Posts

1-9 of 9

Poll
Entry posted on Apr 18 by Denard Springle

Results of latest poll show the following topics of interest:

• UML (May presentation - presented by Larry Lyons at our May meeting)
• Ant & Task Automation
• Testing and mxunit (July presentation - presented by Denard Springle at our July Meeting)
• Advanced jQuery/AJAX techniques
• Caching (June presentation - presented by Denard Springle at our June meeting)

Packt Publishing Offers NVCFUG Members A Discount!
Entry posted on Jan 07 by Denard Springle

Thanks to the gracious generosity of Packt publishing they are extending a 15% discount to NVCFUG members for purchases on their website at http://www.packtpub.com/. See the full blog for further details.

NVCFUG Members may use the code: NVCF15ug to obtain their 15% discount during the checkout process by entering the code into the discount/voucher code area.

Security: Encryption, Obfuscation, Authentication and Rejection - Part 1
Entry posted on Feb 24 by Denard Springle

This series of articles will help you become more familiar with the use of the various ways in which you can secure data. Before we get into the nitty gritty of how to secure your data, it is important to first understand both why and when to secure your data.

I've started most discussion, talks and blog posts on this topic in the past with the same statement, and it is the same statement I will once again share here:

There is no such thing as a secure application. What can be done, can be undone. Period.

Having said that, however, let me follow it up with what securing [web] applications is really all about:

Adding security methodologies such as encryption, obfucation, authentication, rejection and access control decrease the surface area exposed to would be hackers.

What does this mean, really? The more layers of complexity you add to the exposed layers of your application the more unlikley it will be a) a target of a hacker and b) [fully] hacked if it is targeted.

So, let's take a moment in brief to discuss each of these methodologies and what they can do for you.

Encryption
For experienced application developers encryption is no stranger. Encrypted values have purposes above and beyond simply storing data safely, and combinations of encryption methods exponentially increase the complexity of the encrypted result.

For beginning developers, however, the use and purpose of Encryption, depending on their corporate standards, may be something simply glossed over or, at worst, unknown.

What kind of developer you are usually depends on one simple question... can I see the users passwords in your database in clear text?

Encryption, in it's most simple explanation, is the method of translating human readable information into non-human readable information by way of some (usually mathematical) manipulation.

So, for example, in the earlier centuries (let's say the 17th century - in England, for the sake of argument) when someone wanted to send a covert message to another person they would transpose or translate the existing text into other letters, numbers, symbols or some combination thereof using what was called a key.

Let us say we wanted to translate the word 'food' into a word that has no relation to the word food and, for all intents and purposes wouldn't be understood as 'food' by anyone without possession of the key.

Let's say that the letter 'f' should be turned into the letter 'w'.

Let us further say that the letter 'o' should be turned into zero (0).

And, finally, let us say that the letter 'd' should be turned into the letter 't'

so, our key would be:

w = f
0 = o
t = d

and the text 'food' would be 'w00t' when we penned it on our parchment before sealing it with wax and sending it off by horseback to our nearest allies.

Even if our horseman was caught, tortured and killed (poor horseman)... without the key, or an alarming sense of wit, determination and intelligence, anyone attempting to decipher the covert message would find it to be, at worst, impossible, and at best a highly daunting and time consuming task.

Over the years, many methods of encryption have been invented and used around the world to protect messages in all their forms. Some have been relatively low-tech - the use of native american indians to speak their native (and unknown to the enemy) language for communicating on open airwaves during the war, for example.

Modern methodologies have grown more and more complex as our technology has gotten better, faster and more capable of executing complex mathematical equations quickly.

In Coldfusion land you have many, many encryption methodologies to choose from, depending on either your version of Coldfusion (with 8 and 9 supporting more methods than 6 or 7) or your level of effort (Sun's JCE,  and other cryptographic service providers (like Bouncy Castle) can easily be installed on CF7... see the technote ).

