posted under category: General on February 12, 2019 at 9:41 pm by Nathan
Popcorn post incoming. I'm kind of tired of seeing how non-mobile-friendly my web site is when I see it in google's search results. Also, I feel a little bit of blogging coming on. That, plus work having calmed down over the last few months, and I upgraded my PC at home, it just feels like the time to clean up a little bit and start typing more.
Did I mention that I'm on Hostek now? It's fantastic and very affordable! Such a great service, I highly recommend it! Better tools honestly encourage me to do more.
Speaking of... maybe I should upgrade my own little blogging software. This is an extension of the 2nd one I wrote, with a couple data migrations, some hacks and bug fixes, and hardcore caching thanks to a previous host I had with an unreliable database. Unfortunately the posting software is just the worst. Clearly I have the skills to do something great here. Some day I'll get to it.
Also, I'm about to remove my own commenting scheme (thanks, spammers) for a regular old Disqus comment system. That's happening in 3... 2... (probably by the time you read this).
So yes, I'm mobile friendly, finally, about 5 years later than I should have been. Flexbox layouts are so stinking simple! I noticed my last post said I was hacking on UWP apps. Thankfully that chapter closed! I'm back on the web, grateful to be doing the kinds of things I want to do.
posted under category: dotnet on November 14, 2017 by Nathan
I'm working, nearly full time, on a Windows 10 UWP application these days. Strange, right? How many people do you know who are doing that? I bet it's not many.
Historically, my company has been a pretty strong Microsoft shop. That, plus we didn't have a true mobile strategy, left us with Windows 8/10, but on smaller devices, so it's mobile.
Oh! Mobility. Why can't we just make a web app? Let me back up.
The fuselage of the Dreamliner 787 is pure carbon fiber. It's an amazing machine, built like no other. We create, all the way from carbon threads, a huge airplane with a handful of seams instead of the traditional aluminum plates all over. Carbon fiber doesn't give way as easily to fatigue, so they say a 787 airplane we make today could fly for the next hundred years and beyond (as if the design wouldn't be technologically outpaced far sooner). Another neat trait is that carbon fiber blocks more solar ionizing radiation than aluminum airplanes, making it safer for frequent flyers and crew members. The downside is that it also blocks other radio signals very well thanks to its otherwise awesome density.
So when we send someone into one of these beautiful airplanes to do some work, there's no WiFi, most likely no 4G, and sometimes we actually need software to work while the airplane is flying (shocking, I know). Applications on our mobile devices need to be able to be offline - occasionally connected. Throughout IT history, we've found that it's easier to force a signal or make a longer wire, but we have a unique case here.
HTML5 has great offline support. Some of the things you can do are quite astounding in an offline mode, but browser limits tend to get in the way. Specifically, the limits of offline storage mean there are only so many pictures we can take and data we can collect in our mobile apps before forcing a connection. Last I checked, most browsers top out at 20 MB. Also, the Media APIs and various offline and client-side data storage mechanisms are still not stable enough or cross-platform enough to be viable enterprise solutions. Plus, internet explorer is still a thing. Ug!
So we're building a UWP app, and it's the right choice.
Googling it, however, you won't find many people doing the same. There are plenty of stackoverflow questions about WPF and XAML, but those are most all from the pre-Universal Platform days.
There are a few frameworks out there, and the Windows store has a slowly growing number of apps. It's not really that no one is doing UWP, it's really just that's it's a small community with a quieter online presence.
Maybe the Universal world is still just growing. The technology is fairly new so not everyone is on board yet. Then again, maybe the platform is far too immature to choose. We are finding out the hard way that the cutting edge tends to break skin now and then.
Recently, I found that MSTest is completely broken in Visual Studio 2017. How is anyone going to test their code if the first party framework is a non-starter? The runner up is xUnit, which works but only runs in a UWP application window. Both of those choices have the major downside of not working headlessly - they can only run from a Windows 10 PC and will not work on an integrated build server of any type because they both need a window to pop up.
