Tuesday, December 20, 2005

Javascript / Firefox / onBlur / focus workaround

This is one of those issues that can waste a lot of time and makes you look like an idiot to your boss if you can't fix it.

Occasionally, I have a form where a certain type of data is possible but questionable. An example might be, entering a negative dollar amount on a purchase order. At first thought, it doesn't make sense. You generally can't order anything from a vendor and have them pay you for the privilege. If you go a little further, though, you might be able to use this as a way to correct an error on a previous purchase order.

The way I would like to handle this is to have a javascript confirm box appear warning the user that the value is normally positive. If they decide to continue, the value is accepted as is.

The problem arises when you try to run this code in Firefox. For some reason, the event model for forms in Firefox has been fubar for many years. I've been tracking this bug for 4 years.

Here is a workaround for the issue that doesn't give IE fits either:


function checkValue(fld)
{
var re = /[^\d\.\-]/g;
num = fld.value
num = num.replace(re,"");
fldID = fld.id;

if (num < 0)
{
if (confirm("This is normally a positive number. \nIs it OK to keep this negative value?"))
{
return true;
} else {
setTimeout("document.getElementById(fldID).focus();",1);
setTimeout("document.getElementById(fldID).select();",1);
return false;
}
}
return true;
}


If the code you want to execute is having trouble because of the timing of the events firing, you can wrap the code in the setTimeout function and delay it's execution just enough to get things to work as you would expect.

Sunday, December 18, 2005

Santa Rampage

"No force on earch could stop 100 Santas"

For some reason, I find this unusually funny.

Santarchy.com
Oddly Enough News Article | Reuters.com
Drunken Santa Rampage

Friday, December 16, 2005

Gmail adds contact groups

I've been looking for this feature for a while now. It comes in very handy when you want to broadcast messages to groups of developers by project.

Gmail: Help Center - How do I create a Contact Group?

Thursday, December 01, 2005

Great explanation of website certificates

Mark has posted a really good article explaining how much of a sham the certificate authority industry is. This is one case where I think IT in general just got tired of fighting the know-nothing know-it-alls in the marketing department.

So now we pay over $700 for the right to put a small grapic on our website linked to a few easily forgeable pages that is supposed to let our customers know we are a reputable company.

I'm suprised that Verisign spoofing hasn't turned into a sub-industry for organized cyber crime. They could sell Verisign Spoof Kits to phishers for, oh... say $700? (no checks or credit cards accepted, use Western Union).


Coldfusion Muse

FLUFF: Almost there...

I'm almost a member of the 50+ crowd. Git yerself a copy of FireFox and lend a hand. 1.5 seems pretty zippy.





In order to really get over the hump, though, I think Mozilla.com needs to bring back some of the distribution features that the old Netscape browser had. Specifically, we need the ability to control the rights to change features in the browser. Push distribution across the network would be good, too. And don't forget corporate branding – oh wait, you can already do that with a skin.

Graphic courtesy of Google Analytics

Wednesday, November 30, 2005

OT:Best invention of the decade

I should get one of these for my Dad for Christmas.

Funny, I can remember hating certain department stores when I was a kid because they all had an irritating high-pitched noise. My parents never believed me. I'm convinced, it was some noise made by the escalators. Then again, maybe I don't hear it now because of the tin foil hat.

What's the buzz? Teens can't stand it | CNET News.com

Firefox 1.5 and WebDeveloper Toolbar

FYI, the really cool Web Developer Toolbar extension for Firefox does not appear to be 100% compatible with the new Version of Firefox. For me, every url entered in the address bar triggers a separate tab visiting the w3 html validator. Pretty annoying, to say the least. This had me freaking out looking for all sorts of viruses and spyware without turning anything up.

After I uninstalled the extension, the problem is gone. I took a look at my traffic with ethereal, and there is no strange traffic, so I think that got the problem.

I notice that there is a little asterisk next to the 1.5 entry on the FireFox extensions page for the toolbar, so I guess that should give us a heads up as well.

Tuesday, November 22, 2005

ColdFusion/Dreamweaver and MSSQL Gotcha

A while back, I mentioned that there was a problem with Dreamweaver in that if you have lots of stored procedures, the database panel made it next to impossible to find them. They were sorted by the internal object ID assigned to them by MSSQL when they were created. A pretty unpredictable number.

With the release of DW8, the panel now sorts them alphabetically. Nice.

Here is the new problem. Not only are the stored procedures sorted alphabetically, but so are all of the arguments. At first this might seem like a good thing, and I wish it would work out that this would work. Unfortunately, ColdFusion does not submit named arguments.

This means that the order of your cfprocparam tags has to match the order that the stored procedure expects them, which seems pretty silly since the cfprocparam tag requires the parameter's name.

Unfortunately, that means that the database panel can cause more trouble than it's worth. In my opinion, the best fix would be to revise how ColdFusion handles storedprocs so that named parameters are submitted. Barring that, a hot fix to DW8 that puts the parameters back in the order they appear in the process would be helpful.

While I like DW for it's design capabilities, I feel like I'm starting to drift closer to adopting cfeclipse as my primary editor, especially since it is the main editor for Flex2.

BTW, if you've been following the VSS integration issue I've had with DW8, you will be disappointed to hear that I was told to submit an "enhancement request" for the next version. I submitted a "bug report" for this, and I think this should really make it into an updater soon, especially when it is clearly design flaw. One that has been fixed in previous versions of DW, no less.

Saturday, November 19, 2005

Enterprise Architect 6.0 released

New features include an embedded discussion forum for your team, round trip design for ActionScript 2.0, and support for Subversion.

I haven't looked at it yet in depth, so you know as much as I do at this point.

UML tools for software development and Modelling - Enterprise Architect Full Lifecycle UML modeling tool

Friday, November 18, 2005

We really need to get working on IPv6

I don't really know a lot about IPv6, but after reading this interview, I'm encouraged to look a little further. At this point, I can only imagine what can happen. It sounds like there could be some real advances in identity management.

It will be interesting to see how firewall/IDS technology changes at the desktop level.

It would be really interesting to see what could be done with Flash/Flex apps. Instead of building them to be hosted, they could be built to be delivered and hosted on the desktop. Scary.

Computerworld | IPv6 Forum chief: the new Internet is ready for consumption

Wednesday, November 16, 2005

Code Obfuscation 101

Y = false && N = true

Sedulously eschew obfuscatory hyperverbosity and prolixity.

Here is one that is worthy of the "things not to do in ColdFusion" entries on the BlivitLog, I think.

In an application I'm working on, there is a piece of data supplied from a mainframe called ag2-sort-by-date. It's a single character long and can be supplied with either a 'Y' or an 'N'. So far, so good.

The problem arises when the logic behind the field is examined. If the value of the field is 'Y', then the items this field is referring to are sorted alphabetically, if the value is 'N', then the items are sorted by date.

Go figure.

So now, the question becomes: What do I do about it? This app round-trips to the mainframe, so the data has to get back there in the same shape or all sorts of nasty things happen.

  1. Use it as is. "We make bug hunting FUN!".

  2. Use it as is. Document it everywhere it pops up in the code and hope for the best.

  3. Flip the values at the first and last point of contact (on import and export). Might cause problems when talking to the mainframe group trying to debug.

  4. Other?

Tuesday, November 15, 2005

OT: The smartest thing I've read today.

Ok, so it's only been 16 minutes into may day.

All I can say is "What took them so long?"

It makes people live longer, makes them happier while they are alive, and makes their kids visit more often. What could be better?

Oddly Enough News Article | Reuters.com

OT: The dumbest thing I've read today.

Ok, so it's only been 15 minutes into my day.

They should have escorted the lady out of the theatre for disrupting the performance.

Oddly Enough News Article | Reuters.com

Wednesday, November 09, 2005

Night of the Living xyiznwsk

Dreamweaver hotfix needed

A friend of mine, lets call him Fhwqhgads, is having a problem with his Dreamweaver 8 install adding strange folders to his Visual Source Safe database. As he works on his projects, periodically, DW8 adds a directory called "xyiznwsk". Sometimes the directory is empty and sometimes it isn't. When it's not, it contains either a control file for checkin/checkout or a copy of a template that was being checked in.

In past versions of DW, this folder was used to help synchronize system clocks with remote sites. As far as I know, DW would write this file to the remote site, use it for a short time, and then delete it without the user really being aware of it -- when everything is working correctly. If you have some other piece of software or network conditions that interrupt the process or prevent the files from being deleted, the folder can be left behind.

