Read the show notes and download the full episode here.
Michaela Light 0:01
Welcome back to the show. I'm here with Mark Tatar Cocker, would I make a mince meter? You're nearly close. How do you say Mr. Takata? The cutter sounds very precise when you say He is the senior ColdFusion evangelist for Adobe. And he knows a lot about ColdFusion 2023, which is good because that's the subject of today's episode, we're going to look at all the cool features that got added in to 2023 that you may not be aware of at home. So we'll be talking about containerization and the Google Cloud platform integration graph, QL, JSON Web Tokens, cool PDF enhancements, the centralized server admin, stuff, ss, O single sign on, and also the whole revamp of the PDF engine that happened so and a whole bunch of other things. I haven't got time to fit into 30 seconds promo there. So welcome, Mark.
Mark Takata 1:06
Thank you. Thank you. Thanks for having me on. Always a pleasure to see you and be on be on your podcast. It's good to see amps.
Michaela Light 1:14
Absolutely. It's great to see you. So I got your title on you're actually senior technical evangelist.
Mark Takata 1:21
I am I am that was a new I got I got an upgrade. Yeah,
Michaela Light 1:26
Basically means you go around to customers cold fusion and meet them online, meet him at conferences new. Tell them about what wonderful in confusion. And I think you also kind of do a little bit the other way you listen to people and pass stuff back to correct
Mark Takata 1:42
It. And that I'm that herb and that connector between the community and the internal folks. You know, I say the things in meetings internally that maybe we don't want to hear or we don't hear very often. So I'm, I'm that voice from the community to try it out. I mean, you know, it's, that's my job, it's my job to be that voice, whether it's positive or negative, we need to hear what's coming from the community. And then the other way back is, you know, I communicate stuff from the internal folks back out to the community about changes, things that are coming up, talking about, you know, support issues, things like that. So I cover the gamut. I work with engineering, product support, sales, everybody is sort of math, I guess.
Michaela Light 2:27
And you're also a ColdFusion. Developer. I used to do cold fusion development University California at Davis. I think I remember right?
Mark Takata 2:35
Yeah. A lot. Yeah. I've worked in cold fusion for over 25 years, and worked at UC Davis, UC ANR. Did CF, both of those did CF at a company called line tech, plus another like 13 Other languages across a multitude of different companies.
Michaela Light 2:54
You have a perfect, perfect person to be the evangelist for cold fusion? I think so.
Mark Takata 2:59
I think I think so. But hopefully others do too.
Michaela Light 3:03
Yes. So let's start talking about containerization. Yeah, that's something a lot of people are interested in and have been doing for a while. But what does Adobe ColdFusion add to that? was added new on earlier versions.
Mark Takata 3:22
Yeah, so we've really, obviously containerization is like the new hotness, everyone wants to be using Docker and Kubernetes and all that. So there wasn't really a lot of direct additions into 2023 and 2021. We we made huge changes, we module artist, everything which made it much easier to deploy stuff, so it's smaller. And in 23, we've just stabilized a lot of that stuff. You know it we've continued to keep the sizes small. Now, performance has been a question that came up with containerization is usually the reason why people ask it because often you're spinning up a container from cold, right, especially if you're using something like Cloud run where it's stateless, you're starting from zero need to get to 100. And, you know, a few milliseconds. And the performance between 2021 and 2023 have not changed, which is in some ways good because 21 was pretty fast. 23 has not gotten slower. Often as you add more features, and things get slower. As we're looking forward. We can talk about this a little bit more, but we are actually looking to start going the other way and speeding things up as we move forward into the future releases. One of the big things that we did add inside of containerization is we added features into GCP, which we'll talk about and GCP is a great platform for throwing your containerized workloads in in ColdFusion. It's, I mean dead simple. Takes a few minutes to get running, especially if you're if your Docker stuff is on point. You can get running in GCP in sec is basically, and have your ColdFusion site running in any number of different ways in a container. And I can cover a little bit of that when we talk about GCP. So GCP,
Michaela Light 5:11
For people who aren't familiar is Google's platform for cloud. Google
Mark Takata 5:15
Cloud Platform. Sorry, I was falling into the acronyms. Yeah,
Michaela Light 5:20
No worries. I'm here to help. elucidate any acronyms that slip out. You're my translator. Yes. And for those watching on video, Mark is really coming to us from the current year and not the 1980s, which is his little background of a television tube. He's not stuck in the 1980s or 50. They didn't even Yeah, the television as
Mark Takata 5:40
My wardrobe is definitely stuck. But oh,
Michaela Light 5:46
And then I think most people listening probably know what a container is, and why you'd want to do it. But maybe we should explain that container is a virtual machine. It's a lightweight virtual machine that separates out whatever language you're running in it. And you can do things you mentioned Kubernetes, that's a way to automatically they call it orchestration, you spin up new containers, or close them down as you need them. So instead of having hot, actual physical hardware that you have to build, you can have a virtual machine come up in a second or a few seconds, depending on what's going on inside it.
Mark Takata 6:25
Yeah, just to clarify, it's even lighter than what would normally be or traditionally be called a VM. So VMs can run in a number of places in the cloud. And they often include the full operating system you'd like to do all that this strips it even lighter, and just gives you the very, very few things that you need to run. And you pretty much we'll put it together, assemble it, package it and then ship it in the state that it's in to whatever platform you're moving on. Whether that's Google or Azure, Oracle, or or AWS
Michaela Light 7:02
Something Oh, many, many other container. Yes. I'll provide as Digital Ocean comes to mind. Yeah, yeah.
