1 Password Chrome Extension Suddenly Stops Working

The Chrome extension for 1 Password stopped working on me about a week ago. First in the office on my iMac and then at home on my MacBook Air. I ignored it for awhile but then tried reinstalling the plugin a few times before realising that wasn't the problem. I'm not sure if there was a new update to Sophos lately but the problem was that Sophos was not allowing connections to locahost, which the extension needs in order to work properly.

Simple fix. I'm leaving this post up as breadcrumbs for the next person.

Comments (0)

How to Resolve: FusionReactor Administration Manager is Still Running

Recently, I was trying to upgrade to FusionReactor 4.0.8 because I was getting alot of "too many files open" error on my Mac (Lion), which that release addresses. I'm not sure why, but for some reason I kept getting an error during upgrade that:

FusionReactor Administration Manager is Still Running
Please manually stop the fram process daemon and press Continue once you have ensured the server is shut down.

I pinged the FusionReactor email list and quickly got an answer (from their CTO Darren Pywell no less) that 1) my situation was rare and, 2) if this happens, you can resolve it by shutting down FRAM as follows:

cd /Applications/FusionReactor/tomcat/bin
./framd stop

To start the service again, you use:
./framd start

I continue to be impressed with FusionReactor as a product, as well as their prompt and accurate support!

Comments (0)

Client Variables in Railo - Part One - A Primer

First of all, for the record client variables are evil.  Everyone know this. Well, almost everyone. But I occasionally come across legacy ColdFusion applications that still use them.  Usually these apps use a database to store the client vars, which is what I primarily wanted to cover in this series of posts. I have a feeling it's going to expand beyond that, but I'll just leave it at that for now. Specifically, I’d like to talk more in depth about how client variables work in Railo (as of 3.3.2) vs how they work in a traditional Adobe ColdFusion application (as of 9.0.1). I'm going to start by going over some basics and subsequent posts will get progressively deeper. Let's get started...

Session Variables vs Client Variables

I’m not going to exhaustively describe all of the differences between session variable and client variables in CFML.  I’ll assume you already have a basic understanding of how client and session variables work.  Having said that, a quick primer for Session vs Client variables is as follows:

Session variables generally are used for complex datatypes that are stored in server memory (the server’s RAM).  Session variables tend to be somewhat short lived (the default is less than an hour) and I personally tend to find sessions appropriate for storing small bits of data (such as login information) to medium sized data (such as user specific query resultsets).  I generally try not to persist sessions for much longer than an hour and try not to store larger datasets in session variables because they use server memory and you certainly don’t want to use it all up with sessions!

Railo does introduce some additional storage mechanisms for session variables, including persisting them longer term in a database (similar to Client variables). More details about this can be found on the Railo Documentation Wiki’s Session Storage page.

Client variables, on the other hand, are generally persisted into longer term storage (frequently a database), and tend to be longer lived (the default is 90 days!). Client variables tend to be simple datatypes, usually strings, numbers, or dates rather than more complex datatypes such as arrays or structs. I tend to find client variables more appropriate for smaller amounts of data since you’re serializing them into a persistent datastore with each request. There are apps I’ve seen out there that store large amounts of data in client variables, or serialize complex data into client variable strings, but their performance tends to suffer as a result.

Ralio also does support complex datatypes within client variables, but I haven’t seen many application in the wild using them yet, so it’s difficult to measure their performance.  If you’ve worked on an application that uses this feature, please feel free to list any metrics you’ve gathered in the comments of this post.

More documentation regarding session and client variables in Railo can be found in the Railo Documentation Wiki’s Session Storage Page.  

More documentation regarding Adobe’s ColdFusion can be found in the ColdFusion 9 Documentation under “Using Persistent Data and Locking”.

Creating the Client Variable Datastores & Administrative Differences

Now to get alittle more detailed about how Railo handles client variables and how this differs from Adobe’s ColdFusion.  Here are some of the administrative differences and default settings you will find on a fresh installation of Railo as of 3.3.2 and Adobe ColdFusion as of 9.0.1:

Where are client setting located?
In Railo, global settings for the client scope are found in a couple of different areas.  First, the global settings are found under the “Scope” menu item, along with settings for other scopes like session and application scope. Then, in order to enable a specific datasource for client variable storage, you must navigate to an individual datasource and then select the checkbox next to “Storage: Allow to use this datasource as client/session storage”.

Side note: It’s interesting to me that client and session variable storage is lumped together in Railo like this. To me this indicates that the underlying engines for each are co-mingled in Railo.

In ColdFusion, global client variable settings are found in a dedicated area of the administrator, under a menu item called “Client Variables”.  All administrative client variable settings are consolidated in this area, including enabling a datasource for client variable storage.