We've also had debugging problems since the beginning. You can hit F12 to follow a reference out of a XAML file, but you'll never be able to follow a reference into XAML. Also you lose app insights as you get closer to the UI. Then there are the false-positive errors any time a XAML file is open, where VS is convinced that something is broken in your code while it's actually perfectly valid.
So is it a chicken or an egg? Do these problems get fixed when more folks work with UWP, or is the world waiting for some of the major holes to get fixed before jumping on the wagon? Maybe it's neither and we should all stay away. Maybe it's both and it will never start.
Most likely it will take Microsoft 5-10 years to get it right, but by then, the next big platform will come out, full of bugs.
posted under category: dotnet on August 28, 2017 by Nathan
I like to be the smartest person in a room. I've perfected my expertise in CF development over the past 19 years, and I'm really good at it, but with technology marching on, I've found myself switching to C# .NET and Windows UWP app development. To say the least, things are different!
This is going to be sort of stream-of-consciousness, free-flowing thought. Brace yourself.
ColdFusion does a lot of things for you that just don't happen easily in .NET. CFSpreadsheet, for one, is something that's not accounted for at all, and a real detriment to my bottom line as far as getting things done for my customers. CFDocument and CFPDF are likewise completely absent, as is our beloved CFSearch. Many other things made simple in ColdFusion are just much more complex and require a lot more code and understanding in .NET, like caching, sending email, ORM, web services, and much more.
Everything in Dot Net land has a nearly-catchy name, and frankly, that's frustrating when you don't know what all their names mean. Entity is the ORM, fine, but Kestrel the web server is odd. Then there's the barrage of web frameworks: ASP.NET WebForms, ASP.NET MVC, the Razor template engine, ASP.NET Web Pages, and Razor Pages. Then the desktop family, WinForms, XAML, WPF, and UWP. That scratches the surface, but barely. Maybe my challenge is because many of the names are so similar, like .NET Framework vs .NET Core.
It's not even the object-oriented design that makes things difficult, either. While many of my CF colleagues are happy with procedural web applications, I've had my hands full with OOP in ColdFusion for 15 years, but I was pretty strictly modeling business domain objects and MVC pattern objects, whereas in .NET, I have a lot more low-level objects just to accomplish many of the same goals.
The C# language really is first class. It's been designed very well. Some of the more advanced features are still beyond me. There are a lot of things I can read, but not yet write, much like my Spanish skills. Have you ever tried reading a magazine or newspaper written in Spanish? Oh, I highly recommend it just to get some practice in language parsing. Thanks to our Latin roots, it isn't too hard to work through some, until you came to a word that just doesn't match, like "gatos." Is this article about alligators? No, it's about cats. It just takes time to learn all the specifics before you really understand what's going on.
PascalCase has been an annoying adjustment, but it's well thought out and the style guide is pretty clear. On the other hand, naming things on this new platform is especially hard. Is it a gateway or a repository? Everybody keeps trying to call things a "Helper", like the "SettingsHelper" in the Xaml Template 10 library, and I keep explaining to everyone in the office that a "helper" is not a type of object in an object-oriented system. Neither is a sender, receiver, or really most verbs or words that end in "-er." Some of this is my personal struggle with teaching programmers on my team and fighting against bad practices used in popular public frameworks, but much of it is really about coming up with the best name for a thing, because there are so many more things you have to code in C#.
Some of my difficulty is transferring out of my Java thinking into .NET thinking. I was never a big Java guy, and I never wrote anything more than a few sample apps and a couple utilities, but the Java language thinking is ingrained pretty deeply in my head. I'll get through most of it after a while, right?
I've had to completely re-learn debugging. Much of that is because of my incidental transition away from web development. There's so much more code in C# just to do the same thing, and so many things go wrong. Even with breakpoints, sometimes my app just skips from one operation to the exit and doesn't give me any hints as to why. Then I call over literally anyone for help and they find and solve my problem within 30 seconds. It's been humbling.
Something tricky to figure out has been the async/await syntax and how that works, how it cascades through an application, and thinking through the problems it can create when we don't always know if tasks are working concurrently. That's actually been a fun challenge, and I feel like it's a preview into ECMAScript 2017.
