Today I came across a gotcha with the way Firefox saves username and password information for login forms. This may also be a problem with IE and other browsers/toolbar/add ons, but I've never used this feature in anything but Firefox. Here's the situation: Firefox saves username/password combinations per domain, not per individual page. This means that it will attempt to use the same username and password on a member login (/members/login.cfm) and an admin console (/admin/login.cfm). That's not really a big deal because it doesn't really create a security concern, and if you have different logins for the two forms, you just end up re-typing things. Here's the problem: Say you are editing a user's account in the admin section of your website/intranet/application. If the field names match the names in your login form (ie: username/password), then firefox will OVERWRITE the value specified in the value="" attribute of the INPUT tag and will insert your saved login information instead. That's right, it overwrites any values you've programatically populated the form with If you aren't paying close attention when you edit a user, it's very easy to submit the form with the newly inserted login info in it. Granted, there should be some biz logic that prevents the form submission from being successful, but I'll bet there are plenty of systems out there today without this vital bit of logic. If you suddenly find that 10 accounts in your application share the same username and password, this could very well be the reason. The solution: This is probably a good idea either way, but the solution I've used is to make sure that your login forms have distinct and different field names than your administration tool's user profile edit forms. A quick solution to a very odd problem.

With the latest Preview Release of Firefox, I've noticed that it autodiscovers RSS feeds, flagging pages containing RSS alternatives in the lower right corner of the page as this example snapshot of Slashdot shows. As I've been browsing around the web, it's been interesting and surprising to see some of the sites that have RSS alternatives. It's also been interesting to see which sites (including alot of Blogs) have RSS enabled, but don't have the proper code in the head of the page to flag the content for browsers such as Firefox to detect. Am I talking about you? Well here's all you have to add to your HTML head to make your RSS feed autodetectable: <link rel="alternate" type="application/rss+xml" title="RSS" href="http://www.sumoc.com/blog/rss.cfm?mode=full" />

Ok, maybe not everything, but alot of things are. I've recently come across a several situations that reminded me how great lists are, particularly in a loosely typed language like ColdFusion. There are tons of things that can be treated like a list in ColdFusion. Here's a short list of some of my favorites:

• Sentences are lists of words delimited by spaces.
• Lines of a page are lists delimited by a Carriage Return/Line Feed (CRLF).
• Paragraphs are lists delimited by a pair of CRLFs.
• File paths are lists delimited by forward or backward slashes. Use listLast() to grab the filename or listFirst() to grab the drive letter (windows).
• File names are lists delimited by a period. Use listLast() to get the file's extension.
• Decimal numbers are lists delimited by a period. Use listFirst() or listLast() to separate out the whole number or fraction.

All in all there are 20 functions in ColdFusion that handle lists - beyond those 20 are more that create obvious lists such as structKeyList(), arrayToList() and getClientVariablesList() - and even more that create less obvious lists such as decimalFormat() (decimals are a list), getDirectoryFromPath() (paths are lists), dateFormat() or timeFormat() (often lists delimited by slashes or colons). Still not convinced that lists are all that and a bag of chips? Jeff Peters actually wrote an entire book exclusively on ColdFusion Lists, Arrays, & Structures. Ahh structs, how I love ColdFusion structs, but that's a whole other post all-together...

After seeing numerous news reports predicting that Ivan will be hitting New Orleans have me wondering about the potential impact on the MAX Conference. New Orleans is below sea level, and a direct hit could devestate the city in a way not seen in a long time. If you've not bought your plane/hotel/MAX tickets yet, it might be worth waiting to see what damage the storm does.

Everyone knows what happened in the late 90's - the internet boomed, the Dot Com era came into being... Investors poured money into doomed companies, and those companies did ridiculous things like building desks made of lego blocks to woo rockstar programmers. Money was everywhere and available to everyone. Demand was high and skilled supply was short. Anyone who could operate a computer suddenly became a programmer/developer/webmaster/designer. Then came the crash. Companies went out of business, jobs were outsourced overseas, and demand for skilled software developers decreased. It was a painful time for alot of people. Skilled developers found other work relatively quickly, while those basic computer skills people who "jumped on the bandwagon" were weeded out, many going back to the career path they were following before VC money started growing on trees. Several companies made it out of the crash, leaner and meaner, and able to withstand the down market. It was relatively easy for these companies to gobble up the skilled talent left jobless by the crash. They didn't have to woo developers with crazy perks, they just had to offer a job in a market where employers had the power and employees did not. So that brings us to today. Alot of developers I know are still in those post-dot-com-bust jobs. A great many of them are completely miserable in the job they were forced to take after the market fell, and most of them are looking for other work. Some are in a lousy working environment, some have overbearing management, and some don't get paid what they feel they are worth. But even those who are paid well are surfing the job boards in their spare time. When I speak to my friends who are in this situation, the following from Paul Graham's Great Hackers essay comes to mind:

"Ordinary programmers write code to pay the bills. Great hackers think of it as something they do for fun, and which they're delighted to find people will pay them for."

But now the market is up, and jobs are starting to be posted more frequently. I've started to see an exodus of these miserable yet skilled developers from the companies which have come to take them for granted. And I think it's accelerating... Developers are shifting back towards companies who treat them fairly and with respect. Companies with uninteresting work are losing developers and companies with interesting work are gaining them. Alot of the companies who learned to get lean and mean during the dot-com bust lost their compassion for their employees. Unfortunately for these companies, they are bleeding talent, and it's only going to get worse. For many, unless they learn to treat their employees well - soon the only ones left will be the least skilled, and only because they can't find another job. Where will you be in a year?

Yesterday I bought my plane tickets and made my final reservations for this year's MAX Conference. I'd hoped to arrive the Saturday before and stay through the Sunday after, but it looks like anyone who doesn't already have a room booked for Nov 5th/6th isn't going to be getting one. None of the Conference hotels have any left, and the only other area hotels I could find for those days are either far away or marked up to ridiculously high rates. At least there's the weekend before, Halloween! I'm not sure what to expect, but I am very sure it's going to be an interesting time! I'm still arriving Saturday, but am now leaving on Friday the 5th. If you're going to be around early, drop me a note.

Over at An Architect's View, Sean Corfield has blogged about a Movable Type to Blog CFC Importer he's written. Note: Blog CFC runs this blog.