2023-03-30 Weekly News - Episode 189

Watch the video version on YouTube at https://youtube.com/live/TgmP20awQ1A?feature=share
 
Hosts: 

Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:

 
Patreon Support ( amiable ) - UPDATED GOALS

We have 41 patreons:

Goal 1 - 26% -  This goal would help us to fully fund the hosting of ForgeBox.io (www.forgebox.io), the ColdFusion software directory.
Goal 2 - 13% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.
Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.

https://www.patreon.com/ortussolutions.


News and Announcements

ICYMI: Critical Security Update for ColdFusion APSB23-25

From Adobe

https://community.adobe.com/t5/coldfusion-discussions/released-coldfusion-2021-and-2018-march-2023-security-updates/td-p/13649873

From Foundeo

Adobe has just published a security bulletin APSB23-25, and has released security updates for ColdFusion 2018 and 2021.

We recommend installing these update as soon as possible, because one of the vulnerabilities has been actively exploited by attackers already.

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-16.html

https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-6.html

HackMyCF has been updated to warn you if the hotfix is missing.

It is important to note that if you are on ColdFusion 11, or 2016 that it is possible that your servers could be vulnerable to at least one of these issue as well. However, because these versions reached end of life they are no longer receiving security patches from Adobe.
One thing you can do to mitigate one of these issues is to block requests containing a variable named _cfclient. Some of the filters in FuseGuard may help prevent some attack vectors when configured to. But the best solution is to upgrade to CF2018 or 2021 and apply the patch released today.
--
Foundeo Inc.

ICYMI - State of the CF Union 2023 Released

Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.
https://teratech.com/state-of-the-cf-union-2023-survey


New Releases and Updates

ICYMI - New CommandBox Goodies

OpenAI-powered ChatGPT has arrived for Ortus Documentation

We are pleased to announce a fun little project that our Patreon supports have been testing in private for a week or so. Ortus has rolled out our own OpenAI-powered chat bot, which is fueled by all of the documentation in our GitBooks! This behaves similar to the ChatGPT you’ve likely played with, but is custom loaded with all of our most recent documentation.

https://chatgpt.ortussolutions.com/

https://community.ortussolutions.com/t/openai-powered-chatgpt-has-arrived-for-ortus-documentation/9582

Adobe ColdFusion 2023 Beta now on ForgeBox

Adobe ColdFusion 2023's public beta is now on ForgeBox for you to test out in CommandBox servers or Docker containers. Use "cfengine=adobe@2023-beta" to start it up and ensure you're on the latest CFConfig.  Happy testing!

https://twitter.com/bdw429s/status/1638987316445446144


Webinar / Meetups and Workshops

Ortus Event Calendar for Google

https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.

Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.
https://www.ortussolutions.com/blog/coldfusion-summit-east-2023-mvc-training-workshop


CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

Conferences and Training

Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
Kubernetes, Java, Software architecture, Kotlin, Performance Tuning
https://devnexus.com/

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.
Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.
https://www.ortussolutions.com/blog/coldfusion-summit-east-2023-mvc-training-workshop

CFSummit East
Thursday, April 6, 2023
8:00am - 4:00pm
Wednesday 5th - Certification
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided
https://carahevents.carahsoft.com/Event/Details/341389-adobe
https://carahevents.carahsoft.com/Event/Details/344168-adobe

J on the Beach
Bringing DevOps, Devs and Data Scientists together around Big Data
May 10-12, 2023
Malaga, Spain
https://www.jonthebeach.com/
Ortus Profile: https://www.jonthebeach.com/jobs/54/Ortus%20Solutions

VueJS Live
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/

Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas -
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!
IN PERSON ONLY
Website launched: https://intothebox.org
https://itb2023.eventbrite.com/

VueConf.us
NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26
https://vueconf.us/

CFCamp
June 22-23rd, 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is closed
https://www.cfcamp.org/

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda


Blogs, Tweets, and Videos of the Week

3/18/23 - Blog - Michael Horne - Chromebook CFML development environment tutorial
This is partly an aide-memoire for me on setting up an environment for CFML development on a Chromebook. The specific Chromebook is a Lenovo S330.

My pre-requisite is that you’ve got a Lucee/ColdFusion application ready to go, although basically you could start from scratch with a simple index.cfm file wherever you eventually start CommandBox, but let’s leave that for later.

https://recantha.co.uk/chromebook-cfml-development-environment-tutorial/

Good guide for any Linux machine.