I'm not a fan of the way much of our interaction with the framework is through public static methods. This is both ineloquent, for instance in comparing java.io.File to System.IO.File, and also creates confusion with developers. In this case, Java's File is something you instantiate with a path, and .Net's File is static methods you call with a path. Is a File an object, or a string path to the object? Are we supposed to design our APIs with public static methods and classes, or as composable objects? I'm internally conflicted on the whole thing, and I keep going back and forth on designs in my head.
And then there's MVVM. Oh boy, that's going to be a topic for another day.
There's a lot more to it, and I have more to say, so stay tuned.
posted under category: dotnet on August 18, 2017 by Nathan
Adobe's server technology has paid my bills since then. I've also blogged and tweeted and spoken at conferences, written open source and have been a good community member. You could say I've been a fan.
Still, no one can be a one trick pony in today's world. As chance would have it, my language of choice after CFML (and JS, so, I guess 3rd language) has always been C#. Here's a little story about how that happened.
First though, I have a lot of ColdFusion community members to thank for teaching and encouraging the rest of us the fundamentals of object-oriented programming. Thanks to all of you who spoke, blogged, emailed, and tweeted over the years! Without you, I would have been far less.
In 2002, I worked at a little startup in Arizona building targeted dating sites. The code I inherited was, let's just say, typed very quickly, maybe without thinking first. One Friday afternoon, the CEO rushed in and announced that ColdFusion is dead and we needed to rewrite all the sites. .Net was too new for him, so he decided classic ASP was definitely the best way forward. With protest, I bought a couple books and read them over the weekend so I could hit the ground running on Monday. Progress was slow and, honestly, the platform was awful! ASP with VBScript is a platform built by computer scientists, not web developers.
The next year, our CEO wanted a desktop alert app that would enable persistent connections to our dating sites so you can know the exact moment that someone likes your profile. We decided to build it in C#, which was still a little risky at the time for a widely deployed application. I used my knowledge of OOP to design and build some of the back-end and server communication libraries. That was my first real taste of C#.
C# became my hobby language. When I wanted a desktop util or a little toy, I built it in C#. For fun, I built a little WinForms app that let my wife upload photos to our web site - drag & drop, automatic resizing, write a caption and you're done! This was years before Facebook essentially took over the old family web site thing. I still use an app I wrote to correct certain file names, and another one to empty the temp folders on my hard drive. Sometimes I put a little thing together to parse big XML files or resize photos. You know, hobby stuff.
Years later at a different company, I had the task of speeding up our ColdFusion job that downloaded, cropped, and created the thumbnails of thousands of hotel photos for a reservation site. After exhausting all of our CF options, I decided to try it in C#. Instantly it cut a 12 hour job into 2 hours with better looking photos, then I used multithreading to cut it down to 20 minutes. I was hooked, even though ColdFusion still paid the bills.
My CF skills brought me to Boeing as I took over a very well designed OO application. Since then, I've had very few chances to do anything outside of ColdFusion until this year.
Earlier this year, my manager handed a group of us a UWP app. Yep let's just put the web developers into the desktop world! And that's that. I've jumped in with both feet, and I think I'm doing pretty well.
I'll have a lot more to talk about on this subject, coming as soon as I can type it.
posted under category: General on February 14, 2017 by Nathan
You want to travel to the Bahamas and you have to pick a web programming platform to take you there.
ColdFusion is a cruise ship with almost no other passengers. It's all inclusive. It's a smooth ride, but sometimes it docs 50 feet from the port and you have to swim the rest or book the last bit with Java.
Java is a full cargo ship. It's slow to get moving. You have a very safe room in the center of the boat but you have to catch any cargo containers if they fall on you. You'll get to Nassau, eventually, and it's safe because there are a lot of boats here in these shipping lanes.
ASP.NET WebForms is a yacht that drives backwards and only responds to events like when you run into a dolphin.
ASP.NET Web Pages is a very small yacht that tows the ASP.NET MVC yacht where all the parties are thrown.
ASP.NET MVC is a yacht with an iron hull. It sits heavy in the water, but it can clip along at a good pace and there are nice rooms. Many parts are actually designed well, and it should because it cost you a pretty penny.
