You can listen to the podcast here
Michael Smith: Welcome back to the show, we’re going to be looking at more of the interesting questions in the State of the ColdFusion union survey this year. If you missed the last episode where we looked at 24 of those questions and had a lot of interesting info there on different things developers are doing, you can find that on the TeraTech blog. Coming up, we’re going to be looking at how people are using mobile development. What is keeping people doing ColdFusion or what is stopping them doing it in their companies and caching solutions people are using, framework tools, monitoring tools, deployment methods people use, what the popular REST APIs are and also what salary range people have in the ColdFusion world and we’re also looking some somewhat controversial questions on how people are locking down their servers and how many of us admit to have being hacked in the last few years and how that happened.
Brad Wood: Sounds intriguing.
Michael Smith: It is intriguing. That’s coming up in this episode. Then also we’re going to look at online ColdFusion communities where you can meet other CF developers and get your questions answered and which are the most popular and how you spend your time, hobby versus professional coding. Also we’re going to have a look at some of the comments people made. Lots of comments were made on this survey and there’s some controversial things being said in there that we’ll get to. I’m here with Brad Wood. Absolutely. I’m here with Brad Wood from Ortus Solutions. His the [evangelist 00:01:45] for the whole box line of products.
Brad Wood: Thanks for having me Michael.
Michael Smith: Every time. Just so you know, Brad helped out with improving the questions on this survey and analyzing the results so his a great all round guy. You can meet him at the upcoming Into The Box conference that’s coming up real soon now. I like to plug it just because it’s helping keep ColdFusion alive. It’s the modern face of ColdFusion of I’m saying that right.
Brad Wood: Yeah, I like that.
Michael Smith: You should trade mark it or something. Let’s have a … Let’s share the screen so we can have a look at the first question on mobile development and here it comes. What kind of mobile development frameworks our developer is using and of course our number one answer is they’re just not doing mobile development.
Brad Wood: I guess maybe it’s not too surprising. I thought more people would be doing mobiledev. I’m curious that this is a reflection more of the company’s that are represented by the survey.
Michael Smith: Yeah, maybe. First of all, people taking the survey tend to be the people more active in online forums or on the TeraTech email list or follow people Twitter. I think a lot of ColdFusion developers just do their 09:00 to 05:00 job an don’t really spend time on forums.
Brad Wood: I’m actually a little surprised just the amount of people doing Native IOS and Native android. Maybe this is just a personal thing. I would never really consider that in favor of some of the cross platform solutions like PhoneGap. Pretty much any other solutio that’s not Native but this because maybe a lot of companies are willing to give the giant proverbial middle finger to all android users and say we’re only going to support an IOS. I wouldn’t think that that many people would be doing that these days. I didn’t want to also-
Michael Smith: What would the point be just to … First of all, the same number of people are pretty much doing Native IOS as Native android which we don’t know for sure but it kind of suggests that they’re doing both.
Brad Wood: It’s possible, it seems like a lot more work. Given they can [inaudible 00:04:13] with one of these platform ones. I wanted to point out in the responses, it looks like next year we definitely need to add Xamarin as well as react Native. We had a lot of write-ins for both of those. That’s good to know. The other group is still only maybe 10% but it looked like a fair number those were using Xamarin that react Native.
Michael Smith: Yeah. The most popular one is PhoneGap. Do any of these your personal favorites or?
Brad Wood: CF client, Micheal.
Michael Smith: CF client, okay.
Brad Wood: CF client of course was just a wrap around PhoneGap. I don’t find that very surprising, I think it’s one of the biggest ones. I would say PhoneGap probably personally but I have yet to do very much mobile development at all. At Ortus we are doing some but I haven’t been personally involved in it.
Michael Smith: Cool, so let’s go on and look at question 26. What aspects of ColdFusion are keeping you or your company using it? Here we get into some interesting stuff.
Brad Wood: Yes we do. The biggest one by far I think it’s rapid development followed by prior investment in ColdFusion which is interesting. Prior investment of CF is too large to rewrite [that’s 00:05:38] the next one.
Michael Smith: Yeah and that’s going to work for any language that’s been around for a while.
Brad Wood: Fast to learn, easy to integrate, less code.
Michael Smith: Yeah, a lot of people have mentioned that to me when I’ve talked to them that they know plenty of other languages but they can do it a lot quicker in ColdFusion.
Brad Wood: Sure, yeah.
Michael Smith: Even [font 00:06:04] coding is pretty popular too. We don’t always rate that when we pick a coding language. If something is tedious to code, do you really want to be doing it?
Brad Wood: I think in reality, that is a large draw especially for people who pick up language in their free time. If it’s not something that’s fun to write in they’re probably not going to keep doing it.
Michael Smith: A fair number of people put good performance and actually that’s surprisingly true because in the ColdFusion engine inside the server, there’s a lot of tweaking around. Gets multi-threading and other stuff that gets a lot of through put to go through a site.
Brad Wood: I don’t find it too surprising. Personally the JVM has been well proven as a platform that scales exceptionally well. Twitter had a big write-up and they switched from Ruby on the rails to the JVM in JAVA. They were able to have a lot fewer servers and support a lot of higher traffic. That’s why I always tell people ColdFusion is a JVM based language because JVM in my opinion is not really a good thing as far as deployment and speed.
Michael Smith: Well and as many different versions of the JAVA version machine that are made so you know it’s doing to be around for decades.
Brad Wood: I like the built-in features as well. I think that’s one of the things I tend to talk about when I talk to non ColdFusion programmers. I talk about that fact that CFML is a platform that comes out of the box with just a whole slew of integration and things that are packaged in so I personally like that one but I think I votes for it when I took the survey.
Michael Smith: You can write the same thing in PHP or dot net or whatever but you’re probably going to end up third party libraries in and if anyone is added a third party library or rolling the dice as to whether it’s going to work out immediately or you’re going to have to tweak around with it or it’s the compatibility issue. It’s certainly a big help when things are built in.
Brad Wood: Sure, yeah and ColdFusion incorporates a large number of open source JAVA libraries but they’ve gone through the effort to make sure they’re all going to work cohesively together. You’re don’t have to worry about that, which is a good thing.
Michael Smith: Then works with many different databases is what I believe this one is which some people need to move around between databases and that’s certainly a good thing. Then also you can run it open source. You can run with Lucy, CFML and you can set up a whole stack that’s completely open source using ColdFusion.
Brad Wood: That’s actually a fairly good number 33% of respondents saying that open source engines which effectively I think are going to be mostly Lucy to a much less extent [Rilo 00:09:02] into a incredibly small percent Blue Dragon. Essentially what’s helping keep them in the platform, I think that speaks well to those because those are all potentially people that may have moved on if they didn’t have those open source offering available to them.
