Episode 231 | April 15th, 2025 - Modernize or Die ® Podcast

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:05):
Hello everybody and welcome to the Modernize or Die podcast.
Today is April 15th.
This is episode 231.
My name is Eric Peterson, happy to be with you and I'm joined by Mr.
Daniel Garcia.
Eric, how are you doing today?
I'm doing pretty great.
Weather's turning up here in Utah and I can send my kids outside and it makes me veryhappy.

(00:26):
Do they stay outside or do want to come back in?
They do, they do.
And we enjoy going on family walks together in the evening.
So we like the nicer weather.
Of course, in Utah, it's gonna like get super cold again this week and then jump into the90s.
So only a little bit of nice weather.
So it's also a tax day and I'm going to throw this out there.

(00:48):
So I've been doing at Ortus have a fun house and I've been putting dad jokes and I got adad joke calendar.
And today was a dad joke about taxes.
It says, I don't do my own taxes.
I'm just not into it.
Get it into it.
unfortunately unfortunately
that as a regular feature.
was just, it's tax day.
And if you haven't gotten your taxes yet, finish this episode then go do them.

(01:13):
Dad Joke Corner brought to you by Daniel.
Thank you, Daniel.
Well, let's jump into some Ortus news.
Into the box, just around the corner.
The end of the month, really.
I guess it's technically April, May, but consider it April.
No workshops are April 30th.
I like I should know this since I'm given a workshop.

(01:33):
April 30th is the workshop day.
Okay, it is end of the month.
So we only have 20 on-site tickets left.
So if you've been kicking the can down the road procrastinating, like stop what you'redoing, go to intothebox.org and order your tickets.
Workshops only available for our on-site attendees.
It looks like we have three spots left for our getting started with BoxLang.

(01:57):
And we have some other great options to consider as well.
Team packs are available, that's the only way to get early bird pricing right now.
Buy one, get one half off, or buy two, get one free.
me post these links.
you are not gonna be able to make it in person, we're really sad.
This is gonna be epic into the box, but you can get our virtual ticket.
Today is the last day to get Early Bird online ticket pricing.

(02:21):
We'll throw that link in our show notes.
If you don't buy today, you're up to the normal virtual price, but you can still pickthose up all the way up to the start of the conference.
fair, our normal virtual price is pretty reasonable.
Considering all the content you get, it's just if you want to be even more reasonable.
All of these prices are very reasonable for a conference, head over to those links.

(02:42):
Again, we hope to see you there in person.
And we'll tell you there's a big special reason why we'll get to later in this podcast.
Can't wait.
We have some product updates.
Daniel, do want to tell us about Command Box 6.2?
They do CommandBox 6.2.0.
That point zero is very important.
It was released.
We've got nine tickets with several bug fixes and some new features including the Jakartaserver support, which is important for BoxLang and ACF 2025 and Lucee seven.

(03:13):
Some new changes with those that we need to make sure that CommandBox box supports.
one of my new favorite features is a server warmup URLs.
So that way when you start the site, you can automatically kick off some URLs to hit tillI want the site so that when you start the site, I'll warm up the site.
So if you start your site and you need to run some initialization routines or do whatever,it'll kick off these server warmup URLs and you'll be back in business.

(03:37):
a lot of times when you have to start your site manually, then you have to manuallyremember to go back and click those links.
Well, here you just automate it all for you.
If you want more information, we'll go ahead and put that into the chat.
The server warmup URLs, all I can think of with that is hibernate ORM, how when you hityour site, it has to crawl all the different entities and metadata and load everything,

(03:58):
and you just want that to be done before anybody actually has to hit it.
or if you've got like a lot of cache queries where you want to make sure they getinitialized in cache before anyone does anything.
Yep, that's another good idea.
So that's CommandBox 6.2 out right now.
Next, let's talk about the ColdBox Vite plugin.
So Vite is, we're talking JavaScript land.

(04:20):
It's a module bundler.
You know what?
I haven't done enough JavaScript to know the terms I use now.
What I do know is if I want modern JavaScript frameworks like Vue and React to run, Vite'sthe way I choose to do it.
because it's super fast.
In fact, the other day I was doing some development on the site that used Coldbox Elixir,the old webpack bundler.