We'll cover the Coldfusion specific aspects later, but now let's talk about why you would want to use this handy functionality. It can all be summed up nicely in three words:

Personally Identifiable Information

Or, PII for short. What is PII? Names, addresses, birthdates, medical (or any other kind of) history, phone numbers, email addresses, social security and credit card numbers (though the latter is not wise to keep in any database, encrypted or otherwise), etc. Any information which *could* be used in any *harmful* way against another human being should fall under the category of Personally Identifiable Information (blog posts and stupidity not withstanding).

Application security that generously uses encryption throughout its design creates a much more secure application as well. Sending critical information in a form or on the url? Encrypt it first and decrypt it on the receiving page.

I'll dive pretty deep into Encryption in my next part of this series, but for now let's move on to our next topic.

Obfuscation
The dictionary defines obfuscation as: to be evasive, unclear, or confusing. Obfuscation is the practice of hiding things in plain sight. A real quick example is the use of an MD5 hash to pass variable names on a form or url, and a more complex example would be using that same hashing to pass column names in a database. How is this evasive, unclear or confusing? Well, let us say you normally pass things like this on your URL:

myFile.cfm?user=5&sugar=true&spice=true&everything_nice=true

Any would be hacker might infer (and most likely be accurate) that the user id of the currently logged in user is '5'. Depending on your application and what effects the remaining fields have on the outcome of the business logic behind them, a hacker might at least attempt to break the code or otherwise hack the site using combinations of values. For instance, I might be tempted to try:

myFile.cfm?user=6&sugar=false&spice=true&everything_nice=;INSERT INTO users (username, password) VALUES ('hacker','0wn3d!');

Let us assume that this page erroneously uses the user id passed into it to set a request variable that defines the current user. At worse, suddenly, I'm whoever user id #7 is and now have an authenticated session to do as I choose with that users account.

Let us further assume that sugar, spice and everything_nice are used as some funny way of passing along the gender of the user - all set to true the presumption is the user is a female (being they're made of sugar, spice and everything nice) - any falses assumes a male.

Let us further assume that your page has an unprotected select statement that checks for the value of 'everything_nice''. Viola! I cause an error, but run the chance of inserting a user into your database using some pretty common naming conventions. I already know you're not using encryption or obfucation on the URL so will assume none is being used on the backend either.

Let us further assume that you've taken the extra steps to protect against SQL injection in your application, however the security of your SQL server itself can be easily compromised. Again, the hacker already has an id of '5', so they can simply go looking through the compromised database to find all the information on that, or any other, user.

So, how to solve this problem?

myFile.cfm?#Hash('user','MD5')#=5&#Hash('sugar','MD5')#=true&#Hash('spice','MD5')#=true&#Hash('everything_nice','MD5')#=true

or, after the output:

myFile.cfm?EE11CBB19052E40B07AAC0CA060C23EE=5&ADA15BD1A5DDF0B790AE1DCFD05A1E70=true&77F4DE0C4DB55DEC736561AC64C7EA6B=true&E069AE80F59380EB79CCE5B19296898C=true

Is this evasive? Yes. Is it unclear? Yes. Is it confusing? Yes. It is obfuscated.

Again, this is merely a brief introduction, I'll cover more on this topic in Part 3.

Authentication
My personal favorite topic. Authentication is the method by which you allow very access for individuals, computers or services.

I'm not going to go into a lot of detail in this article as the topic of authentication could be many articles all by itself. I will say I am not a fan of <cflogin>, never have been and, as far as I can tell with CF9, I still will not be.

I like granular control over the authentication process. I like using hashing and Javascript, cookies and CGI referrer's and domain validation and all sorts of things a proper authentication mechanism should do and which <cflogin> severely lacks (not to mention the memory and session issues it has).

There are many different stylers of authentication. Basic, Form Based Basic, NTLM/AD, Secured and Federated - not to mention Single Sign-On which is a variant of Federated authentication.

Basic authentication is the authentication you're being asked for whenever you log into a site and it throw up a javascript-ish looking 'username' and 'password' (and for NTLM Basic, 'domain') fields. The main caveat (though there are several) to using this security method is the username and password are sent in clear text on *every single request*. In short, if someone did manage to get a man in the middle attack going against you, it wouldn't take them long to sniff out a user/pass combo to use.