Go is a navy destroyer. It's much faster than the published speed, but not very comfortable. Unfortunately, you only wanted to go on vacation. As you get on board, you unintentionally sign with the navy. You can't stop talking about how much you love it all.
PHP is a tug boat with tires tied to the outside. Why would you go to the Bahamas in a tug boat? It can get you there, but where is the bathroom? Everyone except Ruby is passing you and it seems like they're all having a better time.
Ruby is a beautiful steam-powered riverboat with a huge rotating paddle in back. Nothing matches its charm and luxury, but it's going to take you forever to cross the ocean in this, and it might just break on the waves. You hope for good weather and set out before finishing any seaworthyness work because it's already floating.
Python with Django is a sailboat with big white sails. If you know what you're doing, and you trim your whitespace sail in the correct position, you can get moving very quickly.
Python with Flask is a windsurfing board. It's basically a sailboat, but it's very basic. Extend it with a surfing kite to head out across the ocean.
Node.js is 370,799 tiny interconnected boats that let you walk to the bahamas. Only one person can move at a time. (Note, the NPM repository at this time has exactly 370,799 packages in it.)
CGI with C++ is an ocean row boat. It's a lot of effort but you're definitely going to get there, so long as you don't give up.
C is a life raft, deployed a few miles off of Miami. Good luck.
Assembly is a stick. You hold it over the water, hopefully the ocean will part. It's an older way of sea travel, granted, but if you know what you're doing, and you pointed it the right way, you can drive a ferrari to Nassau. Also, you question if anyone's really done this.
posted under category: ColdFusion on January 13, 2017 by Nathan
Many of you know me and where I work. If not, let's just say it's a big place with lots of smart people who all have their own motivations that generally align with making money. Over the past couple decades, we've had an increasing number of ColdFusion applications, mostly on the company intranet. At this point we have literally thousands of CF sites and apps, developed by hundreds of skilled and unskilled ColdFusion developers. We also have a heavy investment into server architecture to support this. It's not been cheap or easy to get here.
Why, then, did we make the decision to leave ColdFusion?
Over the past few years, our Enterprise Architecture department has been trying to reduce the amount of variation in applications around the company. It makes sense because having a more homogenous server and application architecture can reduce costs. So what did they pick instead? The new application infrastructure is going to be nothing but Java, especialy with Spring MVC, and ASP.NET MVC. That's it. Nothing else.
We know from lots of experience that neither Java nor ASP.NET is actually a cheaper solution because of the cost of IDE software and other various servers and components to match the functionality in ColdFusion. Also, a Java developer has a more demanding salary than someone who does a little more than HTML, or an analyst who dabbles in dynamic web programming. Long story short: We're not doing it to save money.
Are we dumping ColdFusion because of a rapidly shrinking talent pool? Maybe. It's hard to say because we haven't been hiring a lot of people over the past few years. However, if you've ever seen ColdFusion, you know it's essentially HTML-plus. CF's unbelievably low barrier to entry means anyone with HTML skills and 15 minutes of playing around can write CFML on their resume. Complex CF applications are something else, but are generally along the lines of any MVC application on another platform. Also, as I said, we already have hundreds of ColdFusion-literate people - we're not short for talent.
No, instead of all of this, we are moving away from ColdFusion because of Gartner's IT Market Clock for Programming Languages. I've read it - Gartner does a very strong analysis of the market as a whole from what information they can learn on the public internet. They check the job sites and question boards like StackOverflow, and they determined that ColdFusion is on the brink of obsolescence. In our proactivity, we are jumping off before it gets ugly.
So why are we moving away from ColdFusion? In a word: Gartner.
posted under category: General on March 21, 2016 by Nathan
Something that comes up from time to time is the idea of reusable software, and why can't we really reuse things that other people wrote. It's a mystery. Robert Glass, a programming legend who worked at my company (1965-1982) said this:
Reuse-in-the-small (libraries or subroutines) began nearly 50 years ago and is a well-solved problem.
Reuse-in-the-large (components) remains a mostly unsolved problem, even though everyone agrees it is important and desirable.