(04:42):
And I'd save a change and it would take maybe a second to reload and compile.
And I was like, this is garbage.
Vite does this in 10 milliseconds.
What's going on?
So I almost ripped it out and put Vite in.
And then I realized that wasn't my job at the moment.
So next time.
But the ColdBox Vite plugin is the easiest way to hook into your ColdBox site so you canadd in modern JavaScript with your existing ColdBox server rendered site.

(05:08):
It has support for the latest Vite and all the goodies there.
You can also get started quickly with our template using the CommandBox box.
You can do a ColdBox create app and pass in cbtemplate-vite.
Get everything you need to get started.
I got to do some work with Quick version 11.2.
I got to meet with a client and as usual, performance issues in Quick come down to noteager loading relationships.

(05:36):
So eager loading's the idea that if you have a blog post and you wanna get the author toget the author's name, you
could mistakenly load 20, 40, 50 blog posts in one database request and then proceed to do50 single database requests to load the author for each post as you're looping through it.

(05:58):
Eager loading instead will go grab all those at once and stitch them together for you.
So it's huge on performance but also can be easy to miss.
Well, I finally jumped in and added a way to disable all lazy loading.
in development, you can do it per environment so that you're in development and it willthrow an exception at you and tell you like, hey, you tried to lazy load this, go you load

(06:23):
this and help you avoid those performance problems before they even get to production.
So that's out in quick 11.2.
It is.
Nice.
Nice, nice, nice.
Okay.
So this week's episode is sponsored by Ortus solutions.
Imagine that we want to feature CommandBox Pro if you haven't heard CommandBox Pro it'sCommandBox with a bunch of other really cool things that are definitely worth paying for.

(06:52):
obviously the most important one is support SLAs and trust from Ortus.
You get the service manager modules so that if you've got a server set up and you want itto start automatically, will do that.
if you're just like any other service.
You do get a ForgeBox Pro account included with every CommandBox Pro license you purchase.
So if you want to do your own private packages and share that within your team, you can doall sorts of cool things like that.

(07:15):
Multi-server features, you can do CommandBox multi-site, which allows you to pay us, it'slike doing virtual hosting, where if you want to have one CommandBox instance and host,
you know, multiple sites, dozens of sites for whatever, you can do that.
We also have the automatic JDK management and manager versions on each specificapplication deploy as well as SNI support.

(07:35):
We're in multiple certs, SL certs on the same IP address.
So if you want to go check that out, go to the website for CommandBox Pro and we'll putthat in the link.
Let's go over to our BoxLang corner.
BoxLang 1.0 RC3 has been launched.
Let's tell you about some of the headline features here.

(07:56):
We kind of teased them last podcast, but performance, we've tested the runtime against allour major libraries.
It's faster than Adobe 2021, 23, 25.
It's give or take with Lucee depending on the test.
So,
great work to the entire BoxLang team for just iterating and iterating on thatperformance.

(08:18):
The BXORM module is out so you can integrate with Hibernate for all you poor people thatstill have to do that.
That's obviously my opinion.
I should have prefaced that.
Virtual thread support.
This is a fun feature that I had to look up for Java 21, I believe, but just a lighterweight thread that can be
Backgrounded similar to virtual memory so that when you do IO tasks in the thread, itdoesn't lock up the entire like CPU thread Scheduler so the if you've ever used the cold

(08:46):
box scheduler, which is incredibly powerful and intuitive You can do all that in boxlaying.
In fact, that's replaces kind of the crazy scheduler UI that you can find in Adobe andLucee and My favorite little feature from here
You can run it from the CLI so you can without starting up your application go to BoxLangschedule and then pass in a scheduler.

(09:10):
You don't have to run cron You have to do anything like that.
It will just run forever and run your tasks for you.
So then you can use all the nice BoxLang scheduling methods like saying run every day orEvery workday at 8 a.m.
Instead of having to figure out the random cron incantation for that
So that's BoxLang RC3 out now.