Form Based Basic authentication is the most widely used method by most web applications today, which is unfortunate for most web applications and great for hackers. For based basic authentication also sends the username and password in clear text, one of it's main caveats.

NTLM/AD authentication falls into a realm somewhere between Basic authentication and Secured authentication. From a web application perspective, NTLM/AD authentication is directory service authentication with all the enhanced security functionality of back-end (e.g. local) authentication using Kerberos keys, among other functions.

Secured authentication takes the extra step to use some kind of hashing routine to hash the password, and often the username, in Javascript through the browser before the data is ever transmitted to the backend.

Federated authentication goes a couple steps further than simple secured authentication, adding cookie, referrer or some combination of checks to ensure the user is logging into the website from the domain the site is hosted on. This stops most everyone from running a local application or a script from another website which hammers your website with brute force attacks, with a few exceptions.

Single-Sign On authentication is the methodology you would use to share the same login credentials for multiple web applications. This is handy for building applications in smaller units and then tying them together with a portal framework.

I'll cover authentication heavily in Part 4 of this series.

Rejection
We've already briefly seen an example of SQL injection earlier in this article - rejection is the methodology used to validate user input and reject (or parse out) any dangerous code which might be present. This includes SQL and Javascript injection. Just as you reject the things that do not meet your standards in your everyday life, so too must your applications reject anything non-standard in their everyday life.

Often it is handy to build a utility class (CFC, Component) in Coldfusion that shares the duties of trimming space from before and after the input, reformatting HTML special characters and eliminating unwanted inputs such as SQL and Javascript injection, among other handy repetitive FORM handler tasks. This component can be built generically enough that it can be reused throughout your application(s) for various [all] user input validations and is generally written to accept and return Struct's (e.g. FORM or URL, which are both structs).

I'll be breaking down how to write this utility class in Coldfusion and how to use it efficiently as both an input parser and a server-side validator in Part 5 of this series.

Access Control
When you talk about authentication, access control is usually a large part of the conversation. Implementing access control solutions, however, can take many forms and depends entirely on your understanding of the methodologies available to you and, more importantly, the requirements to which they will be applied.

Most ColdFusion developers are familiar with and comfortable using a role based approach. Anyone following the unfortunate guidelines of the <cflogin> evangelists at least learn one important concept - the concept of role based access control. While I do agree that IsUserInRole() is a nice function of ColdFusion, it is tied to an insanely inadequate and buggy <cflogin> construct. So, the best approach is usually to replace IsUserInRole() with ListFind() if you want to continue using a role based approach where you store the users roles as a list, in a varchar, in the database and then pull that list into the ListFind routine (as in: ListFind(MyList,MyRole) ). In the case of multiple roles, you simply use logical AND/OR as taste suites you (as in: ListFind(MyList,MyFirstRole) OR ListFind(MyList,MySecondRole) ).

Anyone with a hint of Unix, Linux, Apache or Cisco access control experience will know that flat files are another methodology of maintaining access controls. There are some drawbacks to using flatfiles for systems with a large number of users and/or a large number of roles however. Flatfiles are accessed and processed sequentially (this includes XML - though this is another discussion for later). So, the more users and/or more roles you have the larger the flatfile becomes and the longer it takes to read and process the access control for a specific user. Also, you have to use locking to ensure the files are not being appended to by more than one request at a time, and there are a few other caveats. However, for a limited number of users and roles, an XML file might be just the thing (though, please, make sure it is *not* in your web document directory or subdirectory - put it out of the reach of what you expose to the web!).

More complex access controls, dating back to the good ole days of rock 'n' roll and Commodore Vic-20's, are still viable and, often, faster than even the most modern methods. Bit manipulation, my favorite, and a function available to CF8 and up, allows for the use of a single byte to store multiple access levels per bit using positional math.

And, as a final note about access controls, it's not all about user access. Sometimes you have API's which you only want subscribers to have access to. Sometimes you have ColdFusion servers talking to other ColdFusion (or any other) servers and want to ensure only allowed servers can communicate. Access control can even go as far as ensuring applications only have access to and use specific pieces of it's whole, as in limiting your SaaS functionality - the easy way.

