[Looking for Charlie's main web site?]

Speaking at CFCamp 2019, for the 10th time!

Following on my recent announcement about speaking at CF Summit 2019, I am delighted to announce also that I've been selected to speak at CFCamp 2019, in Munich this October.

This will be my sixth year in a row presenting at this wonderful event, and my seventh year total. It will also be my 10th presentation there. Half of those talks have been "sponsor" presentations on behalf of Intergral, the makers of FusionReactor, while the rest were not.

And despite the title, "Comparing Monitoring Solutions for CF and Lucee", my talk this year is not an FR-sponsored talk. See the description below.

Title: Comparing Monitoring Solutions for CF and Lucee

Description:

If you're suffering performance and stability problems, there's no substitute for having SOME kind of monitoring in place. But there are quite a variety of monitoring solutions available for ColdFusion and Lucee. How do you choose? (Or are they "all the same"? No!)

There may be some monitoring features built-into your CFML engine (and free), which perhaps you didn't even know aboutor it may depend on which version of the engine you're running. There are also commercial third-party monitoring tools, built for CF and Lucee. And there are still other Java monitoring tools (some free, some commercial), which can be used readily with CF and Lucee. So many choices, but which is best for you?

In this session, we'll review several of these monitoring alternatives, and which are available for various releases of CF and Lucee. We'll identify several goals (problems to be solved or features one may seek), and then identify if and how each different solution meets each goal. With this information, one can better determine if a built-in tool may suffice, or better choose among other options that would best meet their specific needsincluding whether having more than one tool (yes, more than monitor against a single instance) may be the best way to satisfy different needs.

Looking forward to seeing folks there, and seeing all the other great presentations on the docket!

PS For the record, my attendance has been 2011, then 2014, 2015, 2016, 2017, 2018, 2019. And some of my older CF friends over there may recall that I also spoke twice to the CF Europe event in 2002, so it's really my 12th CF conference preso in Munich! (I also have done a couple of user group meetings there as well over the years.)

And it's funny/sad that in all these years of going over there, I've never been much north of Munich. I've been south plenty throughout Bavaria (as well as over to Prague/Czech Republic, and down to Switzerland), but I still have so much of mid- and northern-Germany to see, on one of these trips!

CF2020 to offer still-better deployment on Docker, cloud

There's great news coming regarding Adobe ColdFusion 2020, with regard to deployment of CF via Docker images and/or in the cloud.

Adobe's Director of Engineering for CF, Ashish Garg, recently held a wide-ranging interview with Michaela Light (on the CF Alive podcast) about the CF2020 roadmap. Ashish shared news of some substantial changes planned in the next release regarding modularity in the engine, the size of installers/containers, and their startup time, as well as matters like licensing of containers, logging within them, monitoring of them, and more.

[....Continue Reading....]

Come learn about getting started with CF Docker images at CF Summit 2019

Docker imageI'm terribly behind in announcing it, but I'm thrilled that I've been selected to speak again at Adobe CF Summit 2019, to be held in Vegas Oct 1 and 2 (with the pre-con on Sep 30). Both topics are on using Adobe's ColdFusion Docker images, and are designed for people who have not yet gotten into Docker at all, or for those familiar with Docker but not the Adobe CF images.

After sharing the talk titles and descriptions, first for the hour-long session and then for the day-long pre-conference session, I'll share a couple more thoughts, especially for those considering going to the conference, which I highly recommend.

[....Continue Reading....]

New Oracle JVM update released, July 16 2019

Just a heads-up for folks using CF, Lucee, and other Java-based apps and app servers: Oracle has released today a new JVM update, for Java 8 and 11. It's update 221 for Java 8 (1.8.0_221), and update 4 for Java 11 (11.0.4).

For some, that's all they need to know. For most, they will probably want to read on.

[....Continue Reading....]

Updates released today for CF2018, CF2016, and CF11

While word has been shared elsewhere about this today already, I wanted to share here also that there were updates released today for CF2018, CF2016, and CF11.

And I share a bit more here, for my readers.

[....Continue Reading....]

When you know you're doing the right thing: some representative comments from clients

For years I've had a "references" page on my site, where I'd post comments folks have shared in their emails back to me after our consulting engagements. I get their permission before posting, of course.

Well, I got a really nice one today, and I thought I'd share it here also, as it really does capture well what I strive to do in my work:

[....Continue Reading....]

CF updates temporarily missing. Get them here

If you've tried to get the update files for cf 2018, 2016, 11, or 10 in recent days, whether from the CF Admin "updates" page or the update technote pages, you've found the update jar files are missing and unavailable, due to a temporary problem. Here's how to get them in the meantime.

[....Continue Reading....]

"Charlie, we'd like to buy CF. Are you an Adobe reseller?"

I've had clients ask the above question over the years, including today. The short answer is "no", but I do have a recommendation of who you should consider buying CF from, at a discount, and with other benefits.

[....Continue Reading....]

CF security update (March 1 2019), part 2: further details, prevention, and more

This is my part 2 post which follows onto the Part 1, released the night of March 1, when the new CF updates were released as an emergency update. If you've not yet read that, do that first, to get some basic info and needed context for what follows.

And if you HAVE already read part 1, if it was before Saturday morning, do go back and reread it. I had added some important info that I thought shouldn't wait to Part 2, which I knew could take me a while. See especially the sections there, "A brief introduction to the vulnerability and the fix", "Should you be worried?", and "What if you can't apply the update immediately, and can't wait for part 2?".

And my apologies for the delay in getting part 2 out. For various reasons, including related to additional research work I'm doing on this exploit beyond CF, I was unable to post this then. Better late than never, I hope. Indeed, I had listed quite a lot in Part 1 that I hoped to cover in a part 2. I don't want to delay getting this out any later, so I will get done today what I can and post that, and carry over into a part 3 (or beyond) whatever remains. There are some natural breaks, fortunately. Thanks for your patience.

Following are what I cover here in Part 2:

  • More detail about the vulnerability and what was "fixed"
  • Wouldn't an antivirus package on the server detect this sort of trojan?
  • How to add further protection from it (especially if you may be unable to implement the update for some reason)
  • Considering running a security scan of your CFML code
  • Consider implementing a web application firewall
  • How to prevent execution of the files used in the attack, if they may already be on your server
  • Another benefit of applying the latest updates
  • What about Lucee?

[....Continue Reading....]

Urgent CF security update released March 1 2019, for CF11/2016/2018, Part 1

This is an urgent announcement to ColdFusion users: Adobe has released a security update today, March 1 2019, for CF 11 update 18, CF2016 update 10, and 2018 update 3.

All CF shops are urged to install this update immediately, to implement new protections against a known attack happening in the wild. It's identified in the associated Adobe Product Security Bulletin, APSB19-14, as a priority 1 critical vulnerability.

I will add that I can vouch personally for the significance of the vulnerability, as I reported it to the Adobe Product Security Incident Response Team (PSIRT), and I proposed the fix which was implemented. (I also know what was done specifically to perpetrate the attack, and the very negative consequences of what happened once the server of a client of mine was attacked. You don't want this to happen to you.) I plan to share much more in a part 2 post (now posted, but do see below for the context it builds upon).

(In the meantime, I have tweaked this part 1 since originally posting it, to share more here.)

[....Continue Reading....]

More Entries

Copyright ©2019 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting