Tom Mollerus' Weblog

Always use server-side data validation

2008-07-21T12:56:37Z

I've just come back from an CommonSpot Advanced Developer's Training class, where some people expressed the thought that server-side validation wasn't required as long as you have sufficient client-side validation through JavaScript. Then this morning I read Mark Kruger's excellent (if rather unfortunate) example of why you should always implement server-side data validation in your applications. Always remember that users, whether friendly or malicious, can submit anything they please via form submissions, URL query strings, or even cookies.

Boston CFUG meeting tonight at Adobe's offices

2008-07-16T13:15:56Z

For those of you in the Boston area, you'll really enjoy the Boston ColdFusion User Group's meeting tonight at Adobe's offices in Newton. Luis Majano will be presenting his ColdBox framework-- it's a great, easy way to get introduced to OOP programming. Make sure to come!

http://www.bostoncfug.org/index.cfm?event=showMeeting&meetingID=CA04FA80-D61B-FA8C-8A343B03A53B5745

I'm now a co-manager of the Boston CFUG

2008-07-02T14:54:22Z

I'm pleased to say that Brian Rinaldi recently offered for me to be his co-manager for the Boston Coldfusion User Group, and I happily (and immediately) accepted. I'll be helping Brian with some of the management activities that he's always wanted to do but hasn't had time for, and I hope that it gives me the chance to meet more people in the community and to spread the word about ColdFusion to new users who are interested in seeing what it's about.

For those of you in the Boston area, we'd love to see you at the meetings. We've got some great ones lined up in the near future!

Adobe MAX 2008 has an interactive background

2008-07-01T02:24:29Z

I visited the Adobe MAX 2008 site after reading Ben Forta's blog post about the ColdFusion "unconference" behind held during MAX.

After noticing a little animation in the very-grayed-out background, I clicked to see if anything would happen. It turns out that there are three adjacent mini-worlds, each with its own short puzzle for you to solve, which lead to one easter egg apiece. They're pretty fun. Follow the link above to MAX if you want to see for yourself, or read more if you want to know the easter eggs that I found.

]]> Here are the three easter eggs that I found:

In the jungle landscape, I managed to build the totem that the explorer was looking for;
In the artic seascape, I found the Big Spaceship easter egg;
In the desert landscape, I found the hidden logo (I'm not familiar with the company and can't remember their name, though).

Did anyone else find any others that I missed?

Getting Windows applications into your MacOSX dock

2008-06-11T21:15:31Z

I just discovered a neat little trick with VMWare on my MacBook Pro. I still need to QA against IE/Win, and I still love using Homesite+. Up until now, to use either of them I've launched VMWare, launched those programs, then switched to Unity mode. The next day, I would have to do the same thing all over again. But with less than 5 minutes of work, you can get your favorite old Windows apps to appear on and launch from the Dock. It works like this: if you switch your Windows VM to "Unity" mode so that the applications you have open appear each in their own window, their icons will appear on the right side of the Dock (note the Windows Remote Desktop and Firefox icons):

Now if you click-and-drag those icons from the right side of the Dock to the left side, they'll stay there permanently (note the Internet Explorer and Homesite+ icons):

And whenever you click on these icons, VMWare will start up and bring up the application for you-- in Unity mode! It's just like... no, it really is having your favorite Windows apps available to you just like any other MacOS app. Awesomeness, no extra charge.

Open letter to Hillary Clinton

2008-06-04T03:37:55Z

Dear Hillary,

In your speech after the South Dakota primary tonight you asked for suggestions from the public on what to do about your campaign. Here is my response to your call for advice.

Tonight, you chose not to confirm Senator Obama's clear victory in amassing the delegates needed to claim the Democratic nomination, and in doing so you withheld support from him when he could have used it the most.

You insulted the American public by not acknowledging his historic victory when he became the first minority nominee. You chose to sacrifice the strength of the Democratic Party in order to guard your pride and your political leverage. If you continue to do so, you will only damage and diminish your own reputation.

Suspend your campaign.