Mark Takata 7:09
Do ya do is big? Yeah. There's I mean, it's funny. A lot of people talk about the three big clouds. It's like, no, no, there's tons of clouds. Yes, that's a big clouds, too. You know, there's other people, especially Oracle has been, like, massively vastly growing, it's been outgrowing the other clouds by several factors of size. So
Michaela Light 7:31
It's an episode on Oracle coming up. And Scott Stroz is going to talk about his experience there. But yeah, and you can also run containers locally on your own laptop, if you want to know and many people use that benefit. Because once you've set up the server in a container, you can then save that image and pass it around the development team, or set it up on a staging cloud container. It's actually
Mark Takata 7:58
A really good way, a good friend of mine at the Agriculture Natural Resources, which is a University of California, in Davis, California, their entire development team all runs in local Docker, because it allows them to have a repeatable, preset up, you know, perfectly orchestrated setup, that he can just, if somebody's laptop gets, you know, in the toilet, or it gets run over by a bus, if they hit Oh, he could just walk, put a new and it's, you know, a few minutes, and it's running again, exactly the right way. And then that entire setup is mirrored in their production so that they can just ship it through CI CD. And they're off to the races. They don't have to worry about like, oh, wait, my, you know, this part was not set up the right way. Or some of the folders are wrong or whatever. Now, it's all set up ahead of time. So yeah, it's a really beautiful way of doing development. Yes, without having to,
Michaela Light 8:54
You know, without hardware headaches, it isolates you from the hardware without adding a lot of overhead to it. And as the other benefit I've seen is view if you're doing you need to run different versions of ColdFusion because you're migrating from yeah, like I don't know if I should even say this, but we this last month, we had a client who was on CF five and then wanted to get to CF 2023. And yeah, we're not going to put a server up with CF five but we we did a you know container with CF five to get it run and yeah, and yeah, so you know, and command box is great for this kind of stuff. So yeah,
Mark Takata 9:32
And I have to say I am I am thrilled to know that he went back even back in CF five, which is not too many versions ahead of when I first started doing all this many years ago that it's still it'll still spin up it'll still run in minutes and yeah, it's it's still will
Michaela Light 9:53
Well, it was good version CFI Damian Cooper was in charge of the QA team Adobe background and he kind of cracked The whip to make sure there were not a lot of bugs in that version. And that was the final version ColdFusion was written in C, I think. Yeah, right. Now, of course called solution is is written in Java and it emits Java code. So, exactly, yeah, it's good, good move back there by Macromedia to, you know, redo the whole thing. It was a bit of a birth Pang with that first version in Java, but it's been a great technology decision to do that. So I agree.
Mark Takata 10:30
Yeah, I think it's, I think it's a nice little value add to be able to, like, drop into Java and code in Java or at, you know, you know, jars from external vendors and just be able to use those in there. It's, I see it used in an infinite number of ways amongst the customers make absolutely really, like flexible.
Michaela Light 10:51
Well, when I'm talking to people who are a little nervous about using ColdFusion, I just say, Look, this is it compiles into Java and Java is very common in all kinds of enterprises. So yeah, I
Mark Takata 11:03
Will, I will have to strongly agree with that, too. Like I have been in places where, you know, I'm telling ColdFusion, how amazing it is the rapid application development language, and then you can kind of see on the face of it. Yeah, I've ever heard of it. What is this? And like, it's Java, it's Java on the server, it compiles to Java. And then, oh, maybe like Oracle, Java? And I'm like, a exactly Oracle, Java. That's what Adobe ColdFusion runs on Oracle, Java. And they're like, suddenly, like they flip completely, there is their way of thinking so. Yeah, it's very useful to have that. Now, does it actually mean anything compared to the other languages? Is it any better than node or whatever? You know, I don't know. I don't necessarily think so. I mean, you get value add from all of the different languages, right? They all different way of doing things. Right? There's, they all have strengths. They all have weaknesses. But sometimes when you're talking to that CIO, when you're talking about those folks who may be they want to hear that name, right? They want to snap slower when
Michaela Light 12:03
Something breaks. Yeah. And it could run on other Java engines. You know, the runtime engine doesn't have to be Oracle's Java. Or it could be one of the half dozen or more different flavors of Java engines. And it doesn't have to run on Windows, it can run on Linux or any other I think, I think Brad wood wants got it running on a Raspberry Pi, which was pretty impressive. I
Mark Takata 12:25
Did, which I am still to this day, astounded by my current project, which we'll see. I'm trying to get it running by by DC, which is in April, do you know what a steam deck is? Are you familiar with a steam deck?
Michaela Light 12:39
Name sounds familiar, but I can't think what it is tell us what it is.
Mark Takata 12:42
So there's a there's a gaming Oh theme. And it's a little handheld gaming device, basically, oh, games on, and it runs a Linux. And so I bought one and of course, immediately packed into it, and got to the developer screen and tried running cold fusion on it, because it's living. So I figured I could get it running. I almost have it. Like, there's just a couple of things. But once I get it running on there, I'm definitely going to do a whole presentation on it. And because it's just silly, I mean, no one's gonna run cold fusion, their Steam deck, but it's
Michaela Light 13:18
Always just hoping to show demonstrate it, you know, I think Brad did get something useful running on a Raspberry Pi. And I know there was another I forget who it was, but they got a Server Monitor thing running where it would ping all their different, you know, services. And it would you know, have Raspberry Pi's have that row of you know, led, like they call it there's a word Yeah, well, they don't the lights aren't built in, but they have pins that you can stick LEDs on. And so he made a cute, you know, printed thing, and he stuck the LEDs on and you could see how all the servers were doing. You know, it was just writing on this raspberry pi and those of Rossby pies only like 30 bucks or whatever the guests the days, you know, it's yeah, they're super cheap thing to have. So I think it's a five with Wi Fi. Oh, wow. I don't know if I can afford Wi Fi with. Yeah, so you mentioned glue, Google Cloud Platform G CP services. So what why? Why would someone want to integrate that with that? And what does that provide you in your, you know, in your ColdFusion? App?
