Farewell to MangoBlog

News & Gossip No Comments »

I have been running this site on MangoBlog for many years now, but as anyone who uses Mango will know, it rarely ever gets updated anymore, most of the plugins either no longer exist or no longer work and if they do they are no longer maintained or updated. Unfortunately this is the fate for most any decent app that was ever written for CF, as the userbase is so limited, and the developers tend to move on to other things.  And to be fair in most cases there is usually a better NON CFC solution available which is maintained, supported and regularly updated. So I am bidding farewell to MangoBlog and moving over to WordPress, which is by far the most popular and widely used app for blogs and simple websites and of which I am a big fan.

At some point I will be writing a migration tool to import all my blog posts from Mango into Wordpress, but until then I will be leaving this site online and have setup my  new wordpress site/blog at russmichaels.uk

So if you subscribe to my RSS feed, please redirect your rss reader over to russmichaels.uk, if you are a subscriber, then I will subscribe you to the new blog automatically, and you will receive an email asking you to approve the subscription.


Converting from Android to Windows Phone 8.1

Product Reviews , Windows 8 4 Comments »

Until now I have always been an Android user, we have had a few android phones with my current one being a samsung galaxy note and my wife's a samsung galaxy s3 and It was always pretty decent OS with the first phones and even my galaxy note when I first got it with android 4.1, but since I upgraded to 4.2 everything wen't downhill.

It now runs ok with nothing installed, but as soon as I install some apps, it runs like crap and I have had to install memory and battery booster apps to kill everything regulalry and keep it running as it constantly runs out of memory. The battery will barely even last a day now, it used to last at least 2 days on standby before Android 4.2, so android 4.2 has more than halved the battery life.

If I actually dare use it for gps or playing a game, it will be dead within an hour usually, even with just basic use (email, facebook, twitter) it will be dead by dinner time. It constantly needs restarting or all apps to be closed to get any responsiveness back from it, which is rubbish. what is the point in a phone that you cannot actually use or the battery will run out?

In order to actually use it I have to have a portable charger with me at all times, or have it plugged into my car charger. As I need my device primarily for work when away from the office, this is no good at all.

I am also annoyed by the fact that I cannot actually use the entire 16GB RAM that it came with. This is divided into 2GB system RAM and the rest is USB storage. Can you install anything onto the USB storage? no, that would actually be useful wouldn't it, most apps will only install to the system memory, which fills up pretty quickly and then makes the phone unusable. So in order to install more than a few apps you have to buy an SD card and then move as many apps as possible to that, but 
even Samsung themselves do not seem to understand how this works, I spent countless hours on the phone to their support trying to explain this issue, but they insisted that the 16GB was all the same memory, there was not 2 different types of storage so shouldn't be an issue, sigh! I even tried O2 support, but they could not get past the fact it was called "USB storage" and so just insisted I must have connected an external USB device.
I have had the phone replaced 3 times, and I have seen many such similar complaints on forums about the battery life decreasing by up to 75% since android 4.2, and my wife's phone is not much better, so this is clearly not a hardware issue with my specific phone, just a general problem with android, android just seems to get worse with every release.  Needless to say I was fed up and ready for a change. 

I have no interest in iPhones, I tried it before, never liked it, sent it back the next day. So I decided to give windows Phone a try. I had just ordered a Nokia Lumia 625 for a staff member anyway, so decided to keep it for a couple of weeks and try it out myself first.

It certainly does take some getting used to, the interface is very simple and childlike compared to android, which initially I found very annoying and frustrating. I also found it very annoying that I could not quickly access notifications and settings as I could with the android, and this became a show stopper for me as it quickly got very annoying having to go hunting for those settings when I wanted to change them and not having a quick access list of notifications.
I tried the phone for a week but still wasn't liking it, but before I gave up I decided to go and post on some forums about my qualms and see if there was any solution. After all I was an adamant Windows 8 hater as well, but then windows 8.1 changed that and I am using it right now to type this.
I got a mixed response on the forums, mostly just hateful and obnoxious responses from one Windows phone fanboy claiming I was complaining about nothing, but a couple of more helpful guys suggested I wait for windows Phone 8.1 which would solve my complaints. So I sent the Lumia 625 off to the destined staff member and waited for Windows Phone 8.1.