Is the client scope active in applications by default?
By default, in both Railo and ColdFusion, client variables are turned off in the administrator and must be manually enabled via code.  Railo also offers a setting in the administrator to turn client variables on by default. ColdFusion does not allow client variables to be turned on by default via the administrator. On both, this setting can be overridden via code in each individual application.

What is the default timeout for client variables?
The default on both servers is 90 days.

In Railo, the administrative default timeout is global for all applications on a given Railo server instance and is not set for each storage location. Also, the administrative setting for timeout in Railo is a very granular timespan configurable to the day, hour, minute, and second. This setting can be overridden via code in each application.

Unlike Railo, in ColdFusion, the default can be set per storage location. The administrative setting for timeout in ColdFusion is a less granular timespan configurable to the day (for example 90 days or 1 day, but not 1 day, 12 hours). This setting can be overridden via code in each application, where more granularity is available for the timeout, down to the second.

What is the default storage mechanism for client variables?
In Railo, the default storage mechanism is a file based storage mechanism.  This means that Railo will persist client variable information to disk by default (more on where and how in a later post). Railo will always use "file" as the default unless you change the storage mechanism via code. There is no way to set a different default storage location via the Railo admin but this setting can be overridden via code in each application.

For compatibility with ColdFusion, Railo also allows you to specify “registry” (via code) as an option for storing client variable data.  However, if you specify this 1) you are slightly insane, and 2) Railo will use file storage anyway.  Railo will never store client variables in the registry.

According to this blog post from Gert Franz, if you are using "file" as the storage mechanism, Railo may also start deleting client data from disk once the total amount of disk space used to store client variable data reaches 100MB, starting with the oldest data.

In contrast, as of ColdFusion 9, the default storage location is still the registry. Starting with CF10, this setting will change to be “cookie”. The heinous default of “registry” is an artifact of default settings from a very early version of ColdFusion and have been kept around (too long) for backwards compatibility reasons.

Also - ColdFusion does not offer a file based storage location. However, if you are running ColdFusion on a platform other than Windows, your client variables are being saved to a “fake registry” anyway, which is file based.  So, you are sort-of storing them in a file...

The default client variable location can be changed in ColdFusion via the administrator, and that default can also be overridden via code in any given application.

Note: The defaults for both servers are less than optimal so if you MUST use client variables, check your settings to make sure you’re overriding them via code.

How is a new client variable storage location created?
In Railo, as mentioned above, in order to enable a specific datasource for client variable storage, you must navigate to an individual datasource and then select the checkbox next to “Storage: Allow to use this datasource as client/session storage”. This will cause Railo to create tables in the database for use as storage (more on how these tables are structured in a later post).

In ColdFusion you create the datasource first, then enable that datasouce for use with client variables under the Client Variables menu item by choosing the datasource from the dropdown under “Select Data Source to Add as Client Store”. The table structure in ColdFusion is significantly different that Railo, and will also be covered in a later post.

How do you disable global client variable updates?
Certain client variables such as “hitcount” and “lastvisit” are updated with each pageview.  Sometimes you’ll want to turn this off for performance reasons.

In Railo, you cannot disable global client variables via the admin, nor via code. These updates always occur regardless of settings.

In ColdFusion, you can use the administrator to disable global updates per datastore by checking “Disable global client variable updates” in each datasource.

Note: More about how these global variables work in both Railo and ColdFusion will be covered in a future blog post

Can client variables be stored in cookies?
In Railo, you can specify client variable storage in cookies in code only.  There are no administrative options regarding this in the Railo admin.

In ColdFusion, in addition to configuring cookie storage via code, you have an administrator option for storing client data in cookies, including specifying cookies as the default stoage mechanism.

Note: Cookies are sent both directions (request and response) with each HTTP call and have a maximum size of 1024k, so cookies are generally not be the best option except for cases of very lightweight client data.

What is CFID and CFTOKEN and how to they work? This will be covered in a future blog post.

In Summary

I’ve covered a few of the basic defaults and options for client variables in both Railo and ColdFusion.  In subsequent posts, I plan to also cover the following:

How Client Variables Work: how the cfid/cftoken/jsessionid are used and when in the request cycle client variables get retrieved and persisted
Storage Structures: A deep dive into the table structure and storage mechanisms in both Adobe’s ColdFusion and Railo
Client Variable Tuning: How to setup client variables for performance
Scaling Out: Special considerations for clustered environments

I welcome any questions or corrections in the comments of this post.

