PANESAR.net
Making the world a better place with ColdFusion, Web Startup, and Software
Search
In creating software, be it a startup or a client project, key decisions need to be made and implemented based on security.
In building secure applications that let me sleep at night, I have learnt a few things:
- Security is relative. You must keep up, and ahead of the curve. Your thinking and design must be steps ahead of what’s happening and what may be possible in the near future. In the end, if someone wants to, given enough of their time, resources and money (more than what you have spent) it, still, conceivably, is possible that security may be compromised.
- Security vs. Convenience. Unless you are a expert of making complex security disappear “under the covers”, there is still a fundamental acknowledgment that has to be made. The more security you implement in an application, the performance, and usability of that application becomes less than simple.
- The path of least resistance. Instead of building a big, thick wall of security, consider building many, thinner walls. Just like someone who asks you a question instead of googling it, someone wanting access to a system will want to do so the quickest way possible. If they are out to find the next outpost, they will move on if there is layer after layer of security, like an onion skin.
Why? Most unscrupulous attempts to access a system aren’t really about you. Most valuable is the most generic. Your server resources to be illegitimately used to send out spam, etc, and not necessarily for what your application itself does. The reality is most attempts to break into your site will be automated scripts/botnets that sweep the entire internet. While you can build mega security features, a lot can be said by good design and putting up multiple “walls” instead of one big “wall”. Design your application to inherently check and enforce security as much as it can internally. Package it with smart public facing interfaces, properly hardened and tested with client and server side scrubbing and validation, and we have a start.
- Passwords be safe. Do your best, reasonably to secure the single, most vulnerable part of your system. Relative to the sensitivity of what is behind the password, implement password security measures. Logarithmic delays between failed attempts. Log and report invalid attempts. Encrypt your passwords.
One of the biggest things you can do if/where necessary is to store your passwords securely. This is a great article on How to safely store a password.
If you have any ideas to add to this list, please leave them in the comments.. I’ll update the list!
- In: Algorithms| Development| Startups
A few years ago I vaguely remembered reading about an Apple patent. Nothing out of the ordinary with their patents, just another way of doing something, that they may, or may not do.
Apple is expected to announce a Tablet on January 28th or so. What I’m more interested to see is if they’ll release a real gamebreaker — this docking station for a tablet. I think it’s fair to accept the first Apple tablet will be like the first iPhone. Groundbreaking, and having it’s limits as well that the second and third versions of the tablet will hopefully address.
But, I’m all about the docking station. For the life of me I’ve never been able to understand why a $3000 Apple laptop doesn’t have a docking station. I come from the Compaq/HP commercial notebook background where a docking station was a way of life and a great way to save wear and tear on the ports of your laptop. With the increased mobility that people have with their laptops, having to use a third party product like BookEndz, while very capable would be nothing compared to using a real docking station with one docking port.
Onto this tablet. Take a look at what could be the perfect tablet docking station. Slide the tablet into the iMac Display…. 
This could be the Apple docking station for their tablet.
Check out the article and drill into the patent application from there!
- In: Uncategorized
Great Software Systems
2 Jan2010
Happy New Year!
The past few weeks I’ve been thinking about how I’d like to continue to build in 2010.
Whether you are on the business side of technology, or the implementation side, there are some common elements to all projects no matter the viewpoint.
Great software systems:
- Make users great. Make your users awesome at what they do when they use your software. If you don’t, you have a dud.
- Are mature. People manage the system, the system manages the details. Immature: People make their own systems, manage their own details, nothing is connected, or consistent.
- Understand the data is the system: The data is the system to the end-user. Not your software. The software is merely packaging to the information they need.
- Understand the integrity of the data: What is the data. What does it mean. What states does it exist in. How does it interact with other data. Why is this important?
- Keep the edge: Software is built around the competitive advantage of magnifying and fueling the existing best practices of “This is how we do it here”. Don’t lose it by doing it your way.
- Are invisible: “Don’t make me think” when I use it.
- Self-Monitor: Bring things to my attention
- Master the Complex: It ’s easy to make things complex. It is hard to make complexity into something simple. Understand that complexity is not the issue most of the time. It’s confusion.
Maybe this will become a growing list! Add your own below!
