In this show Dave and Scott chat to Jason Dean (the ColdFusion bulldog) about XSS attacks and security. They also mention the release of Sean Corfield's FW/1 project to version 2.0, how to ask for help within a public forum, and how not to make a name for yourself within the community.
Direct Link: http://traffic.libsyn.com/cfhour/Show_127_-_Bagels_Security_and_Glass_Houses.mp3
Sponsor
A little bit about our sponsor. Ayera Technologies is, among other things, a ColdFusion hosting provider. Click the link below for an exclusive discount for CFHour listeners.
Ayera Technologies
http://www.ayera.com/hosting/coldfusion/?cfhour
Show Topic Links:
MonkehTweet is listed in Twitter Libraries page
https://dev.twitter.com/docs/twitter-libraries#coldfusion
FW/1 2.0 Released
http://corfield.org/blog/post.cfm/fw-1-2-0-released
The OpenCF Summit is back for 2012
http://www.opencfsummit.org/
Open BD Local
http://openbd.org/local/
Does Adobe really care about ColdFusion? Doubt it
http://alan.blog-city.com/cfml_whocares.htm
John C. Bland II - My response to ‘Does Adobe really care about ColdFusion? Doubt it’
http://johncblandii.com/2011/12/my-response-to-does-adobe-really-care-about-coldfusion-doubt-it.html
Buy Stuff
CFHour Store
http://cfhour.spreadshirt.com/
Dec 31, 2011 at 4:17 PM Thanx for the kind words about FW/1 and coverage of the 2.0 release!
Dec 31, 2011 at 4:28 PM BTW, I was not "part of" OpenCF Summit - I just happened to be a speaker there and enjoyed the conference immensely. I'd love to attend it again in 2012 but I have a personal conflict.
Jan 1, 2012 at 10:05 AM Wow,
I actually used to find these entertaining but seriously roughly 20 minutes of ranting ?
It's all so boring, some in the CF community cannot accept any form of negativity without losing their minds.
In the same way that Alan's blog post may have been controversial, who exactly benefited from this rant ?,
So Railo doesn't support ORM ?
Err it does, OpenBD actively doesn't I believe it is never likely to, because shhhhh It's not a silver bullet and the effort of implementation VS how many people in the community actually want it?
Open BD=Alan WIlliamson, really ? And you know this how ?
Open BD has like 6 users, again what complete rubbish,
The Razuna project which runs on openbd alone has had 60000 downloads.
Seriously, whether you agree with what Alan said or not rubbishing the efforts of a wider community is just dumb. Now i realise he hurt some feelings and I'm sure he's very sorry :-)
Does ColdFusion Server or Railo meet my business needs, No. Does OpenBD yes because it allows me to do things that I can't do on those platforms. Would I bash either of those no and I'd actively push people to Railo for certain use cases and there are instances when the Adobe server makes sense.
I'd encourage you to reach out to the Open BD and Railo projects to lose some of this clear bias.
A
Jan 1, 2012 at 5:05 PM Alex, several people have called Dave out over his repeated ignorant attacks on open source software. I even went on the show to try and educate him but he was back to the same old nonsense the next episode. I've barely managed to get thru any entire episode because of the uninformed, unresearched randomness of some of the content. Still, at least he and Scott are willing to step up and record their opinions for posterity and you can't criticize them for lack of enthusiasm :)
Jan 3, 2012 at 9:16 PM @Alex - sorry our rants hit a nerve. Have you spoken out about Alan's recent Adobe rant and his misleading information? Or how he took Ray Camden's quote and used it out of context? IF you have, I would be curious to see your comments.
Based on your comment here, is it a safe assumption that OpenBD only supports features that are 'silver bullets'? Given you gave that as a reason for OpenBD not supporting ORM, I am curious as to whether or not the 'silver bullet' criteria is used for any new features or bug fixes.
@Sean - I know we have had some bad shows, but Dave and I are constantly working on improving. That is one of the reasons why we brought Matt on board as producer and have been working on having guests on more frequently (for some reason, guests seem to keep Dave and I in check...usually). I think we have more 'good' shows recently than 'bad' ones.
One other thing to note is that not only are we willing to put our opinions 'out there', we, unlike some others *cough* Alan Williamson *cough*, actually allow (and encourage) comments, positive & negative, on our site.
