Thursday, October 28, 2021

Hire This Person!


I don't want to condone anyone hacking anyone else, but this was an extremely awesome, non-destructive Senior Prank. 


And this young hacker did the responsible thing and did a full write-up and disclosure to the school district's IT personnel and helped them fix it. 

Bravo.





Press F12 and Become a Hacker Today! (aka: Why We Need More Cybersecurity Awareness Month)

Earlier this month, we had this...


And a .... what is it when you double-down a dozen times and keep doing it?

And even...

I have thoughts.... 

Starting with WTF???

I don't normally jump into political topics, but I don't really see this as political. I see this as a Governor who either refuses to listen to the people he hired to know about basic technology stuff, or he's hired a bunch of complete idiots. Though reading through some of the other articles, it appears to be a case of the former. 

Not only did auditors previously mention these issues, but the reporter did the responsible thing and privately disclosed this information before his report. Then, this extremely clueless Governor kept going with his statement, despite his ignorance being pointed out again and again and again on social media. 

So the reporter, Shaji Khan, absolutely deserves that apology, Gov. Parson.

And for those of you out there who are interested in this so-called "multi-step process" that was used, I'll give you the details. I'm completely opposed to discussing hacking "how-to"s in a public forum, but I'm fairly certain I used this "hack" to teach myself HTML about 20 years ago. 

Disclaimer: Browsers will vary slightly, and there are many more ways to accomplish this "hack".

Here goes...

If you're using Chrome, Right Click on a page ...

And click "View page source". (Or just click Ctrl-U)

You'll get a page with some funny-looking words on it, but don't worry. That's the "hacked" details of the page. 

There's also the super-secret, only-for-developers-and-hackers way to do this. Just press F12 and you can get that info and even more.

I can forgive any politician making a mistake, but to continue to go on and on about this "hack".

The words I had earlier seem insufficient. Although this does make a good story for Cybersecurity Awareness Month. 






Friday, October 22, 2021

Into The Box 2021 - Write Up - Post Day +1 - Saturday, September 25, 2021

 


I got invited to speak at the Into The Box 2021 Conference in Houston, TX. These are my thoughts.

-----------------------------------------------------------------------------

Good god it's early. Quick shower then downstairs to meet my Uber.

......

Waited for a few minutes and my Uber driver stopped around the corner, but he got me squared away and to the airport with plenty of time before my flight. Not one single issue going back through screening. I've got about 40 minutes before boarding starts. There are a surprising amount of people in the airport this early. The stupid sun isn't even up yet.

.... 

On the plane, and it's a fairly empty flight again. Message sent that I'm on my way home, and now to decide if I want to try to watch a movie or just chill. 

.....

Chill it was. Made it safely back to Nashville. The landing was probably one of the best landings I've ever seen. Not sure which pilot was flying this morning, but whichever it was squeeked it on at BNA. Very nice job. 

Got my bags picked up and now just waiting on the wife to pick me up and take me home.

...

And I am back home! And very tired.

........................................................

All in all, I had a _GREAT_ time at Into the Box. I got to see some people that I haven't been able to see in a while. There were a few people that I would have liked to have seen, too, but they couldn't make it. Things are still a little iffy with COVID, but it was kinda nice to be able to attend an in-person event again. I very much liked the hybrid nature of this conference, and I hope other conferences do the same. There are a lot that I haven't been able to attend in-person, and an online option would have been great. Granted, an extremely large part of any conference I've ever been to has been the "Hallway Track". So I don't think they should all go all-virtual. 

I want to offer a huge _Thank You_ to Ortus Solutions for having me speak again. They are now the group that has given me my first speaking opportunity (ITB 2019 Virtual) and my first in-person opportunity (ITB 2020 Hybrid).


I hope to see everyone again next year!


Shawn Oden 

September 30, 2021 

(written Sept 22 - 25)

(procrastination time - September 25 - October 22!)



Into The Box 2021 - Write Up - Day 2 - Friday, September 24, 2021


I got invited to speak at the Into The Box 2021 Conference in Houston, TX. These are my thoughts.

-----------------------------------------------------------------------------

The day started again with breakfast! <picture>

Thank you to Ortus for the great food. 

-----------------------------------------


Keynote: 

Reminder - Keynotes are available for free on cfcasts.com (https://cfcasts.com/series/into-the-box-2021/videos/keynote-day-2)


It began with Edgardo reminding us of his awesome dance moves from yesterday. It's definitely something to see. Even though you can't unsee it.

Also, Life is more than software.