A couple of weeks later O2 released the Nokia Lumia 930, with windows Phone 8.1, so I decided to take another punt and use my upgrade to get this phone. I have to say that 8.1 really made the difference for me and has solved my complaints, it now has a pull down task bar with quick access to 4 buttons, these can be changed but by default are set to WIFI, BlueTooth, Camera and Rotation lock. You also have a link to ALL SETTINGS and underneath all your notifications, just like Android.

For more info checkout this article 10 New Features in Windows Phone 8.1 Quick Settings



One of the top compalints I have read about Windows Phone is lack of apps, but I really have not found this to be a problem myself and from what I have read neither have others who have actually used a Windows Phone rather than reviewed it purely as a non user and simply based their opinion on number of available apps.
Currently the Windows Phone Store has over 300,000 apps, now this may pale in comparison compared to the 1 million+ apps in the Android store and 900k+ in Apple iStore, but this is still hardly a small number and to date I have been able to find every app I needed or a suitable alternative. 
If you are simply going to compare numbers, then you should consider how many of those 1million apps in the android store are just total crapware, and having been an Android user for several years I can attest to how much crap there is.
For every app or game you find, there are dozens of ripsoffs/copies/similar apps/games, and while i'm sure Windows Phone store will end up the same way, currently it isn't, so you have far less crap to wade through to find quality apps.

Whatever system you choose there are always going to be good and bad points, you simply have to decide which outweighs the others. For me the current negatives of Android far outweigh the negatives of Windows Phone.

Here are the things I like about my Nokia Lumia 930

  • Good solid phone
    Most phone reviews I read tend focus on form over functionality and will rate phones on how thin and curvy they are rather than how they perform, which I find totally backwards and also pointless, as most phones basically look the same these days.
    The problem with most phone's is that they are all fighting to be as thin and light as possible. This results in phones that feel flimsy and are easy to break, and frankly I find this to be a pointless battle as phones are already thin and light enough at the sacrifice of  battery life.
    The Nokia Lumia 930 is 9.8mm thick, so it is hardly chunky, it is however very square and does not have the curved edges of most phones, as a result it feels more solid and doesn;t feel like it will slip out of my hand, and I haven't really felt the need to buy a case for it.
  • Better battery
    The (obvious) problem with ultra thin phones is that the batteries do not have sufficient power, and this will not improve any time soon as there have been no advances in battery technology to keep up with the devices that use them, so the thinner phones get, the quciker they run out of power.
    The Lumia 930 has a 2420mAh battery, which is pretty decent and more than most phones I have looked at, no doubt due the fact that Nokia made the smart move to go for  functionality over form, and as mentioned above has not sacrificed battery capacity to make the phone 1mm thinner.
    After I got this phone I tested to see how long the phone would last in standby with zero usage. It lasted 3 days and still had battery left, so is considerably better than my galaxy note/Android.
    In day to day use I am only using 50% of the battery by bedtime, and I can get get 3-4 hours of game playing before I get a low battery warning.
  • Greasy finger proof
    This is one annoying thing with every phone I have owned, as soon as you touch them, the back cover immediately gets covered in greasy finger marks. The Lumia doesn't suffer from this problem, or maybe it simply isn't notiable due to the garish colors.
  • The garish color
    This was something I thought I wouldn't like originally, mine is bright green, not exactly my favourite color. However this has turned out to be quite useful, I often leave my phone lying around the house and have to go hunting for it usually cannot see it even when it is right in front of me as they tend to be black and just merge in with everything around them. I don't really have this problem now with a bright green phone :-) as long as I remember to put it face down.
  • Camera features
    The Lumia 930 has a dedicated camera button which instantly launches the camera app, something sorely misisng from most phones, and best of all it works even when the phone is locked and password protected.
    I could never do this with my Android, as the only way to have instant access to the camera from the lock screen was to disable the password and make the phone insecure, which is really not a good idea when your phone has access to your facebook, email, twitter etc. As a result I often missed out on photo opportunities of my kids because by the time I gave got my phone out, turned it on, entered the password, started the camera app, it was too late.
  • Feels more like a business device
    I use my phone more for work than play, and I must say that Windows phone feels far more suited to this arena and I feel this is probably the niche where Windows phone may take off, especially considering that most business users are windows users and will (eventually) be using Windows 8.1 or its successor on their desktop PC.
    The interface is slick and simple and uncluttered, and the way the live tiles auto update is simple yet useful. If you are coming from Android then it may take a couple of weeks for it to grow on you, but I got there eventually and I really didn't like the metro interface to begin with.
  • Simple Interface
    While the simple tile interfaces was annoying at the start and is not perfect, it eventually grew on me. It is so simple to use that it is certainly the phone you would want to give to a non technical person like your parents for example, who would likley have a much easier time getting to grips with it and using the tiles than they would with an Android or iPhone, and because of that it would be much easier to support.
  • Wireless Charging
    It comes with an inductive charger, not unique I know, but it is the first device I have owned which supports inductive charging and it is ace. Although the charger does seem a little tempremental and requires the phone to be in a specific position, so by the time I have finally found the charging posiiton I could have plugged it in instead. 
    I can certainly see myself getting a charging pad and using only inductive devices in the future.