In Part 6 of this series I'll dive more deeply into these and other methods of access control and implementation.

And, finally, in the end I will sum up what you [should have] learned in the process and detail more clearly how each piece interacts and coordinates it's activity with the other pieces in Part 7.

Afterword
I intentionally didn't expose much code in this first article in the series as I feel it is just as important to understand why it is neccesary to take these measures as it is to understand how to do it, and these theories will help build a good foundation for the next several articles.

We're Back!
Entry posted on Oct 07 by Denard Springle

Dear NVCFUG members,

   I wanted to let you all know that I am taking the NVCFUG group back over on account of my replacement falling short of his promises and responsibilities to continue the group in my abcense. As such, I am making arrangements to return to the area once per month to host these meetings, with our next meeting to be scheduled for sometime in November, 2010. I'm still working on a venue for us to use, but as soon as I have one local to Fairfax, VA I will update this website with the latest details.

   The next group meeting will be on Securing Your Web Applications. This was a meeting I intended to hold earlier in the year that we didn't get through and I think there is a lot of valuable information to share with you on the many aspects of securing your applications including authentication mechanisms, encryption, obfuscation, SQL and javascript/code injection protection and more. Physical security issues will also be addressed.

   In the interim, be sure to join us on Oct 19th at Fast Eddies Billiard Club in Centreville, VA for a group networking, meet and greet and billiards and beer celebration (because we all need a reason to get out of the house and have a few with like minded folks!).

NVCFUG has a new Meetup page
Entry posted on Mar 03 by Denard Springle

Courtesy of the generosity of Oguz Demirkapi NVCFUG now has it's very own Meetup! In an effort to bring even more networking into the mix and attract more people to the group Oguz has organized a Meetup group where we can network with other groups and members in the area. Thank you Oguz!

http://www.meetup.com/nvcfug/

Fix(), DateFormat() and other things you probably didn't know about dates...
Entry posted on Feb 18 by Denard Springle

As with many things in ColdFusion, there are a ton of simple, but useful, tips and tricks that are often overlooked by even the most seasoned developer. One case in point is how ColdFusion stores dates and times and how you can take advantage of this functionality for all kinds of cool date related functions (e.g. calendaring, date comparisons, adding or subtracting one date from another date, etc.).

I recently stumbled upon this nifty trick thanks in part to one of my co-workers asking me an otherwise uneventful question about the Fix() function in ColdFusion, and ended with a lesson courtesy of the fine handiwork of Ben Nagel (www.askben.com) which gave me yet another tool to use in my repertoire of useful tools and techniques.

Let us start with Fix(), since this is where my quest began. Fix() is a useful function which is used to fix a float to an int. It does this by dropping the remainer (anything after the decimal point) with a bit of rounding. Now, I've seen Fix() used before, but not often and usually only to fix the results of complex mathematical functions. So, naturally I asked to see how Fix() was being used in the code and this is what I was presented with:

<cfset dtDay = Fix(Now()) />

This produced a result which was an integer number. This integer number was then  being passed around in various ways in the calendar application my co-worker was investigating, through events, on the URL, in queries - everywhere. So, naturally I assumed this data was being stored in the database and it must just be using this Fix() thing as a unique key generator - I mean, using Fix() on what equates to: 'ts {2010-02-18 02:42:32}' just doesn't make much sense.

Curious, I began to investigate the database only to be surprised to find that the data in the database was, in fact, a date and not some int as I expected it to be. I went back to the code and then I saw it:

<cfqueryparam value="#Fix(Now())#" cfsqltype="cf_sql_timestamp" />

At this point my brain kinda threw up a little bit. So, a little confused and surprised by what I'm seeing I go hunting through the ColdFusion Documentation looking for a clue, but to my dismay I was still unable to find a ryhme or reason for what I was seeing. Everything I know about dates is that they are stored as strings by ColdFusion. But, digging deeper and deeper into the documentation I finally stumbled upon the following statement:

How ColdFusion stores dates and times

ColdFusion stores and manipulates dates and times as date-time objects. Date-time objects store data on a timeline as real numbers. This storage method increases processing efficiency and directly mimics the method used by many database systems. In date-time objects, one day is equal to the difference between two successive integers. The time portion of the date-and-time value is stored in the fractional part of the real number. The value 0 represents 12:00 AM 12/30/1899.