Now we like to think we're so much better off. Look at cave man. He can't reuse software. He can't even boil an egg. Look at us now. We have mechanical egg poachers and GitHub and NPM.
Using a library (jQuery, Bootstrap, React) is still "reuse-in-the-small." Bigger reuse means more homogenization, and all programmers have not-invented-here syndrome to some degree that usually teeters between healthy and unhealthy. We like our own software because we know how it works, we know how to fix it, and it works exactly how we want it. We don't like pre-written software that we can't control.
Living in the world of StackOverflow and GitHub, I believe that we can extrapolate Glass's statements even further. It looks like this:
amount of code reuse by the size of code being shared
That's why programmers lose their minds when they see something like Ruby on Rails that generates a working MVC app based on some database tables. Of course the reality ends up being something different, but you could almost hear the internet erupting with excitement back when Rails was first introduced.
Anyways, Glass's proverb remains true. Code reuse in small parts is solved. Code reuse on a large scale is wanted but still far off.
posted under category: IDEs and tools on March 17, 2016 by Nathan
Many years ago I read an article where someone put their linux-os home directory in source control - probably CVS at the time, this was a while back. He'd had it running that way for a long time, too, and could roll-back his desktop to last week, checkout the latest version on any new PC, throw away destructive changes, and save & commit beneficial changes. It got me thinking. Version control software isn't just for code, it's for any file.
Years ago, when playing Minecraft server admin for my kids, I came up with the idea to put their Minecraft world into Git. We could check in changes nightly, which would allow us to blow everything up and just roll back, or invite a destructive friend over and then undo everything he did. It also gave us the ability to clone the server into a local world when the server was too slow, play locally, then push progress back up to the shared server. And then there's branching - one child could go out and do stuff in another part of the infinitely generated world, then merge changes back on to the server if it worked out, or drop the branch if it didn't. It's brilliant. It ended up a little more work than anyone wanted to do, but the idea was there.
Recently, when researching backup software, I found two real categories of solutions for backups:
- Your backup is just a copy of your files on another server or drive, with no historical data integrity
- Your backup software in a database somewhere, but you have to use specialized software to retrieve your files
After searching for a while, I found bup. It's actually based on Git, which gives you the best of both worlds for backup software - a live, local copy of files that you can browse like any file, plus versioned incremental backups that you need a special client to retrieve. You can host it on a file share, and effectively, git-clone (technically bup-clone) to add another backup server.
I've no doubt that there are a million other potential uses, too. Version control software is not just for programmers and code!
posted under category: ColdFusion on April 18, 2015 by Nathan
In my rush to make unit tests on my work primary development application, I've been putting unit test files all over the place. I don't think this is necessarily bad, as I've been telling myself it's better to have unit tests in the first place. Certainly unorganized unit tests is better than no unit tests whatsoever. I have a somewhat organized unit test runner, and my tests all fall into a larger test suite that provides the illusion of organization, yet still the files themselves are not organized.
So what is the best method? Unit test files in the same package (CF term for a folder) as the files they are testing? Tests in a central location? Mixed in with the model? Outside of the application you publish?
My current mode of thinking is to pull them out into a separate project, sort of a "project-contrib" project, for things like documentation and unit tests that I need, but don't want to deliver to the production web server. What do you think? What's worked for you?
posted under category: AZCFUG on August 13, 2014 by Nathan
Did I mention I moved to Charleston, South Carolina? The move has kind of been the focus of my life for quite a while now, and it feels good to be coming down form the stress of packing up my whole family and moving them all the way across the nation. It's kind of a long story, but if you see me, feel free to ask.
And where might you see me?
Well one of the benefits of living on the Eastern Seaboard, and especially being in the Carolinas, is that Raleigh, where NCDevCon happens, is only an afternoon drive away! Yeah, I'm driving, and hopefully it will even be with some co-workers here from the airplane company.
I've heard a lot of great things about it NCDevCon. Dan and the group up there have been doing an awesome job for years now. I'm super excited, and it's only about a month away. See you there!
posted under category: Servers on July 25, 2014 by Nathan
The title says it. Thanks to that wonderful human being Steven Benjamin, I've got a much newer CF to play with. We're a couple versions back at work, still, so it's really nice for me to get actually new technology one in a while. Thank you Steven!
