Just another webdev site

Every now and again these articles pop up about the future of Coldfusion, I myself wrote such an article some time ago.

It’s my believe that Coldfusion, the application server and CFML the language suffer from what is known as the law of dialectics of progress. In layman’s terms: the law of the handicap of a head start.

In 1937 a Dutch journalist and historian, Jan Romein wrote about the dialectics of progress. Simply put it explains why more advanced solutions can create a problem for the adaptation to new evolutions in the future.

One of the examples Jan writes about is such as the fact that London at his time still had public lighting based on gas lamps while the rest of the world was moving towards electric lights. Because then London was ahead of the rest of the world it had massively invested in gas lamps while the other cities didn’t even had gas lamps. So for these cities it was easier to switch to electric lamps. The fact that London had lamps that worked well and had invested a lot in it caused a delay in the adoption of new technology.

I believe that this is in part causing Coldfusion to lose much of its appeal. At the time Coldfusion was so far ahead of any other server-side web technology and was so easy to use that not many people felt the need to keep an eye on new evolutions that were taking place. These evolutions led to test driven development, use of version control, no-sql databases, ORM …etc. Although Coldfusion and it’s community is catching up in those fields it wasn’t leading this evolution mostly because of the handicap of having a head start, nobody really felt the need to try new ways or were hindered by the closed source model of Coldfusion.

When looking at cfml as a language it’s clearly far behind any other language. Mostly because all other web technologies are based on languages that are not only used as “web languages” but are programming languages in their own right. Think of Python, Ruby, Java, Clojure and even PHP and Javascript to some extend.

Of course that’s not the only reason, the fact that Coldfusion until recently (with the advent of open source alternatives) has been closed source hasn’t really helped in terms of adoption. The expensive & complex licensing model is also not appealing to young developers who want to experiment, start up a new company or just create a simple blog.

Some people deny that there is a problem others complain about Coldfusion and prophesize it’s downfall. I’m sure the adoption of Coldfusion will not grow much in the future, there are fewer jobs around and more and more companies are switching to alternatives mainly because it’s hard to find Coldfusion developers these days.

What bothers me is that we are all (including me) good at analysing the status quo instead of focusing on the future.
TV didn’t kill radio, internet or digital magazines didn’t kill traditional magazines or newspapers. In that sense I don’t think CFML will disappear either.

Many business decisions are made not on the quality of a product, but on other grounds, like what’s trendy or how easy is it to find programmers or what strategic benefits a cooperation with a certain company offers and so on.

People choose Drupal or WordPress not because they are written in PHP but because they are good and can be installed nearly everywhere. Ror or Django are said to be superior to PHP and yet PHP is still more popular, has more well-known apps. So it’s clearly not the technical merits that define popularity of a certain technology.

Think of Apple how it used to be great then went almost bankrupt to rise from its ashes again. What it needed was a new OS and a focused leader. Apple has taken drastic business decisions, like switching from OS 9 to OS X, cutting down the amount of products, from powerpc to intel, from being a computer company to building consumer devices and selling music online.

Coldfusion has done that once in the past by switching to Java with Coldfusion MX, now it’s time to reinvent the language. What I believe should be the next step either the adaption of the existing programming language or the creation of a new language that would be modern while keeping the philosophy of CFML. Something new, fresh, possibly revolutionary that will attract young developers. Combined with a demo of building a powerful app in minutes that would blow away the competition. Marketing is important whether we like it or not. A scenario like this would put CFML back on the map.

Does this mean we all have to start complaining about Adobe and why it’s not doing more for CF? I don’t think we have to wait for it until it’s all handed to us on a plate.

Let’s embrace open source and show the world Coldfusion or rather CFML can coexist with Django, RoR, NodeJS …

The advent of a company like Railo is addressing a lot of the problems that Coldfusion is facing.

• Open: it’s open source
• Modern: It’s introducing lots of new modern features
• Hosting: cheaper and more hosting options
• Commitment: Has made a 10 years commitment
• Good product: Lightning fast product and a fixes bugs fast
• More focus: Railo (CFML) is its primary product not one of the many

I’m not pessimistic when it comes to the future of cfml, I see a change that has been going on for a few years, new frameworks like FW/1, Coldbox lite, Coldfusion on Wheels are all very modern. I see companies like Mura embracing an open source model and working with Railo or ContentBox that offers a modular CMS.