Pause Breathe Resume


Ortus does a whole lot to help the community. Thank you to Ortus.


Next up is Luis again.

ContentBox 

  - 9th Anniversaries

  - 4.x Series 2018, 5.x Series 2021 (yesterday), 6 Beta in 2022, 6 Final in 2023, 7 Beta 2024

  - Main new features = Multi-site, Headless, Reactive Admin, CLI

  - Multi-site

      - Manage 1 or 1000 sites on one Box.

      - Detection through URI, Query String or Headers

      - Staging + Prod in one box

      - Copy/Clone/Move between sites

      - Export/Import

  - Headless CMS

      - Everything modularized. 

      - Expressive RESTful API

      - JWTs

      - Can be deployed as a single module

      - Consume from ANY language

    - Build self-documents

  - Reactive Admin

      - Using Alpine.js + Tailwind

      - CBWire Elements

      - Return Vanilla.js

  - CLI

    - contentbox-cli

      - Install ContentBox on any CFML Engine with any supported database

      - Automise entire content sites

  - ContentBox Cloud - CAAS Content as a Service

     - Bring your own UI

     - Beta Q2 2022

 

TestBox de facto standard for TDD and BDD in CFML dev

  - 7th Anniversary.

  - 734K installations

  - 4.x Series April 2020

     - 5 releases, 1 coming soon

  - 5.x series planning has started.

  

  - output utilities through `request.testbox` or console or CF output buffer.

  - updated reporters - Easier to read

  

  Mocking (MockdataCFC rewrite)

     - Over 15 mocking types

    - Can also be a mocking HTTP REST Service, a CFML app or a ColdBox module.

  

  IDE Integration

  

Now Jon Clausen ("Captain Container")

State of the Container

   - more ubiquitous

   - Orchestration tools evolve (Docker Swarm, Kubernetes, Portainer, Ranger)

   - Usage of containers for Cron and Lambda

   - Swarm Stacks and Kube Workflows make full stack deployments (almost) trivial


   - Docker Commandbox has almost 1.3M pulls!

     - 6 releases in 2021

     - Tighter integration with Commandbox

     - Multi-Architecture support - (also supports ARM)

     - ACF 2021 Support

     - Lucee Lite Builds

     - Don't forget MiniBox (Pete Freitag) (with Docker Commandbox)

  

  - StacheBox

    - Logging and Bug Tracking framework for Coldbox

    - Javascript bug logging system which integrates with the module.

    - Can run as a module or as standalone

    - Can aggregate data between multiple log indexes and track occurrences.


    ortussolutions.org/stachebox

    stachebox.ortusbooks.com


  - cbElasticsearch  (lowest barrier of entry for advanced elasticsearch with CFML apps)

    - 23K installs

    - PATCH API support

    cbelasticsearch.ortusbooks.com


  - CommandBox containers make your life easier.

 

Next up Eric Peterson - Lead module architect


- qb  = queryBuilder  (Last year = 37 releases and 18 contributors)

  - Optional strict date detection

  - computed and virtual columns

  - Dump Helper - dump dump == debug query contents

  - table locks

  - auto scale for decimals and floats

  - Now handles Upserts


- Quick (26 rel, 11 contrib)

  - ORM for ColdBox

  - "Up and Running with Quick" workshop on CFCasts - 

  - NEW:

      - JSON and Boolean Casts

      - Easy return relationship counts

      - Parent/Child


- cbDebugger

  - Mini-APM (Application Performance Monitoring)

  - works with API requests 

  - qb, Quick and cbORM reporting

  - Quasar App coming soon

  

  -  Word Cloud of modules that have recently been updated <pic>


- CFCasts (modern CFML content)

  - 21 Series, 311 Videos, 85 FREE

  - 100 hours of content

  - over 450 registrations. 


Next up: Michael Born  (Sr Ortusian Dev)

  - DocBox Lives!

    - Documentation Library that reads code metadata and generates documentation.

    - Machine readable docs

    - Added multi-output format

    = docbox.ortusbooks.com

  

  - cbORM (sane way to work with Hibernate)

    - chainable human DSL

    - Java streams support

    - native array of structs

   - Partnered with Lucee to upgrade Hibernate extension.

      - moves imbedded Hibernate forward a full decade.

     - Breaking change in 5.4 == positional parameters (update to new JPA syntax)


Finally, Gavin Pickin (The Balrog of NZ)

  - Ortus Podcasts

     - "Let us be the voices in your head."

     - Modernize or Die CFML News Edition - Approx 14K listens + 10K YouTube watches over 125 episodes.