Update: New hosting company, making this the third one in a week (1-old host, 2-host that was lame, 3-new, working host).
posted under category: General on February 16, 2014 by Nathan
I'm moving. This year, The Boeing Company is relocating my family to Charleston, SC, along with an untold number of my IT compatriots in an effort to put like minded people in the same "centers of excellence."
Moving across the country has its challenges, even if all your expenses are paid. There are things I don't want to move, but I don't want to lose forever. These are things like couches, tables, yard tools, patio furniture and other non-unique things. It's stuff that's replaceable but I would hate to buy again.
I had this idea about how Craigslist can be like a storage shed that travels with me wherever I go. I can sell a couch in Phoenix, move to Charleston and buy a replacement couch for the same price. It may not look exactly the same, but the couch's value is identical and it probably matches the Charleston area more than its Phoenix counterpart. If I want to get a better couch, I just have to pay the difference - an upgrade fee.
Then, I began to realize this works even without moving across the country, and can also combat my hoarding tendencies.
Let's say you own a crib. It's nice and you don't want to lose it in case you have more children, but it's large and you don't really want to store an item as useless as baby bed when you don't have any babies. Put it in cloud storage; put it on craigslist. If you never need it again, you keep the money. If not, you spend the same money 3 years later to buy another crib that is just as nice.
This works especially well with electronics. Say you have a 1 year old notebook computer, but you won't need it for the next year, so put it in your cloud storage locker (yes, craigslist). Next year when you need it again, pay the exact same amount of money for a 1 year old laptop. Your first one is now 2 years old, but your cloud storage locker includes free upgrades while your items are in storage, so this one is a year newer.
Sweet, thanks cloud storage!
Stop holding on to your possessions. Sell them into the cloud and buy them back when you want them!
posted under category: Life Events on May 2, 2013 by Nathan
I will be at CF.Objective() and I hope I will see you there, too!
Here are the sessions that I have a good probability of attending. There are so many great ones, as usual, and most of these were hard decisions, so they are not set in stone. I'm just so excited to be going, I had to share!
Writing Secure CFML with Pete Freitag I keep hearing great things about Pete's security talks, and in previous years it was either in a time slot against something else I was interested in, or that I was talking for.
Go Node Without Code with Brian Rinaldi Node interests me in the way that I believe server-side JS is the future, but I think Node isn't the way to go, so Brian's talk sounds interesting.
Railo's Top 10 Developer Features with Mark Drew Railo always interests me, even though I don't run it anywhere in production.
ORM, noSQL and Vietnam with Sean Corfield Just like Sean always does, he pushes us to the edge of cool development practices & technologies.
Mura 6 for Developers with Steve Withington Steve is a big Mura fan, I'm betting this will be awesome.
How WebKit Renders Web Pages with Elliott Sprehn Because Google is amazing so everything Elliott talks about is like magic.
Semantic Markup with HTML5 by Christian Ready Don't know how much I'll learn, but I do love me some hypertexts.
How Groovy & Grails made me a better CF developer with Scott Stroz I've played with Groovy a bit but am curious about how to get into more.
Who let a bum into the kitchen with Nathan Mische I've heard about these quick dev server setup tools, but am unsure how or why, so this will probably be over my head, which I like.
Deep Dive: The ColdFusion 10 Scheduler with Rob Brooks-Bilson Something I plan to use soon, but mostly I just want to know more about it. I may skip out to Charlie's IIS8 session for the second half, not sure.
ContentBox with Luis Majano I'm interested to see what Luis has done here.
Git Workflows with Tim Cunningham I've done my homework but I always want to know more about how best to structure my Git setup. Not sure about this versus ElliottZ's second session. Or Brad Woods' Agile talk. Too many good ones in this slot!
Building Modern Web Apps with Adrian Moreno Sounds like a lot of things that I'm doing, I like to see how other people put it together.
