Programming news: Patches for ColdFusion and JRun, free C# 3.0 ebook

Get highlights about programming stories, which include SpringSource's Java cloud offering, Firefox 3.5 breaks the .NET Framework Assistant plug-in, Red Gate's free C# 3.0 ebook, and more.


Adobe addresses critical ColdFusion, JRun problems

Adobe has released patches for ColdFusion and JRun in order to correct a number of security vulnerabilities. Adobe has recently been slammed with a huge number of security issues, as attackers have found the OS to no longer be the lowest hanging fruit on the tree.

70% of organizations do not secure data during testing

Frightening statistic of the week: Nearly 80% of organizations are using production data in their application testing, and the majority of these organizations are not masking sensitive data, according to a study from the Ponemon Institute and Micro Focus. The upshot? 70% of organizations are exposing real user data to needless breaches during testing, which 94% of the organizations say happens at least monthly, and 64% say is done at least once a week. Other than troubleshooting a problem with that sensitive data, there is no reason to do this. Well, I know the reasons... time and money. But still, when sensitive data gets stolen, was it really worth not investing in processes and tools to protect that data?

SpringSource prepares Java cloud

SpringSource just entered the beta of Cloud Foundry, its Java cloud offering. There are now an awful lot of players climbing onto the cloud wagon, but I have yet to see much evidence that many developers are willing to use their services.

Firefox 3.5 breaks the .NET Framework Assistant plug-in

The latest version of Firefox 3.5 is not compatible with the .NET Assistant plug-in. Some are crying foul, but I wonder how many things are actually dependent upon that plug-in.

ASP.NET vs. WebSphere: More benchmark battles

InfoQ has an in-depth piece about the war of metrics being waged between Microsoft and IBM over application server speeds.

Free C# 3.0 ebook

Red Gate is giving away free copies of C# 3.0 Pocket Reference by Joseph Albahari and Ben Albahari. No signup, registration, etc. is needed, just click the link and download. I've read good reviews of this book, and there's no harm in giving it a read. Thanks, Red Gate!

Microsoft working to help developers charge more than $0.99 for apps

One of the big problems people have with the Apple App Store is that it has quickly become a race to the bottom on the price front. A lot of developers are stuck between offering an app for nothing (or close to it) or seeing limited market penetration at a higher price. Microsoft is trying to make sure that developers aren't backed into this corner for its mobile application store.

What it's like to move to NHibernate

Bertrand Le Roy has a nice piece about his experiences with moving to NHibernate. I have been hearing a lot of good things about NHibernate; it definitely looks like it's worth checking out.

99 Designs connects designers and buyers

99 Designs is a new company that lets designers submit design proposals to companies in need of design work. If the designer's work is chosen, they get paid; but even if the proposal isn't selected, the designer is building a portfolio that will help them attract future customers.

Squeakfest videos posted

If you would like to see what went on at Squeakfest (a Squeak conference), they have posted videos of the event.

A really neat Web trick

I was filling out a registration form at, and in step one of registration, I had to provide our Web site's URL; in the second step, had magically found our company's address and phone number information and filled it into the form for contact details. Either it OCRed that information from our banner graphic, or it quickly searched for a Contact Us link, went to the page, and found the right information. Regardless, I thought it was super slick. The next time I think about writing a registration page, I'll see if I can do something like that too.


Disclosure of Justin's industry affiliations: Justin James has a working arrangement with Microsoft to write an article for MSDN Magazine. He also has a contract with Spiceworks to write product buying guides.


Get weekly development tips in your inbox Keep your developer skills sharp by signing up for TechRepublic's free Web Developer newsletter, delivered each Tuesday. Automatically subscribe today!


Justin James is the Lead Architect for Conigent.

Mark Miller
Mark Miller

It sounds like the article is more concerned with testing WRT secure coding, with beta code leaving security holes open, and internal security breaches with copies of production data. I was more shocked by the revelation that 79% use [i]live production data[/i] for testing! I can't imagine doing that! There's much potential for corrupting people's live data just with buggy code. To heck with hackers and data thieves. In the jobs I worked it was very rare if a developer was allowed access to production data. If I was allowed access there was always a backup scheme in place in case data became corrupted. I made sure of that. The article also cites that sometimes the data sets used for testing were a terabyte in size. Why? I don't get the point of that. In a lot of the projects I worked on I created my own small test data sets. I made sure to test for edge cases and the like in it. Magnitude of data shouldn't be a testing factor unless you're trying to test performance with large batches. Even then an able programmer should be able to write up a test data generator in a few days. There are even products on the market that will generate test data for you, even tailoring it to your code. What kind of IT managers do these places have?? None I knew of would stand for this.

Justin James
Justin James

It looks like they removed the eBook offer, sorry! The page was always an ad for ANTS, but it had the eBook on there too, but now its gone. :( It didn't say "limited time" or anything like that before. J.Ja


i can't believe people are calling foul. MS installed the plugin without anyone's permission, and as soon as I found out, I disabled it. I think Ms's actions are more worthy of calling foul than Mozilla's

Justin James
Justin James

If I recall properly, the addin was in the Windows Update bin, which means that people had a choice whether or not to install it. And, if I remember right, it was an "important" or "recommended" item, which would mean that it was not selected by default (unless someone deliberately changed their settings to always install "important" and "recommended" items). I could be remembering wrong, though. J.Ja


It came as part of a microsoft OS update. When I found out about this I looked in my add-ons and there it was and it was a bugger to get rid of. PS it has broken nothing by getting out of my browser.


It seems that the link to obtain the "C# 3.0 Programmers Reference" is really and ANTS Profiler. Looks like the wrong link to me.


The link to 'free copies of C# 3.0 Pocket Reference' seems to be pointing to ads related to something else. Could somebody point us to the right location?

Editor's Picks