(09:31):
You can go please test your site because this is the last RC before the stable release.
When's the stable release gonna happen?
As hinted earlier, Into the Box 2025 we will be launching the stable release of BoxLang1.0.
So you want to be there, Into the Box 2025, whether you're joining online or in person,this is gonna be the conference that gets you up and running on BoxLang to start

(09:56):
supercharging your development fast and easy.
And now's the time to grab a BoxLang plan.
This is in your future, you want to save some money on it, they're 25 % off until Into theBox.
So grab that, we'll see you there May 1st for the BoxLang stable release.
And then one more last important bit of box news BoxLang news are the virtual machines arenow on AWS.

(10:23):
So if you've been wanting to play with BoxLang and you've been waiting to for it to appearat AWS as a VM, it's there, you can do it.
We're going to go ahead and post the link and go play with it.
Yeah, we announced last week or last podcast rather that we had them up on Azure and nowthey're up on AWS.
How about some CFML updates, Daniel?

(10:44):
Do you want to tell us about the security updates that came out this last couple weeks?
So they're a big one for both Adobe and Lucee.
I think it's pretty much the similar, similar exploit.
There are security updates available for Adobe CF.
We'll get the links there in the chat.
Similar for Lucee.
It's where if you've got a certain condition on the server, somebody can take advantage ofan exploit where they can execute code remotely.

(11:11):
Now, if Lucee did say that if you're on a shared hosting environment, this is a little bitmore of an issue than if you're hosting privately.
But if you go through and kind of read through the docs, you can kind of see what ithandles.
You have to kind of decide if that's something you want to account for.
Now with Lucee, if you just want to update to latest Lucee, I don't think there's anyissues with that.
Just do it.
Why not?

(11:31):
Don't worry about it.
Yeah, was something about being able to write bytecode directly to the server and thenLucee would run it, which I feel like if somebody can write files directly to your server,
you might have a bigger problem, but.
I was talking to Brad about it too when it came out and it's like if you can do this firststep, then you can do the second step.
But most people don't allow you to do the first step.
So you're probably okay anyway.

(11:54):
But definitely worth reviewing your code base and updating or just update anyway.
And for Lucee, you can also add an environment file to lock it down even further,especially if you're using CommandBox or Lucee environment variables.
another big news is there a 6.2.1.112 RC final release candidate is out for you to playwith and test with and check out and make sure it all works the way you're hoping it

(12:16):
works.
Yeah, I'm looking at their server change log for that.
It looks like a lot of bug fixes, not really any new enhancements.
It's just kind of what you expect at this point in an RC.
give that a run on your Lucee servers and let them know if anything's still missing.
Let me post the link for that.
And I think there's some more blog posts or new blog posts we want to talk about thisweek.
don't you take us to those, Eric?

(12:38):
Sure, let's highlight a few of them.
The first one, let's talk about PDF generation, bloat and optimization.
This is a blog post by James Moberg comparing and contrasting a few different ways togenerate PDFs using CFML servers.
Good old CF document, CF HTML to PDF and WK HTML to PDF, which if you haven't heard ofthat one is actually a separate utility ran via the command line that can also generate

(13:04):
web pages based on WebKit technologies.
So you can go and check out all of his code and how he runs it.
I mean, the answer is WebKit HTML to PDF is faster and smaller file size and seems likethe clear winner to me.
Doesn't have a tag for it.
You can't just say CF blah, blah.
You know you say that, except there is a WK HTML to PDF module on Forgebox that you caninstall a wrapper to use that service written by the in-league team, Sam Knowlton and

(13:38):
friends.
So if you're missing the I want one tag to do this, go check out that module.
I got you, Daniel.
I was setting you up.
I remember our team, man, over a decade ago, quickly found that CF document was not gonnacut it and use that WKHTML to PDF.
And I feel like this falls right in James's wheelhouse as one of his last blog posts wetalked about was about using native CommandBox line tools instead of ColdFusion tags, if

(14:08):
you remember that.
So this just falls right into his wheelhouse, yep.
Thank you for that.
And yeah, use WKHTML2PDF probably.
We have another one from Ben Nadal about HTTP GET and HTTP POST are sufficient for me inColdFusion.
so, HTTP in browsers has two verbs, get or post your forms can get or post.