In the case of VSS, it's pretty obvious what is causing the folder (and files) to be stranded. If the VSS account doesn't have rights to destroy a file in the db, then they are only going to be able to delete the first occurrence before VSS requires that the previous directory/file be destroyed. Every time I attempt to connect to the remote site using the button in the files panel, I get a message telling me I don't have destroy rights to the project. That's when I think DW is attempting to delete the folder/file.

VSS doesn't have a command in it's api to allow the remote application to determine the date in use by the machine. When you set up a site with VSS as your remote option, the checkbox for maintaining synchronization information is disabled. You would think that that would prevent DW8 from attempting to retrieve the timestamp of the remote server, but it doesn't appear to be working.

I haven't been able to find a workaround for this issue at this point. If you know of a way to get this to stop happening, please post a fix or reference.

I know of one Government organization that has stopped deploying DW8 because of this single issue.

Wednesday, November 02, 2005

Adding file compare to Dreamweaver

One of the new items in DW8 is the ability to add a file compare utility that will let you examine differences between files you are working on and remote files.

If you take a look at the preferences menu in DW8, there is a new entry called "File Compare" that lets you point DW to your diff program. Below that is a link to a "help page" to learn more about what you would need to do to get this feature working.

Unfortunately, the link takes you to a DW8 partners page with another link to a company called Araxis that wants to sell you a diff program for $129US.

For some reason, I really hate this sort of thing. It feels the same as if you just went through the process of buying a new car and when you go to the parking lot to drive it away, the salesman pipes up and says, "Oh yeah, the tires are extra". Crap.

I guess the marketing department has to get their fingers into the project somehow. I'm sure Araxis cut some great deal with some relative that works at Macromedia.

If you would still like to try out the compare features in DW8, there are several free, and in some cases, open source, programs that will do the job. I like the WinMerge product right now. It's free and open source. There are several others out there that charge a fee. Some are quite inexpensive. Plus, you could always just use windiff on windows.

To use it once you have it installed, you simply right click on a file in the files panel and select "compare with remote" to have both files opened in the program so you can examine or reconcile any differences. If you use control-click and select two local files, they can be compared as well.

In addition to the DW8 integration, WinMerge does a nice job of allowing you to compare entire directory trees to see what files need your attention. This comes in really handy if you just want to check on DW to make sure your site setup is working as expected.

Friday, October 28, 2005

Java for CF Developers is overpriced.

I Hope this is a typo of some sort, but it also could be somebody capitalizing on a title that seems to be hard to find.

Java for ColdFusion Developers

Monday, October 24, 2005

DW8 file panel bug workaround

This has actually been a bug since DWMX, but it doesn't come up too often. Occasionally, a DW site will seem to get "out of whack". The file panel will open and close folders in a seemingly random fashion (well, not random, but not what you would expect either).

One way to correct this issue is the "brute force" approach. You simply delete the site and rebuild it. It gets the job done, but you have to set the whole site up again which may or may not be trivial.

The other way to fix this is to (gulp) edit the registry. Here is how you go about fixing it (Windows only, I'm afraid. I don't know the first thing about a Mac). These steps are for DW8, but they pretty much work with the last two versions as long as you can find the site keys.
  1. Close DW8
  2. Open the regedit application (start|run|type "regedit"|enter). That should open your registry file in the editor
  3. Back up the registry! I can't stress this strongly enough. If things go wrong, you want a copy of this thing that you can at least examine and at worst restore. You may also want to keep a bootable cd around just in case lightning strikes.
  4. In regedit, drill down to \HKEY_CURRENT_USER\Software\Macromedia\Common\8\Sites
  5. You now need to select the site number that is having problems. You will see numbered entries like -Site0, -Site1, etc. You can find your site by looking at the SiteName key under each site entry.
  6. Locate the values that start with "Local Expanded Dir " and ending with a number. There might be quite a number of them. Go ahead and delete all of them.
  7. Next, find a key called "Local Expanded Dirs". Double click the entry and change the value to "0" (zero).
  8. Close regedit.
The next time you open DW, all of the folders should be collapsed and begin responding correctly again.

Monday, October 17, 2005

ColdFusion adapter for Flex 2

This has to be one of the most exciting things I've heard out of MM in a while.
Damon Cooper has an entry on his blog talking about the new CF adapter for Flex 2. I can't wait to take it for a spin.

I think this move could really bridge the gap for many CF shops to get started with Flex. It also seems like a really strong competitive move to get out of the gate as early as possible with as many developers as possible to help push the advantage while Microsoft catches up.

Thanks, Damon, for working to make the adapter available when the Flex 2.0 product came out.

Thursday, October 13, 2005

Call to action: The demise of CSS hacks and broken pages

Steve Bryant's post led me to this amusing blog entry: Call to action: The demise of CSS hacks and broken pages.

I've been lucky enough to avoid using almost all IE CSS hacks to date. I probably have a few out there that I will hear about eventually. Normally I just switch out the entire .css page on a browser detect. In some cases, I haven't even had to do that.

For anything I do for myself, where I really don't care about supporting the masses, I just let the IE crowd deal with it. I don't even bother to look at that work in IE, it's not worth the effort.

I remember when there were lots of sites that would only work with IE. They would have a little link that would let you go download the browser for free. That was a lot of fun.

I think it would be funny to start a lot of sensationalistic websites that would not display anything other than a link to mozilla.org if visited with IE. How about these for a few headlines (none of which are real stoies, btw):
  • Firefox users found to have higher IQs than Internet Explorer users
  • George Bush seen using cocaine in college photos
  • Egyptian-like pyramids found under the surface of Mars.
Any others? Anybody actually doing it?

Tuesday, October 11, 2005

Ebay buys Verisign's Payment Division

eBay is buying the payment division of Verisign. Most of us know it as the PayFlow product line. It's an interesting move that would allow eBay to deliver a consolidated API that includes both normal credit card processing and PayPal merchant services. I don't really have a feal for how merchants will respond to this.

It seems like the brick-n-mortar stores with an online presence could not care less about PayPal, so I think that might be a difficult sale. On the other hand, eBay merchants and lots of small online businesses seem to really like the PayPal system.

Personally, I think that if PayPal gets much closer to being a bank, they seriously need to be regulated like one and be forced to provide the same consumer protections that a bank would normally provide.

I also don't understand the argument for using PayPal for larger merchants based on cost. Some people seem to think it costs less to offer PayPal on their websites. I don't really see that much difference in price.

Monday, October 10, 2005

Appropriate Quote of the Day

Few people are capable of expressing with equanimity opinions which differ from the prejudices of their social environment. Most people are even incapable of forming such opinions. -- Albert Einstein.

We're tryin' Al, we're tryin'.

Thursday, October 06, 2005

CF needs to be FLEXible.

Damon Cooper's BLOG

Nice to see that the CF community will be included in all the fun. I'd really like to see CF become the technology of choice to provide data services for Flex. Especially if the AMF issues get worked out.

Google declares war on Microsoft

The Courier-Mail: Google declares war on Microsoft

Great, just what I need. Targeted advertising when I'm working on a spreadsheet. I expect to see lots of keyword advertising like "A1 Auto Sales", "B4 UG0, Get a new mortgage" or "X10 Spy Camera".

Of course, Adobe is going to need all the help they can get.

Strange that I can't actually find a credible source that confirms this yet. The press release from Sun didn't really address the issue. Could this be a case of editorial wishful thinking?

Friday, September 30, 2005

Dreamweave 8 irritants

Ok, we've had a few weeks to look at DW8 and by all accounts, it is a major step forward.

Some things I've noticed that I really, REALLY like:

  1. The coder's menu down the left side of the screen. Some excellent help there, especially the braces matching item.
  2. Stored procedures under the databases tab are now sorted alphabetically by name instead of by the id.
  3. The css stuff looks to be greatly refined, although I haven't really put it through its paces yet.
  4. The "this site only" filter for the components panel helps reduce screen clutter.
  5. The program launches faster in most cases.
  6. Code folding! Great job on that one.