what I don't like so far

  • Lack of google integration
    I am deeply embedded in the Google eco system, my company uses Google apps and so do I, and I have become very accustomed to all my photos being automatically uploaded to Google+, which is no longer possible, at least not natively.
    Windows Phone will instead upload your photos to OneDrive, which is understandable as it is a Microsoft eco system, but this does mean more work via your PC if you then want to store and share those images on G+
  • Calendar
    I really don't much care for the built in calendar. It is very hard to read, at least for me as I am very long sighted, even with the system font size increased I cannot read the daily events without opening them. 
  • Color scheme
    You have no granular control over this, you can choose a base colour for your system, which becomes the default tile color and affects background and text color, and it is just impossible to read text  in places where the colors clash.
    The simple tile approach doesn't work for everything.
  • Sound management
    On my android I was able to set reminders and alerts to play continuously until I acknowledged them. I have not been able to do this on windows phone, which means if I do not hear the one time ding or beep to tell me there is an event or text message, I miss it.
  • No extendibility
    The lumia 930 is a closed phone, you cannot get at the battery or add more memory with an SD card.
    Although to be fair, it does have 32GB onboard + 2GB system RAM, which is the same as I had on my android  with an SD card, so I think I am unlikely to ever exceed this anyway.
    My experience with adding bigger batteries to phones was also not a positive one and i ended up switching back to the default battery, so I am probably not misisng out on anything there either. But this may be an issue for some with this phone.
  • NFC is not implemented properly
    I never had cause to use NFC until recently, when I purchased a Yubikey neo to use with LastPass, only to discover that it won't work because Microsoft have done a non standard implementation of NFC.

Getting scammed on ebay

Rogue Traders No Comments »

Because I am a persistant bugger and don't take abuse from anyone, I have wasted the last year trying to get my money back from some scumbag on Ebay by the name of "prostoragers". This scammer sold me a faulty Xbox hard drive which was not suitable for use with xboxes (xbox keeps rejecting it, and you lose all your data), now this was not my xbox, it was for my kids xbox,  and I had 2 small boys in floods of tears over this because they had lost all the work they had done on minecraft and various other games they had almost completed, and this happenned TWICE.
Prostoragers eventually admitted the drive had this problem it was not fit for purpose even though this info was not on the auction. He/She then asked me to return it for a refund, which I did, and then refused to refunnd me and has ignored me ever since.

It turned out the seller "prostoragers" was based in China, despite having a UK distribution address, so there was nothing I could do to chase them as they hide behind a UK po box, so I have spent most that time harrassing ebay to take some action, and being ignored by them also. Other than the occasional useless canned response, no-one at ebay even bothered to take any notice at all of my emails, so they are obviously quite happy for their sellers to rip people off, even though I had all the discussion in my ebay inbox as evidence, all I could get from them was "you are outside the 45 day buyer protection".