       - About 40 minutes, weekly, Tuesdays

    - Bringing back SoapBox Edition

      - Hosted by Luis Majano

      - Longer format - 30-60 minutes

      - Monthly


And the Keynote has come to an end. 


"Go Forth and Conquer!"



Once again, they have shown me even more "Box" goodies that I don't know enough about. QB and Quick look pretty cool. I need to flag down Eric later to ask about QB.


-----------------------------------------



SESSION 1 - Using Commandbox to optimize your daily workflow - Scott Steinbeck

CommandBox is a full-featured CLI tool written in CFML that streamlines your workflow. We will be navigating through many of the features included out of the box such as: command aliases, environment variables, enhanced terminal commands, JSON/File search & filter, watch tasks, as well as other Box product built in commands. Then we will explore extended features provided by published CommandBox modules and your own custom modules and task runners. 

=============


- What is Commandbox?


`box start cfengine="none"` >>> gives a plain HTML server! Very cool. 


- To learn more, go to the docs. There's a _TON_ of info about what CommandBox can do.


`server list running`

`server stop all`


- Environment Vars Overrides!

  - `env set cfconfig_AdminPassword "P@ssW0rd"`


67 Commandbox modules in total.

   - CFDocs

   - Bullettrain


-----------------------------------------


    

SESSION 2 - How to create high performance teams - Stephanie Monge

There is no secret recipe to create high-performance teams, however, we will share some valuable tips that will help you look over yourself and your team to find improvement opportunities that will boost your team performance and growth.

=============


"Man is, by nature, a social animal." = Aristotle

"I am because We are." - Ubuntu


-----------------------------------------


LUNCH TIME!


Pulled pork! Baked beans. Bread. Smells fantastic! But....

My session is right after lunch. There's absolutely _NO WAY_ I'm going to eat anything beforehand.


But I grabbed a plate and stashed it in my preso room. I'll eat after my talk.


-----------------------------------------


SESSION 3 - Don't Go Breakin' My Heart: Trust, But Verify  = Shawn Oden

September is Insider Threat Awareness Month. So let's talk a little cybersecurity. Insider threats are a problem that every business should watch out for.

=============

September is Insider Threat Awareness Month. So let's talk a little cybersecurity. Insider threats are a problem that every business should watch out for. To function, any business must trust their employees. But, sometimes, that trust can be abused to disastrous ends. In this talk, I'll go over some of the basics of Insider Threat Awareness, and I'll show some examples of real Insider Threats and how they could have been seen coming. 

=============

MY SLIDES

This was my talk. First time talking in front of more than a few people in forever. I hope it went well. 


About half way through, the hotel wifi went out, so I completely lost my Zoom audience. It took me a few minutes to get reconnected and back on with everyone. So my recording will be broken.


That got me about 10 minutes behind, so I had to rush through the last half of my preso. I ended it about 10 minutes late. Fortunately, Charlie Arehart was after me, so he was able to adjust his preso and catch back up. Thanks a ton, Charlie!


NOTE: Before my preso, I was talking with Dan Card. He liked my background. Said it was very "Usual Suspects", and he mentioned that Office Space would be a good fit for my topic. :-)


-----------------------------------------


SESSION 4 - Considering Monitoring Solutions for CF and Lucee

Charlie Arehart

If you're suffering performance and stability problems, there's no substitute for having SOME kind of monitoring in place. But there are quite a variety of monitoring solutions available for ColdFusion and Lucee. How do you choose? (Or are they "all the same"? No!) 

=====

There may be some monitoring features built-into your CFML engine (and free), which perhaps you didn't even know about--or it may depend on which version of the engine you're running. There are also commercial third-party monitoring tools, built for CF and Lucee. And there are still other Java monitoring tools (some free, some commercial), which can be used readily with CF and Lucee. So many choices, but which is best for you? In this session, we'll review several of these monitoring alternatives, and which are available for various releases of CF and Lucee. We'll identify several goals (problems to be solved or features one may seek). With this information, one can better determine if a built-in tool may suffice, or better choose among other options that would best meet their specific needs, including whether having more than one tool (yes, more than monitor against a single instance) may be the best way to satisfy different needs. 

=====


Again, thank you, Charlie, for being a super-professional. I wanted to watch this whole talk, but I already made him start late, and I was hungry. I wanted my lunch that I stashed away. But the awesome hotel staff were a bit too efficient. Someone found my stashed plate and cleaned it up. 


Fortunately, they were still cleaning up the lunch service, so I was able to fix myself another plate. It was cold, but it was still very tasty. 


