classes on Mon/Tues! Don't miss out on these unique classes.
For class details and registration please go to:
http://www.teratech.com/training/boston_classes.cfm
For those unsure why Fusebox and FLiP are important I had the Fusemeister
himself, Hal Helms, interview me about it and also CF Security. And if you can't
make the classes I will be giving a summary of FLiP and Fusebox 4.1 at the
Boston CFUG
on Wednesday night (meeting on Beacon Hill), see website:
http://www.bostoncfug.com/
Hal Helms: For people who don't know, what's FLiP?
MS:FLiP is the Fusebox Lifecycle Process. It's a methodology for
software development that reduces maintenance costs dramatical.
HH: And what's a "methodology", exactly?
MS: It's a fancy word for "method". A methodology tells you how
to approach a software project. In other words, what steps to
take.
In the class I will examine what happens in actual
organizations when Fuseboxers try to implement FLiP in their
projects. That's as opposed to what you read about FLiP in books,
which can be a bit theoretical sometimes.
HH: How are the two different?
MS: Well, in books, there's no opposition to FLiP! In the real
world, it can be hard to convince your boss or end-users to use
FLiP. Also I have spoken with programmers who have trouble with
some of the pieces of FLiP on real projects. That is the kind of
issue we will be looking at.
HH: Why do we need FLiP? Doesn't Fusebox do a good job of
organizing code and providing focus to software applications?
MS: Fusebox organizes the project code, but FLiP organizes the
people and communications on the project. In my experience most
project failures are not due to some technical problem, but are
caused by people communication problems. For example the client
may say they want X. We program Y for them and in reality they
need Z! This is scope creep caused by miscommunication. The
problem is that clients and programmers speak different
languages. Even though both claim to speak English, really
clients speak a dialect called "clientese" and programmers speak
the "techish" dialect. No wonder we both get confused about what
the other person wants!
HH: How does FLiP help solve those problems?
MS: FLiP provides provides tools and processes to allow for
communication. That sounds terribly stuffy. Let me try it again:
instead of just using more words to try to communicate, FLiP
translates those words into wireframes and prototypes. The client
tells us something and instead of just making a note and
interpreting what the client means at coding time, we produce
something for the client to look at, to click through. And we
say, "You mean like THIS?" And we keep wireframing and
prototyping until the client says, "Yes, THAT is exactly what I
mean." It reduces misunderstandings enormously.
HH: So the client actually gets to see the application before
it's built?
MS: Exactly. You could think of FLiP like a digital camera with a
time machine that can see into the future. That is after all the
late night code changes and crazy client phone calls, to a time
when (finally!) your application finally does exactly what the
client needs. If you could do this and bring the photos back to
the present day and link them all together into a clickable
website, then that could be your model. Imagine how much coding
time and frustration you could save if there were no changes or
misunderstandings from having this perfect model available at the
beginning of your project. The database could be designed right
the first time and you could easily pick out common code to
reuse.
HH: What's so special about wireframing and prototyping?
MS: What is special is that they are so simple. I believe that
doing things simple is harder than writing something more complex
- but is also more valueable. A wireframe is just the skeleton of
the site and only shows what pages there are, how they link
together and what each page is responsible for doing. There are
no graphics or data or real functionality. All this is provided
in a website model that the user can click through using one of
the free wireframe editors. The ability to test drive the site at
the very first meeting with a client is very powerful for
communicating about what pages and features are required.
HH: Is there any other benefit to a wireframe?
MS: It also shows up page flow issues or missing shortcuts to key
pages too. I find that having an accurate list of pages and
features about a site makes it much easier for me to give an
accurate time and cost estimate for a site. Think of this process
as a blueprint for building a web application. No one would dream
of building an office building without plans. Why should we buid
complex software without plans either?
HH: What about the HTML prototype?
MS: A full HTML prototype is the next step in filling in the
details on the model of the site. It gives all the HTML and
graphics for EVERY page in the site EXACTLY as the client needs
in the final application. I can't stress the word EXACTLY enough
- that is the key to a successful prototype that it lets the
client see a "photograph from the future" of their site and give
detailed feedback to you on it.
