Tuesday, May 23, 2017

Invalid SSL on Chrome 58+ due to missing_subjectAltName

A friend of mine experienced this today and I referred him to a post that I used to fix the issue locally with my self-signed certificates when I first encountered it a month ago.

The author, Alexander Zeitler, goes thru the steps required to create your own CA (certificate authority) which is very handy when you want to just trust any certificate you create using it. Then he goes thru the steps for generating the SSL certificates using OpenSSL. In my own experience, I did not need the additional server config file he specifies, which I believe it was an issue with my version of OpenSSL but regardless it worked.

You can read thru the comments to find out more.

The link is :
https://alexanderzeitler.com/articles/Fixing-Chrome-missing_subjectAltName-selfsigned-cert-openssl/

He also wrote it on my birthday, so it was a nice gift. Thank you for sharing Alexander!

Wednesday, May 17, 2017

My Into The Box 2017 Experience

Well this is an overdue post that unfortunately work and personal things kept me from for a bit, but as promised I wanted to share my personal experience at Into the Box (ITB) this year. Also, why I feel it is one of the best, if not the best, ColdFusion conference I have ever attended.

I like others, have asked, “Why"? Why should I go to this gathering, isn't it just for users of ColdBox? Not, that I haven't used ColdBox, in fact I do and still support apps written in ColdBox. However, if I'm going to be honest, I am more of a Framework One kind of guy. So, before I go any further into my experience, let’s put that thought to rest.

Now, the keynote speakers presented a lot of great information geared towards ColdBox and their arsenal of tools. But, did you know, you do not have to use ColdBox to use them? Remember, as stated in their site, "ColdBox is an MVC framework for ColdFusion”, but the ColdBox Platform is so much more than that which include: WireBox, CacheBox, LogBox, TextBox, MockBox, ContentBox and CommandBox (which is my favorite). So, to answer the question, no you don’t have to use ColdBox MVC framework to attend, all you have to be is a ColdFusion developer that is interested in learning from and meeting peers in our community.

To start with my experience, from a personal stand point, this has been the best. Over the years of me working from home (although a blessing) I found myself becoming more of an introvert rather than the extrovert I was when I played music back in the day. This is something that I eventually break thru and once we start talking you might even wonder when was I ever shy, but I am. The setting for this particular conference was very different from others. From the moment I arrived thru the doors of the hotel and immediately introduced myself to Jorge Reyes and Bill Garoutte, it just felt different and very welcoming. The venue was just perfect and was intimate unlike the feeling I get from the conferences sponsored in Vegas. Please note, I hate Vegas and always have, from the days I attended Adobe MAX, Microsoft’s Connections to name a few and right from my first visit to the Magic Convention, which is not even a developer conference instead a retail industry convention. You may not share the same feeling for Vegas like I do which is perfectly fine as we are all entitled to our own opinion. At ITB, I found the intimacy and detail to personal connections to be extremely refreshing. We were more like a group of friends than strangers meeting in some large hall.

In regards to content. I found the information presented was truly amazing in how it was laid out and described. Going back to our first concern of, “Don’t I have to be a ColdBox user”, well you can say the proof is in the pudding. I would like to highlight some of my favorite moments but would first like to say I am grateful to every presenter that took time out of their busy schedules to share the knowledge they have with the rest of us. From Kevin Jones' presentations on NGINX, John Farrar’s on using Vue and introducing some modern development workflows, Mike Brunt’s on Tuning and Troubleshooting ColdFusion, Luis Majano’s on ORM, Brad Wood’s on CommandBox and introducing CFConfig (thank you), Charlie Aerhart’s on opening our eyes to what those damn spiders are doing to our servers and by far the one that blew my mind and inspired a CFC and a blog post to follow this was Gert Franz’s "How to make CFML script fast".

I can’t forget to mention the Happy Box Event featuring the Mariachi Band. This was the cherry on top, the moment I truly felt like I was part of a special group of people, a strong ColdFusion community and almost Family. Jorge, you sir have pipes, Luis you escaped your performance too quick, Brad and Gavin, next year the spotlight will be on you guys.

So, to close out this post, Into The Box was amazing. You can expect to see me at future ones and spreading the word. I can’t wait until next year and experience it all over again. To everyone at Ortus and anyone else involved, thank you for putting such a great event together.

Tuesday, May 02, 2017

On ColdFusion 10 ... Don't wait to upgrade anymore.

