Here is a handy tidbit that I came across while I was switching some of my projects from SVN to Git.

While in the project's root folder, when you run this it will delete any .svn folders that it finds in the project folder and any of its subfolders. This made removing the SVN version control quite simple without having to run an SVN export on every project and make copies of all of them.

Mostly I am blogging this so that I have it for my own reference, but I thought others might find it useful too.

I am no expert on bash command line scripts, so I won't pretend to understand exactly what is going on here, but it seems obvious that this script will do a find on the current folder and its subfolders for any folder/file named '.svn' and run 'rm -rf' on if. The -rf attributes tell the rm command to recursively force-delete any folders and its children. This is needed since .svn matches we'll be finding are directories.

Be careful when running this, it will NOT ask you if you are sure. Of course, this will work with other files and folders as well. Like if you want to delete all of those .DS_Store files that OS X likes to stick everywhere.

Since .DS_Store files are not directories, the -rf options are not needed.

I am in the process of putting together a mobile development class and have been trying to figure out the best ways to get students who are new to PhoneGap and Mobile development going on cross-platform development. One of the issues I have been trying to solve is the fact that PhoneGap apps use a different phonegap.js file on each platform. This is a problem that I do not feel is well documented and one that is not easily and cleanly solved.

Since PhoneGap applications require these different JS files I have been unable to find a good way to start building a PhoneGap application in, for example, Eclipse with the Android Development Tool as an Android project and then be able to quickly and easily switch over to XCode and launch the same application as an iOS app. I always need to go and replace the phonegap.js file with the iOS one first and then switch it back before I go back to working in Android. Not a great workflow.

I could probably solve the problem with custom build scripts. I could set up build scripts for both iOS and Android to properly retrieve the correct file and stuff it into the build prior to compilation, but this is not something I want to take the time to do in the classroom (I also don't want the students to have to worry about trying to set up ANT at home). This also prevents me from having an application that can simply be downloaded from GitHub and run without modification. It's also more code to manage. I would need to maintain X number of build scripts (one for each platform) for all of my projects. Sounds like a PITA.

[More]

What I've been thinking about

I've been thinking a lot lately about Blue River Interactive's Mura Content Managent System (hence forth referred to as Mura CMS or just Mura), probably because I have been working a lot with it lately. I am in the process of converting a large, mostly static, web site to Mura, and I have been amazed by its power, versatility and ease-of-use. I have been especially pleased with how easy it is for me to make plugins for it.

While thinking about Mura, I have realized something important. Mura CMS is an incredible products with the potential to change the way that ColdFusion and CFML are viewed. And this needs to be recognized. It also has the potential to become a very popular, open source product used outside of the ColdFusion/CFML community.

[More]

Last week our benevolent dictator of the cf.O() Content Advisory Board (CAB) announced that the Call for Speakers and Topic Suggestion application is now open and ready for our submissions. I know I have started adding my suggestions already and have started voting as well. You should too.

As a member of the CAB I can tell you that this application was a HUGE part of the success that cf.O(0 saw last year in brining the attendees a fantastic line-up of sessions. It makes the planning process SOOOOOOOO smooth. Please, take the time to vote. You, the attendees of the conference, are the audience. We care about what you want to see. So if you want to have a hand in planning this stellar event, then get going.

From Bob's Blog:

The Topic Suggestion Survey and the Call for Speakers for next year's cf.Objective() are both now officially open. For more details please check out the announcement at the cf.Objective() site, or if you're keen to get started, visit the Engage app right now to suggest and vote on topics or to propose to speak.

I have been learning a lot about Mura the last couple of weeks while building my first Mura plugin, but I have also had a lot of frustration because some things work differently when you are developing for a front-end page vs. a back-end (admin) page.

In the Mura Developer Documentation it states:

The Event scope simply wraps the current request's event object which contains merged data from both the CFML FORM and URL scopes.

If then goes on to say that the following code should return values from those scopes.

So if I have a URL variable like ?test=123, then this code should return the value '123':

This seems to work fine on pages I create for Mura display objects for the front end of the website, but for pages in the admin area of the site, this method only produces [empty string].

[More]

This year at cf.Objective() we'll be trying something new with the Keynote address. Specifically, instead of being addressed by Adobe, you will be addressed by members of the community. I am proud to be one of those members, and I will be joined by an amazing group of people.

• Scott Stroz
• Raymond Camden
• Mark Mandel
• Bob Silverberg

We'll be talking about several topics, and you are not going to want to miss it.

Oh and we need speakers for the Lightning Talks!!

For those that attended cf.O() last year, you may remember that the Pecha Kucha was a HUGE hit. it was almost as well attended as the keynote address and it was a lot of fun. We are going to do it again this year, but this year we are calling it "Lightning Talks".

These presentations are fun, short, and can be on any topic that you want. If you are interested in presenting a Lightning Talk, go to http://engage.cfobjective.com/ and submit a topic.

Anyone can present a Lightning Talk. You do NOT need to be a cf.Objective() speaker already. This is a great opportunity to get up and try your hand at speaking to a group and having some fun.

And again, it can be on ANY subject. Lightning / PK talks that I have seen in the past include:

• The Evolution of the Air Cooled Volkswagen - Jim Leether - NCDevCon 2010
• People-centric software design - Ben Nadel - cf.Objective() 2010
• Stress Management - Doug hughes - NCDevCon 2010
• Life can be hard, or life can be easy - Jason Long - NCDevCon 2010
• 5 Bucks Is Change - Janet Kennedy - NCDevCon 2010

I'm looking forward to seeing everyone at cf.Objective() 2011

A long, long time has passed since my first post on Cross-Site Scripting. Looking back on it now, I realize that I have learned a lot since then. I do not think that post cuts the mustard anymore and I will need to do some writing to make up for that.

In the meantime, the topic of XSS came up on a discussion board a few weeks before I started writing this, and again on Ray's blog today, and I wanted to take some time to explore it in more depth. One common misconception about XSS mitigation in ColdFusion is that the best way to handle it is to use HTMLEditFormat() to output any user generated data. I had this same misconception for a long time and have helped to spread it.

While it is true that HTMLEditFormat() can stop many attacks in many locations in your applications, it is not a catch all for XSS. HTMLEditFormat() only works in the HTML block content context of your applications. Your applications have several other contexts where, if you use dynamic code, you can open up XSS vulnerabilities that HTMLEditFormat() cannot stop.

In this post, we will discuss these contexts, what the are, and why they need to be treated differently.

[More]

This is an important question and one that you need to ask yourself.

Last week this article was released about a faculty researcher at University of North Carolina at Chapel Hill.

The article describes how the University recently found out that a machine that stored 180,000 social security numbers (used for research) was compromised back in 2007. The University is now hanging out the researcher to dry and not claiming any fault of their own. There is no report yet on what is happening with the programmer/system admin that she hired to maintain the system.

[More]

Hey, in case you didn't notice, the call for speakers for the super-awesome-fantastic-amazing cf.Objective() conference is now open.

you can submit your proposals here:

http://engage.cfobjective.com/

Even if you don't submit a proposal, you should definitely come to cf.Objective(). It is best ColdFusion conference there is. And remember that cf.Objective isn't JUST for advanced/enterprise developers. cf.Objective() is also about becoming an advanced/enterprise developer. So even if you feel like cf.Objective() might be over your head, if you're an experienced developer who wants to take the next step in your learning, cf.Objective() is the place for you!

So get on it!

Last week I had a great time presenting a couple of topics at the MN Government IT Symposium. Here are the slide decks from my presentations:

[More]