HH: Gee, isn't that a lot of...you know, work?
MS: Well, you're building the front end of your application! That
has to be done either now or later during coding. And to the
client, the front end IS the application. They just assume that
it will work behind the scenes. The question is, do you want to
build the front end, getting client feedback BEFORE or AFTER all
the code is written?
HH: How do you build the front end without code?
MS: The prototype is pure HTML - no CF code - and so it is very
fast to make and very cheap to make changes on.The pages look
real, but all the data is dummy data. There's no real
functionality and no database behind any buttons (except that the
links work and the forms submit to another dummy page).
HH: An iterative approach sounds good, but how will we ever know
when we're done?
MS: That is an excellent question and it has to be a combination
of both the client and the architect agreeing that the prototype
is done. The client says, "You've shown me everything I'm
expecting to see on the finished application" and the architect
says, "You've given me all the information I need to build this
application." I usually provide for a formal sign off of
printouts of all pages in the site. It is amazing how getting a
client to sign something will freeze any changes until after
development is over! I've even had clients who refuse to sign
until they get their boss to review the site.
HH: Uggh.
MS: No, not at all. That means that the boss is REALLY the person
who has ultimate say. And I'd rather hear what he or she has to
say BEFORE all the time and money on the project has been used
up.
HH: What's the biggest problem people run into using FLiP?
MS: Getting clients and project managers to understand the
benefits of planning out the work before leaping into coding.
People are used to seeing instant coding and get nervous when all
this communication and thinking goes on. But what I think people
forget is that the communication and planning on a project has to
happen sometime if we are to deliver a successsful application
that satisfies the end-user's true needs. Like I said, the only
question is whether this communication is going to take place up
front or during -- and even after -- development. In my
experience a little education on FLiP at the beginning of a
project goes a long way in solving the problem. We will be
examining this other common problems in my workshop at the
Fusebox conference.
HH: Has TeraTech won any awards for programming or FLiP?
MS: We won the CFDJ award for best ColdFusion consulting company
in 2002 and 2003. I think the support we have provided the ColdFusion
community helped us win!
HH: Thanks, Michael. We'll look forward to hearing more from you
at the class.
And with computer security in the news, I decided to talk about about "Security".
Why is security important for programmers? Isn't this a network
administrator subject?
MS: Well if there are any administrators in the attendance I am sure
they will benefit from this class. However, it is really
meant for programmers. How we write code makes a big difference in the overall
security of an application. Unfortunately, many programmers miss the potential
security problems in their applications simply because they don't know any
better. Or worse, they go to extraordinary lengths in the name of security only
to miss subtle exploits that invalidate all their work.
HH: That sounds like a lot of work!
MS: Great security takes a lot of work, but good security can be achieved with a
little insight that takes almost no extra work at all. In my presentation, I'll
explain how certain practices can be adopted that in the end take no extra
effort, but pay off big in terms of security, and have side benefits such as
performance and robustness.
HH: That is a relief. But what about password protection of sites?
ML: While that is a pretty well understood topic, there are lots of different
ways to attack the problem, each with their own implications that one may not be
aware of.
HH: That is cool! What about cookies and session variables? Is there a security
risk there?
MS: Like anything, it all depends on how you make use of things. Are cookies
inherently risky? No, but they certainly can be. I think we have all heard the
stories about early e-commerce sites that stored pricing information in cookies,
allowing people to buy items at a lower price simply by changing their cookies.
HH: Ouch! And I have heard that even prices in form variables are not safe. So
will you show people how they can protect their e-commerce pricing from hackers
like that?
MS: My class doesn't really focus on different variables scopes, but
instead provides a wealth of information on how to appropriately make use of the
different scopes. Certain practices can apply to multiple scopes, so it is much
better to understand why they apply to those scopes then just to provide a set
of rules for each scope.
HH: What about URL variables. Are they hacker proof?
MS: Again, it is not about individual scopes, but understanding the implications
of how you use all scopes. Additionally, it isn't really about making things
hacker-proof or even, the more appropriate term, cracker-proof; it is about
making sure your application is designed in a way that doesn't allow users to
make use of it in ways not intended. You don't have to be a cracker to
manipulate cookie, URL, or form variables.
