Modernize or Die® - CFML News Podcast for January 24th, 2023 - Episode 181
Gavin Pickin and Brad Wood host this week's CFML News Podcast
They discuss a the latest Java 8, 11, 17 and 19 releases, and a gotcha you might not realize with the Oracle JDK installers.
Webinars / Meetups and Workshops - Ortus Fridays back in January 2023 including Grant Copley talking about CBWire as well as a poll on the Ortus Community site for an upcoming CFCasts series on CBWire.
Conferences
They updated everyone on CF Summit Online. Including links to previous videos.
They discussed upcoming conferences including VueJS Nation, VueJS Amsterdam, VueJS Live, Dev Nexus 2023 and ITB 2023 and CFCamp 2023 dates as well.
They discussed what's new and coming soon with CFCasts.
They spotlight a lot of great blog posts, tweets, videos and podcasts, too many to list, so listen to the show.
They announce some jobs from getCfmlJobs.com and on the web.
They show off the ForgeBox module of the Week - CBSecurity - V 3.0.0 - This module will enhance your ColdBox applications by providing out-of-the-box security.
This week's VS Code Tip of the week is - Markmap - Visualize your markdown in VSCode - Preview markdown files as markmap
They talked a little information about perks for their Patreon supporters, including Annual Memberships with a discount... and now new perks like the BoxTeam Slack Channel and live streams.
For the show notes - visit the website
https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-podcast-for-january-24th-2023-episode-181
Music from this podcast is used under Royalty Free license from SoundDotCom https://www.soundotcom.com/ and BlueTreeAudio https://bluetreeaudio.com
2023-01-24 Weekly News - Episode 181
Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ
Hosts:
Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ
Hosts:
- Gavin Pickin - Senior Developer at Ortus Solutions
- Brad Wood - Senior Developer at Ortus Solutions
Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:
- Like and subscribe to our videos on YouTube.
- Help ORTUS reach for the Stars - Star and Fork our Repos
- Star all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github
- Subscribe to our Podcast on your Podcast Apps and leave us a review
- Sign up for a free or paid account on CFCasts, which is releasing new content every week
- BOXLife store: https://www.ortussolutions.com/about-us/shop
- Buy Ortus’s Books
- 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)
- Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes
Patreon Support ( amazing )
Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.
Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io
News and Announcements
New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023
Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)
https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023
Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Here's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)
Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or above
https://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs
CBWire Poll about a CFCasts Series
I’m in the planning stage of developing an ongoing video series for CBWIRE on https://cfcasts.com/. I have several ideas and would like to put it out to the community to vote what you’d like to see most. All series would feature 5-7 minute bit-sized videos posted regularly (probably weekly) until the series is finished.
https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513
New Releases and Updates
CBSecurity - V 3.0.0
This module will enhance your ColdBox applications by providing out-of-the-box security.
Now with a cool Security Visualizer too?
Change Log is packed - https://www.forgebox.io/view/cbsecurity#changeLog
Changed / COMPATIBILITY
- Dropped ACF2016
- Separated routes to it's own module Router
- COMPAT New JwtAuthValidator instead of mixing concerns with the JwtService. You will have to update your configuration to use this validator instead of the JwtService
- useSSL is now defaulted to true for all security relocations as the default
- Encapsulation of jwt settings from the ModuleConfig to the JwtService
- CBAuthValidator has been renamed to just AuthValidator this way it can be used with ANY authentication service instead of binding it to just cbauth. This validator just relies on the IAuthUser interface now.
Added
- New AuthValidator now can validate permissions and roles according to our IAuthUser interface but can be used on ANY authentication service that implements IAuthService
- New authorization and authentication delegates for usage in cb7
- New ability for the firewall to log all action events to a database table.
- New visualizer that can visualize all settings and all firewall events via the log table if enabled.
- New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required.
- New global and rule action: block and the fireall will block the request with a 401 Unathorized page.
- New event cbSecurity_onFirewallBlock announced whenever the firewall blocks a request into the system with a 403.
- DBTokenStorage now rotates using async scheduler and not direct usage anymore.
- Ability to set the cbcsrf module settings into the cbsecurity settings as csrf.
- We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work.
- New rule based IP security. You can add a allowedIPs key into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs.
- New rule based HTTP method security. You can add a httpMethods key into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs.
- New securityHeaders configuration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more.
- Authenticated user is now stored by the security firewall according to the prcUserVariable on authenticated calls via preProcess() no matter the validator used
- Dynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encoded
- Allow passing in custom refresh token claims to attempt() and fromUser() and refreshToken() : refreshCustomClaims
- Added TokenInvalidException and TokenExpiredException to the refreshToken endpoint
https://www.forgebox.io/view/cbsecurity
Webinar / Meetups and Workshops
Ortus Event Calendar for Google
https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20
Ortus Fridays are back in Full Effect in 2023
- ICYMI - Ortus Office Hours - Jan 6th, 2023 - 11 AM CST
- ICYMI - Ortus Webinar - Jan 20th 2023 - CBWIRE Coding Session - Let’s build an app with CBWIRE with Grant Copley - 11 AM CST https://cfcasts.com/series/ortus-webinars-2023/videos/cbwire-live-coding-session-with-grant-copley
- Ortus Office Hours - Feb 3rd, 2023 - 11 AM CST
- Software Craftsmanship Book Club - Feb 10th, 2023 - 2 PM CST (Patreon exclusive)
- Ortus Webinar - January - CBWIRE Live Coding Session https://cfcasts.com/series/ortus-webinars-2023/videos/cbwire-live-coding-session-with-grant-copley
- ITB 2022 - All videos released to subscribers - 30+!!!!
