My view on CFCamp 2012

Posted by Paul Klinkenberg in CFML , Railo on October 20, 2012

I did my first conference presentation here at CFcamp 2012. It worked out great, and got some good feedback. I actually can't wait to do another one! Hopefully, you'll be hearing from me at CF.Objective() or Scotch on the Rocks (June 2013!) soon.

 

So, CFcamp. It is not a German conference. It is a very international one, with speakers from France, Germany, America, Scotland, Switzerland, Belgium, England, etcetera. All presentations were in English, flyers and programs in English, so easily accessible for a Dutchie like me.

The venue was the StadtHalle Germering, which was a very large and new building, just 2 years old. The wifi was really good, with only a few outages during the conference. Drinks during the day were available everywhere, space enough to walk around, lunches were okay, and there even was a terrace outside.

There were 2 places for the presentations: the main stage, which had enough seats for the whole crowd (about 150 I guess), and the secondary room, which was upstairs, and not really easy to find imho. The secondary room had about 50 seats, which for some presentations wasn't enough (Andy Allen's presentation for example).

 

I went to the conference with 3 of my colleagues, which was really cool. If there wasn't a track to your liking (this happened), there would always be someone to be hanging out with. Especially while doing a smoke outside the venue, we met some really great guys (Wolverine anyone?).

 

The first day of the conference, on Monday, was the most exciting for myself, since my presentation was up at 11:45. The keynote was done by Gert Franz and Mark Drew of The Railo Company, who showed some new cool stuff which is in Railo 4, and gave a sneak peek into the coming versions of Railo, including expected release dates. To be exact: Railo 4.1 in winter 2012, and Railo 5 in winter 2013. I assume "winter" should be read as January/February of the next year.

While the first presentations took place, I was working with Mark to synchronize the things we were going to show in the presentation. Which was actually too bad, since I really wanted to learn more about ESAPI (Enterprise Security API), which was presented by Matt Gifford. I did rush in for the last 3 minutes, but luckily he put his slides online.

 

So, my presentation about Railo Extension Builder was up. It took place in the secondary room, code-named Lena-Christ, which filled up with a good crowd of around 50 people. Since Mark Drew was the inventor of the Railo Extension Builder (we built it together), I asked him a while back if he wanted to join me in doing the presentation. He agreed, so I split the presentation in two parts. Being the Railo Extensions Manager within the Railo team, I started by talking about the what, why, where, and how of Railo Extensions. Then, we announced the first public release of Railo Extension Builder, which Mark published online to the Railo Extension Store while doing a demo of the Railo Extension Builder.
You can read more about this free and opensource software in my "Presenting Railo Extension Builder!" blog post.

 

After lunch, it was time for The future of CFML, by Alex Skinner. Or so I thought. Luis Majano came in, showed his first slide which started with "I am not Alex Skinner", and did an awesome presentation on Dependency Injection. If you want to know more about DI, check out his similar presentation on Vimeo (video, 75 min.).
Luis is a really good presenter, and hey, I even won a CacheBox book!

 

Next up was Aurélien Deleusière, who did a presentation about Great Coding Guidelines. Most of it seemed really logical to me, but there were also some tips which were really helpfull. Hearing what someone else finds logical / great to do, makes you think about how and why you do it your way. And I just loved the French accent; made me want to go on holiday right away :)

 

After a break, Robert Rosen, an American lawyer who represented Tesi Italy, did a presentation called Licensing & legal aspects which was tremendeously interesting! He talked about Trademarks, copyrights, intellectual property, licensing and EULA's, all from a software perspective. Not your regular subject on a CFML conference, but man, I learned a lot!

Not only is Robert a good speaker, he also set up his presentation with a lot of example legal texts, which were always hard to understand. He pushed the audience to read and interpret them. The essence was often as simple as stunning. Doing reverse engineering is legal, as long as you don't use the result for your own profit (commercial, or self-promotion for example). Fair use was also a great subject. Though EULA's (End-User License Agreement) might say you cannot do X or Y, you are often not bound to this; they simply won't stand a chance in court.