Mark Takata 14:27
Sure. Yeah. So there's basically two different things that we're going to talk about right now we're going to talk about the stuff that's integrated into cf 2023. And then there's just sort of generalized services that you can use out there. So the things that we integrated as native are storage. So if you want to put your code of images, you want to create a CDN, whatever you want, you know,
Michaela Light 14:52
This is Google's flavor of s3 that Amazon has, right?
Mark Takata 14:55
Yeah. Or blob blob on Azure. Yeah, yeah, this is they call them buckets. which is used, I guess it's kind of adorable. And they have all levels of they have like four different layers of like, you know, immediate Storage Nearline, offline and cold or something like that. So depending how you want to pay for it, how much you need to access it, you can have different layers. So we've got access to the online version built in, which is, you know, 99.9% of people use that to like pull down images and things. You can use Nearline for things like documents, but you can also use the other one depends how often you're hitting it. And a lot of times, if you've got documents that you need to hit, you kind of want them available, you don't want to wait, yeah, server to spin up. So we added that, and it's everything that you would imagine you'd need, right? So it's, you could do versioning, with with documents, which is actually kind of nice, it does it on the server, you don't have to like copy versions, and then track that it's all built in, you can actually have a whole system of, you know, how long do I want to keep this document. So obviously, different government organizations have different rules about things like, you know, personally identifiable information, HIPAA, whatever that is. So you can actually set that as rules and the system will, you know, delete things after a certain amount of time based on those those legal rules that you set up for it.
Michaela Light 16:29
Yeah, knife,
Mark Takata 16:30
Keeps it clean, keeps it clean, keeps you keeps you like, you know, when that audit comes, I got one and you'll be in compliance. So all of that is kind of built in on the server side of it. The next thing we added, which is always really hard to explain to people is something called Pub Sub. And Pub Sub is similar to SQS SNS it's a messaging system. But whenever I say messaging, they're like, oh, it's like Slack or ICQ. You remember ICU, right? Or it's like, no, it's not people messaging. It's application messaging, it's one application sending a very robust message to another application that's listening for it to subscribing to it. The best demo that I've ever seen anybody talk about is if you're, let's say, you want to go to a really big effect, right? Down Down where you live, there's a band coming that you love. I don't know what bands you would be into. But you know, Pearl jammer? That's why you listen to. And there's only 10,000 tickets, but there's 100,000 people that want to go, how would you design an application that could take 100,000 people hitting it, and then fairly, divvy up that 1000 available tickets, right you need is not take down your server. Because imagine if you just had an API, that API would immediately get overwhelmed and film, right, you spike your CPU and be gone. So what this does is it allows you to offload each of those when each request comes in, that message gets gets placed in line, and it gets sent off, to be to be waited on to process and then it comes around and then subscriber sits there and goes through each of them. And as it goes through each of them, if then can process it. So you can process maybe you process 1000 plus another 500 that are like in line. But you know, they're like alternates or something like that. And you kind of keep them in there in case someone says, oh, nevermind, I don't want to buy it, or they wait too long, and the ticket comes out. So this actually was done for the very first time at a conference called Blizzcon. Their second year, so you might have heard of Blizzard, they make a lot of very popular games Diablo Overwatch, World of Warcraft. So the very first Blizzcon had 30,000 tickets, something like that, oh 300,000 people tried to go and emit the very first one. We burned that server to the correct. So yeah, it was it was not good. Yeah, we killed it. So the very second year, they actually implemented one of the world's very first message messaging queue systems to offload that onto an observer and it worked perfectly worked like a dream, like smooth and everybody got the tickets that they wanted. We didn't take down the server or anything like that, until the payment processing came. And then unfortunately, the payment processor did go down occasionally, which we had, they hadn't. Blizzard had no control over that. It was literally like Visa going. Holy crap. What are you guys doing to
Michaela Light 19:41
Us? Yeah,
Mark Takata 19:42
So but anyway, so that's Pub Sub. So we support Google's version of Pub Sub. And it's fairly simple. You know, you've got a you've got someone creating a message. You've got a subscriber that you can create to listen to that message, messages of contact message that I gaze at It just have, you know, timestamps and things like that. You could have information on it. The other one that I actually used as a demo in one of my videos was a, an auditing system for changing data. So let's say you've got a, so I made an ID CardMaker. And whenever you edit a data, that edit, the contents of it would get shot over to another database that was completely separate from this one that would audit the change that was done since ID cards need to be washed, right? You want to make sure someone's not like changing their name to, I don't know, to mark the kata trying to get into the Adobe comments. No, right to get any ideas. I see. I see like, totally do that. Yeah, my hair.
Michaela Light 20:46
But the messages are secure, you can't enter you know, you can't go there on the same server. It's not like sending an email or my golf somewhere be intercepted.
Mark Takata 20:56
Correct. And I think they're encrypted at rest and in in sending them so. So that was the second one. And then the third thing that we have a native integration for is something called FireStore, which is a vector database. Basically, we're a document database. And I'm not sure if you've ever played with Dynamo DB over on AWS. So Dynamo is sort of famous for being one of the fastest databases in the world, like the thing that's just hyper quick. It's also painful to use, like, I do not like that database. And maybe they've changed it. Since I've, I haven't used it in over a year. Because how it was just like, yeah, hair being pulled out of my head, it just really doesn't have every user friendly. On Google side. phytomer, I have never used such an easy database in my life, it is so friendly and so easy to get into. I didn't even have to take any training or look up any anything. I just sort of just, you know, went and looked up. Okay, well, what's the what's the code look like to hid this from from CFR?