- In: Algorithms| Design| Development| Startups
It’s always interesting to see the design / default setting considerations made in software.
One that has always stuck out to me is I can’t figure out for the life of me why most IDE’s don’t enable line numbers by default. No matter what we write, sooner or later we have to refer to the line number.
Luckily for Adobe’s ColdFusion Builder, which is based on Eclipse, the setting is a few simple clicks.
- Go into preferences
- Click on General in the left menu bar
- Click Editors
- Click on Text Editors
- You will see the fourth checkbox says “Show line number”. Click this on to enable it, and then click OK.
Below is a handy screenshot to know exactly where to click. Enjoy!
-
Enabling Line Numbers to be visible in Adobe ColdFusion Builder
- In: Coldfusion
One of the neat discoveries about ColdBox is the ColdBox plugin for Adobe ColdFusion Builder.
Here’s the problem… I couldn’t get the ColdBox Platform Extension installed in ColdFusion Builder with the existing instructions in the link above. I suspect the older version of the ColdFusion Builder allowed you to do it from more than one location.
In any event, you have to Click on Window > Show View > Other > Extensions , and allow the extension pane to appear at the bottom of your screen (as my default installation shows). Then, click on the (+), select the ColdBox Extension zip file and go through the normal setup.
If you’re interested in a quick screencast, all 1 minute of it is below!
http://screencast.com/t/YzdhMjI1M
The things it helps you handle include (Quoted from page above):
- Create handlers, plugins, interceptors and model objects with awesome wizardry
- Create an event handler and have it auto-generate the views, etc.
- Plugin Wizard
- Interceptor Wizard
- Model Object Wizard.. and more
ColdFusion builder is in late-ish beta and it’s great to see some of the plugins that we have for it already. It’s nice to see such a tool evolving.
Happy ColdBoxing!
- In: ColdBox| Coldfusion
Impressions of ColdBox 3.0
19 Dec2009
Once you’re past why someone would develop a new program in ColdFusion, you find a rich community of developers, examples, libraries and frameworks.
I’ve been playing around with the ColdBox Framework for ColdFusion for a few months.
What lead me to ColdBox was a period of discovering and playing around with the discoveries I made with ColdFusion 9 and it’s killer Hibernate ORM integration.
I could no longer program, ever again until ColdFusion 9 came out.. it made for a slower fall on new projects. I decided to dust off the old exploration cap and started looking at what was new and developing in the ColdFusion world.
For about as long as I can remember I’ve been using FuseBox and my own frameworks prior to it coming into existence. In my modified FuseBox framework I have a simple, efficient, scalable system that has easily handled anything I’ve thrown at it, and more. It’s very capable and rightfully so.
FuseBox is ColdFusion’s first major Framework and went on to dominate and inspire a lot of change in the PHP world not only with FuseBox itself, but the other great frameworks that exist in that language and maybe beyond. Sitting in the ColdFusion world it’s nice to see that the ColdFusion “power with ease” eloquence was able to help spread this kind of empowerment, as much as ColdFusion’s continued track record of doing the best of similar languages and frameworks. No offence intended to any of the other great CF frameworks out there — I just didn’t feel the itch to shop around because I felt I had the good stuff at home. 
No language, in my experience, has focused on the developer and their experience as much as ColdFusion. Happy developers make great software. I like being happy doing what I do.
I came across ColdBox and remembered seeing an earlier version around 2006 that looked really promising. It looks like it’s been delivering on it’s promises. In defense of my beloved FuseBox, I haven’t looked at the new version in a few years because the one I use has worked so well!
The first thing that struck me was the sheer volume of documentation available on ColdBox.
I couldn’t believe my eyes. Someone, actually, seemed, to get the significance of, and anticipate the needs of web application development, and ColdBox was the result. This was like Allaire/Macromedia/Adobe continuing to anticipate the needs of application developers with ColdFusion. ColdBox looks to this software architect to be the next shining star of ColdFusion, if it’s not already. It improves both applications and developer’s lives.
We know that application development and application developers are kept happy in some common and unique ways.
At first, I didn’t believe what I was seeing. Everything I’ve needed to touch or use, with respect to a web application and it’s framework, seemingly, conveniently put in one place. Internationalization, no problem. Need role based security? No problem. Want to add a doo-dad? Decide if you want an interceptor or a plug-in. Next question.