I got to eat while I watched the last half of Charlie's preso. Sadly, I didn't take any real notes, other than a tiny one about Challenges of Scale (1vs7000 servers) and a note about CFStat and ListMetricData().


I'll look up his slides later. He's always full of good info. 


-----------------------------------------


SESSION 5 - Testing APIs with TestBox

Javier Quintero


Ready to start testing your CFML apps but not sure how to do it right? In this session, you will learn how to test your app whether is a ColdBox app or not. I will guide you and show you the benefits of using TestBox when writing API tests. Remember, writing tests is a vital part of the development process, make sure you write tests for your existing and new apps. Do it often and take advantage of the features and benefits that TestBox has in the store for you. 

======================


Server Error Code Families

1xx Info

2xx Success

3xx Redirect

4xx Client Error

5xx Server Error


Coldbox Relax --  `box install relax`


-----------------------------------------


SESSION 6 - Quick - Scopes, Relationships, and Patterns

Eric Peterson


Come learn how Quick can help you improve the readability of your code, not just represent SQL as Objects. 1. Give relevant names to important collections of SQL code. (scopes, relationships, etc.) 2. Make queries easy to compose at runtime to get the exact data you want in the most efficient way (subselects, eager loading, etc.) 3. Get out of your way when you need or want to write barebones SQL.

======================


- Quick is the ColdBox ORM engine. 

- Scope - How to organize SQL objects

- cbDebugger - get your queries that are generated

- Workshops on CFCasts!


-----------------------------------------


And we're done. Almost. We've got the closing and the final Raffle.....


-----------------------------------------


Sweet! I won an Amazon Echo Auto!


And now we're really done. :-(


-----------------------------------------


I tried to switch my flight to leave tonight, but I couldn't get it done. Because I was trying to fly out of IAH instead of HOU, I'd have to talk to an agent. And with a 40 minute expected wait, I'd be cutting it _EXTREMELY_ close to switch my plane then find an Uber that could get me to the airport. I guess I'll stick to my original flight and leave in the morning. 


.........


Since I'm sticking around for the evening, I'm going to walk back down to the restaurant we went to the other day to grab some grub.


....


That place was _PACKED_! I walked back down to Goode Company and ordered an Old No. 7. It was some of the best Tex-Mex I think I've ever had. Though, to be fair, I'm in Houston, which already has great Tex-Mex, and it's been a couple of decades since I've been in this part of the country. They gave me a ton of food, more than I was able to eat, to be honest, and I would _HIGHLY_ recommend this place again (https://kitchenandcantina.com/menus/the-woodlands/). 


Now that I'm stuffed, it's time to wind down and go to bed. I've got to be up _REALLY_ early to check out and meet my Uber at 5 A.M. 


Into The Box 2021 - Write Up - Day 1 - Thursday, September 23, 2021


I got invited to speak at the Into The Box 2021 Conference in Houston, TX. These are my thoughts.

-----------------------------------------------------------------------------

The day starts with breakfast! Which I intended to snap a picture of, but forgot. Breakfast was pretty good.

I'm headed in for the Keynote.

NOTE: I took notes during the conference, but am typing this up later, as I can. These notes are mostly just a "train-of-thought". 

schedule.intothebox.org



- Keynote Speakers: Luis Majano, Brad Wood, Eric Peterson, Gavin Pickin, Grant Copley, Jon Clausen, Jorge Reyes

Keynotes free on CFCasts. https://cfcasts.com/series/into-the-box-2021/videos/keynote-day-1

Keynote began with Luis Majano introducing Ortus and imparting the message: 

Words that ruled the land in 2020: Anxiety, Fear, Uncertainty. But there was also Hope, Compassion, Grit! 

Inspiring words. 

Storytime: "Good!"

Podcast by Jocko Willink (Former SEAL, Jocko Podcast) 

Make good out of a bad situation. 

A new "Box": TimeBox BMP - Business Management Platform

  • - Two distributed micro services.
  • - Running on ColdBox 6
  • - Quasar, VueJS Multi UI
  • - Multi-lingual and multi-currency

- Timesheets, Employee/Contractor Mgmt, Client/Project Mgmt, Invoices, Software Licenses, BI, Payroll, Time off, Client Portal, +more.

- Beta starts soon Oct 2021 - Q2 2022.

Are you a victim or a hero? 

Never lose hope. 

Reload, Recalibrate, Reengage, Refocus. 

Activate your faith.

Learn something new.

Try something new.