Michael Smith: Yeah, here we’ve got 12 or more really good reasons to keep on using ColdFusion. Great to see that and thanks for the suggestion that someone made last year to have this question in the survey. Let’s move on to the opposite side of the coin, the dark side. Yes, we come to the dark side. What aspects of ColdFusion are preventing you or your company from embracing ColdFusion which is question 27 in the survey?
Brad Wood: So the biggest one by far is seeing as dying in legacy which is sad because that’s really completely perception. That’s not a fault of the languages self or what you can build with it, it’s really just a giant perception issue. I think that’s what derives a lot of the CAOs, CTO types a way. You’ll come in and think, “Let’s use dot net.” Nobody got fired for buying Microsoft as the saying goes. I think that’s one of the biggest issues that we need to try to fix as a community. Is just the perception of ColdFusion.
Michael Smith: Absolutely and as the answer says, it’s seen as dying legacy, it’s not that it actually has died. I don’t know quite well what legacy means. Whether it just means the code being around for a while or what but I see some really modern and exiting things happening in ColdFusion code and I know the conference you’re speaking at there’s a lot of modern ColdFusion coding techniques that people are doing. It’s cutting edge but we need to get the word out there that yes, it is alive and it can be modern code. Sure you can write old style code in it and you may be maintaining mountains of old style code if you’re lucky.
Brad Wood: Sure. I run across people that are already ColdFusion developers who aren’t aware of the tooling and resources available. Imagine that issue amplified even more in the communities of people who aren’t even doing ColdFusion. I think there’s a lot of misconception on what modern [inaudible 00:11:31] looks like.
Michael Smith: Well, and I think sometimes … I’ve seen people in other JAVA or PHP communities who they’re talking about ColdFusion 5 and not ColdFusion 2016 or Lucy 5. They make all these accusations that are straw man arguments arguments that aren’t even true.
Brad Wood: Heres actually a response, heres a write-in response in this question, lack of command lines sucks. Here’s the irony. Command box which is precisely that. A command line tool for ColdFusion has been around for three years now and here’s a member of the ColdFusion community who literally is three years or more behind. They’ve had a command line for three years and they apparently don’t even know it.
Michael Smith: What is the cost of command box for those who don’t know?
Brad Wood: It is absolutely free Michael. Exactly. There should be no reason to be not using that so you can get the benefits of spinning up servers and different versions of ColdFusion and all the other command line things you can do. I was talking with [Gurt 00:12:38] the other day who is part of the Lucy initiative and they’re working in the next dot release speeding up how quickly it loads. When you use a command line, it can do it twice as fast.
Michael Smith: Exactly. When you run a command line there’s a little bit of loading in the background. The next biggest thing, difficulty of finding CF developers. It’s interesting because we have both sides of that coin and we have difficulty to find CF work and difficult to find CF developers. Both of those have a decent amount of votes but it looks like there’s more people looking for developers. That’s good for developers, that means that’s a hiring market. We talked about this last time I think. How a lot of people need to stop looking for developers. Stop limiting their searches to only applicants who already know ColdFusion but to look for qualified developers that know a similar scripting language. Ruby, JAVA, dot net, PHP and simply train them on the specifics of ColdFusion. I think they’ll be able to fill a lot more seats that way.
That’s interesting to know that that’s a big issue and I’ve heard the same thing from clients of mine as well.
Brad Wood: Also don’t limit your search to people who happened to live in the same town that you’re based in.
Michael Smith: True, there’s a lot of remote availability. People that would work remotely but just not always an option. Unfixed bugs is the next biggest one which is kind of interesting. I know that that that can be personally frustrating when you’ve submitted a bug, maybe two or three years ago and it’s still sitting around a bug tracker. There’s two problems for that. We don’t know if the people who answered that were referring to the Adobe bug base or the Lucy bug base. Obviously there’s nothing that you or I can do to fix Adobe bugs other than voting and commenting and pointing them out. I think it’s worth pointing out that if there are unfixed bugs in Lucy server at least that’s something the community has the ability to fix on their on terms to be able to submit pool request and things. At least there’s reprieve available for people using the open source engines they have the ability to help contribute in that area.
Brad Wood: Yeah, and lobby directly to the people who might be able to help. If you have a relationship with some of the people who do the committing to that code base you can convince them why it’s important to fix it. You can help with debugging it to make it easy for the fix to happen.
Michael Smith: On this topic it’s probably worth talking about how people can push for bugs to be fixed. For Lucy specifically, the product manager now is Patrick Quinn of WebApper. He’s been pushing this for monthly sprints inside of Lucy and he starts a threat on our discourse forum which by the way is where we just moved our Google groups to, the discourse. If there’s bugs that you want to see fixed he does look to see what votes are on bugs so that’s important. But also pointing that out in the discourse forum and tagging him and saying can this ber part of not coming sprint, is the way to get something flagged for Lucy. For Adobe-
Brad Wood: Just to encourage people there, it helps if you explain why this would benefit other people and not just yourself, why it’s an important bug to fix. The other thing is if you have other friends who are having issues with the same bug, get them to comment too, do some little grassroots outreaching, get some encouragement. If you have several people saying, “Let’s fix this.” Here’s why.
Michael Smith: Absolutely.
Brad Wood: [crosstalk 00:16:34] to get fixed.
Michael Smith: Every once in a while I’ll see somebody say, “Why has this bug not been fixed for either Adobe or Lucy?” I’ll look and say, “There’s zero tickets … There’s zero votes on the bug.” For starters, find some people to vote on it. The equivalent for Adobe, they do have voting on their bug tracker. I only assume they look at it since I’m not as involved in their process, I’m not sure. But for people who aren’t on the CFML slack team, there’s an Adobe channel in there and Annit from [Panda 00:17:05] is in there. A lot of people come on and we’ll go tag him and say, “Can you follow up and see if there’s a status on this bug.” That’s a good way if you have a ticket and the Adobe bug-based to kind of get a push in that area. Obviously they can’t fix everything all the time but I think that’s kind of two good things that people can follow if they have bugs in either engine if they’d like to kind of light a fire under.
Brad Wood: Those are great suggestions. I just want to appreciate both Adobe and Lucy for having public bug databases because… I think Lucy has always had one as did Rilo. But Adobe didn’t use to have this and they started I think 10 years ago I want to say, maybe 8 or 9 after we started that CF bug hunt side when the wonderful ColdFusion MX i.e. ColdFusion 6 came out and was slightly buggy, if you remember ColdFusion 6.
Michael Smith: I do remember ColdFusion 6.
Brad Wood: Which was a shame because ColdFusion 5 was incredibly reliable. Damon Cooper of Adobe when he was still there, he had this thorough QA process and I think that’s being recreated at Adobe where they … Whenever someone reported a bug they asked him for a copy of their code and then they would stick that in their code repository so that … Like a new version ColdFusion would get run through the same code that had bugs before so they wouldn’t come back as zombie bugs.