It was at this point that I began to have an 'Aha!' moment.

Let's break this down, then. The key information here, is how date-time objects store their data - on a timeline as real numbers. What is a 'real' number? A float.

So, date-time isn't stored in strings after all, though it is presented in string format using any of the formatting functions and will accept string based date-time values as a valid parameter. This is a big distinction, and one I'm frankly ashamed I didn't know about sooner.

Ok, so we now know that the data is stored as a real number, and the text goes on to define for us how this data is formatted - The time portion of the date-and-time value is stored in the fractional part of the real number (though, sadly, it doesn't give the critical piece of information - the actual format visually represented). Unfortunately, this only eludes to how it might look. So, how does this look?

22460.93374

Right, so this is what we were seeing to begin with, minus the time portion of the date-time value due to being Fix()ed in the application (thereby dropping everything after the decimal point, leaving only the date part of the date-time object). So, now we understand how Fix() can be used on a date-time object to dismiss the time and keep only the date. In this way, Fix(22460.93374) returns only: 22460.

The next piece of information the text gives us is that one day is equal to the difference between two successive integers. In other words, from 22460 to 22461 is equal to one day on the date-time objects timeline.

The final piece of information we need to know to make use of these integer values is also given - when this timeline starts. Which the text tells us that a value of 0 represents 12:00 AM on 12/30/1899. For those of you with any measure of database knowledge, you'll easily recognize this date as one commonly used by databases as their zero date as well. Another Aha! moment occured.

So, the value we have, 22460, is the difference in days (22,460 days) between the start of the timeline (12/30/1899) and our date value, in this case we used Now().

So, aside from now having a very strong desire to rewrite every calendar I've ever written before <g>, I am realizing the power that this storage method, and the use of Fix() present in developing date intensive applications, such as a calendar application. Now, to be fair, Adobe's text goes on to tell us:

Although you can use arithmetic operations to manipulate date-and-time values directly, this method can result in code that is difficult to understand and maintain. Use the ColdFusion date-time manipulation functions instead. For information on these functions, see the CFML Reference.

Well, this makes sense... I guess. While it is true that the code I found of Ben's originally threw me for a bit of a loop, doing a:

<cfif Fix(Now()) EQ Fix(myDate)>

seems just as easy to read to me as:

<cfif DateFormat(Now(),'yyyy-mm-dd') EQ DateFormat(myDate,'yyyy-mm-dd')>

OR

<cfif Now() EQ myDate>

and, from a speed optimization standpoint, manipulating these integers through arithmetic for comparisons is a lot faster than using the built-in Date-Time functions, but luckily we don't have to worry about using arithmetic if we don't want to, but still use the integers:

<cfoutput>#DateFormat(Fix(Now()),'mm/dd/yy')#</cfoutput>

will output the current date in mm/dd/yyyy format. Conversely:

<cfset newDate = DateAdd('d',-Fix(myDate),Fix(Now()))>

also works just fine. DateCompare and all the other date functions work equally as good using the integer values of the date-time objects timeline. Though in this case, something like this might be easier to read and understand:

<cfset newDate = Fix(Now) - Fix(myDate)>

In both cases, newDate contains the number of days difference between the two dates, and are both viable alternatives to DateCompare(). I love ColdFusion's versatility. :)

My sincere thanks to Ben Nadel for his exposure of Fix() and dates in his code, for his blogs which reference this very hidden feature (which also helped me wrap my head around how this works) and to my co-workers who both started me looking for answers and who helped me locate all this great information about this nifty little feature.

My sentiment is, so long as I learn something new every day, then it was a successful day. Yesterday was pretty successful... I better get busy if I want to today to be successful though! lol.