I finally had a enough and was about to give up, and decided I would one last bitch about ebay on twitter and see if they took notice, as this does seem to work well with most companies, and suddenly I got a response from them asking me to email details to twitter@ebay.com.

I sent them the details of the scam, and within 1 week, I have been contacted by the seller and got a full refund, so presumably ebay must have given them some shit and told them to refund me or else.
I asked prostoragers what about the compensation for my time over the last year, unsurprisingly I got no reply.

What have I learned from this expereince ?

  • before you buy anyhting on ebay, check that the seller is based in the UK and has a proper verifyable UK address
  • If you have any inkling of an issue, open a dispute with ebay right away just in case so that you are inside their 45 day buyer protection scheme.
  • Once you are outside these 45 days, it seems ebay wont even bother to read your emails, they will just give you useless canned responses.
    Not that I know if they will do any better if you are within the 45 days, I suspect it might be just as painful.
  • do a bitching session on twitter, make sure you cc @ebay, this seems to get their attention.
  • make sure you keep a copy of all communications with the seller. Your ebay inbox or auction history doesn't last forever, so in the event that your dispute drags on for months, you should take a copy of everything outside of ebay, including screenshots of your ebay account, and auctions.

So if you take nothng else from this, I hope you at least might remember the name "PROSTORAGERS" and remember to never buy anything from them on ebay.

Why ColdFusion & Railo are not suited to shared hosting

ColdFusion , Railo 11 Comments »

This is a topic I have found myself explain quite often of late and one thing I can say with absolutely certainly from dealing with hundreds of developers of all levels over the years, from newbs to gurus, is that most devs in general do not really understand how things work on the server (they know how to write code and upload it to the server) and most CF devs additionally don’t understand how ColdFusion really works and how/why it differs from other scripting languages like PHP or Perl or ASP.net, so I decided it was time to write a complete blog post on the subject and hopefully to try and enlighten some of those develoeprs a bit more.

Now I have heard many say "I am just a developer, it is my job to write code, not to understand the server stuff", but i'm afraid I disagree with this and consider it a bit of a cop out, because If you don't understand how things work on the server to at least some degree, how can you be sure you are writing code that is going to be scalable, reliable and is not going to cause problems? Sure no-one should expect you to know EVERYTHING to the same level as a sysadmin, but you certainly should know the basics that are relevant to your job, especially if you are going to be making any hosting recommendations to your clients.

The first thing to understand, is that ColdFusion and Railo are not technically application servers (which most people believe them to be), they are simply Java applications (that convert CFML into Java bytecode) that run inside a java servlet container (e.g. Apache tomcat, Jetty, Jboss) which runs as a service/daemon, and all requests for all pages coming into the server go through that same service/daemon. This means that any problems with that service affect ALL CFML (or JSP)  websites on the server.
This is also a bad thing for security because it means that all sites on the server run within the security context of the service and so cannot have their own permissions. So any java code in any site can access files in site2, site3 or any other site on the server or in fact any part of the system that the service itself has access to. The only way round this is to use security sandboxes, which is a feature of ColdFusion enterprise and Railo.
But BEWARE, CF sandboxes can provide a false sense of security, they are only applied to CFML code and do not sandbox Java, so if you drop any Java code in your CFML pages (using CreateOnject(java), then you bypass the sandbox completely, so they not stop any vaguely competent coder/hacker. There is no way round this on a shared server, you simply have to take the risk. On a dedicated VPS you can mitigate this by using multiple instances of CF/Tomcat and isolating each site using server side permissions.

Before you say “so hosts shouldn't allow Java”, this also is not even an option for any host as all moden frameworks and apps need createObject(java), so disabling this function would break almost every modern application, ergo it is a risk that has to be taken, because at the end of the day 99% of clients simply don't care about the security risks, all they see is that their app doesn't work and will just go elsewhere.