- Next up, Forgebox with Javier Quintero - Lead Dev of ForgeBox

  In last 12 months:

  •  6 releases 
  •  324 new users
  •  222 new packages
  •  3044 new versions
  •  18.1 million requests!

- Significant increase in users and packages.

- Big News! Forgebox 6 has landed!

  - Introducing ForgeBox Business Plans - new features for orgs

  •  - New dashboard.
  •  - Activity Logs
  •  - New Package Management
  •  - New API Keys Management

- forgebox.io


- Next up: Back with Luis 

  - ColdBox 15th Anniversary

  • Coldbox 5.x - 2018
  • Coldbox 6.x - Aug 2020
  • 9 releases, 6.6 in dev, 7.x planning starts soon.


  - ROADMAP

    - 2020 ==> 5LTS, 6 RC, 6.x Final

  •     - 2021 ==> 5 LTS, 6.lotsaVersions
  •     - 2022 ==> 6 LTS, 7.x Final, 7.x Beta
  •     - 2023 ==> 6 LTS, 7.x

  - CB6 GIANT Leap for ColdBox

  - CB6 Main Features

  •  cbFutures - bringing Java futures to CFML, asynchronus packages, available for any CF dev with WireBox
  •  Task Executors - For ANY CF app. Non-blocking executions. custom thread pools. Management API, CBDebugger visualizer
  •  HMVC Scheduled Tasks - whole heirachy of scheduling in your app
  •  REST Handlers + ColdBox Response - improved approach to building REST APIs
  •  New Renderer - faster
  •  Whoops! - exception handling and stack tracing. Developer experience -> Exception handling.   

- Interesting stuff coming next.

- Close to reactive CFML.


- Next up: CBWire - Grant Copley

 - 1.0 Beta

 - Built on top of Livewire (for PHP)

  •     send HTML "over the wire" instead of JSON. 

 - Can often eliminate back end

 - keeps template rendering on the server  

 - box install cbwire; mkdir wires; OR box install commandbox -cbwire

 - This stuff looks really cool!

 - Grant has a session about cbWire later today. 


- Next up: Commandbox - Brad Wood - Lead Dev CommandBox

  •  - 7 years old - 33 total releases, Lots of community contributions
  •  - Over 105K downloads
    •    - 33K for CB 5x
    •    - 2.7K avg/month
    •  - 133K ACF, 224K Lucee installs
  •  - More people using Commandbox than Adobe installs.
  •  - 44% Local Dev environments

 - CommandBox 5.1.0

  •    - start pure HTML server
  •    - Light/thin binaries
  •    - Custom tray actions
  •    - Server Profiles
  • - Secure by default
  •    - Server Rules
  •    - Task Runner Lifecycle Events
  •    - System Setting ${} Namespaces

 - In CB5.3

  •    - Override Config and Server settings with Env Vars
  •    - HTTP/2 Support
  •    - JMES JSON filtering / jq Command
  •    - Table Printer - ASCII art
  •    - HTTPS Redirect / HSTS   

 - In CB5.4

  •    - web.xml Overrides
  •    - server prune command == get rid of older servers
  •    - ask and confirm commands == wizards, scripts
  •    - Support for Lucee event gateways
  •    - Import/Export specific settings only (like import db settings only)
  •    - Auto replacement of passwords with env vars
  •    - Auto creation of .env file
  •    - Support Lucee server/web context
  •    - More env var support - Set anything on the server in cfconfig

  - CommandBox uses WireBox.

"Go forth and Conquer!"

Personal Obversations: There are a lot of really cool "Box" things that I don't currently use. I need to learn more about them. Especially Coldbox and Commandbox. And Testbox, too. 

Off to the sessions...

-----------------------------------------------------------------------------

SESSION 1 - cbWire - Coldbox + Livewire - Grant Copley

=Introducing cbwire: a ColdBox module that makes building reactive, dynamic, and modern interfaces delightfully easy.

 - Front end complexity

    - Lots of complexity. Frameworks.

 - Coldbox module @ 1.0 Beta

 - Based on Livewire

 - Intelligent DOM-diffing

 - `box install cbwire` < in root of project

    - `wireStyles()` - css styling

    - `wireScript()` - 

    - `wire()` - new ?????

 - Github / GrantCopley/cbwire-demo

    - Tailwind.css

    - Commandbox BulletTrain

-----------------------------------------------------------------------------

SESSION 2 - Websockets 201 - w Giancarlo Gomez

== So you know what WebSockets are and how to configure them for your application, but now what?