And, lastly, I'd like to give a wag of the finger (thanks Colbert!) at Adobe for not making this quite handy functionality expressly clear in their documentation (still nothing new in the CF9 docs on this, either). Thank heavens for the community's passion for trying new and amusing ways to break ColdFusion for finding this, and other, handy little known features that Adobe should highlight and expose more generously to their user base.

How to avoid bad coding pitfalls
Entry posted on Feb 17 by Denard Springle

As anyone who attended our first group meeting on Feb 16th can attest, what brief code I was able to display (in Wordpad on a borrowed laptop lol) demonstrated how good intentions can go horribly, horribly wrong without a few simple processes in place. Unfortunately, the shiny gleaming presentation I created to go with the meeting (that ultimately would have made more sense than my clueless ramblings) was trapped in a non-functional laptop and someone who looks and sounds a lot like me neglected to make backup copies of said presentation. Alas, I realized, shortly after leaving the meeting, in fact, that there was a ton of stuff I had in my presentation that I wanted to share with the rest of the group. Alas, I will share this information now ;)

As I was saying last night, coding standards - a document which all engineers in your organization use to standardize the way code is developed in your environment - is one of the most fundamental, and often overlooked, processes you can put in place. As I demonstrated last night, when multiple developers who all develop to their own tune begin building on the same application - a myriad of issues begin and you end up with unreadable, buggy code due to the differences in the way each engineer writes and formats their own code. Coding standards also dictate naming conventions used for files, variables and methods, provide a clear case for using comments everywhere and outline the basic principle's of design used by your organization.

Regardless of which methodology you choose to use for your lifecycle, be that CMMI, SCRUM or the good ole' Waterfall methodology, the first step in any lifecycle should be getting your developers on the same page - and you do that with coding standards. There is a NVCFUG coding standard document available under the resources section of this site. This document is composed of suggestions and standards adopted from Dan Wilson, Ray Camden and Ben Forta, to name just a few, and provides best practice guidelines for ColdFusion code development.

Some other techniques I wanted to talk about last night but epic fail I forgot are:

When developing conditional code (if/elseif/else, case, etc.) always plan your code to exit as quickly as possible. For example, lets say the page you are coding includes a test to ensure the user has the proper roles to view the page - test for this case first. Having this check further down in the file means code is most likely being executed that never needed to execute to begin with. Another example is server-side form validation - use params and then validate your form fields before moving on with the rest of your code. Always plan your exits near the top of your code where feasible. My thanks go out to Dan Wilson for his compelling talks about exit strategies and code refactoring, from whom I learned this nifty (if not common-sensical) trick.

Comment everything. Coldfusion has the advantage of compiling the pages you write to a Java class which excludes any comments you have in your file, so there is no shame and no performance loss by using comments abundantly while writing your code. Commenting your code makes it easy to remember what you were doing when you inevitably come back to your code months later, and helps anyone else you work with, and any future developer who may follow you, to understand what you're doing and why. This makes your code more readable, more easily understood and followed and more thoroughly developed, and is a signature to other developers that you are a professional to boot. Be a professional and comment your code.

Break your code down into smaller pieces. The general rule of thumb most CF developers follow is 30 lines of code or less per function - if it's taking you more than 30 lines of code to write a function, then try to break the function into smaller pieces. What defines a 'function'? Any behavior in your code is a function - so querying the database and checking for a positive record count (or not) might comprise a single function, whereas querying a database ten times for ten different sets of data would likely comprise ten functions.

Be modular. Whenever possible reuse your hard work and stop reinventing the wheel over and over again in your web applications by putting reusable functions inside a CFC. Call that CFC from the multiple locations you would have otherwise inserted the function. This makes code changes a breeze, as you only have to change the code in the CFC instead of the multiple locations your originally would have had the code.

And this leads naturally into my next suggestion, which is use an MVC framework. Model-Glue is my favorite, but there are a number of frameworks and helper apps out there for ColdFusion including FW1, FuseBox, Coldspring and others. MVC, or Model, View, Controller, is a tightly integrated OOP approach to ColdFusion application development, helping to separate the object layers (models) and data transaction (or business logic) layers (controller) from the presentation layers (views). In this way, you build models of your data, data transaction and business logic to manage that data, and views to present that data to the end users.

