tpryan

Goodbye Wharton…

Today I handed in my resignation from my position at Wharton Computing.

Wow, you have no idea what a major shock to the system that is for me. I have been working at Wharton since June of 1999. 10 years. 10 yeaaaaars. 10 years.

I started as an entry level desktop support person for some faculty and the student course pack print shop. I moved on to become a system administrator. Joe Cruz introduced me to ColdFusion. I helped setup classroom technology for two new Wharton facilities: Wharton West and Huntsman Hall. I took over the ColdFusion Administrators group. I moved on to WRDS, and ended at Knowledge@Wharton.

I’ve worked for almost every directorship in Wharton Computing. I witnessed 2 major technological catastrophes: the Exchange Disaster of 2001 and the Mother’s Day Craptaculon of 2005.

Wharton has provided me with the opportunity to meet and form relationships with about a dozen major vendors including Adobe, Microsoft, and Dell. It’s allowed me access to the wider technology community in Philadelphia. It’s allowed me the opportunity to work as co-workers with some of the smartest people in the technology community. Finally, it’s given me the opportunity to participate in the ColdFusion community which has given me a group of friends and colleges which straddles the entire globe.

As my year count at Wharton grew, I was often asked why I hadn’t moved on with my career. I think it’s obvious. I moved on with my career about 3 or 4 times, it just so happened that I stayed with the same employer. There’s always more to do, there’s always some place to go here at Wharton.

Add to the brilliant co-workers, and the career opportunities – an incredible benefits package, freedom to experiment and flexibility to live, and Wharton’s pretty hard to beat.

On a personal level, I met my wife here. We carried on a relationship for quite a few years before everyone knew we were together. I proposed during the aforementioned Mother’s Day Craptaculon. (At home though, not at work, that would be a bit too much.) We were married with co-workers amongst the crowd. We had the same boss at the time. My son was born while I was here, and was born in a hospital that was part of the same University system as Wharton.

This leads me to the University of Pennsylvania, where I have spent nearly every day (summers included) since 1995. If Wharton shaped who I am professionally, Penn shaped who I am personally. Penn convinced me that Clinical Psychology was no career for me. Penn has pretty much given me every one of my closest friends. (Except for a handful left over from high school.)

I was 18. That was 14 years ago. 14 years before that I was 4. It’s not hyperbole to suggest that this signals the next major section of my life.

So wow, I didn’t mean to get so sappy, but I guess I really do like this place. If you have the opportunity to work here, take it. I won’t claim it’s perfect, it’s not, and no place ever is. However, in this world and time of settling for a paycheck, it’s nice to have the opportunity to work for a place that encourages you to be part of something and to work to keep you with them while letting you take your career unfold the way you want.

I’m not quite ready to talk about what’s next, except to say that I’ve got something lined up. This is good, because I’d like this to be about my thanks to a place which has been so very good to me.

Thanks Wharton Computing, I’m going to miss you.

Knowledge@Wharton on an Apple without Jobs

Earlier this week Knowledge@Wharton posted an article about a succession plan (or lack thereof) for Steve Jobs.

I found it really interesting especially considered against Adobe founder Charles Geschke’s very frank discussion (also a Knowledge@Wharton piece) about the havoc a poor succession plan can reap for a company.

Anyway, hopefully easy weekend reading for you tech+business geeks.

Digest Authentication in ColdFusion

I’m working with the ConstantContact API webservice, and ran into a slight problem. The API uses Digest Authentication, and ColdFusion does not support Digest Authentication in cfhttp. I found this out by reading in the live docs that:

The cfhttp tag does not support NTLM or Digest Authentication.

The ConstantContact forums pointed me to a custom tag cfx_http5. But I hate CFX tags. I like to place as few dependencies on the ColdFusion Administrator as possible when I code. CFX tags also tend not to make the trip the first time in server migrations or emergency moves. It might be my own prejudice but, no, there will be no custom tags.

Which leaves me to implementing some Java client, as luck would have it there was ample documentation on doing this. I just needed to use the open source Apache HTTP client. To work with them, I had to add them to the class path, or add an entry in the ColdFusion Administrator class path list. That would have bought me nothing, as I didn’t want to go through the administrator.

This left me looking for a way to dynamically call jar files. If only there was some way to dynamically call jar files in ColdFusion… preferably written by someone with a marsupial pouch…. Ohh wait, Mark Mandel wrote the Open Source project JavaLoader, which allows just that. Hmm, and Mark is a mammal from Australia. Things are looking good.