Boston CFUG Subversion presentation follow-up

2008-05-28T03:08:34Z

Thanks to everyone who attended tonight's Boston CFUG presentation on using Subversion. If I can help anyone get set up with the server or a client, just let me know.

So, you think there's no worthy Subversion client for the Mac?

2008-05-16T23:51:23Z

Wow. Between a new job with Ping Identity and attending the cf.Objective() conference, it's been at least 3 weeks since my last posting. Well, one of the things I learned at the conference came after asking a presenter for his opinion on whether there was any Subversion client for Macintosh that was worth using. The Finder plugin is a great idea, since it's like TortoiseSVN, but it's not full-featured and doesn't always show status overlays correctly; and other clients keep views of working folders and repositories in separate windows. Finally, other clients don't have a built-in diff program. The presenter didn't think that any Mac client was worth using either.

But someone from the end of my row in the audience told me to speak to him after the session was over, and he told me about Syncro SVN. It has everything you could want in a client-- an integrated view of your repositories, working directories, a great diff viewer, and session log. Plus, it has all of the features you might want, such as the ability to relocate working directories between repositories. If you're not satisfied with other Subversion clients on the Macintosh, I'd suggest you give Syncro SVN a look.

New job today

2008-04-23T20:40:50Z

I'm in a new position today, as Senior Web Developer at the leading secure single sign-on provider, PingIdentity. They've set me up with a sweet 30" Macintosh HD screen, plus a nice, light MacBook Pro. The fridge is even stocked with Cokes. I think I may just sleep here.

You know, I don't mind this web ad-- I love it

2008-04-22T02:04:32Z

While browsing the web tonight my wife came across what is the first enjoyable advertisement I've ever seen on the web (those fun Orbitz games don't count-- while I like to play with the baseball or putt-putt golf widgets, I didn't like the ads themselves). And the great thing about it is that it's more than just an interactive game and more than a running commercial-- it's an entertaining combination of both, almost like an example of that semi-mythical idea of "interactive TV" that pundits have written about for the last decade.

On HGTV's web site, a Flash ad showed up for Sears showing a static picture of some guy dressed up as a dandelion. Beneath him there's a button requesting that you "Roll over the weed". If you do, that's when the commercial gets hilarious.

]]> When you first roll over it, the ad expands to twice its previous width so that you can see a selection of Sears yard tools. But the ad's audio controls in the upper-right-hand corner are still set to mute, which is considerate on the part of the advertiser. And the guy in the dandelion getup? He's furiously gesturing and miming to you to turn on the sound. He also looks smug and acts annoyed with you, just like you'd expect a lawn weed to act if you could speak to them.

Once you turn on the sound is when the real fun starts. The dandelion is hilarious, introducing himself as "wisecrack weed. You know what weeds are really good at? Being annoying. [Makes a noise like Curly of the Three Stooges]". Then he practically dares you to "whack" him with one of the Sears tools. The great thing is that as you look over the tools to choose one, he manages to makes sarcastic comments to you while talking up the tools. I just love how the video "reacts" to your own actions. When you finally select a tool, there's a final bit of great video where the weed and the yard tool fight interspersed with cries of "Ow, I want to have kids someday!" or "Thanks, I could use a massage. Ok, that's a little hard." (you can guess who wins).

I don't know how long the ad will be hosted over at HGTV or on Pointroll's network. Give it a play, I think you'll like it as much as I did!

Unit testing (and beers) with the Boston CFUG

2008-04-16T02:26:22Z

If you're in the Boston area and didn't make it to the ColdFusion User's Group meeting tonight on unit testing with MXUnit, you missed a good time. Marc Esher and Bill Shelton gave us an intro to unit testing, and a few of us went out afterwards to Dunn-Gaherin's to toss a few back with our visiting ColdFusion evangelist, Adam Lehman. Adam kindly said a few words about Adobe's current efforts with CF, and also raffled off a copy of ColdFusion Server.