Jan 3, 2012 at 9:30 PM I am curious, what business needs do you have can only be fulfilled by OpenBD and not ColdFusion or Railo?
I make no bones about the fact that I prefer ColdFusion. Nor will I be apologetic about that fact.
I have used Railo in the past, and will likely use it in the future. It is a good, solid product, run by people I respect (even if I disagree with them from time to time - and trust me, they have no problem with calling me out on stuff).
OpenBD? I have never used it. Never had a need. Never had a client request it. I cannot speak to the solidness of the product based on that fact. However, given that Alan Williamson is a member of the steering committee and that I strongly disagree with some of his positions regarding ColdFusion, I cannot, in good conscience ever recommend using OpenBD to a client - unless of course, I have business needs similar to yours that can only be solved by OpenBD and not any of the other available solutions (ColdFusion & Railo)
Jan 3, 2012 at 9:52 PM Well dang. I didn't expect to see these lovely comments this evening. Comments being what they are I would like to make some observations.
First, thanks for listening to the show.
I will contest to the fact that not everyone will agree with our opinions on the show. That is just the way it goes. Just like I may not agree with the comments to the show. I feel that everyone is entitled to their opinion.
Thanks,
--Dave
Jan 3, 2012 at 10:51 PM I can think of several "unique selling points" for OpenBD, even tho' I don't use it myself. It has an extremely small footprint, making it great for bundling into other solutions, and it alone of the CFML engines runs on Google App Engine with native integration with several Google services.
@Scott (and Dave), my main frustration with the show is the obvious lack of research and preparedness - which has a tendency to degenerate into uninformed rants about things. You're right - there are good shows and bad shows but, c'mon guys, your listeners deserve more! Either know your facts or make it clear you don't know - don't just rant and spread misinformation. You're both better than that. You're both smart guys. The podcast is a great opportunity to educate and encourage people.
What's the #1 complaint about CFML? It's not as popular as other technology. What's the #1 reason most people give? CFML has no great open source applications. I won't say that's the only reason, nor the most important, but even Adobe know it's an issue: that's why they started RIAForge and the product team know its still an issue. Instead of dissing open source on the show, perhaps you'd be doing your listeners a favor by at least being more informed about open source. Apache, Linux... Tomcat (which is replacing JRun), JBoss, MySQL, PostgreSQL... WordPress, Joomla, Drupal... Sure, there are zealots there but becoming a zealot against open source doesn't make you better :(
Jan 4, 2012 at 5:50 AM I should clarify something. I am not so upset by Alan's opinion, rather how he expresses that opinion. I try to keep an open mind (and admit I do not always succeed) but when you throw comments out like Alan did, purposely use quotes out of context and then do not allow people to publicly respond or rebut your comments, well, that tells me what kind of person you are and, quite honestly, I would rather not have anything to do with you or any organization that would make you part of their 'steering committee'.
Sean - I am not sure where we 'dissed' open source on the show recently (key word there is 'recently' - we are working on getting better) . Our recent rant was directed at Alan, and, since he is a member of the steering committee, OpenBD. Our ire was directed at one of the people driving an open source product, not 'open source'.
I love open source software. The server that hosts my blog is running linux, with MySQL on the backend and the blog itself is BlogCFC (I also host a couple or WordPress sites on that server). Recently, Ray has handed over the reigns to BlogCFC (arguably the highest profile CFML project out there) to me. So, as you can see, it would be silly of me to 'dis' open source when it is an integral part of what I use.
That being said, just because we may make less than kind remarks about a specific open source project, that does not translate into us being anti-open source. There are plenty of open source projects I love, and plenty that I hate. Just because something is open source, does not make it immune to criticism.
I don't think Dave or I are zealots against open source. I like to consider myself a zealot against zealotry. :D
Jan 4, 2012 at 9:22 AM Hi Scott,
Of course your entitled to your opinion.
Regarding Rays post if someone not on the OpenBD or Railo project posed the question of for what is significant $ is XYZFunction the best you got coming in 10 ? The community would have reacted exactly the same as we've seen it all before. So it isn't just about how things are said its as people that love ColdFusion we don't like having to defend it constantly.
The answer in reply to the post should be "we do care and we've got loads of cool stuff coming". Well show some exciting stuff then! Because I've seen nothing yet which actually meets Alan's post head on and says here we are put that in your pipe and smoke it :)
Re "Silver bullets" no I'm saying ORM is often regarded by some as a magic technology and therefore amazing! to be thrown at any problem involving a database, I have a difference of opinion and don't at present see the engineering effort to be worthwhile adding it to OpenBD.