So I was able to build my http client with Digest Authentication. I added some code that formatted the response like a cfhttp struct, so that if there were other advantages to this method I could just swap out this for cfhttp in a pinch. The code is below in the extended section of this blog post.

I was trying to do 3 things with this post:

Explain how to use Digest Authentication with ColdFusion
Show how with ColdFusion Open Source community and ColdFusion’s ability to call Java, there isn’t much you can’t do with it.
Further the rumor that Mark Mandel is a marsupial.

I hope I’ve done these three things for you.


			var paths = arrayNew(1);

			var rootPath =  GetDirectoryFromPath(GetCurrentTemplatePath());

			paths[1] = rootPath & "/jars/commons-httpclient-3.1.jar";

			paths[2] = rootPath & "/jars/commons-codec-1.3.jar";

			paths[3] = rootPath & "/jars/commons-logging-1.1.1.jar";

			//create the loader

			variables.loader = createObject("component", "javaloader.JavaLoader").init(paths);
			var result = "";

			var credentials = loader.create("org.apache.commons.httpclient.UsernamePasswordCredentials");

			var HttpClient = loader.create("org.apache.commons.httpclient.HttpClient").init();

			var httpGet = loader.create("org.apache.commons.httpclient.methods.GetMethod");

			var AuthScope = loader.create("org.apache.commons.httpclient.auth.AuthScope");

			var jURL = createObject("java", "java.net.URL").init(arguments.url);
			if (len(arguments.username) and len(arguments.password) gt 0){

				AuthScope.init(jURL.getHost(), arguments.port, arguments.realm);

				credentials.init(arguments.Username, arguments.password);

				httpClient.getState().setCredentials(authScope, credentials);

			}
			httpGet.init(arguments.url);

			httpClient.executeMethod(httpGet);
			result = convertHttpClientResponseToCFHTTPFormat(httpGet);

			httpGet.releaseConnection();
			return result;
			var result = structNew();

			var responseheader = structNew();

			responseheader['Status_Code'] = httpGet.getStatusCode();

			responseheader['Explanation'] = httpGet.getStatusText();

			responseheader['Http_Version'] = httpGet.getEffectiveVersion().toString();

			header = httpGet.getStatusLine().toString();
			headers = httpGet.getResponseHeaders();
			for (i=1; i lte ArrayLen(headers); i=i+1){

				responseheader[getToken(headers[i], 1, ":")] = getToken(headers[i], 2, ":");

				header = listAppend(header,  headers[i], " ");

			}
			result['Charset'] = httpGet.getResponseCharSet();

			result['ErrorDetail'] = "";

			result['Filecontent'] = httpGet.getResponseBodyAsString();

			result['Header']  = header;
			if (structKeyExists(responseheader, 'Content-Type')){

				result['Mimetype']  = GetToken(responseheader['Content-Type'], 1, ";");

			}
			result['Responseheader'] = responseheader;

			result['Statuscode'] = responseheader['Status_Code'] & " " & responseheader['Explanation'];
			if(	not structKeyExists(responseheader, 'Content-Type') OR

				FindNoCase("text", responseheader['Content-Type']) OR

				FindNoCase("message", responseheader['Content-Type']) OR

				FindNoCase("application/octet-stream", responseheader['Content-Type'])

			){

				result['Text'] = "YES";

			}

			else{

				result['Text'] = "NO";

			}
			return result;

2009 Predictions in Higher Ed

Spurred on by Kevin Hoyt, who commented on my last post I have some predictions for technology in higher education as a whole.

First, a quick background. The economy sucks. This is good news and bad news for higher ed. Enrollment and applications will be up. Bad news, is that most institutions arenapost entirely funded by tuition. Money comes into schools from state governements and the federal government in addition to money from their endowments and donations. All of those sources will be down in the next two years at least. Also in the picture is that fact that because of institutional culture of tenure, and the compliance issues that come from taking federal money, most higher ed institutions cannot cut budgets by trimming employees from the books. Good news, you’ve still got your job, bad news, remember Ed who quit, you’ve got his too.

Cost savings will be sought elsewhere. This is going to lead to a contraction of commitments. Upgrades will be postponed. Technology investments (big virtual machine hosting hardware, SAN’s) will not be pursued.

So what will all this lead to…

Hosting
Up until now, a penchant for open source technology, and educational discounts have made schools prefer to host their own services a little longer than the rest of technological community. However, that was before the financial craptaculon. External hosting will be considered for applications which would never have been outsourced before. It’s already started for student email, IM, web sites, and storage. It will accelerate and be targeted for smaller burdens like staff email, intranet sites, and public websites.