Michaela Light 22:05
Like one of those no SQL databases? Exactly,
Mark Takata 22:09
Exactly. So there's, there's like, there's categories, and there's documents and a document can have up to one megabyte of JSON data in it, which which is doesn't sound like much, but actually, one meg of text is a lot. And so you have to be a little bit careful about what you're holding in it. But yeah, it's for non normalized, no SQL data. And it's super fast. The nice thing about it is it's very user friendly. So like, if you, let's say you hit the database and try to do a write to a category and a document name with some data. But none of that exists, right? I mean, you're off is right, your authentication is correct. So you've got rice, but you want to write something and it doesn't exist yet. It will actually write it for you, it will just assume that you just want to write this new category. And it'll just write it for you. Which also, you know, if you screw up and this type is not goodness, but the first time I did that, I was like, oh, that's, that's really friendly. That's a really, I don't have to sit there and like, go create the category, go create the document, then then fill the document and just do it. Why don't I do I do like that one. The other nice thing in GCP across, I think all of these except for storage is there's a free tier you can play with. So if you wanted to today, you can go download a free trial copy of ColdFusion 2023 off our website and go and create yourself a free account on GCP. And you could play for free.
Michaela Light 23:43
I don't think the storage is that expensive. Unless you're getting into large amounts. You just want to play with it. It's only a few cents. And
Mark Takata 23:49
it's pennies. Yeah, it's literally pennies. Yeah, there's not much. But they will ask you to put a credit card in, right? Yeah. And you have to be careful. Like if you put like if you put this video up or something. And then like the millions of ColdFusion developers in the world, all downloaded it, you get it?
Michaela Light 24:08
Yeah, you might get a big bill. So all of those features you mentioned all have new CF tags and functions that let you do it straight from ColdFusion. You're not going out to an API or anything. It's all built in. It's
Mark Takata 24:22
All built in, you're using your built in authentication, which is a really nice feature. So this is this is a nice feature for companies that have, you know, a little bit of a bigger development base, right? If you have juniors and mids and seniors, sometimes you don't want your junior developers to necessarily have like either full rights, or maybe even the authentication information like you kind of really want them to have that in there. Plus, you don't want that in your code most of the time. So you can actually create the authentication object inside of your administrator which those developers have to have access to. You just give them the name. And then we've got we've got a function that can goes out and says, you know, get get off information, create this object. And then that token can then be used with our built in functions to read, write, delete, update, whatever in storage, create Pub Pub stuff, all of that, you know, read and write to the, to the FireStore. database, it's all built in. So that is a nice thing. So
Michaela Light 25:20
You have a choice A, you can either define it in the CFR manual, I assume there's an optional parameter where you can just pass it,
Mark Takata 25:27
You could do it in your code. Yeah, you could do it in your code, too. There's gonna be a really good talk, I hope I helped Gavin has done this. I think Gavin has done this outside of it. But there's a talk he's doing doing server secrets. So what you can actually do is you can do, you can define your authentication objects in your code, but instead of adding your auth information, your keys your tokens and stuff, you can use server secrets, so that it's out of your Git repo, right, you know, on people like hacking your, your Google stuff, which you don't want, because then they will know the bill, big bill.
Michaela Light 25:58
Yes, you need to be careful with that stuff. So that's cool, you got that flexibility there. And it's nice that this is all tags built into ColdFusion. So it's super easy to use, super easy.
Mark Takata 26:07
I mentioned,
Michaela Light 26:09
You know, Google Cloud, just like Amazon, AWS, or Microsoft, or any of those other cloud things, they have a variety of other features there and you access those in the Google Cloud Platform, or you can
Mark Takata 26:26
And the reason I wanted to mention that and talk about it a little bit is often when you're talking about cloud, and you're talking about all the different cloud features authentication into those different things can be a little bit of a bear like, like, you just sometimes you have to like use, oh, you have to like do crosstalk between different things. And yeah, you could set it up and someone who really knows what they're doing, it's pretty easy. Google actually makes it incredibly ridiculously easy to do that. So you can actually, when you create your, your, either your container or your VM, whatever you're doing, when you create that object, it gets an ID, you can actually assign anything that's running inside of that Id writes to any other Google feature. So as long as it's running inside of that particular context, you've got rights to do whatever the heck you want in your other things, because they're all linked to the same account. You just have to tie those, tie those things together. And he literally is dropped down, like, yeah, you can do this, you're allowed to do this. And you're off to the races, you don't have to like tie things in with like external authentication methods, or any of that. The reason why that's good and easy is because a lot of people are wanting to use AI. And they have a really, really robust AI ecosystem at Google, everybody talks about Gemini, everybody talks about fardh, which are cool. But they have like 48 models that you can use of very various features, various costs. And that's the thing people don't really like, think when they're thinking, Oh, we're going to like create an AI startup, you know, and I asked him, Well, what are you going to use or think of using Gemini? And I'm like, Whoa, are you getting your money, right? Like Gemini is literally the most expensive one? And yeah, it's the best. But sometimes you're just identifying a woodchuck on a picture, you don't need Gemini to identify whether there's a woodchuck in your picture, right? You can use, you know, one of the other things that literally costs a 10th or 100, as much for the same amount of tokens. So they give you that, that opportunity. Yes, that choice. And when you're, when you're running cold fusion inside of GCP, you can tie into any of those 48 Really, really easily, you can even do multiple ones. So let's say you generate your content with one of the expensive ones, and then maybe you check it with a cheaper one, just to make sure that you know, grammar is okay that that sort of thing is fine. Like you can do that. And it ends up being cheaper than using just one model to do everything. Plus the images, you might want to do like sound, you might want to have it read it off so that you actually have you know, for people who, who did it read to them, right? You could you could do all of that through through their stuff. So yeah, and all of those are used, you would use CF HTTP to hit them as API's. So the power of cold fusion to tie into, like literally any endpoint is on display hair. And it's pretty darn easy. If you're running in the same context. If you're not, then you actually have to, like figure out how to authenticate in and it's doable, and I've done it, but it was a little bit like pulling teeth when I when I did it last time depending on which model you're using. Some of them are easy. Some of them it's just generate a token and you just pass the token and then you're off to the races. Some of them required you to actually like making a lot connection and do that and keep alive and things like that. So I was like, okay, yeah, like wow, Yeah, it's weird. Do you think it would be more?
