I use an OpenSSL certificate for a private ColdFusion app that I use for a link management and calendar app. For months I've been trying to get Google Chrome for Linux to recognize the certificate and remember it between sessions. I followed the instructions here but couldn't get it to stick.

I chanced upon the solution when it became time to re-generate the SSL certificate, which I do annually. It turns out that Chrome expects the Organization Name, Organizational Unit Name and Common Name to be the same as the fully qualified domain name, in my case, www.linkstart.com.

Here then are the instructions to create a self-signed certificate and get Chrome to permanently recognize it. I'm assuming the SSL module has already been set up in Apache.

On the server:

Substitute the .key and .crt file names as you require in the the following:

When prompted, set these as per your site - remember to use the full website address for the Organization Name, Organizational Unit Name and Common Name:

• Country Name (2 letter code) [AU]:CA
• State or Province Name (full name) [Some-State]:ON
• Locality Name (eg, city) []:Richmond Hill
• Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.linkstart.com
• Organizational Unit Name (eg, section) []:www.linkstart.com
• Common Name (eg, YOUR name) []:www.linkstart.com
• Email Address []:oliverm@linkstart.com

Go to the URL of your site, eg. https://www.linkstart.com/

Get Certificate Information by clicking on the https part of the URL

Export the certificate to the Desktop as Base64-encoded ASCII, single certificate

this should show: www.linkstart.com             C,,

Re-start Google Chrome

Our next meeting will be on Thursday December 4th, 2008 at Oakham House on the Ryerson Campus, starting at 6:30pm:

Oakham House
Room: Oakham Lounge
55 Gould Street
Toronto, Ontario
M5B 1E9

http://www.oakhamhouse.com/pages/directions.php has directions and parking information.

The evening's theme will be MAX2008 Goodies. We'll look at new product announcements, betas and other news that comes out of the San Francisco MAX conference the week of November 17th.

If you're planning to attend MAX and would like to help present, just drop me a line.

As always, don't forget to register free at www.torontoflex.org so we know how many people to expect.

If you're interested in presenting an application or topic in the future that would be of interest to the group, let us know and we'll try to get you some time at an upcoming meeting.

Thanks,
Oliver

I'll be presenting at a couple of CF/Flex seminars at the end of the month, along with Rick Palmerio, my New Toronto Group cohort.

These introductory sessions are aimed at the decisions makers, the suits, the money people. If you're trying to sell the ColdFusion or Flex platforms within your organization, this would be a great place to send your boss.

Registration is FREE and attendees will receive a free copy of Flex Builder!

[EDIT:]
CANCELED: OTTAWA:
Adobe Systems Canada
343 Preston Street, Ottawa, Algonquin Room
Tuesday, Nov. 25, 2008
9:00am – 11:00am
Continental Breakfast served at 8:30am
Register here

TORONTO:
Oakham House
63 Gould Street, Toronto, ON Canada
Wednesday, Nov 26, 2008
9:00am – 11:00am
Continental Breakfast served at 8:30am
Register here

OK, this may sound harsh, but as part of my consulting role I still see people and organizations not using cfqueryparam in their ColdFusion code:

If you're developing live applications in ColdFusion and not using cfqueryparam you should be held personally, if not criminally, responsible for any damage caused to your organization as a result of the well-known SQL-injection attack that's making the rounds.

Just this morning I received an email alert from Ray Camden's excellent BlogCFC application (which I'm using to run this blog), informing me of a ColdFusion error. When I looked closely at the cfdump included in the message, I noticed that it was the result of someone trying to insert invalid SQL into the RSS feed CFM.

Because he used cfqueryparam, however, the SQL statement failed and CF threw the following error. Well done, Ray! Probably the first time I've been happy to get an error report.

If you're not aware of this tag, go here right now and learn about it.

Part of my job includes interviewing candidates for developer positions (Flex, Java, ColdFusion, etc.). In the past two weeks I've sat through some of the most painful ones I can remember; not because of the candidates' skills, but their presentation.