Here are some things that I still find (or now find) irritating that didn't make it into the release:
  1. The tag library still does not have a "Not Formatted but Indented" option. This is really needed because of things like the cfscript tag. If you apply source formatting to a page that has cfscript in it and the formatting routine decides that the indenting is at the wrong level, it only moves the beginning cfscript tag. The ending tag and all of the contents remain unchanged. That means that you have to scan through your code and manually change the indenting for all of that content. This is the case for any of the tags that can have formatted content with ending tags (cfmail comes to mind).
  2. The checkout button on the toolbar at the top of the editor almost never works now if your site is using vss. It's almost always disabled. You should be able to check the file out from this button whenever you can check a file out from the file panel. Why are they different?
  3. Files that are still checked in can be edited. If a file is readonly, you should not be able to make a single edit to it. Allow us to copy and paste into a different document or check it out or do a "save as". I really hate it when I check out a file just to look at it and later decide to make a change. You can type away at will without any indication from DW that you will not be able to save it. You then have to do all sorts of copy/paste/checkout gymnastics to get your code saved.
  4. When vss is integrated into you site, the new background file processess happen in the foreground. I haven't found a way to change that.
  5. Switching between programs in windows to DW can take an eternity. I'm guessing that an update to the file panel for checked out status and refresh of the components panel are taking place, but it almost feels like the computer locks up.
  6. Still no horizontal position for the cursor in your code. This would be helpful in locating bugs in cf since the position is generally listed in the error message.
If you know of a work-around for any of these, please post it.

Tuesday, September 20, 2005

For Yahoo, Mistrust Is Popping Up

Commentary: For Yahoo, Mistrust Is Popping Up

Yahoo can't help but give us reasons to not like them. I currently don't install any of their software, use their search or any of their other services. Admittedly, some of their offerings are pretty good. Their calendar product is pretty useful, although it offers nothing that MS doesn't with their hotmail calendar.

When will companies learn that no body likes to be made to look like a fool. This is exactly the message they send when they try to trick you into looking at their advertising or installing their software.

Take the Yahoo toolbar/Flash Player install issue that cropped up a few months ago. I think it was very important for the community to stand up and say that we don't want to see our trusted business partners succumb to the same type of thinking.

I think at this point, it is just better to steer clear of companies like AOL and Yahoo! The last thing you need is their reputation rubbing off on you. If it were my decision, I would have to kick Yahoo to the curb for being irrelevant and bordering on evil.

Wednesday, September 14, 2005

Updates to KeePass and Enterprise Architect.

KeePass 1.0.3 released on 9/10. This is a recommended upgrade becuase of a few bug fixes.

Enterprise Architect 5.0 build 770 This is a small patch to previous builds of EA5.0 Not really needed unless you have an issue that is covered in the release notes.

Friday, September 09, 2005

Project management for the financially impaired

I'm always on the lookout for a good bargain on software tools. Using MS Project to run your project management can certainly add up if you try to extend that to the customer.

A good bargain right now is a product called Basecamp. While it is more of a notification process on steroids than a project management system, it packs a lot of simple functionality into a very low price.

The nice thing about it is that you really only have to pay for the number of projects you are running and the features you want. The best thing, is that there is a permanently free version that lets you run one project. There are no limits on the number of developers or customers you give access to your project!

Again, it's pretty limited in terms of features, but it seems to do what it does well. Plus, there is some pretty cool dhtml in there, too. Certainly worth taking a look. I had a project up and running in about 5 minutes.

Wednesday, September 07, 2005

ColdFusion MX 6.1 Updater: Hot fix for cfdump throwing unknown type error for cfcatch structure

This one had me going for a while. I'm working on a project that has a Storage Area Network device that is used for certain file transmission tasks back and forth from a mainframe.

For tasks that fail, I like to send a cfdump of either the error or cfcatch structure in an email to the administrator to help with triage.

In a few cases, I keep getting this cryptic [Unknown Type] error message. In one instance, we were able to fix the issue by correcting some account rights on the directories that were trying to be utilized.

What I failed to realize is that the error is really with the use of the cfcatch structure in a cfdump tag. The hot fix takes care of the issue for cfmx 6.1 after applying the updater. The problem does not exist with cfmx7.

This points out one of the hazards of developing on a different version of cf than your staging and production environments. You'd have to try really hard to pry cfmx7 out of my hands now, though. Just too many goodies. Sounds like a sales pitch might be in order.

Wednesday, August 31, 2005

Macromedia set to spill the Zorn beans.

Sho Kuwamoto: New Flex/Zorn talks at MAX

Looks like MM is getting ready to give us a peak at the work being done on Zorn at MAX this year. I can hardly wait. Running FlexBuilder and Dreamweaver on the same machine is really awkward. You can't launch them both at the same time and they mess with each others site panels. Anybody have any tips for running them together in the interim?

Thursday, August 25, 2005

Printed CSS1 W3C Specs

Sometimes I just like having a printed specification handy instead of a website. I've tried getting these printed at places like Kinko's and it just seems so expensive. The CSS1 spec I put up here would have cost over $30 to get a printed copy and then I would have to assemble it myself and buy something to put it in.

Anyway, this worked pretty good for me. It's kinda rough, but it gets the job done. I have CSS2 ready to go, but I thought I'd see if anybody thinks this is worth doing before I tackle any more of the recommendations.

BTW, I followed the W3C guidelines for distributing their recommendations, so there should be no copyright issues.

Let me know if there are any others you want. I'm thinking some of the xml specs could be next.

Tuesday, August 23, 2005

Make cflogin work with the cfschedule service

This one is really pretty easy, but it baffled me for a few minutes until it clicked. It was one of those brain spasms I get every once in a while where something incredibly simple is difficult to grasp, like trying to describe the process that goes on in your head when you try to add 2+2 to get 4.

I like to use cflogin to secure sites (with j2ee session on). It just seems to work so well and you don't have to think about it once you build it. Sometimes I like to create a directory under the application to hold scheduled task templates that get fired off by the clock. In order to do this, the setup needs to have login credentials. If you don't think about it, you can test directly in the browser like crazy and everything works because before you try to launch the temlpate, you are forced to log in. You don't tend to think about it too much. When you then try to get the scheduler to launch the templates, they can fail because you don't have an opportunity to log in.

There won't be any messages in the logs, because technically, nothing failed. What happens is that your login template gets returned to the cf service waiting for a login. If you don't store the results anywhere (which you normally wouldn't), there really isn't anything to tell you why your template didn't run.

In order to make them work, all you have to do is append the username and password to the end of the url like this:

http://myserver.mydomain.com/myApp/scheduledTaks/myTask?j_username=myServiceLogin&j_password=myServicePassword

Simple as that, but one that can have you hunting for a few minutes until you think of the solution.

Monday, August 22, 2005

Google Desktop 2 is just lame

You can pick up the new release of Google Desktop at the link above. Personally, I think it's just more of the same. So many of the Google technologies just seem to be so much about nothing. Where are the amazing productivity gains? Where are the new business categories created by the existance of their technology. AJAX is certainly interesting, but I'd hardly call it a disruptive technology. Macromedia has been all over the RIA space for years and Microsoft is hot on their heels.

The latest desktop search reminds me of the Netscape Desktop. A thinly veiled attempt to try to grab a little more eyeball time from the user and to bury a little more of Microsoft beneath the application shell. Good luck.

The fact that all of this indexing of my computer is going on behind the scenes, as well as my browsing habits being watched just gives me the jibblies. I know that Google's motto is "Don't be evil", it just seems like they are collecting so much information that if they ever did turn to the dark side, it would be bad news for the lot of us.

I remember how horrible it was to watch the Netscape browser get tortured and twisted into a hollow shell of it's former self with the sole purpose of its existance to deliver advertising to its users. It's still amazing to me that Mozilla and Firefox were able to survive that whole ordeal.

So, Google, how about a polished, supported desktop linux? or free broadband to everyone in the country. Now that would be interesting. What else are you gonna do with the additional $14billion you plan on raising?

Monday, August 15, 2005

MS Hosted Labs Rock

If you're interested in getting a peek at some of the new stuff coming out of Microsoft, but you don't have the nerve to put any of it on your own equipment, Microsoft has put something together that you might find very interesting.

The Visual Studio Hosted Experience lets you run an actual copy of SQL Server 2005 or Visual Studio 2005, etc., remotely. You have to use IE and there is an activeX control that gets installed, so be prepared for that.

Each of the labs takes about 30 -45 minutes to complete an just gives you a taste of the software in most cases. I took the SQL Server one for a test drive. The studio looks pretty cool. There are tons of changes in there from sql2000, too. MS did a pretty good job with sql2000 for the bulk of their target market, so it feels like they are really trying to pull out all the stops to top it with sql2005. I'm sure they are aware that it is going to be VERY difficult to get people to upgrade their sql installs.

At this point, many people would wrap up by saying "Anyways, check it out", but I won't. That plural "Anyways" drives me freekin' nuts! Doesn't the "Any" part of the word preclude the necessity of making it plural? I'm not picking on anybody in particular, I've seen it about a dozen times this weekend. But, if you're one of the people that insists on making words plural unnecessarily, I thinks yous shoulds stops it's (<-- unnecesary appostrophe).