= So you know what WebSockets are and how to configure them for your application, but now what? Building on the foundation of WebSockets 101, I will take a deep dive into designing and debugging a WebSocket application. You will learn how to leverage listeners for your channels, handle authentication and how to view all your connections. I will review how to use browser Web Developer Tools as well as a simple drop in WebSocket Console App to debug your apps. We will discuss how to keep your connections alive thru various states of your app using AdvancedSocket and how you can connect to your ColdFusion WebSocket server from other client apps. Follow me on this live coding adventure, as we further our knowledge of what we can do with WebSockets!

  - I've watched Giancarlo give this preso multiple times. It's very interesting stuff.

  - Github - GiancarloGomez - Lots of repos for WebSockets

-----------------------------------------------------------------------------

LUNCH

<picture>

Chicken & Fetuccini; Grilled veggies; Salad; Cheesecake

Edgardo Dancing! This will definitely be a highlight of the conference. Surely there's a video somewhere. 

-----------------------------------------------------------------------------

SESSION 3 - Scheduling Tasks The Human Way by Brad Wood

== We'll learning about the new features of the AsyncManager for scheduling thread executions. You can use this feature in ColdBox apps as well as standalone CacheBox, WireBox, and LogBox use cases.

 - I always enjoy talks by Brad. He takes Energy up to 11.

 - Configuration by code.

 - task(.....)

-----------------------------------------------------------------------------

SESSION 4 - Systems Thinking for Software Devs  by Seth Stone

== It's more important for software developers to be good "thinkers" than good "coders".

= In this talk we'll examine how Systems Thinking principles can be used to evaluate our own mental models and ultimately increase our ability to solve complex problems. By thinking more systematically we can uncover innovative solutions that add real value to the organizations we're a part of.

 - Mental Model = an abstraction that simplifies reality so that your mind can operate and make decisions

 - Feedback Loop = Mechanism for ???? info that tells us if our Mental Model is accurate.

 - "Simple Rules for Systems Thinking 

- (DSRP) ===> Not meant to be applied in isolation

  •   - Distinctions
  •           - Systems
  •           - Relationships
  •           - Perspectives

    - Distinctions = any idea can be distinguished from the other ideas it is with. 

==> OSI Model, Semantic HTML

==> ERD Process ======  |THING 1|  |THING2|

    - Systems = any idea can be split into parts or structures

==> MVC Example

==> ERD Process ====== |____|

                               |????|

    - Relationships = any idea can relate to another

        ==> TIME <=> COST <=> QUALITY triangle. Inversion of Conrol model.

    - Perspectives = any thing can be the point of view of another thing

==> User stories

  - "A problem well stated is a problem half solved." - Charles Kettering

  - Plectica.com ==> Tool for visualizing a mental model.

-----------------------------------------------------------------------------


SESSION 5 - Testing A to Z by John Farrar

==Testing, too much or too little can break a project. The pathway is not a tight rope walk it is a broad road. Knowing the right types of testing and the right amount is critical. It has been said that failure is inevitable, proper preparation and testing velocity keep us productive and agile. This session will discuss the right mix of many approaches to testing. The right mix depends on your needs so we will be covering many types of testing hard and fast.

= Testing is not everything. We will not be able to foresee every challenge or prevent every issue. Certainly it should be more than nothing. It should be more than a feeling. Steve Blank says, "There are no facts inside the building so get outside." This principle should be practiced in testing. It worked on my machine is not sufficient. We will be discussing many testing mindsets, the tools that help us put those mindsets into action, the types of testing, and how to choose testing balance that works for your team, company and project. We will briefly touch on TestBox... but that is only a small part of testing options. Here are the tools we will present during our talk.

  •     Cypress
  •     Jest
  •     Lighthouse
  •     Postman ( Newman )
  •     TestBox

The types of testing we will be discussing during the talk:

  •     A/B Testing
  •     End to End Testing
  •     Integration Testing
  •     Load Testing
  •     Performance Testing
  •     Test Driven Development
  •     Unit Testing
  •     User Acceptance Testing

  - how to make testing effective

  - sysapps.com

-----------------------------------------------------------------------------

SESSION 6 - Using Testbox to refactor Old Code by Dan Card

== In this session, we will start with a page of code that needs to be refactored how we can use Testbox to simply run functions in isolation.