When we look at other common languages such as PHP, Perl, asp.net etc, these run as an ISAPI or CGI process, so every website on the server spawns its own process to handle the requests. So if there are 20 PHP sites then there are 20 x PHP processes running (think of this like 20 instances of ColdFusion). The process runs within the security context of the website that spawned it, so in the case of Windows it runs under the application pool identity. So this means that as long as you have every website/application pool  set to run under a different user account with access only to that website root, and so will php also have only this permissions, so it is more secure and also isolates each site in a separate process.
So if site1 crashes php or ASP, it will have no effect on any other site because they are running php/ASP in a separate process.

Here is a diagram to illustrate.


cf server diagram


This is the primary reason why CFML is not suited to shared hosting, no application isolation and no control over security.

Imagine the following (very common) scenario.

abc.com makes a cfhttp request to an external web service at xyz.com  to get syndicated content for its pages.
The web service at xyz.com goes down, which means all the pages on abc.com are now going to timeout. On a shared server this will very quickly result in all the ColdFusion max number of simultaneous requests to be consumed, and subsequent requests to then become queued. The result of this is that every other CFML site on the server now becomes slow as well as all their page requests have become queued behind the problematic site, and now are likely to also timeout as a result.

An even worse scenario is where native java requests are concerned, such as database queries as these cannot be killed automatically, not even with FusionReactor. If a page hangs in the middle of a database query because it is waiting for a response back from the db server, then this request will not ever timeout and will hang indefinitely, thus 1 cf thread is now no longer available. If this happens 10 times, now 10 cf threads are gone and no longer available, if your “max number of simultaneous  requests” is set to 10, then you now have 0 requests left and your server will stop serving up CFML and all websites will now hang/timeout untill the service is restarted.
If the original problem still exists then restarting CF also will not help, as the issue will simply continue until all the requests are again used up and all sites start to hang. The only solution at this point is to turn off the site causing the problem.

Then we have the security issues that I mentioned. Everyone by now is aware of the CFIDE hack which affected many cf servers. This was only possible because CF runs as service and because that service runs under the SYSTEM account by default, which has full file system access, which allowed the uploaded hack to access every part of the server. If CF worked like a CGI/ISAPI application, the effect of this hack would have been far less.

But my code has proper error trapping and caching and stuff, so this doesn’t affect me right ?

Wrong i’m afraid, on a shared server it doesn’t matter how brilliant your code is, or how well your have performance tested it, or how much error trapping you have, this does not stop the other sites on the server from causing you problems.
You could be lucky on a shared host for months or even years if you are on a server that doesn’t have many sites, or simple  sites that are not problematic (at the moment), but It only takes one poorly written app to bring CF to its knees.
It is also important to realise that almost nobody using shared hosting has ever done any kind of load testing or performance testing on their website and in most cases do not even know what this means or how to do it, the result of this is that web site owners have no idea how their site will perform under load nor did the developer who made it. This results in another very common scenario which usually begins with a statement like “Nothing has changed on my site and it has been running fine for years, so it must be your server”.
Again this is totally irrelevant in most cases, sure your site may well have been running fine for years with 20-50  visitors per day, but what happens when it suddenly gets 1000 visitors per day as a result of some marketing or media attention, or if it starts getting hit by search engine bots, suddenly this once stable site falls over horribly due to poorly written or legacy code.

But Railo is better right ?

Ultimately no i’m afraid, as Railo works the same way as CF so the primary issues mentioned above apply to Railo as well.

Railo is however an improvement in that the security sandboxing is automatically applied at website context root level (if you set this in your Railo server admin) and does not require admins to setup sandboxes for each site as with ColdFusion which is a sandboxing nightmare, which makes Railo better for shared hosting. However the sandboxes like ColdFusion's only sandbox CFML and can easily be overridden with Java code.
Railo also has its per site web admin allowing all users to admin their own site, which is again a bit improvement over ColdFusion which has a single Admin which must be administered by the host.
So by using Railo you don’t have to rely on your host, you can pretty much do everything yourself.

So what’s the solution ?