The seeds are there.

I have thought of email-obfuscation and how most used methods of obfuscation either have accessibility issues, are already within reach of the spam bots.

Now why do most of the techniques fail I wondered, well they have one weakness if the spam bot works via a browser instance rather than just scraping source code they will be able to capture exactly what humans see as everything will be rendered by a combination of  html, JavaScript and CSS. So eventually spam bots will catch up with all methods unless we add a human factor to it, something spam bots can’t do, like filling out CAPTCHA’s.  Everyone hates does right?

One of the methods that was safe to use (according to this blog: was this one:
Nine ways to obfuscate e-mail addresses compared)

HTML

<a class="contact" href="#">moc.liame@eman.ruoy</a>


CSS

.contact {
unicode-bidi:bidi-override; direction: rtl;
}


The reason this one works is that even when it’s rendered by the browser if you copy it from the webpage it will still be reversed. This method works good both has one major drawback you need to copy the email address because there’s no mailto link. But on doing so you get the reverse address.

To enhance it you could add JavaScript to add a mailto link

JS


$(function() {
var e = $('.contact').text().split("").reverse().join("");
$('.contact').attr('href', 'mailto:' + e);
});


But still if the spam bot works with a browser instance that evaluates the DOM after JavaScript execution you could have written it in clear text it wouldn’t have made a difference. So if we add a little human factor here it would be a bit safer. So instead of loading it on documentready we activate the JavaScript onmouseover. This involves us going to the email-link and moving the cursor over the text.


$(function() {
$(".contact").live('mouseover', function() {
$(this).removeClass('contact');
var e = $(this).text().split("").reverse().join("");
$(this).text(e).attr('href', 'mailto:' + e);
});
});


Of course all it would take to break this method is a spam bot that checks the bouncing email addresses that seem to start with a TDL (top level domain) and see if reversing them to does the trick.

So I did a little experiment to see if we could avoid having the email address in the html source using another CSS technique, while making it a little more accessible in case JavaScript is disabled.

• I want something that shows an email address with JavaScript disabled
• Something that didn’t store the email address in the html or JavaScript pages
• Something that would be clickable when JavaScript was enabled
• Something that would require some human factor

First attempt was to do something like this (see below) but I assume spam bots see right through it

HTML

<a class=”contact” href=”#”>
your.name AT email.com</a>

I would then replace the span tags with an ‘@’ in JavaScript and enable the mailto link on mouseover and remove any whitespace or line breaks.

JS

$(function() {
$(".contact").live('mouseover', function() {
$(this).removeClass('contact');
var e = $(this).html()
.replace(/(?:.*<\/span>)/, "@")
.replace(/\n|\s|\r/g, "");
$(this).text(e).attr('href', 'mailto:' + e);
});
});


In CSS we could hide the spans and set the ‘@’ sign through the content property

CSS


.contact2 span {
font-size: 0px;
line-height:0;
text-shadow: none;
/**color: transparent;*/
}

.contact2 span:before {
content: "\0040";
font-size:16px;
}


This solution would display your.name AT email.com with no JavaScript and no CSS enabled.
with CSS on it would show your.name@email.com
with CSS and JavaScript it would show the same link but with the mailto functionality enabled.

What if we move the entire email address into the style sheet? I hear you separation of style and content. Yes but just as an experiment let’s try it. Maybe bots parse the style sheets as well, I don’t know.

Let’s say we do this it won’t show anything with CSS and JavaScript disabled, sorry.

HTML

Contact Me


We set the email address in the CSS (Yes it’s bad). Hide the original Contact Me and replace it with the email address set in the content property and show it only on hover.