Michael Smith: Yes.
Brad Wood: Lots of good stuff. All right should we move forward to the next-
Michael Smith: Yes, let’s go ahead.
Brad Wood: Next question. Question 28: What caching solutions are people using? Number one caching solution, EH cash. Of course that comes built-in.
Michael Smith: To an extent the Rilo Lucy cache has sort of the same answer by default … I guess it’s important to note that Adobe ColdFusion has EH cache built-in for like the CF cache tags, the cache get, cache put functions. Lucy and Rilo have a bit more built-on to that, they kind of have a caching mechanism being created multiple named cashes that point to some sort of internal or external data store. Rilo and Lucy offer to you EH cache as well as Adobe ColdFusion built-in, and they also have a RAM cache option which stores it memory in the heat. I guess it’s not surprising to see that both of those options are sort of by and enlarge the most commonly used since they require zero additional effort, they just kind of come out of the box.
Brad Wood: On Lucy [inaudible 00:19:52] EH cache external I guess is what you are talking about.
Michael Smith: No, no. Lucy server has built-in EH cache in the same manner the Adobe ColdFusion does, out of the box. CACHEBOX of course … I was going to say it’s not a caching implementation of its own but actually it is. It does support an in-memory cash. The CACHEBOX in a similar fashion that Rilo and Lucy are is also an aggregator that allows you to connect to external cache stores. People using CACHEBOX could quite possibly be connecting to Memcached or to Couchbase or to a JDBC store. Obviously we can’t tell from that but it’s interesting to see the breakdown here.
Michael Smith: Just for people who aren’t doing caching which seems to be about half of the people who took this survey perhaps though it’s multiple choice so maybe that’s interceptive number. But what kind of things would you want to cache in your application and what kind of effects might you expect to see?
Brad Wood: Cashing is kind of one of the go-to patterns and strategies when you are dealing with high availability and you are trying to work a performance especially with some sort of distributive systems. A couple of quick and easy examples we use caching on the order solutions blog for instance to cache both user sessions. If you are visiting a site logged in or not as well as HTML content of the blog post. It’s things that change very infrequently but is accessed often. Typical caching strategy that we’ll use on our servers we’ll have Couchbase cluster sitting behind other CACHEBOX so we just Lucy’s cache aggregator and we’ll be caching the HTML of the blog post inside of that.
Having an external cache can be nice, external meaning not in your server’s RAM which would be an in-process cash. Having an auto process cache is nice because if you restart a server you don’t have to wait for those cashes to warm up again. We can bounce the server when Lucy comes back up or ColdFusion comes back up, it’s still pulling hits in the cache mechanisms because that stored out of process.
Michael Smith: Right. Then of course you can also cache queries as well and-
Brad Wood: That’s some really nice built-in functionality. Adobe ColdFusion will only let you cache queries in the built-in EH cash. Lucy, Rilo will let you point your query cache to any external cache you want so you can cache queries in Couchbase or Memcached.
Michael Smith: I haven’t played with Couchbase as a caching solution, I thought it was kind of distributed database kind of thing.
Brad Wood: It is. Couchbase is sort of a marriage between Memcached and couch DB and we are-
Michael Smith: Are they going to have children?
Brad Wood: They did and it was called Couchbase.
Michael Smith: Okay.
Brad Wood: Eventually it was called Membased and they renamed it the Couchbase. We’re big fans that [inaudible 00:22:46] who use it for a lot of our stuff and it combines both the no sequel data sort including an actual sequel-like querying language so you can cache [inaudible 00:22:56] documents but it also works just as a typical key value cache. You can throw binary blobs in it you you can cache HTML [distext 00:23:04].
Michael Smith: But it’s a little bit like CDN, it’s spread out over several servers probably geographically spread out.
Brad Wood: Yes it supports all of that. You can have as many nodes in the Couchbase cluster, you can have cross data [inaudible 00:23:16] replication. That why we like it because it’s incredible fault-tolerant in its mechanisms.
Michael Smith: I just want to encourage people who want to speed up their apps to start off by looking at the sequel as Bill Clinton might have said, “Is the sequel stupid?”
Brad Wood: I would also like to point out while we are here, CACHEBOX does end in box but that’s not a requirement to used ColdBox with it. CACHEBOX is something that comes along with ColdBox but it’s a standalone library. If you have a legacy application or a FuseBox Framework 1 and you want to drop in some cashing, you can always drop in CACHEBOX all by itself for sure.
Michael Smith: Cool. Here is the first wrap, let’s move on to question 29 on what miscellaneous frameworks you you’re using. I just can’t help but notice [inaudible 00:24:08] every other answer ends in box. The number one miscellaneous framework is CommandBox which is completely free. Why would someone want to use that?
Brad Wood: I’m glad you asked Michael. If anybody doesn’t know I’m the lead developer for CommandBox so it warms my heart to see a good uptake on that. CommandBox is a CI tool so it’s a rebel, let’s you run ColdFusion directly from the command line, you can execute CFM files from a Cron job or as shebang script. But also there’s package management you can install libraries, you can install frameworks and you can most importantly start servers. It can start Lucy servers, it can start Adobe servers any version-
Michael Smith: You can have like four different server versions, Adobe, ColdFusion 11, Lucy 5, Lucy 4?
Brad Wood: Exactly, all running at the same time.
Michael Smith: You can just spin them up anytime and you wouldn’t-
Brad Wood: They secure the port so nothing conflicts. We actually use CommandBox in all of our Travesty I built now so we can test our frameworks like ColdBox against Lucy 4 or Lucy 5, ColdFusion 10 and ColdFusion 11, ColdFusion 2016. This is all based on CommandBox. You could say start the server and ti boots it up. That’s actually when we saw CommandBox usage really jump a lot is when we added the ability to start Adobe servers. I think a lot of [crosstalk 00:25:32] are using that now as an alternative to actually installing a specific version of ColdFusion which is great.
Michael Smith: Then LogBox, the second most used one by 27% of folks, why would someone want to use that over just using CF log?
Brad Wood: Like CACHEBOX, LogBox is something that is a part of the ColdBox family but it’s a standalone framework so you can use it in any application you want even if you are not using ColdBox [inaudible 00:26:01]. But LogBox lets you do similar to CF log but just much more flexible. You can have a generic concept of, “I have a log message of this severity,” and it can go to a text file, it can go to a database, it can go to an email, it can go to a Tweeter feed. You can kind of dynamically at one time provision where you want these log messages to be logged to and that can be different for environments. On Dev, you can say, dump all log messages of any kind into a text file that gets zipped up every 10 megabytes, then production may be you have different settings for. It can be very handy especially if you are dealing with any kind of containerized deployment of your apps.
