Back in Edinburgh for Scotch On The Rocks 2014

by kai on 31/12/2013

There are those moments when everything just falls into place. Before Xmas and before I got the notification from the CAB at cf.Objective(), one of my submitted sessions was accepted for Scotch On The Rocks 2014. I'm still extremely happy about that as the amount of submissions they got was massive (around ~160, iirc) and given that it's a quite small event, it must have been a tremendously hard…

Read the full article →

I'll be speaking at cf.Objective() 2014

by kai on 30/12/2013

It already happened an few days ago, but I'm very pleased to announce that I'll be at cf.Objective() 2014 in Minneapolis in May 2014 and that two of my three session proposals got chosen for the conference's agenda. I've been to cf.Objective() 2013 as an attendee (Kudos to Gert @ Railo for throwing me a ticket of their sponsor contingent) and it was a really, really good event. To be honest, that…

Read the full article →

When and why you should run when someone (including myself) recommends a certain set of JVM settings

by kai on 30/12/2013

This is part two of a loosely connected series of blog posts dealing with JVM settings. Make sure you check out the first post titled "JVM memory settings for Railo (and Adobe ColdFusion) on Tomcat" before continuing to get an idea of the overall context of this series. Today's post is about why generic recommendations for JVM settings are almost every time going to fail you and why I personally…

Read the full article →

JVM memory settings for Railo (and Adobe ColdFusion) on Tomcat

by kai on 30/12/2013

This is the first post of a loosely connected series about JVM settings (some of them related to memory, some others not). I got kind of inspired by a series of discussion threads on various CFML-related lists sitting in my inbox for a while now (because I felt the urge to comment on them --- but never got round to for various reasons...). I'd really like to get to Inbox-Zero with that particular…

Read the full article →

NullPointerExceptions from cfcookie when migrating from Adobe ColdFusion 9 to 10

by kai on 20/12/2013

A few months ago, one of my clients was testing a possible migration from Adobe ColdFusion 9 to Adobe ColdFusion 10. One of the issues they ran into was a NullPointerException when it came to their cookie use. Something simple such as didn't quite work and resulted in: "The system has attempted to use an undefined value, which usually indicates a…

Read the full article →

Some cool new tools in Java 7 Update 40

by kai on 02/12/2013

Oracle released Java 7 Update 40 back in September. Obviously there are a bunch of improvements in the security department and some new third-party libraries. Apart from this standard stuff, you'll find a lot of really awesome goodies in this update, too. Depending on how long you've been dealing with Java and JVMs you might remember that there used to be a really awesome JVM from BEA: JRockit…

Read the full article →

An update on HTTPOnly marked cookies in Railo 4.1

by kai on 30/11/2013

In January this year, I wrote a blog post to advise people how to make the default installation of a Railo 4 server more secure. One of the elements was to make sure you're using HttpOnly marked cookies for your session cookies (depending on your setup that might be JSESSIONID or CFID/CFTOKEN). In the blog post, I've described how this can be achieved on a Tomcat context level if you're using…

Read the full article →

Displaying PDF documents/forms from Adobe LiveCycle in the browser

by kai on 28/11/2013

Users of Adobe LiveCycle quite regularly interact with PDF documents. Some examples are: Rendering customised documents for print purposes Creating PDF forms for on- and offline use to collect data for further processing Rendering pre-filled PDF forms to send out to customers/users for completion and physical signature etc. In a lot of cases those PDF documents are what's called an XFA-based…

Read the full article →

Adobe ColdFusion and Railo users: be aware of the newest Apache Tomcat trojan/worm

by kai on 27/11/2013

Symantec has recently discovered a trojan/worm-ish thing that threatens application servers running Apache Tomcat. It seems to follow the typical command & control pattern with control servers having been found in Taiwan and Luxembourg so far. This threat is using a very specific attack vector by trying to spread via the Apache Tomcat Managers and their (quite often unchanged) weak passwords and…

Read the full article →

ColdFusion and ColdFusion Builder source code have been stolen

by kai on 05/10/2013

So, there we go. Adobe got hacked and according to Krebs on Security and Adobe themselves, among other things, the source code of ColdFusion, ColdFusion Builder and other Adobe products has been stolen and shown up on hacker sites. This is obviously an issue. I don't want to comment on how it might or might not have happened and what the implications are for Adobe Acrobat (Reader) users. Let's…

Read the full article →

← Previous Entries