Just in case you are still on ColdFusion 10 and are contemplating upgrading, it appears that if you do not do it before May 31st, 2017 you will have to pay full price.

Don't take my word for it ...

Read it on their blog here

Wednesday, September 07, 2016

How to set up Facebook Login Deauthorize Callback with ColdFusion

Today, I continued my fun development on CrossTrackr with the Facebook Graph API as I had a few things to fix or update (to say the least). While doing this, I noticed that there was a callback for when a user deauthorized your app. Which currently on CrossTrackr, if a user did this and then tried to post, it would catch it and then just reset the user's settings. Although that worked, I wanted a better solution and this offered it by simply allowing me to complete the process on my end as soon as they executed the deauthorization.

In the most simple explanation, facebook simply sends a form post with a signed_request field value. You need to take this value and decode it properly so you can view the user_id, find in your system and then do what is necessary (depending on your implementation).

I could not find specific info on what was being returned on the Facebook developers portal (maybe because I did not look hard enough before googling) but lucky for us, there are many people out there that share their knowledge when they themselves figure it out, which is all I am doing here myself. The code that I have below is basically a port of a few PHP snippets and some other smart developers that were able to create an equivalent to PHP's hash_hmac.

I hope this helps you out if trying to do this on ColdFusion.

I'd like to thank the contributors of the following posts.

Facebook Deauthorize Function and Usage Example

Monday, September 05, 2016

Emoji support with ColdFusion and mySQL

So for a while, I have been trying to get Emoji support on CrossTrackr and no matter what I did I would still get an error until I finally threw my hands in the air and gave up. So what I ended up doing is using some code from this post on Drupal's blog, https://www.drupal.org/node/2043439, which allowed me to clean up the string before submitting to the database. When I found this post I was extremely happy but when I tried to execute the regex examples using reReplace() I would get the following ColdFusion error:

Malformed regular expression "/[\x{1F600}-\x{1F64F}]/".

This led to more frustration and then moving to my next solution which was to make a call to a PHP page using CFHTTP.

An example of how I did that can be seen in the following 2 gists.

ColdFusion Function making http call to local PHP File The local PHP File

Today I decided to attack this issue again as I got tired of getting errors, especially when I introduced new fields which I would forget to sanitize and users would try to use an emoticon 😫 . I found this great post (How to support full Unicode in MySQL databases) from Mathias Bynens @mathias which got me the answer I was looking for. See, I had already understood that I needed to set my fields to utf8mb4, but even though I did I would get the error, reason I went with just cleaning the string. In this post there is a section on modifying connection, client, and server character sets which was the piece I was missing. I just needed to set a couple of settings on mySQL server cnf file in order for data from ColdFusion to be able to be saved. Which are as follows:

The settings that actually did the trick where character-set-server which sets the default character set to use, character-set-client-handshake which ignores character set information sent from client and uses the server character set instead and collation-server which sets the default collation. The settings under the [mysql] and [client] parts did not really affect it working but I left them in regardless. I was previously using utf8 as the default and since utf8mb4 is fully backwards compatible with utf8, there was no data loss when I updated the columns. He does go into modifying the database, table and columns but when I tested, all I did was work with the columns that I needed to support and modifying the database or table itself was not necessary, thus not creating any issues with my index keys as he explains. An example of how I update the character set of a specific column is as follows:

ALTER TABLE `table_name` CHANGE `column_name` `column_name` TEXT CHARACTER SET utf8mb4;

Again, in his example he does a little more and sets the collation to utf8mb4_unicode_ci but after testing, the default collation for utf8mb4 also worked. Once I added the settings to mySQL and restarted and removed my cleanEmoji() wrappers in my ORM files, my saves no longer threw an error. One thing I did have to remove is surrounding my output with encodeForHTML() as that would replace the emojis with question marks.

Now in doing this today and finally getting it to work I did figure out something else, and that is that the call to PHP is not really necessary. We can use those regex patterns using Java's internal replaceAll() string function. So now I can wrap saves to fields where I do not support emoji's without incurring an http call from the server to itself and PHP handling the work for me. Below is the updated cleanEmoji(), which I now call cleanEmojiWithColdFusion().

I hope this helps you as it helped me get Emoji's (High Ascii Values) working on my App. I will try to see what is required if working with MS SQL and either update this post or create a new one.