CSS

/** Is needed because we can't get content from pseudo selectors **/
a.contact span {
content: "your\002e name\0040 email\002e com";
display: none;
}
/** Opera replaces existing text when using content: while other browsers add stuff to it. So we need to hide the original content in all other browsers

http://nicolasgallagher.com/another-css-image-replacement-technique/**/

a.contact:hover, a.contact span {
color: transparent;
font-size: 0;
line-height: 0;
text-shadow: none;
}
/** Add the email address in front **/
a.contact:hover::before {
color: blue;
content: “your\002e name\0040 email\002e com”;
font-size: 16px;
}

From the within the JavaScript we get the email address from the CSS, then create the mailto link

JavaScript

$(function() {
$(".contact").live("mouseover", function() {

//to make it work in Opera add a span
$("").appendTo($("a.contact"));

//get the CSS classname
var a = "." + $(this).attr("class") + " span",

//get the content of span from the CSS
//Strip quotes from the result (bug in webkitbrowsers?)
a = $(a).css("content").replace(/['"]/g, "");

//set the mailto to the CSS content
$(this).attr("href", "mailto:" + a)
});
});

This is not a recommendation to obfuscate your email address rather some experimentation to see if I could come up with different ideas. Nearly all obfuscation methods have a weakness. I also didn't test these with older browsers or IE. It works in the latest version of all major browsers with the exception of IE which I didn't test.

If all website owners would add a few extra fake but working email addresses to their site but hidden from view using css but present in the source of the html.

Spam bots would come along go through the source-code and grab all email addresses including the fake ones.

Spammer send mails to all the email addresses then some “anti-spam software” logs all mails sent to fake addresses before your real email address is checked. All emails which are similar to the logged spam emails will be filtered from real emails on your real email account.

You probably have noticed that many programs are not retina ready.  So here’s what to do to get the most out of it for the time being.

1. Chrome, the latest version 21 is Retina ready so go and download the latest Chrome version (https://www.google.com/chrome/).
2. Twitter client from Twitter itself is still not retina, Tweetbot (http://tapbots.com/tweetbot_mac/) still in alpha but very stable and retina enabled
3. For Firefox follow this Japanese tutorial (http://translate.google.com/translate?hl=nl&sl=ja&tl=en&u=http%3A%2F%2Fhitoriblog.com%2F%3Fp%3D9023&anno=2 ).
4. For Eclipse and Eclipse based apps like Motodev, Aptana or Coldfusion Builder check the accepted answer for this question (http://apple.stackexchange.com/questions/53717/how-does-eclipse-work-on-new-retina-macbook-pros).
5. Some apps are just launched in low resolution, you can change that by right-clicking the app and click “Get Info”  & deselecting the check box “Open in Low Resolution“.  Retinalizer, –>(http://hitoriblog.com/wp-content/uploads/2012/07/Retinalizer-0.1.zip) helps you to automate this.
6. Sublime Text 2  –> The latest nightly is compatible with retina.
7. Pages, Numbers & Keynote (Apple has an update out that fixes this, just check software update)
8. Dropbox –> (http://dl-web.dropbox.com/u/17/Dropbox%201.5.10.dmg) this experimental build is retina compatible,  note this is an experimental build.
9. Lastpass for Chrome has an updated version that works on retina screens  –> (https://lastpass.com)
10. VLC –> (version 2.0.2 supports retina)

If you are the lucky owner of a new MacBook Pro Retina chances are you are faced with this problem: http://oi49.tinypic.com/2im2wys.jpg (http://code.google.com/p/android/issues/detail?id=33383)

Now most post related to this problem recommend you install some software so you can use the 1400×900 resolution WITHOUT HiDPI however that also means you lose some of the benefits of the retina display.

So while looking for alternatives I came across Buildroid for VirtualBox:  http://www.buildroid.org/blog/?page_id=121.

This solution is awesome, it works super fast, I mean really lightning fast as fast as the actual tablet in my case.

While most is explained rather well on the above page for Buildroid, there are some things specific to do for the Mac version.

For example the blogpost tells us to unlock the screen on the virtual android tablet via the Home key.  To do this on a Mac I discovered you can use the ESC key + mouse to unlock and to go back you can just use the ESC key.

Another thing that took me a while was to get the networking part done.  In the VirtualBox Preferences set a vboxnet0 up, see image below.

In the settings for the virtual machine under network setup the following:

And this one for the internet connection of the virtual tablet itself:

On the tablet you ‘ll notice an android icon with a cook’s hat click on that to get the ip-address and to set your preferred settings.  For me this works best.

Then in the Terminal use “adb connect IP ADDRESS“. (see screenshot above to get the ipaddress)

What’s left is to set up an android remote device at that IPADDRESS in eclipse or motodev, should show up  automatically after doing adb connect IP ADDRESS

And you are done.