What is a software architect to do when something makes him blink? Get a second opinion from the smartest developer he knows.
My friend is someone I’ve known for almost 15 years. We shared a path in school but I went off the ColdFusion deep end while he continued learning everything under the sun… except ColdFusion.
So I asked for his unbiased opinion. Which he’s known to give. I asked him, find me every fault in this ColdBox and the language of ColdFusion compared to all the languages you’ve ever used. As a developer completely fresh to this, tell me if something is better than this, and why, because I might want to switch.
Expecting him to correct ColdFusion, and ColdBox the same way he used to correct the professors, assignments, quizzes, exams, and TA’s in university, he came back convinced that ColdBox and ColdFusion is great for developing web applications. Not to say something else wasn’t, but if he’d pick something ot build on his own he just might use it, especially with the open-source ColdFusion engines like Railo and Open BlueDragon.
So, I’m not crazy. That’s good.
Here’s the thing with ColdBox for me. It does MVC, really well, for the web, for web applications. Yeah, I know Ruby’s got this, ASP.NET’s got that, and Django has something else that’s great. I have used them all, either with new projects, or maintaining existing ones.
The thing that happens with any project, over time, is that it either becomes one you want to work on more and more, or one you don’t want to work on due to increasing complexity to add or modify tasks.
We can argue it’s up to the developer to keep things simple, but inevitable the platform and framework play a huge role in what we do, or don’t have to do, or what we do/don’t deal with.
If we put all the languages, frameworks into one pile, there is one key test I use to see the value of any tool.
It is difficult to make the complex into something simple; and it is easy to make the simple into something complex. Will this help me make the complex into something simple, without dealing with the language, or framework’s complexities?
ColdBox, with ColdFusion seems to understand that most of us have to build things that are solid, reliable and scalable. 99% of web applications that are remotely successful grow. We need a way to manage that growth and keep the garden looking nice while it grows.
Web developers often have to solve more than simple problems. We have to solve complex problems and make them simple. There is little doubt ColdFusion is the best integration language for the web. It simply does more out of the box than anything.
I have spent the last 2 days working in ColdBox and my impression is this.
I have been amazed at how much of an application I have built already in ColdBox. Actual business logic. Actual problem solving. Actual “this will make someone’s life easier, more efficient and productive”.
What’s changed? I didn’t build my own roles based security. I didn’t have to integrate internationalization. I didn’t have to extend a framework to do more (or less) than it did. ColdBox appears to be a framework that can be customized easily, or left alone and just run.
To potentially have the best of both worlds (Rapid dev of FuseBox and the scalability of OO-programing), compared to what was out there before, is more than a little staggering to this software architect. I don’t care to re-invent the wheel, I want to solve problems and help people that are forced to work with poor software.
Beyond learning the ins and outs of ColdBox, I am slowly realizing it’s feeling much like FuseBox did.. the next tool I will use for possibly a long time. Just like ColdFusion made web development power with ease, ColdBox takes Web application development to a similar of power with ease.
ColdBox allows you to leverage ColdFusion’s rapid application development in such an improved way that I don’t think has happened in several years. As much as Fusebox first came out for ColdFusion and then spread to PHP, etc., and pushed the bar so much, I think ColdBox will inspire as well.
What’s most impressive is that such a powerful framework has been kept, if I may, simple, relative to the complexity of everything it handles. That’s something ColdFusion did first, and better than anyone too.
In the coming few days I will start a Quickstart to ColdBox series to catch my first impressions and experiences of piecing it all together, to help you see for yourself what ColdBox could do for you.
- In: ColdBox| Coldfusion| Design
- Tags: ColdBox, Coldfusion
No one cares about your stupid little startup?
10 Dec2009
Came across a very interesting slide show called “No one cares about your stupid little startup” from the folks over at xobni.com regarding their launch experience. With a title like that, how could I resist?
Check out the slide show here, my thoughts below.
No One Cares About Your Stupid Little Startup
1) I loved the categories of startup. Stealth –> Private Beta –> Nerd Scarcity –> Invite beta –> Iteration –> Public Beta –> GA –> Paid Drivers.
My favorite? Paid drivers.
