Modernize or Die® - CFML News for January 19th, 2021 - Episode 87

Gavin and Brad host this weeks episode. They discuss Lucee Vulnerability going public. They discuss CBi18n being released after several months worth of work. ColdBox v6.2.2 was also released this week. They also tell you about this month's Ortus Webinar. They also discuss 2 upcoming Online CF Meetups, and how to access last weeks Online CF Meetup. They give you an roundup of CFCasts Content Updates... including the What's new in ColdBox 6 Videos. They discuss VS Code Day and DevNexus, as well as discuss Ortus' tentative plans for the year, with multiple workshops, and conferences. They spotlight a lot of great blog posts, tweets, videos and podcasts, too many to list, so listen to the show. They announce some jobs from getCfmlJobs.com. They show off the ForgeBox module of the Week, Cbi18n V2.0.0 by Ortus Solutions - This module will enhance your ColdBox applications with i18n capabilities, resource bundles and localization. It supports traditional Java resource bundles and also modern JSON resource bundles. V2.0 includes a large contribution by Wil De Bruin. This week's VS Code Tip of the week is VS Code Day - Stripe for Visual Studio Code - Build, test, and use Stripe inside your editor. Stripe’s extension for Visual Studio Code makes it easy to generate sample code, view API request logs, forward events to your application, and use Stripe within your editor. For the show notes - visit the website https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-for-january-19th-2021-episode-87 Music from this podcast used under Royalty Free license from SoundDotCom https://www.soundotcom.com/ and BlueTreeAudio https://bluetreeaudio.com

2021-01-19 Weekly News - Episode 87

Watch the video version on YouTube at https://youtu.be/DHO_LXiFHII

Hosts:
Gavin Pickin - Software Consultant for Ortus Solutions
Brad Wood - Software Consultant for Ortus Solutions


Thanks to our Sponsor - Ortus Solutions

One way to say thanks back to Ortus Solutions, is to support CFCasts, which is releasing new content every week


Patreon Support

We have 33 patreons providing 61% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!
https://www.ortussolutions.com/blog/we-need-your-help




News and Events

Lucee Vulnerability now Public - Security researchers earn $50k after exposing critical flaw in Apple travel portal

Security researchers have earned a $50,000 bug bounty after uncovering a critical flaw in Apple’s travel portal.
Rahul Maini and Harsh Jaiswal were able to achieve remote code execution (RCE) by stringing together a string of vulnerabilities in order to exploit targeted domains.

Lucee in the sky with exploits
In a detailed technical write-up, Maini and Jaiswal explain how the early stage of their bug hunt narrowed their range of targets down to three hosts running on a content management system (CMS) which was back-ended by Lucee, a Java-based tag and scripting language used for web app development.
https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal
Apple RCE Write Up - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md



Cbi18n V2.0.0 Released

This module will enhance your ColdBox applications with i18n capabilities, resource bundles and localization. It supports traditional Java resource bundles and also modern JSON resource bundles.
V2.0 includes a large contribution by Wil De Bruin.
Release Notes: https://github.com/coldbox-modules/cbi18n/releases/tag/v2.0.0
ForgeBox: https://www.forgebox.io/view/cbi18n



ColdBox V6.2.2 Released

Today we released ColdBox v6.2.2 as a minor path. Please update if you are affected by the issues shown in the release notes.
https://www.ortussolutions.com/blog/coldbox-622-released



Ortus Webinar - CommandBox Task Runners

Friday, January 22nd - 11:00 AM CDT (GMT -6:00)
Have you ever wished you could create command-line programs using CFML, perhaps to automate a task or handle some long-running process? With CommandBox Task Runners, you easily can! Join Grant Copley for this month's webinar, where we take a close look at this powerful tool within CommandBox and how we can use it alongside our applications.
with Grant Copley
https://www.ortussolutions.com/events/webinars



Online CF Meetup - "Communication Skills for Technical Engineers & Developers", with Mark Takata