= As much as the need for full code coverage and writing your code a certain way to make it testable is discussed, if you have thousands of lines of code in dozens or hundreds of files, the idea of having any code coverage at all might seem daunting and beyond feasibility. In this session, we will start with a page of code that needs to be refactored how we can use Testbox to simply run functions in isolation. This has the immediate benefit of being able to test whether a function is working as expected without having to navigate through the front end of your app to get to a particular state. After running the function in isolation, we will write a few tests on the code "as is" and then start to refactor it using Testbox to slowly build up our code coverage. Along the way, we will look at some refactoring techniques and also concept of mocking.

- box install ITB...????  >>> Install demo for this session.

- CommandBox Host Updater!

-----------------------------------------------------------------------------

SESSION 7 - What's in your Dev Backpack (Postman, Webhook.site, ngrok) by Daniel Garcia

== I will give an overview of each of the three items, talk about how you can get started using them and why they are useful, show examples, and then open the discussion to see if anyone has other tools they can recommend.

- Postman is Awesome! => Easy to test Rest APIs. API platform that ????

- webhook.site => Lets you test any incoming HTTP request.

- nGrok => Expose webserver on local machine to internet

- webhook.site === DO NOT SEND PII IN FREE VERSION !!!!

- There's a forgebox module for ngrok.

- can resolve ngrok.io subdomains

- Note: I really wanted to see Scott's preso on PostgreS, but it got moved and conflicted with another session I wanted to see. I'm fairly certain that even if there was only a single track, a conference would find a way to make me have to decide on which session I wanted to watch. :-/

-----------------------------------------------------------------------------

This brings Day 1 to a close, and now it's time for 

HAPPY BOX!!!

-----------------------------------------------------------------------------

- This was a blast! The mariachi band was great. Food was awesome. Beer was good. The hotel staff was excellent. I'll have to dig around and see if I can find any videos of the band. 

- But now that I've jotted down my notes, it's bedtime. I'll try to go through my preso one more time before bed. 

======================================================================

Into The Box 2021 - Write Up - Day T minus 1 - Wednesday, September 22, 2021


I got invited to speak at the Into The Box 2021 Conference in Houston, TX. These are my thoughts.

-----------------------------------------------------------------------------

So to start this whole thing off, I switched my flight to an earlier departure so that I could make the Speaker Dinner. It's about 0-dark-30, and my flight leaves in a couple of hours. Last night, I had everything packed in my soft hanging bag, but I apparently decided to use my hard roller bag instead.

I's not a good time to re-pack. 

-----------------------------------------------------------------------------

Wife is driving me to the airport.

I hate being late.

-----------------------------------------------------------------------------

Made it to the airport, and I have a few minutes before we button up and depart. There's nobody on this plane. Just about everyone gets their own row. My flight departs at 8:25 am; it started boarding at 7:55 am; I made it to the Southwest counter at 7:45. The agent said, "You're cutting it close. Do you want to just carry your bag with you?" But I have liquids in it, and I didn't want to chance getting hung up in security. So I checked my bag. Agent told me it may not make it. Fun. At least I have the rest of the day if it didn't make the plane. Shoulda just brought it as a carry-on.

Got held up in screening after all. I'm carrying two laptops, a Kindle Fire, a couple of USB portable drives, cables, and other tech crap. This is my first time to speak in-person at a conference; I don't know what I need. Regardless, apparently the x-ray machines don't like all that junk in your backpack. I guess because of COVID, they're being very cautious about opening bags and looking at people's stuff, so they ran my bag through three different times.

When I got to my gate, the plane was already boarding. I was in the A Group (thank god I paid for Early Bird Check-in), and the agent boarded me right away.

I'm sitting in my seat and looking at a baggage cart driving up to the plane. I don't see my bag. :-|

One note: I thought I brought my USB-C cable so I could charge my phone. It's not in my backpack. I hope it's in my suitcase, and I hope my suitcase isn't still sitting in Nashville.

-----------------------------------------------------------------------------

In the air and on my way to Houston. Should be slightly less than two hours. Time to go through my preso again.

-----------------------------------------------------------------------------

Ugh. Audio is way low. I'll want to record this again.

-----------------------------------------------------------------------------

I made it to Houston, and my bag actually came along for the ride! Happy Day! The benefit of being one of the last bags loaded onto the plane is that it's one of the first to come down the line in Baggage Claim. However.....


... didn't know my poor bag was gonna get tagged with a bright yellow LATE tag so that everyone knows I'm a slacker. :-|

Anyway... the conference is at the Hyatt Place in The Woodlands, which is about half an hour away from the airport. It's still early, so I've got plenty of time to find an Uber.

-----------------------------------------------------------------------------

And that didn't take long. One was available in about 7 minutes.