Some examples:

1. One person came in with a one page resume. Five typos, including one in the title. They claimed to be great at communication and document creation. Uh-huh.
2. During one of the longer interviews, the candidate openly stretched and yawned as he formulated the answer to a question. Sorry to keep you awake.
3. One claimed to be an expert Java developer. I asked what a Singleton was. They are not an expert Java developer.
4. Another claimed to be an expert at Flex communications. I asked what an AsyncToken was. They are not an expert at Flex communications.
5. Yet another said they were a ColdFusion expert, but had not tried that new-fangled CFC stuff yet. They are not a ColdFusion expert.

So some gentle advice for those seeking employment from someone who's been on both sides of the interview table:

1. Spell-check your resume. Then get someone to read it over for mistakes. Then get someone else to read it over for mistakes. Then get someone else to read it over for mistakes.
2. Don't exaggerate your skill set. I'll see through it, as will any competent technical interviewer. And they'll likely be royally pissed if you wasted their time with any blatant dishonesty.
3. Watch your manners. I know it's a nerve-racking experience, but you're presenting yourself to people for the first time and you've got one shot to make a good impression. Something like an open yawn is offensive on many levels.
4. The interviewer wants you to do well in the interview. We want to fill a position and we hope you're the right candidate for the job. If you sense the interviewer does not have this attitude, think about whether this company is the right fit for you.
5. The interview is a conversation, not an interrogation. Ask good questions about the company and your future role. We like that. But also listen carefully to our questions and answer them directly. If you don't know the answer, then say so. It's easier to overlook ignorance than dishonesty.

Hope this helps somebody. Hopefully the next person I interview;)

Oliver

Looking for work in the Toronto area? New Toronto Group (my employer) is now hiring!

If you're a Flex developer, or a Java developer looking to get into the RIA space we'd love to hear from you. We're looking for consultants, developers and trainers, so if you're interested in any or all of these, please email a resume and cover letter to:

Ed Van Beilen
New Toronto Group
edv _at_ newyyz.com

Hope to hear from you soon!

For those who may have been hesitant to use LiveCycle Data Services, Adobe has just announced the release of BlazeDS, an open source version of LCDS (formerly FDS). They have also published the AMF spec. Check out both on labs:

http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5Fblazeds

I'm downloading now and will blog about the installation in a future post. The download even includes a Linux version.

Thanks, Adobe!

I finally had a chance to attend some sessions today. The best was a panel discussion on Flex best practices with 4 very different participants, including Steven Webster of Cairngorm fame. It's always illuminating to hear differing opinions from such articulate Flex advocates.

Also had the chance to sit in on a Flex optimization session. Again, nice to hear other people's takes on some of the techniques out there.

Finally, one more day and Max will be over for another year (at least in North America). Next year is in San Fran. These conferences are fairly exhausting for the participants, and doubly so for the hundreds of people who organize such events. Hats off to Adobe and their partners for putting together such a great conference.

Lots of meetings and booth duty today. Gotta do what you gotta do. Looking very forward to tomorrow: 4 Flex sessions and I don't have to lead any of them;) As well, tomorrow night is the big session where Adobe will announce more than one exciting product release tidbit.

You know, there's an odd phenomenon that happens at conventions: name-tag letdown. Several times today people came up to me because I had an official-looking sponsor's shirt. When they got close enough to realize I wasn't anyone famous, they'd get that disappointed look and walk away. Man, that's cold...

On the bright side, just as many did recognize the name and were happy to stop by the booth for a chat.

Let the games begin! I've survived the first day at Max 2007 leading an enjoyable introductory Flex session. 7 hours of Flex training that usually is delivered over 4 or 5 days is a challenge, to say the least.

A very special thanks to all who attended and my TAs, Rod, Mac, Kazue and Larry.

I guess the best story so far is that on the flight from Toronto to Chicago, we had none other than Paris Hilton on board. I think "That's Hot" is her slogan. I've got some bad quality phone-camera shots of her at the airport, but I chickened out of asking her if she'd pose with me for a picture. She looked like she was in a bad mood. Or is she always that pouty?

I had a chance to meet a lot of people in person that I've "known" for years via email and connect sessions. Always nice to put a face to a name. Also had the chance to hook up with some old friends which was great.

Tomorrow night is the big general meeting where product announcements are traditionally made. Watch this space for details; they're sure to be exciting!

My session today:

We'll always have Paris...