Legacy Code Part 4: You Don't Know...

You're bringing your ColdFusion app into this century, but you've never heard of CFC's? Still using third party tags for image manipulation? Didn't know there was scripting? Before you start touching your code, it's time to do some research...

ColdFusion has grown a lot, in the past decade. CFC's help create reusable code, and allow for Object Oriented like architectures. There's built in image manipulation methods, MS Office, Exchange, and Sharepoint integration, native JSON serialization on remote requests, PDF creation and manipulation, and a whole lot more. On top of that, you can script most anything now as well. Take some time to look through the documentation to see some of the new things available for your application.

Speaking of changes, the <center> and <font> tags were deprecated years ago as well. Today, we use HTML markup for data, and CSS for display declaration. Get up to speed on HTML and CSS and JavaScript. You're a web developer, not a process manager. All of this data is useless if the user can't "use" it. Learning these things now will go a long way as you bring your app up-to-date. I bet your SQL server has some upgrades too (like stored procs in MySQL).

The web changes at the speed of light. It can take a lot to keep up, but it's necessary in an environment that never stops growing.

This article is the fourth in a series of articles on bringing life back to your legacy ColdFusion applications. Follow along in the Legacy Code category.

Legacy Code Part 3: The Right Tools

You don't use an butter knife when you need a hatchet, nor a machete when you need a scalpel. When you're bringing Legacy Code out of the Dark Ages, you need the right tools. That old copy of ColdFusion Studio was the bomb in it's day, but it's not working so hot on your new Windows 8.1 laptop. On top of that, it's help dictionary is out of date by about 5 server revisions, and it's never even dreamed of HTML 5.

You need some good tools to resuscitate a dying app, and the first one is a good editor. I personally prefer Adobe ColdFusion Builder, but you could use CF Eclipse or Sublime Text 2. I like an IDE, and love Eclipse for it's plugin architecture, which allows me to handle the majority of my workflow directly in one environment. Others prefer just a text editor, and that's fine too, but at least pick something with code complete and up-to-date dictionary add ons.

Do you use Source Control? Now's the time to learn. The ability to branch, merge, and revert are critical for continuing to maintain a working application at this stage. I've used Subversion in the past, but have come to prefer Git. The learning curve is steep, but the benefits and flexibility are well worth the time investment, especially in a team environment.

Using MS SQL? Then you want the Redgate SQL Toolbelt. This one isn't cheap, but it's well worth the purchase. You can do comparisons of database schemas, source control sql, backup and restore at an object level, document your db, and the compression technology here can save you a bundle in storage costs. And all of that is just scratching the surface.

And when it's really time to dig in, you're going to want FusionReactor. For me, this tool paid for itself in the first five minutes. You can watch every single request that's hitting your app. Track your slowest requests, queries, and more. Get live data on memory utilization. You can setup notifications for different events, and even setup auto recovery scenarios. This is the must have tool when you're modernizing your application.

Finally, if your getting hit with security breaches right now, it'll probably take some time to pay off some of that code debt and get back on track. FuseGuard, from Foundeo, is an easy way to add some badly needed security when you have none. It won't do your work for you, but it can save you a lot of grief while you get it together.

This article is the third in a series of articles on bringing life back to your legacy ColdFusion applications. Follow along in the Legacy Code category.

Legacy Code Part 2: Getting Started

Your ColdFusion site is crawling. Pages take seconds to render. The DOS attacks from China are taking you down daily. Your boss is crawling up your backside, because clients are running away. And... you're still running ColdFusion 5 and MySQL 3.

Why are you complaining again? Wake Up!

Your problem isn't your platform. It's...your platform. Why would you think that you have to upgrade your desktop software, but not your web platform? Every new iteration of an Operating System becomes (hopefully) a little more performant and a little more secure and (generally) has a few more bells and whistles. So why are you still running IIS on Windows NT?

You want things to get better? Want the boss to stop breathing down your neck? Step 1: Get Current. If you aren't up-to-date, your app will show it's age. We can get wrinkled and put on weight with age, why wouldn't your site?

Give your site a Lifestyle Lift. Get a modern OS, a modern web server, a modern database server, and a modern app server. (And, if you're that far out of date, you probably need some modern equipment too.) No budget for all of this? Consider a hosted VM instance(s), where the host handles the software licensing.