Virtual Classrooms
Virtual classrooms where schools could sell an unlimited number of seats to an audience for a set cost has been a holy grail for a few years now. With cut travel budgets hitting continuing education dollars, and the rise in applications coupled with the pressure to bring in revenue, they will have no choice to squeeze every dollar they can. Expect a lot of activity here.

Development Language free for all
Because of the rise of hosting for previously unhosted solutions, there will be no lock in for particular platforms or languages. Want to try Ruby or make the switch to .NET? No worries, you don’t have to build an environment, just rent it. It provides opportunities for highly productive languages and solutions to re-argue their case to the higher education world.

Students
Students are going to be looking to either stay out of the job market for as long as possible, or get trained in skills that will more likely get them hired. Any schools out there have Flex or Ajax content in their program, congrats, your students are still marketable. Expect more focus on vocational skills, like specific languages to be the rage.

2009 Predictions

With the new year fast approaching my mind turns to what’s coming up in the next year.

Centaur
Centaur is slated to be released in 2009 as ColdFusion 9. I’m confident it will be. ORM and the IDE will be the most talked about features. Although ORM is talked about, it will be slow to move in to the mainstream of CF development. Considering the time it took to get CFC’s to be widely adopted, I think ORM will be what’s hot in 2010 but bleeding edge in 2009.

The IDE will be a big seller, and I mean seller. I think the IDE will be a for purchase and stand-alone product. I think there will be a lot of people developing on Bolt and Centaur for production ColdFusion 8 applications for some time to come.

ColdFusion Development
Apple will continue to gain market share among CF developers. Ubuntu boxes will also proliferate as Vista users with regrets can’t justify new hardware purchases but tire of Vista’s drawbacks.

Web Development in General
Rails and Merb joining together will cause the Ruby development community to get a major boost. The meme that “rails is cool, but not ready for enterprise” will really get challenged.

Technology in General
There will be an increase in problems due to companies putting off equipment upgrades in an attempt to cut costs. I think companies will continue to push more hardware outsourcing regardless if they experience a cost-cutting driven failure or not.

That’s all I have for now, if I think of more I’ll add…

Formal Code Reviews vs. Automatic Tools

One of questions I always get when talking about code reviews, formal or otherwise, is “What do you think about automatic code review software like CodeCop or varScoper?”

First off I’ll say, I love and use varScoper. Second, I like the idea of CodeCop, but I’ve never been good enough at writing regular expressions to craft my own rules well enough to use it. Those points being said, as great as these tools are, they do not even come close to eliminating the need for formal code reviews.

Automatic testers are great at finding small discreet known issues:

Did you var scope every variable in ever function?
Did you make sure not to use relative url’s in cfschedule?
Did you use cfqueryparam on all of your user input driven queries?

But they can’t figure out bigger picture issues like:

Is this function named “computeCosine” actually returning the sine?
Is there sufficient validation occurring on form posts before they are being processed?
Is this function doing something that a built in function could be doing better?

In addition to the hard to compute issues above, there are the unknowns. Until someone discovered there was an issue with using relative url’s in cfschedule there was no rule written in the code review tool. It takes human eyes to discover these issues, either during a review, or during bug fixing. Only after they are discovered can they be codified.

To put more succinctly and in a metaphorical manner:

Automatic code review tools are spell checkers. Formal code reviewers are editors. Spell checkers and even grammar checkers don’t prevent you from writing perfectly spelled and constructed crap. You need an editor to prevent that. Just as code review tools don’t prevent you from writing crap code that adheres to all of their rules.

So use automatic tools before a formal code review, just like you spell check an email before you send it out. But don’t rely on an automatic tool as your last line of oversight.

Another Unfuddled Experience

We started using Unfuddle.com to be our Subversion, bug tracking, and project management solution a few months back. As time has gone on I’ve become to rely on it heavily. Nothing illustrates that quite as much as the feeling you get when it isn’t accessible anymore.

You see my business office changed their credit card info. They gave me access to their new card and a typed its numbers into Unfuddle.com’s automatic biller. When I did that, I must have transposed a few numbers. Yesterday was the day that automatic billing takes place. We were charged, the charge failed, and as such due to a bug in their system our quota was lowered to its free level (200MB) instead of our actual quota (10GB.) Once you go over quota, they lock down your account to prevent subsequent commits and updates. I’m sure they do this to prevent runaway processes from going over quota and causing problems. It also has the effect of bringing everything to a grinding halt.

I fixed the credit card, and got confirmation from the system that I had entered it correctly this time. But still no commits.

I sent in a support email, as that is their only means of support contact. But my boss started circling asking when he would be able to commit again. He started talking faster, and faster, which made it clear that he was getting agitated by the possibility of problems publishing his application for an important demo this morning.