Re your assertion that your rant was aimed at Alan not the wider project if it really was then no one would have bothered to call you up on it.
Cheers
Alex
P.S If you're excited about open source come to the OpenCFML event
Jan 4, 2012 at 9:26 AM Scott, I don't believe _you_ are anti-open source but I think that both you and Dave need to sit down and listen to show 127 as a listener would.
I agree that Alan Williamson posts some inflammatory stuff. He's said some outrageous things about Adobe and about the CFML community at large over the years. He does himself no favors and by association does OpenBD no good either.
However, responding by going off on a rant against OpenBD (saying it only has six users was childish and disses a community of users that haven't done a thing wrong) and then shifting to uninformed comments about Railo (which Jason - an ACP - corrected) as part of an expanded rant about open source and the people who devote large amounts of time and effort for free was just another one of many such attacks that Dave has initiated over the time cfHour has existed.
Why the negativity? Why does Dave feel the need to wander off into areas where he clearly doesn't know his arse from his elbow and spew such nonsense? It's so unprofessional and it really detracts from the value of the show. I was disappointed that you let yourself be drawn into Dave's rant...
Jan 4, 2012 at 10:17 AM Sean - I just re-listened to the part of the show where we discuss Allan's blog post - trying to listen from an 'outsider' stand point.
1. When we were talking about what is and is not supported in the different CFML engines, I did preface my comment about Railo's support of ORM with 'If I am not mistaken...'. Granted, I was mistaken, but I was not saying definitively that Railo did not support ORM. Splitting hairs? Maybe. It is a subtle, but important distinction.
2. As for the '6 user thing'..I was going for a joke...and it failed...miserably....I cringed both times I listened to that part. I realize those comments could be construed as disrespectful, and I apologize for offending anyone.
3. As for the rest of the rant, I am sorry, I think its pretty clear it was aimed directly at Alan, and aside from the '6 user' comments mentioned above there was really nothing negative said towards OpenBD. As a matter of fact, there were a lot of positive comments about open source. (note that at one point I said I think its disrespectful to call Railo an 'alternative' CFML engine - and I will admit I should have included openBD in there as well)
Jan 4, 2012 at 10:27 AM Thanx for taking the time to re-listen. Yeah, the "6 user thing" was... unfortunate. I think that the tone of Dave's comments makes it easy to take the rest as more negative than you intended it so I'll accept that _you_ didn't intend to sound so "anti" about the broader open source landscape.
As for the "alternative" CFML engine comment - I wasn't sure which way to take it. In the context of Dave's negativity (and some of the sleights against the OpenBD project), it could easily be taken as meaning you didn't think Railo was a viable alternative. Clearly not what you meant...
Perhaps when Dave next strays into open source territory, you can be more assertive in setting the record straight and educating him? :)
Jan 4, 2012 at 10:31 AM p.s. On point 1: if a well-informed Adobe Community Professional had not been there to correct your assertion, it would have been left on record and given listeners the wrong impression about that "alternative" CFML engine :)
I'm just saying that since cfHour is essentially "news media" for the CFML community, it behooves you to do more research and be better informed about what you tell your listeners. You have a bigger responsibility than just two CFers shooting the breeze in a bar.
Jan 4, 2012 at 10:32 AM Given the context and my past 'pot shots' at Railo, I can fully understand any confusion about my 'alternative' comment - it was not meant as a sleight and I was being sincere :D
If you can, give a listen to this week's show (which we are recording tonight) when its released - we will be discussing some points made in this comment thread and hopefully clearing up some misconceptions/misunderstandings.
Jan 4, 2012 at 10:34 AM Will do!
Jan 4, 2012 at 10:34 AM As for your p.s. - a valid point. Something that will be improved upon.
Jan 5, 2012 at 8:33 AM I love the idea of Dave/Scott going to the OpenCFML Summit. I am sure to save costs they could share a room with someone. I am kicking around going. Watching plane tickets.
Jan 5, 2012 at 8:35 AM Unless someone is willing to pick up my airfare/hotel/meals/etc. it isn't going to happen...not this year.
Jan 5, 2012 at 8:41 AM Same here.. Unless someone else is footing the bill I won't be there either.