The language has changed/improved, a lot, in the past decade+. So has the server. You can't take advantage of any of these enhancements if your infrastructure is archaic.

Now, all of this being said, you'll want to test your code on a local architecture of the same make up. Chances are that there are minor code changes that you will have to make just to get up and running on "New Stuff". Set yourself up on a local VM, with all the same upgrades (OS, web server, db, etc) and thoroughly test your application. Having trouble? It's worth the time to test and figure it out (or hire a good consultant).

This article is the second in a series of articles on bringing life back to your legacy ColdFusion applications. Follow along in the Legacy Code category.

Legacy Code: Coming In To This Century

For more than a decade now, I've made a living upgrading legacy applications. Many times, these are applications originally built on ColdFusion 4 (or even earlier) and never touched again. Some company invested thousands, or even tens of thousands of dollars having an application written, adding to it over and over with time, but never refactoring it for a new age.

This is probably the number one issue with how ColdFusion gets viewed, as a language and a platform, from outside the ColdFusion community. There are these huge applications, written on a platform that has grown and moved on, and that old code just doesn't perform the way they want it to anymore. What was written was probably great, at the time, but now there's millions of database transactions, thousands of concurrent users, and changes to processes in general. That old app just isn't cutting it anymore.

The question that comes up for a company, at this point, is do they rewrite the app? Do they upgrade the app? Or do they replace the app all together? Each of these questions have answers with their own pitfalls, but today many companies are looking at this issue and saying that their problem is ColdFusion, instead of seeing it as their answer.

Here's the bottom line: ColdFusion isn't always the answer to every problem. No more so than .NET is, or PHP, or Ruby, or any other particular language. That said, ColdFusion does have a very large advantage, in that it truly is a Rapid Application Development platform. If you know the language, if you know the server, and if you have a solid plan, it is possible to rapidly change an an application, or write a new one.

With this post, I'm going to start a new series of posts about some of the things that I've found, over the past decade, that can be used to bring a legacy application into a new age. There are a number of things that a company can do to bring new life back to that old and frail beast that used to be their pride and joy. More over, some of the things I'll relate can save a company from unnecessarily spending thousands of dollars in redevelopment when they didn't need to do so.

New Home Old Hobbies New Take

So, it's been a busy few months, what with contracts and buying a house and such. We recently moved back to Nashville, Tennessee, after two years living just outside of Jacksonville, Florida. Don't get me wrong, Florida was nice. It was pretty, the weather allowed me to wear shorts and flip-flops ten months out of the year, and we made some great friends. All that aside, we missed the hustle and bustle of the NashVegas life, so when we were looking to buy a new house we landed right back at home.

Before we left, I was asked to be the photographer at my niece's upcoming October wedding. This was finally the perfect excuse for me to go ahead and purchase that digital SLR I've been wanting to get for the past decade. I did a little research, and finally decided on the Nikon D3200. Their Nikkor lenses are perfect for me, because many of them have a Vibration Reduction mode, which is good for guys who drink way too much coffee ;)

I used to take a lot of pictures with my (now archaic) Minolta X-7. It was a great camera, and I would take hundreds of shots to get those ten or twenty perfect pics. Before I was a family man, that wasn't such a big deal, but as a husband and a father you get to be a bit more budget concious. Thousands of dollars in developing costs just don't translate, which is why digital has been such a godsend to the photography industry.

Even better though are the tools. It used to be that you took pictures, got the developed, found the right ones, scanned them in, and pulled them up in Adobe Photoshop for final edits. After you'd tweaked it just right, you either printed your adjustments out on a high dollar photo printer, or had a developer charge you too much to process again on their new digital equipment. Digital cameras have helped remove so many of those steps, and the software has gotten better over time as well.

I've had Adobe Lightroom on my system for some time, but had never really had the chance to play with it much. When we decided we wanted some new wall art in our new house, I went looking through some of the shots I'd taken down in Florida with my new camera. I found one I really liked, loaded it up in Lightroom, and started "tweaking" my image. Exposure and Contrast, Highlights and Shadows, and individual color adjustments and... Wow! Lightroom is amazing. I brightened things up, pulled my greens out more, sharpened things and more and got a brand new pic for my wall.