(14:33):
but there are more verbs defined by the HTTP specification, put patch, delete options,some other ones as well.
the APIs tend to use and that applications can use as well, kind of spoofing it.
A cold box makes this really easy so that you can use all these different verbs and have
In my opinion, all this comes down to opinion, a really nicely tuned API, something thatlooks really nice as far as the URL structure goes, organized.

(15:03):
Ben here argues that you know what, the browser can't handle it basically.
It's extra mental weight that you can't use.
It's kind of a leaky abstraction because your GET might mutate a last access date oryour...
delete might just be modifying the flag instead of actually deleting, so why are wepretending this?

(15:23):
So you get a lot of, can get read for his opinions.
He makes a lot of good points, and I think the biggest point is, know, browsers can'tactually do put, patch, or delete or anything besides get and post, so everything after
that's kind of faking it.
But we also live in a world where APIs are king, and those can support all those verbs.

(15:47):
if you haven't caught on from the way I've been describing it.
I love all the HTTP verbs.
In fact, I have a video I want to throw in there that's one of my favorite talks that I'veever seen, which is called Cruddy by Design by Adam Wavin.
So we'll throw that in there.
Obviously, this comes down to your organization.

(16:09):
and how you want to structure your application, right?
These HTTP verbs there to help you describe how you want to be organized, right?
One of Ben's posts was, if you need a router, I think you've overcomplicated things.
And for me, like the router is where I live in Coldbox apps.
Like I love that can go to one file and see everything that happens in the app.

(16:30):
So it's a bit of a difference of how you want to structure your apps.
And as he said, the one's not right and the other wrong.
but you can definitely look at both and think, how do I want to structure my app?
So we'll give you a little bit of both sides here.
fair.
I don't think Ben uses a ColdBox And so he might
his own self-built framework, if any.

(16:52):
And I will say early on when I started with Ortus, I've been an Ortus almost four yearsnow and early on I was working on a project and worth you Eric and you showed me this
cruddy by design video and it blew my mind.
As in of course we should do it this way.
Of course this makes sense.
Yeah, you know the fun thing is, like, I love that talk and I try to build things that wayand then sometimes I don't because it doesn't make sense.

(17:13):
So like, I think Ben had one about that where if you're doing a bulk operation of bulkdelete, you can't pass a body in the delete statement so you do a post.
That's not ideal.
That's what you do.
Sometimes you just, make your code work.
It's fine.
All of our code's held together with duct tape and string anyways.
Best practices are best, except when they're not.

(17:35):
There you go.
Okay, now we do have another blog article, getting the client's IP address using Lucee andConfusion.
This is by Gregory Alexander.
Basically going through the poll showing different ways of extracting that IP address andwhether it's, know, using the getHttpRequest data, use the CGI variable, but it kind of
goes a little bit further because sometimes your server is behind a load balancer or aproxy.

(17:58):
And so you can't just grab the IP address because you're grabbing the IP address of thatmiddle server.
And so you may need look for things like X forward for, because a lot of them will passthat along.
And so he shows an example of how to grab that.
And then there's a couple others that he talks about, including if you're using X real IP,some load balancers engine X use that instead.
Or if you have a CF connecting IP key, someone use that for cloud flare.

(18:22):
And so really some nice examples of all the different scenarios you might run into or forgrabbing that real IP address and not the proxied IP address.
I know a while back Gavin created something on Forgebox to kind of say get real IP thatkind of did this, but Gregory went way beyond what Gavin did and I kind of like it.
Basically if you use this, it'll catch every IP and all these different scenarios wetalked about.

(18:47):
And so it's a nice little utility there he's got, or example he's got.
Yeah, as described, it really depends on your technology stack, right?
If you got Cloudflare in there, Fastly in there, know, NGINX, what do you have and whatkey it's using?
We have a utility that, you know, I've used because I felt like it was good enough.
Right inside CB Security, on the CB Security model, you can call get real IP and it willgo and grab

(19:14):
like the cluster client IP or the X forwarded for, and then finally the CGI variable.
But it doesn't have those, you know, Cloudflare ones, the Fastly ones.
So you might need to implement your own kind of function based on what is in yourtechnology stack.
Yep, that's the one I was talking about.
That's on Fordbox.
Gavin put that together.
And get real IP.