The only solution is to do some research, educate yourself and use a bit of common sense.
ColdFusion is intended to be an enterprise solution, and thus run on dedicated hosting solutions, it was never intended to be used for shared hosting and is not built to do this. So the simple answer is, use the right tool for the job.
If you just want to run a blog, personal website or simple brochure ware website and you don’t have your own server and only have the budget for shared hosting but do not want to be affected by the above problems, then use a technology more suited to this purpose, one that runs as a CGI/ISAPI process, the most popular of course being  PHP or ASP.net . Avoid any Java related choices as these will all suffer from the same issues.

If you love CFML and want to use it for everything you do, then do yourself a favour and get a VPS running Railo (or ColdFusion if you can afford it).
On your own VPS you then also have the option to use multiple CF instances, so each of your sites runs on a dedicated instance of Tomcat or whatever is your java servlet container of choice, so you can still run multiple sites but avoid the shared hosting scenario and also lock down the security.

I am going to use shared hosting anyway regardless, what do you suggest ?

If you really have no choice (or simply won’t take good advice), then here are some tips on choosing a host.

  • Choose a host that specialises in Railo or ColdFusion and actually knows what they are doing, do not choose a generic host that simply has Railo/CF installed and classes this as SUPPORTED.
  • Test your hosts knowledge, see how much they know about CF/Railo, ask to speak to a CF specialist.
  • Make sure your host is secure
    • For ColdFusion they should be using enterprise edition, otherwise no sandboxes, and no security. If they are running standard edition, avoid.
    • Ask them if they run a bog standard out of the box CF installation, if yes then it is not locked down and is not secure.
    • Ask them if they use FusionReactor or HackMyCF. Preferably go with someone who says yes.
    • Ask them if they use security sandboxes, if no then avoid.
  • Ask your host how many sites they run on each CF server. Too many = bad
  • If you regularly need to setup data sources, mappings or anything that requires access to the CF Admin, you would be better of with Railo
  • Ask if you can get RDS access, if they say yes avoid, as this should not be enabled in production
  • Check if you can access the cfadmin or adminapi from your site, is yes, change host now.

Unfortunately there are very few noteworthy CF hosts these days, the ones I see most commonly recommended are Viviotech, Hostek, HostMySite (although not so much since they got taken over by hosting.com), BlueThunder (my company)

Windows 8 constantly losing WIFI connection

Windows 8 No Comments »

I recently bought myself a new PC (Dell  Inspiron 2350) with Windows 8 (no really it is not so bad with a touch screen), and have been having constant problems with the WIFI connection disconnecting, and then often it would not even being able to see mine or any other nearby WIFI network. The problem more often occurred during downloads or streaming.

After much googling, the only suggestions I could find were regarding the power management settings, which I will include it below for brevity as I did do this anyway even though it did not solve my problem.
As my laptop was having no such issue, so I did not consider the router to be part of the equation, but it seems I was wrong. It turns out the issue was solved by changing the channel on my router WIFI settings, to channel 10 in my case. 
After a bit of research I discovered that the mid range channels can be more problematic due to the fact they are usually the default setting on most routers, so you can get more interference from your neighbours WIFI, and the higher channels have less chance of signal loss.
Here is an informative article on the topic.

Why this was only affecting my windows 8 PC and not my laptop I cannot be sure, I would guess it just has a more tempremental wifi adaptor. However after thinking about it, I do recall my kids have complained about losing their xbox live connection quite a lot, so it may not be isolated, hopefully this will fix that issue as well.
Anyway I have had no more drops since changing the channel, so problem solved, so I hope this may prove useful to others.

Here also is the other common solution I mentioned.

Power Management

Windows 8 has a default feature to turn off the wireless adapter card to save power. To disable it :

  1. Control Panel -> Network and Sharing Center -> Change Adapter Settings
  2. Right click on the connected wifi connection -> properties
  3. Clicks “Configure…” button -> select “Power Management” tab
  4. Uncheck this “Allow the computer to turn off this device to save power
  5. Ok and restart Windows


Powered by Mango Blog. Design and Icons by N.Design Studio
RSS Feeds