Again, these are highly subject to change, and again, I'm excited!
posted under category: Life Events on May 1, 2013 by Nathan
If you are in the Adobe User Group Managers group, or the Adobe Community Professionals group (or any other related groups), then you know about "The Summit" we do every year. It's a free event Adobe does for us, we talk about the community, we talk about improving things, and then we have a party!
This year, the Summit is only a half day on the Sunday before MAX, and I will be there! I can't stick around for the conference, I don't have the time (but thanks to Megan for offering).
I'm driving my wife & kids across from Phoenix to L.A., on Sunday, for the Summit, then driving back on Monday. It's not so glamorous, but my kids haven't seen the ocean in a couple years.
So anyway, if you want to say "Hi" to me, you have like 6 hours. See you there!
posted under category: General on January 10, 2013 by Nathan
Let's talk movies and security for a minute. Obviously Hollywood has proven they don't know computers, don't know hackers and don't know security - they know fun stories and special effects, but there have been more awful portrayals of computing than good ones.
Single-factor authentication has been deemed bad form on the internet, and easily bypassed in movies. We have all seen where someone knows the password or cuts off a thumb for the fingerprint scanner. That's simply not enough security. In real life, most passwords in use are plucked out of the most used passwords lists. One single password is easy to guess, and it's obvious because people get their accounts 'hacked' all the time. Single-factor authentication is simply not good enough.
Two-factor authentication is better, but not perfect. Again, there are movies where voice and eye prints are stolen, or a password is guessed and a fake thumbprint is used. In reality, two-factor authentication comes around in the form of web sites that send you a text message or email when you first log in from a new device and you have to enter the code from that separate message. It is a huge step forward because now it's something you know (password) and something you have (access to the email or phone). However, if one account has been taken, how can you ensure a hacker has not also obtained access to your email? It's not foolproof, but it's much closer.
Three factor authentication means "something you know" (password), "something you have" (email/phone/badge/fob), and "something you are" (finger/eye/hand print, face scan, etc). If anyone in any movie actually used this, the bad guys would win a whole lot less. Think about it. You can't just take a finger with you because you need their password. Guessing the password and hacking their email account still means you are missing the physical person. Stealing a badge leaves you lacking as well.
In Monty Python and the Holy Grail, at the Bridge of Death over the Gorge of Eternal Peril, the bridgekeeper asks three very important questions. Let's look at them:
1. What is your name? In authentication terms, he wants "something you are."
2. What is your quest? Could be interpreted as "something you have" though, to be specific, this is something you do not have.
3. What is your favorite color? What is the capital of Assyria? Without a doubt, "something you know."
When you think of computing and movies, Monty Python has all of Hollywood beat. You heard it here first, folks.
posted under category: Software Quality on December 21, 2012 by Nathan
This year (2012, for posterity sake) my project at work took on an Agile methodology. Why? 2011 was a productive year, we made a lot of people happy with our software, but we had about three giant software releases for the whole year. These changes being so far between meant I could never know if what I was doing was going to work for everyone, and it also meant that, while the software was better tested, when there were bugs, they would have to work around them for months until we had the fix out.
Accelerating our release cycle to every two weeks meant that even if something was broken, it wouldn't stay broken for long. It also meant we had to be on top of our tasks a lot more, with a stronger focus on what we are doing today and what we will be doing tomorrow.
How did we do it? We initially decided on twice-weekly scrum meetings, just to say what we did and what we were doing next. This wasn't enough for the project manager, so we bumped it up to 4 times per week (the 5th day we had a regularly scheduled customer meeting). We began the year by listing all of our customers and all of their existing and upcoming tasks, including our own nit-list (like upgrade the database version, wash the dishes, support the new manufacturing system, etc). This is our backlog. We worked with our customers to set a priority on each item, then planned a sprint strategy, taking tasks with the highest priority and mixing them with the most pressing deadlines. Throughout the year we tracked new business and requests into an issues log, promoted items from our backlog into workable sprint items, and we got a lot of things done that way.