So I started searching through previous correspondence with support to see if they had a phone number in their signature. Lo and behold, one support technician had his mobile phone in his signature. At this point I’m torn: I don’t want to bother this guy on his mobile; but I didn’t want my boss to become John Moschitta. Finally after looking up the area code and finding out the guy was in Hawaii, I decided that if he got to be a cool web 2.0 programmer and live in Hawaii then I was going to not feel too bad about calling him on his mobile.

He was extremely cool about being bothered (he was in fact not in the office that day). But I explained the situation, and told I would accept being shunted to another support person (as he was out of the office,) but he would have none of it and within literally 3 minutes of talking to him, we were happily unfuddling again. He also said he would look into the bug that caused us to not have the customary 2 week compliance period.

I’m already a pretty pleased customer but this turned me into a passionate customer. That’s the sort of competent, fast response you wish your vendors would give every time.

In short, Unfuddle.com rocks.

Subversive, Exclamation Marks, and Copying Folders

I’ve had a reoccurring problem, and I’m blogging it for my memory’s sake.

The other day, I had an issue where a folder of mine was not being checked into Subversion via the Subversive plugin for Eclipse. The folder had an exclamation mark and refused to be committed. I couldn’t find any reference to what the exclamation mark meant. SVN cleanup didn’t work. On a lark, I started looking though the svn metadata in the .svn folder and saw that the metadata was pointing to the wrong repository. It then hit me what had happened.

I had started this project from scratch, but was grabbing files from other projects. I only grabbed only one folder, the folder containing the error handling templates; I just copied the folder via Eclipse from the original version controlled project to my new one. When you do this Eclipse copies not just the visible files but also the .svn metadata. Because of this when I went to commit Subversion could not reconcile that folder to the proper location and through errors.

To fix this:
- delete the .svn subfolder in the folder in question and any subfolders
- Then check in the folder again it should prompt you to add the files to the repository
To prevent this:
- Don’t copy version controlled folders between projects in Eclipse
- Create a mirrored folder structure
- Copy files into new folder structure
A better way to prevent this:
- Encapsulate and consolidate your code such that you don’t create the need to copy files between projects

Hope this helps someone else out there.

Cheap and Easy Dynamic Method Calling in CFScript

For reasons I cannot entirely explain, I was trying to call dynamic methods in a cfc in cfscript. (The cfc code was calling a method within itself) I tested a few syntactically wrong ways of getting it done. It the underlying fact that functions are another type of variable in ColdFusion hit me. I should be able to assign dynamic variable to a new variable, and call that as a function. It worked.

function test(input){
return input;
}

functionName = “test”;

args.input = “Yo!”;

tempfunc = variables[functionName];

output = tempfunc(argumentCollection = args);

writeOutput(output);

</cfscript>

I feel like someone must have done this before, but could find nothing on it. So I figured I would blog it.

Squidhead’s Latest Features

I added a huge new feature to Squidhead, which I think deserves some mention. I’ve added another that’s not as cool, but still worth mentioning. I think I’ll try and get it published out to Squidhead users in the next few days.

Feature: Paged and Sortable List views

Basically this feature adds a paging view to the list view, and that view is sortable by each column in the shown in the view. The compelling part of this feature is that it isn’t doing the sorting and paging in ColdFusion, it writes a stored procedure that can present a sorted query of a particular page size. Because this happens in the database it’s blazingly fast.

Writing these types of stored procedures is really annoying. SQL 92 specification prevents variables in the LIMIT, TOP, and ORDER BY clauses. In order to pull down paged lists of records from the database requires adding an extra temporary column that stores row count and only including particular ranges. Then to do order you have to do a switch case block for every order by possibility. It’s the annoying, repetitive code that was designed just so someone could write a code generator to automatically write it.

Feature: List View Filter

The list view filter feature allows you to configure what columns get displayed in the list view of your generated applications. One of the first things that I do when I go to turn a generated application into a real application is to start manually limiting which columns get shown as inevitably there is a text field that needs to go. This can now be done by simply altering the table.xml that is generated by Squidhead, and setting the excludefromlistview property to true.

Northwind and Sakila support

This isn’t really a feature per see, but I’ve started testing against Northwind for MSSQL and Sakila for MySQL. Both of these are sample databases provided by the vendors. They expose a wide range of database features for each one. By doing testing against them, I found a number of errors and bugs in the Squidhead code that have been rectified. Going forward, Squidhead features will not be released unless they pass these tests.

Like I said earlier, I’d like to get these features out in the wild in the next few days.