2) The importance of Marketing and PR. I’ve heard it said that 80% of a product is it’s marketing and PR. Sadly, it’s true and a lot of great products languish because they can’t speak the same language as their customers to make them say “hey, this would be really great for me.”
Anyone who thinks they can go without learning marketing and sales should stay out of startups. Good thing I changed my mind
- When we got PR Help – No one cares about your stupid little startup
How a Great Design goes to hell
7 Dec2009
I received this funny comic and it got me thinking…..
I have often wondered how a relationship between specialist (Web, designer, programmer, etc.,) can sometimes turn into the customer believing they understand everything better than the specialist, and how to do it.
This is when phrases like:
“Couldn’t you just..”
“All you have to do..”
“It should be pretty simple..”
“Can’t we make it really simple on the screen? Why would that be more work to do it all behind the scenes?”
become more, and more common.
Problem? I don’t know. If you ignored everything clients say in this case, and only look at what they were doing, the client is basically saying they know better than you. One could argue there’s something missing in the requirements phase. Even when clients are the ones that hired you to help them meet that impossible deadline that they didn’t know was a ton more work than they ever imagined?
Still, I’m not sure if it’s entirely the client’s fault for being this way. I think it might be a mix of both client and specialist. Clients tend to oversimplify and over-trivialize anything to make it something they can feel confident about so they don’t get taken advantage of.
What is true is this.
It is hard to make the complex simple, and easy to make the simple into something more complex.
Would we second guess or suggest doctors do something differently, or that engineers build a bridge differently (and without a plan) because we feel it shouldn’t be complicated? I don’t know.
This leads back to the oft-referred issue of what color to paint the bike shed.
Why? Well, the less you involve and empower your clients, the more they will feel your craft is a magical dark science. Of course, I’m the first guy to say I want to build systems and tools for people, not BE the system and tool through which they maintain their systems. So, I’m forever doomed to try and involve clients as much as they would like to be and educate them. It is already a luxury to feel understood by anyone, and it’s nice when you clients are able to join you if they so wish.
With that being said, I have a responsibility to first learn, and then demonstrate that I understand the needs of my client and how to best solve them in the way that best serves the client. Maintaining or enhancing the clients competitive advantage is critical. It’s not about making my life easier, it’s about making life easier for my clients, and their clients. This rings very true even when working on a startup.
I get it. I’m pretty good at what I do and can reasonably be thrown down a well and come out okay. Do I make it look easy? I don’t know. I have 15 years of experience and 4 vacations to show for it. I read 2-3 hours a day on technologies and problem solving approaches. I keep the saw sharp and keep busy sawing. All to keep my value high to myself and the projects I work on, and to ensure my clients receive the best possible outcome.
Still, I hear, “well, can’t you just do this”. I have accepted that this on some levels will always be the case. I think helping clients understand that what I can do in 1 hour is only possible after 15 years of experience doing what I do, and that 1 hour of their time, while likely very valuable in the needs requirement of it, likely would not compare, must like I would be lost in their business.
I think I am going to explore the idea of “highest and best use” and incorporating that in to my working philosophy on all projects. When we focus on everyone’s highest and best use and simply keep our nose out (or in) no more or less than it’s needed, it’s where 1 + 1 = 11 in terms of gains in productivity.
The Mac came back.. the very next day?
4 Dec2009
Anyone who doesn’t purchase extended warranty from Apple for their Macs needs to read this.
I put a lot of time on my 15″ Macbook Pro. An average of 8-10 hours a day. Every day. The last 3 years since I switched back to Mac (since we all started on Apples in elementary school) have been incredible. No longer have I been tied up dealing with Windows to do the smallest things like connect a new camera to get a photo to fight with drivers. For the most part Mac just works, gets out of the way and let’s you focus on the task at hand.
Then, there was the day the music died. November 16th, 2009, for me, to be exact. I remember it, like it was yesterday. I am working at the office, no problems. Arrive at a clients, and the screen won’t turn on. Try to reboot, no luck. Everything seems to be turning on, except the screen. Strange.
The HP/Compaq technician in me from the late 90’s speaks up and tells me this might be that nasty Nvidia chip failure affecting the Santa Rosa Macbook Pros, which I own. But was it? I’ve seen a video card or twenty fail in my life and its usually a graceful fit of annoying colors, lines, pixels not showing correctly that leads to an eventual death.