Thursday, January 21, 2021
5:00 PM to 6:00 PM CST
No matter what language, framework or technical skillset you employ in your day-to-day work, the biggest differentiator among engineers, designers & developers is the ability to communicate and engage with end users, stakeholders and business analysts. In this talk, Mark Takata will cover how to improve your ability to communicate with those folks, become an asset for your team & company, and widen the available paths for your future career.
https://www.meetup.com/coldfusionmeetup/events/275712862/


Online CF Meetup - "Securing a ColdFusion Application with Fixinator & FuseGuard", w/ Pete Freitag

Thursday, January 28, 2021
11:00 AM to 12:00 PM CST
In this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.
https://www.meetup.com/coldfusionmeetup/events/275825925/



ICYMI Online CF Meetup - "CF AMA: Ask Me Anything", with Charlie Arehart and Dan Wilson

Thursday, January 14, 2021
11:00 AM to 12:00 PM CST
Join us for another CF “Ask Me Anything” session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever.
Meeting: https://www.meetup.com/coldfusionmeetup/events/275569910/
Recording: https://www.youtube.com/watch?v=KH8-FRUP_Sc



CFCasts Content Updates

What’s new with ColdBox 6 - https://cfcasts.com//series/whats-new-with-coldbox6
- HTML QuickStart
- Testing QuickStart
- Whoops

Send your suggestions at https://cfcasts.com/support



Conferences and Training


VS Code Day

Join the VS Code team and community at a live event just for VS Code users. Get a glimpse of things to come and meet the team who works on VS Code every day.
Watch live: January 27, 2021 from 8 AM to 10:30 AM PST
Re-stream (with live Q&A): January 27, 2021 from 8 PM to 10:30 PM PST
https://code.visualstudio.com/vscode-day



Devnexus

Join the VIRTUAL <dev/>olution
Feb 17 2021 - Online
https://devnexus.com/


Ortus Workshops - Dates coming soon

- Quick
- CommandBox Zero to Hero
- ColdBox Zero to Hero
- ColdBox Hero to SuperHero


Ortus’s Possible Conferences for 2021
Dates subject to change

Due to Online conference overload, we are thinking about not expanding the number of events, but more content in more timezones with a different format.

ITB - Developer Week Style??
With some European Timezone Friendly slots from our European Community Members
May 2021

ITB Latam
December 2021


More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/

Trying to get CFML on the list
https://github.com/tech-conferences/conference-data/issues/1837



Blogs, Tweets and Videos of the Week


Blog - Ben Nadel - Array.Sort() Operator Has Trouble With Return Values Between Zero And One In Lucee CFML 5.3.7.47
As it is documented, the Array.sort() method (and arraySort() function), when given an operator to execute, are supposed to return the values -1, 0, and 1 when comparing two values within the collection. Documentation aside, the .sort() method is actually much more flexible than that, allowing for almost any number to be returned. This is why we can implement our sort operator using math. However, playing fast-and-loose with the return value can result in funky edge-cases, such as accidentally returning a value that falls outside of the INT space. Last week, I ran into yet another such edge-case. Apparently, the Array.sort() operation does not like handling decimal values between 0 and 1, such as 0.345 in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3968-array-sort-operator-has-trouble-with-return-values-between-zero-and-one-in-lucee-cfml-5-3-7-47.htm


Blog - Ben Nadel - Escaping The Build Trap: How Effective Product Management Creates Real Value By Melissa Perri
Last week, in the InVision Architecture Office Hours meeting, Shawn Hartsell recommended the book, Escaping the Build Trap: How Effective Product Management Creates Real Value by Melissa Perri. I'm not a Product Manager; but, the way Shawn talked about the book - touting "outcomes" over "output" - it tickled my curiosity. So, over the weekend, I picked it up and gave it a read. And, I must say that I loved it. One the one hand, it gave me a lot more insight into what Product Managers do and how they operate within a company; and, on the other hand, it gave me a lot more insight into how company culture plays into effective product development. And, unfortunately, how a toxic company culture can stifle innovation and adaptation. It's a quick read - definitely one that I would recommend to any technology team that builds a product or a service for customers.
https://www.bennadel.com/blog/3967-escaping-the-build-trap-how-effective-product-management-creates-real-value-by-melissa-perri.htm