Sitting in the car and realizing my return flight is REALLY EARLY. And apparently you can schedule an Uber in advance, so I've now got one scheduled to meet me at my hotel at 5AM on Saturday morning. Glad I was able to find someone to take the ride. I really hope they show up. That's early.

-----------------------------------------------------------------------------

I made it to the hotel at about 11:30 am. Check-in wasn't supposed to be for a couple more hours, but they let me go ahead and check in anyway. Thank goodness, again. The Speaker Dinner isn't until 6:30, meeting in lobby at 6:15 to walk down to the restaurant. I'm exhausted. As soon as I finish this note, I'm gonna unpack my stuff and take a nap.

-----------------------------------------------------------------------------

So I didn't exactly nap like I intended. After I unpacked, I turned the TV on and kinda dozed. The Cowboys were playing on the TV, and I remember thinking (in that strange not-quite-awake-but-not-quite-asleep-either way) that it was odd because I didn't think they were playing an early game this week. Besides, it isn't Thursday. It's just Wednesday. Has to be. The conference is Thursday and Friday. Surely I didn't sleep straight through the first day of the conference. I'm glad I'm speaking on Day 2.

-----------------------------------------------------------------------------

That thought woke me up pretty well. It's about 5 pm, so I apparently dozed for a while. I've got enough time to write up some notes and get ready for dinner.

Oh, and apparently I had the TV on the NFL Network and was watching a rerun of last week's game. That makes A LOT more sense.

-----------------------------------------------------------------------------

Dinner was at Goode Company Kitchen and Cantina (a Tex-Mex restaurant a couple of blocks from the hotel). Ortus blocked us a room, and a good thing, too. The place was pretty busy. I sat with Daniel Garcia, Seth Stone, Grant Copley (from Nashville, too) and John Farrar. These are all some pretty smart guys. I've met John and Daniel (briefly at previous conferences) and I knew Grant from the Nashville CF User Group. He came out a couple of times. We need to meet up for lunch when we all get back home. I have a few questions I'd like to bounce off him. This was the first time I met Seth. I think. I may have crossed paths with him at conferences before. Each of these guys are giving some pretty cool talks tomorrow and/or Friday.

Ortus gave us a nifty little fanny pack swag bag with a bunch of stickers, a bottle of hand sanitizer, a hand-made ornament (I'm guessing from El Salvador), a Salvadoran chocolate bar, and an At-Home COVID Test (gotta be safe). Plus, we each got an ITB 2021 T-Shirt! It feels kinda nice to actually restock my wardrobe; last year was killing me. :-)


All in all, the conversation was pretty awesome, and the food was extremely good. Despite the self-inflicted headaches and rush this morning, I'm glad I switched flights so I could make it to the dinner.

After dinner broke up, we headed back to the hotel. Fortunately, there was a gas station right across the street, so I got myself a couple of bottles of water.

I wanted to record my preso again, but I'm kinda tired. I think I'll go take a hot shower and go to bed. Tomorrow starts Day 1 of the conference!

Oh, and I found my USB-C cable. It was inside a bag that was inside my laptop bag. Ugh.

-----------------------------------------------------------------------------

Tuesday, October 12, 2021

October 12, 1979 was 42 Years Ago!

 Today, October 12, in 1979, the first book of the best ever 5 part trilogy was released, and life on earth was changed forever! Thanks to this man:

Douglas Adams
Douglas Adams

Unfortunately, in May of 2001, he phoned up NASA, the President, the Kremlin and the Pope to say he's about to catch a flying saucer out of this place (or at least I hope he did), so he's no longer around to see his masterpiece of a story hit the 42nd anniversary of its book release. But I'm sure, somewhere at the end of the Universe, he's now sitting in a seat at Milliways next to Arthur Dent and enjoying the view and a Pan Galactic Gargle Blaster.

I never caught the original radio show on BBC, but the book "trilogy" has always been one of my favorites. It's absolutely silly, but somewhat clever and fun. And Adams was a brilliantly funny writer. If you've never read the book, I'd pick it up

And don't forget your towel. 









Monday, October 4, 2021

Cybersecurity Awareness Month

 With the end of September comes the close of Insider Threat Awareness Month. But with the beginning of October comes the start of Cybersecurity Awareness Month

The overall theme is "Do your part. #BeCyberSmart", and each week has a different focus. 

  • Week 1 (Oct 4): Be Cyber Smart
  • Week 2 (Oct 11): Phight the Phish!
  • Week 3 (Oct 18): Career Awareness Week: Explore. Experience. Share.
  • Week 4 (Oct 25): Cybersecurity First.