Now I'm going to have some real fun! Time to get back in my Lynda account and find some good tutorials.

ColdFusion 10 File Uploads and MIME Types

Quick Note: On one project that I'm on, we're in the process of moving from ColdFusion 9 to 10. During some regression testing, one of the testers began receiving errors on file uploads. When looking at the code, I saw this:

view plain print about
1fileUploadResult = fileUpload(arguments.tierCSSDirectory, "header_background_image", "image/*", "overwrite");

Now, I remembered that there were changes to MIME type checking in CF 10, but I wasn't entirely sure. This code, written by one of our developer's several months ago, would allow any "image" MIME type. What we discovered is that we couldn't do this kind of wildcard mapping under CF 10, that we now had to list out each accepted MIME type as a comma delimited list.

Just thought I'd share.

ColdFusion Roadmap

Shilpi, the 'Security Czar' of Adobe's ColdFusion Engineering team, recently posted about the Roadmap for future ColdFusion Server Devlopment, post CF 10. This links to an abbreviated set of slides, presented in a PDF document, that layout the focus on next two versions of CF.

There are some things you might easily miss, in reading over the slides. First thing I picked out was in "Splendor"'s Other focus areas section, you see Pluggable Framework mentioned. Hmmmmmm...

Mobile, Social, HTML 5 and the Cloud are big topics here, but I also noted that "Dazzle" has Customizable Enterprise Video Portal mentioned. Interesting...

Another one that's easy to miss? How about the timeline? According to the last slide, "Splendor" looks like a 2013 release, while "Dazzle" is slated for 2014. That's a much more progressive release cycle than we're used to seeing.

The biggest, immediate take away here, is the fact that Adobe is obviously investing time and resources in to continuing to produce and progress the ColdFusion platform. That's a win.

ColdFusion 10 is Now Available

Adobe has released ColdFusion 10. The engineering team has done a fantastic job putting this release together. Here's a short list of some of what's new:

  • Improved/Updated
    • caching
    • ORM
    • webservices
    • scheduler
    • hotfix management
    • security
    • MS Exchange integration
    • security
    • Solr
    • charting (now html 5)
    • Java integration
    • Flex and AIR lazy loading
    • VFS
    • more!
  • html 5 support
  • websockets
  • RESTful services
  • greater cfscript parity
  • geo-tagging
  • CFC auto constructors
  • method chaining
  • closures
  • Tomcat (no more JRun)
  • more!
    • Wow! A lot of changes and additions. The team has been in overdrive, and it all looks spectacular. Download the free Developer's Edition and start playing.

      As a bonus, they also release an update to ColdFusion Builder as well!

ColdFusion Security Hotfix and Big Forms

The other day, Adobe released a new Security Hotfix for it's ColdFusion server. There were a number of things addressed in the hotfix, to help protect against Denial of Service attack using a hash algorithm collision. (My wife would say I sound like Charlie Brown's teacher right about now.) Ok, the important thing is you need to update your server.

Now for the fun part. We loaded the fix to our testing servers to run our app around the block prior to pushing this up to production. And, it's a good thing we did. We're preparing for a large deployment, and testing is pretty heavy right now. First thing in is that a form would no longer submit, throwing a 500 error every time. I didn't show me a 500 error, just a blank page. I had to look at Firebug to see the error code response. Now, if you've ever encountered a 500 error from the server then you know they don't typically tell you much. I reproduced the error locally and then went looking through the log files on the server.

In a multi-server configuration there are two core areas to look at log files. The first are the basic JRun logs. On a Windows systems, these files are located in the C:\JRun4\logs folder. Here you will typically find a {instance}-out.log file, and a {instance}-event.log file, for each ColdFusion instance you have configured. Right out of the gate you have admin-event and admin-out logs for the JRun administrator, and cfusion-event and cfusion-out for the default ColdFusion instance. I checked both files for my instance, and saw there weren't any items to tell me about the 500 error, so I then went looking at the ColdFusion logs.

Each ColdFusion instance has it's own set of log files, that you can see in the logs viewer in the ColdFusion Administrator. That said, the ColdFusion Administrator is not really the best place to go through these files, especially when you're really having issues. At this point, you just want to open them yourself. First, you have to find them. You do this through your instance, C:\JRun4\servers\{instance}\cfusion.ear\cfusion.war\WEB-INF\cfusion\logs. You'll probably find multiple log files here, from the application and eventgateway and mail logs, to individual logs from cflog calls.

