion Developer at Toronto, ON - Canada Full-Time - ColdFusion Developer at Toronto, ON - Canada ForgeBox Module of the WeekCbi18n V2.0.0 by Ortus SolutionsThis module will enhance your ColdBox applications with i18n capabilities, resource bundles and localization. It supports traditional Java resource bundles and also modern JSON resource bundles.V2.0 includes a large contribution by Wil De Bruin. Release Notes: https://github.com/coldbox-modules/cbi18n/releases/tag/v2.0.0 Docs: https://coldbox-i18n.ortusbooks.com/https://www.forgebox.io/view/cbi18nVS Code Hint Tips and Tricks of the WeekStripe for Visual Studio CodeBuild, test, and use Stripe inside your editor.Stripe’s extension for Visual Studio Code makes it easy to generate sample code, view API request logs, forward events to your application, and use Stripe within your editor.A new Stripe panel in the activity bar provides easy access to code snippets for several languages, adds debug configurations, and extends the command palette with common developer workflows.https://stripe.com/docs/stripe-vscode https://marketplace.visualstudio.com/items?itemName=Stripe.vscode-stripe Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsBen NadelBrett DeLineCarl Von StettenCharlie ArehartDa LiDan CardDaniel GarciaDavid BelangerDidier LesnickiDon BellamyEdgardo CabezasErick HoffmanGary KnightGiancarlo GomezJan JannekJason DaigerJeff McClainJeremy AdamsJonas EricksonJordan ClarkJoseph LamoreeKai Koenig Laksma TirtohadiMario Rodrigues Matthew DarbyMatthew Clemente Mingo HagenPatrick FlynnRoss PhillipsScott SteinbeckShawn Oden Steven KlotzJohn Wilson - Synaptrix Yogesh MathurYou can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors★ Support this podcast on Patreon ★