A screen just to go black with that? I didn’t even get to say goodbye, or try to copy off my latest working files. What would I do if I didn’t have a recent backup?
Enter AppleCare. You see, for years I was happy that Compaq (and then HP when they acquired Compaq) had nearly the world’s best extended warranty. They did, and likely still are very high. AppleCare, I had heard was another beast.
I get on the phone and get booked into my local Apple store with an appointment 60 minutes later. Total fluke, as they’re always booked up. It was a cool feeling walking in and seeing my name as the next customer in line. It was even cooler as the Apple concierge wondered how I hacked myself to the top of the list without having been in the store. Nothing an AppleCare rep can’t put you on hold and get done, I guess.
After speaking with the knowledgeable rep, they ordered me a new system board. Problem, I’m leaving town 2 days later. They manage to pull it off and I make it rain chocolates at the store. Everything is back and running.
Until it died again. I got the dreaded spinning wheel on grey screen. I felt like throwing my laptop into the water, pulling it out, and then throwing it in again. But I didn’t. Called AppleCare and they tried to help. No luck.
On my way back to Edmonton, I was in Vancouver for the day. I stopped by the AppleCare store and they had the part I needed. And they would change it for me before my flight left! Two flukes? I doubt it. There’s no way this kind of service is to be expected or reasonable, but I’m so glad they stepped up.
I’m tired, and fly back home. The repaired laptop awaits it’s glorious return to productivity. I turn it on in the next morning. Same problem. Did someone forget to turn on the computer fully?
My heart sank, to the bottom of my feet. I could have just bought another Macbook Pro, smashed this one up, made a video for Youtube and mailed it to Apple stating I couldn’t handle 2 bad system board replacements in addition to my original failure.
I called AppleCare like someone might call an counseling hotline. I spoke of the great help I received, but the poor results. Brian, my original contact, quickly escalated me to a senior adviser. He took a few minutes to read everything I had endured and at this point likely noticed I should have been screaming and foaming from the mouth, but wasn’t. He got how frustrated and let down, and paralyzed I was. Running a backup of your mac on a mac mini isn’t the same. Yes, I didn’t lose anything, but I wasn’t gaining either.
The senior advisor said I had gone through enough. He wanted to heal my shattered heart with the warmth of a replacement machine. I was skeptical. I told him I had been hurt before. What if this replacement had issues because it was the new macbook? I might be crazy to turn down new equipment, but I like what I have and it works well. He assured me he felt comfortable reccomending it so I decided to take the plunge to a new Macbook Pro, at a reasonable cost.
Now I wait. Hurry up China.
Why your IT Sucks
20 Nov2009
There is another great opinion piece I found on Computer world titled:
This was a follow up to the previous article of The unspoken truth about managing geeks and I must say it clearly presents some great points.
1. GIGO GIGO GIGO.
Can’t say it enough. It’s so true.
Garbage
Back in the fifth grade, I was in a school musical, The GIGO Effect, in which the evil Glitches attempted to corrupt a computer named Mabel with “dirty power.” The point of the show was that technology is unable to produce intelligent results without intelligent direction, a truism encapsulated in the formerly popular computer acronym GIGO, “garbage in, garbage out.”
So, if you don’t begin with the end in mind, you will fail.
Doesn’t make sense? Let’s start with this passage from the article.
Information technology is the art of managing an organization’s processes by establishing and maintaining computing frameworks.
If we can agree on that definition of “IT”, that means IT touches and deals with the entire business. It is the electricity, the power, the force, the connector, and the enabler of achieving your business goals much, quicker, better, and more profitably.
For an IT strategy to succeed, everyone needs to see the use of Information and Technology in Business, what I call Business Technology as a critical enabler and vehicle for delivering the results of the business. Gone are the days of “my mouse isn’t working.” The more integrated the view of IT with the rest of your business, the further IT will help you succeed. IT alone is not a magic bullet. Technology needs business. Business needs Technology.
Getting all parties, executives, IT, staff, managers to see one strategy that IT is meant to help everyone succeed at getting more done with less effort, and not offset workload from one person or group or another is the foundation of a great IT presence.
Check out the article, I’m sure you’ll find it to be great.