Blog - Ben Nadel - Generate And Incrementally Stream A ZIP Archive File On-The-Fly In Lucee CFML 5.3.7.47
The other day, in the InVision Architecture Office Hours meeting (which is, by far, my favorite meeting of the week), I was talking about how amazing it is that GitHub allows you to download a ZIP archive file of any repository, despite the fact that some repositories are many Gigabytes in size. One engineer (I can't remember who) theorized that GitHub might be generating the ZIP on-the-fly and just streaming the response back to the browser. This concept tickled my curiosity, and I wondered if I could generate and stream a ZIP archive file on-the-fly in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3965-generate-and-incrementally-stream-a-zip-archive-file-on-the-fly-in-lucee-cfml-5-3-7-47.htm


Blog - Ben Nadel - Using Both STORED And DEFLATED Compression Methods With ZipOutputStream In Lucee CFML 5.3.7.47
In yesterday's post about generating and incrementally streaming a Zip archive in Lucee CFML, I used the default compression method - DEFLATED - in the ZipOutputStream class. However, as I've discussed in the past, "deflating" images within a Zip archive can be a waste of CPU since most images are already compressed. As such, I wanted to quickly revisit the use of the ZipOutputStream, but try to archive images within the Zip using the STORED (ie, uncompressed) method in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3966-using-both-stored-and-deflated-compression-methods-with-zipoutputstream-in-lucee-cfml-5-3-7-47.htm


Tweet - Luis Majano - Investment in ForgeBox
@ortussolutions invested $30K into FORGEBOX in 2020 to help the #cfml #codlfusion community modernize => forgebox.io Helps us by joining, supporting (patreon.com/ortussolutions), publishing, spreading the word!
https://twitter.com/lmajano/status/1350119562105249792
https://twitter.com/lmajano


Blog - Ben Nadel - Using FrameworkOne (FW/1) Layouts To Strip Whitespace In Lucee CFML 5.3.7.47
At InVision, we use FrameworkOne (FW/1) as our ColdFusion / CFML web application framework. With FW/1, you can define a Controller, a collection of Views, and a Layout for a given feature-set. The Views get rendered and then "rolled up" into the Layout (optionally) at which point they are served to the client. Yesterday, I came up with a fun use-case for Layouts - I had to generate a View that had a lot of data on it (it was a report). So, in an effort to minimize the number of bytes that I was sending over the network, and to minimize the client-side DOM (Document Object Model) structure, I used the FW/1 Layout to strip out whitespace from the response. I had never used FW/1 in this way before; so, I thought it might make for an interesting demo in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3964-using-frameworkone-fw-1-layouts-to-strip-whitespace-in-lucee-cfml-5-3-7-47.htm


Blog - Charlie Arehart - The next version of CF (after CF2021) is to be code-named Project Fortuna (not Athena)
This a correction and expansion to news I shared here yesterday: first, the next release of CF will be code-named Project Fortuna, not Athena. I will explain that in a moment. Second and more useful, I can also share more here about what’s planned for the new release.
https://coldfusion.adobe.com/2021/01/next-cf-version-code-named-project-fortuna/


Podcast - Working Code Podcast - Episode 005: Monoliths vs. Microservices
Monoliths are bad! Microservices are good! These are the "obvious" truths that many engineers hold close to heart. So, why is it that I've been slowly merging some of my Microservices back into my Monolith? It turns out that a Monolith - like a Microservice - is a valid architectural choice that carries its own set of pros and cons. And, for me, my team, and our particular set of skills, the Monolith is proving to contain the right set of trade-offs.
This week, the crew talks about my journey; why InVision started using Microservices in the first place; and, what made us realize that it was time to start pulling services back into the core Monolith. There are no hard truths here - only thoughtful, context-aware considerations.
https://www.bennadel.com/blog/3963-working-code-podcast-episode-005-monoliths-vs-microservices.htm