Docker containers are things where you have these … There’s no static files system underneath them, so it’s important to be able to log your error messages outside. We have some custom appenders written for things like bug log HQ so we can have our servers all via LogBox logging in the error messages on the site to some centralized bug log HQ server. It comes in very handy for situations like that.
Michael Smith: Cool. Then next down here is FuseGuard. Why would someone want to use that?
Brad Wood: I wish more people were using FuseGuard. This is a product of Pete Freitag from Foundeo and it’s excellent. It’s basically a web application firewall that’s written in ColdFusion and it will actually block a large number of known hack attempts from being able to hit your website. If someone tries to exploit a vulnerable sequel statement or sequel injection or exploit a path transversal exploits, this product of Pete’s which is a commercial product but it’s very well worth it, will actually detect those via some configurable heuristics and it will block these requests and even log them. We’ve played around with that…
Michael Smith: I definitely recommend doing something that will either clean up your code, fix the holes or use something like this. I guess this is similar to dot net … Is it dot net … No, there’s something that’s like a generic version of this kind of thing but it’s ColdFusion specific.
Brad Wood: It’s possible.
Michael Smith: Yeah.
Brad Wood: I think it’s a fantastic product, Pete’s really done a good job with that one so I think more people should [inaudible 00:28:21] into it. On that note if you’re curious about your servers, Pete the author of FuseGuard also has a HackMyCF.com website which is a very cheap subscription you can pay and it ‘ll actually email you and tell you if you have any vulnerabilities on your website. It’s a non-intrusive scanning that it does and it will alert preemptively, “You are behind in your updates, you need to lock down these directories.” It will scare you.
Michael Smith: That’s a great tool and it will alert you if there’s a patch being put out by Adobe. Just to be clear just looking at the server side of things isn’t checking code or stuff or if FuseGuard is actually protecting some holes you might have in your code. We have a question a little bit further down where people admit to how much they’re been hacked so we’ll look at that a bit later. Then two other tools here miscellaneous frameworks, DotBox and ForgeBox. Just briefly why would someone want either of those?
Brad Wood: Very quickly, DotBox is the oldest folk of the ColdDock project which I believe is Mark Mendel. It was no longer being maintained so we kind of took it around our wing and rebranded it. But it allows you to generate HTML documentation of your CFCs. We use that for the ColdBox, TextBox, all of our internal libraries, we have API docs you can use, we use DockBox to generate those. ForgeBox is less of a tool and it’s actually a website. The forgebox.io website is where your host packages that you can install from CommandBoxes, kind of part of our ecosystem. But it’s not a requirement that it’s ColdBox-specific. If you have a library for … Create an FPR, whatever you want you can put them on ForgeBox.
Michael Smith: There were a lot of writing entries here of other tools people use, any interesting one you noticed?
Brad Wood: Let me take a quick check, refresh my memory.
Michael Smith: Let’s see what comes up here.
Brad Wood: A lot of these didn’t belong in this category [crosstalk 00:30:25].
Michael Smith: Okay maybe we didn’t need a nun in here for next year.
Brad Wood: I like this command box deserves two because it’s so awesome. I promise I didn’t type that.
Michael Smith: I believe you, so I think the take away for me on this is if you’re not using some of these toolkits some of which are free some of which are paid, you are probably missing out and worth checking out some of them. Let’s move on to monitoring, because none of us have slow or crushing ColdFusion servers right?
Brad Wood: Nope, not not me.
Michael Smith: No but question 30 here what monitoring tools you’re using ad the number one tool is fusion reactor which maybe is no surprise because it’s the one that gets the best maintenance and new features added to it.
Brad Wood: Yeah, [crosstalk 00:31:17] very active they have releases every month probably. Maybe not quite that often but I know they’re always coming out with new releases.
Michael Smith: They’re also very supportive the ColdFusion community, I now their sponsor is CF and Into The Box and I think they were sponsor of [ND 00:31:32] Dev Con.
Brad Wood: NC Dev Con yes the [inaudible 00:31:36] guys put a lot of effort into reaching out the ColdFusion community. It’s worth noting C-fusion has not very many votes. It’s a product that kind of gone stale for a while that’s managed by WebApper.
Michael Smith: Used to be a great product and still is okay but it just haven’t been getting any updates.
Brad Wood: Well they have recently released C fusion 5 which I thought I’d point out which involves a lot of cloud based management and pricing. It will be interesting to see if C-fusion picks up any usage just based on the fact that they are starting to push out some new versions of that.
Michael Smith: I’ve got a Podcast interview with David [Talesel 00:32:16] who is the CEO of Integral coming up in a few weeks and apparently they’ve got a cloud based version of fusion reactor and-
Brad Wood: They do, it’ll push the metrics from your websites to a cloud location where you can view them externally which is actually pretty cool.
Michael Smith: They’ve also got lots of other cool features like, they can automatically restart the server, they can tell you when it’s getting closed, memory limit or dis-limit or whatever limits you put in, there’s all kind of cool things in there. It also can help you debug if you got something slow or crushing it can help you identify the slow sequel or the slow ColdFusion files.
Brad Wood: Yeah and I’m a little disappointed to see almost 20% of people saying they don’t monitor their servers at all. Now I don’t know if it means that they don’t personally monitor it and some of the IT department does but-
Michael Smith: I think I’m going to interpret that they don’t, we need to rephrase the question we don’t use the monitoring software tools or whatever, we’ll do that next year.
Brad Wood: A lot of people will come on the mailing list or such and they’ll say I’ve got a page that takes 10 minutes to run and I don’t know why or crushes my server. [inaudible 00:33:29] will ask if you’ve got a fusion reactor or C-fusion or something installed and the answer is no. The fact of the matter is that they’ve wasted far more of their company’s resources and their time than it would have taken just to purchase a product like this. Even I mean the ColdFusion server monitor, if you’ve got ColdFusion enterprise you already have a monitor that’s not nearly as well featured as fusion reactor but it’ll at least give things like stack traces and memory usage out of the box. I think a lot of people just don’t … I don’t know if they are not sure how to use this tools or just don’t take the time but I think everybody should have some monitoring solution under their belt that they can use to see what their code is doing.
Michael Smith: Yeah I’d recommend that and now the fusion reactors has gone through a monthly subscription pricing as well as just being able to purchase the software. I think their lowest pricing is is like I want to say 39 bucks a month which is … You try getting a cup of coffee everyday for a dollar something a day.
Brad Wood: That well fusion reactor also has developer license if you’re going to only use it for your developer work station not on a production web server and I think it’s $200 I think it’s $199 a year which is much cheaper than their typical pricing as well.
Michael Smith: I think they have regular thing is about 1500 or something like that.
Brad Wood: Yeah so there’s a lot of options in my opinion they’re well worth the time you’re going to spend.