Comments (2)

cf.Objective Talk - Small Business Ownership for Geeks

I've posted my cf.Objective() talk, Small Business Ownership for Geeks for download in PowerPoint, Keynote, and PDF formats.

The official session description is:

"Doing side projects?  Contract work?  Freelance?  Should you be a Sole Proprietor, LLC, or S Corp?  How do you handle your accounting?  What about legal issues and contracts?  Do you need a business license?  Should you be a W2 employee or 1099 contractor?  What the heck is a 1099 anyway?  If you are currently a small business owner or thinking about becoming one, this session will  give you a crash course in the issues and pitfalls you may face."

The slides don't have many notes (sorry), but hopefully it will be a helpful reference for those who attended the talk.

Comments (1)

Nortel SSLVPN Error Message: There are no netdirect adapters on this system

I ran into a situation where I could no longer log into a client's VPN at all.  I could login to the web portal continaing the VPN's SSL based Java Applet, but the applet wouldn't start properly.  This was on a machine that I'd been using with their VPN for several years - what gives?  After several remote help sessions I finally brought the laptop with me to my last onsite visit and after toiling for untold hours the problem is now resolved.   Here's what happened...

Continue reading "Nortel SSLVPN Error Message: There are no netdirect adapters on this system" »

Comments (0)

Job: Intermediate ColdFusion / JavaScript Developer

Sumo Consulting is currently looking for an intermediate level ColdFusion and JavaScript Developer who is driven - excited about technology and eager to solve problems.  You should pay attention to the details and have a strong work ethic.  Be prepared to learn something new every day, and to teach someone something new every day.

Continue reading "Job: Intermediate ColdFusion / JavaScript Developer" »

Comments (0)

Ignition Alley Coworking Space - Under New Management, New Location

Speaking of coworking spaces in Atlanta, Ignition Alley is moving to a new location just across Ponce De Leon from the old space.  Looks like the space may be under new ownership as well, according to the announcement about their grand opening event September 10th.

Comments (0)

Coming to Atlanta - Web Directions North

At this point it isn't breaking news, but Web Directions North will be happening in Atlanta Sept 21st - 25th. This marks the first time this conference will be held in the United States and it's happening right here in our backyard!  Several weeks ago I was fortunate enough to run into one of the organizers, John Allsopp, while he was in town scouting out the location and making arrangements for the conference.  Sounds like a alot of great stuff is planned and it's definitely worth consideration if you are in the Atlanta area!

Comments (3)

New Atlanta Coworking Meetup Group

Amy Hover has started up a new Coworking meetup group, Intown Coworking.  Looks like Amy's conencted to the Midtown West coworking space, StrongboxWest.  Good to see coworking gaining a little steam again.  Sadly, the Jelly in Atlanta coworking group seems to have fizzled after it's primary organizers moved away.

If you're looking for coworking space, Ignition Alley in Poncy Highlands is also worth a look.

Comments (0)

Adobe MAX Hotel POS Hacked

Last weekend I got a letter in the mail from my credit card company.  It stated the following:

"A merchant accepting the American Express Card for payment detected unauthorized access to its data files.  At this time we beleive the affected data included your American Express Card account information and personal contact information"

The letter went on to say additional fraud alerts have been added to my account and suggested that I montitor my credit closely for the next few months.  The thing it didn't tell me was WHO.   Which merchant had the security breach?  So I called and asked...  I wasn't really expecting AMEX to tell me who it was, but suprisingly they did.

Turns out that the Westin Bonaventure hotel in Los Angeles, one of the official Adobe MAX 2009 hotels, was the culprit.  After plugging a quick search into Google I found a plethora of articles about the security breach.  According to one article from esecurityplanet.com:

"The hotel's point-of-sale system (POS) for processing debit and credit card transactions "may have been illegally accessed by an outside hacker," hotel officials said in a statement, adding that they are working with law enforcement agencies and major credit card companies to investigate the likely breach.

So far, Westin Bonaventure officials have isolated the source of the security breach to four bars and eateries on the property, as well as the valet parking station. The venues in question include the Lake View Bistro, the Lobby Court Bar, the Bonavista Lounge, and LA Prime.

The data possibly compromised by hackers includes customers' names, credit and debit card numbers, as well as card expiration dates."

The Westin Bonaventure has also issued a statement about it.

This is just another reminder that PCI DSS is nothing to sneeze at, and that physical security is important too.

Comments (0)


coldfusion misc user groups standards security technology flex sumo adobe max fitness coworkingatlanta commonspot version control travel svn robots that rock productivity music bluedragon air wireless vpn san diego railo jobs javascript webdirections scalability mysql fusionreactor fusebox etech cfobjective cfeclipse 1password