Michaela Light 30:02
What are some of the other popular features in Google Cloud Platform? You mentioned AI, and you've, you've already got built in or store, you know, document storage. And
Mark Takata 30:13
Yeah, so they you, one of the big ones, that other that people use is like SQL databases, so a variety of SQL databases, you know, from Microsoft, SQL to, you know, MySQL, I think you can, you can host so if you're more of like a traditional database developer, where you're wanting to do like normalized SQL databases, you can host them in there and gain access to them. You can do things like, you can use a variety of tools for caching. So like, I think they have a Redis, I believe they do. They have their own built in load balancing systems, they have logging. So they're pretty full featured. The difference that I find between Google and say, like AWS is AWS will have 20 or 30 versions of the things that are all very slightly different from each other end, but you know, like, the thing you want is probably in there, you just have to figure out which one it is and how to use it, Google will have like, five, because for the most part, those five, one of those five will do the thing you need, it might not be absolutely perfectly perfect, but it'll be easier to use. However, on the flip side, Google tends to be a tiny bit more expensive, I found. So I don't know, it reminds me a little bit of apple. Okay, like, like, it's a little bit, it's a little bit more expensive. But you know, getting started is often a little bit easier, you don't have to quite know as much about what you're doing. So having said that, I know lots of people who use Google in production on really big scaled things, and they love it. So you know, I guess expensive is relative, right? Like, what's your budget? My budget is very low. So I tried to go with the cheap ones. But
Michaela Light 32:08
You can do I think Big Data is another one, they have a thing for me.
Mark Takata 32:12
Big data is a really powerful tool. But if you want to talk about expensive things, even Aaron was was was mentioning, like, you have to be careful if you're even if you want to, like Go Go play with it is an enterprise class. High. super powerful. I mean, you can run the biggest companies on Earth, the
Michaela Light 32:30
Data warehouse, right, it's doing today, data warehousing is expensive. So right, right. It's not something I'm going to do right now. I would definitely not on your steam deck.
Mark Takata 32:43
No, I didn't. I didn't pay for that. But
Michaela Light 32:47
Let me ask you this, if someone wants to play with this, see if they're using CF builder or VS code with some of the add ons for you know, CFML. Other add, do you know if there are add ons for all these cloud features, so you don't have to guess the syntax. And so
Mark Takata 33:05
I believe in the VS code extension, we have the the the new language features, if we don't let me know, because I'll yell at somebody. But what we don't have, and this actually came up during the talk today that Aaron did was something specific to using, like Google Storage, or one of those things that just plugs in that lets you like, you know, dragged over your your ID or dragged over your identification token or something like that, that does not exist, unfortunately. Although it wasn't really good idea. So if anybody's listening, that that'd be good. If
Michaela Light 33:41
You just want to call those API's, in, ya know, there are parameters, it's got all of that. You could
Mark Takata 33:48
Just use the extension. That's habit. And the same
Michaela Light 33:51
With as same with last year and AWS?
Mark Takata 33:56
Correct. Correct. Yeah. Yeah. And there's, I will say our documentation for all of these is very robust. Like, we made sure that we because we knew this was going to be a little bit, you know, a little bit foreign to people, like people have been using AWS for years. But I feel like Google Cloud is fairly new to a lot of people. So I wanted to make sure that they would go in there and have a really good support from the documentation side. And the Docs team delivered like, you can pretty much do anything you want. Based on the docs. So
Michaela Light 34:31
Now you met we've met we've been talking about AWS and zero does ColdFusion integrate with those I sort of feel it did in 2021. But maybe I'm misremembering. They
Mark Takata 34:39
Do, yeah. So we we cover AWS and Azure. We cover storage and messaging on both of them. We also we also have a no SQL database in AWS that we support directly. We also support MongoDB running in Azure but we don't support Cosmo direct or Cosmos, maybe Cosmos directly, which is their version of Mongo? And I'm not sure exactly why that is. But that was always a question I had, like, why didn't we do that? Because it's literally like Mongo with a little bit of frosting on it is really all it is. It's just running in Azure. So it has like Azure authentication layers and things like that, yeah, should be able to do that. So maybe that's yeah, that's the
Michaela Light 35:30
Three, three most popular cloud platforms, Azure, AWS and Google Cloud, which
Mark Takata 35:38
Is not to say that you couldn't run ColdFusion in any of the other clouds, especially if you're running it as a containerized. workload, I have seen it run on DigitalOcean. I've seen it run inside of Oracle Cloud. Really, any place that is running some kind of containerization that you could drop your, your CF server onto, almost certainly will work. And if it doesn't, let me know. Because we want to make sure that you know, especially for that type of stuff. And we are also certified on a number of different Linuxes out there, and we're trying to add to that as we go along. But there's, you know, it's like JavaScript frameworks, there's like a million clinics
Michaela Light 36:17
Out there seem to be quite a few. Yeah, everyone
Mark Takata 36:21
Wants their own little flavor, their own little funny name. So at the end of the day, they're all pretty much, you know, like, we hit the big ones, obviously, you know, we hit like Red Hat. Like
Michaela Light 36:33