We did learn some lessons though. First, daily scrum meetings are great, but when our customer gets involved (and he loves to be involved), he tends to ask questions mid-update, slowing the scrum to a crawl, turning what should be a 5 minute meeting into a 45 minute meeting. We should really cut that out. Also we have the need for a system that will take a customer feedback and track it through an official change request to a prioritized backlog item, to an in-work task, to a bullet point on our release notes. There are things that almost do this, but usually require something custom for the customer feedback part at the very least, and so few of them have been 'blessed' for use within my company. Also we have some release systems that do not play well with Agile. One system that notifies the help desk about outages and work in the area takes an hour to fill out each time we do a production release. Another system we may be forced to use requires a gated software version validation process that will take a day's worth of paperwork for each release.
The worst downside though is that it sucks my energy. I have to be on task a lot more, which has meant less blogging and less tweeting. That's sad for me.
In summary, twenty-five software releases on our two-week sprint cycle, less stress on the development, more pressure on the project manager, and happier customers. All-in-all, it has been a successful experiment that I think we will continue with.
posted under category: ColdFusion on May 30, 2012 by Nathan
Ten years ago today, ColdFusion 6 was released.
Affectionately named CFMX, this sixth major release was a full rewrite out of a C++ core and into a Java EE core. ColdFusion would now be deployed on JRun for the next decade, the formerly current J2EE server, also from Allaire. Other major features were CFCs (ColdFusion Components), enabling an object-oriented programming style that has largely taken over in the CFML-writing community, also web services, native XML abilities, a new charting engine to replace the outdated C-based graphing engine, a new security system, and full support for internationalization and localization. This was a giant fundamental shift for the hundreds of thousands of ColdFusion applications in the wild, and was largely backward compatible.
Cheers to you, Macromedia employees, who pulled off an incredible technological jump, one decade ago, today. Thanks for indirectly employing me, all these years.
posted under category: General on April 8, 2012 by Nathan
Here's a note to say that Dopefly is back up. It's been about 3 weeks. Yeesh, awful, I know. Now I'm back up on MySQL, so please drop me a note if you see anything broken around here. A rewrite and redesign is in the works, and may be out sooner than you expect.
Sorry to everyone who missed the content, and especially to Mike Henke who linked my post about actually understanding closures in ColdFusion 10 from The ColdFusion Show.
Update: Looks like auto-incrementing PK columns didn't make the migration to MySQL from SQL Server, so I'm going to guess that comments won't work. This post took a lot more work to get published than it should have.
posted under category: Life Events on March 16, 2012 by Nathan
We're having a hosting change, so expect Dopefly to be down for a couple days while we get it sorted out. Also the azcfug.org site will be down and a few other sites we have hosted here. Thanks to my friend Steven Benjamin for finding us a new home!
posted under category: Software Quality on March 13, 2012 by Nathan
A discussion erupted recently, on one of the various discussion groups i subscribe to, about deprecated features that are not really deprecated but more like, not encouraged when thinking about future applications moving forward in development time.
It's hard to explain in a definition, so a case in point is needed.
The Application.cfm file is a ColdFusion construct as old as I can remember. It's not going away, but it is essentially feature complete.
More recently, ColdFusion has given us Application.cfc. The capabilities that gives us are far above and beyond what a had previously, and developers are encouraged to upgrade their applications or at least use Application.cfc in their next projects.
In this case, Application.cfm has been socially deprecated.
Here's another one: Fusebox. It's not a language feature so much as a framework, but if your application uses Fusebox, your program is socially deprecated. Now my friend John is bringing it back, but for the past 5 years, if you have started a new app with Fusebox, you used a socially deprecated framework and your "cool kids" card has been revoked.
using socially deprecated features and frameworks puts your application at risk for falling into technical debt. It's a slow roll down a long hill that will show in bugs that are never fixed, areas of the application that everyone avoids because they are afraid of causing errors, and eventually, lack of knowledgeable developers which will leave you stranded.
The way to avoid social deprecation is to keep engaged with the developer community. Read the blogs, engage in the discussion groups and visit the user groups.
Can you think of anything else that's socially deprecated? I can think of a bunch of things. CFUpdate. Prototype.js. Old stylized code like capitalizing tag and attribute names. Php. Internet Explorer. CFPod. The list goes on and on.