Sometimes I forget about personal security. From a design perspective this is a relatively easy task with acceptable solutions, whether it be hashing passwords or doing some crazy salt implementation to keep your clients passwords secure. Unfortunately I was a little lazy with my own passwords. My main Dreamhost FTP account was compromised in the past week sometime (I expect it was in the last week at least) and I found some rather interesting results from this invasion. So what’s in a dreamhost FTP account? When you log in you see a list of domains that user has access to (for my username it’s everything of course), with full access to everything. There’s also ssh access with the same credentials, but that seems to have been left untouched. Instead the perpetrator grabbed every single index.* file and added their own text to the bottom of it — about 70k of links that were hidden. The dangerous part was that I didn’t even notice this, so I’m not completely sure when it happend!

Dreamhost has a great backup plan luckily. You can login and CD over to /.snapshot and it contains folders with a full snapshot of your files at various times (1 hour ago, 2 hours ago, 1 day ago, 2 days ago, 1 week ago). The files from a week ago were last edited on 5/27 with this malicious code, although that could have been done directly in the snapshot directory. On the bright side for the most part it’s just a matter of removing the offending code and reuploading the files; with the exception of one or two files which actually broke due to this editing. Lucky they did too because that’s how I noticed something was wrong.

Moral of the story is don’t take your hosting passwords lightly! They need to be changed and checked on just like anything else important. I’m lucky that the worst something like this could’ve done is hurt my pagerank (or possibly offend someone if they actually read the links). I’m slowly removing them and cleaning up the rest of my hosting now which is why there has been no ColdFusion 8 headline today, aside from the one Digg was nice enough to do for me. Wait for it tomorrow.

Adobe released a public testing version of the newest release of their ColdFusion product. Version 8 includes numerous new features, including built in server monitoring, debugging, and loads of new functions and tags.

Do the CF community a favor and Digg this!

read more | digg story

If you’ve been keeping up with recent ColdFusion news, ComputerWorlds recent article, The top 10 dead (or dying) computer skills rated ColdFusion as the #5 dying skill. If you’re wanting a bit more unresearched comments, you can also read the Digg comments for this one.

Rebuttals have been made all around the blogosphere including responses by Ben Forta, Ray Camden and David Fekke amongst many others. It’s about time for my $.02 on the topic.

First off, ComputerWorld issued a response to the article titled Readers question ‘dead skills’ list after recent comments from the Cobol, ColdFusion and C communities. When I read this next line though, that’s when the laughter started:

One reader noted that “the first person interviewed [in the article] is head of the CS department at Bentley.edu. Their home page is www.bentley.edu/index.cfm, which is ColdFusion. Look in their employment page, they are looking for a ColdFusion developer. Is it just me, or is it amusing that the author interview[ed] someone whose institution is implementing a dying technology?”

Yes, that is quite amusing. It’s also amusing that David Foote, president of Foote Partners ranked Cold Fusion one of the hottest technologies to learn in the fourth quarter of 2006 (as noted by DK in a comment to Fortas post). Unfortunately that was 6 months ago — and it was Cold Fusion and not ColdFusion. There will always be people that don’t like a language with good reason, but this article was nothing more than an ignorant stab at a technology the author knew next to nothing about. She might read lots of articles about the other languages and assume that means there are less of the other; but researchers are supposed to, well, research — not just assume based on their sphere of news.

The main problem isn’t this article though, it’s that the author isn’t alone in their view. The “outside world” doesn’t hear much about ColdFusion. How often do you see things on Digg, Del.icious or the Technorati top 100 blogs that mention ColdFusion in a good light? Chances are it’s rare, or more likely next to never. The lack of publicity drives a product to obscurity! I wouldn’t be surprised if most peoples opinions about how “bad” CF is is based entirely on this obscurity (well, and bandwagon effect). It takes something that other people can actually use and benefit for a feature to break through and gain respect.

The main reason people state for this is bad marketing of the product, to which I agree with to an extent. But as Rails proved you don’t need a good marketing campaign to hook in developers, you need good development tools! For as long as I can remember ColdFusion has had absolutely great tools available through tags, but how many non-CF developers know about this? Or Model-Glue scaffolding? Or Reactor, Coldspring, Transfer or Coldbox? Most of CF’s obscurity has been because it’s hard to show these kinds of thing off. It’s the same reason you don’t see eye catching Java posts. CSS, JS and scaffolding are what draw people in now a days; or at least the new LAMP developers.

These might not all be the kind of developers a language wants (or in CF’s case they might not be able to afford it), but it helps to boost confidence in the product from the ground up. You can group the novices impressed with the flashy and new with the CIO impressed with the same. Most people look at CF’s price tag and think it’s so expensive they can’t justify the cost. The CF community always argues that you’ll make the money back in development costs. Proving something like this through some examples would also be a great step towards settling those questioning it.

Hopefully with CF8 coming us CF developers can pull out some great, eye catching, useful tools that will help us and draw some new respect and attention to CF — plus some tutorials for the new developers that are often forgotten. New developers take a new version as a chance to start fresh in language — why not grab as many new developers as we can?