Sunday, August 14, 2005

Google IM might be a hoax.

It looks like the rumors of a Google Messenger may have been premature. According to the CEO of Meetroduction (the latest Google purchase rumor), the whole story is "rumors". Maybe they are waiting to see if there is some ground-breaking technology that can be added to IM before they tip there hand. If they never find out what that is, maybe we'll never see it.

Wednesday, August 03, 2005

The Perfect RIA Storm

For those of you not familiar with the movie, The Perfect Storm, the primary plot device centers around the conflux of seemingly random weather events to create a storm at sea of unimanginable proprotions.

I think this might be a good anaology of what we're about to see in the RIA (Rich Internet Application) space. We've been hearing about the virtues of RIAs all the way back to Flash 5. It was the first Flash release that let us do a little programming in there to do something other than just annoying intro screens. (See the link to the movie above as a prime example) Since then, each successive release of Flash has given us dramatic improvements in coding capability while at the same time having us suffer through ActionScript's early growing pains.

Now that ActionScript2 has been around for a while and is based on an ecma standard, I don't think we will see radical changes to Flash's programming language. Most likely, we will see refinements and improvements to the language as the product moves forward, allowing developers to increase their skills as the language matures. Personally, I'd really like to see a regular expression object added to the language, but that has as much to do with the player as the authoring environment. I've got my fingers crossed, but I'm not holding my breath.

The ColdFusion community is getting more and more comfortable with the (relatively) new component architecture introduced with cfmx6. While many cf devs are struggling to push the component architecture into MVC (model-view-controller) development frameworks to deliver traditional web applications, little do they realize they are building the development skills that will be necessary to supply RIAs with an integration layer. OK, most of them DO realize it, they just have a job to do that doesn't let them focus on RIAs yet. The best part is, it will be a very short mental leap to move from an MVC based framework to an RIA. Basically, the view
gets replaced with the new technology and you are able to push a lot more funtionality to the client that currently requires a trip to the server.

It's too bad MM hasn't been able to synchronize the releases of Flash and the Flash Player with updates to the Flash Remoting included in CF. Maybe they will in the next release. Currently, CF, in my mind, is the technology of choice for supplying RIAs with data. It's possible that the next release of Flex may change that.

We can't forget about Flex, either. While I haven't done a lot of work with Flex yet, the work that I have done was in copying an application that I built in Flash. Let me just say that the increases in productivity are dramatic. On the order of 10 times faster as long as you don't require custom flash work in your app. With Mike Chamber's recent announcement that the next release of the Flex authoring tool will be able to compile it's files that can be deployed without the Flex server, a LOT more developers are going to have the chance to take a look at Flex's mxml language.

I'm really looking forward to seeing what gets incorporated into the next release of Flex. I would not be suprised if we get the ability to set up data persistance objects using server-side actionScript. This could be truly amazing if we are able to create data bindings that chain all the way back to your database. You would be able to build internet applications that would "feel" like you were editing data directly in your data store. This is purely speculation on my part, I have no knowledge of anything going on inside MM, but with the work being done with Hibernate, I can easily imagine something like this getting leveraged by the product.

There is a lot of buzz right now about AJAX. Gmail being the app that really brought it home for me. They also have some extremely interesting work in Google Maps. Both are applications that have broad, popular exposure. There are going to be a lot more web citizens beginning to expect this type of web experience. Personally, I think that Flex and Flash based RIAs kick AJAX based RIA's butts. Unfortunately for developers that aren't exposed to the Macromedia RIA technologies, AJAX is all they have to work with. Right now, I don't know any developers that I think would be up to pulling off anything other than the most basic AJAX applications.

Microsoft is working on the only commercial competitor to flash that I have found. From what I've read so far, it's still a year away before a release and will probably require a computer upgrade in order to run. Currently, it requires a 30+meg download for WinXPSP2 users or an upgrade to Windows Vista. Mac and *nix users need not apply. Compared to the lightweight and ubiquitous Flash Player, it almost seems like a non-starter. I imagine that eventually, MS will push the technology into use for rendering desktop apps which will force adoption for some. It wouldn't suprise me if the consumer adoption of Windows Vista is even slower than WinXP.

Because of all of these events and the definition of the Flash Platform, I think we could be looking at the formation of a Perfect RIA Storm. It's still just a forecast at this point, but there are definitely some signs. Worst case scenario, Flash based RIAs dissappear like mist on the wind, displaced by AJAX, Vista and The Next Big Thing. Best case scenario, we see an explosion of RIAs that changes the nature of what people expect to see in a web application.

Personally, I'm hoping for the latter.

Tuesday, August 02, 2005

Use of Mobile Data Services Hampered by Poor User Experiences

I could have told them that (maybe I did and I don't remember). As one of those poor users experiencing cell phone use, there is only one thing I want from my phone.

The ability to make a call from anywhere and have crystal clear sound. That's it. No photos, no movie trailers, no games, no messaging, no web browsing, nada.

This last time, I did myself a favor and saved the $5/month for web access. It's hard to imagine, but it's just not worth $5/month.

And yet, I can make a call from the center of their coverage area sometimes and it sounds like the person on the other end is recording a song for Nitzer Ebb.

Monday, August 01, 2005

Proper Code Documentation

Documentation

Obligatory Humor Warning: The following post is made using a sarcastic and/or ironic voice. This post is intended solely for amusement purposes. If you are offended by humor/irony/sarcasm or have trouble distinguishing parody from fact, do not read the following post or the associated story. Click Here to avoid anything even remotely amusing.

Documenting your code is very important, although I tend to subscribe to the "less is more" camp. I prefer automated documentation templates where practicle. Unfortunately, I tend to do a bit of number 5 from the article. Keeping the design docs up to date can be a bit challenging as well, especially when we are always pressed for performance and price.

Monday, July 25, 2005

China needs Tom Cruise

China facing epidemic of suicide, depression | Reuters.com

Humor Warning: The following post, while referencing a tragic article, is made using a sarcastic and/or ironic voice. This post is intended solely for amusement purposes. If you are offended by humor/irony/sarcasm or have trouble distinguishing parody from fact, do not read the following post or the associated story. Click Here to avoid anything even remotely amusing.

Now here is a place where Tom can put his expert knowledge of depression, psychiatry and Scientology to work.

Maybe all that developer outsourcing for $2.60/hour isn't as great as the multi-national corporations would have us think.

Tuesday, July 19, 2005

Adobe set to unwittingly kill Flash?

From the AP article: Justice Wants Info on Adobe Acquisition

"Adobe wants to combine the Acrobat document-sharing program with Macromedia's Flash software for creating and viewing interactive content on Web sites."

If I'm reading this correctly and we can expect a bloated, sluggish application combining the Acrobat Reader and Flash (and of course the Yahoo Toolbar), I can imagine those Flash penetration figures plummeting like they went over Niagra Falls in a barrel.

Now, if the Acrobat Reader would just disappear from the web and we got a newly branded Adobe Flash Paper as the tool targeted for document presentation on the web, that would be interesting. The reader could be relegated to internal corprate usage and help maintain that Adobe image as an enterprise player.

We know that very similar documents can be prepared in either FlashPaper or PDF (thank you CF). Maybe Acrobat could be changed to allow the creation of both formats.

If on the other hand we get the first scenario, I think that will do some serious dammage to the newly coined "Flash Platform" before it really gets out of the gate (marketing wise, that is).

A lot of people think being big is a really good thing. It lets you compete with Microsoft. On the other hand, being big makes Microsoft want to compete with you.

I wouldn't be suprised if Bruce Chizen is the next Carly Fiorina. He'll be more than happy to take his multi-million dollar severance package and then take a position with Coke or Nike. The next ceo to take the helm will of course have to trim the fat (15,000 hp layoffs) and "reposition" the company.

It's a shame that more companies aren't run like SAS.

Sorry for the negativity, but I just have no confidence in Adobe's ability manage a campaign against Microsoft, develop good web technologies or keep their products affordable. I'll be very happy if I'm wrong.

Thursday, July 07, 2005

Macromedia responds to Flex pricing rant

All I can say is Wow! Thanks for not letting us down. I think maybe one of the reasons the Flex pricing has felt so painful for a lot of us is that we have been champing at the bit for a product like this and want to start using it sooner rather than later. Obviously there isn't a whole lot of concrete information here, but at least we know that Macromedia is hearing us.

"We can't wait to see what you build"

Check out David Mendels' comments in my previous post.

Wednesday, July 06, 2005

Avalon good for Macromedia customers

WARNING: mild rant follows.