3/22/23 - Blog - James Moberg - Generate Sanitized Email Hash (as Integer)
While reviewing the logs of failed contact form submissions, I identified a couple email address variations that were exploiting some Gmail features in an attempt to bypass our filters. (Gmail has a "plus" feature and ignores periods in addresses.) A SQL query using REPLACE to remove all periods revealed that this comment form spammer had performed 279 attempts using 162 variations of their 15 character gmail username in an effort to circumvent our filters. We log the full email address that was posted and, when matching via SQL solely using the email addresses, it appeared as each email address was only used 2-4 times... versus the 279 obfuscated attempts.

To better identify & highlight abusers via SQL queries, an EmailHash (INT) column has been added to the database table. When searching or logging the email address, the value is sanitized (remove + string and . from the username) and then a java hashCode is generated. Using integers to join database records is much faster than using varchar and has lower storage requirements.

https://dev.to/gamesover/generate-sanitized-email-hash-as-integer-4n3e

3/22/23 - Blog - Ben Nadel - Russian Doll Content Wrapping With CFSaveContent In ColdFusion
In web development, the term "Russian Doll" is sometimes used to refer to content that is wrapped inside another piece of content of the same type. This is based on the Russian Doll toy (Matryoshka), which has a multitude of smaller toys contained within it. In the past, I've looked at using the Russian Doll pattern for error handling in Node.js as well as for error handling in ColdFusion. But, its value extends beyond just errors - I often use the CFSaveContent tag to build up a content payload from the outside in. And, I thought it would make for a nice example.

https://www.bennadel.com/blog/4431-russian-doll-content-wrapping-with-cfsavecontent-in-coldfusion.htm

ColdBox Layouts and Views!

3/23/23 - Discourse - Brad Wood - Is Using CommandBox to run Adobe ColdFusion sites safe in production?
There were some excellent questions asked on CFML Slack today, and I wanted to get the answers to them out on our community forum where they could benefit the larger community (and Google). In a nutshell, these were the concerns:

When I’m using CommandBox, am I really using “Adobe ColdFusion” or am I getting a “copy” of Adobe ColdFusion from the Ortus site?
We have an Adobe Support Contract and will Adobe provide support for my CommandBox installation?
CommandBox is not using Tomcat, but JBoss Undertow. Will it be capable of managing the load of a production site?
These are great questions, and one any Enterprise would want answered before committing to CommandBox. Let’s go through them categorically.

https://community.ortussolutions.com/t/is-using-commandbox-to-run-adobe-coldfusion-sites-safe-in-production/9581/1

3/29/23 - Blog - Ben Nadel - Getting FusionReactor User Experience Monitoring (UEM) To Play Nicely With Content Security Policy (CSP) In ColdFusion
For the past few days, I've been digging into some network latency issues on my blog. And, in response to some of my public messaging on the topic, David Tattersall suggested that I look into FusionReactor's User Experience Monitoring (UEM). Whereas FusionReactor's Java agent provides server-side insights and confidence, the UEM module is designed to shed light on the end-user experience (UX). After all, the server-side leg is only part of the journey. Getting UEM up-and-running is easy; but, out of the box, it doesn't play very nicely with my Content Security Policy. As such, I wanted to share how I got it working on my ColdFusion blog.

https://www.bennadel.com/blog/4436-getting-fusionreactor-user-experience-monitoring-uem-to-play-nicely-with-content-security-policy-csp-in-coldfusion.htm

CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 55 ColdFusion positions from 35 companies across 28 locations in 5 Countries.

2 new jobs listed this week

Full-Time - Senior Application Developer at Aurora, IL - United States
Posted Mar 24
https://www.getcfmljobs.com/jobs/index.cfm/united-states/SeniorAppDev-Aurora-IL/11559

Contract - Coldfusion Developer at Jacksonville, FL - United States
Posted Mar 24
https://www.getcfmljobs.com/jobs/index.cfm/united-states/CFDeveloper-Jacksonville-FL/11558

Other Job Links

There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

ChatGPT API

By Matt Gifford

A ColdFusion CFC to interact with the chatgpt API

Instantiate the core component chatgpt.cfc and pass in the required properties like so:

var chat = new chatgpt(
    apiKey = 'xx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
);
Example
Use chatgpt to create:

var resp = chat.chatCompletion(model='gpt-3.5-turbo',messages=[{"role": "user", "content": "Write me a poem about a summer day with popcorn and unicorns"}]);

https://forgebox.io/view/chatgpt


VS Code Hint Tips and Tricks of the Week

Grammarly

This extension brings Grammarly to VS Code.

Grammarly leads the industry in building AI-enabled services to help people communicate effectively every day. The words you choose can champion your voice, build connections, and spur your academic or professional growth.

Communication assistance with Grammarly means a consistent experience of robust, real-time feedback on your writing.

https://www.grammarly.com/
https://marketplace.visualstudio.com/items?itemName=znck.grammarly


Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Thanks everyone!!!

Homework