- 2023 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2023-forgebox-modules-of-the-week
- 2023 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2023-vs-code-hint-tip-and-trick-of-the-week
Coming Soon
- Brad with more CommandBox Videos - 27!!!
- More ForgeBox and VS Code Podcast snippet videos
- CBWire Series from Grant - Fill out the Poll here https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513
- ColdBox Elixir from Eric
- Getting Started with ContentBox from Daniel
- Box-ifying a 3rd Party Library from Gavin
Conferences and Training
CF Summit Online
All the webinars, all the speakers from Adobe ColdFusion Summit 2022 – brought right to your screen. All sessions will soon be streamed online, for your convenience. Stay tuned for more!
ICYMI - LEVERAGING AI / COGNITIVE SERVICES VIA COLDFUSION
Michael Hayes
January 17 | 12:00 - 13:00 pm EST (1 hour)
Azure Cognitive Services is API that leverages AI and Machine Learning to provide capability such as Sentiment Analysis, Entity Recognition, Auto Translator, Text to Speech, speech translation, and many more. All this would be written in ColdFusion 2021 of course and a GIT repo of the code will be shared with the community. There may be a secondary package that will be shared that would convert PostMan / Swagger collections to ColdFusion for rapid development via API's.
https://www.youtube.com/watch?v=jM6YpCMs6jg
ICYMI - SPREADSHEET MAGIC
Kevin Wright
January 19 | 12:00 - 13:00 pm EST (1 hour)
Microsoft Office is the 'de facto' standard in most business environments. In this session we will look at different ways of integrating with one of the most used applications of the MS office suite, Excel. Come learn how to create, access and manipulate spreadsheets programmatically with the CFSPREADSHEET tag in ColdFusion. We will go beyond basic read and write features, and will delve into more advanced techniques like working with formulas and formatting, and creating multiple sheets. We will also look at examples of more complex types of spreadsheets by using lookups and even creating and embedding dynamic charts. FORMAT: Presentation with slides / live code review
https://www.youtube.com/watch?v=VAvTsqXZ2o0
OPPORTUNITIES FOR BLOCKCHAIN TECHNOLOGY AND NFTS IN THE REAL WORLD
Masha Edelen and Nick Juntilla
January 24 | 14:00 - 15:00pm EST (1 hour)
Understanding the value and practical use cases of Non-Fungible Tokens in modern business applications. Learn how to get started using the blockchain and building your Web 3 strategy.
Website for CF Summit Online
https://cfsummit-online.meetus.adobeevents.com/
VUE.JS NATION CONFERENCE
January 25th & 26th 2023
https://vuejsnation.com/
VUEJS AMSTERDAM 2023
9-10 February 2023, Theater Amsterdam
World's Most Special and Largest Vue Conference
CALL FOR PAPERS AND BLIND TICKETS AVAILABLE NOW!
https://vuejs.amsterdam/
VueJS Live
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/
Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
https://devnexus.com/
No Ortus speakers this year. :-(
Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!
Still time - call for speakers for the Into The Box Conference for 2023 is open until Jan 31st
https://www.intothebox.org/blog/into-the-box-2023-call-for-speakers
https://itb2023.eventbrite.com/
CFCamp is back
June, 22-23rd 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open!
https://www.papercall.io/cfcamp2023
https://www.cfcamp.org/
Even Ben Nadel was talking about busting out the passport
More conferences
Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda
Blogs, Tweets, and Videos of the Week
1/24/23 - Blog - Charlie Arehart - What's new in FusionReactor 9.2.0, released Jan 18 2023
If you're a user of the wonderful FusionReactor monitoring and observability solution (for ColdFusion, Lucee, Java servers and more), you may delight in hearing news of a new FusionReactor (FR) version. 9.2.0 was released last week, Jan 18, 2023.
https://www.carehart.org/blog/2023/1/24/whats_new_in_fr_9.2.0
1/23/23 - Blog - Charlie Arehart - Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Here's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)
Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or above
https://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs
1/21/23 - Blog - Ben Nadel - Does The Order Of Hash Inputs Matter In Terms Of Uniqueness And Distribution?