There is one statistic that Macromedia seems to wish would go away every so often and then it seems to come back and hit them. Microsoft is well aware of this statistic and uses it to great advantage in many ways. Sometimes MS uses it as a way to gain market share. Other times they use it to create demand. Rarely do they disregard it.

Allaire always kept this statistic in the front of their minds, and we loved them for it. Macromedia USUALLY pays attention to it, but you can tell they don't want to and occasionally have to be reminded of it. So, what is the statistic?

98% of all business in the US have less than 100 employees

So when you decide as a company to pursue "Enterprise" software as a model, you've just eliminated all but 2% of your potential market. You concentrate your risk. Your product can be quickly dismissed as a non-option for many businesses without even an evaluation.

Macromedia has done this a few times that I can remember. Once, horribly, with Spectra. Recently with Breeze which they realized and changed course and added per minute pricing (kudos). And most recently with Flex.

I would love to see Flex become a huge success. I think it is the product that corporate America has been dreaming of since the beginning of the internet when our applications became stateless. We're just catching up to the interactivity we had ten years ago across the network.

The problem with Flex right now is that standing up a single production box is quite expensive.

You figure about $6,500 for a solid web server (3.6GHz, 2Gigs memory, dual 72 Gig drives w/ raid 1, Windows SE), 2cpu jrun: 1799, 2cpu enterprise version of cf: 5999, 2cpu version of Flex: 15000. Total: 29,298. A very hard nut to cover for a small business even with some discounting that would be available. Double it to stand up a staging server, triple it to add a development server (although I generally don't do that, workstations work just fine).

In most small and midsized businesses, time and effort is often substituted for cash. This means that many non-large businesses will spend lots of effort trying to roll Flash based apps instead of realizing the benefits of a flex based solution. I think this is unfortunate because the time spent developing the Flash apps is time where the product is not being used and showcasing the Macromedia product line.

With the impending release of Avalon, maybe Macromedia/Adobe will rethink their pricing policy. Since Bruce Chizen says
"Microsoft is the competitor, and it's the one that keeps me up at night", Adobe should really adopt some of Microsoft's strategies. In particular, MS almost always has some sort of "Small Business Edition" that provides a migration path to their more capable products as the company grows.

I like the fact that MM has created a non-commercial license that is essentially free. A huge move in the right direction, but it still leaves a gaping hole in the pricing model. I have confidence that MM has something on the drawing board to address this issue. MM is probably one of the best companies around when it comes to listening to their developer community. It's probably the single biggest reason I've been a MM evangelist for so many years. However, I don't have that level of trust with Adobe. It wouldn't surprise me if the powers that be at Adobe scuttle many of MM's plans.

Why the rant about Flex pricing? It's all been discussed before, even before the price went up. Well, because it's now impacting MY decision process. I've been working on a speculative RIA off and on for the last six months. Flash apps are hard. They take a lot of time and can be really flaky. I see Flex as a great solution to my problem, but the price tag makes the decision REALLY hard. Do you pursue a project that you may not be able to monetize because of high startup costs and an unproven business team? At what point do you have enough confidence to put everything on the line? I'm not sure my project instills enough confidence in me to take that risk. In the mean-time, I'm stuck trying to bludgeon developers into using Flash as a development platform. I hope there is another option around the corner.

Friday, July 01, 2005

Managing developer datasources

If you're like me, you wind up working on lots of different projects with all sorts of datasuppliers. If you work on a laptop, you may be connected to several networks at different times. This creates an irritating little problem when you go to crank up a development session. ColdFusion doesn't ignore all of those datasources you created to work on other projects that you currently don't have a connection to.

Waiting for the timeouts while RDS is looking to fetch descriptions can feel like an eternity. In the past, I've just gone into the administrator on my workstation and added and deleted them as needed. That works if you only have to deal with a few, but it quickly becomes a big waste of development time.

Well, there is a neat way to manage the datasources in a heartbeat.

Inside each application I'm working on, I create a file like this and bookmark it:

<html>
<head>
<title>MyApp Datasources</title>
<body>
<h1>Manage Datasources for MyApp</h1>
<!--- try not to destroy the production server --->
<cfif cgi.HTTP_HOST eq "127.0.0.1" or cgi.HTTP_host eq "localhost">

<!--- Login --->
<cfinvoke component="CFIDE.adminapi.administrator" method="login">
<cfinvokeargument name="adminPassword" value="your_cfide_admin_password"/>
</cfinvoke>

<!--- Get a list of existing datasources --->
<cfinvoke component="CFIDE.adminapi.datasource" method="getDatasources" returnvariable="getDatasourcesRet"> </cfinvoke>

<!--- Delete all of them --->
<cfloop index="dsn" list="#structKeyList(getDatasourcesRet)#">
<cfinvoke component="CFIDE.adminapi.datasource" method="deleteDatasource">
<cfinvokeargument name="dsnname" value="#dsn#"/>
</cfinvoke>
</cfloop>

<!--- Create your datasource(s) here --->
<cfinvoke component="CFIDE.adminapi.datasource" method="setMSSQL">
<cfinvokeargument name="name" value="your_dsn_name"/>
<cfinvokeargument name="host" value="your_server_name_or_ip"/>
<cfinvokeargument name="database" value="your_db_name"/>
<cfinvokeargument name="selectmethod" value="direct"/>
<cfinvokeargument name="username" value="your_db_username"/>
<cfinvokeargument name="password" value="your_db_password">
</cfinvoke>
<p>Datasource(s) added.</p>
<cfelse>
<p>You can only manage datasources on the localhost</p>
</cfif>
</body>
</html>


All of this is now possible with the (relatively) new cfide api that cf exposes. You will have to use the setDB method that is appropriate for the type of db you are using. I'm only using a minimum of the available properties here, but everything in administrator is exposed.

Take a look at the component browser for details about other functions
http://localhost/cfide/componentutils/componentdoc.cfm

They are contained in the CFIDE.adminapi package.

Note: if you may not be able to put the file in a part of your application that is controlled with user authentication that uses the datasource to validate usernames and passwords. In that case, you may want to set up a little app that just has these files in it and name them for each app.

Note #2: Dreamweaver won't acutally update the datasources shown no matter how many times you hit the refresh option. Trust me, they are not there. The new list will show up the next time the program is restarted. Your new datasources will show up with a refresh though.

Saturday, June 25, 2005

Damon Cooper's BLOG - Merrimack


Ha ha, Damon. Very funny.

In addition to the river in New England, Merrimack is also the name of one of the first ironside warships. It was actually re-christened the CSS Virginia when it had its famous engagement with the USS Monitor, but the name never really stuck.

March 8, 1862
The Merrimack is best known from the battle of Hampton Roads during the Civil War. It fought in a battle against 5 other ships, the USS Congress, the USS Cumberland, the USS Minnesota and the USS Monitor.

The Merrimack sank the USS Cumberland and then ran the USS Congress aground. She then proceeded to engage the US Minnesota which had been wounded in a previous battle. Unknonw to the captain of the Merrimack, the Monitor had been assigned to protect the Minnesota. A four and a half hour battle ensued between the two ironsides.

They fired everything they had at each other, shot, shell musket and rifle balls, grape and canister, unable to do any damage to each other.

Eventually, the Merrimack withdrew because of lowering tides. There was no pursuit.

The battle was so impressive that the Union and the Confederacy never built another wooden battleship. They had become instantly obsolete.

A few months after the battle, the Merrimack ran aground six miles from the famous battle. She was scuttled by her crew to prevent capture.

Thursday, June 23, 2005

Trogdor Rulz!

WooHoo! Just got my Trogdor T-shirt in the mail. I think I wasted about 2 days of my life looking at that site. It just cracks me up. Make sure you watch the strong-bad emails from the bottom up. They sort of have an order to them.

Let me know if you figure out how to beat peasant quest!

PasswordSafe 2.11 released

Somehow I missed this one for a while. PasswordSafe 2.11 was released last month. The install process replaces any existing copy of the program. There are only a few minor changes introduced in this release.

Thursday, June 16, 2005

Maximum CFC method length

I just bumped into size limit of a method in a cfc. Since the methods get turned into java classes, they are limited in size to 65535 characters. Before you get all nuts telling me "DOOD! Your methods shouldn't be that big", relax. It was just a bunch of database calls that happen sequentially. There's no real complexity in there, only tedium.

Lucky for me, it's pretty easy to break it up into a bunch of small private methods. Just for reference, you'll hit the limit somewhere around 900 lines of fairly dense code. If things start looking that big, it's time to start rethinking the structure.