One of the most shocking things Robert said, was about new legislation which might become active in the EU. It will make the programmer of software personally responsible for any resulting damage by negliance or just sloppy work. He showed an audit example of hospital software with incredible security errors. "That's just security 101!", someone from the audience said. So, if patient records get into the public domain because of these errors, who should be held responsible? The software programmer, the software vendor, the hospital...? My personal answer to this was as simple as shocking: the software programmer.

What does this mean for me, and for any other software programmer? Have I made (security) errors in any of the hundreds of applications and websites I created and participated in? Well, yes. And some of these security errors still exist today. You learn while you go, and good practices are not the first thing you learn when you're a starting developer. SQL injection? Nobody told me about that 12 years ago. The fact that a new law might make me personally responsible for any software errors and security bugs makes me feel a bit uncomfortable. And no, I do not suck at programming, if I may say so.

 

In the evening, Fuzzy Orange sponsored a great party in a remarkable location in the center of Munich. Let's just say there was a pole in the middle of the dance floor, neon lights outside, and there was an intimate atmosphere inside. I went there with my colleague Marius, and had a great time. Just like at the conference, there weren't so many women inside, so we enjoyed ourselves by talking about code with Michael Offner of Railo technologies, and talking about a possible resurrection of the Dutch CFUG.

Meanwhile, a code war was held in the back of the establishment. When I heard one of the assignments, I felt bad about not participating. Given a list with numbers and numeric ranges, for example "1-6,8,12,14-17", create a function which returns all the numbers, in as few characters as possible.

The day after the party, I heard about a Scotchman doing pole dancing, and partying untill 6 in the morning. Should've sticked around longer, but as a young dad, I already start yawning at about 11...

 

Day 2. Twitter first says nobody is at the venue for the 8:30 Adobe keynote. A short while later, twitter says everything is postponed by an hour. ROFL! Hangovers all-over probably, and 08:30 was a bit too enthusiastic anyway I think.

 

After the Adobe keynote, which I mostly missed due to some extra sleep, Christoph Schmitz did a presentation about FW/1 (Framework one).

He first asked who already uses FW/1, and then told those people, inlcuding myself, that we'd better go to the other track ;-) I didn't, and got some time to work on the Extension Builder, and listening to the presentation at the same time. While working on a FW/1 app, it was funny to be hearing someone explain what I was working with at that same time... Anyway, Christoph did a good job explaining how FW/1 works.

 

Then, Luis Majano was up again, talking about ContentBox, a cool new CMS, which runs together with Coldbox, CacheBox, and any other *box products Ortus Solutions has to offer.

At first glance, it reminded me of Mura. But when we got further into the presentation, I saw a whole lot of nifty stuff. Luis showed how easy it is to add custom content / modules inside the regular content, and how nicely it integrated with the other *box solutions. It is definately something to check out!

 

Time to wrap this post up; it is way too loooong already (are you still reading? Wow). But not before I said something about Bilal Soylu's presentation on Application Security!

Bilal himself is a great guy, who I first met online because he created the first-ever Railo Mac installer. A year later or so, he worked together with Jordan to get mod_cfml going for IIS. Enough reason for me to go see his presentation.

And it was awesome! I was in shock when he showed just how simple it is to inject XSS code (cross-site-scripting) into an application, and the general number of vulnerabilites out there is astonishingly high. About 55% of all websites are prone to XSS, and 53% have Information leakage problems.

Main thing I learned from his speech, or well, remembered again: all incoming data must be treated as insecure. Only after validation should you trust it. His example was really simple and effective: mke sure that all incoming data is checked. Do not use the form or url scope in CFML directly, but use i.e. the request scope, where a validator has already checked and copied the form/url variables into. Simple and clean, really like that idea!

Just go see the slides he put online.

I would like to sincerely thank the main organizer Michael Hnat for all the efforts he has done, and for allowing me to do a presentation at CFcamp. It was amazing!

Also thanks to everyone who made this possible: sponsors, visitors, and even the stressy bartender ;-)

del.icio.us Digg StumbleUpon Facebook Technorati Fav reddit Google Bookmarks
| Viewed 6212 times

No comments yet.

(will not be published)
Leave this field empty

bushy