Michael Smith: Yeah definitely well let’s move forward, questions 31 what kind of deployments are folks doing? Lots of tools people could use on deployments, most popular one is deploying in-house and second one on managed servers. Those are where the deployment is going to which is slightly different question but this is the multi choice question. [inaudible 00:35:24] hosting was behind on that.
Brad Wood: It should be it needs to die in a fire.
Michael Smith: Why is that for adding your opinion?
Brad Wood: It is shared hosting because you’re sharing a server with other websites and if you used to get the security locked down to where it’s nearly unusable, or the security isn’t locked down which means that you’re not very well separated from the other servers.
Michael Smith: Yeah to put this in a metaphor, shared hosting is sort of like you are going to a used hostel dormitory and you with all the other people and if someone gets drunk and throws up on the bank bed you are all screwed. Their managed service more like an apartment complex where there are other apartments but they are far walled off from each other, whether that’s virtual private server or dedicated machine-
Brad Wood: We have VPS, we have VPS.
Michael Smith: Built your own house.
Brad Wood: We have VPS on here, so VPS is somebody manages the hardware but you install everything you want including ColdFusion. Managed server-
Michael Smith: That’s like having an apartment complex and you have a separate apartment and then-
Brad Wood: VPS is like you have to furnish your apartment and fix the facet when it leaks.
Michael Smith: While as managed server is you build your own house or the RSP build one for you and it’s totally separate from anyone else.
Brad Wood: I like this we need to surround this analogy out until it breaks.
Michael Smith: Yes Trump Tower would be … I can’t quite come up with an analogy of that but let’s move on to the other deployment question which is do you use software to do your deployments. I think the number one solution there is Docker. Tell us why someone would want to use Docker.
Brad Wood: I think Docker isn’t necessarily mutually exclusive, there’s a number of these. For instance Kubernetes is more of an orchestration layer on top of Docker. In fact heroku and dokku are even sort of layers on top of Docker as well. Docker is very attractive and what I see right now in the cloud world is everything is trending towards Docker in some form or another. We just had a call today with the guys at Cloud Foundry managed by Pivotal just to look at some of their offerings and their service is heavily based around a lot of Docker options. It’s the idea that you can completely separate the server that you’re installing your code on to from the application itself so you have this whole precious snowflake of an application that you bundle up in this nice little package and you decide to deploy 10 of these. Some of the orchestration layer on top of Docker are very convincing to be able to say if the load of my application reaches a certain threshold, deploy two more servers and automatic load balancing between them.
That gives a level of flexibility that’s unheard of in the in-house category. In my opinion, my personal opinion I think this question right here is where the ColdFusion space has some of the most to grow. In the future I think the ColdFusion is really lagging behind in this area of deployments. If you were to look at the same question another major languages like Ruby or node I think a lot of those communities would much less favor in-house but instead they would be doing things like heroku, they would be doing things like Docker based deployment Kubernetes. Though I think to a degree maybe some of the ColdFusion shops that our government, they have very tight restrictions on where they are allowed to run quite possibly a lot of this aren’t options for them, based on the red tape.
Michael Smith: Couldn’t they go onto a private cloud they control?
Brad Wood: They could and I guess maybe that’s what they mean by in-house. They would probably have to be [crosstalk 00:39:18]
Michael Smith: Pretty sure in-house means they actually have the hardware in a room in office building.
Brad Wood: There’s a lot of this kubernetes, kubernetes is available just a host of solution Google cloud services. You can also run your own Kubernetes clusters effectively in-house. Though I don’t know … I don’t think near this many people are doing that.
Michael Smith: Then Vagrant is similar idea to Docker but why and that’s pretty popular.
Brad Wood: Vagrant can be … Can have provisioners that would point to any cloud service like Rackspace and things like that but 99% of everybody that I know using Vagrant they’re using it specifically for local development. Vagrant is for provisioning virtual machines VMs and Docker is for provisioning containers. A container is much more light weight than an entire virtual machine is faster to provision. Typing Vagrant up from scratch might take 15 minutes, bringing up a Docker instance might take 30 seconds. I see Docker as the next logical evolution of Vagrant. In fact when you install Docker today on a Windows machine, but actually install VirtualBox and deploys a single virtual machine two that then the Docker containers run inside it. I think Vagrant is still very [inaudible 00:40:45] for local development but I think it’s being overtaken by Docker-
Michael Smith: When you say container for people who don’t quite know what that means, why would you want a container to run your ColdFusion in?
Brad Wood: Right so a virtual machine like Vagrant creates for you by default on a tool like VirtualBox is a full installation of a operating system that’s booted up from scratch and virtual hardware. You assign RAM to it, you assign CPUs to it, you boot all the way from virtualized bios up to a Linux installation. Docker when we say process is literally just a process running inside of Linux operating system or I think the latest versions of Windows 10 support this natively. When you spin up a new Docker container you just have a base Linux operating system running, and it’s literally just a matter of saying spon this new process. Inside of that is little capsulated Linux thing that’s running and it thinks it’s its own machine but is really just one of many processes running on a base hardware.
Your density is much higher, the number of containers you can spin up. The time to spin them up is just a matter of seconds because you’re not booting for operating system from scratch. You are just saying here’s an existing running OS spin me off a new process. It’s a very technical answer but there’s a lot of benefits to the container based in that it’s just a process running on a base operating system. It’s still very segregated system recourse wise but it’s a lot more light weight and faster than a full VM like Vagrant gives you.
Michael Smith: It could keep your applications separate from each other if you’ve got a development server you could have different containers that have different versions of ColdFusion or different databases of whatever you were testing.
Brad Wood: Sure there’s base containers or anything imaginable. In fact we have command box based containers that you can just say, “I want to run Adobe ColdFusion 11.” That’s what it spins up. The idea with a container based approach is you have a container for each application, this little separate deployable apps.
Michael Smith: The other thing is once you’ve configured the container you can save it off to disc and then when you want to bring it back to life you can just spin it up very quickly.
Brad Wood: Yeah so I expect to see Docker growing in the future and things like Kubernetes, [Assure 00:43:14] EC2 I expect to see those all growing, at least I would like to see them grow. I would like to see the in-house bar get smaller as those get larger because I think that really unlocks a new potential for people to scale applications that they just don’t have in-house. Most people [inaudible 00:43:32] if you said how long would it take to put another web server online starting today, they might tell you two weeks. Anybody using Kubernetes who say how long would it take you to put another website online and they’d be like, I just did it, big production right now it’s a different world of deployment for sure.