Now for those key features like storage and message queues. The is the one CF tag that does deals with storage. And it works with any any cloud provider, you support the three main ones. Right. So there are different tags for each one. How does that work? Yeah, so
Mark Takata 36:53
There's something called multi cloud. Thank you for for mentioning that. So we back way back when we first introduced multi cloud, I think in 2018, the idea had been that we would create one, one tag to rule them all, since I no way to learn the ring, one tag to rule them all for all of the different cloud stuff. And so like, no matter what cloud you read, you can use the same syntax, the same nomenclature, and you could use storage, you can use the same tags and same nomenclature, and do you know, messaging or whatever, unfortunately, cloud went this way, that way, that way, that way, that way, and it soon became so complex that we were unable to, to do that, for all of them. A great example, is like Dynamo DB and FireStore are so different from each other, even though they're both no SQL databases. They're both backend databases, they the way that you interact with them, and what they're expecting, is completely different from each other. And that just means that we would have either had to, like put in basically different different tags inside of the same code, which, wow, what that's no good for anybody, right, you're not doing the same code to do the same thing. Or we just left it out, which made more sense at the time. So. So storage covers all three storage, it's the same as SQS, and SNS. And I believe Pub Sub all do things nearly the same or exactly the same. What you do get across the board for things like dynamo, and FireStore is the authentication object so and create that inside of the administrator. And you call it it's called the same way, no matter which one of those products that you're using, which is a nice, that's like a nice feature you get you get to do off in a way that makes sense. For you so. So that is the one place that we've held firm, to try and like keep it safe, because at least that layer is the same across you know, you're gonna be authenticating in some way you're gonna get a token in some way. And we can sort of normalize that across all three. But yeah, as things got added, as I mentioned earlier, you know, when when storage first came out, it was just storage, right? It was just it was just s3 right now, I think there's 19 different s3 He's joking, right? There's all these different levels and layers and speeds and sizes and regions, right? They
Michaela Light 39:23
Want to maximize their income and providing just what you need. Exactly, exactly. Put it to put it more politely you can cut your costs by having slower storage fast what you need for archiving,
Mark Takata 39:36
Or even if you do it across customer some of the storage types have the ability to mirror them across regions so if you need to harden your your stuff, you can use that storage tight and you can be sure if you know lightning bolt hits the southwestern US and levels it your stuff in the Pacific Northwest will still be okay Um, yeah, so, but what that meant was, you know, obviously, the three cloud providers didn't get together and say, let's all do this the same way right now, of course, that they had different things. And so we just said, Okay, we're gonna cover the use cases of the majority of our customers, because at the end of the day, like, the majority of our customers are just doing sort of the same things are going, they've got images, they have documents, they're storing those, they need to get them back. There's no fanciness really necessary. And, and that's what we wanted to support, because that's what people were asking us for. And there's still people today that are like, boy, this cloud thing Sure. seems great. We should think about going to it. It's like, yes, that's 2020 for you guys. You're not in, you're not in the cloud yet. Seriously.
Michaela Light 40:51
So everyone is in the cloud, you know, they're
Mark Takata 40:54
Not, they're not they don't have to be in and I've actually, I've talked to companies who have who have made really good cases for not being in the cloud. Yeah. And, and I honestly, like I tried to fight back against them, but they won. They had the numbers, it would have cost them 10 times. Real. Wow. Yeah. But you know, they own the land that they're, that their stuff is on there. Their electricity is cheap. You know, like all of these things kind of NASS, now, if that facility gets hit by a meteor, they're kind of screwed. But you have information
Michaela Light 41:31
I don't have about things happening this year. I mean, I know lightning, taking out the whole Southeast and Northeast, and then
Mark Takata 41:40
Oh, it's only February, somewhere else. Pretend I didn't say.
Michaela Light 41:45
Well, we're on wind back the show. Yeah. But it is good to have at least a disaster recovery plan. If your server goes down in advance your cloud is it's very, you know, you could save the image, it's easy to spin it back up. If you're lucky, it only takes you a few minutes to get it back. Exactly. Yeah, I can also see what you're saying. But you can spread it out geographically. And that also affects performance. Because if you've got customers in Europe and customers in the United States or Asia, you can have it more local to them. So
Mark Takata 42:20
There's an entire thing called edge computing that that ends, you know, covers covers regional speed and covers
Michaela Light 42:26
Edge cases. Yeah, it does cover edge cases. But oh, okay. It lets you be closer to your to users. And Cloudflare do a whole bunch of features that we should have someone talk about that because they are a candidum. Famous CFO, he doesn't do some RCF these days, he does do a bit. And he did a whole blog thing about, you know, running these little local processing, whatever they call them workers. I think they call them worker. Yep, though. Yeah, speeds it up. So anyway, let's get back to Adobe coffee 2023. Graph QL. I think you added a bunch of stuff for that. But maybe we better explain what the heck Graph QL is, because some people have told me they thought that was just a Facebook thing. And they shouldn't care.