Wednesday, June 08, 2005

Software Estimation (Part 3) - Working with the factors

Now that we are able to put together a rough estimate of a project based on use cases, the question comes up - How the heck do we put figures on those crazy factors?

I've found little in the way of guidance on setting some of the factor values, especially the ones pertaining to the environment. Here is a list of tables that I use to help put consistent values on the factors. Most of the TCF tables are straight from the function point counting rules, but the Environmental Factors are pretty much just my stab at them. Feel free to comment on places where you think I'm off.

Total Complexity Factors
TCF01: Distributed System
Distributed System describes the degree to which the application transfers data among the components of the application. Distributed System processing functions are a characteristic of the application within the application boundary.
ValueDescription
0Application does not aid the transfer of data or processing functions between components of the system
1Application prepares data for user processing on another component of the system such as a spreadsheet or database
2Data is prepared for transfer, then is transferred and processed on another component of the system (not for end-user processing)
3Distributed processing and data transfer are online and in one direction only
4Distributed processing and data transfer are online and in both directions
5Processing functions are dynamically performed on the most appropriate component of the system (live connection)

TCF02: Response or throughput performance objectives
Response or throughput performance describes the degree to which response time and throughput performance considerations influence the application development. Application performance objectives, stated by the user, in either response or throughput, influence the design, development, installation, and support of the application.
ValueDescription
0No special performance requirements were stated by the user.
1Performance and design requirements were stated and reviewed by no special actions were required.
2Response time or throughput is critical during peak hours. No special design for CPU utilization was required. Processing deadline is for the next business day.
3Response time or throughput is critical during all business hours. No special design for CPU utilization was required. Processing deadline requirements with interfacing systems are constraining.
4In addition, stated user performance requirements are stringent enough to require performance analysis tasks in the design phase.
5In addition, performance analysis tools were or will be used in the design, development, and/or implementation phases to meet the stated user performance requirements.

TCF03: End User efficiency

End-Use efficiency describes the degree of consideration for human factors and ease of use for the user of the application measured. The online functions provided emphasize a design for end-user efficiency.

The design includes:

  • navigation aids (for example, function keys, jumps, dynamically generated menus)
  • Menus
  • Online help and documents
  • Automated cursor movement
  • Scrolling
  • Remote printing via online transactions
  • Pre-assigned function keys
  • Batch jobs submitted from online transactions
  • Cursor selection of screen data
  • Heavy use of highlighting, colors, underlining, and other stylistic indicators
  • Hard copy user documentation of online transactions
  • Mouse interface
  • Pop-up windows
  • Animated interface (count as 4 items)
  • As few screens as possible to accomplish a business function
  • Bilingual support (supports two languages; count as 4 items)
  • Multi-lingual support(supports more than two languages; count as 6 items)
ValueDescription
0None of the above
1One to three of the above
2Four to five of the above
3Six or more of the above, but there are no specific user requirements related to efficiency.
4Six or more of the above, and stated requirements for end-user efficiency are strong enough to require design tasks for human factors to be included (for example, minimize key strokes, maximize defaults, use of templates, etc)
5Six or more of the above, and stated requirements for end-user efficiency are strong enough to require us of special tools and processes to demonstrate that the objectives have been achieved.

TCF04: Complex Internal Processing

Complex processing describes the degree to which processing logic will influence the development of the application

The following components are present:

  • Sensitive control (for example, special audit processing) and/or application specific security processing
  • Extensive logical processing
  • Extensive mathematical processing
  • Much exception processing resulting in incomplete transactions that must be processed again (for example, incomplete ATM transactions caused by hardware/software failure interruption, missing data values, or failed validations)
  • Complex processing to handle multiple input/output possibilities (for example, multi-media or device independence)
ValueDescription
0None of the above
1Any one of the above
2Any two of the above
3Any three of the above
4Any four of the above
5All five of the above

TCF05: Code must be re-usable
Reusability describes the degree to which the application and the code in the application have been specifically designed, developed, and supported to be usable in other applications
ValueDescription
0No reusable code
1Reusable code is used within the application
2Less than 10% of the application can be extracted for use in another project
3Ten percent (10%) or more of the application can be extracted for use in another project.
4The application was specifically packaged and/or documented to ease re-use, and the application is customized by the user at a source code level
5The application was specifically packaged and/or documented to ease re-use, and the application is customized for use by means of user parameter maintenance

TCF06: Easy to install
Installation ease describes the degree to which conversion from previous environments influenced the development of the application. Conversion and installation ease are characteristics of the application. A conversion and installation plan and/or conversion tools were provided and tested during the system test phase.
ValueDescription
0No special considerations were stated by the user, and no special setup is required for installation. ASP model
1No special considerations were stated by the user but special setup is required for installation.
2Conversion and installation requirements were stated by the user, and conversion and installation guides were provided and tested. The impact of conversion on the project is not considered to be important
3Conversion and installation requirements were stated by the user, and conversion and installation guides were provided and tested. The impact of conversion on the project is considered to be important
4In addition to 2 above, automated conversion and installation tools were provided and tested
5In addition to 3 above, automated conversion and installation tools were provided and tested

TCF07: Easy to use
Easy To Use describes the degree to which the application attends to operational aspects, such as start-up, back-up, and recovery processes. Operational ease is a characteristic of the application. The application minimizes the need for manual activities, such as tape mounts, paper handling, and direct on-location manual intervention.
ValueDescription
0No special operational considerations other than the normal back-up procedures were stated by the user.
1-4

One, some, or all of the following items apply to the application. Select all that apply. Each item has a point value of one, except as noted otherwise

  • Effective start-up, back-up, and recovery processes were provided, but operator intervention is required
  • Effective start-up, back-up, and recovery processes were provided, and no operator intervention is required (count as two items)
  • The application minimizes the need for changing backup media
  • The application minimizes the need for paper handling (don't count if your application contains no paper handling)
5The application is designed for unattended operation. Unattended operation means no operator intervention is required to operate the system other than to start up or shut down the application. Automatic error recovery is a feature of the application.

TCF08: Portable
Portability describes the degree to which the application has been developed for multiple locations and user organizations. The application has been specifically designed, developed, and supported to be installed at multiple sites for multiple organizations
ValueDescription
0User requirements do not require considering the needs of more than one user/installation site
1Needs of multiple sites were considered in the design, and the application is designed to operate only under identical hardware and software environments
2Needs of multiple sites were considered in the design, and the application is designed to operate only under similar hardware and/or software environments
3Needs of multiple sites were considered in the design, and the application is designed to operate under different hardware and/or software environments
4Documentation and support plan are provided and tested to support the application at multiple sites and the application is as described by 1 or 2
5Documentation and support plan are provided and tested to support the application at multiple sites and the application is described by 3

TCF09: Easy to Change

Easy to Change describes the degree to which the application has been developed for easy modification of processing logic or data structure. The following characteristics can apply for the application:

  • Flexible query and report facility is provided that can handle simple requests. For example, and/or logic applied to only one internal logical file
  • Flexible query and report facility is provided that can handle request of average complexity, for example, and/or logic applied to more than one internal logical file (count as 2 items)
  • Flexible query and report facility is provided that can handle complex request, for example, for example, and/or logic combinations on one or more internal logical files (count as 3 items)
  • Business control data is kept in tables that are maintained by the user with online interactive processes, but changes take effect only on the next business day
  • Business control data is kept in tables that are maintained by the user with online interactive processes, and the changes take effect immediately (count as 2 items)
ValueDescription
0None of the above
1A total of one item from above
2A total of two items from above
3A total of three items from above
4A total of four items from above
5A total of five items from above

TCF10: Concurrent
Concurrent describes the software's ability to work with simultaneous users.
ValueDescription
0The application runs on a single device used by a single users. Your typical desktop application
1The application can be used by up to 3 users at the same time
2The application can be used by up to 3 users at the same time and record locking is stated in the user requirements
3The application can be used by more than 3 users at the same time.
4The application can be used by more than 3 users at the same time and record locking is stated in the user requirements
5The application must be able to support an unlimited number of users.