Michael Smith: Let’s just talk a little bit about these different cloud servers Amazon EC2 or-
Brad Wood: EC2 is the only cloud deployment option that’s really natively supported by Adobe right now. They’ve promised us Docker containers but I haven’t seen it. I spoke to Alicia recently I think she said they were working on them. EC2 is one of the only deployment options that really gives adobe the ability to collect the pricing, you pay per hour for ColdFusion license and what they are doing. A lot of these options don’t quite have the same control what EC2 does to be able to charge the customer per hour per instance.
Michael Smith: If you wanted to use Amazon you also could run Lucy I assume.
Brad Wood: Absolutely yeah WebAppers worked on making gold certified AMIs for EC2. Lucy also has heroku built packs, they have based Docker images you can build on obviously with the licensing out of the picture, you don’t have to worry nearly as much about your deployment licensing with Lucy as you do Adobe ColdFusion.
Michael Smith: Right, though you would be paying by the hour to Amazon just for the server-
Brad Wood: Sure and I will add, I know that Adobe is working on some better cloud based licensing. I was with some of the adobe team members a few weeks ago and I asked them about that and they acknowledged that’s something current [Yula 00:45:17] is vague on and it’s something they’re working on doing because Adobe wants to be able to free people up to use these cloud offerings easier. The trick is that … How do I know how much to charge you unless … Especially things like Kubernetes where the number of containers can just be [schooling 00:45:34] up and down throughout the day based on your size usage. What the heck do you charge people for? How do you-
Michael Smith: Just take the average.
Brad Wood: Yeah there’s a lot of ways to handle it so that’s why think they are working through with their legal team instead of Adobe-
Michael Smith: I was going to say I’m sure from the technical mathematical point of view it would be pretty easy to come up with a fair answer. As soon as you bring in the lawyers they probably have to contemplate it for a while.
Brad Wood: Sure.
Michael Smith: Let’s move on-
Brad Wood: That’s my graph I want to keep my eyes on the next year I want to see how it’s changing.
Michael Smith: Question 32, what do you use to build REST APIS? A lot of different things here, number one is Homegrown and number two is we don’t use REST.
Brad Wood: I’m not incredibly surprised that there’s a descent number of people not using REST but I am disappointed to see how many people have grown their own. Most of the major frameworks all have a REST implementation, a [inaudible 00:46:32] framework one and so it’s disappointing to think of the hours people have spent writing their own ability to do that when there’s these off the shelf frameworks that probably are going to save them a large amount of time. Even the CF built in REST which is generally regarded as not being that good at least has descent usage but is not as many as the homegrown ones which is a little-
Michael Smith: Just for those who aren’t using REST, why would you want to use or expose a REST API in your app? What the benefit of that?
Michael Smith: Yeah so it’s a way to isolate different parts of code from each other so you could swap out the front end and keep the back end the same or as you said talk to third parties.
Brad Wood: But it looks from the right ins that even CF wheels and preside CMS and Far Cry I think all have some little custom REST stuff on there as well. Pretty much everybody is using some kind of REST tooling and chances are it does a lot more than something you can write on your own.
Michael Smith: Just let folks know if you go to the survey online if you just click on the extra responses you can view all the write in answers and comments. Moving on from REST question 33, what deployment build tools do you use?
Brad Wood: Yeah and these aren’t mutually exclusive either, in fact most people using Jenkins are probably using ANT inside of Jenkins [inaudible 00:48:57] for Travis. What’s our percentage not using is about 45%, we use Jenkins for years as just a general build tool for all of our box products. When I make a commit to command box or the Jenkins build that kicks off and builds all the binaries and runs all the test but lately we’ve been investing a lot in the Travis CI and one of the biggest … It has a very tight integration with GitHub. One of the best things at Travis if you’re an open source author is when people send your product pool request as soon as they send the pool a Travis CI build which by the way is Docker based, it’s a container that spins off the clouds somewhere. I told you everything is using Docker these days.
It will spin up a container somewhere in the ether, it’ll run all of your unit test against the pool request that’s being submitted to you and it will tell you right there in GitHub, test to pass or test to fail which is great because it gives you instant feedback. It is an open source author. I really appreciate that. Someone sends me a pool request and I can tell them right away well you broke the build come back and talk to me once the tests are passing which is really great.
Michael Smith: Just to back up a moment if people aren’t using build tools which 44% of people taking the survey said that and I’ve got to believe people who didn’t take the survey is probably even a larger number, they’re missing out on getting a reliable build made automatically where every time you make a change in your code it can run unit tests, it can deploy it’s different servers depending on how you got the things setup.
Brad Wood: I think this is actually in the … Is it Jeff Atwood, he had 12 questions at every applicant should ask a company, is their company doing this before I accept the job and one of them is, do you have … Can you create build of your application with a single click? Chances are if you are not using one of these, you’d probably have to answer no to that.
Michael Smith: Yeah and the reason you wouldn’t want to do this manually is it’s very [inaudible 00:51:02] and it’s easy to forget to copy a file or to miscopy things or get settings wrong and then you have bugs to track down that could be quite hard to track down.
Brad Wood: When I started working with Louise some of the ColdBox, every time a new version of ColdBox was released, Louise would just do it manually on his computer and this was this was years ago. A lot of the companies are the same way you have one guy who knows all the stuff that has to happen to get into the production. Anybody else needs to do a build they’re kind of screwed and so that’s why we started using Jenkins internally. With our products because I would say how do I run a build, I don’t have your computer in front of me and so now it’s all completely detached and in a Jenkins job-
Michael Smith: It’s now documented in that job scripting so-
Brad Wood: Exactly anybody can run a build. If anybody wants to build a command box, they can clone their repository run and-
Michael Smith: What is the cost on Jenkins because the people who don’t know and imagine it cost millions of dollars?
Brad Wood: Jenkins which is a fork of Hudson is free. Travis CI is also free as long as your projects are open source. ANT is also free it’s an Apache product. ANT is more … It’s xml files you use to describe what you want your build to do. ANT is typically used inside of Travis or inside of Jenkins. Bamboo is the [inaudible 00:52:28] and equivalent to Jenkins ties in with the [inaudible 00:52:32] tool set. I’m not actually sure what the pricing on Bamboo to be honest.
Michael Smith: The point I wanted to make was a lot of these options are open source or free.
Brad Wood: There shouldn’t be a pricing barrier for sure. [crosstalk 00:52:46] are are all node based. We actually use those specifically Grant for a lot of out front end builds. We have a Lexar project now with ColdBox that deals with things like your style sheet, [inaudible 00:53:02] compilations, your job or script [inaudible 00:53:04] all that asset dealings that you do during a build and so we use a lot or Grant and Gold and of course there’s no cost for that, those are very popular, there’s plug-ins for everything under the sun.
Michael Smith: Then Get Lab is a version of get … Has this some other stuff built in.
