Web Software Architecture and Engineering – Life on the Bleeding Edge


Adobe is shooting itself in the foot. Because of Flash’s history, with security concerns and performance issues, downloading the latest and greatest Flash player should be as simple as humanly possible. But that is not the case.

To download Flash Player 12, I had to go through the Adobe’s website. Updating from with Flash Player 11 didn’t seem to be an option.

That isn’t too bad a problem, except for 2 days I tried to download from Adobe’s website, and wasn’t able to.

All I saw was this:


Every time I clicked on “Install Now”, it linked me back to adobe.com.

Until I realized that my Ghostery add-on for Firefox was blocking Omniture. I paused Ghostery, reloaded the page, and saw this:


So McAfee, while it is “optional”, is really required in the sense that it must show. The same cookie is required for the “Install Now” download option to work, otherwise it links back to Adobe.com.

So basically this tells me that to download Flash Player, I have to allow advertising and cookie tracking, and if you running any secure blocking of those cookies, you can’t upgrade your Flash Player, it doesn’t even fail properly to the correct download link.

I also tried the “Are you an IT manager or OEM?” link hoping it would provide an executable I could download, but that required a separate registration process.

Dear Adobe – stop penalizing people who are trying to make their browsing experience as safe and secure as possible. Your desire to track things with Omniture shouldn’t trump basic common sense.


Sunsetting Mach-II

Sad to see Mach II being sunset, exact 10 years after it was introduced.

The Harmonious Programmer

Rather than leave things in an uncertain state, we feel it is best to announce that the current team behind Mach-II will no longer be working on or supporting Mach-II moving forward.

Peter, Matt, and Kurt have all moved away from CFML to other technologies: Peter and Matt to Python and Django, Kurt to C#. Since we are no longer doing CFML development and our time will be filled working in and contributing to projects in our new primary languages, we are no longer able to effectively develop and support Mach-II.

Mach-II is a stable, mature framework and is used — and will continue to be used — by a large number of organizations for their most mission-critical CFML applications. Current Mach-II applications will continue to run just fine of course, and if Mach-II does everything you need it to do there’s no reason to stop using it. The code…

View original post 188 more words

And it doesn’t stop. I got this voicemail from an anonymous caller this morning. He identifies himself in the voicemail, and I like how he reads off every technology related keyword, as if I’m drooling on the other end thinking, yes, thats the exact skill sets I was looking for!

Take a listen!

Today, I received this email from a recruiter. SO… MUCH… FAIL…

Things wrong:

  1. My name isn’t $first name$
  2. How did my resume end up in your database? I’ve been with the same employer for 9 years.
  3. Your clients is a global company? Wow? Do they outsource to China or something?
  4. “This division is a cloud based software application development company, building multi-tiered SaaS based web based Healthcare applications.” – using the word ‘based’ a little too much? What’s multi-tiered SaaS?
  5. “Lead a team of circa 8 Senior and Junior developers and QA staff.” ‘Circa’, really?
  6. When I clicked on your link, it looked like an old Geocities web site? Paw prints, really?
  7. “We are a highly professional and ethical firm”… sure…
  8. Your LinkedIn shows your vast experience working as a Courier for Fedex.
  9. Your unsubscribe link says I don’t have Javascript enabled. Nice excuse.

Hi $first name$

Your resume is in our database. Please let me know if you would be interested or if you can possibly recommend someone for one of the following full-time job opportunity in Irvine.

Our client is a global company. This division is a cloud based software application development company, building multi-tiered SaaS based web based Healthcare applications.


1.) Team Manager & Sr Developer Irvine – 4 year degree with 10 plus years experience. Lead a team of circa 8 Senior and Junior developers and QA staff. Experience with OO PHP, ColdFusion, HTML/CSS, JavaScript, WebServices (SOAP and RESTful), XML, JSON, and SVN version control software Understand of LAMP stack and PHP design standards- Salary 95k -110k plus excellent benefits!

2.) Sr Developer– Irvine – 4 year degree with 5 plus years experience. Experience with OO PHP, ColdFusion, HTML/CSS, JavaScript, WebServices (SOAP and RESTful), XML, JSON, and SVN version control softwareSalary 80k – 100k plus excellent benefits!

Open Positions: For full job descriptions visit www.techounds.com
If you are interested and feel you are a fit for one of the positions listed above, please e-mail me your updated resume.

About Us

TecHOUNDS is a full service Technology staffing firm. We are a highly professional and ethical firm that provides both permanent career and contract opportunities. We take great pride in finding the right career opportunities for IT Professionals like you. Our services are 100% employer paid.

If you are interested send your resume directly karl@techounds.com

Best Regards,

Karl Swierczek l Recruiter

Back to Blogging

After a much longer hiatus from blogging that anticipated, I will start blogging once again in the coming weeks. I’m particularly interested in cloud computing, big data, and the future of the web, especially as it related to JEE technologies like ColdFusion.

We just deployed a new bleeding edge CF architecture last month. I’m going to be blogging about it, and a lot more this year. Stay tuned!

I know what you are thinking. Not another ColdFusion 10 security post!

This one is serious. You need to be aware as it will, most likely, impact your application.

The issue is simple, and logically CF 10’s fix makes sense, except that is breaks backward compatibility and make some things harder on us.

Let’s work through the use case.

In an ideal world, your application would allow UserA with UsernameA to login to your application. If UserB used the same UsernameA, it should either give an error saying that UsernameA is in use, or kick UserA off and allow UserB in. This second scenario, kicking the user off, is what is the default in CF10.

Normally, you would think this is a good thing. Users shouldn’t share usernames anyways, right? Well, kinda.

Adobe’s assumption that this is the ONLY use case is incorrect. There are valid scenarios where users share usernames. But beyond that, let’s say you do a lot of server-side functional testing using Selenium or JMeter, and you have a single login for the script to use, as soon as user2 logs in, user1 is kicked out. This is what happened to us – all our server side tests started failing in CF10.

And lastly, what if you are developer, and need to login on two different browsers, say IE and FF, to compare how the screen looks and are doing your standard browser compatibility testing, suddenly you can’t – because one will log out the other.

The impact of this change is great in the way we do business as developers. You now have to support multiple logins, and in the case of JMeter test where the script ramps up to 20 concurrent users, provide twenty different logins. And then imaging deleting all that test data. The list of additional work goes on.

Some ideas that have been floated and I support, is to make this functionality optional. I would love to set this up to make it optional for my test accounts. The way I see that is a conditional setting in onSessionStart. Obviously there are other ways to skin this cat.

The downside to this is that it halts all sorts of testing for our app and our migration to CF10 is seriously tainted.

You can do a couple things. Vote here: https://bugbase.adobe.com/index.cfm?event=bug&id=3339008. And contact Shilpi Khariwal https://twitter.com/shilpikm – ColdFusion Security Czar.