Our issue, with submitting our form, was answered by the JRun -event logs, which gave me a few error messages saying something like this:

view plain print about
103/27 07:52:00 error ROOT CAUSE:
2coldfusion.filter.FormScope$PostParametersLimitExceededException: POST parameters exceeds the maximum limit specified in the server.
3    at coldfusion.filter.FormScope.parseQueryString(FormScope.java:397)
4    at coldfusion.filter.FormScope.parsePostData(FormScope.java:346)
5    at coldfusion.filter.FormScope.fillForm(FormScope.java:296)
6    at coldfusion.filter.FusionContext.SymTab_initForRequest(FusionContext.java:377)
7    at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:33)
8    at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
9    at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
10    at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
11    at coldfusion.CfmServlet.service(CfmServlet.java:200)
12    at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
13    at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
14    at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
15    at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
16    at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
17    at jrun.servlet.FilterChain.service(FilterChain.java:101)
18    at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
19    at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
20    at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
21    at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
22    at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
23    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
24    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

"Dude! What is that!?!" Well, luckily I had installed my security hotfix, locally, just that morning, so I remember reading over the instructions. In it's notes it had stated the following:

  1. Customers who want to change postParameterLimit, go to {ColdFusion-Home}/lib for Server installation or {ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation. Open file neo-runtime.xml, after line
    view plain print about
    1"<var name='postSizeLimit'><number>100.0</number></var>"
    add the below line and you can change 100 with desired number.
    view plain print about
    1"<var name='postParametersLimit'><number>100.0</number></var>"

Just a heads up, that neo-runtime.xml file is minified, so you'll want to Find "postSizeLimit" to get that statement in the right place. We tried that postParametersLimit value (100) and found that our form had more than that (many were hidden, but that's another post all together), so we adjusted the number to 200. After restarting the instance again, we tested the form once more with complete success.

Hopefully this will help someone else avoid this issue. It's important to remember that Adobe does try to document these types of situations with hotfixes, so when you run into issues they should be your first source of troubleshooting information.

ColdFusion JSON Serialization Changes

Because I've had to search on this three times in the last year, I thought it'd be a good idea to document this here, for myself and others. There were a number of important changes that can trip you up from version to version and, if you know which version the changes came in it can be beneficial.

First is a change that affects JSON output, though it's not specifically about JSON. The ColdFusion 9.01 updater (the current base install, at the time of this post) addressed Bug 82980 by removing ColdFusion Debug Output from direct CFC requests. This was only important if you had debugging output turned on in the Administrator, but caused lots of issues when testing ajax applications in development environments that kept that setting on by default.

Unfortunately, Adobe made some changes to JSON serialization that were not only unpopular, but technically dead wrong. They were trying to resolve the treatment of numbers in JSON serialization. Numbers were being converted to floats (1 became 1.0, 12 became 12.0, and so forth), so Adobe changed that by converting all numbers into strings (11 became "11", 17.24 became "17.24"). This was wrong too, as numbers weren't numeric anymore. At the time it raised quite a stir.

They fixed this (Bug 83638) really quickly, releasingCumulative Hotfix 1 for ColdFusion 9.01, which fixed the issue of integers being converted to float and having them as numeric values (ie: [1,12,true,"this var",17.24]). Hurray! Except....

Enter the improperly titled Cumulative Hotfix 2 for ColdFusion 9.01. I say this because it really isn't 'cumulative'. Most things are straight, from a cumulative standpoint, with the seeming exception of the fix to JSON formatting. If you have not applied CHF 1 prior to installing CHF 2, then you will still have issues with JSON formatting.

Overall, Hotfix 2 is great, fixing many bugs. The install is crazy/scary, and must be followed to the letter to prevent major issues, but it's worth it. As long as you did apply CHF 1 first, that is. Thankfully the hotfix/upgrade install process is much better in ColdFusion 10.

Big thanks to Ray for helping me to realize that I wasn't crazy, and pointing me in the right directions for all of this info. Hopefully this helps someone down the line.

Previous Entries / More Entries