Be sure to make it to the next meeting, when yours truly will be presenting on version-tracking your code with Subversion. I'll be raffling off a free copy of Subversion. ;)

P.S. So that no one misses the joke, then shows up expecting a chance at free software and gets angry at me: I'm kidding. Subversion is already a free download.

Spam/RBL lookup added to EmailParse.CFC

2008-04-14T15:25:28Z

I made yet another update to EmailParse.CFC last week while I was working in the code for other reasons: I've added spam lookup on the sender's IP address courtesy of SpamHaus.org.

]]> There are two parts to the functionality which performs the RBL lookup. First, we look through the Received: headers to find the earliest one which contains a sending IP. Second, we take that IP address, reformat it a little, and send it off to zen.spamhaus.org to see if it's listed in their RBL.

Each of these steps is encapsulated in two functions:

As always, you can download EmailParse.CFC from my projects section.

Updates to EmailParse.CFC: Quoted-printable parsing and Received header

2008-04-11T16:04:22Z

I've posted an update and a fix to my EmailParse.CFC today:

The quoted-printable parsing for text and html body parts has been corrected. When you use EmailParse.CFC to forward an email, you can't tell CF that a mailpart is encoded with quoted-printable or Base-64. So, these mailparts need to be converted back to text in order to forward them correctly.
The parsing mechanism has been updated so that the values of the "Received" header, which often is often repeated several times in one email head, are aggregated in one property of the component. Previously, each instance of the Received header would overwrite the previous one, leaving only the last one for you to work with once the parsing was done.

You can read more about my email-parsing code for ColdFusion in the EmailParse.CFC Project area.

How to upgrade to CF 8.0.1 on Linux

2008-04-07T14:38:05Z

In my previous post, I wrote about the trouble I had trying to install the CF 8.0.1 Updater for Linux. Thanks to a few good tips from Brian and Todd, I now know how to install the Updater without a problem-- but I think that I might as well post the solution since Adobe doesn't seem to realize that it may not be obvious to everyone.

Because the Updater has a .zip extension, I took it for a zip file. Without any other direction from Adobe, that seems like a reasonable course of action to me. But when you try to unzip the updater, you get errors. The solution is pretty simple: just download the updater file, change its extension from .sh to .bin, make it executable, and then call it directly:


# wget http://download.macromedia.com/pub/coldfusion/updates/801/coldfusion-801-lin_updater.zip
# mv coldfusion-801-lin_updater.zip coldfusion-801-lin_updater.bin
# chmod 755 coldfusion-801-lin_updater.bin
# ./coldfusion-801-lin_updater.bin

That will start the Updater quite nicely. Oh, and one other thing-- when the Updater finished and I went to view my site, I got a 500 error from the webserver. A simple stop-and-start of the coldfusion_8 service did the trick:


# service coldfusion_8 stop
Stopping ColdFusion 8, please wait
Stopping coldfusion server..stopped
ColdFusion 8 has been stopped
# service coldfusion_8 start
Starting ColdFusion 8...
The ColdFusion 8 server is starting up and will be available shortly.
======================================================================
ColdFusion 8 has been started.
ColdFusion 8 will write logs to /opt/coldfusion8/logs/cfserver.log
======================================================================
#

Problems with CF8 Updater for Linux?

2008-04-04T21:15:56Z

I've written in to Adobe Support about it, but I want to know if anyone else has experienced the same problem that I have with the ColdFusion 8 Updater. Whenever I download the Linux version of the Updater and try to unzip it, I see the following issue:


[root@elmcedar src]# unzip coldfusion-801-lin_updater.zip
Archive:  coldfusion-801-lin_updater.zip
warning [coldfusion-801-lin_updater.zip]:  69730304 extra bytes at beginning or within zipfile
  (attempting to process anyway)
 extracting: Z_/installers/LiveCycleDataservice/flex-for-cf.zip  
 extracting: Z_/installers/JNBridge/JNBridge.jar  
   ...

When I download the same file to a Windows machine, I'm told that the archive is corrupt and I don't see any files. Has anyone else experienced a similar problem, or has anyone else successfully unzipped and installed the Updater for Linux?