TCF11: Include special security features

Special Security Features include all of the technology the application requires to protect the information it houses. Special Security Features include the following:

  • User authentication required to access all or part of the application
  • Multi-factor authentication required to access all or part of the application (count as 2 items)
  • Application uses encrypted channels to move information between components (SSL, SSH, etc)
  • Application manages its own keys
  • Sensitive data is stored in encrypted forms only
ValueDescription
0None of the above items
1One of the above items
2Two of the above items
3Three of the above items
4Four of the above items
5Five or more of the above items

TCF12: Provide direct access for third parties

The application can be used by people or organizations besides the developing organization and the owner of the application. Third party access can include the following characteristics:

  • The application is available to the general public over the internet
  • The application maintains and manages third party integrations.
  • The application is a consumer of third party services (count one for each third party API consumed).
  • The application publishes and documents a public API
  • The application must directly manipulate third party software without a published API. (count as two items)
ValueDescription
0None of the above items
1One of the above items
2Two of the above items
3Three of the above items
4Four of the above items
5Five or more of the above items

TCF13: Special user training facilities are required

User training facilities are added to the project or required during delivery. Score one point for each of the following User Training included in the application except where noted:

  • Context sensitive help files
  • Printed user documentation
  • Automated software tutorials
  • User certification required (score 2 points)
  • Instructor led training courses
ValueDescription
0None of the above items
1One of the above items
2Two of the above items
3Three of the above items
4Four of the above items
5Five or more of the above items

Environmental Complexity Factors

ECF01: Familiar with Rational Unified Process
Familiar with RUP is a measure of how much experience your team has using your Software Lifecycle Management system. I base this on the average number of projects performed by all team members using your formalized process. I only include projects greater than 3 months in length and using at least 3 developers.
ValueDescription
0Less than 1 project.
1One project
2Two projects
3Three projects
4Four projects
5Five or more projects

ECF02: Application experience
Application experience is a measure of how familiar your team is with the project domain. I use the average number of projects built for the particular industry or discipline the application serves. For example, ecommerce applications or applications for the health care industry. I give a little room for cross industry applications of a similar structure. Again, I only count projects larger than 3 months in length with at least 3 developers. I also count multiple versions of the same project individually.
ValueDescription
0Less than 1 project.
1One project
2Two projects
3Three projects
4Four projects
5Five or more projects

ECF03: Object Oriented Experience
Object Oriented Experience is a measure of how familiar your team is with OO concepts. I base this on the average number of projects performed by all team members using object oriented languages (including some object oriented javascript work and object oriented ColdFusion). I only include projects greater than 3 months in length and using at least 3 developers.
ValueDescription
0Less than 1 project.
1One project
2Two projects
3Three projects
4Four projects
5Five or more projects

ECF04: Lead Analyst Capability
Lead Analyst Capability is a measure of your project leads experience. This one can be a little tough because some subjective judgments can certainly come into play here. As a rule of thumb, I just count the number of years the person has been employed as a project lead. I then cap the figure based on the maximum level for the individual's score under ECF01, ECF02 and ECF03. Since there is a tendency to over-value this attribute, I never round up on years of experience.
ValueDescription
0Less than 1 year of experience.
1One year of experience
2Two years of experience
3Three years of experience
4Four years of experience
5Five or more years of experience

ECF05: Motivation
Motivation is a measure of how eager a team is to be successful on the project. This is an extremely difficult measurement to take. As a rule of thumb, I start with each team member's willingness to work an amount of overtime for at least part of the project. If possible, I look at past overtime records as a benchmark. One technique I use for this measure is to poll the team. I ask them to (anonymously) estimate the level of overtime they think the team is capable of the week prior to the rollout of each iteration milestone. I rank each team member and average the results if possible. I reverse the 4 and 5 positions because I find that at that level of overtime, productivity actually falls. I also add one point to each member's score that has a family. I move anybody that is interviewing or that routinely puts in less than 40 hours a week to zero and contractors never score greater than 3. I generally base this on the team members work week and not necessarily the amount of work they put in on the project.
ValueDescription
0No overtime
110% overtime (44 hour work week)
220% overtime (48 hour work week)
330% overtime (52 hour work week)
450% overtime (60 hour work week)
540% overtime (56 hour work week)

ECF06: Stable requirements

Stable requirements is a measure of how much change can be expected to be introduced during the development process. Control of the requirements process includes the following items:

  • Formal requirements document exists and has been signed off on by team members and end user.
  • Formalized change management system is in use.
  • Weekly end user reviews of progress are done
  • The application already exists and this project is porting to a different platform or a subsequent version.
  • A non-working prototype exists.
ValueDescription
0Requirements document does not exist
1One item from above
2Two items from above
3Three items from above
4Four items from above
5Five items from above

ECF07: Part-time workers

Part-time workers measure the amount of the team that is not dedicated full time to the project. This is not to be construed to mean the team member's employment status.

ValueDescription
0Entire team is on the project full time
110% of the team is working on more than one project
220% of the team is working on more than one project
330% of the team is working on more than one project
440% of the team is working on more than one project
550% or more of the team is working on more than one project

ECF08: Difficult programming language

Difficult programming language refers to the level of complexity introduced by the software language being used. I usually add one point to the most complex language if multiple languages are being used.

ValueDescription
0Template driven development - minimal coding
1Scripting based languages (ColdFusion, ASP, PHP, etc)
2Scripting based languages plus comprehensive framework
3Object Oriented languages (.NET, java)
44th generation languages (C, Pascal)
5Embedded systems, assembly language.


Part 1: What Method to Use
Part 2: Nuts and Bolts
Part 3: Working with the Factors

Monday, June 06, 2005

Cfbreak out of a component

Just on a lark, I tried using cfbreak to terminate a particular cfc from executing with the idea that the calling code would continue processing.

What do you know, it works. This can come in handy when you are debugging a lengthy cfc method. The cfc I'm working with doesn't return anything, so maybe it's not that handy if your calling code relies on a return value.

Interesting, none the less.

Sunday, June 05, 2005

Sprint vs. Verizon Wireless

Well, my contract was up with Sprint and it was time to re-evaluate my cell phone situation.

The biggest reason for the switch to Verizon was the lack of coverage we had with Sprint. It seemed that almost anywhere we went that wasn't in a major metropolitan area had little or no coverage. After a few years, this gets really annoying.

So I took to opportunity to move to Verizon Wireless. Their coverage is much better for us and many of our friends and relatives have gravitated to Verizon so many of our calls won't use our minutes.

We selected our new calling plan and phones on the web, which was a pretty good experience. I tend to be salesperson averse, so I like to shop online when possible.

I was disappointed that no phones where available that used flash, but neither did my sprint phone. It's just something I would have liked exploring. Maybe next time.

I didn't bother to get web access or text messaging this time either. Neither of those features have lived up to my expectations. Way too slow and cumbersome.

Lets face it. In general, text messaging is just stupid. You have a phone IN YOUR FRICKEN HAND! Leave a message. The only real use I see for text messaging is to be able to receive short automated messages. Cool for monitoring servers or stock prices, but just too geeky to pay for.

Here's where the story gets interesting. Once I activated the phone, I placed a call. No problem, except that the person receiving the call had a strange name pop up on their caller id. Curious. So I had that person try to call me back. What do you know, but they got that other person's voice mail. When I checked my voice mail, I actually got this other persons mailbox. It seemed like it was an active mailbox. There were messages in there, some new ones, asking questions about this guys products. Obviously a business phone.

I quickly called Verizon to look into the problem. 10 minutes into their automated system and I find out I can't troubleshoot a phone if I'm calling on that phone. Doh!

I called back on another phone and went through the process again. I finally got through to a person, but they were in New Jersey. They couldn't access my records, so they had to transfer me to someone in Maryland. No big deal, except that each time I called back I would get routed to New Jersey by their automated system. I then had to explain the situation again and get forwarded to somebody in Maryland.

Once I was on the phone with a customer support person in the right state, we started reprogramming the phone to correct the problem. Hmm... didn't work. Next we had to take the phone apart and read off a bunch of numbers so the cs rep could confirm them in the system. Everything looked correct. After trying this 3 more times with no effect, the rep gave up and suggested I go to my local Verizon Wireless store to have them flash the operating in the phone.

Once I got to the store, we went through the process of taking the phone apart, verifying the numbers and reprogramming and activating a few times. When I told the technicians at the store (who seemed very knowledgeable) that customer support suggested that the os needed to be reinstalled, they all laughed. "What are they smoking up there" was the general feeling.

To prove a point, the technician (Joe) put my phone number on a completely different phone. Same problem. They let me use a phone in the store to call customer service again. After getting re-routed back to MD from NJ, we did the "take the phone apart" thing again and the "reprogram the phone" thing again with no effect. We also reinitialized the voicemail box. No effect. The cs rep said they would now like to transfer me to technical support (I thought that was who I was talking with, but there must be another level). He informed me the current wait for tech support was about 25 minutes. I was in the middle of the showroom floor doing this. I had already been there for over 2 hours. I decided to try again from home after I had run a few errands.