My initial implementation of the CUID2 algorithm for ColdFusion tried to stay as close as possible to the JavaScript version. As part of this algorithm, I hash together various sources of entropy in order to create a unique, collision-resistant value. Once I completed my initial implementation, I got to thinking: since the goal isn't to create a specific value but rather a random, unique value, does the order of the inputs to the hash actually have any bearing on the characteristics of the output? In other words, does the order of hash inputs make the hash more unique? Or, give it a more even distribution in a given space?
https://www.bennadel.com/blog/4394-does-the-order-of-hash-inputs-matter-in-terms-of-uniqueness-and-distribution.htm
1/19/23 - Blog - Ben Nadel - Comparing Java's MessageDigest To ColdFusion's hash() Function In Lucee CFML
Last week, I implemented a ColdFusion port of the CUID2 library. My version seems to work correctly; however, it has some performance problems when compared to the Java version. When I instrumented the ColdFusion component methods, nothing really jumped out at me. But, I have a hunch that I could make the SHA hashing more performant. Only, I don't have a great mental model for hashing. As such, I wanted to perform a small comparison of Java's MessageDigest class with ColdFusion's native hash() function for hashing a compound input.
https://www.bennadel.com/blog/4393-comparing-javas-messagedigest-to-coldfusions-hash-function-in-lucee-cfml.htm
1/18/23 - Blog - Ben Nadel - Using "continue" To Short-Circuit .each() Iteration In ColdFusion
Yesterday, I was refactoring some ColdFusion code to go from using a standard for-in loop to using an .each() iteration member method. The for-in version of the code had some short-circuiting logic that used continue statements to skip to the next loop iteration. And, when I refactored to using .each(), I forgot to change the continue keyword to be a return keyword. And, wouldn't you know it - the code worked anyway. This is likely a quirk, not a feature, of the CFML platform; but, I thought it would be fun to share.
https://www.bennadel.com/blog/4392-using-continue-to-short-circuit-each-iteration-in-coldfusion.htm
1/17/23 - Blog - Charlie Arehart - New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023
Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)
https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023
CFML Jobs
Several positions available on https://www.getcfmljobs.com/
Listing over 46 ColdFusion positions from 27 companies across 22 locations in 5 Countries.
2 new jobs listed this week
Full-Time - ColdFusion Developer at Remote - United Kingdom
Jan 18
https://www.getcfmljobs.com/jobs/index.cfm/united-kingdom/ColdFusion-Developer-at-Remote/11548
Full-Time - Senior ColdFusion Developer at India - India
Jan 17
https://www.getcfmljobs.com/jobs/index.cfm/india/Senior-ColdFusion-Developer-at-India/11549
Other Job Links
- There is a jobs channel in the CFML slack team, and in the Box team slack now too
ForgeBox Module of the Week
CBSecurity - V 3.0.0
This module will enhance your ColdBox applications by providing out-of-the-box security in the form of:
- A security rule engine for incoming requests allowing blocking, authentication, and authorization checks
- Annotation-driven security for handlers and actions
- JWT (JSON Web Tokens) generator, decoder, rotation, invalidation and authentication services
- JWT Token Storage in a cache or database
- Refresh and access tokens
- Ip Blocking, Host Blocking, and much more
- CSRF protection
- Security Headers for protection against ip spoofing, host spoofing, click jacking, ssl attacks, hsts, and much more
- Pluggable with any Authentication service or can leverage cbauth by default
- Basic auth capabilities with an internal user storage
- Capability to distinguish between invalid authentication and authorization and determine the process's outcome
- Ability to load/unload security rules from contributing modules. So you can create a nice HMVC hierarchy of security
- Ability for each module to define its own validator
Now with a cool Security Visualizer too?
Lots more to it - https://www.forgebox.io/view/cbsecurity#changeLog
https://www.forgebox.io/view/cbsecurity
VS Code Hint Tips and Tricks of the Week
Markmap
Visualize your markdown in VSCode
- Preview markdown files as markmap
- Edit markdown files in a text editor and the markmap will update on the fly
- Works offline
https://marketplace.visualstudio.com/items?itemName=gera2ld.markmap-vscode
Thank you to all of our Patreon Supporters
These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.
You can support us on Patreon here https://www.patreon.com/ortussolutions
Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.
- Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.
- All Patreon supporters have a Profile badge on the Community Website
- All Patreon supporters have their own Private Forum access on the Community Website
- All Patreon supporters have their own Private Channel access BoxTeam Slack
- Live Stream Access to streams like “Koding with the Kiwi + Friends” and Ortus Software Craftsmanship Book Club
- John Wilson - Synaptrix
- Tomorrows Guides
- Jordan Clark
- Gary Knight
- Mario Rodrigues
- Giancarlo Gomez
- David Belanger
- Dan Card
- Jeffry McGee - Sunstar Media
- Dean Maunder
- Nolan Erck
- Abdul Raheen
And many more Patreons
You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors
Thanks everyone!!!
Switch to Modernize or Die ® Podcast - SoapBox Edition - Switch to Modernize or Die ® Podcast - Conference Edition
Music from this podcast used under Royalty Free license from SoundDotCom and BlueTreeAudio
© 2019 Ortus Solutions