Blog - Ortus Solutions - ColdBox V6.2.2 Released
Today we released ColdBox v6.2.2 as a minor path. Please update if you are affected by the issues shown in the release notes.
https://www.ortussolutions.com/blog/coldbox-622-released   


Blog - Charlie Arehart - Did you know there’s far more to the CF docs than just the CFML Reference?
Are you making full use of the ColdFusion documentation?
I see many people labor and suffer in their use of ColdFusion (or failing to take full advantage of it) because they tend to use search engines like Google to find information, only to be led often solely to the CFML Reference. That’s not all there is to the CF docs, folks! And you shouldn’t stop there. You wouldn’t try to learn a language from reading a dictionary, or put a tool together using only a parts list, would you?
https://coldfusion.adobe.com/2017/11/did-you-know-theres-far-more-to-the-cf-docs-than-just-the-cfml-reference/



CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 78 ColdFusion positions from 45 companies across 43 locations in 5 Countries  since July 1st 2020

14 new jobs this week

Full-Time - Sr. Software Engineer - ColdFusion/Java at West Palm Beach, - United States
Full-Time - ColdFusion Developer at Costa Mesa, CA - United States
Full-Time - ColdFusion Developer at Seattle, WA - United States
Full-Time - ColdFusion Developer at Raleigh, NC - United States
Full-Time - ColdFusion Developer at Atlanta, GA - United States
Full-Time - ColdFusion Developer at United States - United States
Full-Time - ColdFusion Developer at Austin, TX - United States
Full-Time - ColdFusion Developer at Scottsdale, AZ - United States
Full-Time - ColdFusion Developer at Irvine, CA - United States
Full-Time - ColdFusion Developer at New York, NY - United States
Full-Time - Adobe Coldfusion Programmer at Washington, DC - United States
Full-Time - REMOTE ColdFusion Developer at Frederick - United States
Full-Time - ColdFusion Developer at Toronto, ON - Canada
Full-Time - ColdFusion Developer at Toronto, ON - Canada



ForgeBox Module of the Week

Cbi18n V2.0.0 by Ortus Solutions

This module will enhance your ColdBox applications with i18n capabilities, resource bundles and localization. It supports traditional Java resource bundles and also modern JSON resource bundles.

V2.0 includes a large contribution by Wil De Bruin.

Release Notes: https://github.com/coldbox-modules/cbi18n/releases/tag/v2.0.0
Docs: https://coldbox-i18n.ortusbooks.com/

https://www.forgebox.io/view/cbi18n



VS Code Hint Tips and Tricks of the Week

Stripe for Visual Studio Code

Build, test, and use Stripe inside your editor.
Stripe’s extension for Visual Studio Code makes it easy to generate sample code, view API request logs, forward events to your application, and use Stripe within your editor.

A new Stripe panel in the activity bar provides easy access to code snippets for several languages, adds debug configurations, and extends the command palette with common developer workflows.

https://stripe.com/docs/stripe-vscode
https://marketplace.visualstudio.com/items?itemName=Stripe.vscode-stripe



Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Ben Nadel
Brett DeLine
Carl Von Stetten
Charlie Arehart
Da Li
Dan Card
Daniel Garcia
David Belanger
Didier Lesnicki
Don Bellamy
Edgardo Cabezas
Erick Hoffman
Gary Knight
Giancarlo Gomez
Jan Jannek
Jason Daiger
Jeff McClain
Jeremy Adams
Jonas Erickson
Jordan Clark
Joseph Lamoree
Kai Koenig
Laksma Tirtohadi
Mario Rodrigues
Matthew Darby
Matthew Clemente
Mingo Hagen
Patrick Flynn
Ross Phillips
Scott Steinbeck
Shawn Oden
Steven Klotz
John Wilson - Synaptrix
Yogesh Mathur

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors


★ Support this podcast on Patreon ★

Switch to Modernize or Die ® Podcast - SoapBox Edition - Switch to Modernize or Die ® Podcast - Conference Edition

Powered by

Music from this podcast used under Royalty Free license from SoundDotCom and BlueTreeAudio

© 2019 Ortus Solutions