Mark Takata 43:13
Yeah, no, that's a really good point. So So Graph QL is a fantastic story. And I'm going to I'm going to talk about it and maybe cut this part out if it's boring. So
Michaela Light 43:23
We'll keep you interesting. I've got meteor coming to land near you soon, we'll keep you fully
Mark Takata 43:30
Excellent. Don't have it land on my cards, still paying it off. So okay, so Facebook, it did come from Facebook, actually. So that that part of the story is true. Originally, Facebook had a problem, and that was that they were spending way too much money on bandwidth. And the problem was, if you're familiar with like how a REST API works, often rest API's do one thing really, really well. They get some data based on an ID or maybe the, you know, like a range of things. But they're not really good at filtering complex datasets back. And that's what Facebook has, if you look at their homepage, you have all kinds of crazy interlocking data that is showing you images, you have stories, you have comments, you have likes if this that and the other thing. And so what was happening was they just were not able to keep up with the RESTful interfaces in a way that didn't over return on every single return. Now, if you're I have a little bit of over return on our on our REST API. Maybe it costs us five cents a year. I don't know like I mean, you less than I because your website is actually very, very popular. But like for me, like nobody goes to my website. So often these episodes,
Michaela Light 44:47
They're gonna be flocking to it. That's true. Put
Mark Takata 44:51
That on there. But for Facebook, it was literally 10s of millions of dollars of wasted bandwidth and it was getting worse and So their technical management went to their engineers and said, We need a solution for this. You guys need to fix this, please, because this is only getting worse, we have no way to we have no way to solve it, please make it work. And the engineers kind of got together and came up with nothing. They couldn't figure out a good way to do it. Because anytime you start to make complexities inside of restful API's, the maintenance goes out the window, right? And then you just end up with this total garbage pile of API's with no documentation, it sucks. So like, I think one or two people in the company, that this idea of saying, Well, what if we could query that endpoint? Right? Like, what if we could do instead of just saying, like, Give me what you're going to give me with maybe a little bit of filtering? What if I could send a query in and get exactly what I want? And and the other guy was like, yeah, that that, what, what does that it's like nothing, nothing does that there's not a technology like that yet. But why don't we build it? So this, this is what smart people do, apparently, it's just spend a weekend and drink a lot of coffee and other beverages and say, I'm going to build this this tooling. So at first it was these two guys. And then they brought in a third who was like a hardcore computer science geek. And that person really brought just a lot of tightness of the performance. And they built this thing, internally tried it out. And it was wondering if everybody loved it, it cut their over returns by, you know, 99%, or something crazy like that. And so they started using just a couple of things, because they weren't sure like, is this actually going to work or not? And it did, it worked beautifully. And so they used it more, they expanded it out into the company. And then eventually, one of the three said, why don't we open source this? Because this is, this is amazing. This is like, this is a game changer for for everybody. Do you think you get permission to open sources? Maybe Yeah, maybe I don't know. Like, you know, we're not selling the product. It's not like it's a product that we would be losing out on. So they got permission to do it. And then they refactored the entire thing with what they had learned over the past three years, they completely rewrote it, end to end and released it as an as a publicly available open source product. And they started a foundation called the Graph QL Foundation, which is now out there, they're the ones in charge of the actual product. And it's available to anyone to use, it's used by some of the biggest companies in the world, like their their company list is somewhere in the range of you know, a trillion dollars for something of revenue, like it's the big, the big companies using. Even if you take out the the Facebook part of it, it's still, you know, a lot of money there. So I actually saw a really great documentary on this. So I know about it. And I saw this long before I joined Adobe. And I always thought this is something we should think about supporting. And in fact, when I interviewed for my role here, three plus years ago, one of the things that I mentioned in my interview was that I wanted to do this. And so when we started looking at doing all of the features that were going to go into 2023, I was I brought this to them, and I said, Here, we should do this. And they said who's using it? They said like five companies? And they're like, No, and I'm like, no, no, no, look who the companies are. And then you know, when we checked, it was 15 companies. And now it's like 30, or 40, you know, several years later, or more. But it was a chance for us to do something that we really hadn't done in a really long time, which was to be ahead of the curve. Because it was clear to me and it's I think it's pretty clear to the industry, this is the way that people will probably be doing a lot of their querying into the future. It just works better. And to give you an idea of at a very simple level, what Graph QL is, instead of making a RESTful endpoint, and passing in maybe an ID or a parameter or something into it, you send the endpoint, a JSON file with the structure and the information, the query information of what you want returned. So the structure of your query looks exactly like the structure of your return, which is never, that's never been done. Like think about SQL, right? SQL looks nothing like what you get back. The structure of your SQL doesn't look like your return. But here it makes it just makes like the first time I saw it when this just makes sense. This is just brilliantly simple. Like you know that it's going to be like this, because you that's what you sent in and it returns it back. The hard part of it, which is not in ColdFusion yet, but it's coming hopefully in 2020 f5 is, so we support reading in Graph QL. If you have a Graph QL endpoint, which there's a lot of them out there, a lot of people have opened up their stuff, GitHub is one of them. You can query that. So I can send a document to an it'll return back that if you want to take your data and expose it as Graph QL, it's a lot harder to do, you actually have to create a set of rules, right. And those rules are sort of complicated. And you can do that today, you can use something called Apollo, there's a Java implementation of Apollo. In fact, we ship it with cold fusion, if you want to play with it, it's in there. But you would have to manually go in and create all of the rule sets for it and expose it that way. So I didn't want to do that. I felt like if you're gonna use cold fusion, it should be easier. It should. It should basically democratize the process of creating your endpoints just like CF query made querying databases easy, as you know, falling off a log, I wanted that. But it's a non trivial problem. It's actually incredibly complex to automatically build out those things. And there's a dozen different ways that you could do it. So at the time,
Michaela Light 51:13
So Google Cloud Platform AI, do the help put it together, you know,
Mark Takata 51:19
You choke, but I
Michaela Light 51:21
Not joking, I was being serious. Read the API specification. Yeah. And it could massage it into the graph. QL
Mark Takata 51:31