Brad Wood: Yeah it’s like a self hosted GitHub repository that you can have behind a fire wall in your own appliance and it has it’s own Jenkins automation built in. Jenkins lets you manually trigger bills or even schedule them. GitLab is from my understanding pretty much all just based on a commit just came in. It’s all based in the concept, you have repository somebody commits something to it when you run a pipeline.
Michael Smith: Yeah I just did a Podcast episode with George Murphy who is speaking into the box and he-
Brad Wood: George loves [crosstalk 00:53:58]
Michael Smith: Yeah he could talk forever about the features of Gitlab and he talked for quite a while but it was very interesting because I learned some stuff that I hadn’t heard about before. Before we move on, related to this is doing continuous integration which a lot of these tools let you do. Why would someone want to do continuous integration?
Brad Wood: The idea between continuous integration is all about closing that feedback loop between the amount of time that you write a line of a code and the product is build and it’s tested and you know whether or not that works. That can be feedback from a set of unit test, it could be feedback from just a tester on your [inaudible 00:54:44] but continuous integration is all about I’m made to commit and lets run the unit test on those, let’s deploy that to the stage and environment. Let’s use some JSlint, Variscope or whatever other scanning tools you want to run and it’s automated so it’s not a manual process as opposed to saying I need to push that code to stage and there’s just so much work I’ll wait till Friday to do it, it should just happen. There’s no reason why your code can’t be on your stage and server within five minutes of you committed in without you lifting a figure.
Michael Smith: All ready had all the unit tests pass as well.
Brad Wood: Yeah because if the unit test don’t pass it shouldn’t be deployed, the bill should be failed and you should be notified. Because why have a human bother testing your code when your unit test have all ready told you that they are failing now. It’s all about automating reducing those feedback cycles.
Michael Smith: Yeah improving code quality. Well let’s go to the [inaudible 00:55:38] which I think we managed to … We got some interesting numbers here but really-
Brad Wood: Yeah we screwed this one up.
Michael Smith: We need to extend … Yeah we screwed this up so if we did have enough [crosstalk 00:55:51]
Brad Wood: We must have underestimated what ColdFusion developers make. Next year we need to, we need to bump this baby up like a million dollars I guess just to get better data.
Michael Smith: There you go. Nearly half of the people were making more than 95K a year and then there was pretty even distribution all the way down to 25K which I hope on our intern hobby level.
Brad Wood: There was a couple unpaid but I think this is great news for ColdFusion developers. If someone is considering should I develop in ColdFusion, I think this goes along with the other question that said it’s difficult to find ColdFusion developers, so instead I mean it’s a market to be hired in. People are willing to pay to try to get people to come be a ColdFusion developer and so I think this is good news for people with ColdFusion skills. Hopefully next year we will distribute the answers a bit up in the range to get some better data.
Michael Smith: Yeah so let’s move on to those controversial security questions.
Brad Wood: Yes.
Michael Smith: Question 35 how do you lock down your service for security [inaudible 00:57:05] apply. Most people-
Brad Wood: We need to shoot the 17 people that said none wants security.
Michael Smith: Yeah well people you say shoot them, they aren’t alone. The people who took this survey tend to be the most clued in ColdFusion developers who are on the forums, who are on the slack channel. The people who just do a regular nine to five job I bet you it’s more than 3.8% don’t do anything for security. I know it’s the case because I’ve talked to some of them.
Brad Wood: I think the official lockdown guide is great Pete Freiteg again helps write those, he’s the author of FuseGuard and HackmyCF.com. A lot of people just don’t even know those exist. They are freely available PDFs that literary gives you screenshot step by step, Apache, AIS you name it everything you need to do to lock down. If everybody followed just the office shelf lockdown guides, majority of ColdFusion hacks … If everybody followed the guide and updated their server the recent updates, the majority of ColdFusion hacks wouldn’t even happen in the first place.
Michael Smith: That recent updates has parts two parts, one is the hot fixes adobe or Lucy put out when a hack is discovered and they quickly put out something, and they both do a great job of that. There’s no … They don’t cover up that there’s been a hack they put out that hot fix and send out an alert.
Brad Wood: The transparency sometimes feels like it can hurt the image. Because every time Adobe gets the security exploit which isn’t very often to be honest, it’s very highly publicized. That’s good because you want people to know about it.
Michael Smith: That’s the point.
Brad Wood: The secure profile is another good one I think more people need to be using that. Now it’s possible that not enough people are on the newer versions of ColdFusion that have the secure [inaudible 00:59:00].
Michael Smith: Yeah and I was going to say there are two parts to this. First of all you want to get the hot fixes as they come out and hack my CF will alert you to that by email but the other thing is you need to get off end of life ColdFusion which means CF9 or earlier and CF10 is going to go end of life.
Brad Wood: CF10 is really soon, ColdFusion 11 2016 both have the secure profile. When you install ColdFusion as user it’s a production server, so many so many people forget just the obvious stuff like a custom air template template for this site. They are putting all sort of juicy information for hackers and looking like [newbs 00:59:37] at the same time and secure profile sets a whole handful of settings just right off the bat that will make your server twice as secure. Also in ColdFusion 2016, say you are using [inaudible 00:59:51] one of the most commonest installations, they’ve now blocked access to the entire CFI to eFolder by default you can’t even get to it. The IIS connector won’t even hit it which it should have done years ago. I like you secure by default thing because it makes using it slightly more complicated. You got to hit it directly through Tomcat but in my opinion those things are way worth it. Because no ColdFusion installs back in the day just weren’t secure by default and most people didn’t lock them down.
Michael Smith: Let’s go on to the … What happens if you don’t have things secure. Next question, question 36, have your ColdFusion servers suffered from hacking exploit in the last two years due to a CF base factor? This was anonymous question so I’d say 90% of people haven’t heard this but that meant 10% of people have been hacked which is upsetting I would say.
Brad Wood: Yeah overall I’m very glad to see a lot of no’s. I’ll hear a lot from [Pintesters 01:01:01] and people in the community who are not ColdFusion developers. They widely regard ColdFusion as just a very insecure platform, just any ColdFusion servers just immediately hackable and that’s not the case statistically. ColdFusion has a very low number of exploits and I think this is a good graph. I was very interested to see out of the people who were hacked, what was the reason. The most answered one is lack of ColdFusion patching which isn’t that surprising. That’s one of the easiest ones to do. In ColdFusion now you can even configure it to literary email you when a new patch has come out. You’ll get an email in your inbox that says here’s an update and people who don’t patch it, 4% of people who are hacked … Not 4% of people who are hacked, 4% of people who answered the question were hacked because they simply didn’t install the updates.
Michael Smith: Then other sequel injection, cross side scripting I think you mentioned earlier where the admin is publicly available, other vulnerabilities in the code.