HH: Will you have code samples that we can copy in your talk?
MS: Yes I will.
HH: That sounds cool - I think I will be able to improve the security of my
sites after coming to your class! Thanks for talking with me.
MS: We are holding them at
Babson College
First floor of the Reynolds building
231 Forest Street
Babson Park, MA 02457
For directions see http://www3.babson.edu/visiting/
[This interview was first published at the Fusebox 2004 conference and CFUN-04
Thanks to Hal Helms and Matt Liotta for the original interviews]
Mon 10/18/04 FB201 - Intermediate Fusebox $349
Tue 10/19/04 CF201 - ColdFusion Security and Performance $349
SPECIAL! Attend both classes for only $599.
The classes will be taught by ColdFusion and Fusebox expert Michael Smith.
CF 201 - Security and Performance
*********************************
Full Day course Sign-in 9:30am, Class 10am-5pm
Just $349, includes lunch
Learn how to easily secure all or parts of your sites in a reliable
way. Protect your sites from hackers and web vandals. Improve the
speed and stability of your ColdFusion applications.
Prerequisite: Basic ColdFusion experience.
* In depth overview of ColdFusion Administrator
- Caching options
- Tuning parameters
- Security issues with Admin
* Performance & Stability
- Locking
- CFLOCK tag
- CFAdmin settings
- Request scope
* Security
- basic concepts
- login
- closing backdoors
- forgotten password
* Members Only
- session, client and cookies
- refresh issues
- timeouts
- remember me
* Session Tracking
- who is logged on now
- variable and structure dump
* Form Validation
- why it is important
- underscore validation
- CFFORM validation
- _javascript_ validation
- CF validation
- SQL validation
* Q & A
FB 201 - Intermediate Fusebox
*****************************
Full Day course 10am-5pm
Just $349, includes lunch
Prerequisite: FB101 or similar basic Fusebox knowledge.
FB201 is for people who have already met Fusebox and want to improve
their skills with the new Fusebox 4 spec. Step up to the next level
with your Fusebox programming and save yourself time and headaches
when coding ColdFusion applications. Great for team projects!
* Fusebox 4 overview
- How version 4 is better than version 2 and 3
* Core files - fusebox.xml, circuit.xml
- What files are essential to an FB app
* Nested Circuits
- How nesting can help you organize your code for reuse
* XFAs
- How Extended FuseActions can save time and self document code
* Layouts
- How layout can help code reuse and be smart layouts
that can change appearance depending where they are used
* Plugins
- How plugins can let you change core file behavior without
going crazy editing the core file itself
* Wireframes
- How to build wireframe outlines of a site and what not to include
them if you don't want headaches
* Devnotes
- How Devnotes can save you butt when developing
* Fusedocs
- How to document the Fusebox way and why it can help testing too
* Fusebox API variables
- What are all the API variables and what can you use them for
+ Learn all the advanced parts of how the Fusebox architecture can
help you build ColdFusion Applications.
+ Learn to tie together all the new parts of a Fusebox 4 application
together.
+ Study a sample fusebox application and take the code home with you
to use in your own applications.
+ Find out about how Fusebox can improve your applications from
better organization to proven methods of application design.
+ Work with the latest Fusebox techniques
* Q & A time
--------------
On-site and customized classes are available for your organization.
Contact Michael at [EMAIL PROTECTED] for more details.
[ CF Help ]
Need expert ColdFusion, SQL, VB or Access Programming? Project stuck
and need one-on-one help? Looking for onsite training? Call TeraTech at
800-447-9120, or email mailto:[EMAIL PROTECTED] We get you moving
fast!
--
Michael Smith, TeraTech Inc - Tools for Programmers(tm)
TeraTech voted Best Consulting Service by CFDJ readers!
CF/ASP Web, VB, Math, Access programming tools and consulting
405 E Gude Dr Ste 207, Rockville MD 20850 USA
Please check out http://www.teratech.com/ - email mailto:[EMAIL PROTECTED],
or call us for more information; in the USA at 1-800-447-9120,
+1-301-424-3903 International, Fax 301-762-8185 Thanks!
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