(19:35):
now it's, it might still be a Forgebox module, but it is now part of CB Security as well.
So you might not even need to install anything else.
I kind of feel like we should look at the other examples from Gregory and maybe add someof those.
Yeah, I think the trickiest part will be deciding the order.
But then again, you're probably not using Fastly and Cloudflare, right?

(19:56):
So.
Yep.
And so if you're testing for it to exist and doesn't exist, you ignore it.
So yeah, you're probably not using multiple.
And if you are, then you got issues, I guess.
All right.
Well, thank you everybody.
This is not all of the CFML posts that were through this week, but we only have time tohighlight a few.
So let's move on.
We still have some events that we want to cover.

(20:16):
As mentioned, Into the Box Workshops, April 30th, Conference May 1st and 2nd.
BoxLang 1.0 stable is launching.
You want to be there in Washington, DC.
20 tickets left.
Go buy them, come visit us, we're excited for it.
And for all those that have already bought their tickets, who are speaking, we're veryexcited to see you there, it's gonna be a blast.

(20:39):
CF camp a little bit after that May 22nd and 23rd.
This is in Munich Germany a new hotel, but still in Munich You can check it out CF camporg I Know Luis is going to be there.
I believe Brad is going to be there as well So we have some Ortus representation and somegreat talks on BoxLang We hope to see at CF camp if you are on that side of the world It's

(21:02):
a little easier to get to Munich than it is to DC
And finally, coming up in step two.
Cold Fusion Summit 2025, September 22nd, 23rd in Las Vegas with, I believe the 21st and orthe 24th being certification class days where you can go in and get certified.
And do we know if Ortus is doing a workshop around there?

(21:24):
We usually do.
I haven't heard yet.
It still might be a little bit way out.
think, I imagine we're probably waiting to get through ITB and just keep all our focusthere first before we, look beyond ITB.
And then of course CF Camp, Luis and Brad will be there a few weeks later.
So.
And there is a CF Camp Pre-Conference Workshop with Ortus that you can join.

(21:45):
I'll absolutely there be talking about BoxLang.
Yep, it's getting started with the BoxLang runtimes with Brad or Zero the Hero withColdbox and BoxLang with Luis.
Excellent.
Okay, that's probably it for our episode today.
thank you to all of our Patreon supporters.
We are grateful to all of those individuals and companies supporting our open sourceinitiatives like Command Box, Forgebox, and Coldbox, all the other great boxes out there.

(22:12):
Funding the cloud infrastructure that Forgebox runs on in our community site.
You can support us at patreon.com slash Orda Solutions.
You can see all of the sponsors that we have now at ordasolutions.com.
slash about dash us slash sponsors.
So don't forget we do have annual memberships available and pay for the year and save 10%,which is great for everybody, not just businesses.

(22:37):
Bronze packages, you get a ForgeBox Pro account and the CFCast subscription as a perk.
You get your profile badge community website, private access on the community website anda private channel on Box Team Slack.
Thanks everyone for joining.
We will see you, let's see, in a couple weeks.
It's going to be BoxLang into the box time.
Are we going to be podcasting from into the box, Daniel?

(22:59):
You know, we're figuring that out.
If we do, it's going be a special podcast.
Normally our next normal scheduled podcast would be May 6th, because we are going to dothe first and third Tuesdays of the month, not in every other week thing, first and third
Tuesday.
So we haven't finalized the box or the into the box schedule, we're hoping to dosomething.
You know, maybe a one-off, but

(23:19):
But you don't have to worry about missing hearing us because you're gonna be at Into theBox.
You're gonna be coming to our sessions.
You're gonna be hanging out at Happy Box.
You're gonna be full of all the time that you would want with Daniel and myself.
And probably more.
Yeah.
smell us, it'll all be good.
Hopefully not smell us.

(23:41):
All right, everybody.
Thanks and have a great rest of your day.
Thanks everybody.

All Episodes

Episode 231 | April 15th, 2025

Episode Transcript

Popular Podcasts

Dateline NBC

24/7 News: The Latest

Therapy Gecko

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Episode 231 | April 15th, 2025