And finally, if you don't want to (or cannot reasonably) use an MVC framework, then write your code using an object oriented approach - making use of beans (objects), events and methods to build a much more robust web application. CF9 introduces a number of features for OOP development including ORM through Hibernate, a CFC bean class, and more robust variables within CFCs.

In either event, whether you're working all by yourself on a project or with a team of people, ensure that everyone is on the same page insofar as the coding standards your team uses, and that everyone consistently implements those standards. In doing so, you will save yourself, your team and your company a ton of time and labor expenses. Which, by the way, is a good argument for implementing coding standards where there are none currently. :) So, go get 'em tiger!

Standards don't stop with ColdFusion. Far from it, in fact. SQL databases, Flex, Actionscript and Javascript should all have coding/development standards as well (and can be the same as and covered by a single coding standards document). While the document I provide is significantly ColdFusion specific in it's examples, the principles it embodies can be implemented across a wide gammut of programming languages. If you build it, standardize it.

NVCFUG Regular Meeting Schedule
Entry posted on Feb 17 by Denard Springle

NVCFUG will meet on every 3rd Tuesday of each month for our regular group meetings. Speakers and topics will be announced a minimum of two weeks in advance and are decided by the group.

Our next meeting is:

March 16th, 2010 from 7:00pm to 8:00pm.

Our topic will be: TBD

Our speaker will be: TBD

Please see the Event Calendar on this site for more details and to RSVP for events.

I know! I know! That's an awful lot of snow!
Entry posted on Feb 12 by Denard Springle

Oh hail to the glorious God and Goddess of Winter. Please be gentle with us, spank us not so hard with thy cold, frosty daggers. Please, please my Lord, make it stop!

Wow, not since the days of my youth living in the higher reaches of New England have I seen this much snow where I live. It's white everywhere! Over here... look it's white... ooo... look over there... it's a pretty white too! My goodness.

So, what does all this snow have to do with ColdFusion anyway? The snow itself, perhaps, does not partake much in ColdFusion, but ColdFusion certainly plays an essential role in tracking the snow. Several key agencies in our government at all levels use ColdFusion power to help them track, chart and view weather data. NASA uses ColdFusion to help prepare weather images for their flash components, NOAA uses ColdFusion to power their Flex driven weather centers, and even agencies such as the FBI, CIA and local homeland security use it.

ColdFusion is growing, and ColdFusion is finding uses in every corner of the globe, for every industry. Aside from being a powerful RIA development language, ColdFusion's Java, .NET and COM capabilities extend your reach into every aspect of computing, and have been used in a myriad of interesting and useful ways, as evidenced by how ColdFusion is able to grow in both stability and technology every year.

As a ColdFusion evangelist, one can expect me to hop on the soap box and scream out loud 'Use ColdFusion!' every time I hear about a problem that needs a solution. Is ColdFusion the right solution for every task? With it's capabilities now it is pretty darn close, when used in conjunction with Flex and Flash - the sky is the limit.

And, through all the snow I've been humbly thanking Cox high speed internet and my corp ISP for staying up, and the power company for building all our wires underground :P We, thankfully, never lost internet and never lost power through the whole storm. I am ever so grateful for modern technology - which has allowed me to gracefully wait out the snowy white mess that surrounds me on all sides and continue to sling solutions at clients who aren't snowed in and still expect to see some results! ;)

And, finally, just a note that we will be having our meeting on the 16th of February (next Tuesday) from 7-9pm regardless of the snow on Monday (which should be minimal). If you plan on attending, please RSVP to the event in the Events area of this site to ensure we get the right amount of grub for everybody.

Filter by Date

Filter by Tag

Change View

Titles
Summaries
Table
Clip
Clip & Comments
Full

Change Sort

Alphabetically
By Last Activity
By Date Posted
By Number of Comments
By Number of Views
By Author