Back on the phone with customer service at home. I've already done the NJ to MD thing again and told my story. I suggested that we just change the number to a new phone. After a little coaxing and a discussion about how that will affect my invoice and such, we changed the phone number. A little more testing and yes, it worked. I was able to call out and receive calls.

Whew, that was a pain, but at least it's done.

I go to use my phone the next day and I get James Earl Jones telling me that my call can't be completed because of a "conflict in serial numbers". Crap. Call somebody else, maybe it was the person I was calling that had a problem. Same message. Double crap. Ok, try to call my phone from another phone. "Phone not in service". GAHH!

Back on the phone with customer service. Apparently, they had to change my phone number again because the new number I was assigned belonged to somebody else. Reprogram the phone. Now I have my third phone number on this phone. Seems to work again.

Let me go make a quick call to see if it is still working... Cool. Still working.

I can't wait to see what my bill looks like.

I have to say that everyone I spoke to was very friendly and gave it a good shot. I think the technicians in the store were probably the most knowledgeable. It might actually sway me into going to the store to buy the phone the next time.

One thing I have noticed, that I'm not too happy about is difference in sound quality between the Sprint and Verizon Wireless networks. When you can get a good signal from Sprint, the sound is crystal clear. With Verizon, I seem to get more distortion and changing of sound quality during a call. Its like the way streaming audio will degrade when your connection can't keep up with the streaming rate. I don't think you would notice the difference unless you move from one system to the other.

I hope Verizon works out. I feel like I've put in a lot of work getting the thing to work.

I wonder if this post is worthy of the BlivitLog?

Software Estimation (Part 2) - Nuts and Bolts

I think I should preface this post with the notion that what were trying to do here is come up with a very rough, gross estimate of a project very early in its life-cycle. The most elaborate software estimation process will have an accuracy of -50% to +75%, so we're really just trying to get in the ballpark. We don't want to spend thousands of dollars on the early estimating process especially if this is being done before an agreement or contract has been signed.

Use Case Point counting is similar to the Function Point counting technique in that you basically:

  1. Count certain key aspects of your collected requirements.
  2. Answer a series of questions about the nature of your project and your development environment.
  3. Process the questions based on a pre-defined formula to come up with an adjustment figure (ie., your fudge factor)
  4. Multiply your raw count by your fudge factor to arrive at an adjusted size figure.
  5. multiply the resulting figure by a number of man-hours/point to arrive at your expected level of effort.
Counting

Here is a simple use case diagram that I'm going to use as an example. (UML 2 Primer)

(click to enlarge)


Actors

The first thing we count are the actors of our system and assign them a rough difficulty.

Actor Weights
DifficultyRuleUse Case Points
EasyA machine with a programmable API 1
MediumA user with a command line interface or a system without a published API 2
DifficultA user with a GUI 3


In my example, we have 1 easy and 1 difficult actor. Doing the math, we have 1 easy actor x 1 point + 1 difficult actor x 3 points = 4 Raw Actor Points (RAP).

Use Cases (good book on Use Cases)
Next, we do the same sort of thing for the Use Cases we have identified in our project. In this case, the weights for easy, medium and complex are 5, 10 and 15 points respectively. In order to determine the complexity, we count (or predict) the number of scenarios the Use Case will have. Each use case will almost always have at least 2 scenarios, your basic success scenario (where everything goes right) and at least one alternate scenario that deals with errors. You can certainly have many more that deal with alternate logic paths.

Use Case Weights
DifficultyRuleUse Case Points
Easy3 or fewer execution paths or scenarios 5
Medium4 to 8 execution paths or scenarios10
DifficultMore than 8 execution paths or scenarios 15

In my example, I've assigned medium difficulty to "View Summary Data", since I expect this Use Case to have several different paths based on search criteria. The rest I've assigned to the "Easy" category since they are relatively simple.

Again, doing the math, I have 4 easy Use Cases x 5 points + 1 medium Use Case x 10 point for 30 Raw Use Case Points (RUP, not to be confused with the Rational Unified Process)

Calculating the Fudge Factor
This is where we adjust our raw total of use case points to account for characteristics that are specific to our system under design (Technical Complexity Factors) as well as characteristics about the environment that the project will be built in (Environmental Complexity Factors).

Technical Complexity Factors

For each of the 13 technical complexity factors, you are going to assign a value between 0 and 5. Zero indicating that a factor does not exist in your project and a five indicating that the factor has the maximum importance or impact on your system. The weights are pre-defined by the estimating method. I don't really fool with those. I think you should either wait until there is some industry movement to modify those figures, or wait until you have enough historical data collected to prove them wrong. Changing the Value column gives me enough impact on the factors for my taste.

MetricDescriptionWeightValueTCF
TCF01Distributed System2.005.0010.00
TCF02Response or throughput performance objectives1.004.004.00
TCF03End user efficiency (online)1.002.002.00
TCF04Complex internal processing1.004.004.00
TCF05Code must be re-usable1.002.002.00
TCF06Easy to install0.505.002.50
TCF07Easy to use 0.503.001.50
TCF08Portable 2.003.006.00
TCF09Easy to change 1.003.003.00
TCF010Concurrent 1.002.002.00
TCF011Include special security features 1.002.002.00
TCF012Provide direct access for third parties 1.005.005.00
TCF013Special user training facilities are required 1.003.003.00

Unadjusted TCF Value (UTV)

Total:47.00

Adding up all the TCF lines gives us an Unadjusted TCF Value (UTV). To arrive at the ending Total Complexity Factor, we apply the following formula:

TCF = TC + (UTV * TWF)
Where
TCF Constant (TC) = 0.60
TCF Weighting Factor (TWF) = 0.01

Applying the formula to our example, we have

TCF = 0.60 + (47.00 * 0.01) = 1.07

Environmental Complexity Factors
The Environmental Complexity Factors are generated the same way as the Technical Complexity Factor is calculated. You just use a different set attributes and constants.

MetricDescriptionWeightValueTCF
ECF01Familiar with Rational Unified Process1.504.006.00
ECF02Application experience0.503.001.50
ECF03Object-oriented experience1.004.004.00
ECF04Lead analyst capability0.504.002.00
ECF05Motivation1.003.003.00
ECF06Stable requirements2.004.008.00
ECF07Part-time workers-1.000.000.00
ECF08Difficult programming language-1.003.00-3.00

Unadjusted ECF Value (UEV)

Total:21.50

Notice that ECF01 references a specific software life-cycle model. A lot of the work for this method has been done by the people at Rational/IBM, which explains the item. You could probably substitute your life-cycle process here with similar results as long as the organization you are doing the work for has a mature process. Most of the organizations I've done work for rank really low in this area. A lot of CF shops seem to add management processes as an after thought with little regard for formal life-cycle management.

While I'm on the subject, it seems to me that the cf community spends a huge amount of effort building software frameworks (Fusebox, Mach-ii, Model-glue, etc.) While this is certainly worthwhile, life-cycle processes seem to be almost ignored by the community. About the only work I've seen in the area is FLiP, and it only goes so far. Maybe it's one of those things that everybody is doing that nobody feels is interesting enough to talk about on a regular basis. I get the impression that life-cycle management is handled using the "back of a napkin" or "I do that in my head" approach. I seriously hope that as more cf shops mature, that this changes. (end of rant).

Adding up all the ECF lines gives us an Unadjusted EF Value (UEV). To arrive at the ending Environmental Complexity Factor, we apply the following formula:

ECF = EC + (UEV * EWF)
Where
ECF Constant (TC) = 1.40
ECF Weighting Factor (TWF) = -0.03

Applying the formula to our example, we have

ECF = 1.40 + (21.50 * -0.03) = 0.755

Finishing Up

We now have all the numbers we need to calculate our total use case points for the project.

Here's the formula:

Use Case Points (UCP) = (RAP+ RUP) * TCF * ECF

Applying the formula to our example and rounding, we get:
UCP = (4 + 30) * 1.07 * 0.755 = 27

Hours/Use Case Point
Now that we have an estimate of size based on use case points, we can try to convert it to an estimate of effort. The original work by Karner suggested a good starting point would be to use 20 hours per use case point. Work since then has suggested that the figure can fall anywhere between 10 and 30 hours per point. My personal experience puts the number between 12 and 15 hours per point. This unfortunately is where you need some project history to calibrate the process for your specific development and estimating processes.

Here's an excel spreadsheet to help you crunch the numbers.

Coming Up Next: Working with the factors

Part 1: What Method to Use
Part 2: Nuts and Bolts
Part 3: Working with the Factors