That is one of the ideas that I've put forth is to use AI and look at a RESTful endpoint in the documentation, your swagger, Doc's and using swagger Doc's to build the rule set. And then of course, put it in there and expose it, it's totally doable that way. But there's other ways you can actually use just swagger Doc's and use that as a, as a thing. You don't really need AI necessarily, although it'd be useful just for like security, like things maybe that you don't want to expose out in certain ways. And just be smart enough. But yeah, it's, it's so we are working on that. It's, it's definitely, I want it to be one of those things that when it shifts, people just their jaws drop, and we weren't going to be able to get that into 23, probably not even into 24. Because again, it's it's one of the harder things that I've ever had to do with the product. And by the way, no one else has really done this in a way that is as easy as I want it, there's a couple that are close. They they've actually designed their, their endpoints. So there's a there's a company that lets you point at like a Google sheet and access it one way through Graph QL. And I have a talk, I actually have a talk on that on the YouTube site. But the thing is, the structure of the Google Sheets never changes. The difficulty is when you have n number of complexities inside of your data, that becomes a little bit tougher to actually access. So so there is that, but I highly recommend people look into it, it's a wonderful thing to play with. And it's coming like the same way that if you if you don't know how to build, like RESTful endpoints and API's, you're way out of date, it's going to be that way, in the next three to five years with Graph QL, people are going to start running into that as a job requirement. A lot. I
Michaela Light 53:23
Mean, it's, it's so simple in ColdFusion, you just make your CFC and you change one parameter. And now you've published the RESTful API. So exactly, where it used to be really hard to write these things, if you did it correctly, and that's,
Mark Takata 53:36
That's kind of what I'm trying to do here with, with this. But it's the same way like you know, soap used to be the way that you would use the web services. Right. And sure, it's still around. But I can't remember the last time I saw it, you know, requirement that said, so
Michaela Light 53:52
Restful API's where it's at. Now, now, we had an episode of a while back with Mark drew all about doing Graph QL. And I think this was possibly pre Yeah, this was pre CF. Yeah, 2018, he was doing it by hand. But if people are interested, I'll stick the link to that, because it does kind of talk about why you want to do it. Cool stuff you can do with it. So and I like how in Adobe ColdFusion 2023, you've got the high level stuff, but you can also go native with Graph QL if you need to. So
Mark Takata 54:30
Definitely a drop down into it and do whatever, whatever you want. We do ship Apollo with it. I believe. I believe it's in there that you can use some
Michaela Light 54:37
Very cool. Well, let's talk about you mentioned JSON and let's talk about JSON web tokens which J WT which was added in in Adobe ColdFusion 2023. Yeah, this is what is first of all JSON I think most people listening probably know what JSON is. It's kind of like, what's JSON. So
Mark Takata 54:58
JSON is an It's an object that contains some string representations of data, usually, you know, ID value or some sort of, you know, identifier value, key value pair type. So
Michaela Light 55:11
it's a structured text. Basically, it's a structured text very structured. And, you know, is JavaScript Object Notation is what it stands for, was racing out in my brain there. But it's a way of structured data between API's or between different applications or saving data into a text file, sticking it into your document object in your Google Cloud Platform or referensi.
Mark Takata 55:41
Volume stuff. It's millennial XML.
Michaela Light 55:46
Yes, it's okay to be more modern XML. It's a why is it better than XML? I never totally understood that.
Mark Takata 55:53
You know, I have people arguing it's not necessarily and I'm not sure they're wrong. I think it's less, it's less structured, there's less scaffolding, I should say. So when you actually like read, it takes up less room. So when you pass it across the wire, it uses less bandwidth. But honestly, I mean, I, I've done everything in XML that that you could mostly do, and it's just because of passing data and you know, structuring it. No,
Michaela Light 56:24
It does. And in fact, we're sorry, analogous to a struck strat in cold fusion, right? It's basically exactly the same. You've got nested whatever you call them attributes. Yes.
Mark Takata 56:37
Yeah. And you can you can, you can actually see if you can go back and forth pretty easily between
Michaela Light 56:41
Yeah, you can suck it, you can start JSON into a strap and process through it, or vice versa. You can take a straw admit to out into JSON. Correct?
Mark Takata 56:50
Yeah. So So JSON Web Tokens are a little bit different than just JSON. So these are, these are used for page to page authentication to prevent things like man in the middle attacks, or cross site scripting or things like that. They're in this very strange realm of security, where you have to be careful what you use them for, because they're not just like, like some people, like, oh, I can secure my website with it. You got to be a little careful there, you can't really do that necessarily. But you can lock down like, if you have a page that's passing to another page, and you have a limitation on what you can do for like, c cc and R F, I think is the CSRF, where you're like actually making it so that your form knows that it's being submitted from your own website, it's not being injected or something's changing. If you're doing if you're doing some form of stuff that you can't actually use some of those technologies, this can actually help to limit the ability of external forces, injecting stuff into your site and bots and things like that. It's, it's actually pretty nice. Aaron rouse from Google actually uses this to authenticate from a server into his vertex AI implementations when he's not running his stuff inside of a container inside of Google. So it can be used for authentication. I think some people might argue that's a misuse of it, maybe, but it does work. So it's one of those things, you know, you just gotta like, choose your demons. You know, what you want to use it for? But so
Michaela Light 58:32
So a simple way to think of it, you could, it's analogous to the check digits that get put into some data. That's a good you can verify that the JSON all the plaintext data you sent around didn't get tweaked with, it's just some, you know, a hashtag or not hashtag, a hashing of the data or some other way that you know, it hasn't been manipulated. So the token relates to the data. And
Mark Takata 58:57
The two. It's like a secret handshake. That is a handshake,
Michaela Light 59:01
Secret handshake. And we'll be doing Monty Python sketches next.
Mark Takata 59:04
Yeah, so I'll do the missed the Ministry of Silly Walks later.
Michaela Light 59:09
Yes, that's right. There'll be a new tag in ColdFusion 2024. So, so anyway, this is now built into ColdFusion, this ability to have JSON Web Tokens emitted with you know, out and read in and verify Am I assume?
Mark Takata 59:25
Yeah, correct. Yeah. It's, it's, it's the whole, it's the whole deal. The whole enchilada. This is this is another place where I mean, I wouldn't say that we're necessarily ahead of the curve here. But this is not one of those things that's used everywhere in every website. It's kind of coming up. It's a new technology. It's a alternative technology to do some of the security stuff and you know, we try to stay on top of that, that sort of thing. So this was something our engineers actually brought to us saying, Hey, we should really add this we've had people asking for it, you know, a little bit but also like we know based about research, this is something that's going to be important as more sites do like zero trust and things like that. This is a good thing for us to add. So we added it in, in Oh, cool. Yeah, I think leashes were engineers. Yes.