Brad Wood: In the public administrator, also incredibly easy to lock down a lot of people just don’t do it. The only people I can really feel sorry for is very small less than 2% that say they were actually hacked by actual on un-patched zero day in the engine itself. Adobe usually has patches available within two weeks or less when a zero days [inaudible 01:02:31] so that’s usually a very small window. The remaining people will get hacked just simply don’t apply the updates.
Michael Smith: To be honest when I looked at hacks that have happened against ColdFusion it’s not day zero stuff, it’s stuff that’s been out for six months, a year, even longer, or they are using CF9 which doesn’t receive hot fixes anymore because they went end of life and you’re never going to get hot fixes for that. People just have holes in their setup.
Brad Wood: Sure and I opinion every company especially companies that have a segregated wall between developers and the dev ops guy to do the servers, they’ve got to have at least one person at the company whose responsibility is to keep on updates whether it’s Windows updates or [inaudible 01:03:16] updates, Apache updates or ColdFusion updates, somebody has got to have a schedule where they go through and they check them all on a regular basis. It’s the people who deploy a server and just leave it out there for years that they get hammered on this.
Michael Smith: There’s one other things I’d say on this, the question said have you … Do you know you’ve had a hacking exploit. If I have to tell you when we’ve gone in and helped people who’ve been hacked, several of them have been … When we dug into how did they get in and how long has this been going on, they were hacked like six months earlier and it’s only when the hacker started uploading wares or pornography or whatever on their server they blew out the disc space and the server started crushing then they understood they’ve been hacked but they … That’s actually very common. There’s been some famous hacking. I think it was North Carolina or South Carolina State government but one of those Carolinas they were hacked like six months previously and it took them that long to discover. I just want … People are sitting there thinking I haven’t been hacked, that may not be true.
Brad Wood: It’s entirely possible and there are some good software’s out there like Tripwire that will try to detect malicious activity and notify you immediately, looks like something’s going on with your server.
Michael Smith: Yeah so I definitely recommend that … Let me just. All right so moving on next question, ColdFusion communities. These are online communities question 37. Online communities that you’re part of and most popular one is the [slack 01:05:05] channel which last time I checked was a few thousand people in it so very active.
Brad Wood: Let’s see here, I’ll look right now ColdFusion slack. 1972 people currently in it. Right under 2000.
Michael Smith: Wow, that’s a great place to share youthful information or to get answers to questions. Then second here, there’s some framework specific ones and then there’s also some Facebook groups that are pretty popular.
Brad Wood: Yeah, overall I think there’s probably a lot of people who aren’t in communities but those are the people who didn’t take the survey because they weren’t in the communities to know about the survey in the first lace.
Michael Smith: Yeah, typically people either heard about it through one of these communities by other people sharing it there or they were on the TeraTech email list. I don’t think this happened this year but previous years I know [Integral 01:06:09] sent out an email to their email list as well or maybe they Tweet on it. There were quite a few tweets as well which we regarded as a community if you used that ColdFusion of CFML hashtag it’s going to pick up traffic.
Brad Wood: I’ve only got a few minutes left on this end so let’s-
Michael Smith: We’re nearly at the end. Professional development time versus hobby time, most people taking this to focus on professional time and then hobby time, so that’s open source projects or your own thing, not so many people doing that.
Brad Wood: It seems that most people doing CF professionally is mostly what they focus on. A lot of people doing CF in their hobby appear to focus on a lot of other languages in their hobby which is not a bad thing.
Michael Smith: How do people work? Are they salaried, contract, self employed? Most people taking the survey were salaried but a fair chunk contract or got their own business.
Brad Wood: I think a lot of people who are self employed probably also were contractors. They probably contract for themselves.
Michael Smith: Then surprised that only 14% are remote.
Brad Wood: There’s a lot more people who would probably work remote if there were positions available.
Michael Smith: Then very few are unemployed which relates to that high demand for ColdFusion developers. Then hardly anyone said they were a student which I’d love to see that change because that’s how we get fresh blood .
Brad Wood: I would too and that’s exactly where I started ColdFusion is as a student so I agree with you there.
Michael Smith: We’re at the final question which is any additional comments and there were a lot of write-in comments. We’re not going to scroll through all of those, if people are interested they can do that but perhaps we can just highlight some ones that really caught your eye and I’m just going to see if I can stop the screen share so we can scroll down through those comments. Let’s look at three top themes that called out to us from these comments Brad.
Brad Wood: Yeah, I think one of the biggest ones are just people looking for better support for ColdFusion and just marketing. I think there’s always more that Lucy and Adobe can do in marketing. I think Adobe and Lucy can never do the same marketing that you and I can do. This has developers from a grassroots perspective being a part of-
Michael Smith: Isn’t that what every open source language that competes with ColdFusion does?
Brad Wood: Yeah, there’s a lot of languages that don’t have a corporate entity to market for them. They were grown up out of just masses of people saying, “Hey I’m working on this really cool language called Blah. Take a look at it and that’s how they grew the community so I think that’s something that everybody can do for sure to help that on their own.
Michael Smith: We’ve got a number of people here who said they either love ColdFusion or bring CFML to the masses. A lot of enthusiasm about ColdFusion. I noticed that in a number of the write-in comments.
Brad Wood: Yeah, I’ve seen several mentions of Lucy, people being excited about that.
Michael Smith: Maybe we just need to tie those two things together. The people who are really enthusiastic about ColdFusion and the people who wish it was marketed better and get that message out. It’s a wonderful language and someone can be proud of doing.
Brad Wood: Yeah, I think ways people can do that can involve finding a local user group, even just an open source user group or a generic program and user group. Just being part of it and just talking about ColdFusion or going into a local conference that’s not a ColdFusion conference and talking to people about what you do.
Michael Smith: Or starting a meet-up if there isn’t one. They’re very easy to start.
Brad Wood: Yeah, if you’ve got a town with enough ColdFusion developers, you can talk to Lisa Devork from Adobe and try to even start an official Adobe meet-up ColdFusion or it doesn’t have to be official, it can just be you inviting people to talk about the cool stuff that’s going on.
Michael Smith: For people who don’t have other people in town, the southerns Florida ColdFusion user group went virtual a few years back and anyone can attend their meetings.
Brad Wood: That’s nice. Charley Can’t say his name, Charley Airhart also has the online CF meet-up and they don’t meet in a regular basis but as needed when he has speakers, that’s a group you can do online as well.
Michael Smith: Yeah, lots of resources. Southern ColdFusion one I think has a round table format where people bring their coding problem they have so they don’t have a speaker unless one turns up but they do meet every month I believe. That’s run by GM Carlos Gomez who I interviewed for the podcast the other day.
Brad Wood: Yeah, JC is a cool guy.
Michael Smith: All right, so that’s it for another ColdFusion state of the using the survey 2017, thank you Brad for your great commentary and looking forward to what’s going to change next year in this.
Brad Wood: Awesome, thanks Michael.