An Architect's View

Saturday was the day of repeats. A chance of many of us to see sessions that conflicted with other, equally fascinating sessions that we had chosen to see. For some, it was also the "one day conference" option - I saw quite a few attendees with the "Saturday Package" badges so that was clearly a great idea on TeraTech's part! My scheduled lineup for the day was:

• Sarge's Asynchronous Event Gateways
• My Objects and Persistence
• Sandy' CSS Floating
• Adam Lehman's Application Security
• My Managing Components with Factories
• Simon's Object Think

A packed day and more sessions than I'd managed on any other day!The A/V guys seemed to have abandoned us at the start of this last day - as had the conference wireless network - so Sarge had to battle away at first without a projector and was unable to show some of the sites he was using as case studies. He soldiered on, explaining what asynchronous software was all about, giving WalMart checkouts as a good real-world example of the benefits of being able to process things in parallel. He also highlighted some of the difficulties with debugging asynchronous applications and some of what you can do to alleviate that. The only example he gave was Damon Cooper's file copying code (which doesn't work properly on Developer Edition as Sarge found out, since he'd reinstalled CFMX the night before and hadn't reinstalled the Enterprise serial number). Since I'm such an ardent proponent of event gateways, I was a bit disappointed with Sarge's talk - I'd hoped for, since it was billed as an intermediate talk on an advanced topic. My first repeat was next and, after such a smooth session on Thursday, this one ended up being rushed at the end and I only just reached the summary slide at the "stop" sign from the monitor. The first time I've run over at CFUNITED. Having said that, I had a lot of questions from the floor during the talk, far more than usual, so I hope folks were getting value out of that, even if I had to rush my conclusion. There definitely seems to be a lot of interest in the whole ORM space which is good to see. I've missed so many of Sandy's CSS talks that I was determined to get to this one about floating elements on a page. Within the first five minutes I'd learned something new and useful about CSS (you basically can't specify both float and position and expect to get sensible results!). Sandy explained the principles of floating element and the syntax, gave some important information about margins and float and how they interact (margins do not collapse around floated elements as they do in some other situations). Then she got into the "nine rules" of how float works and some caveats about using them. She makes it all seem so sensible and even vaguely intuitive - a very valuable session for me that will certainly reduce my frustration with CSS in future. I spent too long chatting at lunch and missed the first 20 minutes of Adam's talk but he covered a lot of great material in the 40 minutes I did catch. He explained several common security holes and how they come about, then talked about what tools we as ColdFusion developers have to deal with these flaws. He covered cross-site scripting, authentication and session management (don't pass session IDs in the URL, do use J2EE session variables), centralized access control (so you don't have parts of application accidentally escaping access control), use of user IDs (don't pass them in URLs), administrative applications (make sure all access is hardened - made more secure), user input validation and so on. He also made the point that security needs to be a core part of your software development lifecycle, not something you just add into your software! He gave some good references as well, recommending that folks track down their local OWASP chapter and join that. Next was my second repeat and it went more smoothly than on Wednesday, with lots of good questions from the floor. I also had people coming up afterward saying that this talk helped them "get" Dave's ColdSpring talk from Thursday which I took as a great compliment! Finally, Simon's talk on Object Think. I think I'm going to write a separate blog entry on this one. I will say that - much to many people's surprise, I'm sure - I really enjoyed the talk and was, mostly, in complete agreement with what was said. More on that shortly. Then I retreated to the bar for a quick beer and a final chat to several of the attendees before heading to the airport and starting my long ride home (arriving in Oakland around 2am local time). Overall: CFUNITED was fantastic! Downside: I'm very, very tired. Takeaway: In future, I am unlikely to agree to take on someone else's talk at the last minute!